o.open/Office_Networks
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Christoph
2018-05-08 03:01:03 +02:00
commit 1c4c595cd6
3256 changed files with 417972 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
MBR/openvpn/gw-ckubu/ccd/server-gw-ckubu/VPN-MBR-gw-ckubu Normal file
View File

@ -0,0 +1,3 @@
ifconfig-push 10.1.112.2 255.255.255.0
iroute 192.168.63.0 255.255.255.0
iroute 192.168.64.0 255.255.255.0

18
MBR/openvpn/gw-ckubu/crl.pem Normal file
View File

@ -0,0 +1,18 @@
-----BEGIN X509 CRL-----
MIIC6TCB0jANBgkqhkiG9w0BAQsFADCBojELMAkGA1UEBhMCREUxDzANBgNVBAgT
BkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNV
BAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1NQlIxEDAOBgNVBCkT
B1ZQTiBNQlIxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZRcNMTcx
MjE4MjEyODQ3WhcNNDkxMjE4MjEyODQ3WjANBgkqhkiG9w0BAQsFAAOCAgEAqs9Y
cggwWSmE4gncdcp/UuPs08KMIi7lfGzvVSzH/45V64nWuPOBApcKNSx8rQPDLGmz
VRfEUh1L8rgVJ0q4f9xrjHETbf9jrT25q2hZTjNjApieOmu0OEaJiDjXer2EOuzo
QkTstBnJtWzDDD6UiALFuVunlgOYx7H9ZuFYBk4de9xd3xj7KtvWNDwqhBk233K4
oirbLkBjO2yS6fZcK5jg+EMHbTQrNUz5MPNrFBzxmrfphtXKFx5ZiuT4TZbGv+/c
1fC0mVhaqd1wcH9YjrEHRmYq3XjvLBIWv28r5+SdoXf4ZvAbDgHasQbXlT5VsE/7
TfHnRYVxvidrMChf2OX9ZE4mHNR5n254xYRJxcndn7YL9MmV2YT3zBpiXiRIjA32
kwqC7KyHS0nmO2c0qNXb2zylqYmrXJscxHHb05dmEs0UnZm8EOw854PG+Nx+HZA2
jlvd55Qvud4CuaGu3lzOcFbaoJmLwslibhVzSD9fbOx3bhkuHy9pxEQOvZVRa16V
bn7GhJBBYt8PspAGnSImIzwkYkhG6mBsq+IXCI/YAh3KMd6JgqmypgjbYMeWrRVy
kyUp8tZ4E4XZmhMu93T1sUsf+Mjg569zv/9l/rX+O3ka2U+hH+/CmBQ3D5Jv9k7M
NDLwskSg0I9LHqoZ5NAyhdXG6k2GQuLRA4PLS78=
-----END X509 CRL-----

1
MBR/openvpn/gw-ckubu/easy-rsa/build-ca Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-ca

1
MBR/openvpn/gw-ckubu/easy-rsa/build-dh Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-dh

1
MBR/openvpn/gw-ckubu/easy-rsa/build-inter Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-inter

1
MBR/openvpn/gw-ckubu/easy-rsa/build-key Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-key

1
MBR/openvpn/gw-ckubu/easy-rsa/build-key-pass Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-key-pass

1
MBR/openvpn/gw-ckubu/easy-rsa/build-key-pkcs12 Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-key-pkcs12

1
MBR/openvpn/gw-ckubu/easy-rsa/build-key-server Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-key-server

1
MBR/openvpn/gw-ckubu/easy-rsa/build-req Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-req

1
MBR/openvpn/gw-ckubu/easy-rsa/build-req-pass Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-req-pass

1
MBR/openvpn/gw-ckubu/easy-rsa/clean-all Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/clean-all

1
MBR/openvpn/gw-ckubu/easy-rsa/inherit-inter Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/inherit-inter

1
MBR/openvpn/gw-ckubu/easy-rsa/list-crl Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/list-crl

268
MBR/openvpn/gw-ckubu/easy-rsa/openssl-0.9.6.cnf Normal file
View File

@ -0,0 +1,268 @@
# For use with easy-rsa version 2.0
#
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = $ENV::KEY_DIR # Where everything is kept
certs = $dir # Where the issued certs are kept
crl_dir = $dir # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir # default place for new certs.
certificate = $dir/ca.crt # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/ca.key # The private key
RANDFILE = $dir/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 3650 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = sha256 # which md to use.
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
####################################################################
[ req ]
default_bits = $ENV::KEY_SIZE
default_keyfile = privkey.pem
default_md = sha256
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString.
# utf8only: only UTF8Strings.
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
# so use this option with caution!
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = $ENV::KEY_COUNTRY
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = $ENV::KEY_PROVINCE
localityName = Locality Name (eg, city)
localityName_default = $ENV::KEY_CITY
0.organizationName = Organization Name (eg, company)
0.organizationName_default = $ENV::KEY_ORG
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
emailAddress = Email Address
emailAddress_default = $ENV::KEY_EMAIL
emailAddress_max = 40
# JY -- added for batch mode
organizationalUnitName_default = $ENV::KEY_OU
commonName_default = $ENV::KEY_CN
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "Easy-RSA Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=clientAuth
keyUsage = digitalSignature
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
subjectAltName=$ENV::KEY_ALTNAMES
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ server ]
# JY ADDED -- Make a cert with nsCertType set to "server"
basicConstraints=CA:FALSE
nsCertType = server
nsComment = "Easy-RSA Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=serverAuth
keyUsage = digitalSignature, keyEncipherment
subjectAltName=$ENV::KEY_ALTNAMES
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always

