o.open/Office_Networks
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Christoph
2018-05-08 03:01:03 +02:00
commit 1c4c595cd6
3256 changed files with 417972 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
AKB/openvpn/gw-ckubu/ccd/server-gw-ckubu/VPN-AKB-gw-ckubu Normal file
View File

@ -0,0 +1,3 @@
ifconfig-push 10.1.82.2 255.255.255.0
iroute 192.168.63.0 255.255.255.0
iroute 192.168.64.0 255.255.255.0

18
AKB/openvpn/gw-ckubu/crl.pem Normal file
View File

@ -0,0 +1,18 @@
-----BEGIN X509 CRL-----
MIIC5zCB0DANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCREUxDzANBgNVBAgT
BkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNV
BAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1BS0IxEDAOBgNVBCkT
B1ZQTiBBS0IxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlFw0xODAyMDUy
MDQ1MDNaGA8yMDUwMDIwNTIwNDUwM1owDQYJKoZIhvcNAQELBQADggIBAEHFf5Wz
7q/gyccEWkUQrTlBuDnLUN8U/yDo/esulxKw2u+hE9x/57UIzk6X8HeCdlorP0WW
YXCHfm0KrSZHeoUDMQF/NdspB8+wKHKcIuAvv3Ji09rvGADGUBCtBDp+hzpbFRvv
UwrNId3atCyMttFNU6ZkjjfnMxTJeYB0H/KXbGfOrisXKHq7cesjo4H/JFu61m+4
nig9yjLD7zfSIFPql1G0a8pssN3NPtAfyfpkDaqHE/LU1EAVUH2RQowEZAm/Mrqz
MyKbxoo0mzC+ymeP5YzdMJBdDK0bcCjSN54jhDhoZH36+D88UVgWGWHwogOXOah7
R5Xc8L9LDd1vbggErxbfBFxMoP4Rk8wg2Ou4s1jWCJkzDQuCKCaG7npmbA4rRkfv
jHJEKWPN0v2awNLPcr/xxx3Y09mYew2TEnBSoolUzPDe03xU3jmVqsiM9jfwdz+W
NX8WA+IzIUrZGfr7k8uPYRak1LNOq1Xkxr3NMbOgJXth/2pvSoT3HFBy4+aLfNxi
fj2Aplr6QNXSr9/L0XtZdU9qz7aox66feaG3q/OtXUtT8249WXJ9JHnz0vnQdWzU
GRA9fH+fR0lP+MajiFy+Y7HNgzJPTHk6gOySjTRdaCyP0NTn0G5q/XTmpSq9E2wt
bcvE+k05ahe4l04R7OIm9zSC8hHqlWHdJYEo
-----END X509 CRL-----

1
AKB/openvpn/gw-ckubu/easy-rsa/build-ca Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-ca

1
AKB/openvpn/gw-ckubu/easy-rsa/build-dh Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-dh

1
AKB/openvpn/gw-ckubu/easy-rsa/build-inter Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-inter

1
AKB/openvpn/gw-ckubu/easy-rsa/build-key Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-key

1
AKB/openvpn/gw-ckubu/easy-rsa/build-key-pass Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-key-pass

1
AKB/openvpn/gw-ckubu/easy-rsa/build-key-pkcs12 Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-key-pkcs12

1
AKB/openvpn/gw-ckubu/easy-rsa/build-key-server Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-key-server

1
AKB/openvpn/gw-ckubu/easy-rsa/build-req Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-req

1
AKB/openvpn/gw-ckubu/easy-rsa/build-req-pass Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-req-pass

1
AKB/openvpn/gw-ckubu/easy-rsa/clean-all Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/clean-all

1
AKB/openvpn/gw-ckubu/easy-rsa/inherit-inter Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/inherit-inter

1
AKB/openvpn/gw-ckubu/easy-rsa/list-crl Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/list-crl

268
AKB/openvpn/gw-ckubu/easy-rsa/openssl-0.9.6.cnf Normal file
View File

@ -0,0 +1,268 @@
# For use with easy-rsa version 2.0
#
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = $ENV::KEY_DIR # Where everything is kept
certs = $dir # Where the issued certs are kept
crl_dir = $dir # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir # default place for new certs.
certificate = $dir/ca.crt # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/ca.key # The private key
RANDFILE = $dir/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 3650 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = sha256 # which md to use.
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
####################################################################
[ req ]
default_bits = $ENV::KEY_SIZE
default_keyfile = privkey.pem
default_md = sha256
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString.
# utf8only: only UTF8Strings.
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
# so use this option with caution!
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = $ENV::KEY_COUNTRY
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = $ENV::KEY_PROVINCE
localityName = Locality Name (eg, city)
localityName_default = $ENV::KEY_CITY
0.organizationName = Organization Name (eg, company)
0.organizationName_default = $ENV::KEY_ORG
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
emailAddress = Email Address
emailAddress_default = $ENV::KEY_EMAIL
emailAddress_max = 40
# JY -- added for batch mode
organizationalUnitName_default = $ENV::KEY_OU
commonName_default = $ENV::KEY_CN
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "Easy-RSA Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=clientAuth
keyUsage = digitalSignature
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
subjectAltName=$ENV::KEY_ALTNAMES
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ server ]
# JY ADDED -- Make a cert with nsCertType set to "server"
basicConstraints=CA:FALSE
nsCertType = server
nsComment = "Easy-RSA Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=serverAuth
keyUsage = digitalSignature, keyEncipherment
subjectAltName=$ENV::KEY_ALTNAMES
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always

293
AKB/openvpn/gw-ckubu/easy-rsa/openssl-0.9.8.cnf Normal file
View File

@ -0,0 +1,293 @@
# For use with easy-rsa version 2.0
#
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
openssl_conf = openssl_init
[ openssl_init ]
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
engines = engine_section
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = $ENV::KEY_DIR # Where everything is kept
certs = $dir # Where the issued certs are kept
crl_dir = $dir # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir # default place for new certs.
certificate = $dir/ca.crt # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/ca.key # The private key
RANDFILE = $dir/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 3650 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = sha256 # which md to use.
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
####################################################################
[ req ]
default_bits = $ENV::KEY_SIZE
default_keyfile = privkey.pem
default_md = sha256
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString.
# utf8only: only UTF8Strings.
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
# so use this option with caution!
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = $ENV::KEY_COUNTRY
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = $ENV::KEY_PROVINCE
localityName = Locality Name (eg, city)
localityName_default = $ENV::KEY_CITY
0.organizationName = Organization Name (eg, company)
0.organizationName_default = $ENV::KEY_ORG
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
name = Name
name_max = 64
emailAddress = Email Address
emailAddress_default = $ENV::KEY_EMAIL
emailAddress_max = 40
# JY -- added for batch mode
organizationalUnitName_default = $ENV::KEY_OU
commonName_default = $ENV::KEY_CN
name_default = $ENV::KEY_NAME
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "Easy-RSA Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=clientAuth
keyUsage = digitalSignature
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
subjectAltName=$ENV::KEY_ALTNAMES
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ server ]
# JY ADDED -- Make a cert with nsCertType set to "server"
basicConstraints=CA:FALSE
nsCertType = server
nsComment = "Easy-RSA Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=serverAuth
keyUsage = digitalSignature, keyEncipherment
subjectAltName=$ENV::KEY_ALTNAMES
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always
[ engine_section ]
#
# If you are using PKCS#11
# Install engine_pkcs11 of opensc (www.opensc.org)
# And uncomment the following
# verify that dynamic_path points to the correct location
#
#pkcs11 = pkcs11_section
[ pkcs11_section ]
engine_id = pkcs11
dynamic_path = /usr/lib/engines/engine_pkcs11.so
MODULE_PATH = $ENV::PKCS11_MODULE_PATH
PIN = $ENV::PKCS11_PIN
init = 0

290
AKB/openvpn/gw-ckubu/easy-rsa/openssl-1.0.0.cnf Normal file
View File

@ -0,0 +1,290 @@
# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
openssl_conf = openssl_init
[ openssl_init ]
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
engines = engine_section
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = $ENV::KEY_DIR # Where everything is kept
certs = $dir # Where the issued certs are kept
crl_dir = $dir # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir # default place for new certs.
certificate = $dir/ca.crt # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/ca.key # The private key
RANDFILE = $dir/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
#default_days = 3650 # how long to certify for
default_days = 11688
#default_crl_days= 30 # how long before next CRL
default_crl_days = 11688
default_md = sha256 # use public key default MD
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
####################################################################
[ req ]
default_bits = $ENV::KEY_SIZE
default_keyfile = privkey.pem
default_md = sha256
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString (PKIX recommendation after 2004).
# utf8only: only UTF8Strings (PKIX recommendation after 2004).
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = $ENV::KEY_COUNTRY
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = $ENV::KEY_PROVINCE
localityName = Locality Name (eg, city)
localityName_default = $ENV::KEY_CITY
0.organizationName = Organization Name (eg, company)
0.organizationName_default = $ENV::KEY_ORG
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
name = Name
name_max = 64
emailAddress = Email Address
emailAddress_default = $ENV::KEY_EMAIL
emailAddress_max = 40
# JY -- added for batch mode
organizationalUnitName_default = $ENV::KEY_OU
commonName_default = $ENV::KEY_CN
name_default = $ENV::KEY_NAME
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "Easy-RSA Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=clientAuth
keyUsage = digitalSignature
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
subjectAltName=$ENV::KEY_ALTNAMES
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ server ]
# JY ADDED -- Make a cert with nsCertType set to "server"
basicConstraints=CA:FALSE
nsCertType = server
nsComment = "Easy-RSA Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=serverAuth
keyUsage = digitalSignature, keyEncipherment
subjectAltName=$ENV::KEY_ALTNAMES
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always
[ engine_section ]
#
# If you are using PKCS#11
# Install engine_pkcs11 of opensc (www.opensc.org)
# And uncomment the following
# verify that dynamic_path points to the correct location
#
#pkcs11 = pkcs11_section
[ pkcs11_section ]
engine_id = pkcs11
dynamic_path = /usr/lib/engines/engine_pkcs11.so
MODULE_PATH = $ENV::PKCS11_MODULE_PATH
PIN = $ENV::PKCS11_PIN
init = 0

288
AKB/openvpn/gw-ckubu/easy-rsa/openssl-1.0.0.cnf.ORIG Normal file
View File

@ -0,0 +1,288 @@
# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
openssl_conf = openssl_init
[ openssl_init ]
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
engines = engine_section
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = $ENV::KEY_DIR # Where everything is kept
certs = $dir # Where the issued certs are kept
crl_dir = $dir # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir # default place for new certs.
certificate = $dir/ca.crt # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/ca.key # The private key
RANDFILE = $dir/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 3650 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = sha256 # use public key default MD
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
####################################################################
[ req ]
default_bits = $ENV::KEY_SIZE
default_keyfile = privkey.pem
default_md = sha256
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString (PKIX recommendation after 2004).
# utf8only: only UTF8Strings (PKIX recommendation after 2004).
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = $ENV::KEY_COUNTRY
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = $ENV::KEY_PROVINCE
localityName = Locality Name (eg, city)
localityName_default = $ENV::KEY_CITY
0.organizationName = Organization Name (eg, company)
0.organizationName_default = $ENV::KEY_ORG
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
name = Name
name_max = 64
emailAddress = Email Address
emailAddress_default = $ENV::KEY_EMAIL
emailAddress_max = 40
# JY -- added for batch mode
organizationalUnitName_default = $ENV::KEY_OU
commonName_default = $ENV::KEY_CN
name_default = $ENV::KEY_NAME
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "Easy-RSA Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=clientAuth
keyUsage = digitalSignature
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
subjectAltName=$ENV::KEY_ALTNAMES
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ server ]
# JY ADDED -- Make a cert with nsCertType set to "server"
basicConstraints=CA:FALSE
nsCertType = server
nsComment = "Easy-RSA Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=serverAuth
keyUsage = digitalSignature, keyEncipherment
subjectAltName=$ENV::KEY_ALTNAMES
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always
[ engine_section ]
#
# If you are using PKCS#11
# Install engine_pkcs11 of opensc (www.opensc.org)
# And uncomment the following
# verify that dynamic_path points to the correct location
#
#pkcs11 = pkcs11_section
[ pkcs11_section ]
engine_id = pkcs11
dynamic_path = /usr/lib/engines/engine_pkcs11.so
MODULE_PATH = $ENV::PKCS11_MODULE_PATH
PIN = $ENV::PKCS11_PIN
init = 0

1
AKB/openvpn/gw-ckubu/easy-rsa/openssl.cnf Symbolic link
View File

@ -0,0 +1 @@
/etc/openvpn/gw-ckubu/easy-rsa/openssl-1.0.0.cnf

1
AKB/openvpn/gw-ckubu/easy-rsa/pkitool Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/pkitool

1
AKB/openvpn/gw-ckubu/easy-rsa/revoke-full Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/revoke-full

1
AKB/openvpn/gw-ckubu/easy-rsa/sign-req Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/sign-req

96
AKB/openvpn/gw-ckubu/easy-rsa/vars Normal file
View File

@ -0,0 +1,96 @@
# easy-rsa parameter settings
# NOTE: If you installed from an RPM,
# don't edit this file in place in
# /usr/share/openvpn/easy-rsa --
# instead, you should copy the whole
# easy-rsa directory to another location
# (such as /etc/openvpn) so that your
# edits will not be wiped out by a future
# OpenVPN package upgrade.
# This variable should point to
# the top level of the easy-rsa
# tree.
##export EASY_RSA="`pwd`"
export BASE_DIR="/etc/openvpn/gw-ckubu"
export EASY_RSA="$BASE_DIR/easy-rsa"
#
# This variable should point to
# the requested executables
#
export OPENSSL="openssl"
export PKCS11TOOL="pkcs11-tool"
export GREP="grep"
# This variable should point to
# the openssl.cnf file included
# with easy-rsa.
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
# Edit this variable to point to
# your soon-to-be-created key
# directory.
#
# WARNING: clean-all will do
# a rm -rf on this directory
# so make sure you define
# it correctly!
##export KEY_DIR="$EASY_RSA/keys"
export KEY_DIR="$BASE_DIR/keys"
# Issue rm -rf warning
echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
# PKCS11 fixes
export PKCS11_MODULE_PATH="dummy"
export PKCS11_PIN="dummy"
# Increase this to 2048 if you
# are paranoid. This will slow
# down TLS negotiation performance
# as well as the one-time DH parms
# generation process.
##export KEY_SIZE=2048
export KEY_SIZE=4096
# In how many days should the root CA key expire?
##export CA_EXPIRE=3650
export CA_EXPIRE=11688
# In how many days should certificates expire?
##export KEY_EXPIRE=3650
export KEY_EXPIRE=7305
# These are the default values for fields
# which will be placed in the certificate.
# Don't leave any of these fields blank.
##export KEY_COUNTRY="US"
export KEY_COUNTRY="DE"
##export KEY_PROVINCE="CA"
export KEY_PROVINCE="Berlin"
##export KEY_CITY="SanFrancisco"
export KEY_CITY="Berlin"
##export KEY_ORG="Fort-Funston"
export KEY_ORG="o.open"
##export KEY_EMAIL="me@myhost.mydomain"
export KEY_EMAIL="argus@oopen.de"
##export KEY_OU="MyOrganizationalUnit"
export KEY_OU="Network Services"
# X509 Subject Field
##export KEY_NAME="EasyRSA"
export KEY_NAME="VPN AKB"
# PKCS11 Smart Card
# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
# export PKCS11_PIN=1234
# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
## export KEY_CN="CommonName"
export KEY_CN="VPN-AKB"
export KEY_ALTNAMES="VPN AKB"

