Initial commit

CKUBU/openvpn/client-confs/flr-brb/ca.crt

@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDzjCCAzegAwIBAgIJAPf/MOnEeNJTMA0GCSqGSIb3DQEBBQUAMIGhMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEPMA0GA1UEAxMG
+VlBOLUNBMRQwEgYDVQQpEwtWUE4tRkxSLUJSQjEdMBsGCSqGSIb3DQEJARYOYXJn
+dXNAb29wZW4uZGUwHhcNMTIxMTExMTgyMzU5WhcNMzIxMTA2MTgyMzU5WjCBoTEL
+MAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8w
+DQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxDzANBgNV
+BAMTBlZQTi1DQTEUMBIGA1UEKRMLVlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0BCQEW
+DmFyZ3VzQG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIdp+t
+lUB/nx3JqiZiBEkyTK2m+uH/hes4wYTpmbRY2x1YJtwQegX/sfxuu0n1xA42gON0
+eOBc2v/MmKzrGP+VP2VxWBhR/VnJsPeFTJJvD6ioM+jc9xNeZFNgHibRw4vzipyK
+ALQJK6gJ3COvhb3YWOul3njUGgZZkaikPMuTQQIDAQABo4IBCjCCAQYwHQYDVR0O
+BBYEFFb+8DvjraReG34P1h/k6dWObxLWMIHWBgNVHSMEgc4wgcuAFFb+8DvjraRe
+G34P1h/k6dWObxLWoYGnpIGkMIGhMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVy
+bGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQ
+bmV0d29yayBzZXJ2aWNlczEPMA0GA1UEAxMGVlBOLUNBMRQwEgYDVQQpEwtWUE4t
+RkxSLUJSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQD3/zDpxHjS
+UzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBADPFDfqCtYtsS/NxGVYc
+hgxKsA9S/kBifNbde0e6nmPBgufW+O3uPrkvg7Wx2EayxMhX/dVrAYm8NSNCdWXV
+5ra0lu6cTI8rwWt404e0F/o0v6u+5eWHFxSF0lDJIVhwvvVoiAUJQw8h+BlI5PYO
+JcHZCQoQE1/RE6Xp+0xgTXvW
+-----END CERTIFICATE-----

CKUBU/openvpn/client-confs/flr-brb/client.conf

@@ -0,0 +1,137 @@
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server.     #
+#                                            #
+# This configuration can be used by multiple #
+# clients, however each client should have   #
+# its own cert and key files.                #
+#                                            #
+# On Windows, you might want to rename this  #
+# file so it has a .ovpn extension           #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel
+# if you have more than one.  On XP SP2,
+# you may need to disable the firewall
+# for the TAP adapter.
+;dev-node MyTap
+
+# Are we connecting to a TCP or
+# UDP server?  Use the same setting as
+# on the server.
+;proto tcp
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote flr-brb.homelinux.org 1195
+
+topology subnet
+
+#push "route 192.168.82.0 255.255.255.0"
+#route 192.168.82.0 255.255.255.0
+
+# Choose a random host from the remote
+# list for load-balancing.  Otherwise
+# try hosts in the order specified.
+;remote-random
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server.  Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Downgrade privileges after initialization (non-Windows only)
+# user nobody
+# group nogroup
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# If you are connecting through an
+# HTTP proxy to reach the actual OpenVPN
+# server, put the proxy server/IP and
+# port number here.  See the man page
+# if your proxy server requires
+# authentication.
+;http-proxy-retry # retry on connection failures
+;http-proxy [proxy server] [proxy port #]
+
+# Wireless networks often produce a lot
+# of duplicate packets.  Set this flag
+# to silence duplicate packet warnings.
+;mute-replay-warnings
+
+# SSL/TLS parms.
+# See the server config file for more
+# description.  It's best to use
+# a separate .crt/.key file pair
+# for each client.  A single ca
+# file can be used for all clients.
+ca /etc/openvpn/client-confs/flr-brb/ca.crt
+cert /etc/openvpn/client-confs/flr-brb/gw-ckubu.crt
+key /etc/openvpn/client-confs/flr-brb/gw-ckubu.key
+
+# Verify server certificate by checking
+# that the certicate has the nsCertType
+# field set to "server".  This is an
+# important precaution to protect against
+# a potential attack discussed here:
+#  http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the nsCertType
+# field set to "server".  The build-key-server
+# script in the easy-rsa folder will do this.
+ns-cert-type server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+;tls-auth ta.key 1
+tls-auth /etc/openvpn/client-confs/flr-brb/ta.key 1
+
+status   /var/log/openvpn/status-flr-brb.log
+log   /var/log/openvpn/flr-brb.log
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+;cipher x
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+comp-lzo
+
+# Set log file verbosity.
+verb 3
+
+# Silence repeating messages
+;mute 20
+
+pull
+
+#up /etc/openvpn/client-confs/anw-km/openvpn-up.sh
+#down /etc/openvpn/client-confs/anw-km/openvpn-down.sh
+