293
MBR/openvpn/gw-ckubu/easy-rsa/openssl-0.9.8.cnf Normal file
View File

@ -0,0 +1,293 @@
# For use with easy-rsa version 2.0
#
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
openssl_conf = openssl_init
[ openssl_init ]
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
engines = engine_section
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = $ENV::KEY_DIR # Where everything is kept
certs = $dir # Where the issued certs are kept
crl_dir = $dir # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir # default place for new certs.
certificate = $dir/ca.crt # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/ca.key # The private key
RANDFILE = $dir/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 3650 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = sha256 # which md to use.
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
####################################################################
[ req ]
default_bits = $ENV::KEY_SIZE
default_keyfile = privkey.pem
default_md = sha256
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString.
# utf8only: only UTF8Strings.
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
# so use this option with caution!
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = $ENV::KEY_COUNTRY
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = $ENV::KEY_PROVINCE
localityName = Locality Name (eg, city)
localityName_default = $ENV::KEY_CITY
0.organizationName = Organization Name (eg, company)
0.organizationName_default = $ENV::KEY_ORG
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
name = Name
name_max = 64
emailAddress = Email Address
emailAddress_default = $ENV::KEY_EMAIL
emailAddress_max = 40
# JY -- added for batch mode
organizationalUnitName_default = $ENV::KEY_OU
commonName_default = $ENV::KEY_CN
name_default = $ENV::KEY_NAME
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "Easy-RSA Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=clientAuth
keyUsage = digitalSignature
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
subjectAltName=$ENV::KEY_ALTNAMES
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ server ]
# JY ADDED -- Make a cert with nsCertType set to "server"
basicConstraints=CA:FALSE
nsCertType = server
nsComment = "Easy-RSA Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=serverAuth
keyUsage = digitalSignature, keyEncipherment
subjectAltName=$ENV::KEY_ALTNAMES
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always
[ engine_section ]
#
# If you are using PKCS#11
# Install engine_pkcs11 of opensc (www.opensc.org)
# And uncomment the following
# verify that dynamic_path points to the correct location
#
#pkcs11 = pkcs11_section
[ pkcs11_section ]
engine_id = pkcs11
dynamic_path = /usr/lib/engines/engine_pkcs11.so
MODULE_PATH = $ENV::PKCS11_MODULE_PATH
PIN = $ENV::PKCS11_PIN
init = 0

290
MBR/openvpn/gw-ckubu/easy-rsa/openssl-1.0.0.cnf Normal file
View File

@ -0,0 +1,290 @@
# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
openssl_conf = openssl_init
[ openssl_init ]
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
engines = engine_section
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = $ENV::KEY_DIR # Where everything is kept
certs = $dir # Where the issued certs are kept
crl_dir = $dir # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir # default place for new certs.
certificate = $dir/ca.crt # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/ca.key # The private key
RANDFILE = $dir/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
#default_days = 3650 # how long to certify for
default_days = 11688
#default_crl_days= 30 # how long before next CRL
default_crl_days = 11688
default_md = sha256 # use public key default MD
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
####################################################################
[ req ]
default_bits = $ENV::KEY_SIZE
default_keyfile = privkey.pem
default_md = sha256
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString (PKIX recommendation after 2004).
# utf8only: only UTF8Strings (PKIX recommendation after 2004).
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = $ENV::KEY_COUNTRY
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = $ENV::KEY_PROVINCE
localityName = Locality Name (eg, city)
localityName_default = $ENV::KEY_CITY
0.organizationName = Organization Name (eg, company)
0.organizationName_default = $ENV::KEY_ORG
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
name = Name
name_max = 64
emailAddress = Email Address
emailAddress_default = $ENV::KEY_EMAIL
emailAddress_max = 40
# JY -- added for batch mode
organizationalUnitName_default = $ENV::KEY_OU
commonName_default = $ENV::KEY_CN
name_default = $ENV::KEY_NAME
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "Easy-RSA Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=clientAuth
keyUsage = digitalSignature
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
subjectAltName=$ENV::KEY_ALTNAMES
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ server ]
# JY ADDED -- Make a cert with nsCertType set to "server"
basicConstraints=CA:FALSE
nsCertType = server
nsComment = "Easy-RSA Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=serverAuth
keyUsage = digitalSignature, keyEncipherment
subjectAltName=$ENV::KEY_ALTNAMES
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always
[ engine_section ]
#
# If you are using PKCS#11
# Install engine_pkcs11 of opensc (www.opensc.org)
# And uncomment the following
# verify that dynamic_path points to the correct location
#
#pkcs11 = pkcs11_section
[ pkcs11_section ]
engine_id = pkcs11
dynamic_path = /usr/lib/engines/engine_pkcs11.so
MODULE_PATH = $ENV::PKCS11_MODULE_PATH
PIN = $ENV::PKCS11_PIN
init = 0