80
AKB/openvpn/gw-ckubu/easy-rsa/vars.2018-02-05-2126 Normal file
View File

@ -0,0 +1,80 @@
# easy-rsa parameter settings
# NOTE: If you installed from an RPM,
# don't edit this file in place in
# /usr/share/openvpn/easy-rsa --
# instead, you should copy the whole
# easy-rsa directory to another location
# (such as /etc/openvpn) so that your
# edits will not be wiped out by a future
# OpenVPN package upgrade.
# This variable should point to
# the top level of the easy-rsa
# tree.
export EASY_RSA="`pwd`"
#
# This variable should point to
# the requested executables
#
export OPENSSL="openssl"
export PKCS11TOOL="pkcs11-tool"
export GREP="grep"
# This variable should point to
# the openssl.cnf file included
# with easy-rsa.
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
# Edit this variable to point to
# your soon-to-be-created key
# directory.
#
# WARNING: clean-all will do
# a rm -rf on this directory
# so make sure you define
# it correctly!
export KEY_DIR="$EASY_RSA/keys"
# Issue rm -rf warning
echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
# PKCS11 fixes
export PKCS11_MODULE_PATH="dummy"
export PKCS11_PIN="dummy"
# Increase this to 2048 if you
# are paranoid. This will slow
# down TLS negotiation performance
# as well as the one-time DH parms
# generation process.
export KEY_SIZE=2048
# In how many days should the root CA key expire?
export CA_EXPIRE=3650
# In how many days should certificates expire?
export KEY_EXPIRE=3650
# These are the default values for fields
# which will be placed in the certificate.
# Don't leave any of these fields blank.
export KEY_COUNTRY="US"
export KEY_PROVINCE="CA"
export KEY_CITY="SanFrancisco"
export KEY_ORG="Fort-Funston"
export KEY_EMAIL="me@myhost.mydomain"
export KEY_OU="MyOrganizationalUnit"
# X509 Subject Field
export KEY_NAME="EasyRSA"
# PKCS11 Smart Card
# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
# export PKCS11_PIN=1234
# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
# export KEY_CN="CommonName"

1
AKB/openvpn/gw-ckubu/easy-rsa/whichopensslcnf Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/whichopensslcnf

257
AKB/openvpn/gw-ckubu/gw-ckubu.conf Normal file
View File

@ -0,0 +1,257 @@
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote gw-akb.oopen.de 1195
topology subnet
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Try to preserve some state across restarts.
persist-key
persist-tun
# Server CA
<ca>
-----BEGIN CERTIFICATE-----
MIIGzDCCBLSgAwIBAgIJAJ2nraWZ6Z+uMA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMH
VlBOLUFLQjEQMA4GA1UEKRMHVlBOIEFLQjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
b29wZW4uZGUwIBcNMTgwMjA1MjAzMDM3WhgPMjA1MDAyMDUyMDMwMzdaMIGeMQsw
CQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzAN
BgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UE
AxMHVlBOLUFLQjEQMA4GA1UEKRMHVlBOIEFLQjEdMBsGCSqGSIb3DQEJARYOYXJn
dXNAb29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDU3ELr
25xiRgZY6TlrEyKW4z26lI0B/f3q4NcgbZee+6XMU4mLyfbxMDowyfxs1QdhmVZX
H4aFhfpge25w4V4XEgslYHV4Tx6fN9jlA5EAwusByayiq2YZ/ZrAqsaSK25atH/E
US3tS/bthj4Tt1DGSmXJzVP2d89vDbfdk82lKTBdtlfbnL+zLG8NmL1NHeAGel+B
kjHRMXo8m+04Zcq6xykBQZ2/lfS1jhqCUygCyub3moHTCTVmkfbKm9qWrqBMVTbn
c5ld3G2TTjuRYVsYGzgnFHPrHtqMFgJOYgS5CIZ2mTsYgAaREt4IPDu5oIC+oe4X
iErcIJoCO1NEsuHkuchvWhqRoSaqVOT1bRdVc+v/pfVkRVBb+VOeVQUG78LHRpDx
LMx48QtN2P0HY2mdQK1FWZetFo0ncJvmjnFWqV3ZdWwWJmeXGCU+pNmokcP2wn6b
zJ9lhtntS5IWqlAWUIUfJEXL+FbRbCCFG5reKcdSoNHFBewvcRfg5wPz6cMQDHXd
B03168HJSVb8mB76bmBmc+zsLIFoCm7kepm+uzpY0//Uz0WXXXg6OI/zhBSECng6
hamvri9k6uAeoyVjKJVpG2tALMmYcC2ygxYuFi5mbYg41eAMfBwAtK6sWdLy99qz
sLWze8fwl8wHJhfHlLTQrLpMz0lpnjDtVOyP1wIDAQABo4IBBzCCAQMwHQYDVR0O
BBYEFHxCgucD6wWX5p49FMX/rCWhuAzoMIHTBgNVHSMEgcswgciAFHxCgucD6wWX
5p49FMX/rCWhuAzooYGkpIGhMIGeMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVy
bGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQ
TmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLUFLQjEQMA4GA1UEKRMHVlBO
IEFLQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQCdp62lmemfrjAM
BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQBwmgxFIhkxilpGef3bjiAH
yyP78nFOtrQb0lb640pySl07F/2xHTYOPb/TECNzQR8no9aNGZHQlvwEdgLdIrDE
I96AwMfhvVqducsXtR7xjX5YV1Dpa7Yqvt10teuhuPtnXV/ClNaNnFMAlJtnw6bs
+6cGDATRmizu/lZiHnuzG/ANr9AtMOp5R1yw3vPn/Fx6lQ/M4sKxJg0FrJDMvhDh
sFbHA2T+u1Ke7z4BjSFAWb2tTDWfcffBuQhLRYdG0R3RgsZIVP9dtrdrKRAsdIHC
FxL9IHr4mlS3VHqtcyXxFlVhOZsQ5KVt4hFUPgMzIEnFq+T+Q9YXnYM72g1An9d1
+Y5YBkhPZONrmUE2zDjdk4bSy58h9xdSCAyziRvKomtrqx0CDOTJyTqPYjWsLCFu
xer7bvoWGw1bfC2+5TgcLlCqRtGbgeCj3NJ9xHcv5ZP4PVC5VhmewYJFsDiDEfw7
GOc8y5liXX/+YoJjEHrPwMS/QN7mDH60JdXngm7BafQa29mw3GQXwWlLvfFekMXe
DtkRyz0a0FsplnwOScDCsuA0RrJD8T/iUNW6ecdXwwFY5vl8/NhZx2wBnchsBO+z
/Aw8kwc9X87NVqIrJVh2i4UWBo/bAlKSTHY2/i+IeMZf2oXhc6yyleXk6jbZ4b2t
KIajjnXU5P26nFWLP8IiIA==
-----END CERTIFICATE-----
</ca>
# Client Certificate
<cert>
-----BEGIN CERTIFICATE-----
MIIHLjCCBRagAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1BS0Ix
EDAOBgNVBCkTB1ZQTiBBS0IxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRl
MB4XDTE4MDIwNTIwNTQ1NVoXDTM4MDIwNTIwNTQ1NVowgacxCzAJBgNVBAYTAkRF
MQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5v
cGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRkwFwYDVQQDExBWUE4tQUtC
LWd3LWNrdWJ1MRAwDgYDVQQpEwdWUE4gQUtCMR0wGwYJKoZIhvcNAQkBFg5hcmd1
c0Bvb3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKpSg7Om
QQO8vMdmYcgOqYwpz3BSRDDjQJSnKwlNXanVLR8t5ZJQtJKLqUsKo8CC2jyBZQrN
kusVwz5ecKbuyDPnDhl4ra6mCWTQnxKhUX2e9DtK7W0gc8HZ8TAa9tJt2tcKpX7S
MNeEwYETPhQk9rUUxxkynIfr38n8nodyVdtFo/nhhlsqyZO4UHLPhC5Op/lPPvzh
Ioz/I66GquHcwX+bfszWlOw3DJeAXw+qPMyjpOzQbsAzqEXHgDY84/4G+safqD2Z
l4UsoAIbEpdSmHF+blkiuXllT9cZ7l3RIxP4pC4c+NoWZFe5Uve6dv11TdREAzhi
PFI1og3c5wGIRbt757687oJ48Ou7w+MKfoGB/ErjrSrItX8CEMO3u17hgQzzGZ/u
iK/zSR0jTUuTnf2hFByXnR89YqXrEWg5Uch755cZPXzx2phniffQndNzTJcPJOr+
LpxpndzInEqC31Q8ZDUgQ/1Xv0or6ePzpTuxt9VKiA16Zn83RzO8ZIR60lO1+VQP
Uxc+oeZLp+AfbHBHO/yqNws0V4vYOo1XtUN/Uj3jFkYnfcaH0iQTXIR/aGUz6rMO
tuA5e3Y9i8qBpwnDQrG7RlBtOr1Nrrue15yTaEhPHKzBpBYWhbsIyJuBwBdxh96X
QkBgEyKRTYUAge0VS3DD9dkdLgsbst1Ed1ppAgMBAAGjggFqMIIBZjAJBgNVHRME
AjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNh
dGUwHQYDVR0OBBYEFOK0KTR2vda8ZJ/b0eqc0wAVmCA3MIHTBgNVHSMEgcswgciA
FHxCgucD6wWX5p49FMX/rCWhuAzooYGkpIGhMIGeMQswCQYDVQQGEwJERTEPMA0G
A1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZ
MBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLUFLQjEQMA4G
A1UEKRMHVlBOIEFLQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQCd
p62lmemfrjATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEwYDVR0R
BAwwCoIIZ3ctY2t1YnUwDQYJKoZIhvcNAQELBQADggIBABfYhzlm8VjYvuZwySkA
9mR1xblTWn/E/d8r0BR8E1ra9bi5jGqYrIzyoCNNFdL0yjvXGNHZIwN0sn22LlC1
1ikhaWV3WcQhtAT91NJfcXr2tk8xOhmIeGlmHBPW8VwwLjl/6WnUEK0PB7skYjq9
iS+ftC5lFNXFCvaJpReC0HGEoo8nf17PKoktzKFWNb0m6UtS8i8QmHcm+SpqHW7b
kbgGioVYbPrkjpySFigQVu3E4Siu2MO2Z9O8y7kutXzwhCom5zBPAkUrvYchl+IX
AXF3MY/dFaxMezt+SubuTWpvH2cbxdfEusNFbG/bC5NywR+0wAKiM/gySb+TfeB+
0NPEQSDYm6stuTCrC8bu20CevLnQhzI5QsBDi3xc+I0g0aER7uJCQ5ajUtjpM8qy
0Toph7IEzQP1JQnsroNlbdI4QI1anACziCYgToYTvLaDaUulMpzGOKMiP6lXDUfy
nggOubzmWcei6syfxWizdkEJeAeHGrlcsJYMyza5PCExNodjuiUUOVrZGKZYLqsR
2kMysKxFO8x81EBhK7fSJ4wIvM/koKKKSDozTWDTbOA7cWjRYWPIAoA+c7sB7VKd
bdGCHVQVH5/YUXHIEbjM24ZYVP7UX8hQWtfxDOYHL8gSRSncI6T9HXs0p1Mlh0eQ
kJdQyX6Vs+d2zTzAbPqICNGM
-----END CERTIFICATE-----
</cert>
# Client Key
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIrroJRG8KWNgCAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECADohDo0yZ+5BIIJSJ+akpQD4kl1
0K+EMwYmNiqrlC1VpdMMFVEKYL34uhieaWkmhPdmlo5RXggBkdzsKb9V6veIiWBo
i7kF8ywMBzR8xP9hqE/1V64vlsz2YOi0jS55CgAL/g/vtWV/lXHecgCjLgytlkrP
Zsj/cb65XhpnEWP2fFilUAU14K2/5ecJce3kAWMbSBnms9fMXN6uIsdr+J39KaYn
thsTaH7zOfOOeqhvc5g9hcTl248RgQhpDPzCsGqOvKvzdSiKbPPxFSveNE5L8Siv
Zu0g7PvGincOw4AiNwizy1VgR2UTEagmQvqAiI1aBxP6jvePnn0CoG+DAnPlhyMk
Ei2uQ76USFtC3DBFpzfg2NU5pubq90dq0Zgdc4LUz9czwE5XUFXShQ70BGqLHvYG
clSMu3D0lodbQ0Cdg10hCKesNz4i+T7Z7xkvEERB1v7p564qGrn7NAb5tb6JmxlR
wHwS6zsaLzAymNSdxh87hlpupXn688HUSn51KKwjVYnJxyYSAIzkNRQ1LVwzS4TJ
R81J6GpPawKzFGZYnvdbLw72ohyLu8D6d7NMLR/Fc/pYT/QgoH801DeseSpaDd/h
RFr0ax3EA7MDnFQfmv6m+I9OmhTX+qdhFHtRolW+NUGAdXHFun34+cuIy5hPP3OT
FyW7vAE0gQN2zgllJcIUjz2Xd9PzoX/tsuh0/RTaj1sEAQhlENfhDfz5GFHSHYbS
fTCLLHR7YISlqUwSH0TdzP2/vsh283iqaQJL+OLfwquTDONDekNtoiIG7HlB6dQr
9ni9wg9lO8fGRbFsN9DrJ1vJcJN5CmY+fE77BNJV2K6J/9EX1wOKp3PaTFTFOjqy
tp2K/M4BTT+JVG6sC2gcDgHYg/2pGTc+YxaKyFVziP7rFQ0plzB1GqrFOGeaSDkH
7VfuUbwlTtohiToL+Fc7sbKV95bcjtug9o9bxdzTPikd5E0gAqOLwJ2bqgFBYZFl
t/Ohm8BBwnKuJqKMJXSHvEDFTM9e6VaTVKD4r+7lI9Ng8h89ergjBUdRxB0I/4PE
g7HvzcXm8Vru8U7LmfCR3KKBtfwNN3n0v9pFk4D24pMRX4o+SD+INDVaoZ/Dswqp
sI75SngxgOXdvP5x9F6LiTklZ+jxciYsVzb5f3CqkjQ57990Dxyt/+EveQBO4yLb
Hnzw9wYcunqsiRmhzKfkkHwHAYmGggtWWaZN7qhLPFgvmtt+Tkf6Ord6FWlEpr6y
5dzHds5tqH/v3Tv4NsTp8bLWqSACVoZ4tKbiv/AijVGar7hiHS4sJ+ty8q7TriNM
46TxQ/iyxQ+4ycfE0yv6MIYv3g135X8lZJfP0gK5wv5sdtgppUcHpySngJv1Se2+
KGS0WjQ9ZqlBFl2V2eJcSRzHRh4351BnoGYsogBrMxUUuFvHho9BkP+fPPkCna6V
S8f7AKb1YuyfeNrq9dLW/5FjaSI/or6VGSv62LBUXXGflFQgu18IZ6eNkzgir0Bi
bdPBiUjnYxTVbfEaxP2CGCuPyG4AQhkbjciyHj5fuQkXIq4e6x91u3FVRHu/LOwN
zjWYs+JhgVzWlH1S2qTaO1LplMt1mG6TXFEouC+qkZ6Os+Tk8jPfUj71/ffh/p73
We9RMPEdvBnOQXRlIJQXa14QYQ218POC2LSD23aWqPdDsssIwpxOKBJHuRqBZWd2
0VK6YpFubZtJW4Z6DKoc98exR+JU3y9ah2V2G7poE4m9V7Np/PjGJ5zLPtx4GhFO
Xr2D6FK26IGUQlO9G+iErvIOeo6j1GJw85HfDY8+wGFNrPmYXXDbkbgwKhcg86Oq
hBh9Zd6P4J7cvtps8A0+F/ROWalmb06TOSZ62lHrJZpnMuI4enSLh7fq3gfPLKgc
MWbxw9Td9LxGt4So4sg8QT2uKlVDDpsP81Jaz1wK9H71GZ+cKhYs4nEQChSPGh2f
XcpV0/CM855FsRTXOpbNHi9rj4jUWOYRkpF7nCdEiGxBDQ5mMdzQ2j+wWUpCl4XH
oD39DVsEmDvRM4fIoYfiurZB+ByWfNwQ5uWcLqexapu+MzVgzEZd+UcejmmlLc0E
BV3U/DgoRoI4zkpRMzKeRMdKFZ93HjHETrSISfqvulOqgA/FsWCoSt3OSxlYQ+vm
bS8gFuF7FuadfQpZ+9wnsrVceNL4bgaZ8jB2wYLPJ+YGz16DtRkfp24gYPSfKfeU
LuhWbKrRE3MLlMSsjtdrLMUW5nxttdDyxbOj9lBezA+LEiiQGP5Wv10wWyjaAFTg
UCAfWr2oP1WH/lXmIqDYD6zgZEgb2rRmnpeZGbzB5xKYTp97YeKxg/kuPIl9Tf5t
GKYUPp5wO6PEkiHDCyCC8cyzs54pAwMBZZkuNcMZ0vse1FcBFZ8YjEwuxRnVMHdJ
3ZEi1b/kHTWDgH1zvj9pHbT+p1DZmZakV6P+gPxkvcLyzb9Zkt4pWQ6PbmZa6q/c
dYDQExeB/tEiGBn+nb5mYbjhGm8kkokK3lbRRuoqCG/cNBDeGYGNU8q6EabbrSGQ
BU1s4Uda/kHzXXmHxphV8P6luvh/aI56RHPVzj3tDBhNBZXjsIm8vyLi1jd5Y/AD
vzg1Vkhf0AAZpSA6w4uTj+/JCVR8ksitXuDNit2iEWcFHmz6vtuKw78lB8VkpI1s
Y5WmXsZbdWsp66GNWcA5MmBRBb7vd1idSfbw9yRLuiZAhVAmlGpVbSUplfTe4wOi
lDfAZLGVbfvdjWIR1fY5QzJBckfSe3QuuHPmsa+qTLlYbZxWeO01JfoWBADwIa28
otFSYOi9gLAIHOHuRTB4uGZZ1R2B1HjDOx+VFfkpuzUvevG3sA7VZGP7KlvtJ4TJ
+f1KvxBkQoVK0e1dKOFJfqsUDUt+hADQt3fpSpw/x+AROybuynbtJV5oC9/VJG76
7n3dkmZ/07ALJ1vATwMK3/XUW/JNVKjmS87/HkqvpPYlgHK1avwWvEf+Y/0LM6VM
mfEi3ZGo6yGye9O1f5ISRdNpXkFRTYTpOpxGL7vGy7JnGE8ZEpkqHREbqptw34I9
I0DuWszHoohU/MNfXUYIIssmWi54iwN8DHDWoh3bNMmEtLEOzPFGk4016yGpXLea
zrMG2XcHwgwX0S/qORDLR4N826diQqrd49V0yjBnqCyAtIlOrW0l7oAqaJK5eaeO
k5E/xOQ9MK94fdI8ahT+Bw==
-----END ENCRYPTED PRIVATE KEY-----
</key>
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-serve
ns-cert-type server
# If a tls-auth key is used on the server
# then every client must also have the key.
#
# Don't forget to set the 'key-direction' Parameter if using
# Inline Key. Usualy , sever has key direction '0', while client
# has ke direction '1'.
#
key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
ea4b0c3c2469d8119fba1b968f7a3ac1
97af13fc4b4fd1d7e6e3aa6b6513ca98
0acee9fba071da555f9ce14d6642e20a
452192aada6a80e73dc62c3103c780fe
8b5df3a054ba1e86d01bb880defbac93
f061ebe4cf87f5c123ec49ba82f50e1a
e83290dfd4debeba063e3ca1c5f37bac
457184dea9a1a97a053ada58f63b7c1f
1de01ca49f3789716e8df654727e4ee4
77d9b182ba174ef871d72ea2bf82d25b
8d02b7a783324263e03229c0852e712f
950c0528985bc1050145f6e1a2379466
11058027d0373a920718c5a5b2f9177c
94365214e24022b2c34d51f25b008f02
8a198e2ae5910e83120b533853bc47a6
2a579fc8df42a997fa4e4854fcf1608a
-----END OpenVPN Static key V1-----
</tls-auth>
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
comp-lzo
# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 1
# Setting 'pull' on the client takes care to get the 'push' durectives
# from the server
pull

