Initial commit

CKUBU/openvpn/client-confs/opp/ca.crt

@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDljCCAv+gAwIBAgIJANdEFItVo9+IMA0GCSqGSIb3DQEBBQUAMIGPMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczETMBEGA1UEAxMK
+T1BQLVZwbi1jYTEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwHhcNMDgw
+NTE5MTMxNDA1WhcNMTgwNTE3MTMxNDA1WjCBjzELMAkGA1UEBhMCREUxDzANBgNV
+BAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAX
+BgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4tY2ExHTAb
+BgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQC1RgTR9sLzgKQW/1iSnMYgrl0OIc9KUxg4lwnA0WcMTPk5iQrX6guV
+BAP6gTzf23qd1mwXqJDGIYaeA7D4KI3kKZdM6vCtKPZ+E2d4j8Kt5JzWAdy2fXVg
+75PCqY2KWfkAh8EGlxmGeSQCuDGqVeiL+ekbp0hx7M57Gst5yxN44wIDAQABo4H3
+MIH0MB0GA1UdDgQWBBThTcNr9HyBexayzG0kbMrdm5NT4zCBxAYDVR0jBIG8MIG5
+gBThTcNr9HyBexayzG0kbMrdm5NT46GBlaSBkjCBjzELMAkGA1UEBhMCREUxDzAN
+BgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4x
+GTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4tY2Ex
+HTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlggkA10QUi1Wj34gwDAYDVR0T
+BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBgKYEcUleLw/trPJbbeI/s0ZKRGVki
+nk7jY7+k8qa88FqrTP3V7pgGnWunINBgTBxM1dH/H4p8DXiIGWJrY7KCddIJSA5J
+JiX7UJBXFQDXflP+MhqIdHfGjd37djMqUD2//WLAKuahxNSuf4L9FfoeNGghlYKX
+Y/hjEv3y78V8QA==
+-----END CERTIFICATE-----

CKUBU/openvpn/client-confs/opp/client.conf

@@ -0,0 +1,137 @@
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server.     #
+#                                            #
+# This configuration can be used by multiple #
+# clients, however each client should have   #
+# its own cert and key files.                #
+#                                            #
+# On Windows, you might want to rename this  #
+# file so it has a .ovpn extension           #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel
+# if you have more than one.  On XP SP2,
+# you may need to disable the firewall
+# for the TAP adapter.
+;dev-node MyTap
+
+# Are we connecting to a TCP or
+# UDP server?  Use the same setting as
+# on the server.
+;proto tcp
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote opp.oopen.de 1195
+
+topology subnet
+
+#push "route 192.168.82.0 255.255.255.0"
+#route 192.168.82.0 255.255.255.0
+
+# Choose a random host from the remote
+# list for load-balancing.  Otherwise
+# try hosts in the order specified.
+;remote-random
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server.  Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Downgrade privileges after initialization (non-Windows only)
+# user nobody
+# group nogroup
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# If you are connecting through an
+# HTTP proxy to reach the actual OpenVPN
+# server, put the proxy server/IP and
+# port number here.  See the man page
+# if your proxy server requires
+# authentication.
+;http-proxy-retry # retry on connection failures
+;http-proxy [proxy server] [proxy port #]
+
+# Wireless networks often produce a lot
+# of duplicate packets.  Set this flag
+# to silence duplicate packet warnings.
+;mute-replay-warnings
+
+# SSL/TLS parms.
+# See the server config file for more
+# description.  It's best to use
+# a separate .crt/.key file pair
+# for each client.  A single ca
+# file can be used for all clients.
+ca /etc/openvpn/client-confs/opp/ca.crt
+cert /etc/openvpn/client-confs/opp/gw-ckubu.crt
+key /etc/openvpn/client-confs/opp/gw-ckubu.key
+
+# Verify server certificate by checking
+# that the certicate has the nsCertType
+# field set to "server".  This is an
+# important precaution to protect against
+# a potential attack discussed here:
+#  http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the nsCertType
+# field set to "server".  The build-key-server
+# script in the easy-rsa folder will do this.
+ns-cert-type server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+;tls-auth ta.key 1
+tls-auth /etc/openvpn/client-confs/opp/ta.key 1
+
+status   /var/log/openvpn/status-opp.log
+log   /var/log/openvpn/opp.log
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+;cipher x
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+comp-lzo
+
+# Set log file verbosity.
+verb 3
+
+# Silence repeating messages
+;mute 20
+
+pull
+
+#up /etc/openvpn/client-confs/anw-km/openvpn-up.sh
+#down /etc/openvpn/client-confs/anw-km/openvpn-down.sh
+