288
MBR/openvpn/gw-ckubu/easy-rsa/openssl-1.0.0.cnf.ORIG Normal file
View File

@ -0,0 +1,288 @@
# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
openssl_conf = openssl_init
[ openssl_init ]
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
engines = engine_section
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = $ENV::KEY_DIR # Where everything is kept
certs = $dir # Where the issued certs are kept
crl_dir = $dir # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir # default place for new certs.
certificate = $dir/ca.crt # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/ca.key # The private key
RANDFILE = $dir/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 3650 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = sha256 # use public key default MD
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
####################################################################
[ req ]
default_bits = $ENV::KEY_SIZE
default_keyfile = privkey.pem
default_md = sha256
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString (PKIX recommendation after 2004).
# utf8only: only UTF8Strings (PKIX recommendation after 2004).
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = $ENV::KEY_COUNTRY
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = $ENV::KEY_PROVINCE
localityName = Locality Name (eg, city)
localityName_default = $ENV::KEY_CITY
0.organizationName = Organization Name (eg, company)
0.organizationName_default = $ENV::KEY_ORG
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
name = Name
name_max = 64
emailAddress = Email Address
emailAddress_default = $ENV::KEY_EMAIL
emailAddress_max = 40
# JY -- added for batch mode
organizationalUnitName_default = $ENV::KEY_OU
commonName_default = $ENV::KEY_CN
name_default = $ENV::KEY_NAME
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "Easy-RSA Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=clientAuth
keyUsage = digitalSignature
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
subjectAltName=$ENV::KEY_ALTNAMES
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ server ]
# JY ADDED -- Make a cert with nsCertType set to "server"
basicConstraints=CA:FALSE
nsCertType = server
nsComment = "Easy-RSA Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=serverAuth
keyUsage = digitalSignature, keyEncipherment
subjectAltName=$ENV::KEY_ALTNAMES
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always
[ engine_section ]
#
# If you are using PKCS#11
# Install engine_pkcs11 of opensc (www.opensc.org)
# And uncomment the following
# verify that dynamic_path points to the correct location
#
#pkcs11 = pkcs11_section
[ pkcs11_section ]
engine_id = pkcs11
dynamic_path = /usr/lib/engines/engine_pkcs11.so
MODULE_PATH = $ENV::PKCS11_MODULE_PATH
PIN = $ENV::PKCS11_PIN
init = 0

1
MBR/openvpn/gw-ckubu/easy-rsa/openssl.cnf Symbolic link
View File

@ -0,0 +1 @@
/etc/openvpn/gw-ckubu/easy-rsa/openssl-1.0.0.cnf

1
MBR/openvpn/gw-ckubu/easy-rsa/pkitool Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/pkitool

1
MBR/openvpn/gw-ckubu/easy-rsa/revoke-full Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/revoke-full

1
MBR/openvpn/gw-ckubu/easy-rsa/sign-req Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/sign-req

96
MBR/openvpn/gw-ckubu/easy-rsa/vars Normal file
View File

@ -0,0 +1,96 @@
# easy-rsa parameter settings
# NOTE: If you installed from an RPM,
# don't edit this file in place in
# /usr/share/openvpn/easy-rsa --
# instead, you should copy the whole
# easy-rsa directory to another location
# (such as /etc/openvpn) so that your
# edits will not be wiped out by a future
# OpenVPN package upgrade.
# This variable should point to
# the top level of the easy-rsa
# tree.
##export EASY_RSA="`pwd`"
export BASE_DIR="/etc/openvpn/gw-ckubu"
export EASY_RSA="$BASE_DIR/easy-rsa"
#
# This variable should point to
# the requested executables
#
export OPENSSL="openssl"
export PKCS11TOOL="pkcs11-tool"
export GREP="grep"
# This variable should point to
# the openssl.cnf file included
# with easy-rsa.
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
# Edit this variable to point to
# your soon-to-be-created key
# directory.
#
# WARNING: clean-all will do
# a rm -rf on this directory
# so make sure you define
# it correctly!
##export KEY_DIR="$EASY_RSA/keys"
export KEY_DIR="$BASE_DIR/keys"
# Issue rm -rf warning
echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
# PKCS11 fixes
export PKCS11_MODULE_PATH="dummy"
export PKCS11_PIN="dummy"
# Increase this to 2048 if you
# are paranoid. This will slow
# down TLS negotiation performance
# as well as the one-time DH parms
# generation process.
##export KEY_SIZE=2048
export KEY_SIZE=4096
# In how many days should the root CA key expire?
##export CA_EXPIRE=3650
export CA_EXPIRE=11688
# In how many days should certificates expire?
##export KEY_EXPIRE=3650
export KEY_EXPIRE=7305
# These are the default values for fields
# which will be placed in the certificate.
# Don't leave any of these fields blank.
##export KEY_COUNTRY="US"
export KEY_COUNTRY="DE"
##export KEY_PROVINCE="CA"
export KEY_PROVINCE="Berlin"
##export KEY_CITY="SanFrancisco"
export KEY_CITY="Berlin"
##export KEY_ORG="Fort-Funston"
export KEY_ORG="O.OPEN"
##export KEY_EMAIL="me@myhost.mydomain"
export KEY_EMAIL="ckubu-adm@oopen.de"
##export KEY_OU="MyOrganizationalUnit"
export KEY_OU="Network Services"
# X509 Subject Field
##export KEY_NAME="EasyRSA"
export KEY_NAME="VPN MBR"
# PKCS11 Smart Card
# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
# export PKCS11_PIN=1234
# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
## export KEY_CN="CommonName"
export KEY_CN="VPN-MBR"
export KEY_ALTNAMES="VPN MBR"