1
AKB/openvpn/gw-ckubu/ipp.txt Normal file
View File

@ -0,0 +1 @@
VPN-AKB-gw-ckubu,10.1.82.2

4
AKB/openvpn/gw-ckubu/keys-created.txt Normal file
View File

@ -0,0 +1,4 @@
key...............: gw-ckubu.key
common name.......: VPN-AKB-gw-ckubu
password..........: Boox9caegaijie4pihu7bu8gei0quo0h

141
AKB/openvpn/gw-ckubu/keys/01.pem Normal file
View File

@ -0,0 +1,141 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-AKB/name=VPN AKB/emailAddress=argus@oopen.de
Validity
Not Before: Feb 5 20:44:53 2018 GMT
Not After : Feb 5 20:44:53 2038 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-AKB-server/name=VPN AKB/emailAddress=argus@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:9c:18:9b:81:a2:15:07:04:d9:1d:c7:a9:5a:03:
d4:a1:90:97:43:f2:6c:65:5f:da:44:77:df:a0:f9:
6d:be:85:c0:3b:6c:08:b4:37:16:55:fb:47:0e:6e:
93:de:5d:c2:f3:a5:09:d8:e9:a8:86:f7:ba:68:e6:
94:7c:1a:7d:32:e7:44:e4:86:cb:8c:5e:5c:2e:7b:
ed:f4:31:12:34:95:31:44:56:de:8e:df:3a:a1:09:
b3:59:c5:b1:c9:a2:ca:7d:bf:b2:1f:a9:36:7c:70:
6f:76:6e:75:9a:72:bc:80:19:50:88:ae:a6:fe:05:
7d:31:df:ba:23:d3:fd:7a:3a:ce:56:a2:0f:72:33:
0c:7d:3d:33:c5:a6:14:99:43:77:2e:e6:17:be:36:
c2:57:b9:ff:fe:19:92:db:74:a0:e3:17:01:e4:0d:
48:50:d7:a8:0b:be:46:fd:65:ba:aa:de:56:5d:9d:
6a:c9:77:d1:f4:4f:69:f5:7a:7e:b6:77:79:6f:66:
b9:e4:ce:e5:d4:25:52:d7:6b:f1:b2:23:e0:c2:08:
be:32:a8:3c:b1:31:fa:cb:31:cc:de:8c:4b:0f:07:
e4:40:95:c6:d0:73:8d:47:e0:43:2e:c3:a1:59:cc:
d3:06:8a:80:cf:81:dc:78:04:67:66:bf:a7:d3:ac:
4a:0e:ab:de:32:fb:98:fb:80:41:af:4d:66:39:ea:
e0:3c:bd:bb:82:76:82:92:7a:f6:1e:78:64:f5:a0:
24:be:ba:44:60:0f:be:b6:34:4b:6a:e9:3e:0a:87:
63:c2:fa:87:14:cc:85:59:e7:33:c6:95:47:87:e3:
d9:07:af:39:b7:89:68:5e:90:bc:ec:12:d1:f2:11:
50:ce:90:bc:90:3a:9e:80:a9:55:66:51:e3:da:e3:
18:1c:a1:5b:1f:ae:ed:95:96:01:eb:25:5a:9f:08:
93:19:b7:92:0d:3d:f5:b4:db:f8:4b:3a:f7:24:fc:
74:14:ce:1d:fd:2a:d8:37:fc:92:8a:c2:b8:38:f8:
f8:86:6d:29:5f:41:3a:43:18:7d:dd:67:23:18:64:
e6:68:21:a0:f2:0c:dc:03:eb:b1:52:dc:51:b5:c0:
fa:8a:51:f6:52:21:b3:c8:91:53:31:b4:af:f2:dc:
bb:5b:9d:c9:e5:20:be:fd:f0:08:c8:f7:f6:82:22:
07:30:10:3c:74:3d:cc:d6:2d:0e:92:c3:c9:bb:78:
d7:5e:61:14:42:04:59:c4:2c:94:d3:d4:3c:5c:54:
36:03:0a:e9:fe:3d:51:1e:7f:40:9d:59:89:75:5f:
df:a5:8e:63:18:d2:ff:2c:5f:a2:41:21:7f:31:84:
8c:9d:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Server
Netscape Comment:
Easy-RSA Generated Server Certificate
X509v3 Subject Key Identifier:
99:27:8E:30:AC:A5:B3:56:72:5C:80:3B:9A:53:D3:54:9B:B8:F7:0A
X509v3 Authority Key Identifier:
keyid:7C:42:82:E7:03:EB:05:97:E6:9E:3D:14:C5:FF:AC:25:A1:B8:0C:E8
DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-AKB/name=VPN AKB/emailAddress=argus@oopen.de
serial:9D:A7:AD:A5:99:E9:9F:AE
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Subject Alternative Name:
DNS:server
Signature Algorithm: sha256WithRSAEncryption
9e:b0:7a:60:42:08:29:e8:49:ae:5b:f1:72:c6:c0:64:4c:0e:
a0:d2:31:8d:7e:7b:b6:00:9a:6f:b7:07:43:23:54:ea:0a:63:
a0:68:30:54:c9:64:8b:e7:bf:58:08:fb:62:ee:fa:6f:8c:f1:
25:3c:6e:bb:32:2e:eb:59:19:36:94:df:a2:4d:37:71:51:db:
b7:02:1a:b1:b2:86:44:15:68:39:95:d1:67:81:da:ae:64:d4:
f8:05:d9:81:47:d0:f1:87:e6:c0:2d:fa:aa:19:ee:70:d4:29:
68:5e:67:d6:4d:b6:f8:cc:38:56:34:50:59:b4:4e:e5:4b:79:
81:f7:0e:62:83:3a:c1:b0:03:50:d5:27:f5:99:4d:01:92:b1:
70:9c:cd:95:62:6b:2c:b2:34:f0:b6:ad:d7:1e:f5:22:cb:eb:
eb:b6:2b:33:5e:8c:56:85:fe:38:c4:94:14:30:77:ee:cb:d8:
03:f9:3d:50:b6:92:9a:9e:59:0b:99:95:e6:83:de:5e:03:08:
e6:75:12:0c:89:d1:59:29:0d:db:6e:cf:9b:1a:b5:88:ba:d6:
d7:c3:ca:0e:31:33:3f:7a:64:ee:c7:80:09:c2:52:15:aa:1a:
d0:df:96:1f:c2:11:ea:6f:39:46:15:58:23:f0:d3:b8:a8:26:
41:ae:cb:1a:f8:43:6f:5f:2a:84:b6:d2:71:f3:b5:94:f4:6a:
c2:61:8f:9a:64:e2:71:43:06:c5:a4:b9:48:95:29:41:37:c1:
3e:9f:56:97:ca:81:dd:4d:0c:35:5e:fd:bd:4c:7c:30:3e:fa:
f1:24:70:8b:a9:f3:d0:d7:0d:04:b7:67:0f:b4:4f:e4:a9:96:
02:9a:6e:7a:9d:76:90:fb:9a:5b:f8:0d:7d:03:b4:94:39:9e:
a8:c6:65:b9:60:86:c5:99:4d:c3:74:08:1f:24:31:04:df:3e:
f3:e8:f3:1e:3b:bf:ac:bf:2a:43:f3:41:5d:27:5b:d3:9f:7a:
60:a1:60:a1:5e:01:a5:1d:42:38:38:1b:00:66:d1:6d:da:21:
a0:e3:27:da:8e:4d:1a:b3:33:ed:28:9a:62:b7:21:3b:fd:3d:
66:1e:50:b8:77:24:99:ca:0f:c9:0c:cb:22:17:60:63:e5:29:
cd:5b:c3:86:85:73:72:08:b3:6f:90:cd:9f:13:8f:8b:33:97:
f2:fe:e9:fd:fd:1d:33:6e:06:dd:dd:1a:36:6e:6a:63:3e:84:
20:5c:08:89:f8:bc:b1:84:b9:6c:70:ea:bb:6d:58:1a:db:a9:
cb:6c:2b:61:1b:ee:11:94:d8:6a:56:7f:23:ec:57:fd:38:df:
2c:7b:dd:b0:58:3b:7a:9d
-----BEGIN CERTIFICATE-----
MIIHRDCCBSygAwIBAgIBATANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1BS0Ix
EDAOBgNVBCkTB1ZQTiBBS0IxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRl
MB4XDTE4MDIwNTIwNDQ1M1oXDTM4MDIwNTIwNDQ1M1owgaUxCzAJBgNVBAYTAkRF
MQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5v
cGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRcwFQYDVQQDEw5WUE4tQUtC
LXNlcnZlcjEQMA4GA1UEKRMHVlBOIEFLQjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
b29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCcGJuBohUH
BNkdx6laA9ShkJdD8mxlX9pEd9+g+W2+hcA7bAi0NxZV+0cObpPeXcLzpQnY6aiG
97po5pR8Gn0y50TkhsuMXlwue+30MRI0lTFEVt6O3zqhCbNZxbHJosp9v7IfqTZ8
cG92bnWacryAGVCIrqb+BX0x37oj0/16Os5Wog9yMwx9PTPFphSZQ3cu5he+NsJX
uf/+GZLbdKDjFwHkDUhQ16gLvkb9Zbqq3lZdnWrJd9H0T2n1en62d3lvZrnkzuXU
JVLXa/GyI+DCCL4yqDyxMfrLMczejEsPB+RAlcbQc41H4EMuw6FZzNMGioDPgdx4
BGdmv6fTrEoOq94y+5j7gEGvTWY56uA8vbuCdoKSevYeeGT1oCS+ukRgD762NEtq
6T4Kh2PC+ocUzIVZ5zPGlUeH49kHrzm3iWhekLzsEtHyEVDOkLyQOp6AqVVmUePa
4xgcoVsfru2VlgHrJVqfCJMZt5INPfW02/hLOvck/HQUzh39Ktg3/JKKwrg4+PiG
bSlfQTpDGH3dZyMYZOZoIaDyDNwD67FS3FG1wPqKUfZSIbPIkVMxtK/y3Ltbncnl
IL798AjI9/aCIgcwEDx0PczWLQ6Sw8m7eNdeYRRCBFnELJTT1DxcVDYDCun+PVEe
f0CdWYl1X9+ljmMY0v8sX6JBIX8xhIydXwIDAQABo4IBgjCCAX4wCQYDVR0TBAIw
ADARBglghkgBhvhCAQEEBAMCBkAwNAYJYIZIAYb4QgENBCcWJUVhc3ktUlNBIEdl
bmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFJknjjCspbNWclyA
O5pT01SbuPcKMIHTBgNVHSMEgcswgciAFHxCgucD6wWX5p49FMX/rCWhuAzooYGk
pIGhMIGeMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZC
ZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNl
czEQMA4GA1UEAxMHVlBOLUFLQjEQMA4GA1UEKRMHVlBOIEFLQjEdMBsGCSqGSIb3
DQEJARYOYXJndXNAb29wZW4uZGWCCQCdp62lmemfrjATBgNVHSUEDDAKBggrBgEF
BQcDATALBgNVHQ8EBAMCBaAwEQYDVR0RBAowCIIGc2VydmVyMA0GCSqGSIb3DQEB
CwUAA4ICAQCesHpgQggp6EmuW/FyxsBkTA6g0jGNfnu2AJpvtwdDI1TqCmOgaDBU
yWSL579YCPti7vpvjPElPG67Mi7rWRk2lN+iTTdxUdu3AhqxsoZEFWg5ldFngdqu
ZNT4BdmBR9Dxh+bALfqqGe5w1CloXmfWTbb4zDhWNFBZtE7lS3mB9w5igzrBsANQ
1Sf1mU0BkrFwnM2VYmsssjTwtq3XHvUiy+vrtiszXoxWhf44xJQUMHfuy9gD+T1Q
tpKanlkLmZXmg95eAwjmdRIMidFZKQ3bbs+bGrWIutbXw8oOMTM/emTux4AJwlIV
qhrQ35YfwhHqbzlGFVgj8NO4qCZBrssa+ENvXyqEttJx87WU9GrCYY+aZOJxQwbF
pLlIlSlBN8E+n1aXyoHdTQw1Xv29THwwPvrxJHCLqfPQ1w0Et2cPtE/kqZYCmm56
nXaQ+5pb+A19A7SUOZ6oxmW5YIbFmU3DdAgfJDEE3z7z6PMeO7+svypD80FdJ1vT
n3pgoWChXgGlHUI4OBsAZtFt2iGg4yfajk0aszPtKJpityE7/T1mHlC4dySZyg/J
DMsiF2Bj5SnNW8OGhXNyCLNvkM2fE4+LM5fy/un9/R0zbgbd3Ro2bmpjPoQgXAiJ
+LyxhLlscOq7bVga26nLbCthG+4RlNhqVn8j7Ff9ON8se92wWDt6nQ==
-----END CERTIFICATE-----

