o.open/Office_Networks
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Christoph
2018-05-08 03:01:03 +02:00
commit 1c4c595cd6
3256 changed files with 417972 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
CKUBU/openvpn/client-confs/123comics/ca.crt Normal file
View File

@ -0,0 +1,29 @@
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIJAOCmM/+DK/WPMA0GCSqGSIb3DQEBCwUAMIGxMQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEZMBcGA1UEAxMQ
VlBOLTEyM0NvbWljcy1jYTEWMBQGA1UEKRMNVlBOIDEyM0NvbWljczEhMB8GCSqG
SIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlMB4XDTE3MDMxMTAyMTYyOFoXDTQ5
MDMxMTAyMTYyOFowgbExCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3Jr
IFNlcnZpY2VzMRkwFwYDVQQDExBWUE4tMTIzQ29taWNzLWNhMRYwFAYDVQQpEw1W
UE4gMTIzQ29taWNzMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGUw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDI6ZDkXY0diPbLB91BnCq6
yzxnCn/zp6jHE1D/pHWSRFcitbne4z4n7uHg9rVo+ytwS32KOSqDKUw7nV1SdoGT
29R6Hoy6RV5aub7UD6CeF7ksZ2xd7359PIYedeyBKB/R3TlLo/2w+sW1womyEdpl
USvG3nVYGBL/KFKxIaKUXxzTAPagzBUfzgI0AfVCzOJlRmw7Oin/xmrf7Bp0FQnx
labMu0FVWuKrwvNL0IeQkRvm4zVICFsajjzaWribwKxVZe88iDVCCkizgv9HI7yk
G+YrnZJbYxYvWisv5Gf6yDBfixgRES1itkGHEco4qBjTNfXxc1TvxBQZdHVkes3L
AgMBAAGjggEaMIIBFjAdBgNVHQ4EFgQUYHIe6kctqrNxGDLhMBx3CLHUJBEwgeYG
A1UdIwSB3jCB24AUYHIe6kctqrNxGDLhMBx3CLHUJBGhgbekgbQwgbExCzAJBgNV
BAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UE
ChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRkwFwYDVQQDExBW
UE4tMTIzQ29taWNzLWNhMRYwFAYDVQQpEw1WUE4gMTIzQ29taWNzMSEwHwYJKoZI
hvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGWCCQDgpjP/gyv1jzAMBgNVHRMEBTAD
AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBqSNHim3BDVX4ptcnhYaw1RNEHq2sWkL6O
m6MLJpwk1BW0ZhKG45/lA8x+FB1npsL9ck/GcTG41UOwCJU3jIKyS5rug7hHAz7t
GShvWEOLnk0Y9veMOM0Iwsqs4d4qeDQZH2RZCnQqjVt5bXRFDGE0X0Lqa04nVXVU
8JThZvjNq19jzEulZwg/x356J/VbNX/gtqddqRHw1j5uvsiAnTjQeDZTLjP3SDOS
vYVjJGF35QyarN0iJpH8TQGeA89EOJyLaQjfd+MG05cDYHo44brJgc26rJRp5QCa
cp2h9ajosKcIhk1lrY+kLf/XiwYDZ3TyhYhqoM998XggUuinF1r9
-----END CERTIFICATE-----

138
CKUBU/openvpn/client-confs/123comics/client.conf Normal file
View File

@ -0,0 +1,138 @@
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one. On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
;dev-node MyTap
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server.
;proto tcp
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote 123.homelinux.org 1195
topology subnet
#push "route 192.168.82.0 255.255.255.0"
#route 192.168.82.0 255.255.255.0
# Choose a random host from the remote
# list for load-balancing. Otherwise
# try hosts in the order specified.
;remote-random
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Downgrade privileges after initialization (non-Windows only)
# user nobody
# group nogroup
# Try to preserve some state across restarts.
persist-key
persist-tun
# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN
# server, put the proxy server/IP and
# port number here. See the man page
# if your proxy server requires
# authentication.
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
# Wireless networks often produce a lot
# of duplicate packets. Set this flag
# to silence duplicate packet warnings.
;mute-replay-warnings
# SSL/TLS parms.
# See the server config file for more
# description. It's best to use
# a separate .crt/.key file pair
# for each client. A single ca
# file can be used for all clients.
ca /etc/openvpn/client-confs/123comics/ca.crt
cert /etc/openvpn/client-confs/123comics/gw-ckubu.crt
key /etc/openvpn/client-confs/123comics/gw-ckubu.key
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-server
# script in the easy-rsa folder will do this.
ns-cert-type server
# If a tls-auth key is used on the server
# then every client must also have the key.
;tls-auth ta.key 1
tls-auth /etc/openvpn/client-confs/123comics/ta.key 1
status /var/log/openvpn/status-123comics.log
log /var/log/openvpn/123comics.log
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher x
cipher AES-256-CBC
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
comp-lzo
# Set log file verbosity.
verb 3
# Silence repeating messages
;mute 20
pull
#up /etc/openvpn/client-confs/anw-km/openvpn-up.sh
#down /etc/openvpn/client-confs/anw-km/openvpn-down.sh

98
CKUBU/openvpn/client-confs/123comics/gw-ckubu.crt Normal file
View File

@ -0,0 +1,98 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3 (0x3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-123Comics-ca/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
Validity
Not Before: Mar 27 01:22:52 2017 GMT
Not After : Mar 27 01:22:52 2037 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-123Comics-gw-ckubu/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:d6:4a:11:c9:92:5d:41:10:43:41:f9:d0:31:82:
47:6f:9c:10:dd:f2:2d:c1:14:0a:56:6a:82:54:01:
7c:7c:aa:ec:13:c9:26:c1:38:cb:f5:ae:3c:c2:1f:
f0:88:ba:7b:84:e1:ce:bf:40:54:a2:87:40:49:e7:
4e:e0:5c:1a:e5:cb:a5:37:73:99:5f:f2:ed:38:c1:
a5:10:72:8a:10:3d:d6:41:dc:a5:e3:28:f1:2b:b0:
6b:0a:f2:4a:9a:be:15:07:e1:0d:40:69:e2:53:b4:
1e:1e:32:fe:1c:65:4f:38:d5:e8:a1:38:eb:fa:8a:
46:2e:e3:2d:ed:be:1e:e9:5a:c9:62:e3:59:f2:28:
fc:28:c0:9e:ee:8a:12:73:d2:a2:be:6d:41:eb:f1:
85:29:2e:3e:cd:73:ba:37:a0:eb:cf:a3:04:29:db:
79:5f:9b:a8:80:e9:ec:80:94:6a:8e:83:5f:bd:9d:
02:20:27:0b:00:1d:17:3d:50:71:a2:b8:fd:92:c8:
f8:db:a1:1d:98:43:3a:d9:b0:66:0d:ce:62:26:a6:
e2:cb:92:04:de:9d:1c:ea:5a:3b:53:10:a8:36:4c:
b7:07:37:da:aa:01:9a:a9:98:37:b1:23:b2:19:a7:
e7:40:20:09:0b:e8:b1:5c:87:66:05:27:90:a8:a1:
fd:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
88:EE:C2:37:75:7A:6F:00:9C:EF:11:64:CD:08:96:0A:45:18:63:1B
X509v3 Authority Key Identifier:
keyid:60:72:1E:EA:47:2D:AA:B3:71:18:32:E1:30:1C:77:08:B1:D4:24:11
DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-123Comics-ca/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
serial:E0:A6:33:FF:83:2B:F5:8F
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:gw-ckubu
Signature Algorithm: sha256WithRSAEncryption
66:20:ee:15:bf:c7:8e:47:40:4c:1b:6e:b6:c9:82:53:a9:67:
52:51:f1:38:c0:b8:19:90:c2:40:49:2e:b4:27:d3:b8:0f:4a:
a2:cc:0b:5b:5a:34:07:aa:32:3e:7f:bf:1d:75:5a:69:19:7f:
37:a7:89:dd:6d:c5:8c:6a:68:c7:c7:e3:96:83:cc:26:b1:86:
a9:02:07:6c:f1:52:9a:0a:00:b2:39:9b:b2:6b:3b:01:97:9e:
02:53:28:07:0f:3d:77:24:3e:69:98:aa:28:99:ac:fa:18:06:
a2:ae:c5:ca:b5:3f:4b:ab:30:db:65:99:95:55:52:1e:a4:b4:
c6:94:eb:b5:66:ef:2c:7e:5d:cd:0c:0d:be:9d:8e:79:46:90:
50:5e:29:99:36:c8:9d:83:5f:d9:da:3d:e9:56:17:2e:0c:8c:
57:84:2c:75:92:5f:ac:69:58:59:db:2d:d8:e6:c8:e8:b4:74:
c7:b5:33:a5:95:cc:8f:0f:f6:c1:73:4e:40:4b:a3:a1:60:40:
d8:2a:2d:87:84:d5:77:35:37:d0:b7:8e:e7:31:01:8e:cf:03:
9e:80:3c:25:0e:83:63:34:e7:5e:4e:1f:c6:d6:6f:da:96:b8:
c0:9d:fd:d5:57:84:98:9d:28:f7:ca:9d:c5:1b:87:03:4a:46:
60:94:02:18
-----BEGIN CERTIFICATE-----
MIIFZDCCBEygAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBsTELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi0xMjND
b21pY3MtY2ExFjAUBgNVBCkTDVZQTiAxMjNDb21pY3MxITAfBgkqhkiG9w0BCQEW
EmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xNzAzMjcwMTIyNTJaFw0zNzAzMjcwMTIy
NTJaMIG3MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZC
ZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNl
czEfMB0GA1UEAxMWVlBOLTEyM0NvbWljcy1ndy1ja3VidTEWMBQGA1UEKRMNVlBO
IDEyM0NvbWljczEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1koRyZJdQRBDQfnQMYJHb5wQ
3fItwRQKVmqCVAF8fKrsE8kmwTjL9a48wh/wiLp7hOHOv0BUoodASedO4Fwa5cul
N3OZX/LtOMGlEHKKED3WQdyl4yjxK7BrCvJKmr4VB+ENQGniU7QeHjL+HGVPONXo
oTjr+opGLuMt7b4e6VrJYuNZ8ij8KMCe7ooSc9Kivm1B6/GFKS4+zXO6N6Drz6ME
Kdt5X5uogOnsgJRqjoNfvZ0CICcLAB0XPVBxorj9ksj426EdmEM62bBmDc5iJqbi
y5IE3p0c6lo7UxCoNky3BzfaqgGaqZg3sSOyGafnQCAJC+ixXIdmBSeQqKH9PQID
AQABo4IBfTCCAXkwCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0Eg
R2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBSI7sI3dXpvAJzvEWTNCJYK
RRhjGzCB5gYDVR0jBIHeMIHbgBRgch7qRy2qs3EYMuEwHHcIsdQkEaGBt6SBtDCB
sTELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGlu
MQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAX
BgNVBAMTEFZQTi0xMjNDb21pY3MtY2ExFjAUBgNVBCkTDVZQTiAxMjNDb21pY3Mx
ITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZYIJAOCmM/+DK/WPMBMG
A1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDATBgNVHREEDDAKgghndy1j
a3VidTANBgkqhkiG9w0BAQsFAAOCAQEAZiDuFb/HjkdATBtutsmCU6lnUlHxOMC4
GZDCQEkutCfTuA9KoswLW1o0B6oyPn+/HXVaaRl/N6eJ3W3FjGpox8fjloPMJrGG
qQIHbPFSmgoAsjmbsms7AZeeAlMoBw89dyQ+aZiqKJms+hgGoq7FyrU/S6sw22WZ
lVVSHqS0xpTrtWbvLH5dzQwNvp2OeUaQUF4pmTbInYNf2do96VYXLgyMV4QsdZJf
rGlYWdst2ObI6LR0x7UzpZXMjw/2wXNOQEujoWBA2Coth4TVdzU30LeO5zEBjs8D
noA8JQ6DYzTnXk4fxtZv2pa4wJ391VeEmJ0o98qdxRuHA0pGYJQCGA==
-----END CERTIFICATE-----

30
CKUBU/openvpn/client-confs/123comics/gw-ckubu.key Normal file
View File

@ -0,0 +1,30 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIUPPvb55y11ACAggA
MBQGCCqGSIb3DQMHBAjjOqpaPsnUowSCBMiALIvfB2vXtETRZxybvvubeJLEp5eA
qkQ7cdy331ti8XJ6fkHcU3mBQwbBDD5KSDBLRnRU8LegMWvRTKGjQ8lRGCULTvxI
sr3HuR5omwXUMVwRLWTht++I1IIYoIwwnVU9/7vMy3nJPixP3OKRGwkmv5IedCvc
5a/KqJuc+ezRVjQ8/Dl8fs+VRefd5Tmh3TYROu1vuV0pQaT33ceXDVJqZ2B+dmoT
AHFE3FUex60YlXt5iUhdGWzItdeXnI5tDMnoFcAtCPbBAB7DhynqfEn7dlaxrCrH
4POq5KvMUu5/sXlQoZR+SvkOx7Z3JNTYj/PL0OpM8tXJFvc5nT733iVcNjyauLhf
rcXqnih6MUrWYaBAfL4od6/ne27vqriKwtFUfASTqlW8pN4uESbngXx2Ww5CqM7+
K7Hz3XDF04Y92YBndBr1ZTUiFbypO5PjygZz8Jeia6RYXLUU+6kO/VQ4WsnbGep1
ftQGc5tNhwEwJC+tacFzPdd6hRnosGSs9jhHk7v8CY58V2wBcgXxBDgVZeHbp2bL
9lJmyohvZ/nzxmb99TxD6j154OqC+4cJLze5AG2AO5QmrNhMcFt+mEIxL1uiBU77
SHe+konUZuAH67UPR5oJm1x7KmGjYOmdeke3wgkFKUIRCQ04OikOvUkIJB5mO2D0
uoG6caj/KQQdweqhOMELoOj/GDQhxNCtD4Zx8LhKDz4VL/c5+s23oJX/pALuDlNs
JpxI/v6gkxVLIZwyxhNVxKFNYEMERmxN6GePdPki0iEDGRRuSjat3xnMh0N+Yp2f
N3lNDNoBfZRuBcgugF70O7P38tQXgEZF8tECwRHogmCDDSSOw4DbvbBSVdMhlMIF
oUmNKqSyGKIONwsvCYHSKJ37DDIyvi/nEbSLHy+HRQ7/foM0nwnmxrgUk17VVknK
RUqob0PeSFBMsjVV6kDrTHj2uiRYq5qD5bRh9hCKOWCdk0WgRspjUlBm4Yw1sTan
/Zakk8MAyIl3dOrwnaTuiiYVFi2mIWwRSrjV0wYriGypez5LdVew01ISx/tqudzC
6XvwMcNFeM0bzIT8PJI0g9b8JZrDGk8UbMIw0AfV1jakzZoDUNcv9BQHNGxcdcLN
TFNY6BiTgAAsZvaapUU+oRqPB6UHubbfmRAfX2AzrctucYtVNZTNExytM85qslPF
ZE4dx+yJ/irUzenP5ABVobpbvriX78d6hiuRHiAqbO90Co9nBffwDQnZptSdXRGT
+aubzGluIA0piOyW3r2s4KGRH+2s5TqHeW3WoTJTJuFlGB2lqn/Ieg0xl9Xy6rNp
31oh/n8K6XjqIl1k7NWjLq++gzkoRyidZjvjzkKGkCEqfbZvE31m9LQ3ntxAsMgs
WWXfWz+O9INtN2YzcVEDPNvbNA31FdtUs5nLVO5KPut2Rl/po2d8m+5WTdgQkpmm
8x2IA7ZEUyYXKmFa0nFEZ7H2XhRizk4jfr0eQyx43nfXab7s7L2wy5IAxpksO54P
H0VNIaaADeV/4PdbHODB4zOrrYEigUeMBVJaiZAyjvC1u1mLEtFkajWwBMaqgWA0
0A31VtMvPn8b8lEhQhirgcJzHK/550hkEAgm5kmiWe8ZoLCw0Ej8Dofr5HA/GuZg
mNs=
-----END ENCRYPTED PRIVATE KEY-----

21
CKUBU/openvpn/client-confs/123comics/ta.key Normal file
View File

@ -0,0 +1,21 @@
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
92f8950e3eeb9728413080949bac24e9
d84bc4e08de921cb7c64250dbbe03d9c
27040263bc8d4c035bb5f5d7b6445cd7
ac017ce7ab6830264b1246289401cfc4
84e6173530cc4e602cfac0d736e7633e
54314d44704842dab40b638bd9860bec
a770067ee4aa7d35ed085359f0ac6370
ec85b7a1eddd369eca7b9aad36651484
1836322e2d1dd5dc1b405f042f19c9b4
9857030d1d37880f26a17c9e7eb9cb50
97e7927acdd974d34f1eb57b3d4c1dad
ad3bb0380b80b673508022c3895bb6d2
9b9f1b3b4b3ecb9155523799708032bd
c3172244a5f639bc8dd1d94c1197e0b1
94f69490aee75ba48ae63b442119918a
707bfc5c40ae6ebfe6fe3f93f311a924
-----END OpenVPN Static key V1-----

257
CKUBU/openvpn/client-confs/ak/client-gw-ckubu.conf Normal file
View File

@ -0,0 +1,257 @@
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote gw-ak.oopen.de 1195
topology subnet
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Try to preserve some state across restarts.
persist-key
persist-tun
# Server CA
<ca>
-----BEGIN CERTIFICATE-----
MIIGxjCCBK6gAwIBAgIJALRp90TzgA00MA0GCSqGSIb3DQEBCwUAMIGcMQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEPMA0GA1UEAxMG
VlBOLUFLMQ8wDQYDVQQpEwZWUE4gQUsxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9v
cGVuLmRlMCAXDTE4MDIwNjEyNDAwN1oYDzIwNTAwMjA2MTI0MDA3WjCBnDELMAkG
A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMT
BlZQTi1BSzEPMA0GA1UEKRMGVlBOIEFLMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bv
b3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOMNalpNk0cB
wPdZemz4r4TIhtRSxZEEg9yhTRo9LdMa6oNo1gpg3/60n9nBtA0cDnllx7Z37PvC
Pg4RJksrB2ZYOB3oSo8LoMzlA0lZl4AMKnxau1ZJI8OB9Ia+6uJxBnpwVULsL4sx
ds9pHsnXU74UWgdZPAHsfWhogMtk8TsikLFv7P6oxg3fXeVriWP/SUETTWHgSD3x
gPsnrcGqlCPcfb/mH5SU+v+ge+iue0BXe/1OZkJDHdj5vLZ4MiUCiVVslX36uqti
sI3Jt2OyF9XQwu5wms3ioW3XydpPmbisRuI7qrTdnmT1iVhbk29eQK/yHrXvuuXQ
i6PQAirBtMYD8tx5FbMJ6ueDcm0jTVedfHtdkWkBY84bBnecF7ys000fDzJs1YH2
SP3cb0KbREG2RE5BE1OgUgg8odbJ7/K+Tp0VKEbJAZCwpaw+qAU9xfH3pDoSX+iD
N+SXxnjSpamwGYmx+PGpwIe3RnlEx8XUcMbEBq5grq7aR7tYd5qh1NKTUKleGucD
1izZeGLLkh81Gpx+KFXNm7lk3WDx3dqUXc3tJgpZsZJc3VI3UjO5WaYlrdTc6IQs
3rD0rOGrETI/utLQI9PNFSis00h2LmcPVnEL0N/W71kHeOuytr1Tg1FyFGY7Wbth
bei4c14kNkVUk1Ncfl07pMR+/i9yee3DAgMBAAGjggEFMIIBATAdBgNVHQ4EFgQU
EHXXKayMfThSNCInVWJK275Iub8wgdEGA1UdIwSByTCBxoAUEHXXKayMfThSNCIn
VWJK275Iub+hgaKkgZ8wgZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4x
DzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3
b3JrIFNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tQUsxDzANBgNVBCkTBlZQTiBBSzEd
MBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQC0afdE84ANNDAMBgNVHRME
BTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQBIgCBt6v6t2HSqwkLKjgR1c2cDViPe
WmX8E8maqaDIUopyvNzsZCXjqZ1RNnIHgFKZyZqXSzXRGHbUiohJ4WkkOy+QV64L
/LUizsZkMJasjYQgcDcXu5sN9mIzGW6C5myjwtSYBWITPxLsedOQLIhYulLrCBa0
A/gs/gfODm0opsCOuvQn33psUyLda/k9BE/9EHmOg37IRh/rQi3dyQaW2DGfCgZc
GSIMsxobp4QbdUTJyyIoJW/ZK20Mam+IWNhptqCX/SXlx0pzakkdAulwMtUCPwyD
8IJEy5ST+qBoctg1mSLts14ZYM63NRYKPfnSUN1JfQE5Sl624c8koVJcKjFnPdII
cFwo9R+SQFDfTva/xRC8Ydwp1C8V+wnXtM9B1aigule5MXe8CQE4PZjG1Bh7992x
GcKGBCWR/8JmfipvH4EJ9brS4ZsQ5snfJImBtmmVxSjXn1aE77UYNEp8GF2vW8CV
7j+neVQtQdA16tXYH4bWy4MCpVCuoBj2ffTkN/5cp9xWHt9D1w73LxXHMEWoQojF
cOeUda1VSwR17SiEy/lo3mRnWoT6AzLVwYzVQg0W8dc9wPcJ2EiVzQu6ccs2gIJV
RtdV9iX+oAkwK3/lPB68LvfMEw3Qcy3OY9DmjZNajlv8HCTirBuGNaUwR6pZGqiG
JN2zjAizahwZgQ==
-----END CERTIFICATE-----
</ca>
# Client Certificate
<cert>
-----BEGIN CERTIFICATE-----
MIIHKDCCBRCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1BSzEP
MA0GA1UEKRMGVlBOIEFLMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTAe
Fw0xODAyMDYxMzM2NTRaFw0zODAyMDYxMzM2NTRaMIGlMQswCQYDVQQGEwJERTEP
MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3Bl
bjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEYMBYGA1UEAxMPVlBOLUFLLWd3
LWNrdWJ1MQ8wDQYDVQQpEwZWUE4gQUsxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9v
cGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1iJXRCsnhrkw
vrvWg11+tAy89uYWXSt5lDxBVwuqoTEacmhnhfOT9yEDQys1jSm8u4FET2UUzI9g
SNYFigYnKoVjjKKxGtlK2Bt9qgu36WlfzlnqNiKvUO2aHnxNwRNvI7b4YI2/uk3V
gZAAQdH4DiR0rFSDNmBKyvMQKP6ix1dy4+riACIP22n/bltEp9KmYkoU5XomS+DM
Fqd5wvCt/A18n3x5Ijw1Z8EGz7YCzMqGrt2HA+zRL8r0d//DS3KfHrZH+5qrrrbl
j8aHydvklLxDqqn+ZgbxKIRjOJ+DXG3MbGvk4gaUj/+fR5nfoBDxIxlA2wn+hXAX
v6r/eVSPPs6kGqYLNJsw8qjtuG89PggyhkuNsCoOLY/JvtXMRzadcz3RIS5nnwQe
EoLDtn+E9NbQlrj9XyKYbzCW2EMJANoNmHsCW/IZ0aKhd7C7lMNxaYGARAssNo+r
gUXj1bUbJQBpHZOJj4AZV9um1YM4ef9v9hb0slYolHw6YS1ys3Ur38+/005gVFtR
daFQLsUXvLavCALJRuWfFv6k6Vp/HyDlRiwL3kDCsy+ul+ll9DC42rMb6y7WxAnK
7lN6I5mWLkL7aWY4Qj9Fa+OeavGweSSYOaEzGHhNulQ9pIsw9f3XEKGh1XhSojpK
hHM40wuTmGMwb53GhX5jB3UPijMdbgECAwEAAaOCAWgwggFkMAkGA1UdEwQCMAAw
LQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAd
BgNVHQ4EFgQUBYLo1mtxM1jb3ogF+1KEvfNNZDowgdEGA1UdIwSByTCBxoAUEHXX
KayMfThSNCInVWJK275Iub+hgaKkgZ8wgZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQI
EwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYD
VQQLExBOZXR3b3JrIFNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tQUsxDzANBgNVBCkT
BlZQTiBBSzEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQC0afdE84AN
NDATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEwYDVR0RBAwwCoII
Z3ctY2t1YnUwDQYJKoZIhvcNAQELBQADggIBAHe1NvTTAE32RzjFyUZz72suEVrk
OChnbtlokfhencfOZ+241jMswpg5aQDA2jY+lmEQW5tK4N+2hglTFHM4gW4b362b
rJFEe0fCMl3r/cqdmZbDNXSm9xR7pSoIWt/2vo4ucZQzQEqN6CXA0/rOx84yPDj+
UFHqvoOAAUbdBZOWqZ4Q+Qni5Y4QmUsGWaoK3LApKSEdfNxiKZkNZ6joWkjJiE45
pdYd5qeUR1plixNhl5dITH0VfeM+85IXS6y9Tm4kb6tbLPO7KPu9vF/7UD0+Z+zM
hA8nDu4CjQtN3aSq6Hazi17lDbjpYEWid2LQ0Epvh0c8PHcdNzpf3343/+fun+qH
xKcEM/7BzyHtVaqPMRqLIMVx4+jAN2k9Lj7oswzTZa526G85kStfwZ5EzuHZ+53s
2cH6ado+SZDbV2agrcjPri3Bmve36Ed0jLcAA0KcNVOKGfUuY/UR08j/0NbG12ZZ
IZACPxtIiRcd97cvPXJIxn60LqvBkiRX9rRWA0se//hkCEbUC/w9YekDzDtKU5vw
JdHjdPVX1NZgXOWom9lUFmWTzeTWC81iAG/YNw271yZ5be8RysAhx+u8ql5AuHL3
tRsHj1TUbdBINePBvWexL2XdddojjwC3h42N7AvnMNW7ukSxzCog9eGxXmhKkTt9
En3pD1oBbG67z5tL
-----END CERTIFICATE-----
</cert>
# Client Key
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI62QkbYGv0EYCAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECM5hsq05gmbkBIIJSJV6xZtsAe56
teLN4Bl1fR+qUAfmKm3q94RgI1f9Rc4MpBf64b61IgkVWnQ4ec4CAPnhe2FeUExh
HGRoeBWR88WaTgNBo6+VUhTCYPAelLvGjhG9TUjn4sigSU3/nQos9NTEMiZjv4+j
zQxhAxcdjWHOtUkScKz9EDAmU5EAais87VSg4a0AORgHNp88SOdTf56EqzZ5nh06
NQwiUN4zlrTs2X3mnL9Xx9OPqkha4Ij2efr7eKN9Oex/IpQndH/5AUpNcjfn1sQw
pokSOQK85AulhRVD9BMD+PTVsOy7xIrQkusv80NsZyqdCAGZLaRzw1aQv5tTLsD+
pukAzv8rdaFX+k3+Pa3IZbjDGibPTw6Jy+2RY1XEOn7KD/PaULhWnNqioWG93Prh
ShsAYUeAJaAmiY61D5ORiHVw0D3lUwBjuENd8AQ+y6ofIpdMnsJGzyfomswxSpz9
CjwXUgdd99A+eeS/IDzDVECeAM0X/ugJ/gILa3ntK/DVVjap5UfCch6wpYnCYoIc
p3aRYc5TeMR1U1DDrWt9c/4hB22dn5On0mSyC0K/eYdFYqZq+jDCNkMbvGRqFfCl
qUP+SO+h6miAjakBymIZ/X4i82PucHqC+HXvcYbY4LttKEsztl+WcK8qXWxhgljv
8dJLEqD6l4FmcdP1CCIpnMnYmjJLVmOVxhusWnSsbj9se55nL+mjtOCdWCMlAMr1
06sz34Ujq1lfsB7nn+z7O+1ZuMU3qcgPigHXQYJRwpD+eCCUsKbKAPvCHqZxjtOR
k9eDTQvJMsHFA0TCQ1sMPFhuMAkH+ZhW5Fn1Qguc52aG5oT+ABjhvtN1qKQhhu88
AwfAPME60+1rmUwu75OZ22lDBVCmqu1MHQEtI7QoJqIXP9fY8bZk9XjgrqzYeQqV
ls5DVJ48uY9BoMHYNFCwnSVmMFHIVPySSjZNN7LoEICevbr1iL3la8BtGaEFPo6V
0u+xZMDB8uRoX4sc/yBavu85FWUEKP3P/IZ0Q7qhVd27Y+gZqGqm4HZ6SWMNx3qv
zNfnfx8ChYWhMbZOAuurEJ/ge0lN5pHJQYPaHJ7J5UIXHclAXPKUJXiSam6XiIyo
NAlxHvHItk5xnvgqq0m5jRkyhU+LcPplee7AIFptpk1Snrxv7weofqrUrRP0XPMr
YUxQHbqq+P1XDJQzS/fk/CE3hvwoIPTcnsazvaymaMCN4f+yAIkIur26FoN1Egz0
ed9zMuE/Q+Uy2wctVDf7ckcAvUJVmQO8ZeM81JO8qak424so9K+VK/1c5+nmwPx+
HbzSzGCLvT/AsAsgAWuSnqSpfNkK78YHsZ0166CZgsuUxbr2QncU88m4u+nxvPhV
88MTibkCopYa0fLgrdmM0KbgY0wCGBmMIgrSd77kKuKZuqtKKPvPClK8XeI5I1Kg
vaeZslPTCFJQAmABLcbtZi5GejUlh3zxPXWwr0xHWt9QMxqXIbKz9w98ZVxB6JgG
dc2eXN6Y53GWS2rPMCj57JnJzSOY7cH3mUcEAn8sZj3tfnhvjyjrLoVW6DS9DxH6
+hrYeEH2SB4VFo9LAkQf8nXGmf6Drc2CuHBggdL6E7eiqJwpFxJyWZF9cAyUIKNY
3QGe01nD7/FJ2OdQ3TewwJdO6VM9MCacCg5Tu3CCaBn/ROMDeJ6waxCAaWC0a3ye
/qF72uUPBnGmepCL8UNty5EHGJEQdLsFUqcz6esBd5QsJQFd4a6Dj+6dygHA5pFS
imsM3CvEucQLinv14T2MlSfEHGKG838XcNz45z55C6LRWmDo8YhGJpyWLTRanOPO
YgzRW64jjoowmCOYN+dHMu2N8TuHJaGtNywwzJS/hAmGywn8nQjm2hBBgmzbP4Z9
mv/j3sym/S43HLgoxFXdyy+A4mWhC6DYyqctC5stUb7LWhDDH1q3/vIpbGzNOlIU
64RU7tnb73tfNAvP27wok1Y5QulkrcgmGhT1mEXC2Dmd6UNU53cPKC2L9mSYwpLY
oI0S5LrNfvcJbv1T+Q+6tl4JOviv9c1pxHrGU5QiUC9iWHQAqABewDQcvZHCgkv3
n1GU2n/Cw3FJN5VKZvsEsL3uLt0iPNsq+gXt1O1+72vnsU9WGb3cLpei+69NaWC2
Y1eYROJUwvISYh5Fj3AbQHkeaoMBnlD65MtCC27e4wQ08f1WK9yqD9RuF0/AyoMq
eKuacUkDdRsGtv/EPw+2Y4TVZU8NCx/bklwzfti9d5Gvl13dVKH2rNxNzfU2uwN9
VMylBtSPKy0M7mIneZmpAFRDUzcVAV/+1u8khfWG0L6AX9jD3m/9/kKZIsVRuxLP
RW8OcSkZ38Y8LachhEToEyr1s0iPWOa2Uo6/nPpBswk8yI5CGETSvsL0+imcnykU
GJJGLNRg8QZRAXzB/CadLZ2YLSp+VbwY1RI9MUnOIQy4nDJYmqtrlFtFlbkgYign
eI6NycS8iTSQkGJHJCxftPW5HU/rOFoVmDkdpZ8lMBJsjqsrWxuMhZdYhd12SYRz
c8MUarMyTCNYOA/U3avP3wcMWlIBGXnDhCSJWuP4TgekL8YeXIZlpqfLNSbjjzjK
Qjr1QWrFcheKFtcN+RwxjmEH9VIx/Gl+j39GKjuVE6qFv8ydf5pO6hNlpUhdPwbw
AfnY26813nPRQszCSKXgT6ZzLExlOdGEtcsLdVgNhqTG/YLSOWOzLogqbbIGBXrP
iDenjXgL+KWWVx68rLIkX6uXp7ECyJuIzHdA4rz4BJ2E8N07RWIB4UIJqDkb+SmB
uBjHA/lnnF1NgTaF1YfGTBYJBh9A5De0lWs7f/4FBuQ6cudLHw1TWFzXNYrBUvIi
JVi3wm1MZYiLz5uWvf4hqS6kuxtHlkxmZeOjawxyNAaESesM3LiuGNa4wlAdLqrb
Re9jzz6n7OyL+7NEjpDgxS7kx2UjgZfrH3+FhGAGJaaqfeC1Gz21jXNc4S+zHxP2
Qt3/qm027TN1TARpTxDK4eGRFgOLyDbb+8aeaywjcqUWRN5tWutFNavSn/Amgugh
mSxJJvyf0WKnh6cbX5mGQFzKiaAqz22IgtcSovZt0K13KR6IExQZW1N2QbpchjWM
NFwD7jxGsOPeukul9fpANrZk+qXZqjSX58bEbMax+th1WNpnEqG470FvcJv8z72e
6YP6NW+YmJhshYOCv/q6Ng==
-----END ENCRYPTED PRIVATE KEY-----
</key>
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-serve
ns-cert-type server
# If a tls-auth key is used on the server
# then every client must also have the key.
#
# Don't forget to set the 'key-direction' Parameter if using
# Inline Key. Usualy , sever has key direction '0', while client
# has ke direction '1'.
#
key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
9b6729c5c91b466a2bf7a494c2773f66
6f580c49cf669c267b408d4e69b47554
eb9a77dc00111f2ffb3be09c38a34c29
441ed188e45a20a0bc31e28f0740ee28
10a36049da14f04a4efdfbfc15e492c4
e8c6cc0e07b5ad43f8a7f9685edf07cc
3764e44b091a1277195ff52cad66574b
b9396a38e10445255a387a4c510ad5c9
9376d6cfe2aee6b4970faadbe8b4b581
cd01a751bd07d53d984cdbd82c357820
0251066db57e5863fc96e6ccc4ac9ebf
b06231f21e93d1934a9ed0352ff0d3cc
e1fc4269821572b858b3461c4eacacd0
0eb309b692e49ea3cd9683ff4ae85161
790f3ff5bc0d7dba51015e182d88a09c
9389557003a462a4c57467320c9913a8
-----END OpenVPN Static key V1-----
</tls-auth>
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
comp-lzo
# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 1
# Setting 'pull' on the client takes care to get the 'push' durectives
# from the server
pull

257
CKUBU/openvpn/client-confs/akb/client-gw-ckubu.conf Normal file
View File

@ -0,0 +1,257 @@
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote gw-akb.oopen.de 1195
topology subnet
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Try to preserve some state across restarts.
persist-key
persist-tun
# Server CA
<ca>
-----BEGIN CERTIFICATE-----
MIIGzDCCBLSgAwIBAgIJAJ2nraWZ6Z+uMA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMH
VlBOLUFLQjEQMA4GA1UEKRMHVlBOIEFLQjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
b29wZW4uZGUwIBcNMTgwMjA1MjAzMDM3WhgPMjA1MDAyMDUyMDMwMzdaMIGeMQsw
CQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzAN
BgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UE
AxMHVlBOLUFLQjEQMA4GA1UEKRMHVlBOIEFLQjEdMBsGCSqGSIb3DQEJARYOYXJn
dXNAb29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDU3ELr
25xiRgZY6TlrEyKW4z26lI0B/f3q4NcgbZee+6XMU4mLyfbxMDowyfxs1QdhmVZX
H4aFhfpge25w4V4XEgslYHV4Tx6fN9jlA5EAwusByayiq2YZ/ZrAqsaSK25atH/E
US3tS/bthj4Tt1DGSmXJzVP2d89vDbfdk82lKTBdtlfbnL+zLG8NmL1NHeAGel+B
kjHRMXo8m+04Zcq6xykBQZ2/lfS1jhqCUygCyub3moHTCTVmkfbKm9qWrqBMVTbn
c5ld3G2TTjuRYVsYGzgnFHPrHtqMFgJOYgS5CIZ2mTsYgAaREt4IPDu5oIC+oe4X
iErcIJoCO1NEsuHkuchvWhqRoSaqVOT1bRdVc+v/pfVkRVBb+VOeVQUG78LHRpDx
LMx48QtN2P0HY2mdQK1FWZetFo0ncJvmjnFWqV3ZdWwWJmeXGCU+pNmokcP2wn6b
zJ9lhtntS5IWqlAWUIUfJEXL+FbRbCCFG5reKcdSoNHFBewvcRfg5wPz6cMQDHXd
B03168HJSVb8mB76bmBmc+zsLIFoCm7kepm+uzpY0//Uz0WXXXg6OI/zhBSECng6
hamvri9k6uAeoyVjKJVpG2tALMmYcC2ygxYuFi5mbYg41eAMfBwAtK6sWdLy99qz
sLWze8fwl8wHJhfHlLTQrLpMz0lpnjDtVOyP1wIDAQABo4IBBzCCAQMwHQYDVR0O
BBYEFHxCgucD6wWX5p49FMX/rCWhuAzoMIHTBgNVHSMEgcswgciAFHxCgucD6wWX
5p49FMX/rCWhuAzooYGkpIGhMIGeMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVy
bGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQ
TmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLUFLQjEQMA4GA1UEKRMHVlBO
IEFLQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQCdp62lmemfrjAM
BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQBwmgxFIhkxilpGef3bjiAH
yyP78nFOtrQb0lb640pySl07F/2xHTYOPb/TECNzQR8no9aNGZHQlvwEdgLdIrDE
I96AwMfhvVqducsXtR7xjX5YV1Dpa7Yqvt10teuhuPtnXV/ClNaNnFMAlJtnw6bs
+6cGDATRmizu/lZiHnuzG/ANr9AtMOp5R1yw3vPn/Fx6lQ/M4sKxJg0FrJDMvhDh
sFbHA2T+u1Ke7z4BjSFAWb2tTDWfcffBuQhLRYdG0R3RgsZIVP9dtrdrKRAsdIHC
FxL9IHr4mlS3VHqtcyXxFlVhOZsQ5KVt4hFUPgMzIEnFq+T+Q9YXnYM72g1An9d1
+Y5YBkhPZONrmUE2zDjdk4bSy58h9xdSCAyziRvKomtrqx0CDOTJyTqPYjWsLCFu
xer7bvoWGw1bfC2+5TgcLlCqRtGbgeCj3NJ9xHcv5ZP4PVC5VhmewYJFsDiDEfw7
GOc8y5liXX/+YoJjEHrPwMS/QN7mDH60JdXngm7BafQa29mw3GQXwWlLvfFekMXe
DtkRyz0a0FsplnwOScDCsuA0RrJD8T/iUNW6ecdXwwFY5vl8/NhZx2wBnchsBO+z
/Aw8kwc9X87NVqIrJVh2i4UWBo/bAlKSTHY2/i+IeMZf2oXhc6yyleXk6jbZ4b2t
KIajjnXU5P26nFWLP8IiIA==
-----END CERTIFICATE-----
</ca>
# Client Certificate
<cert>
-----BEGIN CERTIFICATE-----
MIIHLjCCBRagAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1BS0Ix
EDAOBgNVBCkTB1ZQTiBBS0IxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRl
MB4XDTE4MDIwNTIwNTQ1NVoXDTM4MDIwNTIwNTQ1NVowgacxCzAJBgNVBAYTAkRF
MQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5v
cGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRkwFwYDVQQDExBWUE4tQUtC
LWd3LWNrdWJ1MRAwDgYDVQQpEwdWUE4gQUtCMR0wGwYJKoZIhvcNAQkBFg5hcmd1
c0Bvb3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKpSg7Om
QQO8vMdmYcgOqYwpz3BSRDDjQJSnKwlNXanVLR8t5ZJQtJKLqUsKo8CC2jyBZQrN
kusVwz5ecKbuyDPnDhl4ra6mCWTQnxKhUX2e9DtK7W0gc8HZ8TAa9tJt2tcKpX7S
MNeEwYETPhQk9rUUxxkynIfr38n8nodyVdtFo/nhhlsqyZO4UHLPhC5Op/lPPvzh
Ioz/I66GquHcwX+bfszWlOw3DJeAXw+qPMyjpOzQbsAzqEXHgDY84/4G+safqD2Z
l4UsoAIbEpdSmHF+blkiuXllT9cZ7l3RIxP4pC4c+NoWZFe5Uve6dv11TdREAzhi
PFI1og3c5wGIRbt757687oJ48Ou7w+MKfoGB/ErjrSrItX8CEMO3u17hgQzzGZ/u
iK/zSR0jTUuTnf2hFByXnR89YqXrEWg5Uch755cZPXzx2phniffQndNzTJcPJOr+
LpxpndzInEqC31Q8ZDUgQ/1Xv0or6ePzpTuxt9VKiA16Zn83RzO8ZIR60lO1+VQP
Uxc+oeZLp+AfbHBHO/yqNws0V4vYOo1XtUN/Uj3jFkYnfcaH0iQTXIR/aGUz6rMO
tuA5e3Y9i8qBpwnDQrG7RlBtOr1Nrrue15yTaEhPHKzBpBYWhbsIyJuBwBdxh96X
QkBgEyKRTYUAge0VS3DD9dkdLgsbst1Ed1ppAgMBAAGjggFqMIIBZjAJBgNVHRME
AjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNh
dGUwHQYDVR0OBBYEFOK0KTR2vda8ZJ/b0eqc0wAVmCA3MIHTBgNVHSMEgcswgciA
FHxCgucD6wWX5p49FMX/rCWhuAzooYGkpIGhMIGeMQswCQYDVQQGEwJERTEPMA0G
A1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZ
MBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLUFLQjEQMA4G
A1UEKRMHVlBOIEFLQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQCd
p62lmemfrjATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEwYDVR0R
BAwwCoIIZ3ctY2t1YnUwDQYJKoZIhvcNAQELBQADggIBABfYhzlm8VjYvuZwySkA
9mR1xblTWn/E/d8r0BR8E1ra9bi5jGqYrIzyoCNNFdL0yjvXGNHZIwN0sn22LlC1
1ikhaWV3WcQhtAT91NJfcXr2tk8xOhmIeGlmHBPW8VwwLjl/6WnUEK0PB7skYjq9
iS+ftC5lFNXFCvaJpReC0HGEoo8nf17PKoktzKFWNb0m6UtS8i8QmHcm+SpqHW7b
kbgGioVYbPrkjpySFigQVu3E4Siu2MO2Z9O8y7kutXzwhCom5zBPAkUrvYchl+IX
AXF3MY/dFaxMezt+SubuTWpvH2cbxdfEusNFbG/bC5NywR+0wAKiM/gySb+TfeB+
0NPEQSDYm6stuTCrC8bu20CevLnQhzI5QsBDi3xc+I0g0aER7uJCQ5ajUtjpM8qy
0Toph7IEzQP1JQnsroNlbdI4QI1anACziCYgToYTvLaDaUulMpzGOKMiP6lXDUfy
nggOubzmWcei6syfxWizdkEJeAeHGrlcsJYMyza5PCExNodjuiUUOVrZGKZYLqsR
2kMysKxFO8x81EBhK7fSJ4wIvM/koKKKSDozTWDTbOA7cWjRYWPIAoA+c7sB7VKd
bdGCHVQVH5/YUXHIEbjM24ZYVP7UX8hQWtfxDOYHL8gSRSncI6T9HXs0p1Mlh0eQ
kJdQyX6Vs+d2zTzAbPqICNGM
-----END CERTIFICATE-----
</cert>
# Client Key
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIrroJRG8KWNgCAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECADohDo0yZ+5BIIJSJ+akpQD4kl1
0K+EMwYmNiqrlC1VpdMMFVEKYL34uhieaWkmhPdmlo5RXggBkdzsKb9V6veIiWBo
i7kF8ywMBzR8xP9hqE/1V64vlsz2YOi0jS55CgAL/g/vtWV/lXHecgCjLgytlkrP
Zsj/cb65XhpnEWP2fFilUAU14K2/5ecJce3kAWMbSBnms9fMXN6uIsdr+J39KaYn
thsTaH7zOfOOeqhvc5g9hcTl248RgQhpDPzCsGqOvKvzdSiKbPPxFSveNE5L8Siv
Zu0g7PvGincOw4AiNwizy1VgR2UTEagmQvqAiI1aBxP6jvePnn0CoG+DAnPlhyMk
Ei2uQ76USFtC3DBFpzfg2NU5pubq90dq0Zgdc4LUz9czwE5XUFXShQ70BGqLHvYG
clSMu3D0lodbQ0Cdg10hCKesNz4i+T7Z7xkvEERB1v7p564qGrn7NAb5tb6JmxlR
wHwS6zsaLzAymNSdxh87hlpupXn688HUSn51KKwjVYnJxyYSAIzkNRQ1LVwzS4TJ
R81J6GpPawKzFGZYnvdbLw72ohyLu8D6d7NMLR/Fc/pYT/QgoH801DeseSpaDd/h
RFr0ax3EA7MDnFQfmv6m+I9OmhTX+qdhFHtRolW+NUGAdXHFun34+cuIy5hPP3OT
FyW7vAE0gQN2zgllJcIUjz2Xd9PzoX/tsuh0/RTaj1sEAQhlENfhDfz5GFHSHYbS
fTCLLHR7YISlqUwSH0TdzP2/vsh283iqaQJL+OLfwquTDONDekNtoiIG7HlB6dQr
9ni9wg9lO8fGRbFsN9DrJ1vJcJN5CmY+fE77BNJV2K6J/9EX1wOKp3PaTFTFOjqy
tp2K/M4BTT+JVG6sC2gcDgHYg/2pGTc+YxaKyFVziP7rFQ0plzB1GqrFOGeaSDkH
7VfuUbwlTtohiToL+Fc7sbKV95bcjtug9o9bxdzTPikd5E0gAqOLwJ2bqgFBYZFl
t/Ohm8BBwnKuJqKMJXSHvEDFTM9e6VaTVKD4r+7lI9Ng8h89ergjBUdRxB0I/4PE
g7HvzcXm8Vru8U7LmfCR3KKBtfwNN3n0v9pFk4D24pMRX4o+SD+INDVaoZ/Dswqp
sI75SngxgOXdvP5x9F6LiTklZ+jxciYsVzb5f3CqkjQ57990Dxyt/+EveQBO4yLb
Hnzw9wYcunqsiRmhzKfkkHwHAYmGggtWWaZN7qhLPFgvmtt+Tkf6Ord6FWlEpr6y
5dzHds5tqH/v3Tv4NsTp8bLWqSACVoZ4tKbiv/AijVGar7hiHS4sJ+ty8q7TriNM
46TxQ/iyxQ+4ycfE0yv6MIYv3g135X8lZJfP0gK5wv5sdtgppUcHpySngJv1Se2+
KGS0WjQ9ZqlBFl2V2eJcSRzHRh4351BnoGYsogBrMxUUuFvHho9BkP+fPPkCna6V
S8f7AKb1YuyfeNrq9dLW/5FjaSI/or6VGSv62LBUXXGflFQgu18IZ6eNkzgir0Bi
bdPBiUjnYxTVbfEaxP2CGCuPyG4AQhkbjciyHj5fuQkXIq4e6x91u3FVRHu/LOwN
zjWYs+JhgVzWlH1S2qTaO1LplMt1mG6TXFEouC+qkZ6Os+Tk8jPfUj71/ffh/p73
We9RMPEdvBnOQXRlIJQXa14QYQ218POC2LSD23aWqPdDsssIwpxOKBJHuRqBZWd2
0VK6YpFubZtJW4Z6DKoc98exR+JU3y9ah2V2G7poE4m9V7Np/PjGJ5zLPtx4GhFO
Xr2D6FK26IGUQlO9G+iErvIOeo6j1GJw85HfDY8+wGFNrPmYXXDbkbgwKhcg86Oq
hBh9Zd6P4J7cvtps8A0+F/ROWalmb06TOSZ62lHrJZpnMuI4enSLh7fq3gfPLKgc
MWbxw9Td9LxGt4So4sg8QT2uKlVDDpsP81Jaz1wK9H71GZ+cKhYs4nEQChSPGh2f
XcpV0/CM855FsRTXOpbNHi9rj4jUWOYRkpF7nCdEiGxBDQ5mMdzQ2j+wWUpCl4XH
oD39DVsEmDvRM4fIoYfiurZB+ByWfNwQ5uWcLqexapu+MzVgzEZd+UcejmmlLc0E
BV3U/DgoRoI4zkpRMzKeRMdKFZ93HjHETrSISfqvulOqgA/FsWCoSt3OSxlYQ+vm
bS8gFuF7FuadfQpZ+9wnsrVceNL4bgaZ8jB2wYLPJ+YGz16DtRkfp24gYPSfKfeU
LuhWbKrRE3MLlMSsjtdrLMUW5nxttdDyxbOj9lBezA+LEiiQGP5Wv10wWyjaAFTg
UCAfWr2oP1WH/lXmIqDYD6zgZEgb2rRmnpeZGbzB5xKYTp97YeKxg/kuPIl9Tf5t
GKYUPp5wO6PEkiHDCyCC8cyzs54pAwMBZZkuNcMZ0vse1FcBFZ8YjEwuxRnVMHdJ
3ZEi1b/kHTWDgH1zvj9pHbT+p1DZmZakV6P+gPxkvcLyzb9Zkt4pWQ6PbmZa6q/c
dYDQExeB/tEiGBn+nb5mYbjhGm8kkokK3lbRRuoqCG/cNBDeGYGNU8q6EabbrSGQ
BU1s4Uda/kHzXXmHxphV8P6luvh/aI56RHPVzj3tDBhNBZXjsIm8vyLi1jd5Y/AD
vzg1Vkhf0AAZpSA6w4uTj+/JCVR8ksitXuDNit2iEWcFHmz6vtuKw78lB8VkpI1s
Y5WmXsZbdWsp66GNWcA5MmBRBb7vd1idSfbw9yRLuiZAhVAmlGpVbSUplfTe4wOi
lDfAZLGVbfvdjWIR1fY5QzJBckfSe3QuuHPmsa+qTLlYbZxWeO01JfoWBADwIa28
otFSYOi9gLAIHOHuRTB4uGZZ1R2B1HjDOx+VFfkpuzUvevG3sA7VZGP7KlvtJ4TJ
+f1KvxBkQoVK0e1dKOFJfqsUDUt+hADQt3fpSpw/x+AROybuynbtJV5oC9/VJG76
7n3dkmZ/07ALJ1vATwMK3/XUW/JNVKjmS87/HkqvpPYlgHK1avwWvEf+Y/0LM6VM
mfEi3ZGo6yGye9O1f5ISRdNpXkFRTYTpOpxGL7vGy7JnGE8ZEpkqHREbqptw34I9
I0DuWszHoohU/MNfXUYIIssmWi54iwN8DHDWoh3bNMmEtLEOzPFGk4016yGpXLea
zrMG2XcHwgwX0S/qORDLR4N826diQqrd49V0yjBnqCyAtIlOrW0l7oAqaJK5eaeO
k5E/xOQ9MK94fdI8ahT+Bw==
-----END ENCRYPTED PRIVATE KEY-----
</key>
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-serve
ns-cert-type server
# If a tls-auth key is used on the server
# then every client must also have the key.
#
# Don't forget to set the 'key-direction' Parameter if using
# Inline Key. Usualy , sever has key direction '0', while client
# has ke direction '1'.
#
key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
ea4b0c3c2469d8119fba1b968f7a3ac1
97af13fc4b4fd1d7e6e3aa6b6513ca98
0acee9fba071da555f9ce14d6642e20a
452192aada6a80e73dc62c3103c780fe
8b5df3a054ba1e86d01bb880defbac93
f061ebe4cf87f5c123ec49ba82f50e1a
e83290dfd4debeba063e3ca1c5f37bac
457184dea9a1a97a053ada58f63b7c1f
1de01ca49f3789716e8df654727e4ee4
77d9b182ba174ef871d72ea2bf82d25b
8d02b7a783324263e03229c0852e712f
950c0528985bc1050145f6e1a2379466
11058027d0373a920718c5a5b2f9177c
94365214e24022b2c34d51f25b008f02
8a198e2ae5910e83120b533853bc47a6
2a579fc8df42a997fa4e4854fcf1608a
-----END OpenVPN Static key V1-----
</tls-auth>
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
comp-lzo
# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 1
# Setting 'pull' on the client takes care to get the 'push' durectives
# from the server
pull