CKUBU/openvpn/client-confs/opp/gw-ckubu.crt

@@ -0,0 +1,73 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 27 (0x1b)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Sep 20 11:41:43 2013 GMT
+            Not After : Sep 18 11:41:43 2023 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-gw-ckubu/name=VPN OPP/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:97:a7:33:b6:32:9c:b4:75:af:7a:7e:54:53:25:
+                    cc:06:7b:f9:e0:93:3f:2f:9d:83:d2:ce:49:27:ed:
+                    da:35:19:fc:a2:40:67:52:db:8e:ba:42:42:13:74:
+                    73:00:eb:97:12:ad:e0:5f:8e:de:59:ff:c9:d6:8c:
+                    27:a1:95:28:0e:06:5e:ae:49:29:3e:97:60:3a:76:
+                    b4:f0:e4:11:0f:c6:07:fa:e5:42:0d:e8:82:d0:71:
+                    38:a0:07:a6:aa:20:45:7e:d9:78:2e:66:53:8c:10:
+                    77:44:e8:49:57:50:5c:33:85:b0:88:61:1d:64:aa:
+                    4f:0c:bc:b2:1b:b0:5c:6d:cb
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                3F:A4:2B:57:0D:33:62:CA:48:8B:87:19:C6:1E:15:A6:31:A6:FE:6B
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha1WithRSAEncryption
+        20:73:fd:0e:d1:64:95:60:ef:19:ae:dc:e6:e0:38:c8:f4:aa:
+        fe:1b:89:a6:ff:ed:b2:36:ec:1a:38:08:5f:53:61:c6:b8:7e:
+        c8:fd:82:6d:69:b3:92:bf:ad:40:4e:7e:d1:b3:c4:21:5c:d6:
+        6e:eb:ea:64:51:e2:3a:49:d0:4b:49:dd:ca:9d:4b:ab:a5:b1:
+        1a:82:ff:7b:0d:44:10:91:1a:11:db:ae:8f:2a:88:8f:d9:ce:
+        a9:56:e6:da:8a:ba:27:0d:44:4b:2f:70:da:c9:34:cd:c8:19:
+        79:93:d5:45:16:49:7b:53:7a:83:3c:14:6b:09:71:bc:5c:58:
+        e8:cf
+-----BEGIN CERTIFICATE-----
+MIID9jCCA1+gAwIBAgIBGzANBgkqhkiG9w0BAQUFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTEzMDkyMDExNDE0
+M1oXDTIzMDkxODExNDE0M1owgacxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
+ZXR3b3JrIHNlcnZpY2VzMRkwFwYDVQQDExBPUFAtVnBuLWd3LWNrdWJ1MRAwDgYD
+VQQpEwdWUE4gT1BQMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCBnzAN
+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAl6cztjKctHWven5UUyXMBnv54JM/L52D
+0s5JJ+3aNRn8okBnUtuOukJCE3RzAOuXEq3gX47eWf/J1ownoZUoDgZerkkpPpdg
+Ona08OQRD8YH+uVCDeiC0HE4oAemqiBFftl4LmZTjBB3ROhJV1BcM4WwiGEdZKpP
+DLyyG7BcbcsCAwEAAaOCAUYwggFCMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAW
+HkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUP6QrVw0z
+YspIi4cZxh4VpjGm/mswgcQGA1UdIwSBvDCBuYAU4U3Da/R8gXsWssxtJGzK3ZuT
+U+OhgZWkgZIwgY8xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNV
+BAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNl
+cnZpY2VzMRMwEQYDVQQDEwpPUFAtVnBuLWNhMR0wGwYJKoZIhvcNAQkBFg5hcmd1
+c0Bvb3Blbi5kZYIJANdEFItVo9+IMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1Ud
+DwQEAwIHgDANBgkqhkiG9w0BAQUFAAOBgQAgc/0O0WSVYO8Zrtzm4DjI9Kr+G4mm
+/+2yNuwaOAhfU2HGuH7I/YJtabOSv61ATn7Rs8QhXNZu6+pkUeI6SdBLSd3KnUur
+pbEagv97DUQQkRoR266PKoiP2c6pVubaironDURLL3DayTTNyBl5k9VFFkl7U3qD
+PBRrCXG8XFjozw==
+-----END CERTIFICATE-----