139
AKB/openvpn/gw-ckubu/keys/02.pem Normal file
View File

@ -0,0 +1,139 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-AKB/name=VPN AKB/emailAddress=argus@oopen.de
Validity
Not Before: Feb 5 20:54:55 2018 GMT
Not After : Feb 5 20:54:55 2038 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-AKB-gw-ckubu/name=VPN AKB/emailAddress=argus@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:aa:52:83:b3:a6:41:03:bc:bc:c7:66:61:c8:0e:
a9:8c:29:cf:70:52:44:30:e3:40:94:a7:2b:09:4d:
5d:a9:d5:2d:1f:2d:e5:92:50:b4:92:8b:a9:4b:0a:
a3:c0:82:da:3c:81:65:0a:cd:92:eb:15:c3:3e:5e:
70:a6:ee:c8:33:e7:0e:19:78:ad:ae:a6:09:64:d0:
9f:12:a1:51:7d:9e:f4:3b:4a:ed:6d:20:73:c1:d9:
f1:30:1a:f6:d2:6d:da:d7:0a:a5:7e:d2:30:d7:84:
c1:81:13:3e:14:24:f6:b5:14:c7:19:32:9c:87:eb:
df:c9:fc:9e:87:72:55:db:45:a3:f9:e1:86:5b:2a:
c9:93:b8:50:72:cf:84:2e:4e:a7:f9:4f:3e:fc:e1:
22:8c:ff:23:ae:86:aa:e1:dc:c1:7f:9b:7e:cc:d6:
94:ec:37:0c:97:80:5f:0f:aa:3c:cc:a3:a4:ec:d0:
6e:c0:33:a8:45:c7:80:36:3c:e3:fe:06:fa:c6:9f:
a8:3d:99:97:85:2c:a0:02:1b:12:97:52:98:71:7e:
6e:59:22:b9:79:65:4f:d7:19:ee:5d:d1:23:13:f8:
a4:2e:1c:f8:da:16:64:57:b9:52:f7:ba:76:fd:75:
4d:d4:44:03:38:62:3c:52:35:a2:0d:dc:e7:01:88:
45:bb:7b:e7:be:bc:ee:82:78:f0:eb:bb:c3:e3:0a:
7e:81:81:fc:4a:e3:ad:2a:c8:b5:7f:02:10:c3:b7:
bb:5e:e1:81:0c:f3:19:9f:ee:88:af:f3:49:1d:23:
4d:4b:93:9d:fd:a1:14:1c:97:9d:1f:3d:62:a5:eb:
11:68:39:51:c8:7b:e7:97:19:3d:7c:f1:da:98:67:
89:f7:d0:9d:d3:73:4c:97:0f:24:ea:fe:2e:9c:69:
9d:dc:c8:9c:4a:82:df:54:3c:64:35:20:43:fd:57:
bf:4a:2b:e9:e3:f3:a5:3b:b1:b7:d5:4a:88:0d:7a:
66:7f:37:47:33:bc:64:84:7a:d2:53:b5:f9:54:0f:
53:17:3e:a1:e6:4b:a7:e0:1f:6c:70:47:3b:fc:aa:
37:0b:34:57:8b:d8:3a:8d:57:b5:43:7f:52:3d:e3:
16:46:27:7d:c6:87:d2:24:13:5c:84:7f:68:65:33:
ea:b3:0e:b6:e0:39:7b:76:3d:8b:ca:81:a7:09:c3:
42:b1:bb:46:50:6d:3a:bd:4d:ae:bb:9e:d7:9c:93:
68:48:4f:1c:ac:c1:a4:16:16:85:bb:08:c8:9b:81:
c0:17:71:87:de:97:42:40:60:13:22:91:4d:85:00:
81:ed:15:4b:70:c3:f5:d9:1d:2e:0b:1b:b2:dd:44:
77:5a:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
E2:B4:29:34:76:BD:D6:BC:64:9F:DB:D1:EA:9C:D3:00:15:98:20:37
X509v3 Authority Key Identifier:
keyid:7C:42:82:E7:03:EB:05:97:E6:9E:3D:14:C5:FF:AC:25:A1:B8:0C:E8
DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-AKB/name=VPN AKB/emailAddress=argus@oopen.de
serial:9D:A7:AD:A5:99:E9:9F:AE
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:gw-ckubu
Signature Algorithm: sha256WithRSAEncryption
17:d8:87:39:66:f1:58:d8:be:e6:70:c9:29:00:f6:64:75:c5:
b9:53:5a:7f:c4:fd:df:2b:d0:14:7c:13:5a:da:f5:b8:b9:8c:
6a:98:ac:8c:f2:a0:23:4d:15:d2:f4:ca:3b:d7:18:d1:d9:23:
03:74:b2:7d:b6:2e:50:b5:d6:29:21:69:65:77:59:c4:21:b4:
04:fd:d4:d2:5f:71:7a:f6:b6:4f:31:3a:19:88:78:69:66:1c:
13:d6:f1:5c:30:2e:39:7f:e9:69:d4:10:ad:0f:07:bb:24:62:
3a:bd:89:2f:9f:b4:2e:65:14:d5:c5:0a:f6:89:a5:17:82:d0:
71:84:a2:8f:27:7f:5e:cf:2a:89:2d:cc:a1:56:35:bd:26:e9:
4b:52:f2:2f:10:98:77:26:f9:2a:6a:1d:6e:db:91:b8:06:8a:
85:58:6c:fa:e4:8e:9c:92:16:28:10:56:ed:c4:e1:28:ae:d8:
c3:b6:67:d3:bc:cb:b9:2e:b5:7c:f0:84:2a:26:e7:30:4f:02:
45:2b:bd:87:21:97:e2:17:01:71:77:31:8f:dd:15:ac:4c:7b:
3b:7e:4a:e6:ee:4d:6a:6f:1f:67:1b:c5:d7:c4:ba:c3:45:6c:
6f:db:0b:93:72:c1:1f:b4:c0:02:a2:33:f8:32:49:bf:93:7d:
e0:7e:d0:d3:c4:41:20:d8:9b:ab:2d:b9:30:ab:0b:c6:ee:db:
40:9e:bc:b9:d0:87:32:39:42:c0:43:8b:7c:5c:f8:8d:20:d1:
a1:11:ee:e2:42:43:96:a3:52:d8:e9:33:ca:b2:d1:3a:29:87:
b2:04:cd:03:f5:25:09:ec:ae:83:65:6d:d2:38:40:8d:5a:9c:
00:b3:88:26:20:4e:86:13:bc:b6:83:69:4b:a5:32:9c:c6:38:
a3:22:3f:a9:57:0d:47:f2:9e:08:0e:b9:bc:e6:59:c7:a2:ea:
cc:9f:c5:68:b3:76:41:09:78:07:87:1a:b9:5c:b0:96:0c:cb:
36:b9:3c:21:31:36:87:63:ba:25:14:39:5a:d9:18:a6:58:2e:
ab:11:da:43:32:b0:ac:45:3b:cc:7c:d4:40:61:2b:b7:d2:27:
8c:08:bc:cf:e4:a0:a2:8a:48:3a:33:4d:60:d3:6c:e0:3b:71:
68:d1:61:63:c8:02:80:3e:73:bb:01:ed:52:9d:6d:d1:82:1d:
54:15:1f:9f:d8:51:71:c8:11:b8:cc:db:86:58:54:fe:d4:5f:
c8:50:5a:d7:f1:0c:e6:07:2f:c8:12:45:29:dc:23:a4:fd:1d:
7b:34:a7:53:25:87:47:90:90:97:50:c9:7e:95:b3:e7:76:cd:
3c:c0:6c:fa:88:08:d1:8c
-----BEGIN CERTIFICATE-----
MIIHLjCCBRagAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1BS0Ix
EDAOBgNVBCkTB1ZQTiBBS0IxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRl
MB4XDTE4MDIwNTIwNTQ1NVoXDTM4MDIwNTIwNTQ1NVowgacxCzAJBgNVBAYTAkRF
MQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5v
cGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRkwFwYDVQQDExBWUE4tQUtC
LWd3LWNrdWJ1MRAwDgYDVQQpEwdWUE4gQUtCMR0wGwYJKoZIhvcNAQkBFg5hcmd1
c0Bvb3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKpSg7Om
QQO8vMdmYcgOqYwpz3BSRDDjQJSnKwlNXanVLR8t5ZJQtJKLqUsKo8CC2jyBZQrN
kusVwz5ecKbuyDPnDhl4ra6mCWTQnxKhUX2e9DtK7W0gc8HZ8TAa9tJt2tcKpX7S
MNeEwYETPhQk9rUUxxkynIfr38n8nodyVdtFo/nhhlsqyZO4UHLPhC5Op/lPPvzh
Ioz/I66GquHcwX+bfszWlOw3DJeAXw+qPMyjpOzQbsAzqEXHgDY84/4G+safqD2Z
l4UsoAIbEpdSmHF+blkiuXllT9cZ7l3RIxP4pC4c+NoWZFe5Uve6dv11TdREAzhi
PFI1og3c5wGIRbt757687oJ48Ou7w+MKfoGB/ErjrSrItX8CEMO3u17hgQzzGZ/u
iK/zSR0jTUuTnf2hFByXnR89YqXrEWg5Uch755cZPXzx2phniffQndNzTJcPJOr+
LpxpndzInEqC31Q8ZDUgQ/1Xv0or6ePzpTuxt9VKiA16Zn83RzO8ZIR60lO1+VQP
Uxc+oeZLp+AfbHBHO/yqNws0V4vYOo1XtUN/Uj3jFkYnfcaH0iQTXIR/aGUz6rMO
tuA5e3Y9i8qBpwnDQrG7RlBtOr1Nrrue15yTaEhPHKzBpBYWhbsIyJuBwBdxh96X
QkBgEyKRTYUAge0VS3DD9dkdLgsbst1Ed1ppAgMBAAGjggFqMIIBZjAJBgNVHRME
AjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNh
dGUwHQYDVR0OBBYEFOK0KTR2vda8ZJ/b0eqc0wAVmCA3MIHTBgNVHSMEgcswgciA
FHxCgucD6wWX5p49FMX/rCWhuAzooYGkpIGhMIGeMQswCQYDVQQGEwJERTEPMA0G
A1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZ
MBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLUFLQjEQMA4G
A1UEKRMHVlBOIEFLQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQCd
p62lmemfrjATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEwYDVR0R
BAwwCoIIZ3ctY2t1YnUwDQYJKoZIhvcNAQELBQADggIBABfYhzlm8VjYvuZwySkA
9mR1xblTWn/E/d8r0BR8E1ra9bi5jGqYrIzyoCNNFdL0yjvXGNHZIwN0sn22LlC1
1ikhaWV3WcQhtAT91NJfcXr2tk8xOhmIeGlmHBPW8VwwLjl/6WnUEK0PB7skYjq9
iS+ftC5lFNXFCvaJpReC0HGEoo8nf17PKoktzKFWNb0m6UtS8i8QmHcm+SpqHW7b
kbgGioVYbPrkjpySFigQVu3E4Siu2MO2Z9O8y7kutXzwhCom5zBPAkUrvYchl+IX
AXF3MY/dFaxMezt+SubuTWpvH2cbxdfEusNFbG/bC5NywR+0wAKiM/gySb+TfeB+
0NPEQSDYm6stuTCrC8bu20CevLnQhzI5QsBDi3xc+I0g0aER7uJCQ5ajUtjpM8qy
0Toph7IEzQP1JQnsroNlbdI4QI1anACziCYgToYTvLaDaUulMpzGOKMiP6lXDUfy
nggOubzmWcei6syfxWizdkEJeAeHGrlcsJYMyza5PCExNodjuiUUOVrZGKZYLqsR
2kMysKxFO8x81EBhK7fSJ4wIvM/koKKKSDozTWDTbOA7cWjRYWPIAoA+c7sB7VKd
bdGCHVQVH5/YUXHIEbjM24ZYVP7UX8hQWtfxDOYHL8gSRSncI6T9HXs0p1Mlh0eQ
kJdQyX6Vs+d2zTzAbPqICNGM
-----END CERTIFICATE-----