22
CKUBU/openvpn/client-confs/anw-km/ca.crt Normal file
View File

@ -0,0 +1,22 @@
-----BEGIN CERTIFICATE-----
MIIDnzCCAwigAwIBAgIJAOPMOpcckCT9MA0GCSqGSIb3DQEBBQUAMIGSMQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEWMBQGA1UEAxMN
QU5XLUtNLVZwbi1jYTEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwHhcN
MDgwNTIwMDAwMTI4WhcNMTgwNTE4MDAwMTI4WjCBkjELMAkGA1UEBhMCREUxDzAN
BgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4x
GTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxFjAUBgNVBAMTDUFOVy1LTS1WcG4t
Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEB
AQUAA4GNADCBiQKBgQCz6U29hsY9zm7uv7aG2lnlRKyeVCwQYUw5/BPT9DaSqROz
Kuidjnu/mmwqmwiPQi8ikkEb2sgH+EdxMXig9DSgoVNrXCYCDLlhruyf2Gr6XPXY
q0IzhskqilP3QkjTnrJabBZSdXF6JWVXSVZXiP0tpJZZpCIQAUzkN2aBOk2PrwID
AQABo4H6MIH3MB0GA1UdDgQWBBRoRIdr8PyJcZnPMsgcEDjrUtg0mDCBxwYDVR0j
BIG/MIG8gBRoRIdr8PyJcZnPMsgcEDjrUtg0mKGBmKSBlTCBkjELMAkGA1UEBhMC
REUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZv
Lm9wZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxFjAUBgNVBAMTDUFOVy1L
TS1WcG4tY2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlggkA48w6lxyQ
JP0wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQB/ETqWltrGX7r72NED
4vpdN2ZVYxEMz0A4UI6dCRrqEMmhbN7WbvTN/pYaIEl5C41ANGG8ZZKiSrjFwrXC
wevYMUKtHMFeV9Bn116w3odXdD+/Z6ykGvrX3jk5BNYbekVLxG3XgQt1lurvTWle
La/k2uEdxP0RwOLDm75rVYw8ag==
-----END CERTIFICATE-----

137
CKUBU/openvpn/client-confs/anw-km/client.conf Normal file
View File

@ -0,0 +1,137 @@
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one. On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
;dev-node MyTap
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server.
;proto tcp
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote anw-km.homelinux.org 1195
topology subnet
#push "route 192.168.82.0 255.255.255.0"
#route 192.168.82.0 255.255.255.0
# Choose a random host from the remote
# list for load-balancing. Otherwise
# try hosts in the order specified.
;remote-random
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Downgrade privileges after initialization (non-Windows only)
# user nobody
# group nogroup
# Try to preserve some state across restarts.
persist-key
persist-tun
# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN
# server, put the proxy server/IP and
# port number here. See the man page
# if your proxy server requires
# authentication.
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
# Wireless networks often produce a lot
# of duplicate packets. Set this flag
# to silence duplicate packet warnings.
;mute-replay-warnings
# SSL/TLS parms.
# See the server config file for more
# description. It's best to use
# a separate .crt/.key file pair
# for each client. A single ca
# file can be used for all clients.
ca /etc/openvpn/client-confs/anw-km/ca.crt
cert /etc/openvpn/client-confs/anw-km/gw-ckubu.crt
key /etc/openvpn/client-confs/anw-km/gw-ckubu.key
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-server
# script in the easy-rsa folder will do this.
ns-cert-type server
# If a tls-auth key is used on the server
# then every client must also have the key.
;tls-auth ta.key 1
tls-auth /etc/openvpn/client-confs/anw-km/ta.key 1
status /var/log/openvpn/status-anw-km.log
log /var/log/openvpn/anw-km.log
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher x
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
comp-lzo
# Set log file verbosity.
verb 3
# Silence repeating messages
;mute 20
pull
#up /etc/openvpn/client-confs/anw-km/openvpn-up.sh
#down /etc/openvpn/client-confs/anw-km/openvpn-down.sh

73
CKUBU/openvpn/client-confs/anw-km/gw-ckubu.crt Normal file
View File

@ -0,0 +1,73 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5 (0x5)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=ANW-KM-Vpn-ca/emailAddress=argus@oopen.de
Validity
Not Before: Jan 2 03:39:56 2015 GMT
Not After : Dec 25 03:39:56 2044 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=ANW-KM-Vpn-gw-ckubu/emailAddress=argus@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:9d:32:39:db:a9:6d:78:47:e2:78:2a:0e:2d:60:
b9:ee:27:e9:a3:59:cf:5b:90:6c:3a:5a:c9:e8:9c:
72:a9:6a:e7:c2:b2:99:78:94:e2:34:69:af:33:42:
64:51:34:0c:ff:84:59:b5:1a:d8:f7:3b:4a:94:f9:
75:cf:5d:66:23:a3:38:b6:dd:b8:59:e5:1b:be:d5:
5e:91:c8:28:83:90:bd:26:a3:2d:1d:32:1c:bc:98:
aa:4e:99:fc:34:7a:9a:4e:13:9b:aa:f3:e4:c6:e0:
93:1f:5a:ca:f5:56:51:4d:ff:1c:ce:b1:9b:ae:2a:
4c:3d:fd:8e:5f:68:26:b0:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
EC:14:0E:00:D3:F8:F9:BB:B3:E1:63:47:96:45:00:C4:7F:00:FC:2E
X509v3 Authority Key Identifier:
keyid:68:44:87:6B:F0:FC:89:71:99:CF:32:C8:1C:10:38:EB:52:D8:34:98
DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=ANW-KM-Vpn-ca/emailAddress=argus@oopen.de
serial:E3:CC:3A:97:1C:90:24:FD
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
Signature Algorithm: sha1WithRSAEncryption
18:00:f8:c3:1d:2a:78:32:56:b8:d8:5d:93:2f:bd:78:8a:71:
c1:ca:48:40:60:f4:e8:cf:52:ef:9f:44:e9:12:20:b6:08:54:
ef:83:9d:00:b3:ab:c3:68:dc:92:ff:71:11:23:40:d1:31:12:
00:8c:65:10:81:96:a8:d3:5a:85:cb:6e:ac:69:4a:86:c7:65:
52:72:f9:50:e6:d8:61:47:27:6e:13:77:59:2f:07:fd:4f:26:
98:7c:bc:b2:b2:14:79:af:78:f8:6e:6b:35:79:59:38:21:87:
b2:30:b9:df:5a:7a:ac:fb:1a:e8:4e:0a:4b:b9:7d:0a:fc:57:
bb:05
-----BEGIN CERTIFICATE-----
MIID7TCCA1agAwIBAgIBBTANBgkqhkiG9w0BAQUFADCBkjELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxFjAUBgNVBAMTDUFOVy1LTS1W
cG4tY2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTE1MDEwMjAz
Mzk1NloXDTQ0MTIyNTAzMzk1NlowgZgxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZC
ZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQL
ExBuZXR3b3JrIHNlcnZpY2VzMRwwGgYDVQQDExNBTlctS00tVnBuLWd3LWNrdWJ1
MR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCBnzANBgkqhkiG9w0BAQEF
AAOBjQAwgYkCgYEAnTI526lteEfieCoOLWC57ifpo1nPW5BsOlrJ6JxyqWrnwrKZ
eJTiNGmvM0JkUTQM/4RZtRrY9ztKlPl1z11mI6M4tt24WeUbvtVekcgog5C9JqMt
HTIcvJiqTpn8NHqaThObqvPkxuCTH1rK9VZRTf8czrGbripMPf2OX2gmsBMCAwEA
AaOCAUkwggFFMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdl
bmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU7BQOANP4+buz4WNHlkUAxH8A
/C4wgccGA1UdIwSBvzCBvIAUaESHa/D8iXGZzzLIHBA461LYNJihgZikgZUwgZIx
CzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEP
MA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRYwFAYD
VQQDEw1BTlctS00tVnBuLWNhMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5k
ZYIJAOPMOpcckCT9MBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAN
BgkqhkiG9w0BAQUFAAOBgQAYAPjDHSp4Mla42F2TL714inHBykhAYPToz1Lvn0Tp
EiC2CFTvg50As6vDaNyS/3ERI0DRMRIAjGUQgZao01qFy26saUqGx2VScvlQ5thh
RyduE3dZLwf9TyaYfLyyshR5r3j4bms1eVk4IYeyMLnfWnqs+xroTgpLuX0K/Fe7
BQ==
-----END CERTIFICATE-----

18
CKUBU/openvpn/client-confs/anw-km/gw-ckubu.key Normal file
View File

@ -0,0 +1,18 @@
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,17FCFC43E5265156
V8gYTlFBeMXEIZUYq1fLtRIYjVnYNBRGmGNHtraHXZycO/RUnnEyoawl6pTPRWlM
z1fVM7sK93uyEX6yftVG9DfFbMSkzkW8P3CLIMGNvVE5kF2KzpNPDJ1Lvfi7Vafu
KPvUngUAEjQQ968NIAGvN+fOeICoihNZYro6lNaN1iOPTHO1ySiSEGslbW2Q7WrQ
RyUJPS1onvAMkEOp+E15g+BNVLVap0iISlIW+urCnJ0dhVUAS/bZNaQVh6MsKUnp
rYh/t3DZmXTBOG5gu/VSY4PU7zGMuHKNyA0hMUEapvzAeyyVfppjvKN31OhqXZAS
X65uD8x0nMH8NgBuh7ZJBmMIYjjAvHi4/0hsfRjp5ZbADkeay+cyzjo1t8q0xctJ
qZdLFcTj+XVN9DfPeAkg6RQa1sUKJE+n0enmsBL+99fopWH+GrxEDqux+JHhRrlc
15fzFh8AZBe3Fl8aheDE9n2f4sk63ap+u7hgPMRa0wYJVU5meYLsfaU4XRJnq73f
LO6ZwLV0MDEm1sc4k1P9KkPbZc/XxIXDtsev3psy/M39zWodhtfXMrzYVfH3ChRn
uIFV8EhkEMPj6hPFFubhHRFjW09Pa2knWOZK6x8Wad6YEJxMw/pB6NAa1m2bkGan
EXTL3Ehb6iAQvQ6BBb5+kqjnWFuCqjsz9h2Rb5r/l0KvO+VScF10mkDLoNqCHhBK
BNLKYngRCZw+8N4vnhsc3s8GPf5ssSpFEW1sypaSbW2Hgux55jBu9NtNzo4vQLGM
UoxiJoq54w9a3EjgVspMQ1qy6WzJaNCZpqvdl2fT43c=
-----END RSA PRIVATE KEY-----

21
CKUBU/openvpn/client-confs/anw-km/ta.key Normal file
View File

@ -0,0 +1,21 @@
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
82b1f1533640a6436ed2eb2993ef9e7c
f867d5f61ffe5691be2bc8304714b41a
9f49a741e0c9f22417ee9ee6893434fb
1e5611b7d64d31532a450e41871c4885
c3ac11d33ed5c878500206416cb88c9b
c0487fd5098dc3a5982694feb2d4d3fe
1ba4f32fc7574fa4b09d47aa1986c096
e022fcd44b87ad8c08c979b8ac7ade3d
130f838ffaedf278360eba2f6f9b94db
e1d0e0f6f4a44210f4acb38835797444
fa2b5e067ec14e5f2013a36827c85722
386cf69b2c5e9c3bced20e4aac287edc
da8b1eb743cf527750999e01274f2e47
e79c9cbede772362b103a6ddebff76da
ed23277286cf8da544d86f6e5f6046b7
a0d2f4b8bf57d734ef4ec3763979ced2
-----END OpenVPN Static key V1-----

22
CKUBU/openvpn/client-confs/anw-urb/ca.crt Normal file
View File

@ -0,0 +1,22 @@
-----BEGIN CERTIFICATE-----
MIIDnzCCAwigAwIBAgIJAJfS3XHJWN9/MA0GCSqGSIb3DQEBBQUAMIGSMQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEWMBQGA1UEAxMN
QU5XLVVyYmFuLVZQTjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwHhcN
MDgwNzAxMjMwOTQyWhcNMTgwNjI5MjMwOTQyWjCBkjELMAkGA1UEBhMCREUxDzAN
BgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4x
GTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxFjAUBgNVBAMTDUFOVy1VcmJhbi1W
UE4xHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEB
AQUAA4GNADCBiQKBgQDXN4KAEcJwYICMNTL47p3grgBwylUtkjtjJdmUVo8k85jR
nZSlj592rDPB7/G1o7qU8vEQlmIQSjkfC/ViuMlS38kmn+1B8kVpqoUPWZ8PRnm5
JHWRK6TD8LjHCEZKr1hfaviddbK8Exg7b+Va3Pz0eAqS/BfuuRXdrZYJTdiuDQID
AQABo4H6MIH3MB0GA1UdDgQWBBTY304dMhIbcaY0w/D+JRpi/lcRZzCBxwYDVR0j
BIG/MIG8gBTY304dMhIbcaY0w/D+JRpi/lcRZ6GBmKSBlTCBkjELMAkGA1UEBhMC
REUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZv
Lm9wZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxFjAUBgNVBAMTDUFOVy1V
cmJhbi1WUE4xHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlggkAl9LdcclY
338wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCtIEYEN8d5imgML5V3
OnwSN+aAm6hobm6IE1fFj+G6RyvcewrLaKybXljBe2sLB4TdK3CUntoJ7yaw28xl
5u1rBmzFI7r/xNwdU+qurpb121yMnwQSSgF0bVpDZHdz4+V1+V4Lor8bvmqOIfsH
YMgxU+nNxqoPlGaO1xxcEuK78g==
-----END CERTIFICATE-----

137
CKUBU/openvpn/client-confs/anw-urb/client.conf Normal file
View File

@ -0,0 +1,137 @@
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one. On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
;dev-node MyTap
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server.
;proto tcp
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote anw-urb.homelinux.org 1195
topology subnet
#push "route 192.168.82.0 255.255.255.0"
#route 192.168.82.0 255.255.255.0
# Choose a random host from the remote
# list for load-balancing. Otherwise
# try hosts in the order specified.
;remote-random
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Downgrade privileges after initialization (non-Windows only)
# user nobody
# group nogroup
# Try to preserve some state across restarts.
persist-key
persist-tun
# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN
# server, put the proxy server/IP and
# port number here. See the man page
# if your proxy server requires
# authentication.
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
# Wireless networks often produce a lot
# of duplicate packets. Set this flag
# to silence duplicate packet warnings.
;mute-replay-warnings
# SSL/TLS parms.
# See the server config file for more
# description. It's best to use
# a separate .crt/.key file pair
# for each client. A single ca
# file can be used for all clients.
ca /etc/openvpn/client-confs/anw-urb/ca.crt
cert /etc/openvpn/client-confs/anw-urb/gw-ckubu.crt
key /etc/openvpn/client-confs/anw-urb/gw-ckubu.key
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-server
# script in the easy-rsa folder will do this.
ns-cert-type server
# If a tls-auth key is used on the server
# then every client must also have the key.
;tls-auth ta.key 1
tls-auth /etc/openvpn/client-confs/anw-urb/ta.key 1
status /var/log/openvpn/status-anw-urb.log
log /var/log/openvpn/anw-urb.log
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher x
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
comp-lzo
# Set log file verbosity.
verb 3
# Silence repeating messages
;mute 20
pull
#up /etc/openvpn/client-confs/anw-km/openvpn-up.sh
#down /etc/openvpn/client-confs/anw-km/openvpn-down.sh

73
CKUBU/openvpn/client-confs/anw-urb/gw-ckubu.crt Normal file
View File

@ -0,0 +1,73 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4 (0x4)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=ANW-Urban-VPN/emailAddress=argus@oopen.de
Validity
Not Before: Sep 18 00:00:05 2013 GMT
Not After : Sep 16 00:00:05 2023 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Netzwerk Services, CN=ANW-URB-VPN-gw-ckubu/name=Christoph Kuchenbuch/emailAddress=argus@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:d7:02:6c:3b:15:f3:97:28:c0:5e:8d:24:ac:9a:
9f:cd:11:f6:9d:5e:a5:5f:5d:3d:42:a5:de:b0:35:
b5:d7:b1:e0:e0:f8:f3:29:53:7f:33:78:18:92:67:
1c:aa:f9:16:48:5b:19:d3:cb:8d:d4:fe:1b:84:d9:
e2:89:1a:85:5c:0b:93:c3:9d:6d:a8:4e:72:65:84:
16:d6:02:6c:b0:0d:00:46:e3:06:15:54:bc:a8:84:
80:f1:a9:93:b0:7a:a3:57:31:3a:9b:aa:29:9b:39:
34:e2:64:df:4c:d5:3c:6c:c5:1c:3a:4b:26:ee:5e:
58:e9:29:9b:42:ce:ef:90:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
5C:5B:7D:20:D6:16:C4:CD:E8:D8:F9:FF:86:B5:ED:8C:83:CF:90:C5
X509v3 Authority Key Identifier:
keyid:D8:DF:4E:1D:32:12:1B:71:A6:34:C3:F0:FE:25:1A:62:FE:57:11:67
DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=ANW-Urban-VPN/emailAddress=argus@oopen.de
serial:97:D2:DD:71:C9:58:DF:7F
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
Signature Algorithm: sha1WithRSAEncryption
c3:95:2b:e3:f8:62:d2:5e:b8:02:bc:a9:11:f8:bb:f5:0a:04:
fe:a3:68:e7:c1:97:f0:44:77:c7:54:98:4a:dd:b9:df:76:4b:
2c:d5:4c:a1:9e:e6:da:5f:d0:e4:73:c1:63:6e:29:ef:3c:79:
82:0e:f1:59:ca:8d:41:aa:22:42:e6:e2:88:ba:00:91:b1:f6:
f5:15:03:db:72:ab:39:01:c7:ee:19:25:c1:fd:ff:5d:30:b2:
ff:76:70:e9:3b:4f:88:af:14:68:8b:63:e2:a6:9c:e6:05:0e:
eb:b9:9f:3d:04:2e:9f:34:c1:14:53:69:3e:5a:c3:2e:ab:8e:
12:72
-----BEGIN CERTIFICATE-----
MIIEDjCCA3egAwIBAgIBBDANBgkqhkiG9w0BAQUFADCBkjELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxFjAUBgNVBAMTDUFOVy1VcmJh
bi1WUE4xHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTEzMDkxODAw
MDAwNVoXDTIzMDkxNjAwMDAwNVowgbkxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZC
ZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRowGAYDVQQL
ExFOZXR6d2VyayBTZXJ2aWNlczEdMBsGA1UEAxMUQU5XLVVSQi1WUE4tZ3ctY2t1
YnUxHTAbBgNVBCkTFENocmlzdG9waCBLdWNoZW5idWNoMR0wGwYJKoZIhvcNAQkB
Fg5hcmd1c0Bvb3Blbi5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1wJs
OxXzlyjAXo0krJqfzRH2nV6lX109QqXesDW117Hg4PjzKVN/M3gYkmccqvkWSFsZ
08uN1P4bhNniiRqFXAuTw51tqE5yZYQW1gJssA0ARuMGFVS8qISA8amTsHqjVzE6
m6opmzk04mTfTNU8bMUcOksm7l5Y6SmbQs7vkFsCAwEAAaOCAUkwggFFMAkGA1Ud
EwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZp
Y2F0ZTAdBgNVHQ4EFgQUXFt9INYWxM3o2Pn/hrXtjIPPkMUwgccGA1UdIwSBvzCB
vIAU2N9OHTISG3GmNMPw/iUaYv5XEWehgZikgZUwgZIxCzAJBgNVBAYTAkRFMQ8w
DQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVu
MRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRYwFAYDVQQDEw1BTlctVXJiYW4t
VlBOMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZYIJAJfS3XHJWN9/MBMG
A1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDANBgkqhkiG9w0BAQUFAAOB
gQDDlSvj+GLSXrgCvKkR+Lv1CgT+o2jnwZfwRHfHVJhK3bnfdkss1UyhnubaX9Dk
c8FjbinvPHmCDvFZyo1BqiJC5uKIugCRsfb1FQPbcqs5AcfuGSXB/f9dMLL/dnDp
O0+IrxRoi2PippzmBQ7ruZ89BC6fNMEUU2k+WsMuq44Scg==
-----END CERTIFICATE-----

17
CKUBU/openvpn/client-confs/anw-urb/gw-ckubu.key Normal file
View File

@ -0,0 +1,17 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIciZPe4pZyPoCAggA
MBQGCCqGSIb3DQMHBAilx1xBgz8S1wSCAoDBMXDwnWuOF66Yodm3A2D1Su9K+hVo
5KfJeC0BmWDf1455kw/ZKiB7bdgUcgogJPpQgzjugGu04iugoC/KobocidD6NP7f
ZkmT6UGPkFa+3xyr61rYBlKT9HqphAVRwUoNhNNbFG1h0oBIL9qjxuQCssL5qsne
R9KN9VsYVDRloL5/RfmcozJ1mXeRQeBkDCiQWb7cCYSqzpXHD6Vf+Xabdb7KiEOp
coIWoOLyX6JdlV47CN1bUVerZulyZfU+xaI1EyqDCiVR6uao7ggIrLEnnTj+3oYN
0NK77BCAJBsMEvSa2ZJQUvKeAl8pHTZdD06ixZRFlroUbMYV3ns2BvlT/M2GT3Oz
P55FxClNjnmST1+MB+Ak7rZxdSVXf6tJP7fyxWU/zeGqHFfhQS0soiJxsdu2+iAy
/AW4d5eF7fDMNdtelQg9oNMu8DBqIEMt6iZtmEPMxXO18BWrOOuAcXNExjmX4YP5
/WVKwpukfbizsCgA828Rmm6KlLaGcfwM4Q+msK9uQuLW1xrAjghS3KPgCFOnrRzV
UCvZGaVAhdA8oSdigBJonQmC5KWjjd+MIHFUqHOz2CWdN2HPvn9DKUeZwUVqtyVZ
LytntILVJ2CCLikf8iR2Q0YLCnA/Z0dA1+yy2OnSpFRv5qZ8alvn3sJ/RKCNnEVe
5Y5mhfC/MFk2Ak7MaI66vW6WFFUWFzFqvpco2ItVF05mjN0QfQfwB0CllO5QzfCI
xEwG4mcAgB7NceXHYh4mdX/nxDsmbkHSlWRKIE1SPuJzQPeolxKUcVr9O4UVHUya
zL3PaQ4PZa1YeL01QrqeK/rgvirQbNqnNsr0diqNXiYPNGmIEW0Aln5u
-----END ENCRYPTED PRIVATE KEY-----

21
CKUBU/openvpn/client-confs/anw-urb/ta.key Normal file
View File

@ -0,0 +1,21 @@
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
e19230da99dc39d3169c1a77dde7ad76
8831a21b862a03aed5db8332bff9177a
14ede9e8e89da3d4da92a5419006adaa
b61c895a2445fe8a8fc15ec250f1dd53
07860a266aa331691b89b129819ba7e0
18731572474ad3a4e87accaf7e74010b
6b28aaf82be7a726558b1cda354888af
a574d1fb1bd0e86a16c0bf635a3f4ede
cd156415a01cd62617abf1eda6c38585
df9b9e8e831ce3e645ee0ea6fc1f2c27
1c381080d87697462c4eb69c100a099e
902a5423692b0ec0598a165e65da298e
bd72f0f00216b026b6a2fc3f1a6ada6e
db76051b9d055307f0e02f11c8b16419
b246546fe5023afd1ca2b7328c69cf47
d48f9015f5c5655dd899736d78bd7614
-----END OpenVPN Static key V1-----

28
CKUBU/openvpn/client-confs/b3-bornim/ca.crt Normal file
View File

@ -0,0 +1,28 @@
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgIJAOWbjDrr526ZMA0GCSqGSIb3DQEBCwUAMIGjMQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczESMBAGA1UEAxMJ
VlBOLUIzLWNhMQ8wDQYDVQQpEwZWUE4gQjMxITAfBgkqhkiG9w0BCQEWEmNrdWJ1
LWFkbUBvb3Blbi5kZTAeFw0xNzAzMjIwMjE5MjVaFw00OTAzMjIwMjE5MjVaMIGj
MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4x
DzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczESMBAG
A1UEAxMJVlBOLUIzLWNhMQ8wDQYDVQQpEwZWUE4gQjMxITAfBgkqhkiG9w0BCQEW
EmNrdWJ1LWFkbUBvb3Blbi5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMzzVaCu/oIRHn9CaLJdwurZvlnnZ1xI+HtWlVnVY60QBzw38Rc36VUOH+bf
NRM+aV95Pe6h0icFmiDfnSHQwogO56tkZFq6OW9RfnC/wSVXEfVrdvV8H9JgPiLM
WdyRIgjdeM74EdZ0tFN8sO34Bf/dv3OYGUz7qJgFnKdy7ByTgv2maRmITds9Dk58
H8h5wl0TnGRS+A8zOz1TAIjVjdPWEFOwkKLGRCSbiWIm2qqXzbhlwYYpxifxRkXW
tcSLOB3lKtAM53l22Qvux6J5+s0UH3+WoPo+6Gc65Jtg6SUGxTpvJZgRyMpRKLNI
JEFzo8JMYSb50TmC/9j6ZOX82VsCAwEAAaOCAQwwggEIMB0GA1UdDgQWBBQfLl6w
QA2SpwmD2iVsGSCeyWDNITCB2AYDVR0jBIHQMIHNgBQfLl6wQA2SpwmD2iVsGSCe
yWDNIaGBqaSBpjCBozELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0G
A1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsg
U2VydmljZXMxEjAQBgNVBAMTCVZQTi1CMy1jYTEPMA0GA1UEKRMGVlBOIEIzMSEw
HwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGWCCQDlm4w66+dumTAMBgNV
HRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAmLrMjjb3MV6gjBZCIDJag6X9+
WOLY6UJfNGXyg9qt4SxKFqvBSCC+ZB+39rvl/+ReAULKCjggM3usRuPZfcK63Ncm
FRqkxA+3xk+c60KZd3DP+4yRdY3j1GeHip8FJloT91eVkGdCGDAFwz3njBex40BA
qpIPOoYDKJDZElrunB/8z0KW/12HqxowEnPQaSkTiFeb9hRJMB71/LvS0OZoWPj9
4kvNGJq8H3VdWjzLDAXfX+VYI1gTWYax47klQM6QnKBOuQGPpHvVWBr0ifFsa6Wh
eoBxJ50RuMwLoXNZqqJD6TH8vCv7IqARnhiNKhNiDQQr5CZyr4Nwn7gT4yw1
-----END CERTIFICATE-----

138
CKUBU/openvpn/client-confs/b3-bornim/client.conf Normal file
View File

@ -0,0 +1,138 @@
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one. On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
;dev-node MyTap
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server.
;proto tcp
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote b3.homelinux.org 1195
topology subnet
#push "route 192.168.82.0 255.255.255.0"
#route 192.168.82.0 255.255.255.0
# Choose a random host from the remote
# list for load-balancing. Otherwise
# try hosts in the order specified.
;remote-random
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Downgrade privileges after initialization (non-Windows only)
# user nobody
# group nogroup
# Try to preserve some state across restarts.
persist-key
persist-tun
# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN
# server, put the proxy server/IP and
# port number here. See the man page
# if your proxy server requires
# authentication.
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
# Wireless networks often produce a lot
# of duplicate packets. Set this flag
# to silence duplicate packet warnings.
;mute-replay-warnings
# SSL/TLS parms.
# See the server config file for more
# description. It's best to use
# a separate .crt/.key file pair
# for each client. A single ca
# file can be used for all clients.
ca /etc/openvpn/client-confs/b3-bornim/ca.crt
cert /etc/openvpn/client-confs/b3-bornim/gw-ckubu.crt
key /etc/openvpn/client-confs/b3-bornim/gw-ckubu.key
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-server
# script in the easy-rsa folder will do this.
ns-cert-type server
# If a tls-auth key is used on the server
# then every client must also have the key.
;tls-auth ta.key 1
tls-auth /etc/openvpn/client-confs/b3-bornim/ta.key 1
status /var/log/openvpn/status-b3-bornim.log
log /var/log/openvpn/b3-bornim.log
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher x
cipher AES-256-CBC
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
comp-lzo
# Set log file verbosity.
verb 3
# Silence repeating messages
;mute 20
pull
#up /etc/openvpn/client-confs/anw-km/openvpn-up.sh
#down /etc/openvpn/client-confs/anw-km/openvpn-down.sh

97
CKUBU/openvpn/client-confs/b3-bornim/gw-ckubu.crt Normal file
View File

@ -0,0 +1,97 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3 (0x3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-B3-ca/name=VPN B3/emailAddress=ckubu-adm@oopen.de
Validity
Not Before: Mar 22 02:25:44 2017 GMT
Not After : Mar 22 02:25:44 2037 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=B3-VPN-gw-ckubu/name=VPN B3/emailAddress=ckubu-adm@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:a0:12:ec:ae:52:b3:19:53:4d:f4:ca:96:dc:4f:
b8:94:e3:ff:77:97:93:2c:63:1f:af:b2:d5:e9:d4:
32:16:ea:b5:62:93:c6:49:e4:48:1d:38:8b:a3:ac:
11:82:50:05:24:6c:d4:5e:9b:d6:06:e5:a3:a2:77:
eb:3c:14:23:2c:d0:3c:2d:15:32:8e:79:74:47:2d:
1b:1b:e6:bc:bb:cd:f1:d7:e4:25:67:27:d9:e7:14:
96:78:2f:f2:2e:a8:76:df:0f:20:18:ab:d6:54:31:
72:88:81:be:17:2c:0d:e1:65:9f:17:b9:88:e2:b8:
d4:ec:3e:a4:61:46:db:03:da:69:2d:be:2e:24:b9:
53:59:9d:3d:ef:2b:75:ef:1b:40:ea:f7:a6:b2:7f:
3c:b7:46:e4:f7:6c:db:8b:cc:4a:cc:3c:df:0e:a7:
8c:39:2b:30:53:4a:19:10:84:34:f7:17:19:94:eb:
fa:63:84:ce:4b:8f:09:04:19:38:98:24:19:24:96:
6a:cf:f1:3e:42:8a:9e:cd:16:c5:39:de:bd:1e:fc:
e6:57:12:3f:b5:59:d0:50:b7:38:d7:75:99:b0:4d:
62:d7:95:64:fb:b5:8c:68:20:61:78:7a:04:45:c4:
15:8c:92:60:b9:9e:24:3f:b5:54:fe:92:4a:1f:4b:
09:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
01:0E:AD:99:D6:AD:30:D2:45:B3:FF:56:26:D4:E7:8F:BA:BD:41:86
X509v3 Authority Key Identifier:
keyid:1F:2E:5E:B0:40:0D:92:A7:09:83:DA:25:6C:19:20:9E:C9:60:CD:21
DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-B3-ca/name=VPN B3/emailAddress=ckubu-adm@oopen.de
serial:E5:9B:8C:3A:EB:E7:6E:99
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:gw-ckubu
Signature Algorithm: sha256WithRSAEncryption
16:30:40:fa:eb:4f:06:12:81:ee:94:67:b7:22:67:53:af:f5:
23:29:43:7f:fe:9d:50:94:cf:ab:a5:a9:f4:85:36:4c:2a:38:
f4:46:b4:01:5c:0f:59:3b:d7:39:2c:a7:d5:64:b5:63:83:ff:
e7:98:c8:94:69:cc:a5:8a:03:ac:61:c5:0a:20:46:7b:f8:86:
71:39:ad:a4:bc:fd:cb:dc:ed:27:95:2e:d7:f9:2f:0a:26:1e:
e0:1e:4e:77:94:c1:08:11:b7:5f:6c:e7:5f:a1:98:4e:a2:8f:
46:d2:e3:c4:b8:fb:c0:51:8d:5f:d3:3e:a0:81:e8:c6:46:ef:
89:57:7a:8f:d8:af:e8:48:c2:c6:64:ef:d3:1e:77:72:17:c4:
57:87:19:97:e2:04:e5:27:11:40:28:52:a1:fc:79:85:56:69:
69:0d:04:a5:8d:b8:fe:4b:ca:6e:4b:6e:bb:7e:a8:10:54:6a:
45:ae:49:2f:10:8c:8e:cf:d8:b1:00:97:62:ed:14:84:1c:1b:
5b:b6:3c:44:e3:8e:8c:ac:25:33:39:6f:9d:7b:db:7c:0a:4c:
ec:70:d6:17:32:e2:93:8e:33:fe:aa:e1:12:f1:99:1e:f5:f8:
5f:b7:94:77:83:4f:6a:de:48:1a:db:9a:62:dc:7e:87:00:87:
c1:73:fc:ae
-----BEGIN CERTIFICATE-----
MIIFOjCCBCKgAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBozELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEjAQBgNVBAMTCVZQTi1CMy1j
YTEPMA0GA1UEKRMGVlBOIEIzMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29w
ZW4uZGUwHhcNMTcwMzIyMDIyNTQ0WhcNMzcwMzIyMDIyNTQ0WjCBqTELMAkGA1UE
BhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQK
EwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGDAWBgNVBAMTD0Iz
LVZQTi1ndy1ja3VidTEPMA0GA1UEKRMGVlBOIEIzMSEwHwYJKoZIhvcNAQkBFhJj
a3VidS1hZG1Ab29wZW4uZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCgEuyuUrMZU030ypbcT7iU4/93l5MsYx+vstXp1DIW6rVik8ZJ5EgdOIujrBGC
UAUkbNRem9YG5aOid+s8FCMs0DwtFTKOeXRHLRsb5ry7zfHX5CVnJ9nnFJZ4L/Iu
qHbfDyAYq9ZUMXKIgb4XLA3hZZ8XuYjiuNTsPqRhRtsD2mktvi4kuVNZnT3vK3Xv
G0Dq96ayfzy3RuT3bNuLzErMPN8Op4w5KzBTShkQhDT3FxmU6/pjhM5LjwkEGTiY
JBkklmrP8T5Cip7NFsU53r0e/OZXEj+1WdBQtzjXdZmwTWLXlWT7tYxoIGF4egRF
xBWMkmC5niQ/tVT+kkofSwk3AgMBAAGjggFvMIIBazAJBgNVHRMEAjAAMC0GCWCG
SAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0O
BBYEFAEOrZnWrTDSRbP/VibU54+6vUGGMIHYBgNVHSMEgdAwgc2AFB8uXrBADZKn
CYPaJWwZIJ7JYM0hoYGppIGmMIGjMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVy
bGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQ
TmV0d29yayBTZXJ2aWNlczESMBAGA1UEAxMJVlBOLUIzLWNhMQ8wDQYDVQQpEwZW
UE4gQjMxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZYIJAOWbjDrr
526ZMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDATBgNVHREEDDAK
gghndy1ja3VidTANBgkqhkiG9w0BAQsFAAOCAQEAFjBA+utPBhKB7pRntyJnU6/1
IylDf/6dUJTPq6Wp9IU2TCo49Ea0AVwPWTvXOSyn1WS1Y4P/55jIlGnMpYoDrGHF
CiBGe/iGcTmtpLz9y9ztJ5Uu1/kvCiYe4B5Od5TBCBG3X2znX6GYTqKPRtLjxLj7
wFGNX9M+oIHoxkbviVd6j9iv6EjCxmTv0x53chfEV4cZl+IE5ScRQChSofx5hVZp
aQ0EpY24/kvKbktuu36oEFRqRa5JLxCMjs/YsQCXYu0UhBwbW7Y8ROOOjKwlMzlv
nXvbfApM7HDWFzLik44z/qrhEvGZHvX4X7eUd4NPat5IGtuaYtx+hwCHwXP8rg==
-----END CERTIFICATE-----

30
CKUBU/openvpn/client-confs/b3-bornim/gw-ckubu.key Normal file
View File

@ -0,0 +1,30 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIFoCf5M5Q7nwCAggA
MBQGCCqGSIb3DQMHBAg/IMWDanMqPwSCBMgU7zQul5AkX/TrxXfYu6f1PRJEpfb/
v6F9NXOH42JaWp7VDTI/aQgToi0q+qZRE3GCj9eCGsv7XcltWVtt0c0Qd3jHB+N3
IRXAqNH5dUhpuBJstMBFrYL01TbPkg7fhGhtYYJIJz11BTiwllZULGEJXTXyiusI
zWnkt37KdnhOaWVhAHaf+gWQayB/rMiI5HM4dkdgHm/VQKBrOQGJYn8LMqLqmHKd
kLYeYultYkPtcqDRpnxERbtLXItC2PneKU2WKPwsmCsCy6CTIJoSF6FAxluv8jhO
etLKAzLiDRg9Q/xB+50o8ouRHtNLFSo4FoF7BSeS7ZfdVfRKMMpzUzzRys4KVQry
vXng3IQVxLzHEEZAP9HXcGNuvXeFq5LC72oCSob0ynpPdaTnI00O8vLBib93RfIh
Wn4Tsc7w8Ls3AWhFStkz+8sJ6iewgcp0BlhWLBbTn38sIhW9vG20zAR/CvOpT5vT
8lxLrphsbOuf1HsH7vsYbzsXAwB5Jpu6NCpuiDS4NaBKZAAVmBi37tAc3KbTlUzx
BUhxlrwwDSdQ8j2KXk+/LAXpXM3oj9fKyDOIzuQtFXP7dV9ohX6YHocwMoQCgCl/
ab7mw0ouIb5uUwR5s8dFfFl8scWPsvs9/BALC+ZAfvWBaWvq9dCrngdciM90Sg1c
CQjsBSGMbUTSSgxQE/DdI/mMRa+gqVLe6IniRB/RoKyyBdufkkqhNf2D/d0Ll5uF
yPKvuOJxYHwGPnwknGQrBCe2KMRotzCRliMZ2ua5SPe2fhnVJ0E3jTgABz+ArZhN
XNBAjY/lM80App2NFP6A2p1ryxf5M9j/qbiGFyPaXsnFHT/8Iku+FErWzRQ0fASQ
SC/8kuGWWafwKig6wjHDv6yrIYrtzWiLd5OTpi6QqD1JY19s4pP04v50XL9F9scK
ypESdCcZz9+Q18N4yxREKbCviThpTy3FBoWa1v4SZeerAroUdhGJjXzWfypzmHo4
21J004Dhb7XXKfqsE6MU1TVDQ64Qg/NalULs3LAdHCfur/JR2Htme7/k3jAuJNDF
SPu8PNVH9lnUcxaMVOIMfYtcwMCCn6lW25WqbKPG/VIir4WG2HmGxqbEqugNgt1H
VTxV2uYU1CGEGTlR/EgiI0QDGjVfVLHgugvnTY0T3w7r1kfYKhyyggQ5k3mqvPFX
4B5lm2cCUYBlg4hkWsCTOs+dBG4zB54fl1kfkZ34u9BoTSOFoBi5v0Jhg1CQEgxH
Gesw0YH/gqR2UiWzzwQf/K3WFHaawSmK94ChEMLX6FIUbLwBC4Y9I4J0oT2wfXgi
pzyXR2BL8ccCXlSIzvxDLie3jCgBtuwxAUkK3QifE2+ksM2+3cZk9FMXVlVnGYyz
bTqTxZ/RJCNFIZr2Z2gl2uBhU3Q1k8aWyF6Yu+q1FxtMzIyltYgTUia72vkyGCLG
O0mqRbsxW5RaPpIC7P1fj3IQ5IjvamDPhpG0nXX9RXNlGjRn8QbPX7NEk6WCVgc7
dpNAaZOY68LoQpw344GVWXl5O8sQvrQuLMzoIeeMNlGxK9fjFsf/vUDz3JNy0Q8Q
dni2K4UplAMnfeG+A2DcGQRQ11MRLLJ9cIT2z4lLvv1Vd+Lbv31O1ucdh6kuQbMG
WXY=
-----END ENCRYPTED PRIVATE KEY-----

21
CKUBU/openvpn/client-confs/b3-bornim/ta.key Normal file
View File

@ -0,0 +1,21 @@
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
21da7cfaf8c240eaa9597be6998e7c8c
7d58443834682a57b9af84412d7106cc
089a4030a6380ab83988694fab469c88
bbc1bb60d1164ad108cd4564fbed5891
024dd88abcd93e02d5b28de7e84296b4
cbd182474cf02852d319c864e614aa4f
3b2747bc8b617dc897e279dc34f262de
47f8cf2b7f3c99322710881dc7d48bb3
224ca59ec3cfec94a392f7c30bcb08aa
3796c4eb3c1faf682a313b146cae545a
a052f3bdc66caf301aee6c862c10361a
106747075f4a82742f29a230bdae4df8
6ace60b7d8e702b792fede84f619f009
ba6c953baf22ade495cb4da8b2702650
1954246931a08e7e508f8535a65e5f36
587bf48f2e80fdbe53d1ed8a797cd5aa
-----END OpenVPN Static key V1-----

23
CKUBU/openvpn/client-confs/flr-brb/ca.crt Normal file
View File

@ -0,0 +1,23 @@
-----BEGIN CERTIFICATE-----
MIIDzjCCAzegAwIBAgIJAPf/MOnEeNJTMA0GCSqGSIb3DQEBBQUAMIGhMQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEPMA0GA1UEAxMG
VlBOLUNBMRQwEgYDVQQpEwtWUE4tRkxSLUJSQjEdMBsGCSqGSIb3DQEJARYOYXJn
dXNAb29wZW4uZGUwHhcNMTIxMTExMTgyMzU5WhcNMzIxMTA2MTgyMzU5WjCBoTEL
MAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8w
DQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxDzANBgNV
BAMTBlZQTi1DQTEUMBIGA1UEKRMLVlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0BCQEW
DmFyZ3VzQG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIdp+t
lUB/nx3JqiZiBEkyTK2m+uH/hes4wYTpmbRY2x1YJtwQegX/sfxuu0n1xA42gON0
eOBc2v/MmKzrGP+VP2VxWBhR/VnJsPeFTJJvD6ioM+jc9xNeZFNgHibRw4vzipyK
ALQJK6gJ3COvhb3YWOul3njUGgZZkaikPMuTQQIDAQABo4IBCjCCAQYwHQYDVR0O
BBYEFFb+8DvjraReG34P1h/k6dWObxLWMIHWBgNVHSMEgc4wgcuAFFb+8DvjraRe
G34P1h/k6dWObxLWoYGnpIGkMIGhMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVy
bGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQ
bmV0d29yayBzZXJ2aWNlczEPMA0GA1UEAxMGVlBOLUNBMRQwEgYDVQQpEwtWUE4t
RkxSLUJSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQD3/zDpxHjS
UzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBADPFDfqCtYtsS/NxGVYc
hgxKsA9S/kBifNbde0e6nmPBgufW+O3uPrkvg7Wx2EayxMhX/dVrAYm8NSNCdWXV
5ra0lu6cTI8rwWt404e0F/o0v6u+5eWHFxSF0lDJIVhwvvVoiAUJQw8h+BlI5PYO
JcHZCQoQE1/RE6Xp+0xgTXvW
-----END CERTIFICATE-----

137
CKUBU/openvpn/client-confs/flr-brb/client.conf Normal file
View File

@ -0,0 +1,137 @@
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one. On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
;dev-node MyTap
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server.
;proto tcp
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote flr-brb.homelinux.org 1195
topology subnet
#push "route 192.168.82.0 255.255.255.0"
#route 192.168.82.0 255.255.255.0
# Choose a random host from the remote
# list for load-balancing. Otherwise
# try hosts in the order specified.
;remote-random
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Downgrade privileges after initialization (non-Windows only)
# user nobody
# group nogroup
# Try to preserve some state across restarts.
persist-key
persist-tun
# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN
# server, put the proxy server/IP and
# port number here. See the man page
# if your proxy server requires
# authentication.
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
# Wireless networks often produce a lot
# of duplicate packets. Set this flag
# to silence duplicate packet warnings.
;mute-replay-warnings
# SSL/TLS parms.
# See the server config file for more
# description. It's best to use
# a separate .crt/.key file pair
# for each client. A single ca
# file can be used for all clients.
ca /etc/openvpn/client-confs/flr-brb/ca.crt
cert /etc/openvpn/client-confs/flr-brb/gw-ckubu.crt
key /etc/openvpn/client-confs/flr-brb/gw-ckubu.key
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-server
# script in the easy-rsa folder will do this.
ns-cert-type server
# If a tls-auth key is used on the server
# then every client must also have the key.
;tls-auth ta.key 1
tls-auth /etc/openvpn/client-confs/flr-brb/ta.key 1
status /var/log/openvpn/status-flr-brb.log
log /var/log/openvpn/flr-brb.log
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher x
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
comp-lzo
# Set log file verbosity.
verb 3
# Silence repeating messages
;mute 20
pull
#up /etc/openvpn/client-confs/anw-km/openvpn-up.sh
#down /etc/openvpn/client-confs/anw-km/openvpn-down.sh

74
CKUBU/openvpn/client-confs/flr-brb/gw-ckubu.crt Normal file
View File

@ -0,0 +1,74 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4 (0x4)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
Validity
Not Before: Sep 18 11:07:19 2013 GMT
Not After : Sep 16 11:07:19 2023 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-FLR-BRB-gw-ckubu/name=Christoph Kuchenbuch/emailAddress=argus@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:c8:6b:44:7a:ce:51:74:af:7e:b0:db:ab:e5:cb:
50:f7:01:9b:da:d4:38:7e:35:01:0c:60:4f:28:92:
90:4c:dd:06:1a:a0:89:d6:65:c4:97:d4:22:35:3f:
8c:0c:79:e2:ec:9a:26:4e:e7:ee:f7:73:02:65:12:
9f:cf:5e:05:0c:1e:96:c7:f1:81:92:8f:ac:48:71:
93:df:f8:f2:a3:66:65:ad:13:81:c1:f1:23:a2:c5:
04:86:26:29:bf:2c:7d:28:43:fa:a1:3d:dd:aa:47:
01:af:0f:c2:ba:e0:0b:1d:af:53:f1:f7:a8:b2:90:
2f:4a:ab:c8:19:f6:9c:eb:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
DC:10:87:FA:DA:75:B6:5E:0D:5F:CD:4E:2C:9B:B0:E5:A1:E8:85:1D
X509v3 Authority Key Identifier:
keyid:56:FE:F0:3B:E3:AD:A4:5E:1B:7E:0F:D6:1F:E4:E9:D5:8E:6F:12:D6
DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
serial:F7:FF:30:E9:C4:78:D2:53
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
Signature Algorithm: sha1WithRSAEncryption
9a:71:cd:8f:8a:8a:a0:96:68:01:5e:86:36:74:41:1d:1a:99:
66:56:83:09:c5:18:7f:a1:ec:bf:b8:17:52:e8:fb:09:9c:b3:
5b:b7:0f:ec:e5:4f:db:87:7d:0d:bf:4b:ce:b1:f6:fb:c8:e0:
99:f5:aa:39:ce:dd:8e:7d:6d:b0:70:7f:00:42:de:6e:55:be:
57:f4:01:8d:2e:00:b7:90:b1:92:73:65:89:20:52:8b:b9:f2:
28:eb:e6:32:0d:ed:a0:51:2a:73:fa:dd:6b:86:b5:71:b1:d5:
b7:30:59:6b:94:dd:fc:c9:47:00:35:a8:b7:18:53:c6:99:fb:
0a:70
-----BEGIN CERTIFICATE-----
MIIEKzCCA5SgAwIBAgIBBDANBgkqhkiG9w0BAQUFADCBoTELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxDzANBgNVBAMTBlZQTi1DQTEU
MBIGA1UEKRMLVlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVu
LmRlMB4XDTEzMDkxODExMDcxOVoXDTIzMDkxNjExMDcxOVowgbgxCzAJBgNVBAYT
AkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMG
by5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMR0wGwYDVQQDExRWUE4t
RkxSLUJSQi1ndy1ja3VidTEdMBsGA1UEKRMUQ2hyaXN0b3BoIEt1Y2hlbmJ1Y2gx
HTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUA
A4GNADCBiQKBgQDIa0R6zlF0r36w26vly1D3AZva1Dh+NQEMYE8okpBM3QYaoInW
ZcSX1CI1P4wMeeLsmiZO5+73cwJlEp/PXgUMHpbH8YGSj6xIcZPf+PKjZmWtE4HB
8SOixQSGJim/LH0oQ/qhPd2qRwGvD8K64Asdr1Px96iykC9Kq8gZ9pzrIwIDAQAB
o4IBWDCCAVQwCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2Vu
ZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBTcEIf62nW2Xg1fzU4sm7DloeiF
HTCB1gYDVR0jBIHOMIHLgBRW/vA7462kXht+D9Yf5OnVjm8S1qGBp6SBpDCBoTEL
MAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8w
DQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxDzANBgNV
BAMTBlZQTi1DQTEUMBIGA1UEKRMLVlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0BCQEW
DmFyZ3VzQG9vcGVuLmRlggkA9/8w6cR40lMwEwYDVR0lBAwwCgYIKwYBBQUHAwIw
CwYDVR0PBAQDAgeAMA0GCSqGSIb3DQEBBQUAA4GBAJpxzY+KiqCWaAFehjZ0QR0a
mWZWgwnFGH+h7L+4F1Lo+wmcs1u3D+zlT9uHfQ2/S86x9vvI4Jn1qjnO3Y59bbBw
fwBC3m5Vvlf0AY0uALeQsZJzZYkgUou58ijr5jIN7aBRKnP63WuGtXGx1bcwWWuU
3fzJRwA1qLcYU8aZ+wpw
-----END CERTIFICATE-----

