Initial commit

CKUBU/openvpn/client-confs/jonas/ca.crt

@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID3TCCA0agAwIBAgIJAN8aOZJGFGPvMA0GCSqGSIb3DQEBBQUAMIGmMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBm8ub3BlbjEaMBgGA1UECxMRTmV0endlcmsgU2VydmljZXMxFTATBgNVBAMT
+DFZQTi1Kb25hcy1DQTESMBAGA1UEKRMJVlBOLUpvbmFzMR0wGwYJKoZIhvcNAQkB
+Fg5hcmd1c0Bvb3Blbi5kZTAeFw0xMzEyMzAxMTM1NDVaFw0zMzEyMjUxMTM1NDVa
+MIGmMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJs
+aW4xDzANBgNVBAoTBm8ub3BlbjEaMBgGA1UECxMRTmV0endlcmsgU2VydmljZXMx
+FTATBgNVBAMTDFZQTi1Kb25hcy1DQTESMBAGA1UEKRMJVlBOLUpvbmFzMR0wGwYJ
+KoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
+gYkCgYEAout6qX8xnAqKRuPPLrYXFkRi8jQ8kfzP/IcD/kLvwDK+wN4Uvfb+88Lv
+pJ5dTdBWPkvBLt4wEq6gjs/Nqr0lX5V2I6HfnSN2rLvtrtIsfrjmBo0SNpvuxj8Q
+FW5cl+M7d9b8RATFg5I4Senr+pZzIZc82OliVWNSv3j/mXK4NIUCAwEAAaOCAQ8w
+ggELMB0GA1UdDgQWBBQCAq4BgqamRfpKEE0YafCQh/QdGzCB2wYDVR0jBIHTMIHQ
+gBQCAq4BgqamRfpKEE0YafCQh/QdG6GBrKSBqTCBpjELMAkGA1UEBhMCREUxDzAN
+BgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4x
+GjAYBgNVBAsTEU5ldHp3ZXJrIFNlcnZpY2VzMRUwEwYDVQQDEwxWUE4tSm9uYXMt
+Q0ExEjAQBgNVBCkTCVZQTi1Kb25hczEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29w
+ZW4uZGWCCQDfGjmSRhRj7zAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GB
+AAvXrWdgzgaLfSSgQQP0g1UlSkKwQr4KpYQuL6Hy/RJbpkhgBiAUm502G2Z4Syiv
+p+W6jvEctOUPoXnc6qPgBA7He6tBdVuH7/xshFdO2ik7LBjTWPMfNr6L49FXRJ2r
+h414q4N9S1EMZwl1TMqyXTHmHOtLoCdBub1McFu0tfni
+-----END CERTIFICATE-----

CKUBU/openvpn/client-confs/jonas/client.conf

@@ -0,0 +1,137 @@
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server.     #
+#                                            #
+# This configuration can be used by multiple #
+# clients, however each client should have   #
+# its own cert and key files.                #
+#                                            #
+# On Windows, you might want to rename this  #
+# file so it has a .ovpn extension           #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel
+# if you have more than one.  On XP SP2,
+# you may need to disable the firewall
+# for the TAP adapter.
+;dev-node MyTap
+
+# Are we connecting to a TCP or
+# UDP server?  Use the same setting as
+# on the server.
+;proto tcp
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote jonas.homelinux.org 1195
+
+topology subnet
+
+#push "route 192.168.72.0 255.255.255.0"
+#route 192.168.72.0 255.255.255.0
+
+# Choose a random host from the remote
+# list for load-balancing.  Otherwise
+# try hosts in the order specified.
+;remote-random
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server.  Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Downgrade privileges after initialization (non-Windows only)
+# user nobody
+# group nogroup
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# If you are connecting through an
+# HTTP proxy to reach the actual OpenVPN
+# server, put the proxy server/IP and
+# port number here.  See the man page
+# if your proxy server requires
+# authentication.
+;http-proxy-retry # retry on connection failures
+;http-proxy [proxy server] [proxy port #]
+
+# Wireless networks often produce a lot
+# of duplicate packets.  Set this flag
+# to silence duplicate packet warnings.
+;mute-replay-warnings
+
+# SSL/TLS parms.
+# See the server config file for more
+# description.  It's best to use
+# a separate .crt/.key file pair
+# for each client.  A single ca
+# file can be used for all clients.
+ca /etc/openvpn/client-confs/jonas/ca.crt
+cert /etc/openvpn/client-confs/jonas/gw-ckubu.crt
+key /etc/openvpn/client-confs/jonas/gw-ckubu.key
+
+# Verify server certificate by checking
+# that the certicate has the nsCertType
+# field set to "server".  This is an
+# important precaution to protect against
+# a potential attack discussed here:
+#  http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the nsCertType
+# field set to "server".  The build-key-server
+# script in the easy-rsa folder will do this.
+ns-cert-type server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+;tls-auth ta.key 1
+tls-auth /etc/openvpn/client-confs/jonas/ta.key 1
+
+status   /var/log/openvpn/status-jonas.log
+log   /var/log/openvpn/jonas.log
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+;cipher x
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+comp-lzo
+
+# Set log file verbosity.
+verb 3
+
+# Silence repeating messages
+;mute 20
+
+pull
+
+#up /etc/openvpn/client-confs/anw-km/openvpn-up.sh
+#down /etc/openvpn/client-confs/anw-km/openvpn-down.sh
+