CKUBU/openvpn/client-confs/opp/gw-ckubu.key

@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-CBC,4CB95F5C6DD612B2
+
+Nw2A/U2PvM2266HmN6E58eFsPDSAFKbtiM8FLA1D20R3TDhzGETcv0J3v5iQFRMp
+oeBthXWiNOvT0HfU4cjhR5MPs3gmLN+OF8U61kCRf9767Smp8zaXdRwgQ4gOMM63
+DVQZhNlY0MaeX5IS2HKvO+gZ/DAUDTU/lDnVSe11bAibzmDwbQXZ4eV2gP8dH2/n
+nYKWagqqUjU90HpxkFO1XQgQ3ShGUoTB2v6UYqi6NhvH7Jz/0IN+eTHHPbPr2CXw
+CRm9bFQbKchp3N6V5oHhY5RO3KgNa/w+/XoxjJZ3bBeCjZeFgeNMDkKC0YnTCz+/
++hO6sgHM5I5oYYEvvZflKg7JMBSY/w/XyfWQTh2FLOvcJDh85ozU/JeQ7EbNaiRt
+ZF2TaMHbcmKSdyoW5VL3iRirq93nbpFl6wUFuifKobLniqT/rjwiSvirqoYds2S/
+sDn19aC/DtOxTXXqp3ReRvBQ56CL4exROHTYrHjh6ECvofdiWoO/tjZrcbtpsIla
+v6nTqo/FMvetbvLPoRfzfeoXIzH6q8fBJ7M10L/AGdbAEW0x5VyMTceHhn/rvdWM
+EPIewbUDKb5WQm2nPxST540fvUMizScGrKVhJbA/2uMtsKjN1G0cF0yPUouK9itW
+1ChqDPJWZJegXNcwcVHHX8hIDCcpd/sFFKVlGDThPmDv6LQ2mgy1nkIDslvsRyeZ
+j40+xfwhXQ49PnGLndkBT4MtvxR46Zt2PH9FFPC18EGDoces2Fv8IKjGVlZpd9uO
+W5D1D69vwgYVFV6E7ZMWF9z/mY53ci0VSMnRjVh3R2rTQjqXypDCDQ==
+-----END RSA PRIVATE KEY-----

CKUBU/openvpn/client-confs/opp/ta.key

@@ -0,0 +1,21 @@
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+ff2b7b56af351769ba703f874d389327
+2e8fed8405df740d51d58eff3eb25af3
+d6de19376333a9b05aa72f8b90124bbf
+5ea3085029070d28952a1fe9baa392fc
+4865bd5dbc58a4ccfc373d2ce772a217
+17f099df7d2354e404ae7690cbc50002
+151667c2af583705bd3896327917327a
+a8b2c9073e58b7deabb3ad04336170b9
+6fcce57b50827b0f393b7d1f0a7f6299
+d15140e46f6108983234eb53b0a6d56c
+6ce3815bc7f5ec9f52bc7eb680562b4f
+1241f1378b774491ca817b56f1d5ba09
+c25e8a4dff3610c60e4f9f3c306c15af
+8a70829075343f2ab24d61560804c78a
+dda39ceb12e11a0079b59dcb607166e5
+567cbf1dc83c2f32f8ce1cb4576c12df
+-----END OpenVPN Static key V1-----