17
CKUBU/openvpn/client-confs/flr-brb/gw-ckubu.key Normal file
View File

@ -0,0 +1,17 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI2PZiohF8ugcCAggA
MBQGCCqGSIb3DQMHBAhTTx6Dj3br7gSCAoDTyLVebeOV/njatPhy0qEi/DlH/6+H
oK9kQaUV69QS6NO3N1RqqDvXu2DcdlkzLLvi1CJWgTJyeHbtKHyTMEEXI/P2SOZL
wBGqXZ2Nav6MqjGpjzHryAAh32thyGJC5o/m/SOMX1lMvDln/g9WzC0ZRAMdNi5M
SrLZieR41OA/0Pt7EuBIfuIvs2MhQwaUbVgdVShmBDVVS+44qJU36wmTT47mEFCD
47ghy6xXvfykiI30fYO4qPad+nR8zpnpEGB5ZQfEx2SRdsbWxY1GMT4rAzTBMgiJ
bbyVY8rEb0kKqbJhUFQ9jjodW2b94p6nayaJHoyO4sFEgvvPhpPsBXRPKOZXMSl1
kNjDEwUjpPCxm2v4JpYiPUoiZO4IAKbXcfJ8WWuKZp1Du37PVD/EnXDjyKBFOyzD
QJDF7ukzAwMHcq9bVv8AybVxC6I+1nDgdrD9s/8cBQiCyYufV/5H484GBI6d2dXo
SyKffomnpHVK7AzAYZXmyxlQj1kwJeh73xYFH06fec0VmmH6vHkN+wjYheJLrqSi
xZkOnxggAecIINh3kVbPrZCfKn46vYwDoFHgK8Ek7nRaIXaYGuKrRfHZRTN6g98s
+QK5iGSL/5Fg8EdsgRtAm4Ss/mBUCEY2AZF4fekfyhtzbpYLtb5XJIw42SCwJstN
dd35UeaUWTOXkO7sIub88UVxv9VXIXpq+2DD7emd9jpyQVp0W2/jlGEvtSNUUsMD
E26+ck8dSOnJI/FFYOeqtW24dZ+0g2NXAoUiwtqQweOJKkOjQlNV/L1Ud68zSy0e
oDCt0c3xYx5JAXDKximQqlVAenc5rl+4kHVnG8wmULmTgWCMbYSk/sAC
-----END ENCRYPTED PRIVATE KEY-----

21
CKUBU/openvpn/client-confs/flr-brb/ta.key Normal file
View File

@ -0,0 +1,21 @@
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
670c1735182a2aa7373f3913f4bb9922
1011f52b6004f688f702ee2eebf789de
8e9a7cbbe597de15dcd0944cc77c63bb
247ef4ec6beb0ab1ad0e68fd3224d9c3
50f3536eb45f0582ab3deb4a84144e08
4ab82c010550262a803f617826443ed5
34ace631dd1115372b4b6d91523ebf9d
5212960ff14b16776359a2c4a8a78672
c6dd16d8e3bead764da1f39a267a5d2c
e798d3f52e0d8ceb7cafde530cbff390
7a099224465c3bde210bdc7e713dae1c
05e190846e0bc7cc8e4c79427516eed3
b580385daaef259dd823e67970ffd9f3
125c3b6217f6622652f76f1da0ea96e5
b9724b6abd8384f45f11d9b41a9afa7b
34d1a506ef314806f46e64d46f4b53a7
-----END OpenVPN Static key V1-----

270
CKUBU/openvpn/client-confs/ga-nh-gw/client-gw-ckubu.conf Normal file
View File

@ -0,0 +1,270 @@
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote ga-nh-gw-widsl.oopen.de 1195
topology subnet
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Try to preserve some state across restarts.
persist-key
persist-tun
# Server CA
<ca>
-----BEGIN CERTIFICATE-----
MIIG2DCCBMCgAwIBAgIJAIfpECeVF6BJMA0GCSqGSIb3DQEBCwUAMIGiMQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczESMBAGA1UEAxMJ
VlBOLUdBLU5IMRIwEAYDVQQpEwlWUE4gR0EtTkgxHTAbBgkqhkiG9w0BCQEWDmFy
Z3VzQG9vcGVuLmRlMCAXDTE4MDMwNzE4NTcwOVoYDzIwNTAwMzA3MTg1NzA5WjCB
ojELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGlu
MQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEjAQ
BgNVBAMTCVZQTi1HQS1OSDESMBAGA1UEKRMJVlBOIEdBLU5IMR0wGwYJKoZIhvcN
AQkBFg5hcmd1c0Bvb3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
ggIBALlE1NE6tNFSDcmhjj9yyWXd1gXn7u3sk7r/gLyvUs1yIpmSKRlMJOh7kXUQ
AXiPsNavC6QFDMq1mFjIuhkNqpl8YC2NgWhfjsaxi4+oa8d+e0nr1Y0jHkLKOWvT
OqKHL2gqFeumOPNOQ1lyoiQzcBfgs28WLk+hfeqv4CPPrPRAXMv0C3jy73T+ZHr7
MCCxpNIcbKZO4vxaPWwi5pnBS7RTIB0OGOEgoWTpryjRiiJ7xuZCF8bQTfucS6fl
9sm2wuftifgU2S81bmrlQ7Wfkm2Xr/QaEKCS/nMhdju6UaC07/22SHGqaqT7eJrr
hk3psq7ecPRmMTj9neN/yYoDByWFUz7nhGmVnCXOO3Ct8KjSeH75W0vf9rCOwY+/
7YUz7ACiz0itjQlj+jdHqwvB3a97v/mf2WFVhbJ84dhUUeW9CmaebLAJMNIqccWX
VibBtG4g1mv9xm0oiIpyNW89Zo24cLXX46P6OAukwSPVnTcfyCxZo2g1EHVVk5oI
nti2sR+h6aabRR+rmPqym1R4rbPMZjDH3NNsazdINRBGkY2Igk36xYFLydrpUiKr
uidboUu/85wZr6xKu7QJYjliP1lkxFuIuzlGFCd41q3CgYPNKO3KPLAeTOzaa6yq
9alxtqs3z3ccOaXyjp/AsDiSsH8qoNKaMQEFyyQeRppNOkgJAgMBAAGjggELMIIB
BzAdBgNVHQ4EFgQUIhsBj9GmWfsTD+kHmHt1fFK3SR8wgdcGA1UdIwSBzzCBzIAU
IhsBj9GmWfsTD+kHmHt1fFK3SR+hgaikgaUwgaIxCzAJBgNVBAYTAkRFMQ8wDQYD
VQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkw
FwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRIwEAYDVQQDEwlWUE4tR0EtTkgxEjAQ
BgNVBCkTCVZQTiBHQS1OSDEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWC
CQCH6RAnlRegSTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQBkQr2/
StSTSKY3Q3OfZzh3+Lqq5Hppk02N4WwwQ9d3c7TQowoHnI/a7llgAb9gu1sExL2p
9QSj+M4sEcSnouLUdnHDArrxJ78AHBGnPq4hHODChkrGFiqvw4yXsNcfhOdv6hrL
LO8OJJyenSnaWL/gCqKDCjdrsB28I65ancGWyBN55UKVGxDpQi14cT2ImSPQAIAy
Rlh7l6uZ8l9SRLtvnjZ7na4VL5JUsXYUIHqc9qUoRwF0At5UmnIPwXZvG0GgA15B
h36Cqf21WfoYZwdff52xwKyl3qjdt3h8tq3XuAqto8rk2Q0aawDgrC9tXJwKB3mo
EZVX1aAxmdDGKIQQzkoU6uR6tYum1H9XFci9QbBMhADLiE4ohn2ukjSV7Z47Cr3+
sClUbqxpfJFIGknSB0KZiFBsnnrB+ICDczPljyHoXbgDV4NvUnKFjzpnFfIhkSvR
ZOm9Qq51b+4XbmXX/+GlsxWYcM2WfkYRaJcRk12z/6Oi3udKB7omp3oI+ZGRvI3D
Rsq1cKwPFFO3EiyPI6GV8BdYTLZ51WSgHohV5rI9c6nre05AB+97kQDUj7jz62P2
ERZr5oWSViGniiQtgclFuMWY+VvuT3DDNtdRikMy3f59S0vslV2HkgLugXgu6RFL
keMwZh7pXr5MP/CUpGgsLMHd627uIuryVYbaLQ==
-----END CERTIFICATE-----
</ca>
# Client Certificate
<cert>
-----BEGIN CERTIFICATE-----
MIIHOjCCBSKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBojELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEjAQBgNVBAMTCVZQTi1HQS1O
SDESMBAGA1UEKRMJVlBOIEdBLU5IMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Bl
bi5kZTAeFw0xODAzMDcyMTM0MTRaFw0zODAzMDcyMTM0MTRaMIGrMQswCQYDVQQG
EwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoT
Bm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEbMBkGA1UEAxMSVlBO
LUdBLU5ILWd3LWNrdWJ1MRIwEAYDVQQpEwlWUE4gR0EtTkgxHTAbBgkqhkiG9w0B
CQEWDmFyZ3VzQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC
AgEA3RJLZn4alzVmYVq47nEh8G3YHJ6j2m/5QDtOE1L2sYYVUNV6FvIlQEsX9aDW
S0ufoShyTeN3XjKXL/U88C7s1FK37Fo1l+jnsAhkxCraGeMxGrC1qhdo6lgRvDhV
tQjJR8teGtIN7iYK5jLDEq+0J1U5DS1ORVmOZ4b6TIjW8Z97zeiVQc3bsu8Jqdct
Tb3WKa9G57ZXN8eP4huyrXA1qsOWfkkrTPJoieuFcbqBZ5ylEQvPvgcUek90J0G/
6JKe0z1DTCEi5KxMv+ueWvrT2qFzGybEVWwRNmHzjQUEJAOhNGXsCEZoj1HjKpVz
xMdtQ9f7/6BWUUwOR+qfFMO4to8MbOZWdTjGU2jMlgB/KUzbmqgOFUhDxkBtpDwp
2vMaRu5Cu5vbMXjrjnV8r2NBO/5TUawzsXkNWMytRMHux2UOgMY8Yfzvl/owCI51
6YISg8C1z1VlGXiHYWtCOIb/J8kgtHRO0TyeX1oflXqGIvAexmcOQu82YiBKkqwm
LOMbHOaJ5bj4FUT84zl87gfePXJyCs0dyTY+y18+eUunx6xvirDxt2aAtwwbrKSI
KU7AxqkRm7hn9W0jdKDSFBfMEp5RP3IQRgUT1Ww4IW2YBWphCk3UIWt/xnozHUVo
xPQ6sj9xPBul/GuOPmDngyP6fIRdlrXR48nkDXd6DzzpUx0CAwEAAaOCAW4wggFq
MAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBD
ZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU/RfN0H8Xjr2+04e2mjbz15uj0DswgdcGA1Ud
IwSBzzCBzIAUIhsBj9GmWfsTD+kHmHt1fFK3SR+hgaikgaUwgaIxCzAJBgNVBAYT
AkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMG
by5vcGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRIwEAYDVQQDEwlWUE4t
R0EtTkgxEjAQBgNVBCkTCVZQTiBHQS1OSDEdMBsGCSqGSIb3DQEJARYOYXJndXNA
b29wZW4uZGWCCQCH6RAnlRegSTATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8E
BAMCB4AwEwYDVR0RBAwwCoIIZ3ctY2t1YnUwDQYJKoZIhvcNAQELBQADggIBAJQ8
Nc99G3xd7HbOjLFELWdO1CnoGWH9fK1OsFpbAtNKmPKU8Rf9uXfgaeydRsjjpP66
CnPfzCSAG12fR665becRzWqCiDexBYvegS8H3VlL9ExlB6BYnRVfj2EpU/urzi+T
EPnTcnaFuqRjt0WAM3MqbV7aKNy+kGJDMO9d50QEKBcgCK2iYL7VZyPAj30K13n+
+/wHydJAmPK4aXXZ4cchg9RBl9lpIIGIO8Oz6xfr5BfhgJjramPjGLHpJ4Y1pGrh
R7VI4Jzkkeze1MRCOKmQ+GaUePdou0w/9C/k0e7Pv31erVGXDAtcXHJ2qzxZO9u5
ZctJ+Ap4IhOs++GjI9xpsEnoDuOrQFOK0qREAZ0nFkkxQI0vbxGx33lzWdCkjS9Q
K4V/V7QvYd6R9ZKYdfg2zROWelTfIRRw3+Qfa/FFGdi7lzLLukCX2UfY814cMOJz
Zz2XqwoRxpc+YvfNaWJdUucxm1KOUzOw1LHzvi1pSzF+j73USlPZWIXA8PSkPcTM
UXYZNzHtv9eI+a3s+FIzrSrk/AGeJSSC8fYKw/n8h8Vp/TsfIYlk5DveJyVZSV4B
4a+sm9k/Jh3WlR0XCxutajGrUcxlfPkYdpj1mA1/c+I2eWkMQlpyXK39iVMn12Bs
qGFRp7CLxAigMKutOthbSiD5kZrZxt6poFdV0AuA
-----END CERTIFICATE-----
</cert>
# Client Key
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIJjjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI1yL8hnrdSkUCAggA
MBQGCCqGSIb3DQMHBAhZy5GBL/4zwQSCCUiDbKR0EKOVYrvrjTQHSQjDeGFwS2FM
cDmu+aDi2oNHKjxk1DHevNDbnxksCws6HNQvclJwJ1jdwVcq44QcaotGEfw7z2B6
wi24lYxML5t3uGpMrP/QVhtNXrxi7JgPG+9A9JHh1WCihwYDm8XQjytFTP/KvPAJ
E4vEGvVLJk0xRHsfhTYj6s5vX60Oe1SURv1mlQBQGyEZYCoMVQGFFUnc+Q/uRo/o
sTTJCkDUJgil/OzmkVVwHmrs1gqfHFp3ywlav7bqf38ixO19Vydz+LvqyuvtxYyh
QFb8ZJJgTa6RvpDrgoLFQ5Ry7rjgWhzSLonQE6qYGM2gvWcNLmOGqv6wVyV/inYy
S+fKB+clGRFM8SITr48eEQbLEa2NN5woidfplSmacQtflxiMPu9SAbgKWSzZ8PAU
XyTcEt7tL3RAnfhXdCMWsWNlcATDOvWXj27VcJmgVp+jt0GFpBacxpW//fB6Yqy8
C1ogguXgrQPRe5FVmVZOFgnbK5phn3qmWsNgDR/r669Ro1b4P34pSVTQb+VG9000
cjwb785IvMk6zwl3jdKacOauiltc6H42FWUbnLy7u0TYUvDSTa8YsbNBB1kQYvlo
kMlMJLx3o9SjYjZjPELAPHFGY03h04nWih5Ov0ygVNi2Es5+GQmj4HCl2tAMEgDX
p3FE33b1Gobv7hJv9ode+R7lDfvciqBUsFSE+1lIvoeqM74RUDrtDEDlGY0MTpmB
78oooQV8F5JjEkkxKZOsucIyvl5m6ZK5/N4gbHkjG0LKvyUVsAOtENxvgFPC6/zz
Qm/IbgjCDxYAFzmdTZL0nR6VMQH7VSUBo8rLhWbswbGIXG23YDDur4Y5Qe5nR4bp
h1f60fO3ziFcP/nmkJUdtNowT7GoueKEahs2OT6ub+aBZwE5nCVc37XucP2s/9eR
9Bojti1Zf5c91lUgnfey+9P61mYkEVIweHcC4nc39MYhlRzWZsmoFh5j8gwvEh0i
9hb+wNfeFNH2LDCoxwtbhfBudJe3e9eCMcDyO302LPtpc+e3mGwsdKZuaMZ07lTf
0YYOOBQMVOOHEQWF0JuKHLaoqPtikPsgCnoRteBG5sHG18PVqJGlb+vijzUaY7Er
AkdjafXA9m6YOo5H3mae89ax4xNfCUlu9buAIOjsM2ISKGmfRzWmCEA8MfsESaP3
w6gducanrAP1sGspy21EDrQ49ElxpPC6aG74ic2F2vhJfdtd6kQU/Azax9nvCJIY
xUaHVOHPPmDd0aS3EJma/Q9z+av1pGQB4hRZY/E50p8VtV8cOp2kSgUra+amYl5b
wk4SokCgIz/cW6S0wkI+jd+uvGU4rgxgNlCGdDEP4HYjdrEb1b5aB0N+Gki5LEYl
42qFQ6BOXxRQkydEGvPDCY0888Kivm6IvoEj8E+7C5/LVG28XcoQZWTI6QLMloQQ
ZYcOYgjnvvMRs9wMbZrUrSYFZtLfNttWrIm4Z1lMCUmahM6CSMx2gYCBXbhMeEKV
dc9FwL9wfcRmvtz2Hh/+EmW4tzSiwr0OxVXhdeSLmnzpAMPJBKhj2jxNs8mhj/CO
PFSxVBB4SZlyzsuViheq89ImeGAELOWpFmKDpbdgpY8ng+QEb4TJhFEWoK29XXfe
0ePEykrlYFn64ZDuLhWlYC4XgILkj8sJFCYGUv0D2mTSXAoVRmmiglhBvDyjOxHC
wgU10rNuYrMARoSUqGwxcznEzsoFYfaP4BXaifTgMOP8qDcXF2gn1c36QxLYIsLO
mu5xCK60ysNINePqJb5slxHlgC3hlDovukuvW/AZGuDHJQMnaiViJh9xGc3uXGf1
0X9dSvNsbzrjch/pX5HKJg9UBFh6q3tR7dRmT4K/9++iB9mzLA3xFRDBFRzdl3P8
ixWVhMMFRNM8b4uvKv/smeRzbbGTDXOG7qr+Jei3zJlEQAvqXiG9xTtp/i0IQm69
KpM7QCGgJ2/HukvywHrwidsVQT2SCkq/wzSlg8pnal6skBK/ncVZPW7dqufT9Csi
Zi5deietR8XeAs9mKJv+FyWL2+q/wMn4PBdHDqVDHaCgrBCSyMTJke26ytb4XQwD
WuVLLlHMwwR+BbFIcAyq5CShfuCboJUJ+FXbzTpOWduLWbZaR/EhqrZbv+9cmCj6
Awu3akR3QkdQJ6gHj1cUeGPtA1RiItVmQlkuMEokFY8oIolCEbzhGd3zfjo27InC
uzGfQbuVo4D9xFNbgEE3lRG8yARp5NXgwiEF8QIwoS95qjZ4h9IQoKs18ap7QYsO
GM1CLLvhuHFFenM61/KitgbY8WOrQilRkw1lAyIyzeLDc2i/aL1dmumbvKjVjQAU
0BwRHO6HTtUtQKv0aH/J/p37I9HUEAhbuXDpJCg8uQa1rhe9Ebkc4GCNDrDXwOaa
OQdguRGZGOJwlRx+5GnVqAdyGKrtqIZsBAYTSwB5Itb/xRVcPv+c4cFIQDFfcau2
DMn8ejXCSIAAlR9MykeuMpg2jRxMDknYNqy6rtasJdHUZrSE6wuTLMpmLSb2IUBO
BIQIbA8+0dOZ95M+5LH1wu+2D1JhGPYQ2iW/PfPMeaKZvtrKCvmWGHA+a07duor5
YorAhCKWEYkpClpRlnQMBoqnZugivE9dhhl5IR3CZDYkQRq4kfnosT1p8aAMwCou
PZb7pQk5R/hBT40U8U/PbHMLBy4wNCkSigBZTA6zPc3QrOw7gFQ0asioNCmq0L+3
UiDQ4zD12y7bXdqSvQfYTnmZew4De9sCW2A25mkYIyPmdc8T9lw+03feCCcvJeUH
xKa+OtKYsLt8pGkj6J6/1n9fOzDX+ExXtAtbsFhYrMlJaZuOg3aD3eB/MW+HbYn5
iCloFAbOcAAn+hi+ZHCqHUot/bYLzKVxHRT6fDcU4O7Ae/ysHsG9HztlRTSjz+Ha
2H+arhs1M4gs0KsqSPWkOuBbTuTL23jsIINXlqPYbWfepwOTyHw0q+OZLm19badR
3ZWJEvcRHFEek0Dfq0BjnhiCcGKMppAGdRcKC/1k3KvYRtV/4sSaHZdQvmAH6kyD
D5c9U71rOgzJw+cRhlB8yEi1f0r5G0ih3btgtTZfZ4NYk47so9hm5E7+/SXkaGWd
/74UNEWXt4YB/vGgwYG8VDXD3+FsjQA+HX20wzS4Is0z2TUf7vQblNiSypFEWEB7
3Os=
-----END ENCRYPTED PRIVATE KEY-----
</key>
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-server
# script in the easy-rsa folder will do this.
#
# Note!
# The option "ns-cert-type" has been deprecated since
# version 2.4 and will be removed from later distributions.
#
# Use the modern equivalent "remote-cert-tls"
#
;ns-cert-type server
remote-cert-tls server
# If a tls-auth key is used on the server
# then every client must also have the key.
#
# Don't forget to set the 'key-direction' Parameter if using
# Inline Key. Usualy , sever has key direction '0', while client
# has ke direction '1'.
#
key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
2465bfa0ca1b39fdae239633c579f730
7c1894c67cd8cd57107824be00af4ba6
77bb44be275b284684f1b0131cc6eb7a
8755ad6f5ffe282608733f6652c611f4
08f374e03ee93ce5d148a5c5b8d0a9ac
468136e0d5ef9718b9dee785fc514d7f
fe96e14977285b5a8c5cc27c0a864e68
44cdb07c51273b90c16f0fb2188228f3
808058fe88e5f51cbf5f802743ea8261
3fc042173bcedabe518ebd0295844f75
2dcb570c2bfd968513f4102b645113ef
7ce8d5086b47f4e10480c9e900c6e3ed
cff01982b7d910f795f014d4e7d44b1d
f5400b02c8d51383271c16f6b05a790e
a6e0f99603d6f4de67f34fe82f0dcf09
3b99102bae425ec22a98d1b074c27728
-----END OpenVPN Static key V1-----
</tls-auth>
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
cipher AES-256-CBC
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
comp-lzo
# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 1
# Setting 'pull' on the client takes care to get the 'push' durectives
# from the server
pull

223
CKUBU/openvpn/client-confs/ga-st-gw/client-gw-ckubu.conf Normal file
View File

@ -0,0 +1,223 @@
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote ga-st-gw-surf2.oopen.de 1195
topology subnet
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Try to preserve some state across restarts.
persist-key
persist-tun
# Server CA
<ca>
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgIJANXFq8sijdObMA0GCSqGSIb3DQEBCwUAMIG+MQswCQYD
VQQGEwJERTEPMA0GA1UECBMGSGVzc2VuMRQwEgYDVQQHEwtTdG9ja2hhdXNlbjEY
MBYGA1UEChMPR0EgQWx0ZW5zY2hsaXJmMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZp
Y2VzMRIwEAYDVQQDEwlWUE4tR0EtY2ExDzANBgNVBCkTBlZQTiBHQTEuMCwGCSqG
SIb3DQEJARYfaXRAZ2VtZWluc2NoYWZ0LWFsdGVuc2NobGlyZi5kZTAeFw0xNTEw
MDkxNTQwMzBaFw00NTEwMDgxNTQwMzBaMIG+MQswCQYDVQQGEwJERTEPMA0GA1UE
CBMGSGVzc2VuMRQwEgYDVQQHEwtTdG9ja2hhdXNlbjEYMBYGA1UEChMPR0EgQWx0
ZW5zY2hsaXJmMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRIwEAYDVQQDEwlW
UE4tR0EtY2ExDzANBgNVBCkTBlZQTiBHQTEuMCwGCSqGSIb3DQEJARYfaXRAZ2Vt
ZWluc2NoYWZ0LWFsdGVuc2NobGlyZi5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKLTHSHgX6/Ibr3AlmJfQ3k3yTvaD031Ps3c+bsXgOQEPNO4x7er
8R47osA7FHNKI8ob7jnX/xJSJcsE2B1zsYpceW7IN/Mmmz0eZyIr7B0tu2dFixxC
t4Vi4dBTh8ZvEaTZ3YUzROBc/YnWFyq3NFZ0DLdJBX+lFXAYg7qVyD7RCB1Yrwxq
rJFYK28qeIi4WHfHQICZ1dBlf7qpnL76MjfzjjiTTs4MZwjYRT2RJaPOhnNzPaeF
c11kP8T+ER46TqYbmBuImpoOntca002opJxw9iXoYJRLYYfhs4XS654iApGbG0vc
2Kd7uH+QyWElW19EDmeDRJM6Bc0LUu1rKtkCAwEAAaOCAScwggEjMB0GA1UdDgQW
BBQ1n9sNhkD5ZQ7jRXnON5gNKFeVWTCB8wYDVR0jBIHrMIHogBQ1n9sNhkD5ZQ7j
RXnON5gNKFeVWaGBxKSBwTCBvjELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3Nl
bjEUMBIGA1UEBxMLU3RvY2toYXVzZW4xGDAWBgNVBAoTD0dBIEFsdGVuc2NobGly
ZjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczESMBAGA1UEAxMJVlBOLUdBLWNh
MQ8wDQYDVQQpEwZWUE4gR0ExLjAsBgkqhkiG9w0BCQEWH2l0QGdlbWVpbnNjaGFm
dC1hbHRlbnNjaGxpcmYuZGWCCQDVxavLIo3TmzAMBgNVHRMEBTADAQH/MA0GCSqG
SIb3DQEBCwUAA4IBAQCXp1hi923vehUa/Gd9Ze9UobRo0kPCLxgQkPOotUPAX+Dp
BDJOIHzoijORN4LmtQV+UNbRGsGU+Mwbejx1b4NHrFtj6KaCbCdB3bumcSmfFbaJ
QM+qvMtQYXx1NnFnoV6PYD9ZjfsY0AaVi5FB/eHnP5xuGzmbq7gPgG5sz2RO5jcR
1jO26hbrOINfYplu/NNQqBfRJPwyPFjHcCD/wWE63fnue3A5Oj6jUcuNLbOAHJEy
Pu37BPHNzjnTUdOe9scXp3WMCJXOtdxoZkfHfGKXYhz//XwX6X/hJMzOZ2K+kUHC
NfKwQ6snmDzycXtx0EqsYjzGgxbOR0qJbK/pJhii
-----END CERTIFICATE-----
</ca>
# Client Certificate
<cert>
-----BEGIN CERTIFICATE-----
MIIFhDCCBGygAwIBAgIBBDANBgkqhkiG9w0BAQsFADCBvjELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkhlc3NlbjEUMBIGA1UEBxMLU3RvY2toYXVzZW4xGDAWBgNVBAoT
D0dBIEFsdGVuc2NobGlyZjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczESMBAG
A1UEAxMJVlBOLUdBLWNhMQ8wDQYDVQQpEwZWUE4gR0ExLjAsBgkqhkiG9w0BCQEW
H2l0QGdlbWVpbnNjaGFmdC1hbHRlbnNjaGxpcmYuZGUwHhcNMTUxMDA5MTYwNzUz
WhcNMzUxMDA5MTYwNzUzWjCBvTELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3Nl
bjEUMBIGA1UEBxMLU3RvY2toYXVzZW4xGDAWBgNVBAoTD0dBIEFsdGVuc2NobGly
ZjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczERMA8GA1UEAxMIZ3ctY2t1YnUx
DzANBgNVBCkTBlZQTiBHQTEuMCwGCSqGSIb3DQEJARYfaXRAZ2VtZWluc2NoYWZ0
LWFsdGVuc2NobGlyZi5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AK7355Rx645LFvVBtQAzVNqcEVSj4xQP9B3jMiCUSP1G2LJ2EjsjPKLy5IGa5YWr
w904xeDK7q8REvGPeDp4pT+56k6O2j7md9XOy1Y6yr+X1qVlSRXO4Hta+cKWinAY
vjtPIL3FubVGB/FUrXZWR/GD7nyKnelCI6Gntvt2wwWt3aj+yPoV9J86MN1NwFAz
Cxn2UcufcFPHfIDFaXpMuwbsRuRudxh3fBRYRkmarB+mRl/3HHEzpCX0gpKWVv2v
a8RaDu/T5mg2yOiMHHUS+D40LmTdo7yzfizoVlVbGrNG5AbXs/gZRKMOLZIPyGR2
r+eD+2KhOpFW+kdjwsPFe0ECAwEAAaOCAYowggGGMAkGA1UdEwQCMAAwLQYJYIZI
AYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E
FgQUdxceVU2ZsbHErH1NiTl5R5Oj99kwgfMGA1UdIwSB6zCB6IAUNZ/bDYZA+WUO
40V5zjeYDShXlVmhgcSkgcEwgb4xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZIZXNz
ZW4xFDASBgNVBAcTC1N0b2NraGF1c2VuMRgwFgYDVQQKEw9HQSBBbHRlbnNjaGxp
cmYxGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEjAQBgNVBAMTCVZQTi1HQS1j
YTEPMA0GA1UEKRMGVlBOIEdBMS4wLAYJKoZIhvcNAQkBFh9pdEBnZW1laW5zY2hh
ZnQtYWx0ZW5zY2hsaXJmLmRlggkA1cWryyKN05swEwYDVR0lBAwwCgYIKwYBBQUH
AwIwCwYDVR0PBAQDAgeAMBMGA1UdEQQMMAqCCGd3LWNrdWJ1MA0GCSqGSIb3DQEB
CwUAA4IBAQBBTSwtPN85g+0QPT8XvxYQFv9PedtEFdKf4R5JWisSI0hyvW9Sf3Vc
4bc2GYIIG2DFSJip2lUgyvC3yOqKtT6vF32M4NS+GglDOycXWbpZNB9vtjrDvpo/
Xhv8dSuwE9BIsoJF+peEbP6lINGi6W/p61NHWmO1ClvtZyRxb4YnqOmIEr9s3XP7
Mm6nttX7690jwZoae/xwGOy17eUz/cGLBq2t7t7m1rhU4ErvGgJOP9PKHkgFrYjm
jHeBXLbHsff+Tq10bhyiDb0hsAoZi1bViGpRtfaQ+eC0rXnDy/C+/nm+SzlEKeiC
2XmTO8dbNgoOqETj7d/iDd4copvdzZYw
-----END CERTIFICATE-----
</cert>
# Client Key
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI5AUTsVDif7oCAggA
MBQGCCqGSIb3DQMHBAg12+MbxEoyygSCBMgCrl75V6WYOCdXaXmPDePYFZnY1rms
O7VBq16osPoJCUbnowfDlWyj73kM0kypBQPK1l9ZtXiC50BgbjPS16CeeAZNvFyr
/1glAmHv4wKArmzF8GL98vEDsKbnBV9nFnPe1YV+Rq4QqeSiOmnWJOqoFbpYDJiO
f2Io1g9DgoYYjMhvvjMk/mG4Oa6aOueMDYBFQ17NCNwXDj65HI685SiMEYzksQEW
GcerSML5Q9PDwbaiH+xs1AVp3MEa65PDj3KW7jcB8LenSAzodXo6dhzJelSgv2Bo
Q769n14ZetOK0Mv/o4blxQAPsbfknKylg/tvGIkFt38mH3PBJeXCNElyWHZJD6BR
xZah53ajLQa6XXhV2LOj+qKjgvIH4lwb10nr+eL3VdXKPXdMrGQUHHx59Z5zGnwK
qoRvKOtx/Lk56c+ycjCo0MJW4QddxB8rBmMEduUcI+jIk0ffF26F/uWh/gZO59hj
Tu6cGAgZY5hxkofm+b4FdyC8dNgQUspPqs9iIqkMSjttzuihme2qdQg5cgl0F2Zp
u7FTp/E8CsRX+MpVm/i+/0oXi9hspvEwfZcg1hpk3LdF2w3Ym+Wj/jlBiUbTC17K
YSLQQk2WEWLbvhGLA/3Hp2auYm0h4PxyG9lp1RTkK6WJSz+Vjc/Y8V01Ml5l7pT5
22eTksbqTeNcasCZkm7dEfAiuA222qS6OUZLzUkX9cBb6EXG/XIQ0qzY6c0UR/38
qfU0aP1Z08mIwMhGfyn/QmYTcxMw2rov6eHt2tsemDFXNf3qj2dUvJn91nu4b0OQ
3ddYB6mazfwCOqXeAzxv+POxuJvjUIx3MmIyQtQTvlNa0nzg89DNlAtBrRKDJVvS
mRLEBT/mFTz6KPpdfVp+qdx+akAQ7YCpmRfBs1Am685b9azOs8+VQOl8rp4PpkU3
T2rSCRpc7O6hW+YZYBwEMgJn0Qs5YXyiE8Js+k9QB5d20hGIJQAQ6hAyLLamHcj4
K6KaBhycvsXvB27drkkofQOVEIV751McsgwC+cxS2DRaJf4udr20Pg/2Trc539kp
anj/hT2auv3/rGGTfY9RLblp00eCjKazltsg3/DbQ5S34hSxnipfa7o6PACxqgAk
qgZ0G5K/smgql5nppPpE8udS0utfDKgi7lCwlviIfKY/UjsQwRr3wh1L2NrjG1nY
f7df0/WfVAc9+LA7QBVtKp68oh2wTCGQXdhgjwJgDMJp7xA/I1kd6tsjkXPjPNct
tg1MZYL/jDjAEzC96ikhLCjbybLVmL3NJKC8Y5+kpxrIs7W4T+ZwTXwfgBUN58Kw
ZHK7JSQzlBKmLlRbpYcjT+Ra5Mf78xA0ZsJ5D7yVoKYmMRfGfDAXQ4s3ri/EyC5h
t4FeFvUdrr4fTu3FlxCAOhxV6rFG/pkjIe/o0JHEZpTvxnd9algrNCTu4D6EFJTW
tQNfQY0mctQhtuMoqG51dB1jVRnZ+f+b7bzBnsesSzJNXKcrq8N0mgcZx0nNDn65
Db32YOv28+JaID53Bq811tHtsybiuTCx+77oubUaH1it5xIMe7NzL9/gQAPkfn5r
LnaDPGgPFEy6UaErrCOo10CkLq61VoCj8DgQz5fQ41OQrd0WbKYR5yqh/nTXpFus
z3U=
-----END ENCRYPTED PRIVATE KEY-----
</key>
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-serve
#
# Note!
# This option has been deprecated since version 2.4 and
# will be removed from later distributions.
#
#ns-cert-type server
# If a tls-auth key is used on the server
# then every client must also have the key.
#
# Don't forget to set the 'key-direction' Parameter if using
# Inline Key. Usualy , sever has key direction '0', while client
# has ke direction '1'.
#
key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
2e6c91c0db488d5f018432f60605fbba
5ec1afd4522ddd28d917ade2c7515daf
9a7a3104b523c929f10a2ccdd2197b83
949e5644669ab0f82b62e08aa887252a
cc20618f9f8c1b0eeded6ea92a392e79
e477a890e2800cf0cf340ac6139cf7a6
0cfc5c713a39e8b2c44347006bb90583
8fe0bccf4feea50e7880ee7c7c510114
e9613960f8af9096fc46d75886b1bdbd
773b77d9044db17109a5615614797b98
bdacaae155966bad69819d08f1c8cafa
1cf102981e2188d155d26043b59538b9
15c1d67430d6b67c9c313123fb7cb427
29cc6972e63470c74c6bf2342fb57ba3
50d3254df49d2158f4faf5bc38fa9d69
1014d126eac903e30f6c97df69a3b665
-----END OpenVPN Static key V1-----
</tls-auth>
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
comp-lzo
# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 4
# Setting 'pull' on the client takes care to get the 'push' durectives
# from the server
pull

23
CKUBU/openvpn/client-confs/jonas/ca.crt Normal file
View File

@ -0,0 +1,23 @@
-----BEGIN CERTIFICATE-----
MIID3TCCA0agAwIBAgIJAN8aOZJGFGPvMA0GCSqGSIb3DQEBBQUAMIGmMQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBm8ub3BlbjEaMBgGA1UECxMRTmV0endlcmsgU2VydmljZXMxFTATBgNVBAMT
DFZQTi1Kb25hcy1DQTESMBAGA1UEKRMJVlBOLUpvbmFzMR0wGwYJKoZIhvcNAQkB
Fg5hcmd1c0Bvb3Blbi5kZTAeFw0xMzEyMzAxMTM1NDVaFw0zMzEyMjUxMTM1NDVa
MIGmMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJs
aW4xDzANBgNVBAoTBm8ub3BlbjEaMBgGA1UECxMRTmV0endlcmsgU2VydmljZXMx
FTATBgNVBAMTDFZQTi1Kb25hcy1DQTESMBAGA1UEKRMJVlBOLUpvbmFzMR0wGwYJ
KoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
gYkCgYEAout6qX8xnAqKRuPPLrYXFkRi8jQ8kfzP/IcD/kLvwDK+wN4Uvfb+88Lv
pJ5dTdBWPkvBLt4wEq6gjs/Nqr0lX5V2I6HfnSN2rLvtrtIsfrjmBo0SNpvuxj8Q
FW5cl+M7d9b8RATFg5I4Senr+pZzIZc82OliVWNSv3j/mXK4NIUCAwEAAaOCAQ8w
ggELMB0GA1UdDgQWBBQCAq4BgqamRfpKEE0YafCQh/QdGzCB2wYDVR0jBIHTMIHQ
gBQCAq4BgqamRfpKEE0YafCQh/QdG6GBrKSBqTCBpjELMAkGA1UEBhMCREUxDzAN
BgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4x
GjAYBgNVBAsTEU5ldHp3ZXJrIFNlcnZpY2VzMRUwEwYDVQQDEwxWUE4tSm9uYXMt
Q0ExEjAQBgNVBCkTCVZQTi1Kb25hczEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29w
ZW4uZGWCCQDfGjmSRhRj7zAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GB
AAvXrWdgzgaLfSSgQQP0g1UlSkKwQr4KpYQuL6Hy/RJbpkhgBiAUm502G2Z4Syiv
p+W6jvEctOUPoXnc6qPgBA7He6tBdVuH7/xshFdO2ik7LBjTWPMfNr6L49FXRJ2r
h414q4N9S1EMZwl1TMqyXTHmHOtLoCdBub1McFu0tfni
-----END CERTIFICATE-----

137
CKUBU/openvpn/client-confs/jonas/client.conf Normal file
View File

@ -0,0 +1,137 @@
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one. On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
;dev-node MyTap
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server.
;proto tcp
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote jonas.homelinux.org 1195
topology subnet
#push "route 192.168.72.0 255.255.255.0"
#route 192.168.72.0 255.255.255.0
# Choose a random host from the remote
# list for load-balancing. Otherwise
# try hosts in the order specified.
;remote-random
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Downgrade privileges after initialization (non-Windows only)
# user nobody
# group nogroup
# Try to preserve some state across restarts.
persist-key
persist-tun
# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN
# server, put the proxy server/IP and
# port number here. See the man page
# if your proxy server requires
# authentication.
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
# Wireless networks often produce a lot
# of duplicate packets. Set this flag
# to silence duplicate packet warnings.
;mute-replay-warnings
# SSL/TLS parms.
# See the server config file for more
# description. It's best to use
# a separate .crt/.key file pair
# for each client. A single ca
# file can be used for all clients.
ca /etc/openvpn/client-confs/jonas/ca.crt
cert /etc/openvpn/client-confs/jonas/gw-ckubu.crt
key /etc/openvpn/client-confs/jonas/gw-ckubu.key
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-server
# script in the easy-rsa folder will do this.
ns-cert-type server
# If a tls-auth key is used on the server
# then every client must also have the key.
;tls-auth ta.key 1
tls-auth /etc/openvpn/client-confs/jonas/ta.key 1
status /var/log/openvpn/status-jonas.log
log /var/log/openvpn/jonas.log
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher x
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
comp-lzo
# Set log file verbosity.
verb 3
# Silence repeating messages
;mute 20
pull
#up /etc/openvpn/client-confs/anw-km/openvpn-up.sh
#down /etc/openvpn/client-confs/anw-km/openvpn-down.sh

74
CKUBU/openvpn/client-confs/jonas/gw-ckubu.crt Normal file
View File

@ -0,0 +1,74 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4 (0x4)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Netzwerk Services, CN=VPN-Jonas-CA/name=VPN-Jonas/emailAddress=argus@oopen.de
Validity
Not Before: Feb 22 13:49:03 2015 GMT
Not After : Feb 17 13:49:03 2035 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Netzwerk Services, CN=VPN-Jonas-gw-ckubu/name=VPN-Jonas/emailAddress=argus@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:db:71:8d:eb:12:6a:d0:a9:a7:6f:66:80:3f:44:
cd:48:95:9a:29:c3:15:d6:2e:66:ea:36:c2:44:85:
bf:03:df:cd:c6:29:54:7c:99:a2:2e:26:7f:70:e9:
5f:d8:dc:06:cb:79:4d:9f:6c:fc:e2:e3:50:c1:9e:
77:88:77:5b:65:89:b1:e9:6c:e7:c9:bc:7c:a9:b6:
1e:2a:e5:81:32:6c:a1:98:44:74:cd:a7:7f:7b:f2:
0c:87:25:f9:ed:2e:30:9d:6a:5d:25:48:84:82:cb:
38:9d:85:ca:8e:38:de:8c:25:8f:f9:f3:50:fc:3d:
57:8c:b8:c9:73:2f:83:c6:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
5A:D4:32:1B:A5:71:82:40:00:1D:40:F3:18:29:94:F0:4D:14:78:CD
X509v3 Authority Key Identifier:
keyid:02:02:AE:01:82:A6:A6:45:FA:4A:10:4D:18:69:F0:90:87:F4:1D:1B
DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Netzwerk Services/CN=VPN-Jonas-CA/name=VPN-Jonas/emailAddress=argus@oopen.de
serial:DF:1A:39:92:46:14:63:EF
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
Signature Algorithm: sha1WithRSAEncryption
6b:5a:01:5f:9b:69:de:64:1a:ec:4b:42:f4:c0:19:41:33:57:
36:95:50:4b:6c:32:cf:32:fd:8d:3d:1e:dd:1a:c0:ca:e9:6c:
57:23:51:0a:be:a5:5e:8c:87:3a:53:91:e8:f3:e5:5b:95:da:
e9:41:25:26:5d:0d:3a:9f:07:14:be:9f:a9:d9:4e:e8:53:82:
c4:39:75:63:16:22:68:6f:29:3d:4a:71:ed:bd:53:dc:84:86:
57:a5:93:75:f0:6e:f5:fa:31:96:e9:79:9e:4b:9c:3e:2e:91:
46:3a:b2:17:b6:bd:04:03:ab:27:cd:af:0f:66:ab:3e:1b:32:
db:80
-----BEGIN CERTIFICATE-----
MIIEKTCCA5KgAwIBAgIBBDANBgkqhkiG9w0BAQUFADCBpjELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGjAYBgNVBAsTEU5ldHp3ZXJrIFNlcnZpY2VzMRUwEwYDVQQDEwxWUE4tSm9u
YXMtQ0ExEjAQBgNVBCkTCVZQTi1Kb25hczEdMBsGCSqGSIb3DQEJARYOYXJndXNA
b29wZW4uZGUwHhcNMTUwMjIyMTM0OTAzWhcNMzUwMjE3MTM0OTAzWjCBrDELMAkG
A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
VQQKEwZvLm9wZW4xGjAYBgNVBAsTEU5ldHp3ZXJrIFNlcnZpY2VzMRswGQYDVQQD
ExJWUE4tSm9uYXMtZ3ctY2t1YnUxEjAQBgNVBCkTCVZQTi1Kb25hczEdMBsGCSqG
SIb3DQEJARYOYXJndXNAb29wZW4uZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
AoGBANtxjesSatCpp29mgD9EzUiVminDFdYuZuo2wkSFvwPfzcYpVHyZoi4mf3Dp
X9jcBst5TZ9s/OLjUMGed4h3W2WJsels58m8fKm2HirlgTJsoZhEdM2nf3vyDIcl
+e0uMJ1qXSVIhILLOJ2Fyo443owlj/nzUPw9V4y4yXMvg8ZBAgMBAAGjggFdMIIB
WTAJBgNVHRMEAjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQg
Q2VydGlmaWNhdGUwHQYDVR0OBBYEFFrUMhulcYJAAB1A8xgplPBNFHjNMIHbBgNV
HSMEgdMwgdCAFAICrgGCpqZF+koQTRhp8JCH9B0boYGspIGpMIGmMQswCQYDVQQG
EwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoT
Bm8ub3BlbjEaMBgGA1UECxMRTmV0endlcmsgU2VydmljZXMxFTATBgNVBAMTDFZQ
Ti1Kb25hcy1DQTESMBAGA1UEKRMJVlBOLUpvbmFzMR0wGwYJKoZIhvcNAQkBFg5h
cmd1c0Bvb3Blbi5kZYIJAN8aOZJGFGPvMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsG
A1UdDwQEAwIHgDANBgkqhkiG9w0BAQUFAAOBgQBrWgFfm2neZBrsS0L0wBlBM1c2
lVBLbDLPMv2NPR7dGsDK6WxXI1EKvqVejIc6U5Ho8+VbldrpQSUmXQ06nwcUvp+p
2U7oU4LEOXVjFiJobyk9SnHtvVPchIZXpZN18G71+jGW6XmeS5w+LpFGOrIXtr0E
A6snza8PZqs+GzLbgA==
-----END CERTIFICATE-----

17
CKUBU/openvpn/client-confs/jonas/gw-ckubu.key Normal file
View File

@ -0,0 +1,17 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQICD/000w6/2YCAggA
MBQGCCqGSIb3DQMHBAj0c3QKF6N/gwSCAoAHSua9v8RQvKZJV7LAvoRIwhtVbgLH
Yt5QOREISVUTu+wJHL5d9CQGOS5OAdDkxVQrdDmqJMUzyEQZZysYpaVFCHKgqaGz
UxURznrGug5xLSmt+30IooAcvELwyPRq5cwwD3//NQAonN3mAZQe5fkcHCFHjAZL
qo30yLD19xoGPaBU9mR7uRMILoRD1NbDF4a+juPfc0JxJdCYUHOBV5aR4Bf495Fd
z5Pa9zVRIlsLwPqYEUv2SpwmlifrIGAVT4sDMy4fM/z8DwuSIiSH6ay9FEvxPyVy
Em5WhLJ8yj+ZYC9PSWlzhTqKYLCAMCoOx8Nr+1P3p7vlNrxtJuHWX0bcBNP7BSk1
Emeu9Nwo9miTIPdqN2t7nSoDf4vt8vY/RGyLD9Q9M7TPNCB9NqqIE/M44PuUP/oC
1JnLJkfrZl06SSk1TC9cBacmziXjqgYZGyCDPgwkjeDB18ZY2/U/woUZcHuz8v6X
UGuLL4hyi08V1EGIdmtIse28b0cU8eXyFPG2C5gMANzMPfqpcxMFA9gz8r8qkD8F
sqjKvPgVQXTowO0HtB2c89/rkoF0E3T1GEdPxo7xX0gfK/WwwkQyX2hVwotu0pPD
JFEXAGTE34/Pg09Qg8jaOaewMmqoM7UVxHz57SmxHyH1y/B5+5VVoRER2RHym23l
hj7q60UGDIRE3ckIt5JEB4Pl0u6im+7SYXMWgqkq0zoUTBcK6WXFAiJZ8rxqJLka
Qx4Y3HnYDPd2Cqd80XPjQ4FMM2TQROv3+7t8b2mVaoE/mUAIcY228DLag036HcK2
SOWWLrA7cMcbkiDjCaovZoALKKyDnyBQD9AioxSbbYEdcWIjyJDYB2Kw
-----END ENCRYPTED PRIVATE KEY-----

21
CKUBU/openvpn/client-confs/jonas/ta.key Normal file
View File

@ -0,0 +1,21 @@
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
3e1e6a6db0e098d43da080f87c6bcf9c
6259d4439e5caa74289b3bcb0931e07e
b3170b66ffd4b242a7aa58ac2ce19cca
09652d59ff49a3e2b4ce570078186820
66434fe8cee219da9cdd10e99091de98
b2179eecf24200e5fab0c47fd268aa84
711ebb8ca7cf154ce331067c8822eb56
b8cf0cf1d20439deab1c83369a52f670
56633c2c49865d8c20c77975834a57cb
faa66bf71e704c6a80863ca7e626308b
9e460dae6cb6ab87ce3a088c257120cb
48f04f3103e7c5bff04c26efc57fa300
fa2c43faa67bf1da9569541110a6860d
329b06934e0f157fad54dfc64ab5568c
0b116ca80f9edd7fce35103facf0e6ff
b34c00b297ffe4e3a63808c2172f84e8
-----END OpenVPN Static key V1-----

29
CKUBU/openvpn/client-confs/kanzlei-kiel/ca.crt Normal file
View File

@ -0,0 +1,29 @@
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIJAP5ZrV6+kAU+MA0GCSqGSIb3DQEBCwUAMIG0MQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEZMBcGA1UEAxMQ
VlBOLUthbnpsZWktS2llbDEZMBcGA1UEKRMQVlBOIEthbnpsZWkgS2llbDEhMB8G
CSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlMB4XDTE3MDYyNzIzMDc1NloX
DTQ5MDYyNzIzMDc1NlowgbQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4x
DzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3
b3JrIFNlcnZpY2VzMRkwFwYDVQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQp
ExBWUE4gS2FuemxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29w
ZW4uZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFxAf/gwUw+PD7
xYRGHHmYzbjP/hl+cx60qwGZYbyitlIGIZ/0EjzSxyvL47EAB0gBHWuSofYD2L1d
k9mYKLbBCAk+VdV+O1rPuE3DSc/T01vEEhlqYGfm6iTgKTLeIWFaPE4k5rNgGM+F
A0LZXdWnH6/xj7Vp55UWl/G7/rzptKY9XTdBuV8pqFl1Cvs0dLlFG8JMyrl0ozEf
w8cI8dyLsTSZWBEOEAaQQmwOE8WEPXwAhgXDzsQfXdMsKJlfMgM1nOlflux0AftE
0Hi+jgTV9uvcjssOetpyf7fmsjvLwsoEIrgZcYK9cUtpO/sAuvDIo/cgbV3SBNIP
68jXrrmvAgMBAAGjggEdMIIBGTAdBgNVHQ4EFgQUToIeFIHrm8hxLLEiaJC/7tnU
/9QwgekGA1UdIwSB4TCB3oAUToIeFIHrm8hxLLEiaJC/7tnU/9ShgbqkgbcwgbQx
CzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEP
MA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRkwFwYD
VQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQpExBWUE4gS2FuemxlaSBLaWVs
MSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGWCCQD+Wa1evpAFPjAM
BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCxLfN8SL5ANfwfU0OKi0MH
cXlk2czIC9pcfrMaVp6gWgUKEqmNAC7NOqv8rN+fHXmfQhQ58s7SDqEJgYlfpwyW
mAIT6D72NN2z8t4iYhu48R1fV+Ml7g9LfCtSOpJXezpzylKvNKAQL7QYOYsfZN1N
SCIDyf9Ub65GLDiWmi3nrOUBlYO0yFddJ3c1MtU3aUAucMZGGGwORtEswqVzMcw1
ZbQppHcWiwJ4nFNmTC6d2nct1ELrv2ckaaPT+HazFHVtiqkQ2yoYQwoZhjZqOAPp
uxIR5f7mS9PtugPSuvf4aftN+7DZq6otfTEmOoIoN0dznV60Jc8xTQkzHuNRjwVi
-----END CERTIFICATE-----