CKUBU/openvpn/client-confs/flr-brb/gw-ckubu.crt

@@ -0,0 +1,74 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 4 (0x4)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Sep 18 11:07:19 2013 GMT
+            Not After : Sep 16 11:07:19 2023 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-FLR-BRB-gw-ckubu/name=Christoph Kuchenbuch/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:c8:6b:44:7a:ce:51:74:af:7e:b0:db:ab:e5:cb:
+                    50:f7:01:9b:da:d4:38:7e:35:01:0c:60:4f:28:92:
+                    90:4c:dd:06:1a:a0:89:d6:65:c4:97:d4:22:35:3f:
+                    8c:0c:79:e2:ec:9a:26:4e:e7:ee:f7:73:02:65:12:
+                    9f:cf:5e:05:0c:1e:96:c7:f1:81:92:8f:ac:48:71:
+                    93:df:f8:f2:a3:66:65:ad:13:81:c1:f1:23:a2:c5:
+                    04:86:26:29:bf:2c:7d:28:43:fa:a1:3d:dd:aa:47:
+                    01:af:0f:c2:ba:e0:0b:1d:af:53:f1:f7:a8:b2:90:
+                    2f:4a:ab:c8:19:f6:9c:eb:23
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                DC:10:87:FA:DA:75:B6:5E:0D:5F:CD:4E:2C:9B:B0:E5:A1:E8:85:1D
+            X509v3 Authority Key Identifier: 
+                keyid:56:FE:F0:3B:E3:AD:A4:5E:1B:7E:0F:D6:1F:E4:E9:D5:8E:6F:12:D6
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+                serial:F7:FF:30:E9:C4:78:D2:53
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha1WithRSAEncryption
+         9a:71:cd:8f:8a:8a:a0:96:68:01:5e:86:36:74:41:1d:1a:99:
+         66:56:83:09:c5:18:7f:a1:ec:bf:b8:17:52:e8:fb:09:9c:b3:
+         5b:b7:0f:ec:e5:4f:db:87:7d:0d:bf:4b:ce:b1:f6:fb:c8:e0:
+         99:f5:aa:39:ce:dd:8e:7d:6d:b0:70:7f:00:42:de:6e:55:be:
+         57:f4:01:8d:2e:00:b7:90:b1:92:73:65:89:20:52:8b:b9:f2:
+         28:eb:e6:32:0d:ed:a0:51:2a:73:fa:dd:6b:86:b5:71:b1:d5:
+         b7:30:59:6b:94:dd:fc:c9:47:00:35:a8:b7:18:53:c6:99:fb:
+         0a:70
+-----BEGIN CERTIFICATE-----
+MIIEKzCCA5SgAwIBAgIBBDANBgkqhkiG9w0BAQUFADCBoTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxDzANBgNVBAMTBlZQTi1DQTEU
+MBIGA1UEKRMLVlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVu
+LmRlMB4XDTEzMDkxODExMDcxOVoXDTIzMDkxNjExMDcxOVowgbgxCzAJBgNVBAYT
+AkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMG
+by5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMR0wGwYDVQQDExRWUE4t
+RkxSLUJSQi1ndy1ja3VidTEdMBsGA1UEKRMUQ2hyaXN0b3BoIEt1Y2hlbmJ1Y2gx
+HTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUA
+A4GNADCBiQKBgQDIa0R6zlF0r36w26vly1D3AZva1Dh+NQEMYE8okpBM3QYaoInW
+ZcSX1CI1P4wMeeLsmiZO5+73cwJlEp/PXgUMHpbH8YGSj6xIcZPf+PKjZmWtE4HB
+8SOixQSGJim/LH0oQ/qhPd2qRwGvD8K64Asdr1Px96iykC9Kq8gZ9pzrIwIDAQAB
+o4IBWDCCAVQwCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2Vu
+ZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBTcEIf62nW2Xg1fzU4sm7DloeiF
+HTCB1gYDVR0jBIHOMIHLgBRW/vA7462kXht+D9Yf5OnVjm8S1qGBp6SBpDCBoTEL
+MAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8w
+DQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxDzANBgNV
+BAMTBlZQTi1DQTEUMBIGA1UEKRMLVlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0BCQEW
+DmFyZ3VzQG9vcGVuLmRlggkA9/8w6cR40lMwEwYDVR0lBAwwCgYIKwYBBQUHAwIw
+CwYDVR0PBAQDAgeAMA0GCSqGSIb3DQEBBQUAA4GBAJpxzY+KiqCWaAFehjZ0QR0a
+mWZWgwnFGH+h7L+4F1Lo+wmcs1u3D+zlT9uHfQ2/S86x9vvI4Jn1qjnO3Y59bbBw
+fwBC3m5Vvlf0AY0uALeQsZJzZYkgUou58ijr5jIN7aBRKnP63WuGtXGx1bcwWWuU
+3fzJRwA1qLcYU8aZ+wpw
+-----END CERTIFICATE-----