CKUBU/openvpn/client-confs/jonas/gw-ckubu.crt

@@ -0,0 +1,74 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 4 (0x4)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Netzwerk Services, CN=VPN-Jonas-CA/name=VPN-Jonas/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Feb 22 13:49:03 2015 GMT
+            Not After : Feb 17 13:49:03 2035 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Netzwerk Services, CN=VPN-Jonas-gw-ckubu/name=VPN-Jonas/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:db:71:8d:eb:12:6a:d0:a9:a7:6f:66:80:3f:44:
+                    cd:48:95:9a:29:c3:15:d6:2e:66:ea:36:c2:44:85:
+                    bf:03:df:cd:c6:29:54:7c:99:a2:2e:26:7f:70:e9:
+                    5f:d8:dc:06:cb:79:4d:9f:6c:fc:e2:e3:50:c1:9e:
+                    77:88:77:5b:65:89:b1:e9:6c:e7:c9:bc:7c:a9:b6:
+                    1e:2a:e5:81:32:6c:a1:98:44:74:cd:a7:7f:7b:f2:
+                    0c:87:25:f9:ed:2e:30:9d:6a:5d:25:48:84:82:cb:
+                    38:9d:85:ca:8e:38:de:8c:25:8f:f9:f3:50:fc:3d:
+                    57:8c:b8:c9:73:2f:83:c6:41
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                5A:D4:32:1B:A5:71:82:40:00:1D:40:F3:18:29:94:F0:4D:14:78:CD
+            X509v3 Authority Key Identifier: 
+                keyid:02:02:AE:01:82:A6:A6:45:FA:4A:10:4D:18:69:F0:90:87:F4:1D:1B
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Netzwerk Services/CN=VPN-Jonas-CA/name=VPN-Jonas/emailAddress=argus@oopen.de
+                serial:DF:1A:39:92:46:14:63:EF
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha1WithRSAEncryption
+         6b:5a:01:5f:9b:69:de:64:1a:ec:4b:42:f4:c0:19:41:33:57:
+         36:95:50:4b:6c:32:cf:32:fd:8d:3d:1e:dd:1a:c0:ca:e9:6c:
+         57:23:51:0a:be:a5:5e:8c:87:3a:53:91:e8:f3:e5:5b:95:da:
+         e9:41:25:26:5d:0d:3a:9f:07:14:be:9f:a9:d9:4e:e8:53:82:
+         c4:39:75:63:16:22:68:6f:29:3d:4a:71:ed:bd:53:dc:84:86:
+         57:a5:93:75:f0:6e:f5:fa:31:96:e9:79:9e:4b:9c:3e:2e:91:
+         46:3a:b2:17:b6:bd:04:03:ab:27:cd:af:0f:66:ab:3e:1b:32:
+         db:80
+-----BEGIN CERTIFICATE-----
+MIIEKTCCA5KgAwIBAgIBBDANBgkqhkiG9w0BAQUFADCBpjELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGjAYBgNVBAsTEU5ldHp3ZXJrIFNlcnZpY2VzMRUwEwYDVQQDEwxWUE4tSm9u
+YXMtQ0ExEjAQBgNVBCkTCVZQTi1Kb25hczEdMBsGCSqGSIb3DQEJARYOYXJndXNA
+b29wZW4uZGUwHhcNMTUwMjIyMTM0OTAzWhcNMzUwMjE3MTM0OTAzWjCBrDELMAkG
+A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
+VQQKEwZvLm9wZW4xGjAYBgNVBAsTEU5ldHp3ZXJrIFNlcnZpY2VzMRswGQYDVQQD
+ExJWUE4tSm9uYXMtZ3ctY2t1YnUxEjAQBgNVBCkTCVZQTi1Kb25hczEdMBsGCSqG
+SIb3DQEJARYOYXJndXNAb29wZW4uZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
+AoGBANtxjesSatCpp29mgD9EzUiVminDFdYuZuo2wkSFvwPfzcYpVHyZoi4mf3Dp
+X9jcBst5TZ9s/OLjUMGed4h3W2WJsels58m8fKm2HirlgTJsoZhEdM2nf3vyDIcl
++e0uMJ1qXSVIhILLOJ2Fyo443owlj/nzUPw9V4y4yXMvg8ZBAgMBAAGjggFdMIIB
+WTAJBgNVHRMEAjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQg
+Q2VydGlmaWNhdGUwHQYDVR0OBBYEFFrUMhulcYJAAB1A8xgplPBNFHjNMIHbBgNV
+HSMEgdMwgdCAFAICrgGCpqZF+koQTRhp8JCH9B0boYGspIGpMIGmMQswCQYDVQQG
+EwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoT
+Bm8ub3BlbjEaMBgGA1UECxMRTmV0endlcmsgU2VydmljZXMxFTATBgNVBAMTDFZQ
+Ti1Kb25hcy1DQTESMBAGA1UEKRMJVlBOLUpvbmFzMR0wGwYJKoZIhvcNAQkBFg5h
+cmd1c0Bvb3Blbi5kZYIJAN8aOZJGFGPvMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsG
+A1UdDwQEAwIHgDANBgkqhkiG9w0BAQUFAAOBgQBrWgFfm2neZBrsS0L0wBlBM1c2
+lVBLbDLPMv2NPR7dGsDK6WxXI1EKvqVejIc6U5Ho8+VbldrpQSUmXQ06nwcUvp+p
+2U7oU4LEOXVjFiJobyk9SnHtvVPchIZXpZN18G71+jGW6XmeS5w+LpFGOrIXtr0E
+A6snza8PZqs+GzLbgA==
+-----END CERTIFICATE-----