138
CKUBU/openvpn/client-confs/kanzlei-kiel/client.conf Normal file
View File

@ -0,0 +1,138 @@
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one. On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
;dev-node MyTap
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server.
;proto tcp
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote anw-kiel.homelinux.org 1195
topology subnet
#push "route 192.168.82.0 255.255.255.0"
#route 192.168.82.0 255.255.255.0
# Choose a random host from the remote
# list for load-balancing. Otherwise
# try hosts in the order specified.
;remote-random
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Downgrade privileges after initialization (non-Windows only)
# user nobody
# group nogroup
# Try to preserve some state across restarts.
persist-key
persist-tun
# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN
# server, put the proxy server/IP and
# port number here. See the man page
# if your proxy server requires
# authentication.
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
# Wireless networks often produce a lot
# of duplicate packets. Set this flag
# to silence duplicate packet warnings.
;mute-replay-warnings
# SSL/TLS parms.
# See the server config file for more
# description. It's best to use
# a separate .crt/.key file pair
# for each client. A single ca
# file can be used for all clients.
ca /etc/openvpn/client-confs/kanzlei-kiel/ca.crt
cert /etc/openvpn/client-confs/kanzlei-kiel/gw-ckubu.crt
key /etc/openvpn/client-confs/kanzlei-kiel/gw-ckubu.key
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-server
# script in the easy-rsa folder will do this.
ns-cert-type server
# If a tls-auth key is used on the server
# then every client must also have the key.
;tls-auth ta.key 1
tls-auth /etc/openvpn/client-confs/kanzlei-kiel/ta.key 1
status /var/log/openvpn/status-kanzlei-kiel.log
log /var/log/openvpn/kanzlei-kiel.log
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher x
cipher AES-256-CBC
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
comp-lzo
# Set log file verbosity.
verb 3
# Silence repeating messages
;mute 20
pull
#up /etc/openvpn/client-confs/anw-km/openvpn-up.sh
#down /etc/openvpn/client-confs/anw-km/openvpn-down.sh

99
CKUBU/openvpn/client-confs/kanzlei-kiel/gw-ckubu.crt Normal file
View File

@ -0,0 +1,99 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3 (0x3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
Validity
Not Before: Jun 27 23:24:59 2017 GMT
Not After : Jun 27 23:24:59 2037 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel-gw-ckubu/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:cb:3a:12:41:57:f6:08:8a:9d:c8:f2:7d:de:eb:
9a:0a:05:44:82:28:16:30:bf:be:20:50:93:61:6f:
a4:ed:ae:61:dc:2a:4b:61:03:a8:c5:c1:86:c2:88:
34:66:c7:49:3d:61:59:e9:d0:88:d3:ad:af:8d:92:
c8:5a:ad:a6:4d:0b:38:41:b1:85:61:34:8e:94:56:
55:d4:05:85:02:5e:6d:cc:3d:81:26:1d:93:04:0a:
38:d5:c0:93:22:00:93:bd:dc:1f:9b:af:1f:78:1c:
f1:2c:b0:11:7e:4e:cf:62:8b:ce:7e:e2:bc:b3:8e:
af:a9:c6:cc:f3:40:a2:30:d6:a0:4d:9e:3f:54:5e:
74:35:67:3b:c5:78:ef:f5:9e:b1:39:fc:ad:71:13:
e9:84:cf:11:55:78:59:49:26:e9:1e:35:62:66:8b:
d2:f8:d7:19:94:31:5f:28:6a:69:25:a1:f7:c7:23:
82:d3:48:e9:58:2d:b9:a7:8d:41:6e:dd:3b:cd:27:
16:bd:6c:4d:7b:35:62:fd:b7:5a:90:ce:bb:6d:31:
c7:53:b0:df:aa:08:eb:69:d5:11:c6:66:58:8d:02:
61:79:bb:a0:fd:fd:8d:5f:67:26:8b:a2:d6:09:e5:
78:e2:f0:7a:2f:f4:98:ec:98:7a:a8:5f:f3:64:c1:
82:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
19:56:3C:B0:C3:18:52:DE:13:D0:D0:A6:B9:FB:E2:71:73:EC:63:2B
X509v3 Authority Key Identifier:
keyid:4E:82:1E:14:81:EB:9B:C8:71:2C:B1:22:68:90:BF:EE:D9:D4:FF:D4
DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
serial:FE:59:AD:5E:BE:90:05:3E
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:gw-ckubu
Signature Algorithm: sha256WithRSAEncryption
bb:0b:05:a8:4c:67:80:ce:29:fd:b2:8f:9a:e9:3b:e4:40:9d:
9d:96:27:46:0b:4e:cb:0e:48:9f:4e:78:b4:fe:5c:93:f2:54:
c6:55:c2:18:7a:b0:c9:6f:f5:8b:a5:e6:87:0a:0d:75:23:6f:
cd:a2:32:d6:89:39:ad:46:3c:27:e2:cd:5d:8a:6f:7b:6a:43:
65:60:9d:9c:22:a8:34:52:a7:29:f4:c4:ba:65:18:86:70:6d:
82:09:d5:b1:4b:7d:f4:1d:5d:9f:a3:89:36:6b:62:7b:01:ea:
41:76:4e:22:b2:8e:b9:b7:70:e1:9e:76:d8:f9:f7:0f:67:1f:
fc:cb:71:4a:af:aa:60:91:15:f4:df:52:2b:c6:1e:3e:63:87:
cd:86:1f:52:fb:73:9f:20:d3:77:20:41:c2:fc:b7:34:93:6e:
8f:6f:55:3f:9f:e9:17:1d:23:63:84:d1:55:94:bf:b8:9d:46:
f4:d9:bf:1c:09:99:b4:dc:d0:b1:65:d0:3b:d6:94:8a:fd:78:
c4:b3:d9:52:24:6d:88:56:f9:ff:bb:d9:c3:c8:0c:3d:b6:60:
ae:5d:2c:3a:79:2d:fc:3c:46:05:a1:9d:e7:ba:07:f7:f2:48:
88:1b:21:36:49:72:9a:e2:a9:6f:ca:84:89:f6:83:ea:0d:b1:
d1:95:1f:16
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xNzA2MjcyMzI0NTlaFw0zNzA2Mjcy
MzI0NTlaMIG9MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
aWNlczEiMCAGA1UEAxMZVlBOLUthbnpsZWktS2llbC1ndy1ja3VidTEZMBcGA1UE
KRMQVlBOIEthbnpsZWkgS2llbDEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9v
cGVuLmRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyzoSQVf2CIqd
yPJ93uuaCgVEgigWML++IFCTYW+k7a5h3CpLYQOoxcGGwog0ZsdJPWFZ6dCI062v
jZLIWq2mTQs4QbGFYTSOlFZV1AWFAl5tzD2BJh2TBAo41cCTIgCTvdwfm68feBzx
LLARfk7PYovOfuK8s46vqcbM80CiMNagTZ4/VF50NWc7xXjv9Z6xOfytcRPphM8R
VXhZSSbpHjViZovS+NcZlDFfKGppJaH3xyOC00jpWC25p41Bbt07zScWvWxNezVi
/bdakM67bTHHU7DfqgjradURxmZYjQJhebug/f2NX2cmi6LWCeV44vB6L/SY7Jh6
qF/zZMGCZQIDAQABo4IBgDCCAXwwCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYe
RWFzeS1SU0EgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBQZVjywwxhS
3hPQ0Ka5++Jxc+xjKzCB6QYDVR0jBIHhMIHegBROgh4UgeubyHEssSJokL/u2dT/
1KGBuqSBtzCBtDELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UE
BxMGQmVybGluMQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2Vy
dmljZXMxGTAXBgNVBAMTEFZQTi1LYW56bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBL
YW56bGVpIEtpZWwxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZYIJ
AP5ZrV6+kAU+MBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDATBgNV
HREEDDAKgghndy1ja3VidTANBgkqhkiG9w0BAQsFAAOCAQEAuwsFqExngM4p/bKP
muk75ECdnZYnRgtOyw5In054tP5ck/JUxlXCGHqwyW/1i6XmhwoNdSNvzaIy1ok5
rUY8J+LNXYpve2pDZWCdnCKoNFKnKfTEumUYhnBtggnVsUt99B1dn6OJNmtiewHq
QXZOIrKOubdw4Z522Pn3D2cf/MtxSq+qYJEV9N9SK8YePmOHzYYfUvtznyDTdyBB
wvy3NJNuj29VP5/pFx0jY4TRVZS/uJ1G9Nm/HAmZtNzQsWXQO9aUiv14xLPZUiRt
iFb5/7vZw8gMPbZgrl0sOnkt/DxGBaGd57oH9/JIiBshNklymuKpb8qEifaD6g2x
0ZUfFg==
-----END CERTIFICATE-----

30
CKUBU/openvpn/client-confs/kanzlei-kiel/gw-ckubu.key Normal file
View File

@ -0,0 +1,30 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIgzdhh+GFVpkCAggA
MBQGCCqGSIb3DQMHBAhQnYHUELQpXASCBMicbtCdvVEgK+pV8reDVVuacqqeIwQV
OIa/MCryNPukqS0P10WT6SLzIN2c/A3jVAmHbm+E5Zvk6bX5LmmAIClEulVnZsbV
qeXz/jlbKBZAj4hYVmvUfKMQUj99Hnn6JdGfEgvYauQIzhwujHvAyV7kfXufEQxj
kUrE5U97HPfbVj4f2kUNNcLU3gSX91ILoO5lGDUcTpceYQXO00EI0ftsdHp+qKgc
7kJ/ntt779n72r99BaFMXZ5V/DSuQeNvKE98+PIRQF1ffDW/aJZq1B1MUJC83esO
VC2Fxg3ZNRNTcyQXC2MzQ7ZLkQWdPOsElcZ1NDqrEXUQtbrVfNCjuFvPPNeorld0
3uLFOytLv0OTc/AMDmEFGMap8XmWBK4g63Rhi3WIwxECYp6+s7uFu5VC54poD0Fm
aerMKnVadW9FbH69Oe5+hfhRlJ6N/H5Wp5XMCl2ttzSFcZhiiufuTjaxUgAF2vLP
xKtrQAIQkOZJabeGrJR8zzIN/FsziWh8xHbnl3aO6gXS5SDpIypBADEvc2aibEAC
DhJkCasUTzETpZVdRfBD2CHXk0krg2HHo3HUyw8nb4aZg9EbbMiLK113hWDCr2z3
evhJzaTdZUvJlgNGTcLOd1ZgLpwXIil4r54LsT4A1skZ7CNgO1zVzxo/sBZ9V5J/
PMdhTmPeqFXwHp6cA0+Cr4r0oqEBbJ0OjjwtXA8RvbTDBkKi3Bq0YgudSoJ6mgt/
SwlsiL+FFQWnhhgWMfXXS7qEzTgHgkBM7AgupJYo2VqU/pcLOxSvbLs35MMj2cij
Bj12/78AqHDGEwlAhyD31ndTC4Lbpy/VcBcDi7RByXPgHH2R79qXuS1WQJD5Y2CT
UvkCFLCz+zlxyMFzRhJ+rTXPiCQTwtrnMRYmZTR+YyPa/nJcXJ5OH7aq6ypuP50C
IeeBci5fEuiBqEH1QPmUx/ByMXVhybxUnuN0V0u4TtJJOzQrXKDz3tulklVBFFp2
MFTU+20jAMxVmVHz03fCORZSjKShubS8AJR823lXXlW0CtcwErRqjyJyxk4svnJ9
bRENRA+5G329kCxGm04AO4po+NCf1w08wRTJsTE9GRzDKu3i27J5jf8SxfzbCX+5
isjOyhEgnTkM3fMWRk9t4ZSsKIg+BqwtwYQJq1AI6Now3FhxfGt+0jfO43jBOa8u
5LnTO9uZzJL1Go0LjsFS2kL6MGQ6wYtsG0Rl2KpUtuzZgph7BHbxUMYY1UUES8tp
S1fC9u3NIb/E4179WHzle5wBbUEZtHXxbfWzIi9fwQSKgJ3LPsjaVEjPknpzy9Sv
sfZKsef78D9XynCAyqP4GU1nvpLaZ8+SGPiuvXc1kjHgrUm06stmvXG4Tsxiv0Ag
aORlceD+G4tUms67AkeBWTZ+wTKukN6dfgbZqQxSC6ut0JkkDdoMOdSAl2E88XXj
/vJHw4YdaKsCuxcL7nVIX4fiL8E8Vr/haqmaj9xBvkXorqtpPHWiyn4+aW1ZVONe
1+kioFYClC3faJTQA1oFPfUcq38HNtLtHHh4e/JtjnYH2WE4C3vZCkEnZ60KwVh2
7S/Sc7lu5UEyCkiKudCfX59vWRpxrzBcLy6rlncqtpWtipQjBLU24mihofJvKRBO
qAg=
-----END ENCRYPTED PRIVATE KEY-----

3
CKUBU/openvpn/client-confs/kanzlei-kiel/passwd.txt Normal file
View File

@ -0,0 +1,3 @@
key...............: gw-ckubu.key
common name.......: VPN-Kanzlei-Kiel-gw-ckubu
password..........: uoziengeeyiephu5voh7eothu1Aex8ar

21
CKUBU/openvpn/client-confs/kanzlei-kiel/ta.key Normal file
View File

@ -0,0 +1,21 @@
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
36188fa3977457d267ecae99373870f5
ef6e44a8899d4f5ccc831e9d2dbc31ac
e171c7e8e49e0d2edd43c3834a2d0099
236aa4924c80971b0a34310eb69b70e2
fbe85a7395cc10bea13ad09efa46d738
f594c332d26c068b289ba96bbb1f661d
efb873b76137057a62b4e27b522cfce6
aef7ea67ec2540b00b4782780352addf
2f7722d1edd40a8f3de3b0295e2da07e
b46d196a4cbfd85e47739dc320af6584
eb960e2c5ba27bf2f56381f8eb3ceaf7
cc72d829ab05aaca6fbb205b78606ff8
cc58bc336adb644adfb0034f9974b7d9
f2b1308249cd74ecb555a550af6af1ad
b15a3f03ecef5f89fa70d2fada97a1b8
6179b0d487a6e3196209d053597a7416
-----END OpenVPN Static key V1-----

258
CKUBU/openvpn/client-confs/mbr/client-gw-ckubu.conf Normal file
View File

@ -0,0 +1,258 @@
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote gw-mbr.oopen.de 1195
topology subnet
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Try to preserve some state across restarts.
persist-key
persist-tun
# Server CA
<ca>
-----BEGIN CERTIFICATE-----
MIIG1jCCBL6gAwIBAgIJANEahjl9dpJcMA0GCSqGSIb3DQEBCwUAMIGiMQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMH
VlBOLU1CUjEQMA4GA1UEKRMHVlBOIE1CUjEhMB8GCSqGSIb3DQEJARYSY2t1YnUt
YWRtQG9vcGVuLmRlMB4XDTE3MTIxODIwMzc1MVoXDTQ5MTIxODIwMzc1MVowgaIx
CzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEP
MA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRAwDgYD
VQQDEwdWUE4tTUJSMRAwDgYDVQQpEwdWUE4gTUJSMSEwHwYJKoZIhvcNAQkBFhJj
a3VidS1hZG1Ab29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
AQCxgVOFpm61twgXerJYeVjTi7Kv4R/aOxh9UCXqjJN6cfR2Dhj5CX07fIf7Ed0S
8s+xBrwl3PZXACiz3CkTP7Zygw4TtYyUuTvvjzfcJfE+hv7SeYxOU/YYVlznGbqC
o8R9uNJYKeKEJnX2oo9RnR3Q10d03twKFlm50Rv8L4Oi502Qo5gaeLMP2D81rz4o
UcEVWU1PtnblkV7ARQOR0QF77ea3UwM5pnBxD0UnsaH4tJc7MwDSUxaDaiUZ9ecE
sJ0+ZaTrsgB//kbF3iB0cjBs1/Qfz8vgQMVpOax6lckZZ4WKwdo3iOckglvjh6NU
SED6H8ru2p6bmfyqjMMzpj4AQw+BYFQhDuXQpx9d5vyxS+fjW1qDVGG84Ahaj6pf
XdznK5BXygnyItcD5Q4ZHQdz1GqCL1LdcNXiurWbSvUYLlIpotMxePEmncv006hx
YvbLzjvsAGfsbs2gnx9IxCi+sPiFacWvpYolVdd8l67kDAihG8iokTR3wpHM6Xe6
vD49xDnd86rRSn30dDgxsWSI8lyh15akAhzS2dUk/8aX7lIcpFNTPBJHppXalrsx
4wuXAR/78v2eiLpdORBerzIYjgyzcpsZZZe85BrkhKi3mgu1tJZMH1yhRKvgUhnu
K1HF8AgBi63YTvari6R1HiTtKXZqaxlJ4d3/OwIjvcxa5QIDAQABo4IBCzCCAQcw
HQYDVR0OBBYEFGHocrkyEFyjv6enWR014LS1UYD7MIHXBgNVHSMEgc8wgcyAFGHo
crkyEFyjv6enWR014LS1UYD7oYGopIGlMIGiMQswCQYDVQQGEwJERTEPMA0GA1UE
CBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcG
A1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLU1CUjEQMA4GA1UE
KRMHVlBOIE1CUjEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlggkA
0RqGOX12klwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAdTsZUi6m
BS0MqhTwPmCF2bjFOwFs+oHpEIRKwBQXSFJfOysFl6RPgn9PlmsGmNmn/2gH7GTN
YMjPjnlArRZTVhcULG7IsabXCAgWIXcxwYciCmtFAse15kda/EUohP2yG4EIJURK
cUCK/fer3Blh63t+K0/Dq9eWJ4bVrfLoYp+Fl+ciomQhQXz9pZrgGSvDZLGg0upi
zGPsrEJHT+zPcJfQunZHXGF36eq5uWMuB83WYhvE8rNwz4OIDhLlongt2Lf/gWP7
rpVlDzNarOc2tl800C3/UePtAhEr4Nr3UYcbV7Nb063o0nGklxIr3FE5jMkzOj3p
q8Lyd+wHqPG18ysXaSbyCAjXSOQ4OjIOz1tPC3QabycNkrV4QGN6KlJypfJ16P7t
2ui2HB1bfX9wbwXOHxjDlx7mssaaygI3+RVB5yjJGJs286AO+YInWul6T3kPAZNn
EXhjZz8fOjRsaKR4dVZfI6/zzyg7vv++iNQ2/yNe11Bcjo5jwpuKZyFmmFpj9xoL
0uCOJnnHrhqIfy/LVTH+b9K3UQDgBHd3InFKt/Uy1rMNyBbH0tcnj2PZGct7Mg2G
vIgjygOKrYJytFrVtHFw2xKGIW40ohy7JzXTPjTFUj2q5GtVcGLIBiryOlTz3bsv
s4eV4pJgMrNqR14qsRN3HvAvf4DLigpuYR8=
-----END CERTIFICATE-----
</ca>
# Client Certificate
<cert>
-----BEGIN CERTIFICATE-----
MIIHOjCCBSKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBojELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1NQlIx
EDAOBgNVBCkTB1ZQTiBNQlIxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Bl
bi5kZTAeFw0xNzEyMTgyMzMzMzBaFw0zNzEyMTgyMzMzMzBaMIGrMQswCQYDVQQG
EwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoT
Bk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEZMBcGA1UEAxMQVlBO
LU1CUi1ndy1ja3VidTEQMA4GA1UEKRMHVlBOIE1CUjEhMB8GCSqGSIb3DQEJARYS
Y2t1YnUtYWRtQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC
AgEAx/Q0+5i0lCTsMpXtQfxqi/OWcGOgWG50lqapVshmCOXKh5JT5bWRYqpumOYB
T2VLprpWnurVCkksKO5U/rMISRxmKckThTgyG9GJLkw9we8gXxXGHfdfSo1mnY48
9J3+pp7r+C3OSVGceBv1IGvkVRRAS2jL5IKi8TBE3YSbvPQ0Bm9CHAWXtDKE85a0
ocj++z26WvmuCnl5mYbs39LwKbusYOzEQN+ffuTU24PKQk5R32YqxOiCxQr9kgi8
m9CUtO3BVgF8hJBUXVc2tiDu/3QhpcafDi/nf4rLr7mlJs808BTwU8gw2aP+vnqe
yTrKcv+wTl1D2lyhy3WVErctPJG9tijr0B/2cnAdeqf8Xh+fBysZNdV6m8u4jA3l
oht6JnFqbRtpmUh9YQEfGm4WJ3F/BJopPvZRa5+DZYKFYySdFjtxiJmXO1E9dT1F
2/fBUVQBdgOqHYLccySPVYDy5CFGu0VuKdl/bCqB+KNzlQi3DF0R64DGMJfF8NsW
14+SmmdwytcYyE0LEQU4vL9Nit+pZbKbrMU3nXgMoArAiKRShS4ceJOl2koNOAmr
ZezesJ7f0L5IArjlk7HzhxTNWq63AG/NtRMQtJzkdlihV4OVE0Guya/N8SknZXPp
TZnWLCn7Vq3FiPRHw0ieLD6bUvYuqEk4JWW/brwZMKBEpeECAwEAAaOCAW4wggFq
MAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBD
ZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUyCmYxdwfXdP9ZsTs9RHh/GYg+XwwgdcGA1Ud
IwSBzzCBzIAUYehyuTIQXKO/p6dZHTXgtLVRgPuhgaikgaUwgaIxCzAJBgNVBAYT
AkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMG
Ty5PUEVOMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRAwDgYDVQQDEwdWUE4t
TUJSMRAwDgYDVQQpEwdWUE4gTUJSMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1A
b29wZW4uZGWCCQDRGoY5fXaSXDATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8E
BAMCB4AwEwYDVR0RBAwwCoIIZ3ctY2t1YnUwDQYJKoZIhvcNAQELBQADggIBAKaX
0hCwrna+rQvUBQ+RKIYBjThRjNu0cSm6OZIgVqhdhqOKe3CU2SwpzIiEUv2vgN9w
aa38VffKa9J94bYqxBVCNTQvV6hK3dVbsmiVFRXVWkGwtOl0DPb+UPooX7qtdWY8
+6jvUXz6rhOZl0KFrX1Udl06VwZrG5+O0ioZnBpTEqTy+nNHG+QffThY4RMxk4fu
9B63i0bW3dCHV/Us9fsJnxN+TqslLmRnRyVmdFqB69t3jv9Ru1OncC6bF7eHBOmX
P8E91Atr115FVVjZXeZ7+NDpN97oqMX9Bf2OCXu/HjEQIW/zvoFScWkf8FPLjKV2
/ms4X7H5ZDxNumkaJB3DRDPyKrkvJZQ8HqhcMKo7qPFLnBGORad/fto+SAJoBE2v
Ie2h67vU4Wr3qQILebkCqLkYYdE9W02CAZcZ+2O0BZCtrs1HbGDIIt5CfqkrxulE
8opGS53U8A+CXuUcOdPRrdz10/7o76chJfEciOQ1UaHShtNe5g04/SDn1UQuWltv
YhcAZmrOUbzIY8FWFLJ0XwCMFc1m0rABskQGEDjb3UL66cgOIrUg1lDlKGZpi51c
4eqTfuR1dk+wtwWgNU78UrIgPDw1TitA/aDRaugymPUnVeM6/CRqNSrlEU+QmIVf
2VSZXxkvk0sFPh/1h5Hk86tezdb6ucm+3ow3HcCd
-----END CERTIFICATE-----
</cert>
# Client Key
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIoJKekP1ZYoMCAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECHiPXCkPcmkMBIIJSBkqxukBibbl
LdkzjsRmpDCFmPbmEzu/YKmXCMqSbgnEp0Ny2/05sWH2x7DDfZHC8IkzSZb6nqz3
G5AenJ6wZhPhtVEHFJaiVkJv0pIGXpGvqVsXimDSBWMnIwBFUfzrKSOu7Dhiw7Cx
1KdGgfoISh/BTLF2UAJjRqIL/Hw0nlqungeXV46twKFW83fBwxJBMj5HwfHtkTqN
yXOoRLOFJHwYAn6qqBw7n/pJyb4XzOqmmPqC8S96WPQwTCUDlJCSg6AGpobEfxQx
KFreSVCyQadyFSO3C8jGIOsP+55j7sk/GwABYx9iZ+hPiH1uBhhDNzLpnDbLsrgf
chvpMoftpmgZxxd6bFbWdhZGhWKSGivmujfaAQySc8+w9ejjpCiHg9oEBsm78whh
UcxXNrbfVpj4ivZm6K+BoM710imeQu22t/SNeO7S6Mko9Weu/8vlg3976H8E58PG
NwseCQRyVKmIC1i8EuKbYt4Fr66YTkuv+OGdqmvTPRe8aMQOgEFU3NaoQ5rHBfma
24NZoy/Hk1QXYSkCIc6izJdv07u44ZK2X0LGGiETin8lmCmyrph+iP51Hl2np8gk
5PiHAVcnhuSrBP9nVOZ6XFbBFYwItTdtlkpSfJBYlNnEHK2gA6wIF8dQhQE3VXS7
H9F3MdaJx7qVRy7qDwEG/ONBDX/QrU9cTom07TP1T7IHbqfF6koZE8fOEnwFPwpE
4sFuaRfrPdBDaE6jww0NLdAHC8eSdNgrHHVEUnwWosAldapfmj3JNONc+tJPYo4r
usMPPL+THX9UA9D7hxZ5wHz4fqyTlkK2bE0aK0euEaAe7tQ8+teYYEiO+OkRNQI4
yyHAX8b1jCaCOOMTeSHdV3gFhh8wmRsZqa4i1a4lWqeQlXKA9/Iq5Uk0ujNOSYMG
ttMyS7b38IvDCog9G1XYiSqH8DE/IzSi9tUbfUtqRX9jqUp9ZGlY0h8R/5I9oDKa
4IQRYAjktsJDi1dxYffQpWX0XeDZdlT6drhZv3OZHfTzX7pAI8TbEcu48tuI/JpB
zzI9/+yxF2hDNlecWYi8BP5vt5u58oiO+IEReFC1sPVssJSQisOJp1qNQCwgvNxu
/1heDohlurh5Ra3XtFddDVg5r92A9yuM5LZFGNA4VDZe8WzFOv9adKrZARBiWqBH
CG2KwL8o/psC37BT0SRCQd8iOHTlfMUIPd9j7WxfM1DcxywEcLCwtBjMXidVVIB+
YG58huH2AdEgm01f7UeJrd0RBCV4Lx58nNnnkBoTQXzP5KqpAHmSndsOy8dAUf4F
lk0zC1LARseF3r9eeFxNeMC+diQHzLOGLQNhyojlhA2/9FO546lOH3TLlBNgQ41w
CfhTRa5aU+w+OmYjkPEnhde4NzzSXEbFMjGQvt0rrn+6jFMQ/kDLSoJEHBEa+Anf
VAbVZThhy8JhkRrKpEht3sLUd/mR57Vrk47xZnV8uGBW0Ii28rRYdImHV3CGUys+
S6r5o5zLa1yRhz2hGQE8kpnu5HiF4Pz7svBp8FEiRLTxvTQ9D5MgdlXUHr5Ujaco
ivlm4WvXoNyji2FbWDVgscvfbOQgNnaQ5uY5g3rxC2PTCwNbTCGNLxYJbJ4zzkp+
NHS9xuV39AggXJpFpb6vl30NU4pQCLDTYpembdhNmIfgGo4DS1bMSWZyz9I1OkOa
rNtVWidyTgZd3I3v5r5weD30gb+D/aaCxSEa4CCp1e7Wbdjwb9tuj6bJsRlnAn/K
ucDfQzTlImshtBjtWG2C+dpRyTVLpo/49kQmHhXvr/OpDWv5tggrvEZ87gEvCgOA
KkPNFET5itNA3KkVX6fi9Lg4g94hwEqAUnKHFvhatMC6DYYXF2hnZLIAaXjCAysz
ubxOMEeyEYEBpGnWuWgK6uv+IgwYdA9+vca69upH19J9sxvdhUluRo4ghoH2Ufuz
gz1P852iCvVGsGgUgWsyRgEqylP726YxNyxBot8EZ8uUXVaUFs540nJRY85Sli4f
17WzMYKTgV+790XFUgYlV8K9wVL2qCcCPwlUS/sjLIUACnuiDucMT/3J9zQcssY6
3ka8UhMzaFGys0FQl1WwcXZ+gWtQJcF7R1nB8PCbUFt06+adyJaSrE4UTQAZYMM5
NS06CVaVBxhZDukAq9Rw/W1mnfkJTb9IHy3n/5RJqNzf0PXDe4CbXKqRDWx4aPbr
bklCRDCujoECsnYuTEdNbRawubCrt0uAAAudJkHQsDHJcjs1Uxr26duRhElsolJX
bkSOiarjckoGZG2k05aBkZq9HcOMNMHiGsia9/3TmEIWkuOxY+EVB/FHUdjeJA1F
1pI4phDz3rGYJOcWwMtW47P7vemKi7UXzfgCVW0wS/pxI5+PGUxq3NrxLz0TMdxa
lKAH18quz3tRaqlGNQ2d9NVEn17589JLS72OFROnK0tUBQevaVwP4MHwu5g/lz8h
C72U86jx1ps1N32y3SV5T/U0rch1PT9v8PO4kD3ojoMAjxXSe4Iv6gXaJSKmORdD
WHb7W2Tq7IWHRjUWWl0wVsqLyEfu9LAPTw688P17UWvK4fDQDvr0dOyMRSYNBTiU
YudmGZh0lphuEXnMmPgD5l06EmKbXzSIWwg1iMlOKQzENxTR5fr9ozvpe1KDqAGK
Fcd/QRNydHOJcLShwhX2ZTfVMMzoE3t5hizS7cbo3j+OYKJ30P4GFbXrEIj+c6Jd
FOT30UZWZ1lK+jFscJcKCZMDFvHVDk63pOLCdxxQlmovuaCjsdGXRh1mvtYyV+wE
kDCbCdjjlf5Qj8TwxNmKA9Rg5dlTIOSFALGM50YX3Iq/rwJahBOpirKXNcQ8/qoG
0sF+4jQyNQSMu6Y+9RKGBwPESZa05M9N0xbcAz+wFlOKBRXzioMRNoG5rOew1mTj
wgxpNTidqvnVE36gw0hYy1K8+jyYwFwdh+t++p+VQ3kctc1QPVgomouC8DY7UCNg
5wFFqm/lru87YJcsgrso6/fHvaTkA3toS5olRrmhq68hjISk1XArDm1vDo/hcvFX
L4MLrR/LpUCccUFV26NaNJuQdvpzBiGTwyetK1+rC5QtvNvfTQL/1WeKpbOpJCkl
2FqU9ZXvhJH4N3zxGf9LRkg/tQjYKLfDbvjZZzDnk66fJMK19FkuCm2uqeRQZHiQ
j3AScnn8S7SPYjaNkOxAmQ==
-----END ENCRYPTED PRIVATE KEY-----
</key>
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-serve
ns-cert-type server
# If a tls-auth key is used on the server
# then every client must also have the key.
#
# Don't forget to set the 'key-direction' Parameter if using
# Inline Key. Usualy , sever has key direction '0', while client
# has ke direction '1'.
#
key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
79d91376ee2c248cb615cd6291bf2954
a8e96540005b24814cf8b156c133033a
8d46114db5bb435551604fcb18c56b09
09750d641767657cebf8151735230e61
b2a9631cd7490ab824333b74e60e4cc0
c3fce42e7518bd6519347f7e111b9f61
be2682407cd8186c2c9b03987a6d0fd0
52599e30c6e2214cd9734f442e4d9a34
62e1dc096e13a894538798a94b2e2d54
f1c5bd884fe95aefdd919a96cdbf8f1d
c60a65e7b59990a11324fa1960b8cb3f
ac2fc846d6860e50f7b35f83eb6b791b
d59707320a80e639b2226c2d16830757
f7d29d94fd8c5fe1ab8c939e394d2126
bd880494edfa929b03b894c6984890c2
8e1ab55c781b17828ec1d4126a9736e2
-----END OpenVPN Static key V1-----
</tls-auth>
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
cipher AES-256-CBC
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
comp-lzo
# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 1
# Setting 'pull' on the client takes care to get the 'push' durectives
# from the server
pull

22
CKUBU/openvpn/client-confs/opp/ca.crt Normal file
View File

@ -0,0 +1,22 @@
-----BEGIN CERTIFICATE-----
MIIDljCCAv+gAwIBAgIJANdEFItVo9+IMA0GCSqGSIb3DQEBBQUAMIGPMQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczETMBEGA1UEAxMK
T1BQLVZwbi1jYTEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwHhcNMDgw
NTE5MTMxNDA1WhcNMTgwNTE3MTMxNDA1WjCBjzELMAkGA1UEBhMCREUxDzANBgNV
BAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAX
BgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4tY2ExHTAb
BgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GN
ADCBiQKBgQC1RgTR9sLzgKQW/1iSnMYgrl0OIc9KUxg4lwnA0WcMTPk5iQrX6guV
BAP6gTzf23qd1mwXqJDGIYaeA7D4KI3kKZdM6vCtKPZ+E2d4j8Kt5JzWAdy2fXVg
75PCqY2KWfkAh8EGlxmGeSQCuDGqVeiL+ekbp0hx7M57Gst5yxN44wIDAQABo4H3
MIH0MB0GA1UdDgQWBBThTcNr9HyBexayzG0kbMrdm5NT4zCBxAYDVR0jBIG8MIG5
gBThTcNr9HyBexayzG0kbMrdm5NT46GBlaSBkjCBjzELMAkGA1UEBhMCREUxDzAN
BgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4x
GTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4tY2Ex
HTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlggkA10QUi1Wj34gwDAYDVR0T
BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBgKYEcUleLw/trPJbbeI/s0ZKRGVki
nk7jY7+k8qa88FqrTP3V7pgGnWunINBgTBxM1dH/H4p8DXiIGWJrY7KCddIJSA5J
JiX7UJBXFQDXflP+MhqIdHfGjd37djMqUD2//WLAKuahxNSuf4L9FfoeNGghlYKX
Y/hjEv3y78V8QA==
-----END CERTIFICATE-----

137
CKUBU/openvpn/client-confs/opp/client.conf Normal file
View File

@ -0,0 +1,137 @@
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one. On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
;dev-node MyTap
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server.
;proto tcp
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote opp.oopen.de 1195
topology subnet
#push "route 192.168.82.0 255.255.255.0"
#route 192.168.82.0 255.255.255.0
# Choose a random host from the remote
# list for load-balancing. Otherwise
# try hosts in the order specified.
;remote-random
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Downgrade privileges after initialization (non-Windows only)
# user nobody
# group nogroup
# Try to preserve some state across restarts.
persist-key
persist-tun
# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN
# server, put the proxy server/IP and
# port number here. See the man page
# if your proxy server requires
# authentication.
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
# Wireless networks often produce a lot
# of duplicate packets. Set this flag
# to silence duplicate packet warnings.
;mute-replay-warnings
# SSL/TLS parms.
# See the server config file for more
# description. It's best to use
# a separate .crt/.key file pair
# for each client. A single ca
# file can be used for all clients.
ca /etc/openvpn/client-confs/opp/ca.crt
cert /etc/openvpn/client-confs/opp/gw-ckubu.crt
key /etc/openvpn/client-confs/opp/gw-ckubu.key
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-server
# script in the easy-rsa folder will do this.
ns-cert-type server
# If a tls-auth key is used on the server
# then every client must also have the key.
;tls-auth ta.key 1
tls-auth /etc/openvpn/client-confs/opp/ta.key 1
status /var/log/openvpn/status-opp.log
log /var/log/openvpn/opp.log
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher x
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
comp-lzo
# Set log file verbosity.
verb 3
# Silence repeating messages
;mute 20
pull
#up /etc/openvpn/client-confs/anw-km/openvpn-up.sh
#down /etc/openvpn/client-confs/anw-km/openvpn-down.sh

73
CKUBU/openvpn/client-confs/opp/gw-ckubu.crt Normal file
View File

@ -0,0 +1,73 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 27 (0x1b)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
Validity
Not Before: Sep 20 11:41:43 2013 GMT
Not After : Sep 18 11:41:43 2023 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-gw-ckubu/name=VPN OPP/emailAddress=argus@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:97:a7:33:b6:32:9c:b4:75:af:7a:7e:54:53:25:
cc:06:7b:f9:e0:93:3f:2f:9d:83:d2:ce:49:27:ed:
da:35:19:fc:a2:40:67:52:db:8e:ba:42:42:13:74:
73:00:eb:97:12:ad:e0:5f:8e:de:59:ff:c9:d6:8c:
27:a1:95:28:0e:06:5e:ae:49:29:3e:97:60:3a:76:
b4:f0:e4:11:0f:c6:07:fa:e5:42:0d:e8:82:d0:71:
38:a0:07:a6:aa:20:45:7e:d9:78:2e:66:53:8c:10:
77:44:e8:49:57:50:5c:33:85:b0:88:61:1d:64:aa:
4f:0c:bc:b2:1b:b0:5c:6d:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
3F:A4:2B:57:0D:33:62:CA:48:8B:87:19:C6:1E:15:A6:31:A6:FE:6B
X509v3 Authority Key Identifier:
keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
serial:D7:44:14:8B:55:A3:DF:88
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
Signature Algorithm: sha1WithRSAEncryption
20:73:fd:0e:d1:64:95:60:ef:19:ae:dc:e6:e0:38:c8:f4:aa:
fe:1b:89:a6:ff:ed:b2:36:ec:1a:38:08:5f:53:61:c6:b8:7e:
c8:fd:82:6d:69:b3:92:bf:ad:40:4e:7e:d1:b3:c4:21:5c:d6:
6e:eb:ea:64:51:e2:3a:49:d0:4b:49:dd:ca:9d:4b:ab:a5:b1:
1a:82:ff:7b:0d:44:10:91:1a:11:db:ae:8f:2a:88:8f:d9:ce:
a9:56:e6:da:8a:ba:27:0d:44:4b:2f:70:da:c9:34:cd:c8:19:
79:93:d5:45:16:49:7b:53:7a:83:3c:14:6b:09:71:bc:5c:58:
e8:cf
-----BEGIN CERTIFICATE-----
MIID9jCCA1+gAwIBAgIBGzANBgkqhkiG9w0BAQUFADCBjzELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTEzMDkyMDExNDE0
M1oXDTIzMDkxODExNDE0M1owgacxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
ZXR3b3JrIHNlcnZpY2VzMRkwFwYDVQQDExBPUFAtVnBuLWd3LWNrdWJ1MRAwDgYD
VQQpEwdWUE4gT1BQMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCBnzAN
BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAl6cztjKctHWven5UUyXMBnv54JM/L52D
0s5JJ+3aNRn8okBnUtuOukJCE3RzAOuXEq3gX47eWf/J1ownoZUoDgZerkkpPpdg
Ona08OQRD8YH+uVCDeiC0HE4oAemqiBFftl4LmZTjBB3ROhJV1BcM4WwiGEdZKpP
DLyyG7BcbcsCAwEAAaOCAUYwggFCMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAW
HkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUP6QrVw0z
YspIi4cZxh4VpjGm/mswgcQGA1UdIwSBvDCBuYAU4U3Da/R8gXsWssxtJGzK3ZuT
U+OhgZWkgZIwgY8xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNV
BAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNl
cnZpY2VzMRMwEQYDVQQDEwpPUFAtVnBuLWNhMR0wGwYJKoZIhvcNAQkBFg5hcmd1
c0Bvb3Blbi5kZYIJANdEFItVo9+IMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1Ud
DwQEAwIHgDANBgkqhkiG9w0BAQUFAAOBgQAgc/0O0WSVYO8Zrtzm4DjI9Kr+G4mm
/+2yNuwaOAhfU2HGuH7I/YJtabOSv61ATn7Rs8QhXNZu6+pkUeI6SdBLSd3KnUur
pbEagv97DUQQkRoR266PKoiP2c6pVubaironDURLL3DayTTNyBl5k9VFFkl7U3qD
PBRrCXG8XFjozw==
-----END CERTIFICATE-----

18
CKUBU/openvpn/client-confs/opp/gw-ckubu.key Normal file
View File

@ -0,0 +1,18 @@
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-CBC,4CB95F5C6DD612B2
Nw2A/U2PvM2266HmN6E58eFsPDSAFKbtiM8FLA1D20R3TDhzGETcv0J3v5iQFRMp
oeBthXWiNOvT0HfU4cjhR5MPs3gmLN+OF8U61kCRf9767Smp8zaXdRwgQ4gOMM63
DVQZhNlY0MaeX5IS2HKvO+gZ/DAUDTU/lDnVSe11bAibzmDwbQXZ4eV2gP8dH2/n
nYKWagqqUjU90HpxkFO1XQgQ3ShGUoTB2v6UYqi6NhvH7Jz/0IN+eTHHPbPr2CXw
CRm9bFQbKchp3N6V5oHhY5RO3KgNa/w+/XoxjJZ3bBeCjZeFgeNMDkKC0YnTCz+/
+hO6sgHM5I5oYYEvvZflKg7JMBSY/w/XyfWQTh2FLOvcJDh85ozU/JeQ7EbNaiRt
ZF2TaMHbcmKSdyoW5VL3iRirq93nbpFl6wUFuifKobLniqT/rjwiSvirqoYds2S/
sDn19aC/DtOxTXXqp3ReRvBQ56CL4exROHTYrHjh6ECvofdiWoO/tjZrcbtpsIla
v6nTqo/FMvetbvLPoRfzfeoXIzH6q8fBJ7M10L/AGdbAEW0x5VyMTceHhn/rvdWM
EPIewbUDKb5WQm2nPxST540fvUMizScGrKVhJbA/2uMtsKjN1G0cF0yPUouK9itW
1ChqDPJWZJegXNcwcVHHX8hIDCcpd/sFFKVlGDThPmDv6LQ2mgy1nkIDslvsRyeZ
j40+xfwhXQ49PnGLndkBT4MtvxR46Zt2PH9FFPC18EGDoces2Fv8IKjGVlZpd9uO
W5D1D69vwgYVFV6E7ZMWF9z/mY53ci0VSMnRjVh3R2rTQjqXypDCDQ==
-----END RSA PRIVATE KEY-----

21
CKUBU/openvpn/client-confs/opp/ta.key Normal file
View File

@ -0,0 +1,21 @@
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
ff2b7b56af351769ba703f874d389327
2e8fed8405df740d51d58eff3eb25af3
d6de19376333a9b05aa72f8b90124bbf
5ea3085029070d28952a1fe9baa392fc
4865bd5dbc58a4ccfc373d2ce772a217
17f099df7d2354e404ae7690cbc50002
151667c2af583705bd3896327917327a
a8b2c9073e58b7deabb3ad04336170b9
6fcce57b50827b0f393b7d1f0a7f6299
d15140e46f6108983234eb53b0a6d56c
6ce3815bc7f5ec9f52bc7eb680562b4f
1241f1378b774491ca817b56f1d5ba09
c25e8a4dff3610c60e4f9f3c306c15af
8a70829075343f2ab24d61560804c78a
dda39ceb12e11a0079b59dcb607166e5
567cbf1dc83c2f32f8ce1cb4576c12df
-----END OpenVPN Static key V1-----

29
CKUBU/openvpn/client-confs/ro/ca.crt Normal file
View File

@ -0,0 +1,29 @@
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgIJAMlUrtE4JKkVMA0GCSqGSIb3DQEBCwUAMIGvMQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEYMBYGA1UEAxMP
VlBOLVJlYWNoT3V0LWNhMRUwEwYDVQQpEwxWUE4gUmVhY2hPdXQxITAfBgkqhkiG
9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xNjEyMDIxMjQ2MzlaFw00NjEy
MDIxMjQ2MzlaMIGvMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYD
VQQHEwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBT
ZXJ2aWNlczEYMBYGA1UEAxMPVlBOLVJlYWNoT3V0LWNhMRUwEwYDVQQpEwxWUE4g
UmVhY2hPdXQxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ/Xi+e76pcPgW/mq45tSezbSTlH
qnNmNf82uxgobSdQNKoNm41CJh/W8qjfaGAjLyuIwbPAyRCjxt1WeL9vje0mMd5P
GVNMZsc2c72R7Yel9La51tWoDfkYjU+uQVUjPo12RTnAQwPRAS4q2riHIu+OkAzZ
QnEEy1CC/spLqWvDDyaY2vEKWldFyIdCxT1wV/DJUESriCHoz2fgM5stslgbd3Dj
qHsObhhlGdAI4aZ5KaAbDNk+DyiWRWefTZ7POBcLmSQCYCfbq2JXvt7ZtEt9KZM6
RUpfPaAC2HXt+m2+zTSBhpwm6WN5MxJkQg8Po5mgVYPSVifsy2UjHNWKsVMCAwEA
AaOCARgwggEUMB0GA1UdDgQWBBRf3ZvIHiBrLarJsif7fOv+3181ezCB5AYDVR0j
BIHcMIHZgBRf3ZvIHiBrLarJsif7fOv+3181e6GBtaSBsjCBrzELMAkGA1UEBhMC
REUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZP
Lk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGDAWBgNVBAMTD1ZQTi1S
ZWFjaE91dC1jYTEVMBMGA1UEKRMMVlBOIFJlYWNoT3V0MSEwHwYJKoZIhvcNAQkB
FhJja3VidS1hZG1Ab29wZW4uZGWCCQDJVK7ROCSpFTAMBgNVHRMEBTADAQH/MA0G
CSqGSIb3DQEBCwUAA4IBAQBaFsB+tMuVX7/Yj8yGngmA3raqK2kPsyPzIDGMSgyZ
lBkjaCIG2+VogDlJhdr4qg0WGVhtLwFdUhVlMdzKhmQFvH8BVEYcJRjinlJ4j6/5
V6eWaVuY2uc/tfOz4vuMLSj2LFIPMjjPlGthUm2M+LITMv8yS27Ww2/5iD4B37vb
znbJkY0khWK/oDNVvabVm/XNLt18vzmtee4XiCQoZEgnCgh7M42icScjNwPVGJx3
co4BQk0M0yO1nnwdtLMKDRTX/FpNv2mztvh4qa/Xm74imeFFtY6WfX+jIxHdMrCX
F4AosN0ktKNj+jFja4Vbhk+r2rME2llSsrrdr3E5JrLy
-----END CERTIFICATE-----

137
CKUBU/openvpn/client-confs/ro/client.conf Normal file
View File

@ -0,0 +1,137 @@
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one. On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
;dev-node MyTap
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server.
;proto tcp
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote reachout.homelinux.org 1195
topology subnet
#push "route 192.168.72.0 255.255.255.0"
#route 192.168.72.0 255.255.255.0
# Choose a random host from the remote
# list for load-balancing. Otherwise
# try hosts in the order specified.
;remote-random
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Downgrade privileges after initialization (non-Windows only)
# user nobody
# group nogroup
# Try to preserve some state across restarts.
persist-key
persist-tun
# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN
# server, put the proxy server/IP and
# port number here. See the man page
# if your proxy server requires
# authentication.
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
# Wireless networks often produce a lot
# of duplicate packets. Set this flag
# to silence duplicate packet warnings.
;mute-replay-warnings
# SSL/TLS parms.
# See the server config file for more
# description. It's best to use
# a separate .crt/.key file pair
# for each client. A single ca
# file can be used for all clients.
ca /etc/openvpn/client-confs/ro/ca.crt
cert /etc/openvpn/client-confs/ro/gw-ckubu.crt
key /etc/openvpn/client-confs/ro/gw-ckubu.key
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-server
# script in the easy-rsa folder will do this.
ns-cert-type server
# If a tls-auth key is used on the server
# then every client must also have the key.
;tls-auth ta.key 1
tls-auth /etc/openvpn/client-confs/ro/ta.key 1
status /var/log/openvpn/status-ro.log
log /var/log/openvpn/ro.log
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher x
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
comp-lzo
# Set log file verbosity.
verb 3
# Silence repeating messages
;mute 20
pull
#up /etc/openvpn/client-confs/anw-km/openvpn-up.sh
#down /etc/openvpn/client-confs/anw-km/openvpn-down.sh