80
MBR/openvpn/gw-ckubu/easy-rsa/vars.2017-12-18-2133 Normal file
View File

@ -0,0 +1,80 @@
# easy-rsa parameter settings
# NOTE: If you installed from an RPM,
# don't edit this file in place in
# /usr/share/openvpn/easy-rsa --
# instead, you should copy the whole
# easy-rsa directory to another location
# (such as /etc/openvpn) so that your
# edits will not be wiped out by a future
# OpenVPN package upgrade.
# This variable should point to
# the top level of the easy-rsa
# tree.
export EASY_RSA="`pwd`"
#
# This variable should point to
# the requested executables
#
export OPENSSL="openssl"
export PKCS11TOOL="pkcs11-tool"
export GREP="grep"
# This variable should point to
# the openssl.cnf file included
# with easy-rsa.
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
# Edit this variable to point to
# your soon-to-be-created key
# directory.
#
# WARNING: clean-all will do
# a rm -rf on this directory
# so make sure you define
# it correctly!
export KEY_DIR="$EASY_RSA/keys"
# Issue rm -rf warning
echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
# PKCS11 fixes
export PKCS11_MODULE_PATH="dummy"
export PKCS11_PIN="dummy"
# Increase this to 2048 if you
# are paranoid. This will slow
# down TLS negotiation performance
# as well as the one-time DH parms
# generation process.
export KEY_SIZE=2048
# In how many days should the root CA key expire?
export CA_EXPIRE=3650
# In how many days should certificates expire?
export KEY_EXPIRE=3650
# These are the default values for fields
# which will be placed in the certificate.
# Don't leave any of these fields blank.
export KEY_COUNTRY="US"
export KEY_PROVINCE="CA"
export KEY_CITY="SanFrancisco"
export KEY_ORG="Fort-Funston"
export KEY_EMAIL="me@myhost.mydomain"
export KEY_OU="MyOrganizationalUnit"
# X509 Subject Field
export KEY_NAME="EasyRSA"
# PKCS11 Smart Card
# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
# export PKCS11_PIN=1234
# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
# export KEY_CN="CommonName"