CKUBU/openvpn/client-confs/jonas/gw-ckubu.key

@@ -0,0 +1,17 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQICD/000w6/2YCAggA
+MBQGCCqGSIb3DQMHBAj0c3QKF6N/gwSCAoAHSua9v8RQvKZJV7LAvoRIwhtVbgLH
+Yt5QOREISVUTu+wJHL5d9CQGOS5OAdDkxVQrdDmqJMUzyEQZZysYpaVFCHKgqaGz
+UxURznrGug5xLSmt+30IooAcvELwyPRq5cwwD3//NQAonN3mAZQe5fkcHCFHjAZL
+qo30yLD19xoGPaBU9mR7uRMILoRD1NbDF4a+juPfc0JxJdCYUHOBV5aR4Bf495Fd
+z5Pa9zVRIlsLwPqYEUv2SpwmlifrIGAVT4sDMy4fM/z8DwuSIiSH6ay9FEvxPyVy
+Em5WhLJ8yj+ZYC9PSWlzhTqKYLCAMCoOx8Nr+1P3p7vlNrxtJuHWX0bcBNP7BSk1
+Emeu9Nwo9miTIPdqN2t7nSoDf4vt8vY/RGyLD9Q9M7TPNCB9NqqIE/M44PuUP/oC
+1JnLJkfrZl06SSk1TC9cBacmziXjqgYZGyCDPgwkjeDB18ZY2/U/woUZcHuz8v6X
+UGuLL4hyi08V1EGIdmtIse28b0cU8eXyFPG2C5gMANzMPfqpcxMFA9gz8r8qkD8F
+sqjKvPgVQXTowO0HtB2c89/rkoF0E3T1GEdPxo7xX0gfK/WwwkQyX2hVwotu0pPD
+JFEXAGTE34/Pg09Qg8jaOaewMmqoM7UVxHz57SmxHyH1y/B5+5VVoRER2RHym23l
+hj7q60UGDIRE3ckIt5JEB4Pl0u6im+7SYXMWgqkq0zoUTBcK6WXFAiJZ8rxqJLka
+Qx4Y3HnYDPd2Cqd80XPjQ4FMM2TQROv3+7t8b2mVaoE/mUAIcY228DLag036HcK2
+SOWWLrA7cMcbkiDjCaovZoALKKyDnyBQD9AioxSbbYEdcWIjyJDYB2Kw
+-----END ENCRYPTED PRIVATE KEY-----

CKUBU/openvpn/client-confs/jonas/ta.key

@@ -0,0 +1,21 @@
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+3e1e6a6db0e098d43da080f87c6bcf9c
+6259d4439e5caa74289b3bcb0931e07e
+b3170b66ffd4b242a7aa58ac2ce19cca
+09652d59ff49a3e2b4ce570078186820
+66434fe8cee219da9cdd10e99091de98
+b2179eecf24200e5fab0c47fd268aa84
+711ebb8ca7cf154ce331067c8822eb56
+b8cf0cf1d20439deab1c83369a52f670
+56633c2c49865d8c20c77975834a57cb
+faa66bf71e704c6a80863ca7e626308b
+9e460dae6cb6ab87ce3a088c257120cb
+48f04f3103e7c5bff04c26efc57fa300
+fa2c43faa67bf1da9569541110a6860d
+329b06934e0f157fad54dfc64ab5568c
+0b116ca80f9edd7fce35103facf0e6ff
+b34c00b297ffe4e3a63808c2172f84e8
+-----END OpenVPN Static key V1-----