39
AKB/openvpn/gw-ckubu/keys/ca.crt Normal file
View File

@ -0,0 +1,39 @@
-----BEGIN CERTIFICATE-----
MIIGzDCCBLSgAwIBAgIJAJ2nraWZ6Z+uMA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMH
VlBOLUFLQjEQMA4GA1UEKRMHVlBOIEFLQjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
b29wZW4uZGUwIBcNMTgwMjA1MjAzMDM3WhgPMjA1MDAyMDUyMDMwMzdaMIGeMQsw
CQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzAN
BgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UE
AxMHVlBOLUFLQjEQMA4GA1UEKRMHVlBOIEFLQjEdMBsGCSqGSIb3DQEJARYOYXJn
dXNAb29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDU3ELr
25xiRgZY6TlrEyKW4z26lI0B/f3q4NcgbZee+6XMU4mLyfbxMDowyfxs1QdhmVZX
H4aFhfpge25w4V4XEgslYHV4Tx6fN9jlA5EAwusByayiq2YZ/ZrAqsaSK25atH/E
US3tS/bthj4Tt1DGSmXJzVP2d89vDbfdk82lKTBdtlfbnL+zLG8NmL1NHeAGel+B
kjHRMXo8m+04Zcq6xykBQZ2/lfS1jhqCUygCyub3moHTCTVmkfbKm9qWrqBMVTbn
c5ld3G2TTjuRYVsYGzgnFHPrHtqMFgJOYgS5CIZ2mTsYgAaREt4IPDu5oIC+oe4X
iErcIJoCO1NEsuHkuchvWhqRoSaqVOT1bRdVc+v/pfVkRVBb+VOeVQUG78LHRpDx
LMx48QtN2P0HY2mdQK1FWZetFo0ncJvmjnFWqV3ZdWwWJmeXGCU+pNmokcP2wn6b
zJ9lhtntS5IWqlAWUIUfJEXL+FbRbCCFG5reKcdSoNHFBewvcRfg5wPz6cMQDHXd
B03168HJSVb8mB76bmBmc+zsLIFoCm7kepm+uzpY0//Uz0WXXXg6OI/zhBSECng6
hamvri9k6uAeoyVjKJVpG2tALMmYcC2ygxYuFi5mbYg41eAMfBwAtK6sWdLy99qz
sLWze8fwl8wHJhfHlLTQrLpMz0lpnjDtVOyP1wIDAQABo4IBBzCCAQMwHQYDVR0O
BBYEFHxCgucD6wWX5p49FMX/rCWhuAzoMIHTBgNVHSMEgcswgciAFHxCgucD6wWX
5p49FMX/rCWhuAzooYGkpIGhMIGeMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVy
bGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQ
TmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLUFLQjEQMA4GA1UEKRMHVlBO
IEFLQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQCdp62lmemfrjAM
BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQBwmgxFIhkxilpGef3bjiAH
yyP78nFOtrQb0lb640pySl07F/2xHTYOPb/TECNzQR8no9aNGZHQlvwEdgLdIrDE
I96AwMfhvVqducsXtR7xjX5YV1Dpa7Yqvt10teuhuPtnXV/ClNaNnFMAlJtnw6bs
+6cGDATRmizu/lZiHnuzG/ANr9AtMOp5R1yw3vPn/Fx6lQ/M4sKxJg0FrJDMvhDh
sFbHA2T+u1Ke7z4BjSFAWb2tTDWfcffBuQhLRYdG0R3RgsZIVP9dtrdrKRAsdIHC
FxL9IHr4mlS3VHqtcyXxFlVhOZsQ5KVt4hFUPgMzIEnFq+T+Q9YXnYM72g1An9d1
+Y5YBkhPZONrmUE2zDjdk4bSy58h9xdSCAyziRvKomtrqx0CDOTJyTqPYjWsLCFu
xer7bvoWGw1bfC2+5TgcLlCqRtGbgeCj3NJ9xHcv5ZP4PVC5VhmewYJFsDiDEfw7
GOc8y5liXX/+YoJjEHrPwMS/QN7mDH60JdXngm7BafQa29mw3GQXwWlLvfFekMXe
DtkRyz0a0FsplnwOScDCsuA0RrJD8T/iUNW6ecdXwwFY5vl8/NhZx2wBnchsBO+z
/Aw8kwc9X87NVqIrJVh2i4UWBo/bAlKSTHY2/i+IeMZf2oXhc6yyleXk6jbZ4b2t
KIajjnXU5P26nFWLP8IiIA==
-----END CERTIFICATE-----

52
AKB/openvpn/gw-ckubu/keys/ca.key Normal file
View File

@ -0,0 +1,52 @@
-----BEGIN PRIVATE KEY-----
MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDU3ELr25xiRgZY
6TlrEyKW4z26lI0B/f3q4NcgbZee+6XMU4mLyfbxMDowyfxs1QdhmVZXH4aFhfpg
e25w4V4XEgslYHV4Tx6fN9jlA5EAwusByayiq2YZ/ZrAqsaSK25atH/EUS3tS/bt
hj4Tt1DGSmXJzVP2d89vDbfdk82lKTBdtlfbnL+zLG8NmL1NHeAGel+BkjHRMXo8
m+04Zcq6xykBQZ2/lfS1jhqCUygCyub3moHTCTVmkfbKm9qWrqBMVTbnc5ld3G2T
TjuRYVsYGzgnFHPrHtqMFgJOYgS5CIZ2mTsYgAaREt4IPDu5oIC+oe4XiErcIJoC
O1NEsuHkuchvWhqRoSaqVOT1bRdVc+v/pfVkRVBb+VOeVQUG78LHRpDxLMx48QtN
2P0HY2mdQK1FWZetFo0ncJvmjnFWqV3ZdWwWJmeXGCU+pNmokcP2wn6bzJ9lhtnt
S5IWqlAWUIUfJEXL+FbRbCCFG5reKcdSoNHFBewvcRfg5wPz6cMQDHXdB03168HJ
SVb8mB76bmBmc+zsLIFoCm7kepm+uzpY0//Uz0WXXXg6OI/zhBSECng6hamvri9k
6uAeoyVjKJVpG2tALMmYcC2ygxYuFi5mbYg41eAMfBwAtK6sWdLy99qzsLWze8fw
l8wHJhfHlLTQrLpMz0lpnjDtVOyP1wIDAQABAoICAFzgzwKDDLWEwHhDK56g9tLH
zMOA1hYscYLvIG8x4pqoSyvgt3+bXHjZBksLl20VducLNTVGuDfCwgEfWo0+iQOg
B+UDNb6NJ1tpzuX+rGKcqlZZXU6NYzusAL5YxdQ5xykk4SsUEOod31y82pFXx5L+
G3P2d9Bvbr+SSMwSFgUe98+sJKHav3q6xKo2H0Nq6blp5Apxc/NHl4KittuI7vCY
vjeiHebe06v0mXSMPEUbq7QWYtdmiTp8Licx4islfyRPeml7c0wVRmqkFDHXPRxD
pDjJH9tT1yCQ6eixtEXYhnNxYOvL0RG0HdWSEq1ob0S++1ihS6jJQOoAYND1DMMo
j6O8rrlF7I7giSJsHh+N/dkwveXrSI2Vf96J5hHiR1CcYob9ITtGVJH5dFN/WVfq
Iw5UBx2ZKqW4eo2EDPcUkEiEFQBI532nsPnLJ2yVLfz9Jul8hWOant4BAsNRSbri
ayGRFj/YrgrL90Q7Uzw2tFjTbNLWbZZdsfbrnGsVa/FrbtTa0t2umXDEVZ2WXo2c
WvbJ8vLb/9gu4UbJxzgZHXY6ISMWaX+jQLbh7kY/PpLj0r3F6VbxEztfqM3PBRv2
snKfyWl3/IC78AcumywJ+EPBBgNtkt0W7Fc9K5xWJNfxajmBEDZQMFo0uLSMV02a
ev3Z0Be3YmVsdD1XZ3EhAoIBAQD3SsirCpVwQW3fka8eX/638wAI5lnEq+8Z6Ac3
uxlUXTkSZEB3eEu8p6EWNufrTr/xBTgrFBEbJZxTqV2DvMY94X496FhxY2xLKgg8
Vs78YqXi9kvTXQcoyqJd3kHvfSeo/GMfVeYzXEMQxYyXt2ZBvbpjO5SO/wXWVzdA
syZQbqmyShiN7qfNqHtBa7navMDJFvTCbppyrBAI/15cP/ljyTEv/8D9jZ6HoaAz
7v4j9ps4kYKIZ9AsZT2Et1PukhdSXCkpmczHrAl7R6EoLED7q7XAAYKt9yt+emWu
Og9Oo7/x5XYOGGoXxzRVGZDS2L+cirBcrXw4k/3juaSagtZLAoIBAQDcWxex3o0I
jtJGM0VB/795pDWph0zh15bASgA8AfQfBUZEC7cxXrNr5R9VCK8H+pI5UhrwzUpD
TqFSlk8LHOJWb4bmm6iG3DeOXP6CSGljS71GfB0YB4hxcjpZlrcUTUFD0sCQqpAE
F+yf4C3iLc/6y+ZOgnlXze4GP7VPMqCtf71ESg86meuX5NBuol8sI+rW4KNjae/C
55rWRcFkKSALFTPkGr6PwLoXQjBtyj6y+NPr9KuFl0U4JX/JPef2i62P1kLlkjNR
3kbwvO5PZd+8i2BYpIAx85kIuCVg4lHBzP3l46sJ6JlZV/shwyx6LBIWYdemC968
7xoqUasZaGUlAoIBAGDuznPFJUioTQI6n9MfO8AtH1FdwchGwOV9vv6Id2hLVmiw
JVjvLXjYmFsV0Ji6+J/oNNkl94KVno5osABIiciN0CdCIRDpMPTRmALW4DGsFWw+
sQA70eeabkSvL1dJzrb9n3kT+bUeMCet1+tMd2fDkAD/xL68ljQrYbwZvSYACsKZ
KsDP0LTbmtzM9kAYhtUMC4r/Qck7StnMB9fPN9l2brJq5OI+leqCX0KcJsBAFR36
Y5lGYCJW2ONh3SOB3mRpPbVR1SRbeif5ruEJX7uG1ipaLTg1z7W3Eo5VsdRYeY+/
KyRhS4zgh9HnwI31aj5ZWsIpOq0OzZFrHmt2Z7sCggEBALBzZSryWh7zNuAt6BSs
dagzXSEujdr+5uF9oGhs7A33DEgq1Xv8KFKKu6c89+O8u2CZJaeTzBbPnRDj+dGd
RIUQc4awOKgdKYOfZdHvqCxyFtOdSTLXvWOSo7TfoiTopA1qcvalDgOpILr5KeTG
6JcctYRCqGYuKZ7pXwdXNCEae/V2FHHJlUUhXeJptSpEbKW6ZjuSNgLtsShJ3U2W
POmDBfVvkQ7NtnYvc1ZHMCPiati0KLEl67DFHmmIX/ol6UqXuSPaCaxSAJ5/u5jq
q9lwBiuVNm5JcU7xHkVRlURKITn4MBsUHc/USu3DOxdtuOIhYSy+rpK+KEag9RC4
bt0CggEARAVJZMFc4F74aeHDeQtQYh8PHwuYPF33j5KTeyT59I5pmGKVZDsqc1ZY
GxsLZmr8jR4AJomMgymrJIuFqdXfhj1lWu0fHh8mVG9Ja+Mh4WsO2SzMSysIoonR
v1Ej+UfefyehzfmUT2tggbs/s7wqNy61C6LmH+HPqGGM4qihIVus8muAxP+9z/W/
KJ3jOsPOj8hx2LBw0RdkbD9WHCjk063Xdw4zXtnt1B3sQ5DJ+INilAXDmOKHyWW8
NM+cGCF5YV63mWBp9jkqICllJCTtPdCr7KhelzOpVHRvDDJDND/EKo+9QbtQkN/9
+p0YwaKXlRKVAXvf7Rqr/9IQ182VBA==
-----END PRIVATE KEY-----

1
AKB/openvpn/gw-ckubu/keys/crl.pem Symbolic link
View File

@ -0,0 +1 @@
../crl.pem

13
AKB/openvpn/gw-ckubu/keys/dh4096.pem Normal file
View File

@ -0,0 +1,13 @@
-----BEGIN DH PARAMETERS-----
MIICCAKCAgEAgPDupjU4lg6zKwNObGKofektBBGNJE3270fvwK/EhRu63ZbQLsLn
KL1oHP+CO0g+eD9VDNRpAlOxY6ug+RZm1gbrX7ffGlvC5W2ttOpc6ZugKmS/AYyl
c1VJTyjDcOrCnkIlYBUjv4QYVMzek/Uc9doYEcl9WSVzsQ9IHrbOettMeoACkpSt
B6cQonmYZyU8YQBD2Bk92vOCdkyFRoQHQlyhd0hUBj7iwUxKtqoSpomZ+cRETVQO
HlCw9MsXMeeibD84pCVf2k91IeHt/n62qdP43jNAoFTCNUhO37gghnUSxYKOE83u
NZf//i2iwAsc+sEIKbzau4JvZe4dLTHfKVzhyBT7hfiuFH0ZQect4oQp7jBMH2os
QN2f//lJ1Hq5OSQSPFGtJi/zTKHE6+x3HtuxKkx2+KZedmt9ban0fggNR2dCUl8V
qnHkvE0KTLhvDZJq76pM0Vvt/q9DqEpYlLywW1diV6nH8TdTG+9d57Ofv1pVsm/+
Nqmsq00J5bNLgJvcEo/64Rx84tzsQvdzwUD7UwGTnb6I1epBzPt/Fc4pX3aBUsnO
0vSmDbMN3a67RauEQqqhJ79kR1a+7XSO3s5vf2JVEvqttNx74ufw2t2I5O//Ji7m
0eFYTnDNOPe0TKjKhSTzqcxaQpfuUb3/WdE8o1VKdxz0G+PP2ymnS9sCAQI=
-----END DH PARAMETERS-----