1
MBR/openvpn/gw-ckubu/easy-rsa/whichopensslcnf Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/whichopensslcnf

258
MBR/openvpn/gw-ckubu/gw-ckubu.conf Normal file
View File

@ -0,0 +1,258 @@
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote gw-mbr.oopen.de 1195
topology subnet
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Try to preserve some state across restarts.
persist-key
persist-tun
# Server CA
<ca>
-----BEGIN CERTIFICATE-----
MIIG1jCCBL6gAwIBAgIJANEahjl9dpJcMA0GCSqGSIb3DQEBCwUAMIGiMQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMH
VlBOLU1CUjEQMA4GA1UEKRMHVlBOIE1CUjEhMB8GCSqGSIb3DQEJARYSY2t1YnUt
YWRtQG9vcGVuLmRlMB4XDTE3MTIxODIwMzc1MVoXDTQ5MTIxODIwMzc1MVowgaIx
CzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEP
MA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRAwDgYD
VQQDEwdWUE4tTUJSMRAwDgYDVQQpEwdWUE4gTUJSMSEwHwYJKoZIhvcNAQkBFhJj
a3VidS1hZG1Ab29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
AQCxgVOFpm61twgXerJYeVjTi7Kv4R/aOxh9UCXqjJN6cfR2Dhj5CX07fIf7Ed0S
8s+xBrwl3PZXACiz3CkTP7Zygw4TtYyUuTvvjzfcJfE+hv7SeYxOU/YYVlznGbqC
o8R9uNJYKeKEJnX2oo9RnR3Q10d03twKFlm50Rv8L4Oi502Qo5gaeLMP2D81rz4o
UcEVWU1PtnblkV7ARQOR0QF77ea3UwM5pnBxD0UnsaH4tJc7MwDSUxaDaiUZ9ecE
sJ0+ZaTrsgB//kbF3iB0cjBs1/Qfz8vgQMVpOax6lckZZ4WKwdo3iOckglvjh6NU
SED6H8ru2p6bmfyqjMMzpj4AQw+BYFQhDuXQpx9d5vyxS+fjW1qDVGG84Ahaj6pf
XdznK5BXygnyItcD5Q4ZHQdz1GqCL1LdcNXiurWbSvUYLlIpotMxePEmncv006hx
YvbLzjvsAGfsbs2gnx9IxCi+sPiFacWvpYolVdd8l67kDAihG8iokTR3wpHM6Xe6
vD49xDnd86rRSn30dDgxsWSI8lyh15akAhzS2dUk/8aX7lIcpFNTPBJHppXalrsx
4wuXAR/78v2eiLpdORBerzIYjgyzcpsZZZe85BrkhKi3mgu1tJZMH1yhRKvgUhnu
K1HF8AgBi63YTvari6R1HiTtKXZqaxlJ4d3/OwIjvcxa5QIDAQABo4IBCzCCAQcw
HQYDVR0OBBYEFGHocrkyEFyjv6enWR014LS1UYD7MIHXBgNVHSMEgc8wgcyAFGHo
crkyEFyjv6enWR014LS1UYD7oYGopIGlMIGiMQswCQYDVQQGEwJERTEPMA0GA1UE
CBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcG
A1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLU1CUjEQMA4GA1UE
KRMHVlBOIE1CUjEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlggkA
0RqGOX12klwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAdTsZUi6m
BS0MqhTwPmCF2bjFOwFs+oHpEIRKwBQXSFJfOysFl6RPgn9PlmsGmNmn/2gH7GTN
YMjPjnlArRZTVhcULG7IsabXCAgWIXcxwYciCmtFAse15kda/EUohP2yG4EIJURK
cUCK/fer3Blh63t+K0/Dq9eWJ4bVrfLoYp+Fl+ciomQhQXz9pZrgGSvDZLGg0upi
zGPsrEJHT+zPcJfQunZHXGF36eq5uWMuB83WYhvE8rNwz4OIDhLlongt2Lf/gWP7
rpVlDzNarOc2tl800C3/UePtAhEr4Nr3UYcbV7Nb063o0nGklxIr3FE5jMkzOj3p
q8Lyd+wHqPG18ysXaSbyCAjXSOQ4OjIOz1tPC3QabycNkrV4QGN6KlJypfJ16P7t
2ui2HB1bfX9wbwXOHxjDlx7mssaaygI3+RVB5yjJGJs286AO+YInWul6T3kPAZNn
EXhjZz8fOjRsaKR4dVZfI6/zzyg7vv++iNQ2/yNe11Bcjo5jwpuKZyFmmFpj9xoL
0uCOJnnHrhqIfy/LVTH+b9K3UQDgBHd3InFKt/Uy1rMNyBbH0tcnj2PZGct7Mg2G
vIgjygOKrYJytFrVtHFw2xKGIW40ohy7JzXTPjTFUj2q5GtVcGLIBiryOlTz3bsv
s4eV4pJgMrNqR14qsRN3HvAvf4DLigpuYR8=
-----END CERTIFICATE-----
</ca>
# Client Certificate
<cert>
-----BEGIN CERTIFICATE-----
MIIHOjCCBSKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBojELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1NQlIx
EDAOBgNVBCkTB1ZQTiBNQlIxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Bl
bi5kZTAeFw0xNzEyMTgyMzMzMzBaFw0zNzEyMTgyMzMzMzBaMIGrMQswCQYDVQQG
EwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoT
Bk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEZMBcGA1UEAxMQVlBO
LU1CUi1ndy1ja3VidTEQMA4GA1UEKRMHVlBOIE1CUjEhMB8GCSqGSIb3DQEJARYS
Y2t1YnUtYWRtQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC
AgEAx/Q0+5i0lCTsMpXtQfxqi/OWcGOgWG50lqapVshmCOXKh5JT5bWRYqpumOYB
T2VLprpWnurVCkksKO5U/rMISRxmKckThTgyG9GJLkw9we8gXxXGHfdfSo1mnY48
9J3+pp7r+C3OSVGceBv1IGvkVRRAS2jL5IKi8TBE3YSbvPQ0Bm9CHAWXtDKE85a0
ocj++z26WvmuCnl5mYbs39LwKbusYOzEQN+ffuTU24PKQk5R32YqxOiCxQr9kgi8
m9CUtO3BVgF8hJBUXVc2tiDu/3QhpcafDi/nf4rLr7mlJs808BTwU8gw2aP+vnqe
yTrKcv+wTl1D2lyhy3WVErctPJG9tijr0B/2cnAdeqf8Xh+fBysZNdV6m8u4jA3l
oht6JnFqbRtpmUh9YQEfGm4WJ3F/BJopPvZRa5+DZYKFYySdFjtxiJmXO1E9dT1F
2/fBUVQBdgOqHYLccySPVYDy5CFGu0VuKdl/bCqB+KNzlQi3DF0R64DGMJfF8NsW
14+SmmdwytcYyE0LEQU4vL9Nit+pZbKbrMU3nXgMoArAiKRShS4ceJOl2koNOAmr
ZezesJ7f0L5IArjlk7HzhxTNWq63AG/NtRMQtJzkdlihV4OVE0Guya/N8SknZXPp
TZnWLCn7Vq3FiPRHw0ieLD6bUvYuqEk4JWW/brwZMKBEpeECAwEAAaOCAW4wggFq
MAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBD
ZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUyCmYxdwfXdP9ZsTs9RHh/GYg+XwwgdcGA1Ud
IwSBzzCBzIAUYehyuTIQXKO/p6dZHTXgtLVRgPuhgaikgaUwgaIxCzAJBgNVBAYT
AkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMG
Ty5PUEVOMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRAwDgYDVQQDEwdWUE4t
TUJSMRAwDgYDVQQpEwdWUE4gTUJSMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1A
b29wZW4uZGWCCQDRGoY5fXaSXDATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8E
BAMCB4AwEwYDVR0RBAwwCoIIZ3ctY2t1YnUwDQYJKoZIhvcNAQELBQADggIBAKaX
0hCwrna+rQvUBQ+RKIYBjThRjNu0cSm6OZIgVqhdhqOKe3CU2SwpzIiEUv2vgN9w
aa38VffKa9J94bYqxBVCNTQvV6hK3dVbsmiVFRXVWkGwtOl0DPb+UPooX7qtdWY8
+6jvUXz6rhOZl0KFrX1Udl06VwZrG5+O0ioZnBpTEqTy+nNHG+QffThY4RMxk4fu
9B63i0bW3dCHV/Us9fsJnxN+TqslLmRnRyVmdFqB69t3jv9Ru1OncC6bF7eHBOmX
P8E91Atr115FVVjZXeZ7+NDpN97oqMX9Bf2OCXu/HjEQIW/zvoFScWkf8FPLjKV2
/ms4X7H5ZDxNumkaJB3DRDPyKrkvJZQ8HqhcMKo7qPFLnBGORad/fto+SAJoBE2v
Ie2h67vU4Wr3qQILebkCqLkYYdE9W02CAZcZ+2O0BZCtrs1HbGDIIt5CfqkrxulE
8opGS53U8A+CXuUcOdPRrdz10/7o76chJfEciOQ1UaHShtNe5g04/SDn1UQuWltv
YhcAZmrOUbzIY8FWFLJ0XwCMFc1m0rABskQGEDjb3UL66cgOIrUg1lDlKGZpi51c
4eqTfuR1dk+wtwWgNU78UrIgPDw1TitA/aDRaugymPUnVeM6/CRqNSrlEU+QmIVf
2VSZXxkvk0sFPh/1h5Hk86tezdb6ucm+3ow3HcCd
-----END CERTIFICATE-----
</cert>
# Client Key
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIoJKekP1ZYoMCAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECHiPXCkPcmkMBIIJSBkqxukBibbl
LdkzjsRmpDCFmPbmEzu/YKmXCMqSbgnEp0Ny2/05sWH2x7DDfZHC8IkzSZb6nqz3
G5AenJ6wZhPhtVEHFJaiVkJv0pIGXpGvqVsXimDSBWMnIwBFUfzrKSOu7Dhiw7Cx
1KdGgfoISh/BTLF2UAJjRqIL/Hw0nlqungeXV46twKFW83fBwxJBMj5HwfHtkTqN
yXOoRLOFJHwYAn6qqBw7n/pJyb4XzOqmmPqC8S96WPQwTCUDlJCSg6AGpobEfxQx
KFreSVCyQadyFSO3C8jGIOsP+55j7sk/GwABYx9iZ+hPiH1uBhhDNzLpnDbLsrgf
chvpMoftpmgZxxd6bFbWdhZGhWKSGivmujfaAQySc8+w9ejjpCiHg9oEBsm78whh
UcxXNrbfVpj4ivZm6K+BoM710imeQu22t/SNeO7S6Mko9Weu/8vlg3976H8E58PG
NwseCQRyVKmIC1i8EuKbYt4Fr66YTkuv+OGdqmvTPRe8aMQOgEFU3NaoQ5rHBfma
24NZoy/Hk1QXYSkCIc6izJdv07u44ZK2X0LGGiETin8lmCmyrph+iP51Hl2np8gk
5PiHAVcnhuSrBP9nVOZ6XFbBFYwItTdtlkpSfJBYlNnEHK2gA6wIF8dQhQE3VXS7
H9F3MdaJx7qVRy7qDwEG/ONBDX/QrU9cTom07TP1T7IHbqfF6koZE8fOEnwFPwpE
4sFuaRfrPdBDaE6jww0NLdAHC8eSdNgrHHVEUnwWosAldapfmj3JNONc+tJPYo4r
usMPPL+THX9UA9D7hxZ5wHz4fqyTlkK2bE0aK0euEaAe7tQ8+teYYEiO+OkRNQI4
yyHAX8b1jCaCOOMTeSHdV3gFhh8wmRsZqa4i1a4lWqeQlXKA9/Iq5Uk0ujNOSYMG
ttMyS7b38IvDCog9G1XYiSqH8DE/IzSi9tUbfUtqRX9jqUp9ZGlY0h8R/5I9oDKa
4IQRYAjktsJDi1dxYffQpWX0XeDZdlT6drhZv3OZHfTzX7pAI8TbEcu48tuI/JpB
zzI9/+yxF2hDNlecWYi8BP5vt5u58oiO+IEReFC1sPVssJSQisOJp1qNQCwgvNxu