98
CKUBU/openvpn/client-confs/ro/gw-ckubu.crt Normal file
View File

@ -0,0 +1,98 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3 (0x3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-ReachOut-ca/name=VPN ReachOut/emailAddress=ckubu-adm@oopen.de
Validity
Not Before: Dec 12 19:50:59 2016 GMT
Not After : Dec 12 19:50:59 2036 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-ReachOut-gw-ckubu/name=VPN ReachOut/emailAddress=ckubu-adm@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:96:37:a7:11:5b:b5:7c:04:77:d3:a1:6d:fc:88:
ba:e0:b1:83:32:0b:29:86:7e:7d:40:5e:79:cc:5f:
35:09:fb:8d:3f:7d:22:4f:7d:ed:c9:4b:73:fb:cd:
e2:eb:14:cb:95:29:67:c6:53:c4:81:01:72:e2:9c:
96:6b:a2:a7:3a:08:dc:29:7e:8f:fa:37:73:21:b6:
49:7e:1c:c0:31:f6:34:0c:94:62:f5:57:a8:00:8a:
b1:28:82:f6:4e:a9:c1:64:d3:aa:81:57:d4:9c:6b:
5d:9e:15:cc:b7:b8:a0:a8:00:68:c5:f8:22:c3:26:
db:18:df:da:91:96:34:37:71:8b:d1:cb:e2:1b:52:
27:db:22:57:23:fb:ec:46:79:5e:67:eb:c5:05:8d:
5f:dd:b0:b9:b8:df:6f:c0:5e:ca:69:7e:66:d1:d0:
63:b1:28:eb:48:82:94:c2:94:8d:95:19:47:3c:ec:
08:43:e9:4e:36:b5:31:5e:a6:5c:b9:92:e9:ef:a5:
3a:5d:aa:78:f1:44:4b:53:78:27:85:9b:09:19:ee:
7d:d7:ec:bb:73:a8:02:e6:3d:01:71:c0:c1:07:ba:
2a:f3:11:b3:c2:52:f6:aa:f6:08:2e:14:8a:b2:25:
df:bb:d9:a4:3b:90:2f:0e:ec:37:cf:0b:6f:cc:23:
ad:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
EC:45:15:E6:92:4D:CA:CA:4E:6B:7D:D3:52:18:00:A5:92:69:24:1E
X509v3 Authority Key Identifier:
keyid:5F:DD:9B:C8:1E:20:6B:2D:AA:C9:B2:27:FB:7C:EB:FE:DF:5F:35:7B
DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-ReachOut-ca/name=VPN ReachOut/emailAddress=ckubu-adm@oopen.de
serial:C9:54:AE:D1:38:24:A9:15
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:gw-ckubu
Signature Algorithm: sha256WithRSAEncryption
8e:58:7f:4f:ff:32:4f:22:e6:98:95:bf:2c:a8:d0:c9:54:1a:
0c:58:4a:d5:11:b6:3d:d7:8e:c2:84:36:9b:4f:c3:0c:e5:b9:
f2:40:7e:e1:93:7f:28:b6:61:c6:f4:96:f3:82:f3:be:22:e5:
7f:b7:ea:3c:09:b7:ad:db:28:0e:79:ab:03:c0:38:c3:ae:cf:
85:91:d1:6d:6f:b5:c5:97:c5:72:5e:87:7a:f1:bc:9a:39:4c:
ae:38:e7:9a:6f:8c:ad:7f:37:12:e3:4e:38:63:04:da:20:dd:
d0:77:7e:66:93:8f:a3:0d:a0:1d:67:69:7f:3a:a0:b8:47:56:
f3:a6:e6:9e:5d:5f:ac:6e:3b:fc:df:2b:9d:31:d2:11:0b:a9:
3f:17:ef:9a:2b:9c:af:dc:b7:ba:46:5e:d3:77:dc:52:f3:25:
b6:52:c8:ae:ab:48:8b:4d:8b:a2:25:d3:80:f4:76:88:31:18:
4a:f1:03:39:1c:30:d1:1b:ee:ec:6d:c8:2e:42:98:56:10:a2:
a8:94:16:fa:c7:eb:84:6d:4b:d9:63:43:3d:cb:66:7e:81:47:
80:90:4e:d6:ae:a3:66:b6:08:6f:dc:46:81:1f:33:c3:89:23:
2e:f8:54:a9:0f:16:23:6c:e9:b5:49:88:34:bf:1e:42:39:42:
7f:f8:d6:89
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBrzELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGDAWBgNVBAMTD1ZQTi1SZWFj
aE91dC1jYTEVMBMGA1UEKRMMVlBOIFJlYWNoT3V0MSEwHwYJKoZIhvcNAQkBFhJj
a3VidS1hZG1Ab29wZW4uZGUwHhcNMTYxMjEyMTk1MDU5WhcNMzYxMjEyMTk1MDU5
WjCBtTELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVy
bGluMQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMx
HjAcBgNVBAMTFVZQTi1SZWFjaE91dC1ndy1ja3VidTEVMBMGA1UEKRMMVlBOIFJl
YWNoT3V0MSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGUwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWN6cRW7V8BHfToW38iLrgsYMyCymG
fn1AXnnMXzUJ+40/fSJPfe3JS3P7zeLrFMuVKWfGU8SBAXLinJZroqc6CNwpfo/6
N3Mhtkl+HMAx9jQMlGL1V6gAirEogvZOqcFk06qBV9Sca12eFcy3uKCoAGjF+CLD
JtsY39qRljQ3cYvRy+IbUifbIlcj++xGeV5n68UFjV/dsLm432/AXsppfmbR0GOx
KOtIgpTClI2VGUc87AhD6U42tTFeply5kunvpTpdqnjxREtTeCeFmwkZ7n3X7Ltz
qALmPQFxwMEHuirzEbPCUvaq9gguFIqyJd+72aQ7kC8O7DfPC2/MI61LAgMBAAGj
ggF7MIIBdzAJBgNVHRMEAjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5l
cmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFOxFFeaSTcrKTmt901IYAKWSaSQe
MIHkBgNVHSMEgdwwgdmAFF/dm8geIGstqsmyJ/t86/7fXzV7oYG1pIGyMIGvMQsw
CQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzAN
BgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEYMBYGA1UE
AxMPVlBOLVJlYWNoT3V0LWNhMRUwEwYDVQQpEwxWUE4gUmVhY2hPdXQxITAfBgkq
hkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZYIJAMlUrtE4JKkVMBMGA1UdJQQM
MAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDATBgNVHREEDDAKgghndy1ja3VidTAN
BgkqhkiG9w0BAQsFAAOCAQEAjlh/T/8yTyLmmJW/LKjQyVQaDFhK1RG2PdeOwoQ2
m0/DDOW58kB+4ZN/KLZhxvSW84LzviLlf7fqPAm3rdsoDnmrA8A4w67PhZHRbW+1
xZfFcl6HevG8mjlMrjjnmm+MrX83EuNOOGME2iDd0Hd+ZpOPow2gHWdpfzqguEdW
86bmnl1frG47/N8rnTHSEQupPxfvmiucr9y3ukZe03fcUvMltlLIrqtIi02LoiXT
gPR2iDEYSvEDORww0Rvu7G3ILkKYVhCiqJQW+sfrhG1L2WNDPctmfoFHgJBO1q6j
ZrYIb9xGgR8zw4kjLvhUqQ8WI2zptUmINL8eQjlCf/jWiQ==
-----END CERTIFICATE-----

30
CKUBU/openvpn/client-confs/ro/gw-ckubu.key Normal file
View File

@ -0,0 +1,30 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIX1f/p8SfdJ4CAggA
MBQGCCqGSIb3DQMHBAi+ldSjE0eLdwSCBMi3tzjN920KGtkWzX8EqiUpOrNj+HzD
i/AX1NgTAqOmLatuowdCBuezyBcNTE4YXqqbFZ5LMPi4/4cXP3LjfH3E5D1TMNT4
QcFzSYbgHkFVTq2ghxCIyWG06J5Z8dx30G+ANfcKt2t/chyCoFf7jaGVqjQaL4cv
AfKHgPpaVpGvbfW7st/ZzCwkma5M9OskuI716dmjLhhPpXry3HaFXOc0kGQk9UHP
rn2kM3tPSLnX/0fwMKedb433V6h5+w+H4tiiKMhfSY34XT11NGeZ/WYvV2Ew17yf
kNHGxewn0ad+dYcdPJVoW/8m64dOTy0opOa0eZyO1WByCqqtGnv5pkXM9tU2vEFq
87SD50oWQ2lM4Z5jYAyrHRrb0A5ErTTa7ZWSvq+GNid6G71kR8STYnH3PgFzufQA
14i/WqJ7UJXfv2/0xDsCr+1W0LIF6tnTK1B+08rDVTFatrLpTuVMD3vdYFBMCoF2
RQ0P8b45Ud9zbKYEr2tVIDH06OP/qW57IQu5yjGBelnUUQhz/cdfSCJOAKqxABfH
5PoYV01N+NISPMrToGiwl1v75WT/nTzFNwuD+Bj7jylQhXbkPa/1+LOFAoNAm3SK
U9O8wOm2gOwVMr4FrEfPIG6JjfIuXdSgEMDUnSnSqo/vBT4O7VcHFjAACkJQ1iQU
ZqE3LaojZrSyFRFGbTeQZd0nRTBqD/i91UwZdAZmMhFHFtbjz5b43WLIsYhIUL9s
0r8b6CuUS7BGvBGiLFsUhcSKc3cEWChjbQlaamViykk+dp8RluI+N9G97NCEnv29
HHjoH/1ixQlFGYlU7fnWZkKc1A/U9wog7J2Hw1DJPo1O35p7qkPlDhGJ/5d773U1
V/dAn59liYGB/u5m33Tig/SXULXgYxPFqB0lQGk3P3J+5BEHbsuaaj0BJpVFDgxH
1zCX01ctyGbRx/pSNQw6FmpgMRHZgnW2vnAM3LOiDlxf7tSwvD5AqWUZXOzj/uQf
hWPENVARorjj8aBhVdbeCerHrxhBvt96FZ4xG7460hgu9ZyXTV52fbCVJqcNo7dx
zFvXQ5KwLEv+nwATD40d4VV7pewIE3kokQ2FFb+3t2SJ9Cjd4sBU9duhrgpVNmjg
ODA/v+VCr1KNE52JYIZOFiiueyOq93r+Vlo/TRznqcrjB2nMbfTJRJt+Cl8+IRNm
3GjsZzHAGEg4i91YyKouFXm4pDl8z6oMa9jY7icq79uQMWCJp0SXLyyo528uKf4Q
MHQQrti/+/41yqNNdnw8XcQFL9FLh8YLCn9Kn7Er0C0XGrmFlcgC78ROi7XxClFO
a9dwJSlRgsDq5nN9oYRJI+gECHXOLoBtHiXNd8LXyjrO7IxhCcpq/xyF9QA5zxot
7QsXm9zfhGXp3kE3bJN7qO8yJgwUpcKRb8dL7LUcAJZEP5HkLyL0Aw4FSRfKUJ2f
Dq92Zee+yyvKxamIpVLZDCLhSHghMOqip1/r4Z50UrFhy+0yyjkzF+0Z8S5Rew9f
o/oNdZV8acDqYbzY1fDZN1ZHVIc+hf7vyVSxp4nyDvTusa6MxPw0C3fn8/qcv8qN
Ez2+K15DBtdzkOJXPUFaCPn/HHpl5++WI314o+8eci8E8Q8y36a1btFlr9vMw8hR
998=
-----END ENCRYPTED PRIVATE KEY-----

21
CKUBU/openvpn/client-confs/ro/ta.key Normal file
View File

@ -0,0 +1,21 @@
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
0d93f89ecf24cf310bd30e8319a142e1
4ebf7508a293db1392c69e7cd4079271
a27f9e64288772ffc7d6645cd7c7f5d5
0681237cff1fe4ef520d9b90609f053f
e4980b81c1cf14015ea0510114c4a71d
b0fac8f22a02fa4bb63dbfb90b094842
9ae86a022ee4f8ea344cfb89cb787fa8
79b5ac1178bcba8cc27619cdd5ba7a0f
46d11ea63d7a9fe1f1ff84d631124ce7
04ea9fd27add0e4462cc5a404227f0bc
533647d8412d6399010729d4dd4dbd6f
70d667a64ef8183d9db91ee13c5efe2d
3f559bf3c5bb0fce0010522dd61ee765
1b078eb55aea89a0c89f23ba7a6d2c39
b5ca2616e27001dfbf7e58065a31ad61
1d236dc8bff5873f97d0790df1de11db
-----END OpenVPN Static key V1-----

39
CKUBU/openvpn/client-confs/so36/ca.crt Normal file
View File

@ -0,0 +1,39 @@
-----BEGIN CERTIFICATE-----
MIIGzTCCBLWgAwIBAgIJAKuW4e7lOKjBMA0GCSqGSIb3DQEBCwUAMIGfMQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xETAPBgNV
BAoTCHNvMzYubmV0MREwDwYDVQQLEwhzbzM2Lm5ldDEUMBIGA1UEAxMLc28zNi5u
ZXQgQ0ExETAPBgNVBCkTCHNvMzYubmV0MR8wHQYJKoZIhvcNAQkBFhBzdXBwb3J0
QHNvMzYubmV0MB4XDTE3MDYwNzE5MTkzM1oXDTI3MDYwNTE5MTkzM1owgZ8xCzAJ
BgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjERMA8G
A1UEChMIc28zNi5uZXQxETAPBgNVBAsTCHNvMzYubmV0MRQwEgYDVQQDEwtzbzM2
Lm5ldCBDQTERMA8GA1UEKRMIc28zNi5uZXQxHzAdBgkqhkiG9w0BCQEWEHN1cHBv
cnRAc28zNi5uZXQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC+72M9
e5VDY9bQv0KXFOhYVP1JMojpyQitAmAtLJOBtPzrxRKHQgwk8RALOV5Vd25i3bWV
CsyIO7lBd3JXvETogcAgSuPYo2qlCvP6ja3y+mG0KcdV+VHfzOlsKjkrSTVpHbHZ
4eknnE9oNL6NEFNQ1qGBs9FO+E1l7T0MThM57pfXvh7EvHZRexyVDF46mr6Ko2S3
dxfW1vOD8ULzbIVACUODIh5ZM6+/OaxgFM5yda2o3NPUrSWIyQS/2cmHgMBqacH/
q1p72iwV1UHgr+8MV6MWQoxMcTpFbUkWCvz1TIOqT2DhX1FTVCjZ26FvRct++S15
unlHxO+Gr6xiP6dClTP/bUrQVvkK8lZBkIewF67xHlMEVjW0pzBS0cQi7BwKWzkJ
4GH24CY9QOnOalc0ORo1FY66VlJytQfPql8zPp9Ucx+KHFH3siSzY8IKACZSfh8B
1SaTMDcWvGvdpIG0/yq0po5kgQwDJVkmPU+lmqhQ3e+HA8tJ82P0EmBmtRNhKtZF
rGyIw9/k4h6Nr0ihUO1uxVJG1bbEVszpy+oT3EwCYo0WL+WSFQ/2h9Y+OUqljz86
SEI7dHxP8uj+w8V8ITRYSPrzv2iH3pwE35Vo2mPDEn9bUc0QrY3f+hL+n4e83bhQ
k9Z15cbplfyal/eMlgU1C7bv94anTRzsWEPkuwIDAQABo4IBCDCCAQQwHQYDVR0O
BBYEFNAuARkBJeMMa5jcjhFJT635LHFfMIHUBgNVHSMEgcwwgcmAFNAuARkBJeMM
a5jcjhFJT635LHFfoYGlpIGiMIGfMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVy
bGluMQ8wDQYDVQQHEwZCZXJsaW4xETAPBgNVBAoTCHNvMzYubmV0MREwDwYDVQQL
EwhzbzM2Lm5ldDEUMBIGA1UEAxMLc28zNi5uZXQgQ0ExETAPBgNVBCkTCHNvMzYu
bmV0MR8wHQYJKoZIhvcNAQkBFhBzdXBwb3J0QHNvMzYubmV0ggkAq5bh7uU4qMEw
DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAq4I1SRHvZSe1xBFsd79b
xVUlY3y743yDsSFJYbEl3E1tbufBuidQcfZlX5j5clHZt40DfZV1YniyWgaOBxOm
XqljVOIX1GaEPZiQlLWCbmOifEiTSa7BxFFZBRNO0PYe4vzJ6dp/lIUEApVK0S+X
QhXkNp1Xh7aYYNW46/1DHdwVhJo+tZlHkAYy+8m/xF5dWDDtxNkTNI3v2SPC8ujv
xgoHCJk1+dKZ26Y7BPv18hkw7LhrFlQeZraa1Dz6EDb/FIGcS0Caw3WMbOMiMuyD
gzKP75o7Brue46HcM5DB3j5Q5Qbgir/2NqWFoIv2062lbY34Vrkoihmz/daIj07T
1xFQ8qqk973WKUyxyZunKHfVaRCxG9KQN8/iDzaGJFWVo8U9PLsiIqyL9twdSu2P
zSQZMJ6GicdxAMIVrh58FneCt3G7bNmVLeSUpGTbGPrCbwtHFGhREADRA5PZ4NRb
5iB9+bQExqdTXyZozcHp7pp2dTHJU1yui6AOsOYyaGhFiOCzVE9KPLvhOTVGClQY
gBxcEkM4rr6T07roEWW0I/X0+pWx1wLsGp6x4dqypE3piGj+l9XMhq6GCWuS0Hwu
8CLoAWaN6I4jHjkwjKc8dEbm7PZw2/2rUqWEU2N+T3LCQSF1uTCC3TDmPPHapfwI
t104nf7W0IY4I64g+onavOA=
-----END CERTIFICATE-----

139
CKUBU/openvpn/client-confs/so36/ckubu-gateway.crt Normal file
View File

@ -0,0 +1,139 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 12 (0xc)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=so36.net, OU=so36.net, CN=so36.net CA/name=so36.net/emailAddress=support@so36.net
Validity
Not Before: Jun 7 19:34:49 2017 GMT
Not After : Jun 5 19:34:49 2027 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=so36.net, OU=so36.net, CN=ckubu-gateway/name=so36.net/emailAddress=support@so36.net
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:c8:bf:6c:c3:92:0d:dd:82:c3:89:00:5f:5b:8f:
30:ea:65:ec:35:72:f6:24:05:81:8a:ce:64:3a:93:
f1:ff:fd:9a:31:43:49:53:c0:3e:63:b5:17:81:50:
e9:7f:79:f9:b9:3a:f2:fa:df:eb:29:5e:2f:f9:ca:
aa:c9:07:56:11:59:6a:52:40:7d:1e:21:44:65:ee:
fd:e3:b3:e7:18:9b:25:bc:33:05:b9:b6:39:e9:0b:
20:75:53:01:db:78:3d:2f:bd:e5:50:35:ce:d6:23:
b7:d9:e0:d4:72:d5:8b:eb:17:9d:de:f6:58:28:37:
db:2a:fc:0f:b7:a7:b0:a7:a1:b6:b2:10:9c:39:96:
a8:28:54:da:e0:85:20:5d:1e:b7:62:e3:f3:2c:be:
c5:bd:8a:d7:57:6c:13:c0:cd:51:48:40:41:17:15:
79:1c:3d:0e:e5:66:9c:56:25:90:1d:69:5c:bb:a5:
c5:6d:14:10:e9:47:47:f8:50:09:a4:65:3d:c9:9a:
8b:b2:d0:5a:95:19:d8:b5:eb:2e:78:2e:e9:f3:8e:
6c:82:d5:d6:17:7c:ee:ef:64:8e:3b:97:8e:83:37:
63:ea:4a:f9:71:5d:67:fb:31:0f:76:c0:9f:e7:d6:
fb:4b:2b:17:5d:bc:46:d8:85:b5:8a:c3:e7:5a:87:
28:ef:bd:1a:bf:66:cb:9d:61:85:72:ee:00:bb:4d:
9b:03:a3:88:9e:bc:30:66:64:5a:a0:f2:dd:69:4b:
0c:39:aa:d6:fa:fb:9f:6e:81:18:f8:84:dd:c6:cd:
07:2f:0c:77:d6:91:9d:da:77:d3:e7:3a:c9:be:02:
72:91:2b:86:69:42:a2:88:c4:85:ad:09:de:d0:95:
e4:16:99:8e:8a:a7:41:a2:e0:0a:6f:44:34:6b:23:
bd:15:6c:3e:48:23:92:d1:be:33:11:b5:bf:79:cc:
f8:0e:5f:3b:88:8f:90:5c:94:96:d4:3d:a1:da:01:
2c:c1:de:91:fa:d2:e3:67:e5:34:19:65:7d:b7:32:
90:d0:d0:36:35:20:71:d6:b4:32:aa:c5:e3:9d:6c:
b1:f8:b6:d4:4b:52:16:dc:0e:b0:9f:44:e7:4d:1f:
ed:5e:fb:e7:19:b9:f7:b1:e5:ff:e1:ae:23:04:a2:
52:fb:ce:79:eb:7c:58:8a:b8:b6:83:88:82:08:6a:
92:25:80:ae:d5:e2:79:2c:c1:ea:21:e5:08:ae:de:
0a:69:c1:2f:5c:e2:8b:e6:4b:21:57:0a:be:d2:86:
39:de:e0:8a:c3:58:c8:ec:07:28:aa:3f:12:27:d5:
50:ae:7b:75:c0:b3:74:04:03:73:df:62:94:cf:d7:
49:ee:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
B8:AB:F9:BC:B2:A2:11:23:D4:3B:03:5E:59:B4:98:80:FF:51:16:DD
X509v3 Authority Key Identifier:
keyid:D0:2E:01:19:01:25:E3:0C:6B:98:DC:8E:11:49:4F:AD:F9:2C:71:5F
DirName:/C=DE/ST=Berlin/L=Berlin/O=so36.net/OU=so36.net/CN=so36.net CA/name=so36.net/emailAddress=support@so36.net
serial:AB:96:E1:EE:E5:38:A8:C1
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:ckubu-gateway
Signature Algorithm: sha256WithRSAEncryption
09:1b:bb:a3:38:8f:69:09:0a:00:b3:f3:4e:ab:55:66:c7:d1:
61:19:5b:a1:57:de:2d:30:58:31:08:a9:5f:c7:bf:7d:29:ef:
26:0b:54:98:a6:61:4d:42:d6:12:6f:4f:59:40:67:be:e0:14:
21:1e:ed:0d:e3:d4:9a:38:c4:a2:d4:c6:94:1b:c3:6e:a4:4e:
13:cf:7b:0c:66:1f:b3:f5:eb:33:d9:50:10:01:cd:eb:62:ae:
04:3a:d2:2f:16:e4:e9:b6:b1:1f:83:b5:21:6f:0c:72:87:60:
10:a8:84:66:e8:18:29:b0:ca:26:5e:63:ba:25:59:24:42:ef:
9d:5c:5e:66:3e:ce:72:ae:2b:a4:e6:bd:f1:8d:3e:dc:10:f2:
1b:e4:1c:d9:66:6f:8d:58:d1:6d:60:e9:75:21:da:dd:14:41:
87:d2:f8:18:05:db:9c:8d:7e:8b:d4:05:3d:3a:26:fd:a6:2a:
2d:73:47:dd:59:7a:ff:e3:b2:b6:59:1c:6d:c1:a8:0c:b4:d7:
bb:75:69:54:cb:05:7b:5d:be:ba:a3:8e:f1:d6:06:2b:85:23:
96:59:a9:ad:b9:c9:71:d9:35:cd:86:da:0b:f6:19:d3:c4:81:
5c:20:22:32:fb:6a:68:2c:12:0b:09:37:11:80:9c:b3:0e:16:
45:8a:71:63:fb:64:a0:f3:b3:c1:de:7c:33:eb:67:a7:40:f0:
98:bd:6b:d4:02:bc:4e:51:80:2b:cb:27:4f:00:97:32:51:f3:
b1:33:2b:bd:c3:f2:0d:6b:7d:95:5e:8f:b9:96:d1:43:59:d6:
8e:39:3d:fd:12:51:2f:30:bf:e1:d4:9b:44:67:0e:b0:c1:d5:
1b:58:28:11:4b:a2:a3:68:e6:ce:70:6f:79:9d:ac:ee:54:71:
67:dd:61:1c:97:9b:5b:ed:d4:ec:76:20:60:bf:e9:8e:42:a0:
17:e7:ca:38:7d:e2:0c:77:e5:6b:e7:cc:4d:7f:b3:84:2a:8b:
08:6c:8a:f9:d5:6b:b0:43:59:c8:8a:69:4e:83:c4:42:3b:d9:
74:3f:a2:ac:66:52:e4:79:69:6c:a2:0f:2a:e7:49:60:a2:14:
12:23:73:1d:31:65:c9:09:38:97:af:fa:56:8e:8a:ed:0f:1c:
fa:da:6a:7c:28:90:64:ff:e4:ff:7c:29:cf:0a:78:a3:25:33:
0b:9b:73:18:5a:7e:03:16:4a:ff:dd:ec:0c:c9:57:56:d1:e7:
e1:df:1b:48:af:cd:93:05:cb:31:90:f7:14:ec:c3:22:c6:4b:
3c:fe:a3:d6:24:cb:a6:dc:70:1b:55:3a:e4:29:25:0c:65:0c:
de:3f:83:5f:9f:be:61:30
-----BEGIN CERTIFICATE-----
MIIHLzCCBRegAwIBAgIBDDANBgkqhkiG9w0BAQsFADCBnzELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMREwDwYDVQQKEwhzbzM2
Lm5ldDERMA8GA1UECxMIc28zNi5uZXQxFDASBgNVBAMTC3NvMzYubmV0IENBMREw
DwYDVQQpEwhzbzM2Lm5ldDEfMB0GCSqGSIb3DQEJARYQc3VwcG9ydEBzbzM2Lm5l
dDAeFw0xNzA2MDcxOTM0NDlaFw0yNzA2MDUxOTM0NDlaMIGhMQswCQYDVQQGEwJE
RTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xETAPBgNVBAoTCHNv
MzYubmV0MREwDwYDVQQLEwhzbzM2Lm5ldDEWMBQGA1UEAxMNY2t1YnUtZ2F0ZXdh
eTERMA8GA1UEKRMIc28zNi5uZXQxHzAdBgkqhkiG9w0BCQEWEHN1cHBvcnRAc28z
Ni5uZXQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDIv2zDkg3dgsOJ
AF9bjzDqZew1cvYkBYGKzmQ6k/H//ZoxQ0lTwD5jtReBUOl/efm5OvL63+spXi/5
yqrJB1YRWWpSQH0eIURl7v3js+cYmyW8MwW5tjnpCyB1UwHbeD0vveVQNc7WI7fZ
4NRy1YvrF53e9lgoN9sq/A+3p7CnobayEJw5lqgoVNrghSBdHrdi4/MsvsW9itdX
bBPAzVFIQEEXFXkcPQ7lZpxWJZAdaVy7pcVtFBDpR0f4UAmkZT3Jmouy0FqVGdi1
6y54LunzjmyC1dYXfO7vZI47l46DN2PqSvlxXWf7MQ92wJ/n1vtLKxddvEbYhbWK
w+dahyjvvRq/ZsudYYVy7gC7TZsDo4ievDBmZFqg8t1pSww5qtb6+59ugRj4hN3G
zQcvDHfWkZ3ad9PnOsm+AnKRK4ZpQqKIxIWtCd7QleQWmY6Kp0Gi4ApvRDRrI70V
bD5II5LRvjMRtb95zPgOXzuIj5BclJbUPaHaASzB3pH60uNn5TQZZX23MpDQ0DY1
IHHWtDKqxeOdbLH4ttRLUhbcDrCfROdNH+1e++cZufex5f/hriMEolL7znnrfFiK
uLaDiIIIapIlgK7V4nksweoh5Qiu3gppwS9c4ovmSyFXCr7Shjne4IrDWMjsByiq
PxIn1VCue3XAs3QEA3PfYpTP10nuswIDAQABo4IBcDCCAWwwCQYDVR0TBAIwADAt
BglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0G
A1UdDgQWBBS4q/m8sqIRI9Q7A15ZtJiA/1EW3TCB1AYDVR0jBIHMMIHJgBTQLgEZ
ASXjDGuY3I4RSU+t+SxxX6GBpaSBojCBnzELMAkGA1UEBhMCREUxDzANBgNVBAgT
BkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMREwDwYDVQQKEwhzbzM2Lm5ldDERMA8G
A1UECxMIc28zNi5uZXQxFDASBgNVBAMTC3NvMzYubmV0IENBMREwDwYDVQQpEwhz
bzM2Lm5ldDEfMB0GCSqGSIb3DQEJARYQc3VwcG9ydEBzbzM2Lm5ldIIJAKuW4e7l
OKjBMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAYBgNVHREEETAP
gg1ja3VidS1nYXRld2F5MA0GCSqGSIb3DQEBCwUAA4ICAQAJG7ujOI9pCQoAs/NO
q1Vmx9FhGVuhV94tMFgxCKlfx799Ke8mC1SYpmFNQtYSb09ZQGe+4BQhHu0N49Sa
OMSi1MaUG8NupE4Tz3sMZh+z9esz2VAQAc3rYq4EOtIvFuTptrEfg7Uhbwxyh2AQ
qIRm6BgpsMomXmO6JVkkQu+dXF5mPs5yriuk5r3xjT7cEPIb5BzZZm+NWNFtYOl1
IdrdFEGH0vgYBducjX6L1AU9Oib9piotc0fdWXr/47K2WRxtwagMtNe7dWlUywV7
Xb66o47x1gYrhSOWWamtuclx2TXNhtoL9hnTxIFcICIy+2poLBILCTcRgJyzDhZF
inFj+2Sg87PB3nwz62enQPCYvWvUArxOUYAryydPAJcyUfOxMyu9w/INa32VXo+5
ltFDWdaOOT39ElEvML/h1JtEZw6wwdUbWCgRS6KjaObOcG95nazuVHFn3WEcl5tb
7dTsdiBgv+mOQqAX58o4feIMd+Vr58xNf7OEKosIbIr51WuwQ1nIimlOg8RCO9l0
P6KsZlLkeWlsog8q50lgohQSI3MdMWXJCTiXr/pWjortDxz62mp8KJBk/+T/fCnP
CnijJTMLm3MYWn4DFkr/3ewMyVdW0efh3xtIr82TBcsxkPcU7MMixks8/qPWJMum
3HAbVTrkKSUMZQzeP4Nfn75hMA==
-----END CERTIFICATE-----

52
CKUBU/openvpn/client-confs/so36/ckubu-gateway.key Normal file
View File

@ -0,0 +1,52 @@
-----BEGIN PRIVATE KEY-----
MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDIv2zDkg3dgsOJ
AF9bjzDqZew1cvYkBYGKzmQ6k/H//ZoxQ0lTwD5jtReBUOl/efm5OvL63+spXi/5
yqrJB1YRWWpSQH0eIURl7v3js+cYmyW8MwW5tjnpCyB1UwHbeD0vveVQNc7WI7fZ
4NRy1YvrF53e9lgoN9sq/A+3p7CnobayEJw5lqgoVNrghSBdHrdi4/MsvsW9itdX
bBPAzVFIQEEXFXkcPQ7lZpxWJZAdaVy7pcVtFBDpR0f4UAmkZT3Jmouy0FqVGdi1
6y54LunzjmyC1dYXfO7vZI47l46DN2PqSvlxXWf7MQ92wJ/n1vtLKxddvEbYhbWK
w+dahyjvvRq/ZsudYYVy7gC7TZsDo4ievDBmZFqg8t1pSww5qtb6+59ugRj4hN3G
zQcvDHfWkZ3ad9PnOsm+AnKRK4ZpQqKIxIWtCd7QleQWmY6Kp0Gi4ApvRDRrI70V
bD5II5LRvjMRtb95zPgOXzuIj5BclJbUPaHaASzB3pH60uNn5TQZZX23MpDQ0DY1
IHHWtDKqxeOdbLH4ttRLUhbcDrCfROdNH+1e++cZufex5f/hriMEolL7znnrfFiK
uLaDiIIIapIlgK7V4nksweoh5Qiu3gppwS9c4ovmSyFXCr7Shjne4IrDWMjsByiq
PxIn1VCue3XAs3QEA3PfYpTP10nuswIDAQABAoICAQCq510/Om6XcKXrUufb2RH5
2/+2mUK39AAPHhryS9Ww7ESDQBeDN51l4Vw7eZjwL/XMHkWSE2Pu+gK6FDJFpvs9
FfSQRdq+9e93IHoBir1pk1wS1xU+v8aZgiGGAL8KC1l79ZzuJoEKiaoR0XjMssTF
xntewDbZNoReGe1/m0Gn1OLmwYFe/cX3YBZfIrckz+usQwhZxagu767Y/Gfssl9K
tXk0n9FVmx29axgZtyzz/Sk3j69+Z6DmGQtKeUlcLdzmb64S85LKcRCv/6K2Kqp9
8XisAkScBn6cS+1TCnoHd/aWFnI6cxz9Gw1hOihohfu2SN9Bq/Jcj6i4lIO37G2J
+ImYSi5lku22e5lpWPkecBcPVxS7epnRHG67x9Dm2E2uVbIvtmEKt70Dkt89aVaQ
i6BujajwO4n4i/EOF/a3ZbWpNCHNsA2XOdSQtYKxQE8bREM7YZ8TzWMtiAftTxvX
NXuiTt8y+WT6bfQEs7MkW9509EMGYnH8HCtBCI/BE1Tpk9P1kgZieuj9WnNJqeWk
0gXKnKlStpf0EB5FRJelt+6xYbuGct096ro0VtXu4/+h3Az6PUXvQ65FYBCySLVc
xUpdjZvzzSOM8aUDzs8BJlN8XUhaQNwlSluxn5tkh5hRtKJsmpF6PH3Ms9HqNC3b
qjqwEfgaz0Vc9FxhWxNCgQKCAQEA+gMMFmFCNucF2hDoxd1XpxuTlU7DndHNpyb8
bZiQiR/OqcB67hGRUFZCLlj2BvZj08za7kTucbEuEUgc/zAmsDQRJuA+oOREBRNY
1k//vtROpEVPzwWgZqWF2BZQxlfcmOwAzUUc45Di6U6i3UtSbMdCLSRggB44bcBi
dxLagxwgZDgXwY23OiQWm33EO6LhzOAcUu4eYxYJIXSXtzzGYSP9kRxxnBuW1Mr6
ICyNXIJ7Yea1y/KErLzvwkuyGaNb5gvQ5gLFTAMr7Dgab8cHzrbHbg7nGO/t4Ydl
K89Ynl2UFSNn6Z9bhRfc+0NMVO2fpIRwWA3cmblNe/79lMnW0wKCAQEAzY5QRZ7g
AEWlIb0pwujZudVkuWK9MrPUDA4dsiTsGzT2lZw7I+DY31EKJjclTF4ZtYaCwzL6
DLoGP1MrlzaYMBcOSZ7aPGbrRWAa4vh5xUUSu9POnfYoEmSx/Ekf2L4EPC22Rw3u
yiXOONNPUgtfoYtGQMvB4exltya2P2spWmT/O4SffyA+GBGyJWdPwZCW3FoxX0Te
plILfz08ObwFFhE21Yk/dQynCsLz1o2gBF3lbqRG6s57L1AYZWrRBdqxkiygDe7D
XIzhU3FYf12IBLmL4Ax8GHGXkcNLcm0vndHX3LzeTCAsUWSIbs6Lma1qsnbG9jUs
v1rgCnWtTIJcoQKCAQAZeLgBi7UoTM8+0Vw11IA6qUeW/ahWauqt7f3n2JRZNCFl
EBQ2LxoD+lXRzQR73xx6lrNzdRhqAugzoIo7wZcfep6IvG4FDFyVu8vgQdRHh+/f
MqSX7fXSn2iMhHGEU61I8zp9r13rHXbQ2E8lhqgGJyLp4HvocavEGsatZQFYPERc
kY5yDNMvHEAlZWHZxZWFvwuDs3jrFXKmsu9GHu4DNZx+7Uvx4Km0Ul27a26Xjz+s
0MmS1smHo9Q1kmq5y/fv7yJAXOXnAae28FxZKQj1mY+l+eS3mLI+uQGovf5EXDpb
EPlkRvUXEUBVZRzgxjjulQOxJPBlxQhM6sTBJPM7AoIBAFaayz9J/N6geT6J0HqK
WJFvUwy4iTY/heu+VsyjucaMvgey10f6h+Uu47POMCzIyNQuZBGR/MA38EHl7Mu8
+MnqLN7fytsAEcgdAbb3MXbn70irqLXs7F0zh7nfpUdQZ8BjEhVFzYHmA8j1XsoW
eKg7YdITBxEE5KYR7V8y6y1muBJ/giOxlffWHNSdfoDzRlx4s6yL+7LfhnCJgEJi
8VGm1w+Iz++k8Qwbr1iKOw0b8np3RFnRvRzmBiFUq9Rnm8EWhCjam/z2bkkVzE99
PL2g30n6eJ5j3ZRQUA1Z62H285fRC2fPdlykmsb0xuRsqDOgz5sUNFI7G4HMqsM9
eYECggEAEgTE3vFElm1lwohqD9ipJ4BiIxyO7WwKcE6cMDf0gL6j/W1mO8V5LNmE
VZGICH0cfr/aNBczncT2GedAdUCyGYGM045tX+oR8jkHItzO0NqRV4owMH6EOOjB
NybTZqW0ojA9eF3azqxyYmsLTO+jFQ2GkMKAGZ2gNgHCzHiF+oszBubiiMd08aBE
chw0zyHJASJpH+o6CTMQ0soBgT01q7C7MmWD30lENdeFeZqDzd/tdSaDvAEZms4a
OmAQ36dqC9d8naP/3LexNt3uJuSXRIBnTXROYs0SVzXhvy97ib72ikcjiWOSyr+w
XSkDYBzAon2ExAAnOyVaHMd1Hjt9RA==
-----END PRIVATE KEY-----

138
CKUBU/openvpn/client-confs/so36/client.conf Normal file
View File

@ -0,0 +1,138 @@
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one. On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
;dev-node MyTap
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server.
;proto tcp
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote 83.223.85.170 1195
topology subnet
#push "route 192.168.82.0 255.255.255.0"
#route 192.168.82.0 255.255.255.0
# Choose a random host from the remote
# list for load-balancing. Otherwise
# try hosts in the order specified.
;remote-random
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Downgrade privileges after initialization (non-Windows only)
# user nobody
# group nogroup
# Try to preserve some state across restarts.
persist-key
persist-tun
# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN
# server, put the proxy server/IP and
# port number here. See the man page
# if your proxy server requires
# authentication.
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
# Wireless networks often produce a lot
# of duplicate packets. Set this flag
# to silence duplicate packet warnings.
;mute-replay-warnings
# SSL/TLS parms.
# See the server config file for more
# description. It's best to use
# a separate .crt/.key file pair
# for each client. A single ca
# file can be used for all clients.
ca /etc/openvpn/client-confs/so36/ca.crt
cert /etc/openvpn/client-confs/so36/ckubu-gateway.crt
key /etc/openvpn/client-confs/so36/ckubu-gateway.key
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-server
# script in the easy-rsa folder will do this.
ns-cert-type server
# If a tls-auth key is used on the server
# then every client must also have the key.
;tls-auth ta.key 1
tls-auth /etc/openvpn/client-confs/so36/ta.key 1
status /var/log/openvpn/status-so36.log
log /var/log/openvpn/so36.log
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher x
cipher AES-256-CBC
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
comp-lzo
# Set log file verbosity.
verb 3
# Silence repeating messages
;mute 20
pull
#up /etc/openvpn/client-confs/anw-km/openvpn-up.sh
#down /etc/openvpn/client-confs/anw-km/openvpn-down.sh

21
CKUBU/openvpn/client-confs/so36/ta.key Normal file
View File

@ -0,0 +1,21 @@
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
2123228b19ae0734476f0c93a174ce69
6a45377c25c0be0eee565817c8a256cc
a1c45878b98c45673289dce0f7d500e1
bcb35e7a873de37f3e35ec8c5f831052
359d725daa58bbebe00db87101e13241
3166eb7e9e34c3e6dc204c45e17d4521
d3ab157e9d991b992ed58855ddff1cfa
3f4f7edaf8c093f427e8b6fc27f0d783
d2c41272edcb23b8bcd9d0f9d298c6e9
38cef17f95c56186513a6e066bfc788d
14e56795ff0cd54da1726ded95e89b43
465a368fa0621388fbda13598190071e
81fb21d93c4864ae8d5754a05489f46b
6a03f3e07455e9db47c9f94a6223c7b3
27d969cfc9b2b1adacde7f374709a442
a4626075275ed4a1e07461ca4d0df2d6
-----END OpenVPN Static key V1-----

270
CKUBU/openvpn/client-confs/spr/client-gw-ckubu.conf Normal file
View File

@ -0,0 +1,270 @@
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote gw-spr.oopen.de 1195
topology subnet
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Try to preserve some state across restarts.
persist-key
persist-tun
# Server CA
<ca>
-----BEGIN CERTIFICATE-----
MIIGzDCCBLSgAwIBAgIJAMzhic2M9z96MA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMH
VlBOLVNQUjEQMA4GA1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
b29wZW4uZGUwIBcNMTgwMzE4MTM1NDAzWhgPMjA1MDAzMTgxMzU0MDNaMIGeMQsw
CQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzAN
BgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UE
AxMHVlBOLVNQUjEQMA4GA1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3DQEJARYOYXJn
dXNAb29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDU3Y3K
UW+th51pqc+MttFyQNVQ+TwGUFptpoES5KIDqXifbqQfTLNUch1us+C0e6qt6B/t
ZSotqwAqBgA9bT4ws02sMP2U7U0+sn+rxvb9H/6Q0H4KixfsyTTxqrstEphEE2aF
eC9L3Z4QlJuafsuUWIxT9LW1KnaPV5CIDz/cJZIO/Xc7/TRyiO0ylgf6+br2zAFH
Rm8Tnr1TDUm2ftB0ukG2wsmGhd/+lXPBrXWwC83NBYjFi0o9OZZmAUekyNWUTHQY
UJ1fLJAPLdpoVuxbV0BK6HQdpRvj4KyMBt/kEcGMXSLuAr1/848wI1EI8AuFyaZV
RQdnS6yHxZ4+Mi8YSdXEj+nb/SwBGxz9kmmVUQCTlPm/B4Y5I+3ivS9PxihpSwHo
zJkr8tr+xwfnFXSXB3wPdYu9rD8KmY3/uDYy9iWLg0/xW6keL4luDCVNjltMjc0x
03MOpv9cjN2eBwGyU2dHyyfDPSqSsQi9FZeWmgCzwJ0rL4WywDRc5paXbaWtzdqQ
98gVox7lFbmQIE5VoFc4VTKEIY9D/cLdmZpWzPHOn3vPEc5eAFKb5qZv2IlN420Q
CSCFJAb5orrIj9ALAIvFXfvTv5o7G+ZEvk4eMP39nK1ZXc6/cL7/IapPfy3/vUs0
tEph6pRHP39bcH9pxVAA7WkTS5ZEUshA7NrUEwIDAQABo4IBBzCCAQMwHQYDVR0O
BBYEFHHdskSE3v+RJciX4ZEOWD5SJZ+qMIHTBgNVHSMEgcswgciAFHHdskSE3v+R
JciX4ZEOWD5SJZ+qoYGkpIGhMIGeMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVy
bGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQ
TmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLVNQUjEQMA4GA1UEKRMHVlBO
IFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDM4YnNjPc/ejAM
BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQB1cA8o2Fo78xQ8jRdyfbvK
GFH8+SMoOh/8qxj9prk0kLYAro5QnzEBmftHhf3sXevEAUWpr77VL1FxhTXgKUp2
S06S/meC24M/KclxM+W/7AuG9yrJuW122l61OuWUcDWA24oj0KG896Mbw13ieeWS
7XmC1YU5Lix3wiWnjD7QZ+E4dg09z722+zwUi1UwRekzJZmB8pTHHmbX4Yig/K27
STnxQEiVZzlzcvjY6QvC3Sj/aA3YCSNl0bsSwH6GwXXJZ3BEKmm6w+ZRQMTz7+72
q0ybGf43XH4sj2OBm1YvCD8LehygPy2uJYlDxG8zRq2kxYxiWLbncs1x9Acusd7l
Te+k8YArRTqsWLN5Q47sGO4H1clz4ay80TTuz4Vc6JQ3banHDmMFV2nMsR2YtKX6
lKD3lXvMU04ZvZe2SolP1uTto3Jw3cNarigj/nHjn5s16uvy6Q3x4TyVUqyAOqrG
cuGrbYAEqtVnMrrovGZTj73HSwAx2PD+3jJKZH+suwBIijNL90wbkNlsNHlNcQeQ
zQAlYRBdCYWFU+7d86kUWYYrActGZc2MJmBZzZ/Tt7YoOIw6NMnWcpMMTUV+zToP
WWrD5OMDc7EX9BmMg7uif46UF6ol2puGXpQIF/yVRbFk1IiPwhc1ZyCuh+1ugh5+
CZSTeKgLDVjfXlqH1ErAvQ==
-----END CERTIFICATE-----
</ca>
# Client Certificate
<cert>
-----BEGIN CERTIFICATE-----
MIIHLjCCBRagAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1TUFIx
EDAOBgNVBCkTB1ZQTiBTUFIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRl
MB4XDTE4MDMxODIyMTMwNloXDTM4MDMxODIyMTMwNlowgacxCzAJBgNVBAYTAkRF
MQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5v
cGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRkwFwYDVQQDExBWUE4tU1BS
LWd3LWNrdWJ1MRAwDgYDVQQpEwdWUE4gU1BSMR0wGwYJKoZIhvcNAQkBFg5hcmd1
c0Bvb3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANmowNDa
f1Pz+ACS/w8DzUiRIu7i6yfteeWBnVTh4pF0wmmbIV6sq7nFXHefINYYju/szU5D
jqm1750YUPKVmJi7c+CNKkQt2kNa80qPENaZ50TuQAWjHgIgVC1IPpkjk/+2dIk4
rVKPwC0B2qolvH8lj1VXgt6ieRU6CwLCuB5JtvKbOEz0wCS2sCKPscz0R+/9jf+9
DAB6Cr1t4MkawJ7h3mn17N3tmfDUqyGr3hf8nvJgMFBTJsRLKcgdNEfDUGYT1cJ5
8rqNlBjssx24T2Kv/V72tvgv0Y88jDQLJIAO/swqWcYaqKHQAvvmg3zYfri10V9M
sExKswfEvGLgly+3EkMhPuEU9Jqi+c5m4awKGx6Ww0YgJJkhgHw+D8/7/EjiaXM2
sVwSWijStYRmf/LmYlS2Ts38MHAC0WjTd2j8iOB1a4djDv2jGSv0iq3zpv63I0FC
DqVqTWhzJGkMsUowk4AyWrnKNsMfC4ZHG2c8DThAAuKW/OOu+hamGAkUuNC6SYMh
GZus/VoPJudF5vp+5AkthAo/N5wPxIm/nWJXV8Nr9Cd24TIb7TeX6ESWCkZMs/O3
1BWxJZ93n5Pv6uEPlBp1bh5oj69F2vVm9kal8YmpO8jkuwzuwJgs7f300aiG+JJF
+Pz68w/5B170pguuybyq8UQNJJhYMyo9L9nBAgMBAAGjggFqMIIBZjAJBgNVHRME
AjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNh
dGUwHQYDVR0OBBYEFBNSxrpHA9HfrvuHjvuKZnTXkdN2MIHTBgNVHSMEgcswgciA
FHHdskSE3v+RJciX4ZEOWD5SJZ+qoYGkpIGhMIGeMQswCQYDVQQGEwJERTEPMA0G
A1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZ
MBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLVNQUjEQMA4G
A1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDM
4YnNjPc/ejATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEwYDVR0R
BAwwCoIIZ3ctY2t1YnUwDQYJKoZIhvcNAQELBQADggIBAEDGKiwnx2nlVB4VpK+H
4fE6KYLjqGCpZLliRxXD2V/zLwXt63hYGMPUxUmqq+nnQAIzbReOf4/3avwuaoMc
h8PGmbTdoZic5Qxu0FwN7f24eemYuEtC8R6jrLVHffuCmNX+n94T9Fw8dh5Z4BY9
W3JHr62y5CkRE03VTWgiu4nRluknwyJFYFcj8p8h6kt9qIoSpcaOTfyrhUUgxu4n
jECCw7ZjZbLvaWq4k5Sea9zBL/5p9phJVvgmZBfioMXKbYrg9MUunWxMDJ2+DRdL
vV7wWwByHrMhfbZ71KPAeJF8MsXR6WHaHTzckqOh0l8O5BPzU07IJxhKh2HI2joa
ZfEf5df99ARtH7yUi9qb2/OgqUe2uF/Z6MDUuuipoK95PACf8yvGGEprzqAEusoS
kvXJAkTHBajNPZf3M909Wqy0C8rRVC06+y9AT1Toba3yTb2wUEOFQ4vwJK+Iwi3d
16za6vzZArEgpij2me5RVblwVoSDlqbTTKN/obTOm3Vr2tBX1NCdVaQuwwWTcAmj
zuMd+bluEOOnlBfATuLdnRdgZAA0LbtQAxOcpdUsxR6KxyXFqlo7wPefx7GJKeTa
At0U50Jw76gTAwxTgdgyBuol998pZheyuFavjH9KmWY/q1N+WyOtPgF30VjbpDNf
GXH8zFh56LyFtBxdpjuVSUEj
-----END CERTIFICATE-----
</cert>
# Client Key
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIJpDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIsMy/MytYtzsCAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECM8bcaVcNffeBIIJUNOSqKmf153a
NBjm25drvNrgo+bEd2kxywgcjqIyl/csUjkbx3WWANZZAdRIFgtM2mN6xiGPAzpB
AMU+0FhbMeSC4aaoE6kbu0QREcHxgLemoA1+3c/VMfzTXJQ5xtr84pyBfj7lwYTh
uOC8k5WYV0VCWWwj39TAAfF/eqIzfuN4L2ybSgQyHHyWQPvCgfEPMZi5lBcPtZT5
OQgS30tFTgNOmz+wTex6uOJi0Qqo6MvH3rWv5rRwO17FZU6v+SLXcopvZfrO4WLN
AMHzjIvvfwmO+7/ypLnVdBYCd+CpvBUwcEbPVqrddWhNgidlOkoQzVnK34wexRvm
eDjmm8JbTHFQP8+DMEAODlMPNxMD1vCC/vM7bKMjCNYGjRwrxtL9Z8drp1wgzULJ
8AY3J72+lL1yMQNoch0Niuda3RDBs68FeVvGaFmGCPlzDdfTlex0Pi+BFeuTao0Q
7Y9zfcjyv+p4HxMg6YoIIQYOEogWO58GF1UL0zOJD81j4ihkT7HTWtOskw5E6Kfq
WEWyW5Oe4xR0PZpHNrYVURNg6kIxEBwRFfskFofGac36tKJ2fJseESkuqvXLenNt
Y0Epi/AxwEZa0E+G2ewNPNoBAIvRlOx0CBWWQKeCVaOgsOD0zyqYPsCGFWDl+2d5
i8afGhTw/8oqhwNwr25tWhW1xKbMEGchycywGGQloGvquv7kchJb6lDADZtF1++v
4wgRwtiBYOvkqXSLOpFiZinvmUMmqXD7PqG9yWF7XlnRV8JJ61RP2cuKCTXXCGfI
dtzLnet/4lUV7S0Wd3g1US2iPz6LJ+ngOBQEbAqFvInBiZFyduPwQJo0yswDyJYd
WNhmHumuFSSCdnAF6qVjuKhsNhftY5w+xww6RhAqst1idoVqYSt1LLODwKVQfIPs
uctF108LBYPBGf5tEC5Z1KRpDQO41q3F91eTZTVEH8Su1pW7IbMGt8XTUVRJESbQ
SYH5ELMdd+tb1ccD2fZZV3R6V7vI7ejAzOWdmjqaITtPGsFcMevc36YmJ18OQVBe
mTZJjdx28sGrsoqCSvgc7ii0DFLWZrRs4WRrgoxQq/G0zKLuuGXhlEgVw9QhIfeo
fMj1ebR0oElSimcqwPJYI/DDfhYZUA5Mx2Ewnfs1NS+CGoo+UcDKNHQRR3uEmP7T
1Mhg+MQ3b6ssZ8uZQut1E6bALf9ipH5xkN6rgniJsBL3lzvkN+/5XiE5qz16bmkN
gpF1+8G0/pjDi7a0Fw602ffdD1XAfcV6SMobDgTyMmjybgZHzf6cFy9gKrRa6WV0
do4Oc+uv0Nmj6wrAYO4s/nuJnpeTY0wbuHJgcYnTmUX15kIw+bPJ2UIGjyS8QpkF
evX8XeN48U9mknoQv1OfC6+kE6jgqQiDzigy9nSHFc4kIQWsihO6NKDEia11RWCn
QN3t8sHDNZdFY3dy7nnQRIhFNEy6InjLnUbfhuzgZVaVoaqULH8EmoE78z25zi0H
Xt6P+hkW8zZthYHsucVvyiNqZmIb50MK/5VHuORXsepWD9hX/rEyFxsv71AyBl9x
TSHjk4cgBqVh3uRH8NxNNvWnx7Th03Zk4/2dzNUc5taj3WX2jCH1vaKBMI1BBHJD
QWNIrwCExUOIAbYJLGkyihnTv4PCRlZrYQtMyx0laxYRdWR6lsIk83jcMWkWfhPf
YbYd/XIIR+hOFrUIM28Y2TTPHpJhbuORP7z18o2heUV0ZD3LdMi27/JtsSZHlbOu
nqdP9reWG8Kx6mjEdSFe5hTD0VmZ3Yks1jGp3QBcxQivAbLoXsP5VOMOPr7zXmb1
m9uWqtC+/1L6lAg5iH0YNyvrmRL02uzMiEXBQQDx0CYqcWJY+hwaXU6MnSyUMH7F
H7wAW2cqq1XCBVFWUIPI6P63LUlgewzmseaAGgD7tfbGSsx7BwseMXUwtdOYt+Rp
H8/3QeLLAfgD2Kl7Mv8F8l+KsBRNpaSJVYCqYH5ogzjRiuwDwsOmRdHKRh+r825g
fAJsI3grgZOd7poDQSisRZKOAF/ytTclreostJGfwLEE7IpUA/R7yLPCTI/mdPwT
4zRZ2N0fovkApA6hvhIpnhaA5XXuY7gmN8E0tgokZ7NsiL0JgFUFevEwzvZhlCJI
7edh2kPl379+bT1lgy37Z0V8ntU0S3I/g+6RsepDuWtCGsW434Z+iAAv7aKPJz0H
UqNHS4vElG8tQKBkO+qWRdC19hmM5itQoy/nD935hyZgRBZKFTmO3kNPPyvHVTdJ
hYTN/WAuXAMrP5HvkMv4AXZLQSk/YJCcJsPN5p8Kd40oEuwMumI8HCwXlSnpHnro
prdZrrCCUQ2232zCw5qQ4KZl7i5LB8AkLmNXtMUscHf6Nge3GSTILFaKoFYrDPF5
P6u21fO1R2HcA+b7xKzK6ecpPZA25ggxPMqvRwCnT/gueVSXjOIhd3f2pEs3yVWM
W0HenWuiWcbryuzcPAJytianU1KqtrEYhqFTxcdJAYa4xvFbCtGrmVuJ8NRomSg3
BdL8lOfdYxE5R8VYfVxw2jcLiK4o2Bqjt17kHTzzP95E8Eybkzgo5vycmMedOBsn
rBOUJXYFSo6hONNiMR1vlIxNi2Tdo9w5wKHUerVdXhVSLgvC7SeJeArN6+To+MVR
n73jBAA48VcA8d5miDNnfwEDguP/Fg3+vo9VAWccR3lq9tHT1GkNyz0gyYLxmwoV
2w+QkNYM2SzbrsDJ0GEN7s8gEkeQHuwcXHsdyJnLJQJsTrZaaHDd65BMXseE9dwu
Lgf0zuiq2DCDTJEvabd9siS7wDOxJAKzd3atP1O4ylnzSHgvi7DNQJ8Xeu8FF43L
Sn6KmWhdtfIhL3uNAvI2/6434qWKU4WE5Ro/TjI4uMxmfkTTQPmffJTGnH9nYJjJ
aURTTNSKQGbeyBS9KEUjSyQAAXBaDka4zP93eOi66aeUNaMcod1aKLo9r1LpjVqe
3qLBy7cCP56qaMTJChhwhYWtwyu5AqX2fk4LRAOrm7olFNlbJ/QMYEahztZzFuiO
hCCGNebRqk7IYmXnvoA1gJ7VJEov1QYeLX9xnZqF+qwHzs29pNZwADtvBlWn+MT4
yCy2JxLwIwfVuMsJWRzvHcpeOzmgtDIgUkqGzpjPB5bdtbr7GFbFkpms29DmGLtT
Ujfylfy4W1TZtS1ryCsskAiOrTpXH0G7
-----END ENCRYPTED PRIVATE KEY-----
</key>
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-server
# script in the easy-rsa folder will do this.
#
# Note!
# The option "ns-cert-type" has been deprecated since
# version 2.4 and will be removed from later distributions.
#
# Use the modern equivalent "remote-cert-tls"
#
;ns-cert-type server
remote-cert-tls server
# If a tls-auth key is used on the server
# then every client must also have the key.
#
# Don't forget to set the 'key-direction' Parameter if using
# Inline Key. Usualy , sever has key direction '0', while client
# has ke direction '1'.
#
key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
50c09d4cd2d32cbfadcc9ebff8e624d2
f7a5730ff6b708aad8a6bb14b3a7619d
e32764bbe875f11ce46213a35500cc2c
fd0b6bf2e7b8cc2392a478ad7f4e7c7a
3fbe2e50a781ea9a4fd83cfaf64725db
98b4740b145e2d948b3b09975866c03b
a268f82e767fa2517b469ec3e563d321
8156f8f192f75bf8385697aeed6b9f33
fd74e02426437c42dc7a85afd828012a
911e7d8e837249d33a4209dbd0a2c017
c0ee31207a0e5ba05e736fa1c9af1cbb
0b39dab31939eb37df367d1eccf61ff3
28135f42ba70344179186cdd0cac5058
9cb4bac7dd08436d1efbd452b72416e8
59bc9118c2c6aba6107faca0604d947f
ff8569318b234e4ddbb68189b1504969
-----END OpenVPN Static key V1-----
</tls-auth>
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
cipher AES-256-CBC
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
;comp-lzo
# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 1
# Setting 'pull' on the client takes care to get the 'push' durectives
# from the server
pull