139
AKB/openvpn/gw-ckubu/keys/gw-ckubu.crt Normal file
View File

@ -0,0 +1,139 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-AKB/name=VPN AKB/emailAddress=argus@oopen.de
Validity
Not Before: Feb 5 20:54:55 2018 GMT
Not After : Feb 5 20:54:55 2038 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-AKB-gw-ckubu/name=VPN AKB/emailAddress=argus@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:aa:52:83:b3:a6:41:03:bc:bc:c7:66:61:c8:0e:
a9:8c:29:cf:70:52:44:30:e3:40:94:a7:2b:09:4d:
5d:a9:d5:2d:1f:2d:e5:92:50:b4:92:8b:a9:4b:0a:
a3:c0:82:da:3c:81:65:0a:cd:92:eb:15:c3:3e:5e:
70:a6:ee:c8:33:e7:0e:19:78:ad:ae:a6:09:64:d0:
9f:12:a1:51:7d:9e:f4:3b:4a:ed:6d:20:73:c1:d9:
f1:30:1a:f6:d2:6d:da:d7:0a:a5:7e:d2:30:d7:84:
c1:81:13:3e:14:24:f6:b5:14:c7:19:32:9c:87:eb:
df:c9:fc:9e:87:72:55:db:45:a3:f9:e1:86:5b:2a:
c9:93:b8:50:72:cf:84:2e:4e:a7:f9:4f:3e:fc:e1:
22:8c:ff:23:ae:86:aa:e1:dc:c1:7f:9b:7e:cc:d6:
94:ec:37:0c:97:80:5f:0f:aa:3c:cc:a3:a4:ec:d0:
6e:c0:33:a8:45:c7:80:36:3c:e3:fe:06:fa:c6:9f:
a8:3d:99:97:85:2c:a0:02:1b:12:97:52:98:71:7e:
6e:59:22:b9:79:65:4f:d7:19:ee:5d:d1:23:13:f8:
a4:2e:1c:f8:da:16:64:57:b9:52:f7:ba:76:fd:75:
4d:d4:44:03:38:62:3c:52:35:a2:0d:dc:e7:01:88:
45:bb:7b:e7:be:bc:ee:82:78:f0:eb:bb:c3:e3:0a:
7e:81:81:fc:4a:e3:ad:2a:c8:b5:7f:02:10:c3:b7:
bb:5e:e1:81:0c:f3:19:9f:ee:88:af:f3:49:1d:23:
4d:4b:93:9d:fd:a1:14:1c:97:9d:1f:3d:62:a5:eb:
11:68:39:51:c8:7b:e7:97:19:3d:7c:f1:da:98:67:
89:f7:d0:9d:d3:73:4c:97:0f:24:ea:fe:2e:9c:69:
9d:dc:c8:9c:4a:82:df:54:3c:64:35:20:43:fd:57:
bf:4a:2b:e9:e3:f3:a5:3b:b1:b7:d5:4a:88:0d:7a:
66:7f:37:47:33:bc:64:84:7a:d2:53:b5:f9:54:0f:
53:17:3e:a1:e6:4b:a7:e0:1f:6c:70:47:3b:fc:aa:
37:0b:34:57:8b:d8:3a:8d:57:b5:43:7f:52:3d:e3:
16:46:27:7d:c6:87:d2:24:13:5c:84:7f:68:65:33:
ea:b3:0e:b6:e0:39:7b:76:3d:8b:ca:81:a7:09:c3:
42:b1:bb:46:50:6d:3a:bd:4d:ae:bb:9e:d7:9c:93:
68:48:4f:1c:ac:c1:a4:16:16:85:bb:08:c8:9b:81:
c0:17:71:87:de:97:42:40:60:13:22:91:4d:85:00:
81:ed:15:4b:70:c3:f5:d9:1d:2e:0b:1b:b2:dd:44:
77:5a:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
E2:B4:29:34:76:BD:D6:BC:64:9F:DB:D1:EA:9C:D3:00:15:98:20:37
X509v3 Authority Key Identifier:
keyid:7C:42:82:E7:03:EB:05:97:E6:9E:3D:14:C5:FF:AC:25:A1:B8:0C:E8
DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-AKB/name=VPN AKB/emailAddress=argus@oopen.de
serial:9D:A7:AD:A5:99:E9:9F:AE
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:gw-ckubu
Signature Algorithm: sha256WithRSAEncryption
17:d8:87:39:66:f1:58:d8:be:e6:70:c9:29:00:f6:64:75:c5:
b9:53:5a:7f:c4:fd:df:2b:d0:14:7c:13:5a:da:f5:b8:b9:8c:
6a:98:ac:8c:f2:a0:23:4d:15:d2:f4:ca:3b:d7:18:d1:d9:23:
03:74:b2:7d:b6:2e:50:b5:d6:29:21:69:65:77:59:c4:21:b4:
04:fd:d4:d2:5f:71:7a:f6:b6:4f:31:3a:19:88:78:69:66:1c:
13:d6:f1:5c:30:2e:39:7f:e9:69:d4:10:ad:0f:07:bb:24:62:
3a:bd:89:2f:9f:b4:2e:65:14:d5:c5:0a:f6:89:a5:17:82:d0:
71:84:a2:8f:27:7f:5e:cf:2a:89:2d:cc:a1:56:35:bd:26:e9:
4b:52:f2:2f:10:98:77:26:f9:2a:6a:1d:6e:db:91:b8:06:8a:
85:58:6c:fa:e4:8e:9c:92:16:28:10:56:ed:c4:e1:28:ae:d8:
c3:b6:67:d3:bc:cb:b9:2e:b5:7c:f0:84:2a:26:e7:30:4f:02:
45:2b:bd:87:21:97:e2:17:01:71:77:31:8f:dd:15:ac:4c:7b:
3b:7e:4a:e6:ee:4d:6a:6f:1f:67:1b:c5:d7:c4:ba:c3:45:6c:
6f:db:0b:93:72:c1:1f:b4:c0:02:a2:33:f8:32:49:bf:93:7d:
e0:7e:d0:d3:c4:41:20:d8:9b:ab:2d:b9:30:ab:0b:c6:ee:db:
40:9e:bc:b9:d0:87:32:39:42:c0:43:8b:7c:5c:f8:8d:20:d1:
a1:11:ee:e2:42:43:96:a3:52:d8:e9:33:ca:b2:d1:3a:29:87:
b2:04:cd:03:f5:25:09:ec:ae:83:65:6d:d2:38:40:8d:5a:9c:
00:b3:88:26:20:4e:86:13:bc:b6:83:69:4b:a5:32:9c:c6:38:
a3:22:3f:a9:57:0d:47:f2:9e:08:0e:b9:bc:e6:59:c7:a2:ea:
cc:9f:c5:68:b3:76:41:09:78:07:87:1a:b9:5c:b0:96:0c:cb:
36:b9:3c:21:31:36:87:63:ba:25:14:39:5a:d9:18:a6:58:2e:
ab:11:da:43:32:b0:ac:45:3b:cc:7c:d4:40:61:2b:b7:d2:27:
8c:08:bc:cf:e4:a0:a2:8a:48:3a:33:4d:60:d3:6c:e0:3b:71:
68:d1:61:63:c8:02:80:3e:73:bb:01:ed:52:9d:6d:d1:82:1d:
54:15:1f:9f:d8:51:71:c8:11:b8:cc:db:86:58:54:fe:d4:5f:
c8:50:5a:d7:f1:0c:e6:07:2f:c8:12:45:29:dc:23:a4:fd:1d:
7b:34:a7:53:25:87:47:90:90:97:50:c9:7e:95:b3:e7:76:cd:
3c:c0:6c:fa:88:08:d1:8c
-----BEGIN CERTIFICATE-----
MIIHLjCCBRagAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1BS0Ix
EDAOBgNVBCkTB1ZQTiBBS0IxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRl
MB4XDTE4MDIwNTIwNTQ1NVoXDTM4MDIwNTIwNTQ1NVowgacxCzAJBgNVBAYTAkRF
MQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5v
cGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRkwFwYDVQQDExBWUE4tQUtC
LWd3LWNrdWJ1MRAwDgYDVQQpEwdWUE4gQUtCMR0wGwYJKoZIhvcNAQkBFg5hcmd1
c0Bvb3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKpSg7Om
QQO8vMdmYcgOqYwpz3BSRDDjQJSnKwlNXanVLR8t5ZJQtJKLqUsKo8CC2jyBZQrN
kusVwz5ecKbuyDPnDhl4ra6mCWTQnxKhUX2e9DtK7W0gc8HZ8TAa9tJt2tcKpX7S
MNeEwYETPhQk9rUUxxkynIfr38n8nodyVdtFo/nhhlsqyZO4UHLPhC5Op/lPPvzh
Ioz/I66GquHcwX+bfszWlOw3DJeAXw+qPMyjpOzQbsAzqEXHgDY84/4G+safqD2Z
l4UsoAIbEpdSmHF+blkiuXllT9cZ7l3RIxP4pC4c+NoWZFe5Uve6dv11TdREAzhi
PFI1og3c5wGIRbt757687oJ48Ou7w+MKfoGB/ErjrSrItX8CEMO3u17hgQzzGZ/u
iK/zSR0jTUuTnf2hFByXnR89YqXrEWg5Uch755cZPXzx2phniffQndNzTJcPJOr+
LpxpndzInEqC31Q8ZDUgQ/1Xv0or6ePzpTuxt9VKiA16Zn83RzO8ZIR60lO1+VQP
Uxc+oeZLp+AfbHBHO/yqNws0V4vYOo1XtUN/Uj3jFkYnfcaH0iQTXIR/aGUz6rMO
tuA5e3Y9i8qBpwnDQrG7RlBtOr1Nrrue15yTaEhPHKzBpBYWhbsIyJuBwBdxh96X
QkBgEyKRTYUAge0VS3DD9dkdLgsbst1Ed1ppAgMBAAGjggFqMIIBZjAJBgNVHRME
AjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNh
dGUwHQYDVR0OBBYEFOK0KTR2vda8ZJ/b0eqc0wAVmCA3MIHTBgNVHSMEgcswgciA
FHxCgucD6wWX5p49FMX/rCWhuAzooYGkpIGhMIGeMQswCQYDVQQGEwJERTEPMA0G
A1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZ
MBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLUFLQjEQMA4G
A1UEKRMHVlBOIEFLQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQCd
p62lmemfrjATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEwYDVR0R
BAwwCoIIZ3ctY2t1YnUwDQYJKoZIhvcNAQELBQADggIBABfYhzlm8VjYvuZwySkA
9mR1xblTWn/E/d8r0BR8E1ra9bi5jGqYrIzyoCNNFdL0yjvXGNHZIwN0sn22LlC1
1ikhaWV3WcQhtAT91NJfcXr2tk8xOhmIeGlmHBPW8VwwLjl/6WnUEK0PB7skYjq9
iS+ftC5lFNXFCvaJpReC0HGEoo8nf17PKoktzKFWNb0m6UtS8i8QmHcm+SpqHW7b
kbgGioVYbPrkjpySFigQVu3E4Siu2MO2Z9O8y7kutXzwhCom5zBPAkUrvYchl+IX
AXF3MY/dFaxMezt+SubuTWpvH2cbxdfEusNFbG/bC5NywR+0wAKiM/gySb+TfeB+
0NPEQSDYm6stuTCrC8bu20CevLnQhzI5QsBDi3xc+I0g0aER7uJCQ5ajUtjpM8qy
0Toph7IEzQP1JQnsroNlbdI4QI1anACziCYgToYTvLaDaUulMpzGOKMiP6lXDUfy
nggOubzmWcei6syfxWizdkEJeAeHGrlcsJYMyza5PCExNodjuiUUOVrZGKZYLqsR
2kMysKxFO8x81EBhK7fSJ4wIvM/koKKKSDozTWDTbOA7cWjRYWPIAoA+c7sB7VKd
bdGCHVQVH5/YUXHIEbjM24ZYVP7UX8hQWtfxDOYHL8gSRSncI6T9HXs0p1Mlh0eQ
kJdQyX6Vs+d2zTzAbPqICNGM
-----END CERTIFICATE-----

29
AKB/openvpn/gw-ckubu/keys/gw-ckubu.csr Normal file
View File

@ -0,0 +1,29 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIE7TCCAtUCAQAwgacxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3Jr
IFNlcnZpY2VzMRkwFwYDVQQDExBWUE4tQUtCLWd3LWNrdWJ1MRAwDgYDVQQpEwdW
UE4gQUtCMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCCAiIwDQYJKoZI
hvcNAQEBBQADggIPADCCAgoCggIBAKpSg7OmQQO8vMdmYcgOqYwpz3BSRDDjQJSn
KwlNXanVLR8t5ZJQtJKLqUsKo8CC2jyBZQrNkusVwz5ecKbuyDPnDhl4ra6mCWTQ
nxKhUX2e9DtK7W0gc8HZ8TAa9tJt2tcKpX7SMNeEwYETPhQk9rUUxxkynIfr38n8
nodyVdtFo/nhhlsqyZO4UHLPhC5Op/lPPvzhIoz/I66GquHcwX+bfszWlOw3DJeA
Xw+qPMyjpOzQbsAzqEXHgDY84/4G+safqD2Zl4UsoAIbEpdSmHF+blkiuXllT9cZ
7l3RIxP4pC4c+NoWZFe5Uve6dv11TdREAzhiPFI1og3c5wGIRbt757687oJ48Ou7
w+MKfoGB/ErjrSrItX8CEMO3u17hgQzzGZ/uiK/zSR0jTUuTnf2hFByXnR89YqXr
EWg5Uch755cZPXzx2phniffQndNzTJcPJOr+LpxpndzInEqC31Q8ZDUgQ/1Xv0or
6ePzpTuxt9VKiA16Zn83RzO8ZIR60lO1+VQPUxc+oeZLp+AfbHBHO/yqNws0V4vY
Oo1XtUN/Uj3jFkYnfcaH0iQTXIR/aGUz6rMOtuA5e3Y9i8qBpwnDQrG7RlBtOr1N
rrue15yTaEhPHKzBpBYWhbsIyJuBwBdxh96XQkBgEyKRTYUAge0VS3DD9dkdLgsb
st1Ed1ppAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAgEAAI+KsNCawI8jrFXfA8bU
AxK3YQI9hvQ5Lg5+vmRWr2JXLiMmjYixyqnmsp8nGPCSXksdSSR8yHb7wgNAh5hI
DVzmgnwJZ7G00OhmLJqeY/WjGbdzoFUd+tk5E0pTcK6eFtezSC8qpD6kDin4JFbh
to63gV471877bW/wwi0GbgTxJE3BQKewF5OOOF/5WMLVzGt7ZwLcLCH9qXw+P87D
FOllXcImVxIVeG4o2LADWvHsQ71sCI7jQd+U55yOd0GNF+ON9bCR8dTpUnbF3X0C
WwF6g4NXnZy2hv8Q5DmHMkN2f/N5TtB9XQ+/iPTHdPM1UB/iNFS5ZwO+ycIWjJzy
p5+7Ukhil1fMLTrbaVZ7XO5HzPy0vDxfs7oZi9cUrea8f/BUrqYapelzatoQ2Dce
N1Opz6I84VVdQORzukRcISGssvdH9AJcBeReS/ndn8cJrbOdDS9LnaQ9dO66kpcH
pXEKXOVh8qIiZA+FqCLQjPyhixdtnzCAO4B5qARh+BrmYgUsCPA3CNGl/YFN+5im
fcIBJk9rMpY2tFfxMtIq7WRtE4UPFThRH28Jd/ITSl7efFG1Vtm2YfIBq1zGfwNH
qPqkijoyUN7Emq+Hk5swTuHDtqYhzjTi4G6G+FRAWB3ZLqXE4Ni+cajcsQs8V5Ip
um9yfA1CadmrIw6jcHcfpB4=
-----END CERTIFICATE REQUEST-----