/1heDohlurh5Ra3XtFddDVg5r92A9yuM5LZFGNA4VDZe8WzFOv9adKrZARBiWqBH
CG2KwL8o/psC37BT0SRCQd8iOHTlfMUIPd9j7WxfM1DcxywEcLCwtBjMXidVVIB+
YG58huH2AdEgm01f7UeJrd0RBCV4Lx58nNnnkBoTQXzP5KqpAHmSndsOy8dAUf4F
lk0zC1LARseF3r9eeFxNeMC+diQHzLOGLQNhyojlhA2/9FO546lOH3TLlBNgQ41w
CfhTRa5aU+w+OmYjkPEnhde4NzzSXEbFMjGQvt0rrn+6jFMQ/kDLSoJEHBEa+Anf
VAbVZThhy8JhkRrKpEht3sLUd/mR57Vrk47xZnV8uGBW0Ii28rRYdImHV3CGUys+
S6r5o5zLa1yRhz2hGQE8kpnu5HiF4Pz7svBp8FEiRLTxvTQ9D5MgdlXUHr5Ujaco
ivlm4WvXoNyji2FbWDVgscvfbOQgNnaQ5uY5g3rxC2PTCwNbTCGNLxYJbJ4zzkp+
NHS9xuV39AggXJpFpb6vl30NU4pQCLDTYpembdhNmIfgGo4DS1bMSWZyz9I1OkOa
rNtVWidyTgZd3I3v5r5weD30gb+D/aaCxSEa4CCp1e7Wbdjwb9tuj6bJsRlnAn/K
ucDfQzTlImshtBjtWG2C+dpRyTVLpo/49kQmHhXvr/OpDWv5tggrvEZ87gEvCgOA
KkPNFET5itNA3KkVX6fi9Lg4g94hwEqAUnKHFvhatMC6DYYXF2hnZLIAaXjCAysz
ubxOMEeyEYEBpGnWuWgK6uv+IgwYdA9+vca69upH19J9sxvdhUluRo4ghoH2Ufuz
gz1P852iCvVGsGgUgWsyRgEqylP726YxNyxBot8EZ8uUXVaUFs540nJRY85Sli4f
17WzMYKTgV+790XFUgYlV8K9wVL2qCcCPwlUS/sjLIUACnuiDucMT/3J9zQcssY6
3ka8UhMzaFGys0FQl1WwcXZ+gWtQJcF7R1nB8PCbUFt06+adyJaSrE4UTQAZYMM5
NS06CVaVBxhZDukAq9Rw/W1mnfkJTb9IHy3n/5RJqNzf0PXDe4CbXKqRDWx4aPbr
bklCRDCujoECsnYuTEdNbRawubCrt0uAAAudJkHQsDHJcjs1Uxr26duRhElsolJX
bkSOiarjckoGZG2k05aBkZq9HcOMNMHiGsia9/3TmEIWkuOxY+EVB/FHUdjeJA1F
1pI4phDz3rGYJOcWwMtW47P7vemKi7UXzfgCVW0wS/pxI5+PGUxq3NrxLz0TMdxa
lKAH18quz3tRaqlGNQ2d9NVEn17589JLS72OFROnK0tUBQevaVwP4MHwu5g/lz8h
C72U86jx1ps1N32y3SV5T/U0rch1PT9v8PO4kD3ojoMAjxXSe4Iv6gXaJSKmORdD
WHb7W2Tq7IWHRjUWWl0wVsqLyEfu9LAPTw688P17UWvK4fDQDvr0dOyMRSYNBTiU
YudmGZh0lphuEXnMmPgD5l06EmKbXzSIWwg1iMlOKQzENxTR5fr9ozvpe1KDqAGK
Fcd/QRNydHOJcLShwhX2ZTfVMMzoE3t5hizS7cbo3j+OYKJ30P4GFbXrEIj+c6Jd
FOT30UZWZ1lK+jFscJcKCZMDFvHVDk63pOLCdxxQlmovuaCjsdGXRh1mvtYyV+wE
kDCbCdjjlf5Qj8TwxNmKA9Rg5dlTIOSFALGM50YX3Iq/rwJahBOpirKXNcQ8/qoG
0sF+4jQyNQSMu6Y+9RKGBwPESZa05M9N0xbcAz+wFlOKBRXzioMRNoG5rOew1mTj
wgxpNTidqvnVE36gw0hYy1K8+jyYwFwdh+t++p+VQ3kctc1QPVgomouC8DY7UCNg
5wFFqm/lru87YJcsgrso6/fHvaTkA3toS5olRrmhq68hjISk1XArDm1vDo/hcvFX
L4MLrR/LpUCccUFV26NaNJuQdvpzBiGTwyetK1+rC5QtvNvfTQL/1WeKpbOpJCkl
2FqU9ZXvhJH4N3zxGf9LRkg/tQjYKLfDbvjZZzDnk66fJMK19FkuCm2uqeRQZHiQ
j3AScnn8S7SPYjaNkOxAmQ==
-----END ENCRYPTED PRIVATE KEY-----
</key>
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-serve
ns-cert-type server
# If a tls-auth key is used on the server
# then every client must also have the key.
#
# Don't forget to set the 'key-direction' Parameter if using
# Inline Key. Usualy , sever has key direction '0', while client
# has ke direction '1'.
#
key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
79d91376ee2c248cb615cd6291bf2954
a8e96540005b24814cf8b156c133033a
8d46114db5bb435551604fcb18c56b09
09750d641767657cebf8151735230e61
b2a9631cd7490ab824333b74e60e4cc0
c3fce42e7518bd6519347f7e111b9f61
be2682407cd8186c2c9b03987a6d0fd0
52599e30c6e2214cd9734f442e4d9a34
62e1dc096e13a894538798a94b2e2d54
f1c5bd884fe95aefdd919a96cdbf8f1d
c60a65e7b59990a11324fa1960b8cb3f
ac2fc846d6860e50f7b35f83eb6b791b
d59707320a80e639b2226c2d16830757
f7d29d94fd8c5fe1ab8c939e394d2126
bd880494edfa929b03b894c6984890c2
8e1ab55c781b17828ec1d4126a9736e2
-----END OpenVPN Static key V1-----
</tls-auth>
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
cipher AES-256-CBC
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
comp-lzo
# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 1
# Setting 'pull' on the client takes care to get the 'push' durectives
# from the server
pull