22
CKUBU/openvpn/client-confs/wf.bak/ca.crt Normal file
View File

@ -0,0 +1,22 @@
-----BEGIN CERTIFICATE-----
MIIDqzCCAxSgAwIBAgIJAIlzPeW78XsvMA0GCSqGSIb3DQEBBQUAMIGWMQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xEjAQBgNV
BAoTCXdhcmVuZm9ybTEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczESMBAGA1UE
AxMJV0YtVnBuLWNhMSIwIAYJKoZIhvcNAQkBFhNhZG1pbkB3YXJlbmZvcm0ubmV0
MB4XDTA4MDUxOTE1NDA1N1oXDTE4MDUxNzE1NDA1N1owgZYxCzAJBgNVBAYTAkRF
MQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjESMBAGA1UEChMJd2Fy
ZW5mb3JtMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRIwEAYDVQQDEwlXRi1W
cG4tY2ExIjAgBgkqhkiG9w0BCQEWE2FkbWluQHdhcmVuZm9ybS5uZXQwgZ8wDQYJ
KoZIhvcNAQEBBQADgY0AMIGJAoGBANuLDmTY+5mYLbm9Pml3RwzxtTJ2NiLzAocR
sfxqux6P0ns1qCXOYmrdP8/+iCvZqw432htmyV+lSFdwh8lRe/hzklpr0Eq7PRVa
+D7Y4zlFtrz3j2w7WbYVUdSjC1/nQC0RiUbR6LdL389rnAeN/EOCCPOmilikLXSu
wtMXFbr7AgMBAAGjgf4wgfswHQYDVR0OBBYEFBL216mxa4JrWCNvx4pPQRJOcTeE
MIHLBgNVHSMEgcMwgcCAFBL216mxa4JrWCNvx4pPQRJOcTeEoYGcpIGZMIGWMQsw
CQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xEjAQ
BgNVBAoTCXdhcmVuZm9ybTEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczESMBAG
A1UEAxMJV0YtVnBuLWNhMSIwIAYJKoZIhvcNAQkBFhNhZG1pbkB3YXJlbmZvcm0u
bmV0ggkAiXM95bvxey8wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQC9
FU3NZa7dpiLVvvUQ7jWbl0LDI97jP8ScAzc/JWTrh5Pa45Fae28BQkU2NmelyL0T
yMVy/9UdpdU0H3RpOAfd02z1thxZqr3wR5rEURzwR6uYmdwHyPNYfMhdmXVIfXcp
pLHN2t3YBwKP5UCgULPDO8n7rVzYBs3MtfaCiQgXrQ==
-----END CERTIFICATE-----

137
CKUBU/openvpn/client-confs/wf.bak/client.conf Normal file
View File

@ -0,0 +1,137 @@
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one. On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
;dev-node MyTap
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server.
;proto tcp
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote wf.oopen.de 1195
topology subnet
#push "route 192.168.82.0 255.255.255.0"
#route 192.168.82.0 255.255.255.0
# Choose a random host from the remote
# list for load-balancing. Otherwise
# try hosts in the order specified.
;remote-random
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Downgrade privileges after initialization (non-Windows only)
# user nobody
# group nogroup
# Try to preserve some state across restarts.
persist-key
persist-tun
# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN
# server, put the proxy server/IP and
# port number here. See the man page
# if your proxy server requires
# authentication.
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
# Wireless networks often produce a lot
# of duplicate packets. Set this flag
# to silence duplicate packet warnings.
;mute-replay-warnings
# SSL/TLS parms.
# See the server config file for more
# description. It's best to use
# a separate .crt/.key file pair
# for each client. A single ca
# file can be used for all clients.
ca /etc/openvpn/client-confs/wf/ca.crt
cert /etc/openvpn/client-confs/wf/gw-ckubu.crt
key /etc/openvpn/client-confs/wf/gw-ckubu.key
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-server
# script in the easy-rsa folder will do this.
ns-cert-type server
# If a tls-auth key is used on the server
# then every client must also have the key.
;tls-auth ta.key 1
tls-auth /etc/openvpn/client-confs/wf/ta.key 1
status /var/log/openvpn/status-wf.log
log /var/log/openvpn/wf.log
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher x
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
comp-lzo
# Set log file verbosity.
verb 3
# Silence repeating messages
;mute 20
pull
#up /etc/openvpn/client-confs/anw-km/openvpn-up.sh
#down /etc/openvpn/client-confs/anw-km/openvpn-down.sh

73
CKUBU/openvpn/client-confs/wf.bak/gw-ckubu.crt Normal file
View File

@ -0,0 +1,73 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16 (0x10)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=warenform, OU=network services, CN=WF-Vpn-ca/emailAddress=admin@warenform.net
Validity
Not Before: Sep 24 01:00:16 2013 GMT
Not After : Sep 22 01:00:16 2023 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=warenform, OU=network services, CN=WF-Vpn-gw-ckubu/name=VPN Warenform/emailAddress=admin@warenform.net
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:d2:b6:81:f7:48:97:39:5f:c3:c5:c4:9f:54:95:
34:65:2b:4d:5c:02:bb:4a:34:3e:36:d2:7e:b3:d0:
74:6d:6b:ea:c7:a3:73:1c:a8:0b:78:fc:cc:13:d2:
a0:a3:38:ea:f8:9a:b0:6c:fe:51:32:aa:39:77:f5:
26:27:a4:de:79:bb:4c:3b:1b:48:86:90:a2:13:6e:
b1:44:20:c0:73:98:e1:c7:eb:de:5b:75:20:e5:66:
9f:30:f3:c2:53:be:f8:2f:c5:23:5e:71:f2:34:37:
44:65:7b:a0:9a:23:3c:ba:96:5d:83:e3:f3:da:3d:
72:aa:fc:f0:59:7c:23:2b:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
EB:59:09:B5:2B:F3:62:60:75:4F:71:74:AF:9D:6F:C4:02:DC:D2:2C
X509v3 Authority Key Identifier:
keyid:12:F6:D7:A9:B1:6B:82:6B:58:23:6F:C7:8A:4F:41:12:4E:71:37:84
DirName:/C=DE/ST=Berlin/L=Berlin/O=warenform/OU=network services/CN=WF-Vpn-ca/emailAddress=admin@warenform.net
serial:89:73:3D:E5:BB:F1:7B:2F
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
Signature Algorithm: sha1WithRSAEncryption
b9:18:88:3c:c7:d0:11:e5:a2:f9:01:2c:6d:52:38:a4:10:bd:
c0:da:ba:9e:5c:72:4a:2e:11:80:4c:a6:95:13:2c:f3:bc:d9:
31:06:a3:0f:78:7e:a7:06:03:17:56:8c:c0:f2:45:7d:33:19:
5a:85:e1:b0:7c:37:c1:a4:08:e1:4e:be:57:cd:2a:d9:95:34:
26:ea:88:ab:b1:09:c7:29:6d:3e:0b:36:a7:37:be:78:17:22:
8c:c1:64:38:55:6c:69:07:af:9e:f2:07:1f:ba:57:66:60:21:
85:9b:59:71:df:34:8c:03:38:b5:0a:8f:77:67:2a:2a:0b:d4:
9c:76
-----BEGIN CERTIFICATE-----
MIIEETCCA3qgAwIBAgIBEDANBgkqhkiG9w0BAQUFADCBljELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMRIwEAYDVQQKEwl3YXJl
bmZvcm0xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEjAQBgNVBAMTCVdGLVZw
bi1jYTEiMCAGCSqGSIb3DQEJARYTYWRtaW5Ad2FyZW5mb3JtLm5ldDAeFw0xMzA5
MjQwMTAwMTZaFw0yMzA5MjIwMTAwMTZaMIG0MQswCQYDVQQGEwJERTEPMA0GA1UE
CBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xEjAQBgNVBAoTCXdhcmVuZm9ybTEZ
MBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEYMBYGA1UEAxMPV0YtVnBuLWd3LWNr
dWJ1MRYwFAYDVQQpEw1WUE4gV2FyZW5mb3JtMSIwIAYJKoZIhvcNAQkBFhNhZG1p
bkB3YXJlbmZvcm0ubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDStoH3
SJc5X8PFxJ9UlTRlK01cArtKND420n6z0HRta+rHo3McqAt4/MwT0qCjOOr4mrBs
/lEyqjl39SYnpN55u0w7G0iGkKITbrFEIMBzmOHH695bdSDlZp8w88JTvvgvxSNe
cfI0N0Rle6CaIzy6ll2D4/PaPXKq/PBZfCMrxQIDAQABo4IBTTCCAUkwCQYDVR0T
BAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2VuZXJhdGVkIENlcnRpZmlj
YXRlMB0GA1UdDgQWBBTrWQm1K/NiYHVPcXSvnW/EAtzSLDCBywYDVR0jBIHDMIHA
gBQS9tepsWuCa1gjb8eKT0ESTnE3hKGBnKSBmTCBljELMAkGA1UEBhMCREUxDzAN
BgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMRIwEAYDVQQKEwl3YXJlbmZv
cm0xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEjAQBgNVBAMTCVdGLVZwbi1j
YTEiMCAGCSqGSIb3DQEJARYTYWRtaW5Ad2FyZW5mb3JtLm5ldIIJAIlzPeW78Xsv
MBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDANBgkqhkiG9w0BAQUF
AAOBgQC5GIg8x9AR5aL5ASxtUjikEL3A2rqeXHJKLhGATKaVEyzzvNkxBqMPeH6n
BgMXVozA8kV9MxlaheGwfDfBpAjhTr5XzSrZlTQm6oirsQnHKW0+CzanN754FyKM
wWQ4VWxpB6+e8gcfuldmYCGFm1lx3zSMAzi1Co93ZyoqC9Scdg==
-----END CERTIFICATE-----

18
CKUBU/openvpn/client-confs/wf.bak/gw-ckubu.key Normal file
View File

@ -0,0 +1,18 @@
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,37AB2C6A648F9B51
//7pxmUNAeKIEUpYC68megc6A52uE+0wYP+R6Wgr+LlZo9OMmgloxVCB4UBbh5dG
yhQm14DDwr0Wwsx/TCT44PvUM6At4londgCScVLf5oG6G3zMiXAwDvW2Y5f3Q9Ur
8h1VV4jtmuFnah+IwLixkdJ8RK7BuBgUk0w8ifDFRUKRA5vmAjI5cw75JHl3HLsM
Cdcx2+utLB84iDSox0GADkCqZpdiMpxpfin4qzec6IrZtyf3wG7mZpbPTLjOhWcP
JpYFegM0VzAjaaPV1e9MB1MDFK5D0hiwiN0FQuJN0AP88cNrOIx8qYoDAjEbnuFz
egarxVZuO9qrjU/ZwkTU/5MRG2g5cB/0z35r6lA02jLQQRLYovq/5BxFpSpU4dMO
gJ6DUthCwh27LUKI4vwZ9r3tHTsVntylCE0T+5MKcbjZcdIcfTd/G6MvR8u66M8K
PG7tuXQJ1+/ibqMKP/C7bRCOojVf336J2Qf2phIXtnfq5b+OrlURr72E2X5/P7KD
Pl+aI48IngqQ8t1YYlXoPWg2A+w7/wHI8CmT2lEy5Vi/U/yeP/fHRIQTQdOCoPdV
pwtmQDC67W347RHHvxebSMHJFQhJJxR6oJeNho5yAJ7FqOcyUb9kNTaVujQ3BYhu
4RZ+D0/N/2V7IZ0hh+WtWw68DbP0WaPGxipYZXkk5sbTjnGs1OmFfbwIJ0QTu/8J
SRl4EWCkzm1ourCYzWLQmRfkcYsJ2btnh1WNz7J+N98cO9lR6mJagQU2gZvcL3PH
XmrtVsUlfkoVQpxKjqg1y9slUn0bnGd3nDghYsSt9zSxVYSPjmI9SA==
-----END RSA PRIVATE KEY-----

21
CKUBU/openvpn/client-confs/wf.bak/ta.key Normal file
View File

@ -0,0 +1,21 @@
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
487f0b0b91c11fc48fd4ff982521d467
203219c102195d26fc58585619060699
1891b99c2d6d314ba08a35256c901e1b
a916cf8c9e9b43f2219d66cba4cf9bd9
843e45c6bb28224cd4a69fe863d45d05
b1260969b01939384a4ac77d7ef8be24
6eca30bd6e7c2f493d0bb798becab038
5525e0f54c3cac4a2886ee7a6350a182
733528cdcf7d84959209e73339c235d3
0bf58b8509dca56278b6289b94b45585
4d734f7c553c047f06a7fc60b19c2ac4
2e7b82683114377d003be670fe2f52d8
6a075c16de4301fc2ce65cb8fee4d6b0
d23938abfaaf35456b3784719528b35b
2b864497880d3a92540a8698d10d9299
edf5e74ba8378ca58a90909c5aedf05e
-----END OpenVPN Static key V1-----

270
CKUBU/openvpn/client-confs/wf/client-gw-ckubu.conf Normal file
View File

@ -0,0 +1,270 @@
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote wf.oopen.de 1195
topology subnet
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Try to preserve some state across restarts.
persist-key
persist-tun
# Server CA
<ca>
-----BEGIN CERTIFICATE-----
MIIGxjCCBK6gAwIBAgIJANI5OJTs0bx/MA0GCSqGSIb3DQEBCwUAMIGcMQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEPMA0GA1UEAxMG
VlBOLVdGMQ8wDQYDVQQpEwZWUE4gV0YxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9v
cGVuLmRlMCAXDTE4MDUwNDIyMDQzNVoYDzIwNTAwNTA0MjIwNDM1WjCBnDELMAkG
A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMT
BlZQTi1XRjEPMA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bv
b3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK+Qg+M2wuVE
xG3mDM6abF2wyU7bVeIVgbdU3L+aleso8IyCwyZS3JTWafR2HzHGBIRvmmxNVehs
EAM8AtkxMqKSGTv3HgnaHy6XSNlMqmO78rCUifFs24Uw2vbnbrytxEGGr7aFVaiy
f+nZ6uc+KT4sJzzxc4UV3BxH6aBt/itNCrx/mPrQ6JBsH1U0pJp8O35UNmgPxRTW
A96LMxvupC4K5MWCK/ZMgJ+zaKuHY2Zn09vmxIOEkzGY0MSQynLaIa/W6TLlGXpn
UKRArd098gS6IF3TNLeTHKwwEMdQREguL+C3I4m9a9uCFs9AUGmKx93prRG38RL7
TrdJTG5J2642xBQae/M4NjjPZ8yiNKMiO5CM6RiINtC3NykwlR+74LmDz0wxvxoz
zsNdpYKH9eaqE7xmRhpXPYc41oCT7QOg8kh1k11dx7awx1edD+5MBklyr23yph7I
p4j2aA2Ce4PKgH9p4pPNDuMI7o6AFpQZC/YaKO315PIvkGbI2FPvkD6WAFo6ol4K
P4Qs8l3dek6cqys5tkq5G1vh61P33hnRqIOlDjZ/03gtsZKjndY+WSR+ilcTb+dP
I2dYXqX+Cy6xY4bHVxpHg7MXYDZoXtVnjLcC5EviwiShqDBReH1CFCfDlleWjkob
vlLjvCO19SEzHWK7lAUvSuOk+XFlPwgRAgMBAAGjggEFMIIBATAdBgNVHQ4EFgQU
0PJ0ICpJa0iXvNFbAFu9khFc+mkwgdEGA1UdIwSByTCBxoAU0PJ0ICpJa0iXvNFb
AFu9khFc+mmhgaKkgZ8wgZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4x
DzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3
b3JrIFNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tV0YxDzANBgNVBCkTBlZQTiBXRjEd
MBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDSOTiU7NG8fzAMBgNVHRME
BTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQA1PlBb6rHJnwpZwfY0Uvb1CVbCuVF2
4C54AMdWKTORs8U9fVKTwVxzV+aeHiEztxOoKLhIq8EN3+0HkDdXBKHagHXjzEoe
h91n/5nfc9IqR4WVO9AqFaqiIQmSOFqtryoG8ZgHtAz65YCGruG3BS95IIooeXQW
r1sH3L/2rb0ea11zP3CtBy2pKlHiu6289JiLyObKFaQFu7PCJzWARV4pIJf1XgZl
qk2YundPpKxtxHUhe0UObYFrcgo1ccBnKEsEcMANk7nz27QXML1dSSRMFc/AInpJ
EMrInTaGI5rGusgbGrPSVAnuLMkmDdNE6r6l4L9cd5m867CUfp89m4BCU8Cjv+UP
5bnBU9DgUqMs0jlOqbfy27FOsPXBhsyR4QdddJCAg+yYuYdBgVo8XRZiSPYTi55G
M29n92ma9HVU95WA4cR9d3IlgNk40RhgAVMcGAOgk/sQFfp43DssBtcY5wweva7B
a9M34o0f4HslXDm6xV8y9P+zcScbs9B9WXE+2HvMwVTrXnM/EhpyL0MlZ5NXcHld
cBqNwRu84Rw2iw54sQDb8R0a3NJ3ZxHbQG8crgUD80xgZe1ds9k6YoCr4c4wh7SP
ru1i2v9bdCskC/vsGOR7BNUvVfJFcfk6PcqynHjvGgz8tWWdEkbRA29UZM0paAwZ
Ic3ZiGwAJvoitQ==
-----END CERTIFICATE-----
</ca>
# Client Certificate
<cert>
-----BEGIN CERTIFICATE-----
MIIHKDCCBRCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1XRjEP
MA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTAe
Fw0xODA1MDUwOTQyMzFaFw0zODA1MDUwOTQyMzFaMIGlMQswCQYDVQQGEwJERTEP
MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3Bl
bjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEYMBYGA1UEAxMPVlBOLVdGLWd3
LWNrdWJ1MQ8wDQYDVQQpEwZWUE4gV0YxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9v
cGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAspSsnUm1LQ7b
8RkbTcnOZbkY5nrCxuUS48TTR5xldAqAIE4dcBiOt4bk4Owq+Ga/ahSPRE4bzWGg
sxMPAOwrTQbIzTTSa+hE88yb/Yex+ajFF3l5P8UFDnuhsktYKTO5gmm/s7ylUXkD
229PVWJSZPDkoyCk6X9dePIr1Y5bp9hVsu+kAbgv+hqDKVs2t9SEz9sR1D3bPBSo
Qq922A+uAB8TuMO7+Qa56SN3TNeppDbZ8sMJDACo4n6kuGiiwGKwQisuClWc4Ztk
lyxRyk4nX3tazoZ5/HhnWAVIyDtKJLoGTtuJQPTrg6u73L8dZ/Xdzs44JtcVgFyX
c/tYfpa0qwOaEjY4eIZbR8fnE1aDVKOxpF6+dT687g2ejZnk7xat7nQ1xO0dOpuU
nGcHoj6xS/qelJdREhoSmBcM+s47AcChvLQcnYxoMUttGa1IwMQ+JLKAkoe6SxY5
O/RFc7ikFtxqTjoYhEaeOEdpylddkls2GgY+zhr19Q7fQG4GJAzcaX8kZNW9lCsL
bnVNKs0NPqSzlH1V8fRW8qbGLBYo4psmv9ZSVz4uSvjeiztxDXacrn/mk6QaCsBU
iGL5W10SMVzdoCDhZaXLpbav3TqSdO8McJgOrRw4oj6ub4FeRD1PjLfLUJNT4yQU
xaM4cJrrOREcZrZ/QzFb50A5wPj3XmECAwEAAaOCAWgwggFkMAkGA1UdEwQCMAAw
LQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAd
BgNVHQ4EFgQUC1o/4VMVvM1Vd/5aZ/6VotQG7/IwgdEGA1UdIwSByTCBxoAU0PJ0
ICpJa0iXvNFbAFu9khFc+mmhgaKkgZ8wgZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQI
EwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYD
VQQLExBOZXR3b3JrIFNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tV0YxDzANBgNVBCkT
BlZQTiBXRjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDSOTiU7NG8
fzATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEwYDVR0RBAwwCoII
Z3ctY2t1YnUwDQYJKoZIhvcNAQELBQADggIBAF5Lkr5dmfn07fwGHbjBYQcGapqI
r4GEBG9E52PFBL432FLlaLy9HrpQfIj+6aCpO6/M7u5GSQH9/2Bo1COQDenWVJdD
4oAkCcuBFwY2xIMMF4RkWXKrKEVCc+hZsgHl5/ZFKQdx/XYLrJc4s+ZUFgiESfmX
NpP9d2T5kB/SuxxXIP+1wVe7sbKMsa2VZDTe1KI7c1xgb5Z+azGmED3MyfLf+jS2
jOPhJZAxpiGhBC8SvTzmaysGkakAEBzgIuPz3a6rKn3lPFKNp1zoALGVRMwkRYdu
ufdoBlwGq9Vt6WKlih9XFBcuFbKLH20ZG9oPrElMnkMdDucoQZ6hx6WNdvVs5TNb
+kaDaWu4dQqr4VrY1Xx96VctvvkbLT9BWzFBMlOAXJi4Ndox+P9W0z9oq++bOVpN
7H9qrdIG83tN7El4elemvXeyHfq+4vVgrPvLJ3blhuoZKONauXu/0D3Vt3mB2Gv2
JL2oYFMa7reU+IYBZ6HzR0AOTmy/9emA6h5jf27WSWY9JYzvflzIRg6i9eH/goDs
vAYjExeG8UelahsS2XhVhnYzimigBfPE2CkBXCTX9KnEumF/Tk6kb7u9Pqs7Sw+u
w9dpCWspa9+H75kl/I5k52mJpxg0tbG3GP65DpwnGtIYvTFs0DSywlh/5hnoN5Go
Ww26mZRoHwHAtAHo
-----END CERTIFICATE-----
</cert>
# Client Key
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI59wBCS9KufACAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECMafpEYThPSNBIIJSMfS/Nhh6rKg
wYowIdjqeXtALfdMjYM1VPFesantrtCGxxZgyvGhT8GJylJvyKlHpaGKXnqib9k9
vtmLEwgte4gfKQ4DfBLKSx59tMWOubFkP0UipolhJeksCzyq8Jz+vqITr8ZIHm3F
+Rw6Vmf/tH6+tl4E+K9RsC6y9DV+3LT8nApLJw1jFCOPTYJ4MGMXyacrQ0s6uluB
vL0T47A9OVemH9dAJhxIeYXP6oNM5/bbMe7ipAQDmwzAU4YGn3VR7hRdFjhcsw9G
3MiQQc3/vBKYmIwDKdRhkNr6BWU6kj00aHShchQQB3igc/C0T+OdYjbV395+AoeW
N2elVKmVR+jPmQCngb4adE13PqzAil29SMNGCYUmrr6w9beof1lkNgaPGMlizSrj
dyViCIfyKUZIyHoTM2tkWZnvwvTAiLnq/KLb3xeFEz1P52dXNa+iaaT+2/CMJK8y
/K3tI3LelE4GlJ0pqPeBbgPdJtDjti5eLAzlpVt36FXYIauNHPqdudD2gkU1uyQ+
UczS0aiHp/HyR35OhOtjTq9WjL6rNcQydYxKZkQS6SftqC9B3ulG6miI1qykoQRt
7mCOE4hdRLb4qU7ZbuLh3ysX90FgSaCTRkn/WLLRdXL9rnp18/i1o628449p+sCQ
1Y1BaMSiwBKHu5kvFCUiZ/9gS71rZvz2fWYvZult9hM9++XXwGjmaQFTO/O/YAKA
PMnsS7XZZLF8kvWp7kXU94ws+Bozhbfd3Owpktr7oe5pnUz3JoIuZZN7kq99u8+c
0n9hIBrMKcMWbyDOVwlNJ8GvR8QkEcXwzfNjEqawHpjZ4I3FV+nyVuCOt0Ap7ic3
GqEkpfUQavLyxxYanchf04/obbiW63+r2LbLeouvk44LjOdjP1cD9Q72jdEfYTeS
bnqeqA7LtNJ334SsetLyfPpf5StF59HGAlOLRQ5zCM2UW8HPGK+BRn5FWw6lfp9x
8wCIYs8QDzq8PwRNpi5z1YgXGM0GV15uk4JRPphSD0GdB4bDjIufhG1WzAMgHd3K
99ppEmtguBXQwjt3KnRed+sjbhnPEsdfAKlvGhtHgMlxa9Pt+4HY6BapcVrcpE1U
yx72S3BrWgY1b+4E6DEkAZurGcqNeBf+3kXzQb/bgZ089oSkcULayx3qMv9I8pWk
SQ/KiWz0w7LhPcxOHtyLEjn1z/FMnc/H+HYL7nVLHvPQI1QqN6QVDBXMnzWe/LYm
pRlKnFXL8DSQ+U3Y32CsCGmRFoHnC5IOJ9AyLcH8Cf1mGHtq2AUR6A+5fnDnzs4W
wneYMYE+chjoEBhyrbhaBmzMsZn1EQeRSWnKFUv380OeBTQvA6UEX2NbYe96Sm8/
5vym3c9js8SioBiM5nT1IO5w3ySjnaF3UmUldlk3JUCOey7HiuCXBGNiDq06laPX
Gy3cAy9zasaPdsPaPcOjNyHurSp23qXua446IyBZTdzQewE5AcfQMyJIwzuck/oq
UDZvHZUbiqcaWtEcquyLRSQPSRj8zAN0+VJoO88ptfC423ye3SV/bsIJV/dlys0W
NqkfK4e7sqXlbESlxMfhTqKHD0JgC/mvlfWcQi7zQ3KTjWQGKGgkZgPe5YKa9XNy
r1iA0sVKrvJcFWNb64wXUN5KKP+7j+jnkLdsQKrDDrQcdkFZI3TTjB61We8xG4EK
vEkhpxf3DG6QOYpC5xpKGKIKDvb3PlxDw2zLoRghlLOYcrzrCKCRpykVdPa2/WtY
ImvtspFedb1erVuObp7KJtfhnKsiT6D2QXX1YceYwmC+6tbpdyi1/SsnwOnP1vyD
2Kt+l10ISuDIE50NtEmwWjluSHenQXwgkM57YrYi2cwOB8tPxUiFevpFcQpErVyd
7Ocgd7n+NEM0Wk2+9Ap8+uAqIGnwy1og41/EzpaSybhMHhI4W8o7ocTIU+P4o3+5
Lpq67MLebA0nJ2UFK0/CsJFH0mqL+MyYbON5T7IimS5f+dxBTX80zZeyIcV/uf4d
w5T79/5ltjQ61MYS6nxnuEFVsO+S4iQZPV8lyszucRXhK9czJ7DULvbOcUqFgVU/
wkkmIeGRiqntohas7mLzl/GIExt6e/yK40jTbIq0wGt2fXncVZ9yLn5Piap0kjTn
SrDcvBHR2yOjvt/hSiIhB/8Stxfspc+a0gPMWzaFzw5IFxzihA6FI+wnRmLTAIY3
niq6ORveC/9iZLe0tJ6AAG4vw6oDi9wQPqdqMfwcmiFDqT+lpNd0aWOpTvTnVt07
ibNVRV7H1DRomeUodkwcnvlONBWyt30WOE46C6zRGnIpfKO8NSUG5CTJd3YKUo2b
wqSd2N/jhQ5is+vHIxqhHl53p3DvO/OMSb9vYtBoUlHUhxU+4dJa3T1qibKtHXHa
2gsG64/AFt2OQqq9KS9Zi8Hc2MyI3tPeAy4xMctYM2b1fjE9UHWRfbcVZTOPWbz8
PWfvyNwc4c8pqeojmMaMyUPYMsoM+yhj8tHRpoTNUSZx2I9VrhrAMQQt5HIThY0n
/MSWjaWOH1CPbgIyJaBY8WLL1Kz/QsAPV7PgeG5YJVvuqM0uo+iDhf4fHXR4TYqS
baeXV8sXQg+6WDmBESsPOGpL7jMRg0Ay6HHnAmZHWWC+9J4trVerJct621A26y9V
3Bh2r1zbL8dkC3WHvBu1uVlWam1z4Qj+sS66HCDlPWsgQZzBOX3JPRn7IUjCFzWM
q0wZPSNO1outCFEs/uW8nelWr3EOeYBtpJZU81rXSYHvDa0mWZCroabNcgDiHbcj
DwhtAewmLeJhYUPUkU7SoqZLJy/RRymEO1vaNutQtm61vlbnAatcM6y1v51/vLRl
xe5fpp9/EZGXMfnjgKApAO0WFYPk6FhZydm4KrXTQueLS63GGCuSmaAVP3aLWt06
qn5FfIqupymn8xqNkmToUhE4559j7Z+//tvvdNppsD1YY6x6S0NfWreGhArL0uYu
er9iXtrbb0QCitzXdWh90+CEFvENzeYOqE1T4C7pq1Nhoqu6qCzFk63TPBBhlFm9
R002jRL/UcjqDy7L4L4hE6TCQqlnVuPl1Ru8uCpRAUARPbmWNBVi+yUeGTh3YFOa
yPuYDrvQEjzXl16q+U/5MNQ4S0MZzEDtjMYKqLyGsVh503jKO6XH3UmMAFlrWf7J
1xr8RI04RwGrFDkPkuw1dQ==
-----END ENCRYPTED PRIVATE KEY-----
</key>
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-server
# script in the easy-rsa folder will do this.
#
# Note!
# The option "ns-cert-type" has been deprecated since
# version 2.4 and will be removed from later distributions.
#
# Use the modern equivalent "remote-cert-tls"
#
;ns-cert-type server
remote-cert-tls server
# If a tls-auth key is used on the server
# then every client must also have the key.
#
# Don't forget to set the 'key-direction' Parameter if using
# Inline Key. Usualy , sever has key direction '0', while client
# has ke direction '1'.
#
key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
3e5606d9c9b42920092f825f6a23844f
2f37246d81d815ac43de66f4ecfd7237
5c7a90624fce693c8b98330f067e3fb0
3a7e09895d73d7567f1054b54882d4c6
72b6d4b075c817d6304a2928a03af610
89090caccd14025b83683285228bb280
8255101ec75398ec183f14d3ecb45fe7
e26e6fdb81e7d5ac8a81965acd7094a5
5b99d8b392a9998f7468e553a049c539
876925b61b9fc07ebeefad3f672e6baa
538e516961f37ca0e09666cdd6f67d37
89a39089fed07e8755a410b86ca40061
cdb81e6fa11b17b2b5dd74eca1447aa8
b2611b543751b2d53fc79fddbc26f91f
4d9ded064e9ea85b882475aa965950d0
7ee0cd2ce141eb6678d23a7bfa832536
-----END OpenVPN Static key V1-----
</tls-auth>
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
cipher AES-256-CBC
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
;comp-lzo
# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 1
# Setting 'pull' on the client takes care to get the 'push' durectives
# from the server
pull

18
CKUBU/openvpn/client-confs/wipe.so36.net/as250oob.key Normal file
View File

@ -0,0 +1,18 @@
-----BEGIN OpenVPN Static key V1-----
c9434047b9f0191c50a8a49a81a2cb22
4c0a197ae768f6f9754b34cce526245e
ca10ad7d8068bd73ce6560a15d23d72f
c6cc5eb12a47a5fa1d7dfee09db0b1d6
e349ac98e759d2845129d1e907575f90
a41c055815d50e6890107f9677c2884d
46eaefca8050bbfbd3b9fa386a998e2d
6da1b1b38496248a280211868e271dda
163e81c342a1279d848de32864394f1a
10486ec963189d236b4237aa396eaefb
bb64cf9749a3f0d11b75eb1d90772cbc
8edaac9bd760d1d51060ea910404f0de
fc924e923644c94082db0751844c4af6
a4eb385827e62af0e77134608bd237f7
d9e1e52d4d1595181a21b54d01f1db8b
abb34d551b204876ebc703c3e325dc11
-----END OpenVPN Static key V1-----

14
CKUBU/openvpn/client-confs/wipe.so36.net/client.conf Normal file
View File

@ -0,0 +1,14 @@
dev as250oob
rport 65001
proto udp
secret /etc/openvpn/client-confs/wipe.so36.net/as250oob.key
dev-type tun
remote 212.42.242.221
persist-tun
persist-key
verb 0
ping 5
ping-restart 30
ping-timer-rem
ifconfig 10.250.134.1 195.85.254.134
script-security 2

258
CKUBU/openvpn/home-ckubu/chris.conf.sample Normal file
View File

@ -0,0 +1,258 @@
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote ckubu.homelinux.org 1194
topology subnet
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Try to preserve some state across restarts.
persist-key
persist-tun
# Server CA
<ca>
-----BEGIN CERTIFICATE-----
MIIG4jCCBMqgAwIBAgIJAJJFyNRqWYU3MA0GCSqGSIb3DQEBCwUAMIGmMQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczETMBEGA1UEAxMK
SE9NRS1DS1VCVTETMBEGA1UEKRMKSE9NRS1DS1VCVTEfMB0GCSqGSIb3DQEJARYQ
c3VwcG9ydEBvb3Blbi5kZTAeFw0xNzA4MDkxNDAxNDRaFw00OTA4MDkxNDAxNDRa
MIGmMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJs
aW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczET
MBEGA1UEAxMKSE9NRS1DS1VCVTETMBEGA1UEKRMKSE9NRS1DS1VCVTEfMB0GCSqG
SIb3DQEJARYQc3VwcG9ydEBvb3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
ADCCAgoCggIBALae3zg7UYlmziw+LCYVg65H+lKNOcj/JArsL2MOnYEcmrePLI4e
GWRppLVpxKeG9kIpfVglfqRDdEY9eOFguJs+MsKwwRi2LzY1rCjDazCjTnQ0L0Zj
1RqJT1LqaEkzLv0cAWxza67K/n6vMaXxQ59jNAW/bOik1SogHiwrT78f2e+Zu3K8
tqkuuDwtwbU0jzL+m+IuHNVl1CTcAIZRmFbdxpWfi5pocrbOIlCwXbUP8ltp/E/t
xLKQqBP3ccgFwPuCGZBymUcpRdMgiDwifYnZK3H4STLSDN4b6K1PclKh46QuxDv2
egap+vctIKJRLguAPqRVjSoYK5UXUcZC+R6t8rHvxDGLwvk3IPeEI9z5bCvnm8cw
0e4/dr1EDjtwHXtw8X6DDf2biNmq4edCRxrgyQKwSOAsC4MhzFNPM112N1nJNrpR
nXNCKRNGF4MdI/zFqRLraafk0eT6yP9/6lmoQDJsjhUH/ziOB+cPS4XmUI/XwMF5
c56mD49gdG4ZivDtJeGcdZ4TSbD/lvc3yI1ECgouFPcBAJHwendA29xYMmuj4oCP
stW7N8HARZWzfwIdbB/HHupHIZ1HV4ACY0H7Sju6SMFxWi09dl92BYG9rhMW/M6A
+k7WxW0IEqZyQgen3fTRw97GJXaLM+anwwl89c6trOaME1ql/w91lAInAgMBAAGj
ggEPMIIBCzAdBgNVHQ4EFgQUXaBXd/nJzd6Iqb7Q+/D8ihm1nfAwgdsGA1UdIwSB
0zCB0IAUXaBXd/nJzd6Iqb7Q+/D8ihm1nfChgaykgakwgaYxCzAJBgNVBAYTAkRF
MQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5P
UEVOMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRMwEQYDVQQDEwpIT01FLUNL
VUJVMRMwEQYDVQQpEwpIT01FLUNLVUJVMR8wHQYJKoZIhvcNAQkBFhBzdXBwb3J0
QG9vcGVuLmRlggkAkkXI1GpZhTcwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsF
AAOCAgEAquNynEChfqP/lTY48YE3xhDycq0YF0WimD5NzKPgrCIP/1x3lyufzoiz
8DrqVZ61LKdJUJMcWRmyqiXS3WZFX9X7ktZvmf37E7JUvorSuF21PMm9Oj0yUsUX
y0AFUiH3fpNhCMxYiCqS85wWBy1+/6np1RodihGTPcLwAGLIVGEklyffyamQ2i2E
TZwZrZJrmLyzsdn4PT3vJyfAUUbcpgf32zjEZCCozlSdisZi8cn2pL7y1pcXA5Oi
gvLhDNntYTKcE1JjWqa/989JJgvvYD2fgCo+DkPw6i/Dic0UAZypHLKqiCc4f3Pc
GqtaY7nxQjMSGVnMjEn2yzyFtXep4lXn16Nh8ZnGbEk3dqCIBS2xzjcUs6YRdyMb
b2JIflNuI4Wrqx5CTyMM7lSNapZRPiP7Qw4xyq+og1TABJuc+9A3Pj/R/oztoHim
9p1zCM4m3tEBUCkYxet87BojVn4MQ37pees1Xi4oAFHqU5mCwpakO6rVOt4Y4vyZ
K4eF0w3NoRl+z4tbDFh+RjUj5tChKcMxaSitCsD0GGvd0nlO550tbxjMZlchpLhP
xG+rcU6098AdwAIjESyYfowVhHT+BDTefXphSYMz0ImaiBzbGwEmpce7sD1bYFSn
Wer/Kh24vsIIxcO2PNEKvQbO/I7YD4Yjk4pVGTUgD54LLX7k+7U=
-----END CERTIFICATE-----
</ca>
# Client Certificate
<cert>
-----BEGIN CERTIFICATE-----
MIIHQDCCBSigAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEzARBgNVBAMTCkhPTUUtQ0tV
QlUxEzARBgNVBCkTCkhPTUUtQ0tVQlUxHzAdBgkqhkiG9w0BCQEWEHN1cHBvcnRA
b29wZW4uZGUwHhcNMTcwODA5MTU1MzI1WhcNMzcwODA5MTU1MzI1WjCBrDELMAkG
A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
VQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMT
EEhPTUUtQ0tVQlUtY2hyaXMxEzARBgNVBCkTCkhPTUUtQ0tVQlUxHzAdBgkqhkiG
9w0BCQEWEHN1cHBvcnRAb29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
ggIKAoICAQDA5DrGxKOrIDkG6bN41khikTnVEWmg35qFA1OkbezVg8e0tuhAhDqh
ugWUbbKJAj/KIwQS1z/8yNfkb5GKNEJYCnUvuvnxc/AKJ1c5DrijeRm5PHyXs7sn
RFm+EOB5G+czct5JEfTUkVsftSZboLhQ+GESNB4DJj7cZX5Eb3CQQm60a4cBMzEa
r9W7LyWBQEHcuY3oI6s/R9g72QGJaNQWJklBT4TOcnz3nvs5/SYvvxVsykqDD8ii
9SzqA3zuvBoTUHFaw7YfoBkclQ5ziV0iNYUXb937DArbvnhNbDxb9EjBCmJxZ8Uh
ryVIyLnSvtLgar3I/eHFeJEhxwdhmNuYR1tLKjkVLFb6rTWZiizRUSUnidNHXbu1
K/FbOsurd3ZRLMttZNTc1kNdXy3JDUToy9rZOUpoRbfY1UnCNN2tWNB+U6wYgAUn
V1bZhWnUdX1stP96G3kIjff1LvfcheevgaLDNFDAtgRwYjawP/uXdybmQAIO6UQr
jLfA2958sGEKWrB1Pgy8kmvXE3xGajNDTP3UNFIJsc6/nE7DaA8VTuVW0ypgNSwS
uvI4HJnbxV9YDCozojOVjN4ICyqDtBabKbuZ6C2lvrMsKMrvUTkdVei5YJELHH6f
qT0Wvgt+YjGmu9LuG44v2lKWqw0oxsnnhElcmMyuimrWiWH0FsflJQIDAQABo4IB
bzCCAWswCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2VuZXJh
dGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBSZ3aK5+DrQI6Jqd/Rr85dJ25MefzCB
2wYDVR0jBIHTMIHQgBRdoFd3+cnN3oipvtD78PyKGbWd8KGBrKSBqTCBpjELMAkG
A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
VQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEzARBgNVBAMT
CkhPTUUtQ0tVQlUxEzARBgNVBCkTCkhPTUUtQ0tVQlUxHzAdBgkqhkiG9w0BCQEW
EHN1cHBvcnRAb29wZW4uZGWCCQCSRcjUalmFNzATBgNVHSUEDDAKBggrBgEFBQcD
AjALBgNVHQ8EBAMCB4AwEAYDVR0RBAkwB4IFY2hyaXMwDQYJKoZIhvcNAQELBQAD
ggIBAKh8doaLAtydm7PEcC7QAP5Uc3TNqCpfNCDApfjLpl7rdKrgAnmeV9kQ3IVq
AAeyl2vuctEbcsX8/oNYEJFuUIwNf4mFDdp1Ifq8/ieCw2KLDU3zYH8sKQDTZHwT
w6xuXocuVQ5mcwwjP7ERmYXUnnnHAOgSvjgXBBtNV8tAYGCLDkjGvcUZ0oNVBgAx
Xoewhmd+1Oozr9I0YH1EhEDECVTbivb0So+2ZbEjmOXhSlJdgdi2MO96dsEOuMjH
KMVTqBhMNtBOHXtDbfZC2NwzO5RcAV9FeWkHj6oaWIEl7RTiw52gMTygbx6ezZT/
2fKq7TrY8fuRWLmQ77+TwIkT2oyr7DjJ9s+kY3AU7XKAZHTUbhGlqKsWUiV/3+5f
S1v/4hjtuAA3JPOToBcEn9YAR2djavYIRM82YbRByHvrJZkCEnfOs57Wv5XZGKLK
J4ph1ikT+lLBVczZVB14Elz6Vz0/CHlT2Q6/MtENpLyJop6uVCTmpIiKcfF+kuR3
/f8pdXOzGc1nOwT3g75A+D70nWaXULZUBlRKJ3FZCo+Ecx73YRhU82frDL9+jYiw
ui8IfDjmAQIqFivcHYLizZtpJhrqa7oG7MY80lfsHTPnUU/jkdRBYBzGk3yrFXpE
KN1k61XVk3Iv9lDA/Oa9/Q85eSmj8a49ZQ+GLsTaOx7eBi8j
-----END CERTIFICATE-----
</cert>
# Client Key
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIQu1w1fZPHpMCAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECFN1kcfwGMq/BIIJSDyJVQRMO58N
9RxwtPDyai8u6aTPghUdUdTAxnVXw/lDSJ0mJbSRm9Q6D7t/+JS+/wGAldmoZUHp
a/jVAOtSwplaO0RnsHXtYA5QxrjrsrDdMXIQuwFOHIu1x8n/fE1mUnQ3ca9Q9wwR
qFj+/oDNw7eYHrps0k/WNVlo83GCa9LUX9bXHFNhPXDm5RGFHhBT9cMPmXByii7J
j+7MVCiOSgi4alMPGgNezDVBzJvWip3GzTH7ivxLZOl9ETQ1GpmaMS//9BLoO+2H
ckghogZ94Nxq6NFRXH/618PKFzahcnBbqpuIbo0wzpx6WS64hsHUwnqXFlTzTeXs
1Kkg8uT/hy7iMkGTQsdOqsHweUR8KoUbQCeHt5oB8xUkDBrjIRSxCwkfnIs6fsWW
EEoRUCM4cjbmX4Owb4ywbRzbJPjubkNs2b3GKo84b6Z9lS/02VP9GjB6n8hDx7b/
gB1fcRPLpzdNFq5hI2twKZw7XiXU6CeG5FrZcDdsOgaEsDXbEkGMAnBOyUkusmSi
7McHm8BHYs6JynQon7577W2cuw4WAlu1fmnToXBlB+zivn7C0ywM8/V7ZAFMXH3P
BO//emkfZ2CbBj4tjqq/X4vYLVYwTgjeOuE16w7QORfGAQH3/g84nHGKmRGQmf8C
XK3zC3ybOkoXzrMmOfFRqVkWLI9NYSFXypd4rXPOdIT/PPxHzoZV9Zhlb+fobNy1
yt2ProN/eHecTgJzthizNpbp0vexQSnEfjbgn8KEiEBcHm7cYbcWxM7bJtf2VgdK
lSa4H6xX3bndC8avZX3tYdGda83p0NA34cT0V3zzSCiBXbSEysfCoEGpT3fgVxrO
gc00qgief0oNdTeO8qnGjgc4SgsxH1yzoFsLsZ/JoHfeap/AIO2axCyxf1yPOrsv
lTUJPWhi8Hda+1iaHElSFsKBLBMnty6mGh9J2b5JpmGCbjOKg35G9G0gZPbo7hP1
Wfte5bXq+Ur+7sfS+cj5DS+04p4xygI1djc3vRk+QJxd5z6gjKuJVIpK/+qRTzP/
6vtnE/59xFGmxKZsgVW5ZTMM0e0eUneST4h1ciCAmqdXsTAIoLuTXi4gkf/P85Ye
7NoiPc6SamqktvUxDTP6nGP906LhnNxjhjswhhi33aBXLKLLbNKm4aT8bBm+DISh
KRa3qK97Q2GwEpYp6xticBa5FNHFPhLWBzB9Acms77lRQ+V/d1qZ+EBnaq3zv4tH
3zSfhimNyhWSvbl08Nr7OSWJIYQzpHKiUpqypoWmrBCpnBDSdug3h+qXf99RnQSJ
5xGe87H3v8xSub+f3uZMf8S9LxQuWDv+bGUfxXla/234duO8E4CcOBbiMdI1khcO
XPSKvqEuwdnZfDNvxQq8u5R83zI/zMh+/KI8bjo3qe7O5TVUpxb6YFM74KuGLZTW
EPWTJereXtVQYC+dHl2An41RKO4+4wXFPf9etILMwCtvPrnYompz9l2lEKfA7WOP
uSFH42JayyhaTjvXsdPPQbeZpCKeJqsESclF5LfXxLwPAnfRWlEVXEht+j85Q0oX
UUhzS44LqEGzrFgot1vp3au+7PsxyRBCg96us6E8z151/VxX1R+lrmaUEQweh2lv
tn1ZAXksB7AisUu3Uw1nz5JMhn0tX3/NKKyQLHwwcrlH51Bxrzhlrpc0SsKbpjcE
4r7eiT01S9njVOIPJVaHd/KvdyhNXViKMW2uF7dc8viYPjM3xnEnp3Cp0BFnjEBL
wjAcxhaAvwUg0TG7s3IM5RiqOsUCmRYN7n/hJdZF7/5qtwkIB+5BJ+ow4AdPSdym
AX8ukmiBjhvgQq8EAlDreQeWVXtAY8HcHkU6KjIoFVoiLCqrwTVSmxSXfLRuw2NG
cRdnGvoZ6LxF69ocap7kgulT3haUid5w9FFEuzDJtW8bdTlqCqgUdaukLN3mOjEj
C+3ynprAD0JjcU+4Q8ZGX5Ozaxx0o/dN2BaTnj872434V0XSUcsdlssbVoFfQe1Q
7ftu05xbSTpQi+aj+BqDltwHezifev2UpRFMENqIkpSl/jKtdbaapBk1uxxDDnX+
a6m0b7ykrVe18TjiiSsGGf0TTuwvcJW6bmh08Eg+NitDl5HPHabLUY8lornzbw68
+0C/wVllFiX4WGMJ33FztI6/DZdIa/tTEEYQKn+WDaPVwKFp0j3kzfUBj9zHDC0J
YJbuQJ/nq52rqADqbEBlNv2DYwWgAA2znk2yL0mUT9IwegE6nw9/X97zr5tgtkni
PPP+MI/H4seURLnkyr2v//0niLPAXwiru9g5omMbWYn78va3GcaAWvypRb2VMyX4
Ve4rb2gdXioM93T2umZbAph0GtjZ/jSnKobq46xl4wuxqQ2qRWDlb7I1Eda/Hn1O
oFBlJ8T7yaBWLsMHJW76lWIov05fYRRNQvrOPB7+Jz/TxhAGF75GZzLbN82jCaRd
jJCbfdc/DCYSNAkCuLcDn00BGxYCQ70Mu0LVG0wrnyMIg1JXK5oTZkdsNPml9Mij
CsNLf3Wh60iX9qWt3rdSppO6mCJKmWIfyTS3tfxB3NE+/M37KtrCK76fhFEfYfHm
7xhqzsq1j5e1DXxhrqtQZPTqAuOLjbQzsTAyFFJJKz1aZk1dOFFrj9hmsIEwBUe/
6zrX+oPk1aEmT4qGb29DMn69ruUlcZQ+5kIBGMXPsnBV7TEm30HE8QGnVWUOlIZ6
1etXLSJsmCEkV81N4JZyNDGONzvuqGnoDMeEE8d9EnztwGIEUD2lLmiWg3PKsvgg
/dWjirUdVRVwb7YTZL3NsWn11TehCMxUFSXDYMVWcRTaYLqMNLDlZL1zAj3YRzDV
1iGR7s+Jw5VkGZrSqSPuRW4dBjr8JulHimKhRCZw/cIzl9EXISsVRP/gFEc3OvEl
TrpE8hsvOrKd5wWziJjJ0YXHTjXKoYjeD1Cg95oZII3iEJ6d3k80p73QHcC89kyF
U5KG3WtaGrDmS/aw7UpNJQI6UuMSli8bsvmTO/ko/YEKlN75YD4doxuHAYz1s2UB
Ii6EFbLrhG/Lk1VP7AxTSyiFSY3iS1l92fvv72BI5J7G6Okk66BWvdNUFH8crEXJ
woiQ5eUk2Mv756C4fCIPmgv3zv7T71r3L5mc6hQ4MEuVHDfSvFfiRd2w2z/5WjKy
JY+xOBY3LmvpvhogMLpFhQ==
-----END ENCRYPTED PRIVATE KEY-----
</key>
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-serve
ns-cert-type server
# If a tls-auth key is used on the server
# then every client must also have the key.
#
# Don't forget to set the 'key-direction' Parameter if using
# Inline Key. Usualy , sever has key direction '0', while client
# has ke direction '1'.
#
key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
1c8b2c0960c29ba0f8b85d20cf7654a3
2429c0a7e6c898f834473377846b349b
e5070fadf83aa6f2143ddedd5fed69b8
6b4303181d4cf8b130777033982585fa
24796676d2c096db93d8ec0bf221a33f
974c554b7173faaa46badec409713525
927fdabb473a3e24d309983c858b1b7c
7ea88198f4f01d1a5c2fb6920a1dcd4b
d1a3918e736899803896aa1d43ad131d
996e9f78bcc1faccb83276e65ca43626
c4b0de36dfaff3be40276a0126d15690
bf7c3baca7d51d4ed78efb8248d6e3c1
43fb2424ed1b31e7a2cb14506a3d5fd2
3f3f58ee93eb615044fb6d0d345095c8
c0c5551065d416d1b6781d8436f8afb9
2f34aef585ba7ec0a977386b3a3b9c0d
-----END OpenVPN Static key V1-----
</tls-auth>
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
cipher AES-256-CBC
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
comp-lzo
# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 1
# Setting 'pull' on the client takes care to get the 'push' durectives
# from the server
pull