54
AKB/openvpn/gw-ckubu/keys/gw-ckubu.key Normal file
View File

@ -0,0 +1,54 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIrroJRG8KWNgCAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECADohDo0yZ+5BIIJSJ+akpQD4kl1
0K+EMwYmNiqrlC1VpdMMFVEKYL34uhieaWkmhPdmlo5RXggBkdzsKb9V6veIiWBo
i7kF8ywMBzR8xP9hqE/1V64vlsz2YOi0jS55CgAL/g/vtWV/lXHecgCjLgytlkrP
Zsj/cb65XhpnEWP2fFilUAU14K2/5ecJce3kAWMbSBnms9fMXN6uIsdr+J39KaYn
thsTaH7zOfOOeqhvc5g9hcTl248RgQhpDPzCsGqOvKvzdSiKbPPxFSveNE5L8Siv
Zu0g7PvGincOw4AiNwizy1VgR2UTEagmQvqAiI1aBxP6jvePnn0CoG+DAnPlhyMk
Ei2uQ76USFtC3DBFpzfg2NU5pubq90dq0Zgdc4LUz9czwE5XUFXShQ70BGqLHvYG
clSMu3D0lodbQ0Cdg10hCKesNz4i+T7Z7xkvEERB1v7p564qGrn7NAb5tb6JmxlR
wHwS6zsaLzAymNSdxh87hlpupXn688HUSn51KKwjVYnJxyYSAIzkNRQ1LVwzS4TJ
R81J6GpPawKzFGZYnvdbLw72ohyLu8D6d7NMLR/Fc/pYT/QgoH801DeseSpaDd/h
RFr0ax3EA7MDnFQfmv6m+I9OmhTX+qdhFHtRolW+NUGAdXHFun34+cuIy5hPP3OT
FyW7vAE0gQN2zgllJcIUjz2Xd9PzoX/tsuh0/RTaj1sEAQhlENfhDfz5GFHSHYbS
fTCLLHR7YISlqUwSH0TdzP2/vsh283iqaQJL+OLfwquTDONDekNtoiIG7HlB6dQr
9ni9wg9lO8fGRbFsN9DrJ1vJcJN5CmY+fE77BNJV2K6J/9EX1wOKp3PaTFTFOjqy
tp2K/M4BTT+JVG6sC2gcDgHYg/2pGTc+YxaKyFVziP7rFQ0plzB1GqrFOGeaSDkH
7VfuUbwlTtohiToL+Fc7sbKV95bcjtug9o9bxdzTPikd5E0gAqOLwJ2bqgFBYZFl
t/Ohm8BBwnKuJqKMJXSHvEDFTM9e6VaTVKD4r+7lI9Ng8h89ergjBUdRxB0I/4PE
g7HvzcXm8Vru8U7LmfCR3KKBtfwNN3n0v9pFk4D24pMRX4o+SD+INDVaoZ/Dswqp
sI75SngxgOXdvP5x9F6LiTklZ+jxciYsVzb5f3CqkjQ57990Dxyt/+EveQBO4yLb
Hnzw9wYcunqsiRmhzKfkkHwHAYmGggtWWaZN7qhLPFgvmtt+Tkf6Ord6FWlEpr6y
5dzHds5tqH/v3Tv4NsTp8bLWqSACVoZ4tKbiv/AijVGar7hiHS4sJ+ty8q7TriNM
46TxQ/iyxQ+4ycfE0yv6MIYv3g135X8lZJfP0gK5wv5sdtgppUcHpySngJv1Se2+
KGS0WjQ9ZqlBFl2V2eJcSRzHRh4351BnoGYsogBrMxUUuFvHho9BkP+fPPkCna6V
S8f7AKb1YuyfeNrq9dLW/5FjaSI/or6VGSv62LBUXXGflFQgu18IZ6eNkzgir0Bi
bdPBiUjnYxTVbfEaxP2CGCuPyG4AQhkbjciyHj5fuQkXIq4e6x91u3FVRHu/LOwN
zjWYs+JhgVzWlH1S2qTaO1LplMt1mG6TXFEouC+qkZ6Os+Tk8jPfUj71/ffh/p73
We9RMPEdvBnOQXRlIJQXa14QYQ218POC2LSD23aWqPdDsssIwpxOKBJHuRqBZWd2
0VK6YpFubZtJW4Z6DKoc98exR+JU3y9ah2V2G7poE4m9V7Np/PjGJ5zLPtx4GhFO
Xr2D6FK26IGUQlO9G+iErvIOeo6j1GJw85HfDY8+wGFNrPmYXXDbkbgwKhcg86Oq
hBh9Zd6P4J7cvtps8A0+F/ROWalmb06TOSZ62lHrJZpnMuI4enSLh7fq3gfPLKgc
MWbxw9Td9LxGt4So4sg8QT2uKlVDDpsP81Jaz1wK9H71GZ+cKhYs4nEQChSPGh2f
XcpV0/CM855FsRTXOpbNHi9rj4jUWOYRkpF7nCdEiGxBDQ5mMdzQ2j+wWUpCl4XH
oD39DVsEmDvRM4fIoYfiurZB+ByWfNwQ5uWcLqexapu+MzVgzEZd+UcejmmlLc0E
BV3U/DgoRoI4zkpRMzKeRMdKFZ93HjHETrSISfqvulOqgA/FsWCoSt3OSxlYQ+vm
bS8gFuF7FuadfQpZ+9wnsrVceNL4bgaZ8jB2wYLPJ+YGz16DtRkfp24gYPSfKfeU
LuhWbKrRE3MLlMSsjtdrLMUW5nxttdDyxbOj9lBezA+LEiiQGP5Wv10wWyjaAFTg
UCAfWr2oP1WH/lXmIqDYD6zgZEgb2rRmnpeZGbzB5xKYTp97YeKxg/kuPIl9Tf5t
GKYUPp5wO6PEkiHDCyCC8cyzs54pAwMBZZkuNcMZ0vse1FcBFZ8YjEwuxRnVMHdJ
3ZEi1b/kHTWDgH1zvj9pHbT+p1DZmZakV6P+gPxkvcLyzb9Zkt4pWQ6PbmZa6q/c
dYDQExeB/tEiGBn+nb5mYbjhGm8kkokK3lbRRuoqCG/cNBDeGYGNU8q6EabbrSGQ
BU1s4Uda/kHzXXmHxphV8P6luvh/aI56RHPVzj3tDBhNBZXjsIm8vyLi1jd5Y/AD
vzg1Vkhf0AAZpSA6w4uTj+/JCVR8ksitXuDNit2iEWcFHmz6vtuKw78lB8VkpI1s
Y5WmXsZbdWsp66GNWcA5MmBRBb7vd1idSfbw9yRLuiZAhVAmlGpVbSUplfTe4wOi
lDfAZLGVbfvdjWIR1fY5QzJBckfSe3QuuHPmsa+qTLlYbZxWeO01JfoWBADwIa28
otFSYOi9gLAIHOHuRTB4uGZZ1R2B1HjDOx+VFfkpuzUvevG3sA7VZGP7KlvtJ4TJ
+f1KvxBkQoVK0e1dKOFJfqsUDUt+hADQt3fpSpw/x+AROybuynbtJV5oC9/VJG76
7n3dkmZ/07ALJ1vATwMK3/XUW/JNVKjmS87/HkqvpPYlgHK1avwWvEf+Y/0LM6VM
mfEi3ZGo6yGye9O1f5ISRdNpXkFRTYTpOpxGL7vGy7JnGE8ZEpkqHREbqptw34I9
I0DuWszHoohU/MNfXUYIIssmWi54iwN8DHDWoh3bNMmEtLEOzPFGk4016yGpXLea
zrMG2XcHwgwX0S/qORDLR4N826diQqrd49V0yjBnqCyAtIlOrW0l7oAqaJK5eaeO
k5E/xOQ9MK94fdI8ahT+Bw==
-----END ENCRYPTED PRIVATE KEY-----

2
AKB/openvpn/gw-ckubu/keys/index.txt Normal file
View File

@ -0,0 +1,2 @@
V 380205204453Z 01 unknown /C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-AKB-server/name=VPN AKB/emailAddress=argus@oopen.de
V 380205205455Z 02 unknown /C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-AKB-gw-ckubu/name=VPN AKB/emailAddress=argus@oopen.de

1
AKB/openvpn/gw-ckubu/keys/index.txt.attr Normal file
View File

@ -0,0 +1 @@
unique_subject = yes

1
AKB/openvpn/gw-ckubu/keys/index.txt.attr.old Normal file
View File

@ -0,0 +1 @@
unique_subject = yes

1
AKB/openvpn/gw-ckubu/keys/index.txt.old Normal file
View File

@ -0,0 +1 @@
V 380205204453Z 01 unknown /C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-AKB-server/name=VPN AKB/emailAddress=argus@oopen.de

1
AKB/openvpn/gw-ckubu/keys/serial Normal file
View File

@ -0,0 +1 @@
03

1
AKB/openvpn/gw-ckubu/keys/serial.old Normal file
View File

@ -0,0 +1 @@
02

141
AKB/openvpn/gw-ckubu/keys/server.crt Normal file
View File

@ -0,0 +1,141 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-AKB/name=VPN AKB/emailAddress=argus@oopen.de
Validity
Not Before: Feb 5 20:44:53 2018 GMT
Not After : Feb 5 20:44:53 2038 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-AKB-server/name=VPN AKB/emailAddress=argus@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:9c:18:9b:81:a2:15:07:04:d9:1d:c7:a9:5a:03:
d4:a1:90:97:43:f2:6c:65:5f:da:44:77:df:a0:f9:
6d:be:85:c0:3b:6c:08:b4:37:16:55:fb:47:0e:6e:
93:de:5d:c2:f3:a5:09:d8:e9:a8:86:f7:ba:68:e6:
94:7c:1a:7d:32:e7:44:e4:86:cb:8c:5e:5c:2e:7b:
ed:f4:31:12:34:95:31:44:56:de:8e:df:3a:a1:09:
b3:59:c5:b1:c9:a2:ca:7d:bf:b2:1f:a9:36:7c:70:
6f:76:6e:75:9a:72:bc:80:19:50:88:ae:a6:fe:05:
7d:31:df:ba:23:d3:fd:7a:3a:ce:56:a2:0f:72:33:
0c:7d:3d:33:c5:a6:14:99:43:77:2e:e6:17:be:36:
c2:57:b9:ff:fe:19:92:db:74:a0:e3:17:01:e4:0d:
48:50:d7:a8:0b:be:46:fd:65:ba:aa:de:56:5d:9d:
6a:c9:77:d1:f4:4f:69:f5:7a:7e:b6:77:79:6f:66:
b9:e4:ce:e5:d4:25:52:d7:6b:f1:b2:23:e0:c2:08:
be:32:a8:3c:b1:31:fa:cb:31:cc:de:8c:4b:0f:07:
e4:40:95:c6:d0:73:8d:47:e0:43:2e:c3:a1:59:cc:
d3:06:8a:80:cf:81:dc:78:04:67:66:bf:a7:d3:ac:
4a:0e:ab:de:32:fb:98:fb:80:41:af:4d:66:39:ea:
e0:3c:bd:bb:82:76:82:92:7a:f6:1e:78:64:f5:a0:
24:be:ba:44:60:0f:be:b6:34:4b:6a:e9:3e:0a:87:
63:c2:fa:87:14:cc:85:59:e7:33:c6:95:47:87:e3:
d9:07:af:39:b7:89:68:5e:90:bc:ec:12:d1:f2:11:
50:ce:90:bc:90:3a:9e:80:a9:55:66:51:e3:da:e3:
18:1c:a1:5b:1f:ae:ed:95:96:01:eb:25:5a:9f:08:
93:19:b7:92:0d:3d:f5:b4:db:f8:4b:3a:f7:24:fc:
74:14:ce:1d:fd:2a:d8:37:fc:92:8a:c2:b8:38:f8:
f8:86:6d:29:5f:41:3a:43:18:7d:dd:67:23:18:64:
e6:68:21:a0:f2:0c:dc:03:eb:b1:52:dc:51:b5:c0:
fa:8a:51:f6:52:21:b3:c8:91:53:31:b4:af:f2:dc:
bb:5b:9d:c9:e5:20:be:fd:f0:08:c8:f7:f6:82:22:
07:30:10:3c:74:3d:cc:d6:2d:0e:92:c3:c9:bb:78:
d7:5e:61:14:42:04:59:c4:2c:94:d3:d4:3c:5c:54:
36:03:0a:e9:fe:3d:51:1e:7f:40:9d:59:89:75:5f:
df:a5:8e:63:18:d2:ff:2c:5f:a2:41:21:7f:31:84:
8c:9d:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Server
Netscape Comment:
Easy-RSA Generated Server Certificate
X509v3 Subject Key Identifier:
99:27:8E:30:AC:A5:B3:56:72:5C:80:3B:9A:53:D3:54:9B:B8:F7:0A
X509v3 Authority Key Identifier:
keyid:7C:42:82:E7:03:EB:05:97:E6:9E:3D:14:C5:FF:AC:25:A1:B8:0C:E8
DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-AKB/name=VPN AKB/emailAddress=argus@oopen.de
serial:9D:A7:AD:A5:99:E9:9F:AE
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Subject Alternative Name:
DNS:server
Signature Algorithm: sha256WithRSAEncryption
9e:b0:7a:60:42:08:29:e8:49:ae:5b:f1:72:c6:c0:64:4c:0e:
a0:d2:31:8d:7e:7b:b6:00:9a:6f:b7:07:43:23:54:ea:0a:63:
a0:68:30:54:c9:64:8b:e7:bf:58:08:fb:62:ee:fa:6f:8c:f1:
25:3c:6e:bb:32:2e:eb:59:19:36:94:df:a2:4d:37:71:51:db:
b7:02:1a:b1:b2:86:44:15:68:39:95:d1:67:81:da:ae:64:d4:
f8:05:d9:81:47:d0:f1:87:e6:c0:2d:fa:aa:19:ee:70:d4:29:
68:5e:67:d6:4d:b6:f8:cc:38:56:34:50:59:b4:4e:e5:4b:79:
81:f7:0e:62:83:3a:c1:b0:03:50:d5:27:f5:99:4d:01:92:b1:
70:9c:cd:95:62:6b:2c:b2:34:f0:b6:ad:d7:1e:f5:22:cb:eb:
eb:b6:2b:33:5e:8c:56:85:fe:38:c4:94:14:30:77:ee:cb:d8:
03:f9:3d:50:b6:92:9a:9e:59:0b:99:95:e6:83:de:5e:03:08:
e6:75:12:0c:89:d1:59:29:0d:db:6e:cf:9b:1a:b5:88:ba:d6:
d7:c3:ca:0e:31:33:3f:7a:64:ee:c7:80:09:c2:52:15:aa:1a:
d0:df:96:1f:c2:11:ea:6f:39:46:15:58:23:f0:d3:b8:a8:26:
41:ae:cb:1a:f8:43:6f:5f:2a:84:b6:d2:71:f3:b5:94:f4:6a:
c2:61:8f:9a:64:e2:71:43:06:c5:a4:b9:48:95:29:41:37:c1:
3e:9f:56:97:ca:81:dd:4d:0c:35:5e:fd:bd:4c:7c:30:3e:fa:
f1:24:70:8b:a9:f3:d0:d7:0d:04:b7:67:0f:b4:4f:e4:a9:96:
02:9a:6e:7a:9d:76:90:fb:9a:5b:f8:0d:7d:03:b4:94:39:9e:
a8:c6:65:b9:60:86:c5:99:4d:c3:74:08:1f:24:31:04:df:3e:
f3:e8:f3:1e:3b:bf:ac:bf:2a:43:f3:41:5d:27:5b:d3:9f:7a:
60:a1:60:a1:5e:01:a5:1d:42:38:38:1b:00:66:d1:6d:da:21:
a0:e3:27:da:8e:4d:1a:b3:33:ed:28:9a:62:b7:21:3b:fd:3d:
66:1e:50:b8:77:24:99:ca:0f:c9:0c:cb:22:17:60:63:e5:29:
cd:5b:c3:86:85:73:72:08:b3:6f:90:cd:9f:13:8f:8b:33:97:
f2:fe:e9:fd:fd:1d:33:6e:06:dd:dd:1a:36:6e:6a:63:3e:84:
20:5c:08:89:f8:bc:b1:84:b9:6c:70:ea:bb:6d:58:1a:db:a9:
cb:6c:2b:61:1b:ee:11:94:d8:6a:56:7f:23:ec:57:fd:38:df:
2c:7b:dd:b0:58:3b:7a:9d
-----BEGIN CERTIFICATE-----
MIIHRDCCBSygAwIBAgIBATANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1BS0Ix
EDAOBgNVBCkTB1ZQTiBBS0IxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRl
MB4XDTE4MDIwNTIwNDQ1M1oXDTM4MDIwNTIwNDQ1M1owgaUxCzAJBgNVBAYTAkRF
MQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5v
cGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRcwFQYDVQQDEw5WUE4tQUtC
LXNlcnZlcjEQMA4GA1UEKRMHVlBOIEFLQjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
b29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCcGJuBohUH
BNkdx6laA9ShkJdD8mxlX9pEd9+g+W2+hcA7bAi0NxZV+0cObpPeXcLzpQnY6aiG
97po5pR8Gn0y50TkhsuMXlwue+30MRI0lTFEVt6O3zqhCbNZxbHJosp9v7IfqTZ8
cG92bnWacryAGVCIrqb+BX0x37oj0/16Os5Wog9yMwx9PTPFphSZQ3cu5he+NsJX
uf/+GZLbdKDjFwHkDUhQ16gLvkb9Zbqq3lZdnWrJd9H0T2n1en62d3lvZrnkzuXU
JVLXa/GyI+DCCL4yqDyxMfrLMczejEsPB+RAlcbQc41H4EMuw6FZzNMGioDPgdx4
BGdmv6fTrEoOq94y+5j7gEGvTWY56uA8vbuCdoKSevYeeGT1oCS+ukRgD762NEtq
6T4Kh2PC+ocUzIVZ5zPGlUeH49kHrzm3iWhekLzsEtHyEVDOkLyQOp6AqVVmUePa
4xgcoVsfru2VlgHrJVqfCJMZt5INPfW02/hLOvck/HQUzh39Ktg3/JKKwrg4+PiG
bSlfQTpDGH3dZyMYZOZoIaDyDNwD67FS3FG1wPqKUfZSIbPIkVMxtK/y3Ltbncnl
IL798AjI9/aCIgcwEDx0PczWLQ6Sw8m7eNdeYRRCBFnELJTT1DxcVDYDCun+PVEe
f0CdWYl1X9+ljmMY0v8sX6JBIX8xhIydXwIDAQABo4IBgjCCAX4wCQYDVR0TBAIw
ADARBglghkgBhvhCAQEEBAMCBkAwNAYJYIZIAYb4QgENBCcWJUVhc3ktUlNBIEdl
bmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFJknjjCspbNWclyA
O5pT01SbuPcKMIHTBgNVHSMEgcswgciAFHxCgucD6wWX5p49FMX/rCWhuAzooYGk
pIGhMIGeMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZC
ZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNl
czEQMA4GA1UEAxMHVlBOLUFLQjEQMA4GA1UEKRMHVlBOIEFLQjEdMBsGCSqGSIb3
DQEJARYOYXJndXNAb29wZW4uZGWCCQCdp62lmemfrjATBgNVHSUEDDAKBggrBgEF
BQcDATALBgNVHQ8EBAMCBaAwEQYDVR0RBAowCIIGc2VydmVyMA0GCSqGSIb3DQEB
CwUAA4ICAQCesHpgQggp6EmuW/FyxsBkTA6g0jGNfnu2AJpvtwdDI1TqCmOgaDBU
yWSL579YCPti7vpvjPElPG67Mi7rWRk2lN+iTTdxUdu3AhqxsoZEFWg5ldFngdqu
ZNT4BdmBR9Dxh+bALfqqGe5w1CloXmfWTbb4zDhWNFBZtE7lS3mB9w5igzrBsANQ
1Sf1mU0BkrFwnM2VYmsssjTwtq3XHvUiy+vrtiszXoxWhf44xJQUMHfuy9gD+T1Q
tpKanlkLmZXmg95eAwjmdRIMidFZKQ3bbs+bGrWIutbXw8oOMTM/emTux4AJwlIV
qhrQ35YfwhHqbzlGFVgj8NO4qCZBrssa+ENvXyqEttJx87WU9GrCYY+aZOJxQwbF
pLlIlSlBN8E+n1aXyoHdTQw1Xv29THwwPvrxJHCLqfPQ1w0Et2cPtE/kqZYCmm56
nXaQ+5pb+A19A7SUOZ6oxmW5YIbFmU3DdAgfJDEE3z7z6PMeO7+svypD80FdJ1vT
n3pgoWChXgGlHUI4OBsAZtFt2iGg4yfajk0aszPtKJpityE7/T1mHlC4dySZyg/J
DMsiF2Bj5SnNW8OGhXNyCLNvkM2fE4+LM5fy/un9/R0zbgbd3Ro2bmpjPoQgXAiJ
+LyxhLlscOq7bVga26nLbCthG+4RlNhqVn8j7Ff9ON8se92wWDt6nQ==
-----END CERTIFICATE-----