CKUBU/openvpn/client-confs/flr-brb/gw-ckubu.key

@@ -0,0 +1,17 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI2PZiohF8ugcCAggA
+MBQGCCqGSIb3DQMHBAhTTx6Dj3br7gSCAoDTyLVebeOV/njatPhy0qEi/DlH/6+H
+oK9kQaUV69QS6NO3N1RqqDvXu2DcdlkzLLvi1CJWgTJyeHbtKHyTMEEXI/P2SOZL
+wBGqXZ2Nav6MqjGpjzHryAAh32thyGJC5o/m/SOMX1lMvDln/g9WzC0ZRAMdNi5M
+SrLZieR41OA/0Pt7EuBIfuIvs2MhQwaUbVgdVShmBDVVS+44qJU36wmTT47mEFCD
+47ghy6xXvfykiI30fYO4qPad+nR8zpnpEGB5ZQfEx2SRdsbWxY1GMT4rAzTBMgiJ
+bbyVY8rEb0kKqbJhUFQ9jjodW2b94p6nayaJHoyO4sFEgvvPhpPsBXRPKOZXMSl1
+kNjDEwUjpPCxm2v4JpYiPUoiZO4IAKbXcfJ8WWuKZp1Du37PVD/EnXDjyKBFOyzD
+QJDF7ukzAwMHcq9bVv8AybVxC6I+1nDgdrD9s/8cBQiCyYufV/5H484GBI6d2dXo
+SyKffomnpHVK7AzAYZXmyxlQj1kwJeh73xYFH06fec0VmmH6vHkN+wjYheJLrqSi
+xZkOnxggAecIINh3kVbPrZCfKn46vYwDoFHgK8Ek7nRaIXaYGuKrRfHZRTN6g98s
++QK5iGSL/5Fg8EdsgRtAm4Ss/mBUCEY2AZF4fekfyhtzbpYLtb5XJIw42SCwJstN
+dd35UeaUWTOXkO7sIub88UVxv9VXIXpq+2DD7emd9jpyQVp0W2/jlGEvtSNUUsMD
+E26+ck8dSOnJI/FFYOeqtW24dZ+0g2NXAoUiwtqQweOJKkOjQlNV/L1Ud68zSy0e
+oDCt0c3xYx5JAXDKximQqlVAenc5rl+4kHVnG8wmULmTgWCMbYSk/sAC
+-----END ENCRYPTED PRIVATE KEY-----

CKUBU/openvpn/client-confs/flr-brb/ta.key

@@ -0,0 +1,21 @@
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+670c1735182a2aa7373f3913f4bb9922
+1011f52b6004f688f702ee2eebf789de
+8e9a7cbbe597de15dcd0944cc77c63bb
+247ef4ec6beb0ab1ad0e68fd3224d9c3
+50f3536eb45f0582ab3deb4a84144e08
+4ab82c010550262a803f617826443ed5
+34ace631dd1115372b4b6d91523ebf9d
+5212960ff14b16776359a2c4a8a78672
+c6dd16d8e3bead764da1f39a267a5d2c
+e798d3f52e0d8ceb7cafde530cbff390
+7a099224465c3bde210bdc7e713dae1c
+05e190846e0bc7cc8e4c79427516eed3
+b580385daaef259dd823e67970ffd9f3
+125c3b6217f6622652f76f1da0ea96e5
+b9724b6abd8384f45f11d9b41a9afa7b
+34d1a506ef314806f46e64d46f4b53a7
+-----END OpenVPN Static key V1-----