271
CKUBU/openvpn/home-ckubu/client-configs/chris.conf Normal file
View File

@ -0,0 +1,271 @@
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote ckubu.homelinux.org 1194
topology subnet
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Try to preserve some state across restarts.
persist-key
persist-tun
# Server CA
<ca>
-----BEGIN CERTIFICATE-----
MIIG4jCCBMqgAwIBAgIJAJJFyNRqWYU3MA0GCSqGSIb3DQEBCwUAMIGmMQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczETMBEGA1UEAxMK
SE9NRS1DS1VCVTETMBEGA1UEKRMKSE9NRS1DS1VCVTEfMB0GCSqGSIb3DQEJARYQ
c3VwcG9ydEBvb3Blbi5kZTAeFw0xNzA4MDkxNDAxNDRaFw00OTA4MDkxNDAxNDRa
MIGmMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJs
aW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczET
MBEGA1UEAxMKSE9NRS1DS1VCVTETMBEGA1UEKRMKSE9NRS1DS1VCVTEfMB0GCSqG
SIb3DQEJARYQc3VwcG9ydEBvb3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
ADCCAgoCggIBALae3zg7UYlmziw+LCYVg65H+lKNOcj/JArsL2MOnYEcmrePLI4e
GWRppLVpxKeG9kIpfVglfqRDdEY9eOFguJs+MsKwwRi2LzY1rCjDazCjTnQ0L0Zj
1RqJT1LqaEkzLv0cAWxza67K/n6vMaXxQ59jNAW/bOik1SogHiwrT78f2e+Zu3K8
tqkuuDwtwbU0jzL+m+IuHNVl1CTcAIZRmFbdxpWfi5pocrbOIlCwXbUP8ltp/E/t
xLKQqBP3ccgFwPuCGZBymUcpRdMgiDwifYnZK3H4STLSDN4b6K1PclKh46QuxDv2
egap+vctIKJRLguAPqRVjSoYK5UXUcZC+R6t8rHvxDGLwvk3IPeEI9z5bCvnm8cw
0e4/dr1EDjtwHXtw8X6DDf2biNmq4edCRxrgyQKwSOAsC4MhzFNPM112N1nJNrpR
nXNCKRNGF4MdI/zFqRLraafk0eT6yP9/6lmoQDJsjhUH/ziOB+cPS4XmUI/XwMF5
c56mD49gdG4ZivDtJeGcdZ4TSbD/lvc3yI1ECgouFPcBAJHwendA29xYMmuj4oCP
stW7N8HARZWzfwIdbB/HHupHIZ1HV4ACY0H7Sju6SMFxWi09dl92BYG9rhMW/M6A
+k7WxW0IEqZyQgen3fTRw97GJXaLM+anwwl89c6trOaME1ql/w91lAInAgMBAAGj
ggEPMIIBCzAdBgNVHQ4EFgQUXaBXd/nJzd6Iqb7Q+/D8ihm1nfAwgdsGA1UdIwSB
0zCB0IAUXaBXd/nJzd6Iqb7Q+/D8ihm1nfChgaykgakwgaYxCzAJBgNVBAYTAkRF
MQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5P
UEVOMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRMwEQYDVQQDEwpIT01FLUNL
VUJVMRMwEQYDVQQpEwpIT01FLUNLVUJVMR8wHQYJKoZIhvcNAQkBFhBzdXBwb3J0
QG9vcGVuLmRlggkAkkXI1GpZhTcwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsF
AAOCAgEAquNynEChfqP/lTY48YE3xhDycq0YF0WimD5NzKPgrCIP/1x3lyufzoiz
8DrqVZ61LKdJUJMcWRmyqiXS3WZFX9X7ktZvmf37E7JUvorSuF21PMm9Oj0yUsUX
y0AFUiH3fpNhCMxYiCqS85wWBy1+/6np1RodihGTPcLwAGLIVGEklyffyamQ2i2E
TZwZrZJrmLyzsdn4PT3vJyfAUUbcpgf32zjEZCCozlSdisZi8cn2pL7y1pcXA5Oi
gvLhDNntYTKcE1JjWqa/989JJgvvYD2fgCo+DkPw6i/Dic0UAZypHLKqiCc4f3Pc
GqtaY7nxQjMSGVnMjEn2yzyFtXep4lXn16Nh8ZnGbEk3dqCIBS2xzjcUs6YRdyMb
b2JIflNuI4Wrqx5CTyMM7lSNapZRPiP7Qw4xyq+og1TABJuc+9A3Pj/R/oztoHim
9p1zCM4m3tEBUCkYxet87BojVn4MQ37pees1Xi4oAFHqU5mCwpakO6rVOt4Y4vyZ
K4eF0w3NoRl+z4tbDFh+RjUj5tChKcMxaSitCsD0GGvd0nlO550tbxjMZlchpLhP
xG+rcU6098AdwAIjESyYfowVhHT+BDTefXphSYMz0ImaiBzbGwEmpce7sD1bYFSn
Wer/Kh24vsIIxcO2PNEKvQbO/I7YD4Yjk4pVGTUgD54LLX7k+7U=
-----END CERTIFICATE-----
</ca>
# Client Certificate
<cert>
-----BEGIN CERTIFICATE-----
MIIHQDCCBSigAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEzARBgNVBAMTCkhPTUUtQ0tV
QlUxEzARBgNVBCkTCkhPTUUtQ0tVQlUxHzAdBgkqhkiG9w0BCQEWEHN1cHBvcnRA
b29wZW4uZGUwHhcNMTcwODA5MTU1MzI1WhcNMzcwODA5MTU1MzI1WjCBrDELMAkG
A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
VQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMT
EEhPTUUtQ0tVQlUtY2hyaXMxEzARBgNVBCkTCkhPTUUtQ0tVQlUxHzAdBgkqhkiG
9w0BCQEWEHN1cHBvcnRAb29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
ggIKAoICAQDA5DrGxKOrIDkG6bN41khikTnVEWmg35qFA1OkbezVg8e0tuhAhDqh
ugWUbbKJAj/KIwQS1z/8yNfkb5GKNEJYCnUvuvnxc/AKJ1c5DrijeRm5PHyXs7sn
RFm+EOB5G+czct5JEfTUkVsftSZboLhQ+GESNB4DJj7cZX5Eb3CQQm60a4cBMzEa
r9W7LyWBQEHcuY3oI6s/R9g72QGJaNQWJklBT4TOcnz3nvs5/SYvvxVsykqDD8ii
9SzqA3zuvBoTUHFaw7YfoBkclQ5ziV0iNYUXb937DArbvnhNbDxb9EjBCmJxZ8Uh
ryVIyLnSvtLgar3I/eHFeJEhxwdhmNuYR1tLKjkVLFb6rTWZiizRUSUnidNHXbu1
K/FbOsurd3ZRLMttZNTc1kNdXy3JDUToy9rZOUpoRbfY1UnCNN2tWNB+U6wYgAUn
V1bZhWnUdX1stP96G3kIjff1LvfcheevgaLDNFDAtgRwYjawP/uXdybmQAIO6UQr
jLfA2958sGEKWrB1Pgy8kmvXE3xGajNDTP3UNFIJsc6/nE7DaA8VTuVW0ypgNSwS
uvI4HJnbxV9YDCozojOVjN4ICyqDtBabKbuZ6C2lvrMsKMrvUTkdVei5YJELHH6f
qT0Wvgt+YjGmu9LuG44v2lKWqw0oxsnnhElcmMyuimrWiWH0FsflJQIDAQABo4IB
bzCCAWswCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2VuZXJh
dGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBSZ3aK5+DrQI6Jqd/Rr85dJ25MefzCB
2wYDVR0jBIHTMIHQgBRdoFd3+cnN3oipvtD78PyKGbWd8KGBrKSBqTCBpjELMAkG
A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
VQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEzARBgNVBAMT
CkhPTUUtQ0tVQlUxEzARBgNVBCkTCkhPTUUtQ0tVQlUxHzAdBgkqhkiG9w0BCQEW
EHN1cHBvcnRAb29wZW4uZGWCCQCSRcjUalmFNzATBgNVHSUEDDAKBggrBgEFBQcD
AjALBgNVHQ8EBAMCB4AwEAYDVR0RBAkwB4IFY2hyaXMwDQYJKoZIhvcNAQELBQAD
ggIBAKh8doaLAtydm7PEcC7QAP5Uc3TNqCpfNCDApfjLpl7rdKrgAnmeV9kQ3IVq
AAeyl2vuctEbcsX8/oNYEJFuUIwNf4mFDdp1Ifq8/ieCw2KLDU3zYH8sKQDTZHwT
w6xuXocuVQ5mcwwjP7ERmYXUnnnHAOgSvjgXBBtNV8tAYGCLDkjGvcUZ0oNVBgAx
Xoewhmd+1Oozr9I0YH1EhEDECVTbivb0So+2ZbEjmOXhSlJdgdi2MO96dsEOuMjH
KMVTqBhMNtBOHXtDbfZC2NwzO5RcAV9FeWkHj6oaWIEl7RTiw52gMTygbx6ezZT/
2fKq7TrY8fuRWLmQ77+TwIkT2oyr7DjJ9s+kY3AU7XKAZHTUbhGlqKsWUiV/3+5f
S1v/4hjtuAA3JPOToBcEn9YAR2djavYIRM82YbRByHvrJZkCEnfOs57Wv5XZGKLK
J4ph1ikT+lLBVczZVB14Elz6Vz0/CHlT2Q6/MtENpLyJop6uVCTmpIiKcfF+kuR3
/f8pdXOzGc1nOwT3g75A+D70nWaXULZUBlRKJ3FZCo+Ecx73YRhU82frDL9+jYiw
ui8IfDjmAQIqFivcHYLizZtpJhrqa7oG7MY80lfsHTPnUU/jkdRBYBzGk3yrFXpE
KN1k61XVk3Iv9lDA/Oa9/Q85eSmj8a49ZQ+GLsTaOx7eBi8j
-----END CERTIFICATE-----
</cert>
# Client Key
<key>
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-CBC,A8DCE11902B81F52
YoUKcSwJtgulV5k8iXSNF/U2joi5fD9mOXOy5qQWkn20s3uAnapYL05jv7x5WZnB
r9Q37oFVgB5bu0THLqa64fORUOOmin/PhepgBkV1BWmx75Y1FdHaylnBqqudlhn+
Ae/pXlhWET1aWXvdKPGMhFJ+RKevHEoThGMxHC/Hj3a0Rl+AzrPbl6YROZ1eM2cB
Kd3nWrdrGhcUyDUn8cg9n1pDnouEGm/krbn1zjQsISlYmxDMoHBHAj+bAFJKTtkt
NiidhN2lNbw9WfEOm5MZCaM0c1GrK1Uw9AhpkZcvKhVx6yZNa52c53a/xxzoPcq8
kA+4n73NoyJzmi+q8egPKCBt2lXyHPDkfsrns3ljJPG7DMPfSazKH6KG4B/ONS9b
wxzNCuyFyWfJdbDpN02FXZHeyg7CGPU4kpSgy0XwFakjQ6+a5hbRLIVkDb8PCvIA
ayLSOvB9WgQzBQjnXyiujTMDz4FzLOVzGJUGKvgkNqv7oxHbCjNTynS+VIWw8wAk
nLcV7F8GTGU76h/TG9IOsVaq1eQIpXq01NvMwZAezh24QfM1VZwuB1vgcAren0P6
78pOKpuPtzEJWJy3zwbSGHtRetB+E7riU6eJHzFsZtJExxn2Rd3ATpIb7MtG9b0v
MKzqPhWHzEQz/psMrZaQ3ONsmi0Ti8Yjn/lvV5B/whwBEeJ101ju/ZXvPyqINzQH
5E1/Flwrr2hXkEchaGJoREN26tWUu5x5E7KWu37wzbb6533veoVFmoLm0+NdHDM6
+LOlq6xSy5vDH1qNaSPf7mtfBJVx/2f5I6IIGfPJ8wNWQsb7ij/vXpJIGaS3lee1
1ZMnIiFQAGs5rQh+XqWRLFL2Z5Omf8SeE4Zr3Pd5Ax9+8UjpNgMPlNCZ66yyOzO7
lwSQWbEVx8HG9Eg1hFOIgZhVbDmaukHLJcVaT0A0WR2/19iu3zZZ0VgJcz4i+Qp4
RlznHpOJQ6FvpydxW93BkRpikMfpRL8PdPKswbIbTAkwTCV7EIceSnH2NL+EFsLQ
/muGyx4IhpFsJB4gE0TR0t/U4FdBijILd3wZnFBxPfhofc393P2OfeRLk4tvaeae
Eqwzkcdcm5zG0dbxFUTXe7pQB54hRvJ/4XFMhTwQBjZDKr0RH0mNEgomqU8s8Lfm
qaMY3OGuYAMpTE3t+NIBdge8SoSSxxl/kR+2V2h04zjZ9uYss4b5Bj127tGbbSS8
nH4cDwysTTtcACuh8FLByoFio9Rnt73uckhflskaLvwZE/8A0uhD01F+chatvSAJ
Aix9oQwDtiyHF2t8C3eouOWl7Is+BDlh2iWYEaNPgFpXwR5eRqUpkDCDFurecT3t
ru7i47QftimArrx//dWdNZDDXC2vY32zr4e3wLoEkuFZb/uiXA067AVvCKTuN6H4
M00kzpAfyawLaLFsPFxi/hISWq96OzmguivsDsoraIl8Uz1xkL4/zhHdJDToHV4E
wTrQlvoA4zWDa3DNbwRH9vna/zY8owktR9nDb50xlmmzXT8ucAFN8BNLCeQMir4u
2HjGic2gBFrnOgafVXsnJam+a0ce2mPSRQ1hLNxquDdB3gT1Woiczhl1HBRX9U7K
BpOJeVWF9kLBhbTTWqXQMnZNOnh0iEmjtDg22dg0hsHsoo8z0ngUGGrDofPRQ9Xy
Aw/GmAwF7pmwSfIWiCndFMFeCN418nugtX2QavkIkm8OFm522RRwUCX5lKdZAlzG
nX947m997mZMtdilpcl/F03N6/gKu1S1Wrmug8sPD6R9mugzcNQDFRsS+8dcwmwf
+zYInaSO6tmI7+GqlaIORXB9vNawy9vElGOqx69No4vjHP1x9+6xEtJk4O6aRDtl
Ju7/NlDildpIhjIvnJe/eKEBDfyyGDlHyVAEqnf7Yzz92j+3ZugIz/zd4iTdGzfg
tsQx0x2i/WsDw11/cefPXth07kJVfgM3jdgk2d0Yd0LpWWjxUZp5H4zJ5FZ5yl6s
GFLYCK6Fj1QsWXd4qQjH7092ka5GKvYLcR4DxCocJ6tS1UE0MReI1YaJ8GU3dwaY
91+Q2j3+lPY3PKH8/MjL8ZZJoIjlyvXwYff1quObbUYIYbtuhJ3c1PYeigt/G5Du
nb4qJuZ6ue2OEfuvRnXgH4aNgZEfrVuYydDBxM55HpaxZBjC0ipqGYnC2X9rU7JI
dD+r0ymGoIt91ZhgnahhIx4zzrJ5i7BNujMYal9AEkPXV+VkY/iNJJKjIzFEc9J0
GX9ELhXHzed3xxy3goTqJPgY0u/jBsUca3l2AI9H8qjeAltbiRP+TdyafhCr/RX1
f2t+KLLvK7F2Ls4VcRPIpuEWrnbvJbh3ot5anzzR20ifFy2fIXyI/Sy/DPAy3hgD
adNfY29lyY8dLv/CTXju9AHEX/Z/IvEBBZkAUUIJ8v2wIR2HMOi/kCsEl3HnK/Sq
aKHenYE5QqME+Y6b8t+w3vhNT7HAcaH/sjrDn08Wls/XqTDEEr+fFV8i/Z0bFQjs
27pbdDrYCmQjGizP2INARVIBYeCk/LQ8kSgIy2pI6uzqdXiHjeeSLtLxl7fmLw3j
VNzCP0uY407/N6WTOYEvg/SHAYQZNA3zSA/xsNihRGGDvj75a0WI1p+QDMUUGiYJ
xdDU4lM+L6YP2yZ75XBUNhwHHX6C1vfQC/BvnszRSdnEZeq+bOwAkBDC31eH6y4J
tbqxOXB71x6Ljcwp3BnpKbnXt9VzLM+O96sSc4wOfJl7AeHWD6eEKJNT1mfjWfN3
jB68ezZhQpth7RilxtECMz4pcigGsljHkIfd9nweahAwq2RNwhz5cafpQqDeJV+c
0o05tSNvR8snLX+fbnBTxHl4025lTmJNh9Hv4DY3UnAVL/e/wkmupb6gYA+N3s03
ZJhhG0YBUviuuH6DrRdxTrHjnVveJHSuHhUHrgM3PeX8cspBBYbX77d52jqDS3HJ
UD6eCrIbxyDsKDFS1DEby2KZYM5CBmI4AzUW4nKBuRPZ0uFiM7b/KXptQvC/sUWE
6DgVcIz2ExivDyiHo5XSWsssRRI+vXtJ/GSghWTZuN6WI3whZtnYQyS0L+tZCRdi
GHaFz1YOvzTJZoWHZgXg0fe58Q7CLdco+66scYlHstj562mjsd7fPa59KaGKluvM
-----END RSA PRIVATE KEY-----
</key>
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-server
# script in the easy-rsa folder will do this.
#
# Note!
# The option "ns-cert-type" has been deprecated since
# version 2.4 and will be removed from later distributions.
#
# Use the modern equivalent "remote-cert-tls"
#
;ns-cert-type server
remote-cert-tls server
# If a tls-auth key is used on the server
# then every client must also have the key.
#
# Don't forget to set the 'key-direction' Parameter if using
# Inline Key. Usualy , sever has key direction '0', while client
# has ke direction '1'.
#
key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
1c8b2c0960c29ba0f8b85d20cf7654a3
2429c0a7e6c898f834473377846b349b
e5070fadf83aa6f2143ddedd5fed69b8
6b4303181d4cf8b130777033982585fa
24796676d2c096db93d8ec0bf221a33f
974c554b7173faaa46badec409713525
927fdabb473a3e24d309983c858b1b7c
7ea88198f4f01d1a5c2fb6920a1dcd4b
d1a3918e736899803896aa1d43ad131d
996e9f78bcc1faccb83276e65ca43626
c4b0de36dfaff3be40276a0126d15690
bf7c3baca7d51d4ed78efb8248d6e3c1
43fb2424ed1b31e7a2cb14506a3d5fd2
3f3f58ee93eb615044fb6d0d345095c8
c0c5551065d416d1b6781d8436f8afb9
2f34aef585ba7ec0a977386b3a3b9c0d
-----END OpenVPN Static key V1-----
</tls-auth>
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
cipher AES-256-CBC
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
;comp-lzo
comp-lzo
# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 1
# Setting 'pull' on the client takes care to get the 'push' durectives
# from the server
pull

18
CKUBU/openvpn/home-ckubu/crl.pem Normal file
View File

@ -0,0 +1,18 @@
-----BEGIN X509 CRL-----
MIIC7TCB1jANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCREUxDzANBgNVBAgT
BkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNV
BAsTEE5ldHdvcmsgU2VydmljZXMxEzARBgNVBAMTCkhPTUUtQ0tVQlUxEzARBgNV
BCkTCkhPTUUtQ0tVQlUxHzAdBgkqhkiG9w0BCQEWEHN1cHBvcnRAb29wZW4uZGUX
DTE3MDgwOTE1NTA0N1oXDTQ5MDgwOTE1NTA0N1owDQYJKoZIhvcNAQELBQADggIB
ACjHl5NsKZ+RmQFK9PGDNVQg+aPaAdUpOQVY3VqQtMEN1yPlSQE0To9+u+fxlyxt
XTNe7D8xTeTLU3J57UjEZerxJXPWMHKlOMSt1xDD51Y81IChYzyM0yvTcNlNHi71
1IcI/MzX4M2Jy2tf1tL8MXDkXMEwDWH17XyUN246h8D9p/B/SO6Uem8Jt7YIxT4R
n6P4B63iFIVROU21rCqJ84f/obUFpRS/ZV7c0Gz9lLbfdEG2eAxuaNxjSk79rosY
myZuMe1WTjDkgAg8y/E0j4HnAUE6Cos0fz+R3XrPlZLVVbnVngXcjP/J8LBQNDNR
1gNh6ZsW8zDt3ZoILH0J/0gvF+JBBuIwi0bgLqbj1hYBDIA9IhPbDlt7+36o/wQA
vqoPWzCT+koF4xWA8q/LgQpL1ta9oozFOC8Lb/7Hhu4P6abeMDbuGrye4wP6nT2H
xrO4yLpvvmRRMLIs8SiS0IcLT/nHGJZ6SOLn5zqf2aIzGYvoE8uqjhSbHMZwZFZi
4rZPaivzd1c9IWrW3WN5o403mvNkUS6Z1/Hhk9Jc++ZMUIOA5r2A/RPaUxOZMAD2
RYmLE3b/VeZefx/PXTmlu3+0OGMCvOIUTx8bKG8bNEmK3i+6lOB8I0JqKszGEFuT
JnlqO8kgBnwRugI29zY4tFLjKs99DwOHoZAPSMiDi/Mc
-----END X509 CRL-----

1
CKUBU/openvpn/home-ckubu/easy-rsa/build-ca Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-ca

1
CKUBU/openvpn/home-ckubu/easy-rsa/build-dh Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-dh

1
CKUBU/openvpn/home-ckubu/easy-rsa/build-inter Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-inter

1
CKUBU/openvpn/home-ckubu/easy-rsa/build-key Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-key

1
CKUBU/openvpn/home-ckubu/easy-rsa/build-key-pass Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-key-pass

1
CKUBU/openvpn/home-ckubu/easy-rsa/build-key-pkcs12 Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-key-pkcs12

1
CKUBU/openvpn/home-ckubu/easy-rsa/build-key-server Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-key-server

1
CKUBU/openvpn/home-ckubu/easy-rsa/build-req Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-req

1
CKUBU/openvpn/home-ckubu/easy-rsa/build-req-pass Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-req-pass

1
CKUBU/openvpn/home-ckubu/easy-rsa/clean-all Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/clean-all

1
CKUBU/openvpn/home-ckubu/easy-rsa/inherit-inter Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/inherit-inter

1
CKUBU/openvpn/home-ckubu/easy-rsa/list-crl Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/list-crl

268
CKUBU/openvpn/home-ckubu/easy-rsa/openssl-0.9.6.cnf Normal file
View File

@ -0,0 +1,268 @@
# For use with easy-rsa version 2.0
#
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = $ENV::KEY_DIR # Where everything is kept
certs = $dir # Where the issued certs are kept
crl_dir = $dir # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir # default place for new certs.
certificate = $dir/ca.crt # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/ca.key # The private key
RANDFILE = $dir/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 3650 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = sha256 # which md to use.
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
####################################################################
[ req ]
default_bits = $ENV::KEY_SIZE
default_keyfile = privkey.pem
default_md = sha256
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString.
# utf8only: only UTF8Strings.
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
# so use this option with caution!
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = $ENV::KEY_COUNTRY
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = $ENV::KEY_PROVINCE
localityName = Locality Name (eg, city)
localityName_default = $ENV::KEY_CITY
0.organizationName = Organization Name (eg, company)
0.organizationName_default = $ENV::KEY_ORG
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
emailAddress = Email Address
emailAddress_default = $ENV::KEY_EMAIL
emailAddress_max = 40
# JY -- added for batch mode
organizationalUnitName_default = $ENV::KEY_OU
commonName_default = $ENV::KEY_CN
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "Easy-RSA Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=clientAuth
keyUsage = digitalSignature
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
subjectAltName=$ENV::KEY_ALTNAMES
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ server ]
# JY ADDED -- Make a cert with nsCertType set to "server"
basicConstraints=CA:FALSE
nsCertType = server
nsComment = "Easy-RSA Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=serverAuth
keyUsage = digitalSignature, keyEncipherment
subjectAltName=$ENV::KEY_ALTNAMES
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always

293
CKUBU/openvpn/home-ckubu/easy-rsa/openssl-0.9.8.cnf Normal file
View File

@ -0,0 +1,293 @@
# For use with easy-rsa version 2.0
#
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
openssl_conf = openssl_init
[ openssl_init ]
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
engines = engine_section
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = $ENV::KEY_DIR # Where everything is kept
certs = $dir # Where the issued certs are kept
crl_dir = $dir # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir # default place for new certs.
certificate = $dir/ca.crt # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/ca.key # The private key
RANDFILE = $dir/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 3650 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = sha256 # which md to use.
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
####################################################################
[ req ]
default_bits = $ENV::KEY_SIZE
default_keyfile = privkey.pem
default_md = sha256
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString.
# utf8only: only UTF8Strings.
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
# so use this option with caution!
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = $ENV::KEY_COUNTRY
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = $ENV::KEY_PROVINCE
localityName = Locality Name (eg, city)
localityName_default = $ENV::KEY_CITY
0.organizationName = Organization Name (eg, company)
0.organizationName_default = $ENV::KEY_ORG
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
name = Name
name_max = 64
emailAddress = Email Address
emailAddress_default = $ENV::KEY_EMAIL
emailAddress_max = 40
# JY -- added for batch mode
organizationalUnitName_default = $ENV::KEY_OU
commonName_default = $ENV::KEY_CN
name_default = $ENV::KEY_NAME
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "Easy-RSA Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=clientAuth
keyUsage = digitalSignature
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
subjectAltName=$ENV::KEY_ALTNAMES
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ server ]
# JY ADDED -- Make a cert with nsCertType set to "server"
basicConstraints=CA:FALSE
nsCertType = server
nsComment = "Easy-RSA Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=serverAuth
keyUsage = digitalSignature, keyEncipherment
subjectAltName=$ENV::KEY_ALTNAMES
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always
[ engine_section ]
#
# If you are using PKCS#11
# Install engine_pkcs11 of opensc (www.opensc.org)
# And uncomment the following
# verify that dynamic_path points to the correct location
#
#pkcs11 = pkcs11_section
[ pkcs11_section ]
engine_id = pkcs11
dynamic_path = /usr/lib/engines/engine_pkcs11.so
MODULE_PATH = $ENV::PKCS11_MODULE_PATH
PIN = $ENV::PKCS11_PIN
init = 0

290
CKUBU/openvpn/home-ckubu/easy-rsa/openssl-1.0.0.cnf Normal file
View File

@ -0,0 +1,290 @@
# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
openssl_conf = openssl_init
[ openssl_init ]
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
engines = engine_section
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = $ENV::KEY_DIR # Where everything is kept
certs = $dir # Where the issued certs are kept
crl_dir = $dir # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir # default place for new certs.
certificate = $dir/ca.crt # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/ca.key # The private key
RANDFILE = $dir/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
#default_days = 3650 # how long to certify for
default_days = 11688
#default_crl_days= 30 # how long before next CRL
default_crl_days = 11688
default_md = sha256 # use public key default MD
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
####################################################################
[ req ]
default_bits = $ENV::KEY_SIZE
default_keyfile = privkey.pem
default_md = sha256
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString (PKIX recommendation after 2004).
# utf8only: only UTF8Strings (PKIX recommendation after 2004).
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = $ENV::KEY_COUNTRY
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = $ENV::KEY_PROVINCE
localityName = Locality Name (eg, city)
localityName_default = $ENV::KEY_CITY
0.organizationName = Organization Name (eg, company)
0.organizationName_default = $ENV::KEY_ORG
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
name = Name
name_max = 64
emailAddress = Email Address
emailAddress_default = $ENV::KEY_EMAIL
emailAddress_max = 40
# JY -- added for batch mode
organizationalUnitName_default = $ENV::KEY_OU
commonName_default = $ENV::KEY_CN
name_default = $ENV::KEY_NAME
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "Easy-RSA Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=clientAuth
keyUsage = digitalSignature
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
subjectAltName=$ENV::KEY_ALTNAMES
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ server ]
# JY ADDED -- Make a cert with nsCertType set to "server"
basicConstraints=CA:FALSE
nsCertType = server
nsComment = "Easy-RSA Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=serverAuth
keyUsage = digitalSignature, keyEncipherment
subjectAltName=$ENV::KEY_ALTNAMES
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always
[ engine_section ]
#
# If you are using PKCS#11
# Install engine_pkcs11 of opensc (www.opensc.org)
# And uncomment the following
# verify that dynamic_path points to the correct location
#
#pkcs11 = pkcs11_section
[ pkcs11_section ]
engine_id = pkcs11
dynamic_path = /usr/lib/engines/engine_pkcs11.so
MODULE_PATH = $ENV::PKCS11_MODULE_PATH
PIN = $ENV::PKCS11_PIN
init = 0

288
CKUBU/openvpn/home-ckubu/easy-rsa/openssl-1.0.0.cnf.ORIG Normal file
View File

@ -0,0 +1,288 @@
# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
openssl_conf = openssl_init
[ openssl_init ]
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
engines = engine_section
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = $ENV::KEY_DIR # Where everything is kept
certs = $dir # Where the issued certs are kept
crl_dir = $dir # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir # default place for new certs.
certificate = $dir/ca.crt # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/ca.key # The private key
RANDFILE = $dir/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 3650 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = sha256 # use public key default MD
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
####################################################################
[ req ]
default_bits = $ENV::KEY_SIZE
default_keyfile = privkey.pem
default_md = sha256
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString (PKIX recommendation after 2004).
# utf8only: only UTF8Strings (PKIX recommendation after 2004).
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = $ENV::KEY_COUNTRY
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = $ENV::KEY_PROVINCE
localityName = Locality Name (eg, city)
localityName_default = $ENV::KEY_CITY
0.organizationName = Organization Name (eg, company)
0.organizationName_default = $ENV::KEY_ORG
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
name = Name
name_max = 64
emailAddress = Email Address
emailAddress_default = $ENV::KEY_EMAIL
emailAddress_max = 40
# JY -- added for batch mode
organizationalUnitName_default = $ENV::KEY_OU
commonName_default = $ENV::KEY_CN
name_default = $ENV::KEY_NAME
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "Easy-RSA Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=clientAuth
keyUsage = digitalSignature
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
subjectAltName=$ENV::KEY_ALTNAMES
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ server ]
# JY ADDED -- Make a cert with nsCertType set to "server"
basicConstraints=CA:FALSE
nsCertType = server
nsComment = "Easy-RSA Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=serverAuth
keyUsage = digitalSignature, keyEncipherment
subjectAltName=$ENV::KEY_ALTNAMES
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always
[ engine_section ]
#
# If you are using PKCS#11
# Install engine_pkcs11 of opensc (www.opensc.org)
# And uncomment the following
# verify that dynamic_path points to the correct location
#
#pkcs11 = pkcs11_section
[ pkcs11_section ]
engine_id = pkcs11
dynamic_path = /usr/lib/engines/engine_pkcs11.so
MODULE_PATH = $ENV::PKCS11_MODULE_PATH
PIN = $ENV::PKCS11_PIN
init = 0

1
CKUBU/openvpn/home-ckubu/easy-rsa/openssl.cnf Symbolic link
View File

@ -0,0 +1 @@
/etc/openvpn/home-ckubu/easy-rsa/openssl-1.0.0.cnf

1
CKUBU/openvpn/home-ckubu/easy-rsa/pkitool Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/pkitool

1
CKUBU/openvpn/home-ckubu/easy-rsa/revoke-full Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/revoke-full

1
CKUBU/openvpn/home-ckubu/easy-rsa/sign-req Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/sign-req

96
CKUBU/openvpn/home-ckubu/easy-rsa/vars Normal file
View File

@ -0,0 +1,96 @@
# easy-rsa parameter settings
# NOTE: If you installed from an RPM,
# don't edit this file in place in
# /usr/share/openvpn/easy-rsa --
# instead, you should copy the whole
# easy-rsa directory to another location
# (such as /etc/openvpn) so that your
# edits will not be wiped out by a future
# OpenVPN package upgrade.
# This variable should point to
# the top level of the easy-rsa
# tree.
##export EASY_RSA="`pwd`"
export BASE_DIR="/etc/openvpn/home-ckubu"
export EASY_RSA="$BASE_DIR/easy-rsa"
#
# This variable should point to
# the requested executables
#
export OPENSSL="openssl"
export PKCS11TOOL="pkcs11-tool"
export GREP="grep"
# This variable should point to
# the openssl.cnf file included
# with easy-rsa.
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
# Edit this variable to point to
# your soon-to-be-created key
# directory.
#
# WARNING: clean-all will do
# a rm -rf on this directory
# so make sure you define
# it correctly!
##export KEY_DIR="$EASY_RSA/keys"
export KEY_DIR="$BASE_DIR/keys"
# Issue rm -rf warning
echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
# PKCS11 fixes
export PKCS11_MODULE_PATH="dummy"
export PKCS11_PIN="dummy"
# Increase this to 2048 if you
# are paranoid. This will slow
# down TLS negotiation performance
# as well as the one-time DH parms
# generation process.
##export KEY_SIZE=2048
export KEY_SIZE=4096
# In how many days should the root CA key expire?
##export CA_EXPIRE=3650
export CA_EXPIRE=11688
# In how many days should certificates expire?
##export KEY_EXPIRE=3650
export KEY_EXPIRE=7305
# These are the default values for fields
# which will be placed in the certificate.
# Don't leave any of these fields blank.
##export KEY_COUNTRY="US"
export KEY_COUNTRY="DE"
##export KEY_PROVINCE="CA"
export KEY_PROVINCE="Berlin"
##export KEY_CITY="SanFrancisco"
export KEY_CITY="Berlin"
##export KEY_ORG="Fort-Funston"
export KEY_ORG="O.OPEN"
##export KEY_EMAIL="me@myhost.mydomain"
export KEY_EMAIL="support@oopen.de"
##export KEY_OU="MyOrganizationalUnit"
export KEY_OU="Network Services"
# X509 Subject Field
##export KEY_NAME="EasyRSA"
export KEY_NAME="HOME-CKUBU"
# PKCS11 Smart Card
# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
# export PKCS11_PIN=1234
# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
## export KEY_CN="CommonName"
export KEY_CN="HOME-CKUBU"
export KEY_ALTNAMES="HOME-CKUBU"

80
CKUBU/openvpn/home-ckubu/easy-rsa/vars.2017-08-09-1558 Normal file
View File

@ -0,0 +1,80 @@
# easy-rsa parameter settings
# NOTE: If you installed from an RPM,
# don't edit this file in place in
# /usr/share/openvpn/easy-rsa --
# instead, you should copy the whole
# easy-rsa directory to another location
# (such as /etc/openvpn) so that your
# edits will not be wiped out by a future
# OpenVPN package upgrade.
# This variable should point to
# the top level of the easy-rsa
# tree.
export EASY_RSA="`pwd`"
#
# This variable should point to
# the requested executables
#
export OPENSSL="openssl"
export PKCS11TOOL="pkcs11-tool"
export GREP="grep"
# This variable should point to
# the openssl.cnf file included
# with easy-rsa.
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
# Edit this variable to point to
# your soon-to-be-created key
# directory.
#
# WARNING: clean-all will do
# a rm -rf on this directory
# so make sure you define
# it correctly!
export KEY_DIR="$EASY_RSA/keys"
# Issue rm -rf warning
echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
# PKCS11 fixes
export PKCS11_MODULE_PATH="dummy"
export PKCS11_PIN="dummy"
# Increase this to 2048 if you
# are paranoid. This will slow
# down TLS negotiation performance
# as well as the one-time DH parms
# generation process.
export KEY_SIZE=2048
# In how many days should the root CA key expire?
export CA_EXPIRE=3650
# In how many days should certificates expire?
export KEY_EXPIRE=3650
# These are the default values for fields
# which will be placed in the certificate.
# Don't leave any of these fields blank.
export KEY_COUNTRY="US"
export KEY_PROVINCE="CA"
export KEY_CITY="SanFrancisco"
export KEY_ORG="Fort-Funston"
export KEY_EMAIL="me@myhost.mydomain"
export KEY_OU="MyOrganizationalUnit"
# X509 Subject Field
export KEY_NAME="EasyRSA"
# PKCS11 Smart Card
# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
# export PKCS11_PIN=1234
# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
# export KEY_CN="CommonName"

1
CKUBU/openvpn/home-ckubu/easy-rsa/whichopensslcnf Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/whichopensslcnf

1
CKUBU/openvpn/home-ckubu/ipp.txt Normal file
View File

@ -0,0 +1 @@
HOME-CKUBU-chris,10.0.63.2

4
CKUBU/openvpn/home-ckubu/keys-created.txt Normal file
View File

@ -0,0 +1,4 @@
key...............: chris.key
common name.......: HOME-CKUBU-chris
password..........: dbddhkpuka.&EadGl15E.

142
CKUBU/openvpn/home-ckubu/keys/01.pem Normal file
View File

@ -0,0 +1,142 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=HOME-CKUBU/name=HOME-CKUBU/emailAddress=support@oopen.de
Validity
Not Before: Aug 9 15:50:41 2017 GMT
Not After : Aug 9 15:50:41 2037 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=HOME-CKUBU-server/name=HOME-CKUBU/emailAddress=support@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:d5:6c:90:c5:16:11:24:57:61:7d:60:5f:48:f6:
05:a7:41:e4:09:74:39:63:d5:2b:5e:44:74:20:e1:
ec:d0:57:6d:1e:eb:e5:d0:77:c3:aa:52:c5:00:6e:
de:69:7d:af:43:d2:c8:d7:fe:6c:38:a6:76:f5:8e:
8e:70:e9:63:b6:58:71:9a:2f:95:fc:1b:65:73:29:
47:b4:82:90:25:52:34:59:f9:b9:9b:1d:f5:e8:f7:
18:a1:08:86:8a:c9:65:15:ae:05:09:c6:cb:8c:eb:
e4:cc:01:d6:a1:82:54:58:d1:5e:75:cc:f0:7b:fe:
f7:04:92:72:62:0d:b7:7f:fd:b4:8b:f8:8e:08:ac:
57:da:6c:ab:e1:0d:73:a5:62:55:f6:98:89:a5:9f:
19:4f:6e:b5:17:03:7d:e7:78:b0:15:29:15:af:7d:
f7:57:00:ef:10:4a:15:7d:fc:8e:b8:4c:da:04:67:
12:6f:71:1f:99:c0:36:e5:cf:37:35:3d:ec:b1:08:
3f:32:c5:51:53:9c:61:02:cf:da:03:56:bc:76:0c:
c5:94:94:f4:bf:12:8e:5c:65:1f:3f:0b:8d:20:20:
ee:12:d4:63:6c:94:b6:d2:00:f1:8f:53:6f:db:fc:
71:d6:56:1d:27:ad:fc:cf:55:b1:d7:fa:68:4d:e6:
b1:91:8f:2d:d4:8b:f6:20:26:f1:d7:e5:99:a0:e3:
42:53:21:ca:f9:63:28:6b:e4:24:7f:ca:5d:33:03:
53:8a:71:94:e6:4b:dc:70:79:2f:1e:fd:80:ad:4e:
20:6a:52:ec:2d:7a:ca:04:44:62:cf:6e:b0:47:7f:
5d:d4:39:c3:3b:a6:c2:8e:31:1e:6b:f1:72:89:ce:
e6:d5:61:de:cd:bd:30:2b:2c:fe:db:07:8d:f5:2f:
1c:eb:13:47:f1:ba:3a:bc:16:59:2b:cc:f0:0d:90:
8e:63:cc:67:86:1f:13:94:87:97:11:c3:f5:44:85:
dc:c0:e3:14:b1:df:d3:0b:a5:77:34:45:c6:25:9a:
8f:f9:f3:5b:c5:c6:83:f2:ed:7c:35:f9:15:2e:5f:
72:17:0e:fa:3b:7e:31:2a:76:28:d9:2f:7d:28:98:
ee:f9:48:29:3e:dd:fb:99:d3:30:88:06:9a:b7:6a:
c7:37:a6:92:56:db:be:d1:64:de:6e:b6:15:20:f9:
56:59:a7:be:f0:a5:96:a4:e4:06:b1:3e:c1:df:11:
a9:88:c8:10:2d:5e:0e:53:08:29:0f:e5:a2:57:58:
bc:e9:bb:e1:64:71:50:35:5b:aa:b0:04:87:33:d4:
31:a6:da:3e:15:9f:d6:2c:c6:39:ac:f4:fe:e1:48:
81:a5:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Server
Netscape Comment:
Easy-RSA Generated Server Certificate
X509v3 Subject Key Identifier:
E8:E1:ED:6A:13:1F:29:D0:15:EF:B3:C1:57:7D:2E:4C:49:E0:CB:FB
X509v3 Authority Key Identifier:
keyid:5D:A0:57:77:F9:C9:CD:DE:88:A9:BE:D0:FB:F0:FC:8A:19:B5:9D:F0
DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=HOME-CKUBU/name=HOME-CKUBU/emailAddress=support@oopen.de
serial:92:45:C8:D4:6A:59:85:37
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Subject Alternative Name:
DNS:server
Signature Algorithm: sha256WithRSAEncryption
96:98:28:5d:5f:64:66:c6:43:92:11:90:81:6a:f3:da:30:ad:
f4:d9:3f:17:19:d1:98:4a:a0:78:d2:8a:1f:1f:9d:27:b8:b6:
44:bc:8d:a4:86:04:6a:a9:1a:a3:b8:00:f7:b7:19:be:06:65:
e1:20:be:d4:3e:79:9b:17:36:90:96:78:ac:8b:08:c9:e5:dc:
d6:68:7b:8b:67:88:42:d2:0b:24:96:5b:24:b4:ea:a5:10:be:
59:23:57:f7:ee:52:ce:2d:79:f0:9c:a6:e1:3a:de:fe:46:8b:
af:a1:80:2e:08:34:ab:59:55:02:22:39:63:6b:ff:4c:ca:fa:
ba:f8:43:86:a3:7c:95:bb:5e:e8:85:17:02:ce:4f:7a:17:c9:
71:0f:13:13:c7:5b:cf:22:92:6a:a4:7f:ae:67:b4:78:6e:6b:
1b:10:81:10:b7:a0:c4:c6:d2:3b:c2:b1:1e:3f:b1:0b:a0:fa:
8e:36:0b:55:8c:8a:b9:8e:fb:85:e5:48:b5:9f:00:c9:52:e3:
91:4c:e5:ba:05:03:55:4c:1c:d0:ea:c5:36:40:5b:36:b6:cc:
7e:b9:c1:57:12:9a:e6:7f:41:69:6f:7a:24:5c:b8:66:c0:b6:
91:09:50:bc:75:2a:eb:28:9b:0a:4e:cb:fc:47:65:f5:3d:75:
80:89:83:7e:50:95:fb:07:19:1a:e4:cd:fd:5e:ce:4b:89:4c:
24:0c:c9:be:67:03:9f:65:63:b2:3f:24:39:40:76:cb:6a:3b:
86:7c:7b:9a:b6:b1:fe:7c:51:5b:ec:91:ff:ad:ff:3c:9d:00:
70:3b:af:30:e3:78:56:55:a8:77:2d:95:f1:a0:fc:e1:2e:f3:
9b:b0:3c:bd:52:dc:1b:cd:99:83:37:bc:2d:03:e4:4a:ec:f0:
88:7c:48:33:2b:99:1e:78:bf:d0:30:4f:e2:0e:c7:04:13:52:
9d:cb:33:ee:b7:98:e0:8e:f2:64:20:64:71:d5:24:67:9c:a4:
52:e6:3a:de:bd:d1:1d:2b:d7:60:d7:3b:53:59:bf:33:60:47:
bd:26:9a:de:46:25:63:cf:77:f3:69:38:6d:d2:1c:37:a5:61:
6e:27:4e:52:6f:8b:11:4c:6c:ba:0e:b6:ad:c7:23:cf:0c:be:
c8:18:a9:7d:46:8c:6d:64:4e:d2:06:b0:9c:9c:6e:14:58:4a:
a5:32:36:a5:0c:58:94:d8:8f:d8:e7:5e:69:0b:3f:30:68:5e:
ea:b4:3f:7b:2a:20:7a:3b:b2:af:27:4f:3f:0d:fe:1a:5a:61:
ed:05:2d:6b:65:8e:bf:86:b0:1c:51:0a:14:35:e7:31:6e:c6:
fa:86:7c:d2:97:ae:73:e3
-----BEGIN CERTIFICATE-----
MIIHXDCCBUSgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEzARBgNVBAMTCkhPTUUtQ0tV
QlUxEzARBgNVBCkTCkhPTUUtQ0tVQlUxHzAdBgkqhkiG9w0BCQEWEHN1cHBvcnRA
b29wZW4uZGUwHhcNMTcwODA5MTU1MDQxWhcNMzcwODA5MTU1MDQxWjCBrTELMAkG
A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
VQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGjAYBgNVBAMT
EUhPTUUtQ0tVQlUtc2VydmVyMRMwEQYDVQQpEwpIT01FLUNLVUJVMR8wHQYJKoZI
hvcNAQkBFhBzdXBwb3J0QG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
MIICCgKCAgEA1WyQxRYRJFdhfWBfSPYFp0HkCXQ5Y9UrXkR0IOHs0FdtHuvl0HfD
qlLFAG7eaX2vQ9LI1/5sOKZ29Y6OcOljtlhxmi+V/BtlcylHtIKQJVI0Wfm5mx31
6PcYoQiGisllFa4FCcbLjOvkzAHWoYJUWNFedczwe/73BJJyYg23f/20i/iOCKxX
2myr4Q1zpWJV9piJpZ8ZT261FwN953iwFSkVr333VwDvEEoVffyOuEzaBGcSb3Ef
mcA25c83NT3ssQg/MsVRU5xhAs/aA1a8dgzFlJT0vxKOXGUfPwuNICDuEtRjbJS2
0gDxj1Nv2/xx1lYdJ638z1Wx1/poTeaxkY8t1Iv2ICbx1+WZoONCUyHK+WMoa+Qk
f8pdMwNTinGU5kvccHkvHv2ArU4galLsLXrKBERiz26wR39d1DnDO6bCjjEea/Fy
ic7m1WHezb0wKyz+2weN9S8c6xNH8bo6vBZZK8zwDZCOY8xnhh8TlIeXEcP1RIXc
wOMUsd/TC6V3NEXGJZqP+fNbxcaD8u18NfkVLl9yFw76O34xKnYo2S99KJju+Ugp
Pt37mdMwiAaat2rHN6aSVtu+0WTebrYVIPlWWae+8KWWpOQGsT7B3xGpiMgQLV4O
UwgpD+WiV1i86bvhZHFQNVuqsASHM9Qxpto+FZ/WLMY5rPT+4UiBpS0CAwEAAaOC
AYowggGGMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMDQGCWCGSAGG+EIB
DQQnFiVFYXN5LVJTQSBHZW5lcmF0ZWQgU2VydmVyIENlcnRpZmljYXRlMB0GA1Ud
DgQWBBTo4e1qEx8p0BXvs8FXfS5MSeDL+zCB2wYDVR0jBIHTMIHQgBRdoFd3+cnN
3oipvtD78PyKGbWd8KGBrKSBqTCBpjELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJl
cmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsT
EE5ldHdvcmsgU2VydmljZXMxEzARBgNVBAMTCkhPTUUtQ0tVQlUxEzARBgNVBCkT
CkhPTUUtQ0tVQlUxHzAdBgkqhkiG9w0BCQEWEHN1cHBvcnRAb29wZW4uZGWCCQCS
RcjUalmFNzATBgNVHSUEDDAKBggrBgEFBQcDATALBgNVHQ8EBAMCBaAwEQYDVR0R
BAowCIIGc2VydmVyMA0GCSqGSIb3DQEBCwUAA4ICAQCWmChdX2RmxkOSEZCBavPa
MK302T8XGdGYSqB40oofH50nuLZEvI2khgRqqRqjuAD3txm+BmXhIL7UPnmbFzaQ
lnisiwjJ5dzWaHuLZ4hC0gskllsktOqlEL5ZI1f37lLOLXnwnKbhOt7+RouvoYAu
CDSrWVUCIjlja/9Myvq6+EOGo3yVu17ohRcCzk96F8lxDxMTx1vPIpJqpH+uZ7R4
bmsbEIEQt6DExtI7wrEeP7ELoPqONgtVjIq5jvuF5Ui1nwDJUuORTOW6BQNVTBzQ
6sU2QFs2tsx+ucFXEprmf0Fpb3okXLhmwLaRCVC8dSrrKJsKTsv8R2X1PXWAiYN+
UJX7Bxka5M39Xs5LiUwkDMm+ZwOfZWOyPyQ5QHbLajuGfHuatrH+fFFb7JH/rf88
nQBwO68w43hWVah3LZXxoPzhLvObsDy9UtwbzZmDN7wtA+RK7PCIfEgzK5keeL/Q
ME/iDscEE1KdyzPut5jgjvJkIGRx1SRnnKRS5jrevdEdK9dg1ztTWb8zYEe9Jpre
RiVjz3fzaTht0hw3pWFuJ05Sb4sRTGy6DratxyPPDL7IGKl9RoxtZE7SBrCcnG4U
WEqlMjalDFiU2I/Y515pCz8waF7qtD97KiB6O7KvJ08/Df4aWmHtBS1rZY6/hrAc
UQoUNecxbsb6hnzSl65z4w==
-----END CERTIFICATE-----