29
AKB/openvpn/gw-ckubu/keys/server.csr Normal file
View File

@ -0,0 +1,29 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIE6zCCAtMCAQAwgaUxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3Jr
IFNlcnZpY2VzMRcwFQYDVQQDEw5WUE4tQUtCLXNlcnZlcjEQMA4GA1UEKRMHVlBO
IEFLQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwggIiMA0GCSqGSIb3
DQEBAQUAA4ICDwAwggIKAoICAQCcGJuBohUHBNkdx6laA9ShkJdD8mxlX9pEd9+g
+W2+hcA7bAi0NxZV+0cObpPeXcLzpQnY6aiG97po5pR8Gn0y50TkhsuMXlwue+30
MRI0lTFEVt6O3zqhCbNZxbHJosp9v7IfqTZ8cG92bnWacryAGVCIrqb+BX0x37oj
0/16Os5Wog9yMwx9PTPFphSZQ3cu5he+NsJXuf/+GZLbdKDjFwHkDUhQ16gLvkb9
Zbqq3lZdnWrJd9H0T2n1en62d3lvZrnkzuXUJVLXa/GyI+DCCL4yqDyxMfrLMcze
jEsPB+RAlcbQc41H4EMuw6FZzNMGioDPgdx4BGdmv6fTrEoOq94y+5j7gEGvTWY5
6uA8vbuCdoKSevYeeGT1oCS+ukRgD762NEtq6T4Kh2PC+ocUzIVZ5zPGlUeH49kH
rzm3iWhekLzsEtHyEVDOkLyQOp6AqVVmUePa4xgcoVsfru2VlgHrJVqfCJMZt5IN
PfW02/hLOvck/HQUzh39Ktg3/JKKwrg4+PiGbSlfQTpDGH3dZyMYZOZoIaDyDNwD
67FS3FG1wPqKUfZSIbPIkVMxtK/y3LtbncnlIL798AjI9/aCIgcwEDx0PczWLQ6S
w8m7eNdeYRRCBFnELJTT1DxcVDYDCun+PVEef0CdWYl1X9+ljmMY0v8sX6JBIX8x
hIydXwIDAQABoAAwDQYJKoZIhvcNAQELBQADggIBACMc1JUuWsLOlrru5FqpNDz3
CeU0hDzv24axKVmHvyfUJO5PT2mGAsogEaH2+x2UJrowiuTUwV+nKjOY7XKkNHHA
eLISihwKa/vjVcftGA6PsXV6bDEIFvyE1y/3TTDpAtoiaBp5BsCePeAlPjVTS9dn
kxTGdEHfHovv8/NAu1xLcyeqN12oAZkNzupQn/at2F0ylOAd0+RUbayIUMYpOJGe
Wcj8CkQUBjJgUdr4JfOBr+7m4zhxBwdkB7IhCXLPEoPsSIE7pHE33jFMMXop2tCr
XJZD/mqlvgUG3AaIclypxGPNiLgSyFDeoULzDOhgX6obdrnd2yG/eFb6lGdyFKtH
3TngupjW5o8+R9cW0IfR8wEL3rMGig0CrV3JB56PWUSj7xgbe5M31NvgLgoo5Cnd
gjaGxJfk4jS7XeGiLsM1QSPp/hb1oj43m42QdWtwIXGv4xjROQ4ay5fcns8yrZt9
5ZLfHoCiUU0P0Lpz58EsS2y4zqckjxE43ZQk01xgYBbZ/1hoygZBHgrLlGKKHGF0
UicoDLj6XNAo8nDrAmE6cX6THDXmgZiXZx40JapP/egHsEkCdvJkvycGLF8grvx7
InRIMujTeM+s/o/4s07iWNBD0b7qJ6QoSE6EPKVU/QDTukMp/hqiF0Uuj6EVFT1Y
1agUHxFN19HxccZtz7kE
-----END CERTIFICATE REQUEST-----

52
AKB/openvpn/gw-ckubu/keys/server.key Normal file
View File

@ -0,0 +1,52 @@
-----BEGIN PRIVATE KEY-----
MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQCcGJuBohUHBNkd
x6laA9ShkJdD8mxlX9pEd9+g+W2+hcA7bAi0NxZV+0cObpPeXcLzpQnY6aiG97po
5pR8Gn0y50TkhsuMXlwue+30MRI0lTFEVt6O3zqhCbNZxbHJosp9v7IfqTZ8cG92
bnWacryAGVCIrqb+BX0x37oj0/16Os5Wog9yMwx9PTPFphSZQ3cu5he+NsJXuf/+
GZLbdKDjFwHkDUhQ16gLvkb9Zbqq3lZdnWrJd9H0T2n1en62d3lvZrnkzuXUJVLX
a/GyI+DCCL4yqDyxMfrLMczejEsPB+RAlcbQc41H4EMuw6FZzNMGioDPgdx4BGdm
v6fTrEoOq94y+5j7gEGvTWY56uA8vbuCdoKSevYeeGT1oCS+ukRgD762NEtq6T4K
h2PC+ocUzIVZ5zPGlUeH49kHrzm3iWhekLzsEtHyEVDOkLyQOp6AqVVmUePa4xgc
oVsfru2VlgHrJVqfCJMZt5INPfW02/hLOvck/HQUzh39Ktg3/JKKwrg4+PiGbSlf
QTpDGH3dZyMYZOZoIaDyDNwD67FS3FG1wPqKUfZSIbPIkVMxtK/y3LtbncnlIL79
8AjI9/aCIgcwEDx0PczWLQ6Sw8m7eNdeYRRCBFnELJTT1DxcVDYDCun+PVEef0Cd
WYl1X9+ljmMY0v8sX6JBIX8xhIydXwIDAQABAoICAQCWFGa3bcHv3K5vnn9qJ5Kx
wFZfot6rXUx7VhHyML9eVjSsLUP1GZ3lD1KTQqfzPYzqOvzLzGQXWGmm4ENVSxai
8Y7gdeWQ0Uyp+MehZ+jMG8GhpjAXh/NT0ALbxmMYreconj3BiSz02hmg8bUqyTQJ
qc0vjVTLmTV01VmfhvwIIDAxRWG6d/CDHWwAlZzqet5Ffj7HyNh0BkZl5eq4C1uA
26cav9aOu7o7iDey/LNMA7dgDLEWgZig4BXNSng4MYjVHhyPLIn2vef3bTaWAz7e
8A8Gn5CzAY3S/c+vDY5BJmJD4n2j/+WPfMS7WqZws6kVeec9G+uAjSNpu829i8Iq
9pfRsnYWIIim+ydLDbg63ZwhkthwI2PVrd62NsRNv5y1WcE8r+6UeI2hNykWVRiv
giGvEyO+Ldb2h7QKZxh4M4XEx+c+nOQ0SWeDKCDhFjje271QiVzffoftErmu7Ht3
502FDzrzS85yRrmuJZhF5z1GcROtBb2SNfUtORooi6wQh79eZuJT0gcGX1B9dtZB
2tALxwrjkyA7paYnyYU8LD6efm1sMoHZKW7eLk0AKhyi3g6RP4cas9Ospfd58CLQ
9dtxkNII0VkAfO8LSwVumIcxGCnHiv0NPb2QbVdNxgAttjsQH//Bk3iisU9UJejK
fGmgf5tdY6SyGXvOUsBq0QKCAQEAyBRN0kM8/V35Q/ZAPxB5YjdMx4MxwJuGbi4z
rZ6eAPhR0FSKrjhkdLo4uIkMm7svGVVnGle9aejWimh5RcqnENVePf8XstaPVeWJ
g8EHt22LBVnVg0G79aeFG4I4YqQcNQey8FHQxNMvCKNiVra0381nzR8yuwKHiYLv
7anmLaL+EtYUkTN1mckUMAOykGL8w6x1xvlAPmUTU4d1Ksm5hiTCvXiMJ8GGVaI2
0hTDuOh7rUAqHpDy8zMiUOCCbvbn0qy+t0g2PavZWW/YHoA8FmA/PuS33g1MbxdP
dtvGVbXqyQzYVb3pfKLSal9C0L+Ek/VrfzFRoRJCib7a7Hb4RwKCAQEAx7lNNEGv
D+Om8LsCjWV8iSQ5yHR1jOdVHWixY7s0u720Oxbr+yqsTCFlQWD/XqAyDXUd0VRO
Gav9YbN4SyNgp3NjNF0umLpERFLMHHtfNKuGdcSQBTHd4GvDSd6RhhtgUQJLfoSV
mh0AvEQ69diVUp1c1wAEYtp9WQ1VPyIymUat3lmODpa3/MjfJ3+BLl8Wu/RLcQBh
6H3sdOXIugjQP0t6Y7X0Cms482Z6nvn8cMJ5/4fOmrjUS+K59HNs2lL8p69GqKOY
8LYZu81FepJ2cU66Fi03iKsfG3zVdVIDIrARuxT7P8psCR66gCD/W+LMrLcOKrnT
MQ85xDgHU7FWKQKCAQEAtxVtSNRiQO73I2t4yryGdotn5MF2i2tFjhkVDPCyYOzZ
4Ksb4+SSeAXX1XUDZpXYuXPezsou93UqrKiBII4aZlr4y/5bbzjLHKzYMwo1x3Gj
3xefO2axWk8ajFuSwSCu9w++fA5B3Xnp9hub5wF1bb4GGDtOLrZX1EtOxcnMaUJX
AGGJnHzcRgcsQ+t+QIV0CpILjDGUygOvtaWkX60L6WZGFR70EYUTKdUwGPkLSG7k
jVrDsAivaEAITL3EXUnuRGfydMDNcY2JbD/eIbryQP99oE2muriskpNgEcF2MgQv
fh4U8BDCUVyk8tWMzHwUE1hmL5OvwJZ28JkGt47+DQKCAQAKVL13nIYvrjjubt38
7mj4txT+F3gVJ8oxUT8Lx508sN1nyRG/1j8/WOLh9OCAxoyQQaSfNVss3MaojR4F
1Pik8MUK6l8Eq23oktfYCVGtacn0wYwpmKC/gROC+K5SX4wl5JZ/HuCWLjXhhy39
lYxzz4wD2w5fBqpBNv1X3K79WriXrc45VvaBbuqMIn5OJcEJS+OzHq/x1MGsck5l
wRr0izTzf2/2MgGqJXzmSEwUkRq6aw321uS0YC/6QxY4XN6Q1fIzuvKoUOMX4dBc
PMM/rTDXANPEkAV16IkqHmnnG3BvWvB8Jj5cYmiHRC2xVRP9QyLKdv5DpWP5kGRg
oeWxAoIBAQDFn5mGMpU6a2ltfMOix7yQrhTOweAuM8ArTiCx8/JZCgljzDMjLXk5
gaXuQPupiEtaluwsJUYmeSoIVou70u4vbp5iamSRYjmTNAcPG1LcY1IXW7jurlzl
ADg9bP2BdRff4s1MrmFxSePIEIHekAkeit1CrU57QrqHDrUoLczIjWFka7vaP8wG
bvc6MYpC+8Hz22N9UhJfycNQzmjm61EYCn3pUcgKNNQzBu0bU/yRNpT8I4+BoHmw
Gixw+enBljA3vG9ZNSAB+OV+V1RDnkOHGuaOQot+SAxUiVdHRBU07UkcWnapve8w
fHQesE/RjABrmDIPh120VQRmoENL/NnW
-----END PRIVATE KEY-----

21
AKB/openvpn/gw-ckubu/keys/ta.key Normal file
View File

@ -0,0 +1,21 @@
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
ea4b0c3c2469d8119fba1b968f7a3ac1
97af13fc4b4fd1d7e6e3aa6b6513ca98
0acee9fba071da555f9ce14d6642e20a
452192aada6a80e73dc62c3103c780fe
8b5df3a054ba1e86d01bb880defbac93
f061ebe4cf87f5c123ec49ba82f50e1a
e83290dfd4debeba063e3ca1c5f37bac
457184dea9a1a97a053ada58f63b7c1f
1de01ca49f3789716e8df654727e4ee4
77d9b182ba174ef871d72ea2bf82d25b
8d02b7a783324263e03229c0852e712f
950c0528985bc1050145f6e1a2379466
11058027d0373a920718c5a5b2f9177c
94365214e24022b2c34d51f25b008f02
8a198e2ae5910e83120b533853bc47a6
2a579fc8df42a997fa4e4854fcf1608a
-----END OpenVPN Static key V1-----