139
CKUBU/openvpn/home-ckubu/keys/02.pem Normal file
View File

@ -0,0 +1,139 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=HOME-CKUBU/name=HOME-CKUBU/emailAddress=support@oopen.de
Validity
Not Before: Aug 9 15:53:25 2017 GMT
Not After : Aug 9 15:53:25 2037 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=HOME-CKUBU-chris/name=HOME-CKUBU/emailAddress=support@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:c0:e4:3a:c6:c4:a3:ab:20:39:06:e9:b3:78:d6:
48:62:91:39:d5:11:69:a0:df:9a:85:03:53:a4:6d:
ec:d5:83:c7:b4:b6:e8:40:84:3a:a1:ba:05:94:6d:
b2:89:02:3f:ca:23:04:12:d7:3f:fc:c8:d7:e4:6f:
91:8a:34:42:58:0a:75:2f:ba:f9:f1:73:f0:0a:27:
57:39:0e:b8:a3:79:19:b9:3c:7c:97:b3:bb:27:44:
59:be:10:e0:79:1b:e7:33:72:de:49:11:f4:d4:91:
5b:1f:b5:26:5b:a0:b8:50:f8:61:12:34:1e:03:26:
3e:dc:65:7e:44:6f:70:90:42:6e:b4:6b:87:01:33:
31:1a:af:d5:bb:2f:25:81:40:41:dc:b9:8d:e8:23:
ab:3f:47:d8:3b:d9:01:89:68:d4:16:26:49:41:4f:
84:ce:72:7c:f7:9e:fb:39:fd:26:2f:bf:15:6c:ca:
4a:83:0f:c8:a2:f5:2c:ea:03:7c:ee:bc:1a:13:50:
71:5a:c3:b6:1f:a0:19:1c:95:0e:73:89:5d:22:35:
85:17:6f:dd:fb:0c:0a:db:be:78:4d:6c:3c:5b:f4:
48:c1:0a:62:71:67:c5:21:af:25:48:c8:b9:d2:be:
d2:e0:6a:bd:c8:fd:e1:c5:78:91:21:c7:07:61:98:
db:98:47:5b:4b:2a:39:15:2c:56:fa:ad:35:99:8a:
2c:d1:51:25:27:89:d3:47:5d:bb:b5:2b:f1:5b:3a:
cb:ab:77:76:51:2c:cb:6d:64:d4:dc:d6:43:5d:5f:
2d:c9:0d:44:e8:cb:da:d9:39:4a:68:45:b7:d8:d5:
49:c2:34:dd:ad:58:d0:7e:53:ac:18:80:05:27:57:
56:d9:85:69:d4:75:7d:6c:b4:ff:7a:1b:79:08:8d:
f7:f5:2e:f7:dc:85:e7:af:81:a2:c3:34:50:c0:b6:
04:70:62:36:b0:3f:fb:97:77:26:e6:40:02:0e:e9:
44:2b:8c:b7:c0:db:de:7c:b0:61:0a:5a:b0:75:3e:
0c:bc:92:6b:d7:13:7c:46:6a:33:43:4c:fd:d4:34:
52:09:b1:ce:bf:9c:4e:c3:68:0f:15:4e:e5:56:d3:
2a:60:35:2c:12:ba:f2:38:1c:99:db:c5:5f:58:0c:
2a:33:a2:33:95:8c:de:08:0b:2a:83:b4:16:9b:29:
bb:99:e8:2d:a5:be:b3:2c:28:ca:ef:51:39:1d:55:
e8:b9:60:91:0b:1c:7e:9f:a9:3d:16:be:0b:7e:62:
31:a6:bb:d2:ee:1b:8e:2f:da:52:96:ab:0d:28:c6:
c9:e7:84:49:5c:98:cc:ae:8a:6a:d6:89:61:f4:16:
c7:e5:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
99:DD:A2:B9:F8:3A:D0:23:A2:6A:77:F4:6B:F3:97:49:DB:93:1E:7F
X509v3 Authority Key Identifier:
keyid:5D:A0:57:77:F9:C9:CD:DE:88:A9:BE:D0:FB:F0:FC:8A:19:B5:9D:F0
DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=HOME-CKUBU/name=HOME-CKUBU/emailAddress=support@oopen.de
serial:92:45:C8:D4:6A:59:85:37
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:chris
Signature Algorithm: sha256WithRSAEncryption
a8:7c:76:86:8b:02:dc:9d:9b:b3:c4:70:2e:d0:00:fe:54:73:
74:cd:a8:2a:5f:34:20:c0:a5:f8:cb:a6:5e:eb:74:aa:e0:02:
79:9e:57:d9:10:dc:85:6a:00:07:b2:97:6b:ee:72:d1:1b:72:
c5:fc:fe:83:58:10:91:6e:50:8c:0d:7f:89:85:0d:da:75:21:
fa:bc:fe:27:82:c3:62:8b:0d:4d:f3:60:7f:2c:29:00:d3:64:
7c:13:c3:ac:6e:5e:87:2e:55:0e:66:73:0c:23:3f:b1:11:99:
85:d4:9e:79:c7:00:e8:12:be:38:17:04:1b:4d:57:cb:40:60:
60:8b:0e:48:c6:bd:c5:19:d2:83:55:06:00:31:5e:87:b0:86:
67:7e:d4:ea:33:af:d2:34:60:7d:44:84:40:c4:09:54:db:8a:
f6:f4:4a:8f:b6:65:b1:23:98:e5:e1:4a:52:5d:81:d8:b6:30:
ef:7a:76:c1:0e:b8:c8:c7:28:c5:53:a8:18:4c:36:d0:4e:1d:
7b:43:6d:f6:42:d8:dc:33:3b:94:5c:01:5f:45:79:69:07:8f:
aa:1a:58:81:25:ed:14:e2:c3:9d:a0:31:3c:a0:6f:1e:9e:cd:
94:ff:d9:f2:aa:ed:3a:d8:f1:fb:91:58:b9:90:ef:bf:93:c0:
89:13:da:8c:ab:ec:38:c9:f6:cf:a4:63:70:14:ed:72:80:64:
74:d4:6e:11:a5:a8:ab:16:52:25:7f:df:ee:5f:4b:5b:ff:e2:
18:ed:b8:00:37:24:f3:93:a0:17:04:9f:d6:00:47:67:63:6a:
f6:08:44:cf:36:61:b4:41:c8:7b:eb:25:99:02:12:77:ce:b3:
9e:d6:bf:95:d9:18:a2:ca:27:8a:61:d6:29:13:fa:52:c1:55:
cc:d9:54:1d:78:12:5c:fa:57:3d:3f:08:79:53:d9:0e:bf:32:
d1:0d:a4:bc:89:a2:9e:ae:54:24:e6:a4:88:8a:71:f1:7e:92:
e4:77:fd:ff:29:75:73:b3:19:cd:67:3b:04:f7:83:be:40:f8:
3e:f4:9d:66:97:50:b6:54:06:54:4a:27:71:59:0a:8f:84:73:
1e:f7:61:18:54:f3:67:eb:0c:bf:7e:8d:88:b0:ba:2f:08:7c:
38:e6:01:02:2a:16:2b:dc:1d:82:e2:cd:9b:69:26:1a:ea:6b:
ba:06:ec:c6:3c:d2:57:ec:1d:33:e7:51:4f:e3:91:d4:41:60:
1c:c6:93:7c:ab:15:7a:44:28:dd:64:eb:55:d5:93:72:2f:f6:
50:c0:fc:e6:bd:fd:0f:39:79:29:a3:f1:ae:3d:65:0f:86:2e:
c4:da:3b:1e:de:06:2f:23
-----BEGIN CERTIFICATE-----
MIIHQDCCBSigAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEzARBgNVBAMTCkhPTUUtQ0tV
QlUxEzARBgNVBCkTCkhPTUUtQ0tVQlUxHzAdBgkqhkiG9w0BCQEWEHN1cHBvcnRA
b29wZW4uZGUwHhcNMTcwODA5MTU1MzI1WhcNMzcwODA5MTU1MzI1WjCBrDELMAkG
A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
VQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMT
EEhPTUUtQ0tVQlUtY2hyaXMxEzARBgNVBCkTCkhPTUUtQ0tVQlUxHzAdBgkqhkiG
9w0BCQEWEHN1cHBvcnRAb29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
ggIKAoICAQDA5DrGxKOrIDkG6bN41khikTnVEWmg35qFA1OkbezVg8e0tuhAhDqh
ugWUbbKJAj/KIwQS1z/8yNfkb5GKNEJYCnUvuvnxc/AKJ1c5DrijeRm5PHyXs7sn
RFm+EOB5G+czct5JEfTUkVsftSZboLhQ+GESNB4DJj7cZX5Eb3CQQm60a4cBMzEa
r9W7LyWBQEHcuY3oI6s/R9g72QGJaNQWJklBT4TOcnz3nvs5/SYvvxVsykqDD8ii
9SzqA3zuvBoTUHFaw7YfoBkclQ5ziV0iNYUXb937DArbvnhNbDxb9EjBCmJxZ8Uh
ryVIyLnSvtLgar3I/eHFeJEhxwdhmNuYR1tLKjkVLFb6rTWZiizRUSUnidNHXbu1
K/FbOsurd3ZRLMttZNTc1kNdXy3JDUToy9rZOUpoRbfY1UnCNN2tWNB+U6wYgAUn
V1bZhWnUdX1stP96G3kIjff1LvfcheevgaLDNFDAtgRwYjawP/uXdybmQAIO6UQr
jLfA2958sGEKWrB1Pgy8kmvXE3xGajNDTP3UNFIJsc6/nE7DaA8VTuVW0ypgNSwS
uvI4HJnbxV9YDCozojOVjN4ICyqDtBabKbuZ6C2lvrMsKMrvUTkdVei5YJELHH6f
qT0Wvgt+YjGmu9LuG44v2lKWqw0oxsnnhElcmMyuimrWiWH0FsflJQIDAQABo4IB
bzCCAWswCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2VuZXJh
dGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBSZ3aK5+DrQI6Jqd/Rr85dJ25MefzCB
2wYDVR0jBIHTMIHQgBRdoFd3+cnN3oipvtD78PyKGbWd8KGBrKSBqTCBpjELMAkG
A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
VQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEzARBgNVBAMT
CkhPTUUtQ0tVQlUxEzARBgNVBCkTCkhPTUUtQ0tVQlUxHzAdBgkqhkiG9w0BCQEW
EHN1cHBvcnRAb29wZW4uZGWCCQCSRcjUalmFNzATBgNVHSUEDDAKBggrBgEFBQcD
AjALBgNVHQ8EBAMCB4AwEAYDVR0RBAkwB4IFY2hyaXMwDQYJKoZIhvcNAQELBQAD
ggIBAKh8doaLAtydm7PEcC7QAP5Uc3TNqCpfNCDApfjLpl7rdKrgAnmeV9kQ3IVq
AAeyl2vuctEbcsX8/oNYEJFuUIwNf4mFDdp1Ifq8/ieCw2KLDU3zYH8sKQDTZHwT
w6xuXocuVQ5mcwwjP7ERmYXUnnnHAOgSvjgXBBtNV8tAYGCLDkjGvcUZ0oNVBgAx
Xoewhmd+1Oozr9I0YH1EhEDECVTbivb0So+2ZbEjmOXhSlJdgdi2MO96dsEOuMjH
KMVTqBhMNtBOHXtDbfZC2NwzO5RcAV9FeWkHj6oaWIEl7RTiw52gMTygbx6ezZT/
2fKq7TrY8fuRWLmQ77+TwIkT2oyr7DjJ9s+kY3AU7XKAZHTUbhGlqKsWUiV/3+5f
S1v/4hjtuAA3JPOToBcEn9YAR2djavYIRM82YbRByHvrJZkCEnfOs57Wv5XZGKLK
J4ph1ikT+lLBVczZVB14Elz6Vz0/CHlT2Q6/MtENpLyJop6uVCTmpIiKcfF+kuR3
/f8pdXOzGc1nOwT3g75A+D70nWaXULZUBlRKJ3FZCo+Ecx73YRhU82frDL9+jYiw
ui8IfDjmAQIqFivcHYLizZtpJhrqa7oG7MY80lfsHTPnUU/jkdRBYBzGk3yrFXpE
KN1k61XVk3Iv9lDA/Oa9/Q85eSmj8a49ZQ+GLsTaOx7eBi8j
-----END CERTIFICATE-----

39
CKUBU/openvpn/home-ckubu/keys/ca.crt Normal file
View File

@ -0,0 +1,39 @@
-----BEGIN CERTIFICATE-----
MIIG4jCCBMqgAwIBAgIJAJJFyNRqWYU3MA0GCSqGSIb3DQEBCwUAMIGmMQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczETMBEGA1UEAxMK
SE9NRS1DS1VCVTETMBEGA1UEKRMKSE9NRS1DS1VCVTEfMB0GCSqGSIb3DQEJARYQ
c3VwcG9ydEBvb3Blbi5kZTAeFw0xNzA4MDkxNDAxNDRaFw00OTA4MDkxNDAxNDRa
MIGmMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJs
aW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczET
MBEGA1UEAxMKSE9NRS1DS1VCVTETMBEGA1UEKRMKSE9NRS1DS1VCVTEfMB0GCSqG
SIb3DQEJARYQc3VwcG9ydEBvb3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
ADCCAgoCggIBALae3zg7UYlmziw+LCYVg65H+lKNOcj/JArsL2MOnYEcmrePLI4e
GWRppLVpxKeG9kIpfVglfqRDdEY9eOFguJs+MsKwwRi2LzY1rCjDazCjTnQ0L0Zj
1RqJT1LqaEkzLv0cAWxza67K/n6vMaXxQ59jNAW/bOik1SogHiwrT78f2e+Zu3K8
tqkuuDwtwbU0jzL+m+IuHNVl1CTcAIZRmFbdxpWfi5pocrbOIlCwXbUP8ltp/E/t
xLKQqBP3ccgFwPuCGZBymUcpRdMgiDwifYnZK3H4STLSDN4b6K1PclKh46QuxDv2
egap+vctIKJRLguAPqRVjSoYK5UXUcZC+R6t8rHvxDGLwvk3IPeEI9z5bCvnm8cw
0e4/dr1EDjtwHXtw8X6DDf2biNmq4edCRxrgyQKwSOAsC4MhzFNPM112N1nJNrpR
nXNCKRNGF4MdI/zFqRLraafk0eT6yP9/6lmoQDJsjhUH/ziOB+cPS4XmUI/XwMF5
c56mD49gdG4ZivDtJeGcdZ4TSbD/lvc3yI1ECgouFPcBAJHwendA29xYMmuj4oCP
stW7N8HARZWzfwIdbB/HHupHIZ1HV4ACY0H7Sju6SMFxWi09dl92BYG9rhMW/M6A
+k7WxW0IEqZyQgen3fTRw97GJXaLM+anwwl89c6trOaME1ql/w91lAInAgMBAAGj
ggEPMIIBCzAdBgNVHQ4EFgQUXaBXd/nJzd6Iqb7Q+/D8ihm1nfAwgdsGA1UdIwSB
0zCB0IAUXaBXd/nJzd6Iqb7Q+/D8ihm1nfChgaykgakwgaYxCzAJBgNVBAYTAkRF
MQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5P
UEVOMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRMwEQYDVQQDEwpIT01FLUNL
VUJVMRMwEQYDVQQpEwpIT01FLUNLVUJVMR8wHQYJKoZIhvcNAQkBFhBzdXBwb3J0
QG9vcGVuLmRlggkAkkXI1GpZhTcwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsF
AAOCAgEAquNynEChfqP/lTY48YE3xhDycq0YF0WimD5NzKPgrCIP/1x3lyufzoiz
8DrqVZ61LKdJUJMcWRmyqiXS3WZFX9X7ktZvmf37E7JUvorSuF21PMm9Oj0yUsUX
y0AFUiH3fpNhCMxYiCqS85wWBy1+/6np1RodihGTPcLwAGLIVGEklyffyamQ2i2E
TZwZrZJrmLyzsdn4PT3vJyfAUUbcpgf32zjEZCCozlSdisZi8cn2pL7y1pcXA5Oi
gvLhDNntYTKcE1JjWqa/989JJgvvYD2fgCo+DkPw6i/Dic0UAZypHLKqiCc4f3Pc
GqtaY7nxQjMSGVnMjEn2yzyFtXep4lXn16Nh8ZnGbEk3dqCIBS2xzjcUs6YRdyMb
b2JIflNuI4Wrqx5CTyMM7lSNapZRPiP7Qw4xyq+og1TABJuc+9A3Pj/R/oztoHim
9p1zCM4m3tEBUCkYxet87BojVn4MQ37pees1Xi4oAFHqU5mCwpakO6rVOt4Y4vyZ
K4eF0w3NoRl+z4tbDFh+RjUj5tChKcMxaSitCsD0GGvd0nlO550tbxjMZlchpLhP
xG+rcU6098AdwAIjESyYfowVhHT+BDTefXphSYMz0ImaiBzbGwEmpce7sD1bYFSn
Wer/Kh24vsIIxcO2PNEKvQbO/I7YD4Yjk4pVGTUgD54LLX7k+7U=
-----END CERTIFICATE-----

52
CKUBU/openvpn/home-ckubu/keys/ca.key Normal file
View File

@ -0,0 +1,52 @@
-----BEGIN PRIVATE KEY-----
MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQC2nt84O1GJZs4s
PiwmFYOuR/pSjTnI/yQK7C9jDp2BHJq3jyyOHhlkaaS1acSnhvZCKX1YJX6kQ3RG
PXjhYLibPjLCsMEYti82Nawow2swo050NC9GY9UaiU9S6mhJMy79HAFsc2uuyv5+
rzGl8UOfYzQFv2zopNUqIB4sK0+/H9nvmbtyvLapLrg8LcG1NI8y/pviLhzVZdQk
3ACGUZhW3caVn4uaaHK2ziJQsF21D/JbafxP7cSykKgT93HIBcD7ghmQcplHKUXT
IIg8In2J2Stx+Eky0gzeG+itT3JSoeOkLsQ79noGqfr3LSCiUS4LgD6kVY0qGCuV
F1HGQvkerfKx78Qxi8L5NyD3hCPc+Wwr55vHMNHuP3a9RA47cB17cPF+gw39m4jZ
quHnQkca4MkCsEjgLAuDIcxTTzNddjdZyTa6UZ1zQikTRheDHSP8xakS62mn5NHk
+sj/f+pZqEAybI4VB/84jgfnD0uF5lCP18DBeXOepg+PYHRuGYrw7SXhnHWeE0mw
/5b3N8iNRAoKLhT3AQCR8Hp3QNvcWDJro+KAj7LVuzfBwEWVs38CHWwfxx7qRyGd
R1eAAmNB+0o7ukjBcVotPXZfdgWBva4TFvzOgPpO1sVtCBKmckIHp9300cPexiV2
izPmp8MJfPXOrazmjBNapf8PdZQCJwIDAQABAoICAASeBbTNQyV/NO1HcSRRXO/2
H+0gZvqfANFJ4XTWtMLD72F+vDinqCqyxRhVIUS/E9Deba3h3M7YacMw4LKKGIDM
VMo5X9h5Gr57Iuww7K/hISWtABj+gy/VkuzcwmA/bAu4Poz4ahuURFT9pvq0G+qW
voT6rw0+xaj4AOtK+QwzCPaW43dmMBQc+0mCOqiTOJ+oclaIpe/7UB7SdSzwOTLR
DqlPzF7OD0Bx+8oge24Nhiorhtaag2OkZquCkRzmkFeLlYviad+zunE5HFiw4o2u
sPuDtI4VY3/mIr7nCFPwhenryMhfVfx/JbpEKNQRy2E9D9hl1VjgHZH6cfXaUaQa
7gRjlL4/UA7gZLQlpe8JhVYz4sNOCsxopyjpAnfoFegfb20Dxu8vzGQ3vhzqKhKA
gfFuVX+yZL5DdrWCcpXMJIdZyN/A0G/SnKfCLUQ86MMajnzG2AbI5IumSXRFm1rN
A9KmdHqTD0/tS3DNdNo4lfcRVUXbM4H328rdj1Mq09IJN6xtNPEHbDit3Q+/7E+I
bFAGLmxXtR87FjY/N7TW1SgZUM3UY6ASJ10QFMyrJrVVHhdnKLs3cIpGz40TsSaf
5l0aSXGqAprIGkNExxpwztdO2QsCZaNpg3NzzwCSnofweqlRfaRsPAriiNoA6K06
Yvp3kIB3038+502k955JAoIBAQDyvXB/1xMxUQOAI9X/ltVR+jDIETNVKOUFicDf
CMsQV3In23N9SKEUEpucgbsLJvN04kKOIZKE6E9J9a/J9ftaZJSyg0Ge+/rKK8c0
K6w891I08dowYtw42X3U24HvJv9U9AP/OGTQv6DzM2TJqCCYK8BxymWsBcMxd8dR
jhoIjuxv/H+osg8tXsS/2eHuwyNf0qkh/ln7kgdzVHgu5hB34LVe8Cu7/eSMwlcF
+yYQJsqBwV9aA1ozK8UairULyZifoRTBfvETYRiwEqn9AkYwj8gA7MaAOb2TUFec
XNRSpR3g8gv2JsvN6XiwSxnl9QePWFTErV8FONT4eXLbUHfrAoIBAQDAmLOsATrF
nkVdcifMOX8CYrqCbJNst1Wh0FEv0OxZUEcvgm4F7u0tw8wEb9RrMVrHcuNQ0nrv
1lECyuazuny5W+LbphoKM174JbfHmtHACg6hJ8w5IDC5g9Q/jtpA8kG0EfzyBuQL
FH1mtUkf1wwX4wxgz7SQgF7gATDAinID2qrgFYHzjXK5OsgVcl3mmQqbyBKkMqaU
bGM28FWtFNdhUvVin/ZmaGU9/uKMRa9z2ye4zR+2Kd92aXOLOUQ0hJnmjfXlZFFN
F2TH78eK4G/wanEj6b0BHZqCg012dGj4WttoRvBnl9WnXGrXFnKRfzGA0WjU6yGC
OV8lewV2sGu1AoIBAHXxK89BzjaBGYVSZDEqtX1+ZeNf0CRJmXWmaAs2d4v6ISJS
k3vFJVbeb7OMqTgS9enN4e6zS0C+q3/RG1ey6C0Uf9d4xRKddk5zFPg5XBfHR68n
8A7gigYpTuV0vl5YAWniomqImRuAcJCaYRdGVIf7gicH43zA1AWeID91HxsXbrQ+
6DwsQAmYaVqaYBelwvNVJQ66SjhczLfxy+9lo4zLpvR5F5bhFwJ5jtT+IZFpd62y
KkVPKa2BT+TEjpEqo7i0CKS3rCTxYZBzkRq41yfTRKeGZDB7XaxNNjRoOlXpmmno
0X0Jfq8PCLAH3Y6JDuJMVeu2HVwpL/mG8RK0t38CggEBAIhPi1rBxAb57b4lfWVd
jDb0CW0ly3G2kDTma4+cHqtX1goaFiS85cDuQwcg3wa+97ER7zDUx43X8Z44XO/3
nS7TicxL00JE+YJHr7rmKG3ysEf/EtubnOCwHRie0noE+9umn4/ssJnm9poq1IZk
fXqqh6g9WV6sfHmuXgLn+aogqa/PiRoHkprmr5X+S9dZmdiH0inEb4G89Lt9fiXy
Cj4nqOUUsh/o4z7tlwoQiA1HnuV8yGT1XeNA3zY6YbuJ3iL/dnnUdnZJiFq5qlDw
aEmQDGOOmuafPSwCImEkIucj5wX2r0+iduTs0/FHQe8YRsEVdUy83gp88Ipmd4d5
dcECggEBAOwamiapuqbq5pG35i6ratzhsOO29siwSgzcHZJNJ2y2vhOeaovnckKb
HCPoBx4s+g3f0HqtRL4LqriprpAoDm9S8w+rUxYdSBsRG11c2A5M6pSDlMaSj9Q/
rSX7js4CBiCnU9d5zVx3hpV2tC3Hbwv7p6qZHjMZCWIhbdAgnCmJInPJ3a/dnFLR
x3gbHFpJogaVdqj+wMl8KPBTpxynXacRhrmL0vTSluTR/JNBI9lzHjUTkIWAL7fu
y3TpsfLzzFOx64984sCWjjD8f0x0WnLxs6pn2n+OFSlEiRAtd+enek9dWR2mn7Bl
fcz/AV/tpNScYj3viev/6L6UZt6LKss=
-----END PRIVATE KEY-----

139
CKUBU/openvpn/home-ckubu/keys/chris.crt Normal file
View File

@ -0,0 +1,139 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=HOME-CKUBU/name=HOME-CKUBU/emailAddress=support@oopen.de
Validity
Not Before: Aug 9 15:53:25 2017 GMT
Not After : Aug 9 15:53:25 2037 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=HOME-CKUBU-chris/name=HOME-CKUBU/emailAddress=support@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:c0:e4:3a:c6:c4:a3:ab:20:39:06:e9:b3:78:d6:
48:62:91:39:d5:11:69:a0:df:9a:85:03:53:a4:6d:
ec:d5:83:c7:b4:b6:e8:40:84:3a:a1:ba:05:94:6d:
b2:89:02:3f:ca:23:04:12:d7:3f:fc:c8:d7:e4:6f:
91:8a:34:42:58:0a:75:2f:ba:f9:f1:73:f0:0a:27:
57:39:0e:b8:a3:79:19:b9:3c:7c:97:b3:bb:27:44:
59:be:10:e0:79:1b:e7:33:72:de:49:11:f4:d4:91:
5b:1f:b5:26:5b:a0:b8:50:f8:61:12:34:1e:03:26:
3e:dc:65:7e:44:6f:70:90:42:6e:b4:6b:87:01:33:
31:1a:af:d5:bb:2f:25:81:40:41:dc:b9:8d:e8:23:
ab:3f:47:d8:3b:d9:01:89:68:d4:16:26:49:41:4f:
84:ce:72:7c:f7:9e:fb:39:fd:26:2f:bf:15:6c:ca:
4a:83:0f:c8:a2:f5:2c:ea:03:7c:ee:bc:1a:13:50:
71:5a:c3:b6:1f:a0:19:1c:95:0e:73:89:5d:22:35:
85:17:6f:dd:fb:0c:0a:db:be:78:4d:6c:3c:5b:f4:
48:c1:0a:62:71:67:c5:21:af:25:48:c8:b9:d2:be:
d2:e0:6a:bd:c8:fd:e1:c5:78:91:21:c7:07:61:98:
db:98:47:5b:4b:2a:39:15:2c:56:fa:ad:35:99:8a:
2c:d1:51:25:27:89:d3:47:5d:bb:b5:2b:f1:5b:3a:
cb:ab:77:76:51:2c:cb:6d:64:d4:dc:d6:43:5d:5f:
2d:c9:0d:44:e8:cb:da:d9:39:4a:68:45:b7:d8:d5:
49:c2:34:dd:ad:58:d0:7e:53:ac:18:80:05:27:57:
56:d9:85:69:d4:75:7d:6c:b4:ff:7a:1b:79:08:8d:
f7:f5:2e:f7:dc:85:e7:af:81:a2:c3:34:50:c0:b6:
04:70:62:36:b0:3f:fb:97:77:26:e6:40:02:0e:e9:
44:2b:8c:b7:c0:db:de:7c:b0:61:0a:5a:b0:75:3e:
0c:bc:92:6b:d7:13:7c:46:6a:33:43:4c:fd:d4:34:
52:09:b1:ce:bf:9c:4e:c3:68:0f:15:4e:e5:56:d3:
2a:60:35:2c:12:ba:f2:38:1c:99:db:c5:5f:58:0c:
2a:33:a2:33:95:8c:de:08:0b:2a:83:b4:16:9b:29:
bb:99:e8:2d:a5:be:b3:2c:28:ca:ef:51:39:1d:55:
e8:b9:60:91:0b:1c:7e:9f:a9:3d:16:be:0b:7e:62:
31:a6:bb:d2:ee:1b:8e:2f:da:52:96:ab:0d:28:c6:
c9:e7:84:49:5c:98:cc:ae:8a:6a:d6:89:61:f4:16:
c7:e5:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
99:DD:A2:B9:F8:3A:D0:23:A2:6A:77:F4:6B:F3:97:49:DB:93:1E:7F
X509v3 Authority Key Identifier:
keyid:5D:A0:57:77:F9:C9:CD:DE:88:A9:BE:D0:FB:F0:FC:8A:19:B5:9D:F0
DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=HOME-CKUBU/name=HOME-CKUBU/emailAddress=support@oopen.de
serial:92:45:C8:D4:6A:59:85:37
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:chris
Signature Algorithm: sha256WithRSAEncryption
a8:7c:76:86:8b:02:dc:9d:9b:b3:c4:70:2e:d0:00:fe:54:73:
74:cd:a8:2a:5f:34:20:c0:a5:f8:cb:a6:5e:eb:74:aa:e0:02:
79:9e:57:d9:10:dc:85:6a:00:07:b2:97:6b:ee:72:d1:1b:72:
c5:fc:fe:83:58:10:91:6e:50:8c:0d:7f:89:85:0d:da:75:21:
fa:bc:fe:27:82:c3:62:8b:0d:4d:f3:60:7f:2c:29:00:d3:64:
7c:13:c3:ac:6e:5e:87:2e:55:0e:66:73:0c:23:3f:b1:11:99:
85:d4:9e:79:c7:00:e8:12:be:38:17:04:1b:4d:57:cb:40:60:
60:8b:0e:48:c6:bd:c5:19:d2:83:55:06:00:31:5e:87:b0:86:
67:7e:d4:ea:33:af:d2:34:60:7d:44:84:40:c4:09:54:db:8a:
f6:f4:4a:8f:b6:65:b1:23:98:e5:e1:4a:52:5d:81:d8:b6:30:
ef:7a:76:c1:0e:b8:c8:c7:28:c5:53:a8:18:4c:36:d0:4e:1d:
7b:43:6d:f6:42:d8:dc:33:3b:94:5c:01:5f:45:79:69:07:8f:
aa:1a:58:81:25:ed:14:e2:c3:9d:a0:31:3c:a0:6f:1e:9e:cd:
94:ff:d9:f2:aa:ed:3a:d8:f1:fb:91:58:b9:90:ef:bf:93:c0:
89:13:da:8c:ab:ec:38:c9:f6:cf:a4:63:70:14:ed:72:80:64:
74:d4:6e:11:a5:a8:ab:16:52:25:7f:df:ee:5f:4b:5b:ff:e2:
18:ed:b8:00:37:24:f3:93:a0:17:04:9f:d6:00:47:67:63:6a:
f6:08:44:cf:36:61:b4:41:c8:7b:eb:25:99:02:12:77:ce:b3:
9e:d6:bf:95:d9:18:a2:ca:27:8a:61:d6:29:13:fa:52:c1:55:
cc:d9:54:1d:78:12:5c:fa:57:3d:3f:08:79:53:d9:0e:bf:32:
d1:0d:a4:bc:89:a2:9e:ae:54:24:e6:a4:88:8a:71:f1:7e:92:
e4:77:fd:ff:29:75:73:b3:19:cd:67:3b:04:f7:83:be:40:f8:
3e:f4:9d:66:97:50:b6:54:06:54:4a:27:71:59:0a:8f:84:73:
1e:f7:61:18:54:f3:67:eb:0c:bf:7e:8d:88:b0:ba:2f:08:7c:
38:e6:01:02:2a:16:2b:dc:1d:82:e2:cd:9b:69:26:1a:ea:6b:
ba:06:ec:c6:3c:d2:57:ec:1d:33:e7:51:4f:e3:91:d4:41:60:
1c:c6:93:7c:ab:15:7a:44:28:dd:64:eb:55:d5:93:72:2f:f6:
50:c0:fc:e6:bd:fd:0f:39:79:29:a3:f1:ae:3d:65:0f:86:2e:
c4:da:3b:1e:de:06:2f:23
-----BEGIN CERTIFICATE-----
MIIHQDCCBSigAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEzARBgNVBAMTCkhPTUUtQ0tV
QlUxEzARBgNVBCkTCkhPTUUtQ0tVQlUxHzAdBgkqhkiG9w0BCQEWEHN1cHBvcnRA
b29wZW4uZGUwHhcNMTcwODA5MTU1MzI1WhcNMzcwODA5MTU1MzI1WjCBrDELMAkG
A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
VQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMT
EEhPTUUtQ0tVQlUtY2hyaXMxEzARBgNVBCkTCkhPTUUtQ0tVQlUxHzAdBgkqhkiG
9w0BCQEWEHN1cHBvcnRAb29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
ggIKAoICAQDA5DrGxKOrIDkG6bN41khikTnVEWmg35qFA1OkbezVg8e0tuhAhDqh
ugWUbbKJAj/KIwQS1z/8yNfkb5GKNEJYCnUvuvnxc/AKJ1c5DrijeRm5PHyXs7sn
RFm+EOB5G+czct5JEfTUkVsftSZboLhQ+GESNB4DJj7cZX5Eb3CQQm60a4cBMzEa
r9W7LyWBQEHcuY3oI6s/R9g72QGJaNQWJklBT4TOcnz3nvs5/SYvvxVsykqDD8ii
9SzqA3zuvBoTUHFaw7YfoBkclQ5ziV0iNYUXb937DArbvnhNbDxb9EjBCmJxZ8Uh
ryVIyLnSvtLgar3I/eHFeJEhxwdhmNuYR1tLKjkVLFb6rTWZiizRUSUnidNHXbu1
K/FbOsurd3ZRLMttZNTc1kNdXy3JDUToy9rZOUpoRbfY1UnCNN2tWNB+U6wYgAUn
V1bZhWnUdX1stP96G3kIjff1LvfcheevgaLDNFDAtgRwYjawP/uXdybmQAIO6UQr
jLfA2958sGEKWrB1Pgy8kmvXE3xGajNDTP3UNFIJsc6/nE7DaA8VTuVW0ypgNSwS
uvI4HJnbxV9YDCozojOVjN4ICyqDtBabKbuZ6C2lvrMsKMrvUTkdVei5YJELHH6f
qT0Wvgt+YjGmu9LuG44v2lKWqw0oxsnnhElcmMyuimrWiWH0FsflJQIDAQABo4IB
bzCCAWswCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2VuZXJh
dGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBSZ3aK5+DrQI6Jqd/Rr85dJ25MefzCB
2wYDVR0jBIHTMIHQgBRdoFd3+cnN3oipvtD78PyKGbWd8KGBrKSBqTCBpjELMAkG
A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
VQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEzARBgNVBAMT
CkhPTUUtQ0tVQlUxEzARBgNVBCkTCkhPTUUtQ0tVQlUxHzAdBgkqhkiG9w0BCQEW
EHN1cHBvcnRAb29wZW4uZGWCCQCSRcjUalmFNzATBgNVHSUEDDAKBggrBgEFBQcD
AjALBgNVHQ8EBAMCB4AwEAYDVR0RBAkwB4IFY2hyaXMwDQYJKoZIhvcNAQELBQAD
ggIBAKh8doaLAtydm7PEcC7QAP5Uc3TNqCpfNCDApfjLpl7rdKrgAnmeV9kQ3IVq
AAeyl2vuctEbcsX8/oNYEJFuUIwNf4mFDdp1Ifq8/ieCw2KLDU3zYH8sKQDTZHwT
w6xuXocuVQ5mcwwjP7ERmYXUnnnHAOgSvjgXBBtNV8tAYGCLDkjGvcUZ0oNVBgAx
Xoewhmd+1Oozr9I0YH1EhEDECVTbivb0So+2ZbEjmOXhSlJdgdi2MO96dsEOuMjH
KMVTqBhMNtBOHXtDbfZC2NwzO5RcAV9FeWkHj6oaWIEl7RTiw52gMTygbx6ezZT/
2fKq7TrY8fuRWLmQ77+TwIkT2oyr7DjJ9s+kY3AU7XKAZHTUbhGlqKsWUiV/3+5f
S1v/4hjtuAA3JPOToBcEn9YAR2djavYIRM82YbRByHvrJZkCEnfOs57Wv5XZGKLK
J4ph1ikT+lLBVczZVB14Elz6Vz0/CHlT2Q6/MtENpLyJop6uVCTmpIiKcfF+kuR3
/f8pdXOzGc1nOwT3g75A+D70nWaXULZUBlRKJ3FZCo+Ecx73YRhU82frDL9+jYiw
ui8IfDjmAQIqFivcHYLizZtpJhrqa7oG7MY80lfsHTPnUU/jkdRBYBzGk3yrFXpE
KN1k61XVk3Iv9lDA/Oa9/Q85eSmj8a49ZQ+GLsTaOx7eBi8j
-----END CERTIFICATE-----

29
CKUBU/openvpn/home-ckubu/keys/chris.csr Normal file
View File

@ -0,0 +1,29 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIE8jCCAtoCAQAwgawxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3Jr
IFNlcnZpY2VzMRkwFwYDVQQDExBIT01FLUNLVUJVLWNocmlzMRMwEQYDVQQpEwpI
T01FLUNLVUJVMR8wHQYJKoZIhvcNAQkBFhBzdXBwb3J0QG9vcGVuLmRlMIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwOQ6xsSjqyA5BumzeNZIYpE51RFp
oN+ahQNTpG3s1YPHtLboQIQ6oboFlG2yiQI/yiMEEtc//MjX5G+RijRCWAp1L7r5
8XPwCidXOQ64o3kZuTx8l7O7J0RZvhDgeRvnM3LeSRH01JFbH7UmW6C4UPhhEjQe
AyY+3GV+RG9wkEJutGuHATMxGq/Vuy8lgUBB3LmN6COrP0fYO9kBiWjUFiZJQU+E
znJ89577Of0mL78VbMpKgw/IovUs6gN87rwaE1BxWsO2H6AZHJUOc4ldIjWFF2/d
+wwK2754TWw8W/RIwQpicWfFIa8lSMi50r7S4Gq9yP3hxXiRIccHYZjbmEdbSyo5
FSxW+q01mYos0VElJ4nTR127tSvxWzrLq3d2USzLbWTU3NZDXV8tyQ1E6Mva2TlK
aEW32NVJwjTdrVjQflOsGIAFJ1dW2YVp1HV9bLT/eht5CI339S733IXnr4GiwzRQ
wLYEcGI2sD/7l3cm5kACDulEK4y3wNvefLBhClqwdT4MvJJr1xN8RmozQ0z91DRS
CbHOv5xOw2gPFU7lVtMqYDUsErryOByZ28VfWAwqM6IzlYzeCAsqg7QWmym7megt
pb6zLCjK71E5HVXouWCRCxx+n6k9Fr4LfmIxprvS7huOL9pSlqsNKMbJ54RJXJjM
ropq1olh9BbH5SUCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4ICAQChm1NZmMoGNRdv
pAjF02f0/1QDOoxmnNC8IcQ+LXQSEwdxz9R2IdNPpqMYHw4iKv8AcnbQCqXyqqye
Ec8TEPHxtrEm7fIsoTKG9SNL6/QzAIM795ZBGi9J5nw+smwaKsUqiOwT2RjUWTnU
1oXEbxYsOvtD4UYYY4OUm6sH2yL/1Ki3Xqz8AqexVfW2seq3oTwOlTPxHynFLid2
yMARkcMnakTlW63p6bNEUUhdDmZD1IWcpd08lUF0iovFNh3Z2OowSrE5QBD4UbzH
DUQJ9VuyWHcyhETHQOpZSM3o6Jb3AMuPreyc9+NnGeQwtQpOe6sKg48hf6reB+H4
BSDoWRevH8qRZPRkY8uE2FlXK+jUTboB1GMp3LRu9sVZLsbGETueP/1knv2uzWI7
f1IabglUo1gPSyh5wXMwHGfEhP92omNC0ujsiGedp/xmUDvVjIgK28jZSDvzDO89
rqr+wEaiRyWWxoUVA8KXncmHp8FSIV8EX71hCzGeukXpXgedWssA6jgAEDos99Vf
JQpZGKtB0KnEfkddmNWMT0VQ0jO9OyqxJ5+OXG2/pHdTRQCFfYSnOA6iXUySliI6
EtiYHTJAG//mIqM7tCIHvWidzNarnsmQxDYg1ul36tuUHMNDA5Pw0WnYdieXE0wF
f7BXlUhKTv1L90VkEkvEYc/U7QAkyA==
-----END CERTIFICATE REQUEST-----

54
CKUBU/openvpn/home-ckubu/keys/chris.key Normal file
View File

@ -0,0 +1,54 @@
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-CBC,A8DCE11902B81F52
YoUKcSwJtgulV5k8iXSNF/U2joi5fD9mOXOy5qQWkn20s3uAnapYL05jv7x5WZnB
r9Q37oFVgB5bu0THLqa64fORUOOmin/PhepgBkV1BWmx75Y1FdHaylnBqqudlhn+
Ae/pXlhWET1aWXvdKPGMhFJ+RKevHEoThGMxHC/Hj3a0Rl+AzrPbl6YROZ1eM2cB
Kd3nWrdrGhcUyDUn8cg9n1pDnouEGm/krbn1zjQsISlYmxDMoHBHAj+bAFJKTtkt
NiidhN2lNbw9WfEOm5MZCaM0c1GrK1Uw9AhpkZcvKhVx6yZNa52c53a/xxzoPcq8
kA+4n73NoyJzmi+q8egPKCBt2lXyHPDkfsrns3ljJPG7DMPfSazKH6KG4B/ONS9b
wxzNCuyFyWfJdbDpN02FXZHeyg7CGPU4kpSgy0XwFakjQ6+a5hbRLIVkDb8PCvIA
ayLSOvB9WgQzBQjnXyiujTMDz4FzLOVzGJUGKvgkNqv7oxHbCjNTynS+VIWw8wAk
nLcV7F8GTGU76h/TG9IOsVaq1eQIpXq01NvMwZAezh24QfM1VZwuB1vgcAren0P6
78pOKpuPtzEJWJy3zwbSGHtRetB+E7riU6eJHzFsZtJExxn2Rd3ATpIb7MtG9b0v
MKzqPhWHzEQz/psMrZaQ3ONsmi0Ti8Yjn/lvV5B/whwBEeJ101ju/ZXvPyqINzQH
5E1/Flwrr2hXkEchaGJoREN26tWUu5x5E7KWu37wzbb6533veoVFmoLm0+NdHDM6
+LOlq6xSy5vDH1qNaSPf7mtfBJVx/2f5I6IIGfPJ8wNWQsb7ij/vXpJIGaS3lee1
1ZMnIiFQAGs5rQh+XqWRLFL2Z5Omf8SeE4Zr3Pd5Ax9+8UjpNgMPlNCZ66yyOzO7
lwSQWbEVx8HG9Eg1hFOIgZhVbDmaukHLJcVaT0A0WR2/19iu3zZZ0VgJcz4i+Qp4
RlznHpOJQ6FvpydxW93BkRpikMfpRL8PdPKswbIbTAkwTCV7EIceSnH2NL+EFsLQ
/muGyx4IhpFsJB4gE0TR0t/U4FdBijILd3wZnFBxPfhofc393P2OfeRLk4tvaeae
Eqwzkcdcm5zG0dbxFUTXe7pQB54hRvJ/4XFMhTwQBjZDKr0RH0mNEgomqU8s8Lfm
qaMY3OGuYAMpTE3t+NIBdge8SoSSxxl/kR+2V2h04zjZ9uYss4b5Bj127tGbbSS8
nH4cDwysTTtcACuh8FLByoFio9Rnt73uckhflskaLvwZE/8A0uhD01F+chatvSAJ
Aix9oQwDtiyHF2t8C3eouOWl7Is+BDlh2iWYEaNPgFpXwR5eRqUpkDCDFurecT3t
ru7i47QftimArrx//dWdNZDDXC2vY32zr4e3wLoEkuFZb/uiXA067AVvCKTuN6H4
M00kzpAfyawLaLFsPFxi/hISWq96OzmguivsDsoraIl8Uz1xkL4/zhHdJDToHV4E
wTrQlvoA4zWDa3DNbwRH9vna/zY8owktR9nDb50xlmmzXT8ucAFN8BNLCeQMir4u
2HjGic2gBFrnOgafVXsnJam+a0ce2mPSRQ1hLNxquDdB3gT1Woiczhl1HBRX9U7K
BpOJeVWF9kLBhbTTWqXQMnZNOnh0iEmjtDg22dg0hsHsoo8z0ngUGGrDofPRQ9Xy
Aw/GmAwF7pmwSfIWiCndFMFeCN418nugtX2QavkIkm8OFm522RRwUCX5lKdZAlzG
nX947m997mZMtdilpcl/F03N6/gKu1S1Wrmug8sPD6R9mugzcNQDFRsS+8dcwmwf
+zYInaSO6tmI7+GqlaIORXB9vNawy9vElGOqx69No4vjHP1x9+6xEtJk4O6aRDtl
Ju7/NlDildpIhjIvnJe/eKEBDfyyGDlHyVAEqnf7Yzz92j+3ZugIz/zd4iTdGzfg
tsQx0x2i/WsDw11/cefPXth07kJVfgM3jdgk2d0Yd0LpWWjxUZp5H4zJ5FZ5yl6s
GFLYCK6Fj1QsWXd4qQjH7092ka5GKvYLcR4DxCocJ6tS1UE0MReI1YaJ8GU3dwaY
91+Q2j3+lPY3PKH8/MjL8ZZJoIjlyvXwYff1quObbUYIYbtuhJ3c1PYeigt/G5Du
nb4qJuZ6ue2OEfuvRnXgH4aNgZEfrVuYydDBxM55HpaxZBjC0ipqGYnC2X9rU7JI
dD+r0ymGoIt91ZhgnahhIx4zzrJ5i7BNujMYal9AEkPXV+VkY/iNJJKjIzFEc9J0
GX9ELhXHzed3xxy3goTqJPgY0u/jBsUca3l2AI9H8qjeAltbiRP+TdyafhCr/RX1
f2t+KLLvK7F2Ls4VcRPIpuEWrnbvJbh3ot5anzzR20ifFy2fIXyI/Sy/DPAy3hgD
adNfY29lyY8dLv/CTXju9AHEX/Z/IvEBBZkAUUIJ8v2wIR2HMOi/kCsEl3HnK/Sq
aKHenYE5QqME+Y6b8t+w3vhNT7HAcaH/sjrDn08Wls/XqTDEEr+fFV8i/Z0bFQjs
27pbdDrYCmQjGizP2INARVIBYeCk/LQ8kSgIy2pI6uzqdXiHjeeSLtLxl7fmLw3j
VNzCP0uY407/N6WTOYEvg/SHAYQZNA3zSA/xsNihRGGDvj75a0WI1p+QDMUUGiYJ
xdDU4lM+L6YP2yZ75XBUNhwHHX6C1vfQC/BvnszRSdnEZeq+bOwAkBDC31eH6y4J
tbqxOXB71x6Ljcwp3BnpKbnXt9VzLM+O96sSc4wOfJl7AeHWD6eEKJNT1mfjWfN3
jB68ezZhQpth7RilxtECMz4pcigGsljHkIfd9nweahAwq2RNwhz5cafpQqDeJV+c
0o05tSNvR8snLX+fbnBTxHl4025lTmJNh9Hv4DY3UnAVL/e/wkmupb6gYA+N3s03
ZJhhG0YBUviuuH6DrRdxTrHjnVveJHSuHhUHrgM3PeX8cspBBYbX77d52jqDS3HJ
UD6eCrIbxyDsKDFS1DEby2KZYM5CBmI4AzUW4nKBuRPZ0uFiM7b/KXptQvC/sUWE
6DgVcIz2ExivDyiHo5XSWsssRRI+vXtJ/GSghWTZuN6WI3whZtnYQyS0L+tZCRdi
GHaFz1YOvzTJZoWHZgXg0fe58Q7CLdco+66scYlHstj562mjsd7fPa59KaGKluvM
-----END RSA PRIVATE KEY-----

Some files were not shown because too many files have changed in this diff Show More