1
MBR/openvpn/gw-ckubu/ipp.txt Normal file
View File

@ -0,0 +1 @@
VPN-MBR-gw-ckubu,10.1.112.2

4
MBR/openvpn/gw-ckubu/keys-created.txt Normal file
View File

@ -0,0 +1,4 @@
key...............: gw-ckubu.key
common name.......: VPN-MBR-gw-ckubu
password..........: eicoomeisi0eengoh1eev2cioQuuor2f

142
MBR/openvpn/gw-ckubu/keys/01.pem Normal file
View File

@ -0,0 +1,142 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-MBR/name=VPN MBR/emailAddress=ckubu-adm@oopen.de
Validity
Not Before: Dec 18 21:28:40 2017 GMT
Not After : Dec 18 21:28:40 2037 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-MBR-server/name=VPN MBR/emailAddress=ckubu-adm@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:a3:59:da:38:7c:2f:ba:c5:c8:b7:64:9d:8b:7b:
f2:f5:f8:60:6e:4b:1b:1e:d0:ce:50:7e:82:ed:d6:
db:f7:d4:29:38:b1:8a:df:14:9f:ed:72:c2:5e:86:
c5:ae:5a:09:0f:74:62:b6:c9:f8:42:95:4f:70:d6:
bc:cf:62:c8:02:97:b0:20:ec:2d:eb:68:09:82:22:
af:6b:f9:9e:ce:63:f9:3a:d1:a9:33:0a:d0:16:95:
33:ee:df:f3:88:97:51:32:88:c8:f3:e7:36:ba:8e:
40:2d:ab:6e:c9:b7:13:d4:59:46:5f:62:61:fd:21:
86:03:45:40:2a:96:6d:f7:87:dc:72:f1:3a:2b:71:
67:86:6a:ef:69:74:a6:de:a0:dc:ed:ad:c7:7f:9a:
cb:b3:06:61:1a:34:45:57:19:d1:37:e0:2d:36:c3:
94:91:5c:02:ce:40:c2:f8:a4:43:8c:f7:5e:a1:b1:
00:19:13:cd:06:85:e0:d7:f8:7d:bb:b6:e5:e4:d7:
7e:82:dc:96:5c:fa:7e:88:a3:42:be:43:78:c8:b3:
40:0f:61:05:55:9f:d0:56:54:19:db:85:48:05:ce:
6d:b2:49:df:b6:54:7d:39:f4:47:b5:98:3b:d5:73:
1b:15:f5:de:b7:af:a9:06:06:de:03:59:84:db:23:
70:87:eb:16:de:80:f1:3f:ac:b0:93:04:69:87:99:
d1:d4:a7:f0:ac:2d:42:73:d5:5a:fb:1d:f4:d6:e9:
20:cb:1f:13:15:5a:b7:1e:ec:d0:e0:d4:5d:0b:61:
66:01:40:6f:e6:86:38:95:e7:a4:ff:0a:8c:c9:1d:
36:e6:56:59:84:15:a4:3f:72:17:ca:61:f8:74:98:
4a:af:c6:55:d9:54:99:bb:fb:40:8b:d4:8c:ab:3d:
de:f3:9e:9d:3d:a4:27:cd:8b:17:12:8e:b7:32:5c:
c0:61:fa:9f:5a:9d:d7:9c:f9:6b:c7:da:a6:50:25:
80:b5:37:88:cf:f0:0c:62:5c:e2:8c:04:b2:e1:a6:
4a:ca:8e:93:a9:fb:e1:72:89:08:23:9e:08:c9:10:
7c:fb:ce:a9:12:e0:1f:f9:1b:a8:b7:d7:ea:84:d3:
9c:f3:5f:97:6a:1d:44:03:42:e9:86:1a:f9:14:3e:
58:67:06:4b:ae:c7:4c:77:4a:80:29:5e:7b:a7:b8:
08:65:e7:b9:aa:e4:eb:45:93:68:28:9f:3f:0f:42:
40:23:ca:4c:9d:5c:4d:b1:55:df:d7:41:2e:31:46:
1e:60:05:75:33:8a:2c:bf:b1:08:c5:b2:31:51:55:
6c:73:ef:a2:8b:e8:aa:fa:bc:4a:81:20:e4:96:30:
f9:09:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Server
Netscape Comment:
Easy-RSA Generated Server Certificate
X509v3 Subject Key Identifier:
5E:7E:C5:2F:CA:5E:62:27:A2:07:89:20:A0:8A:D0:EB:05:55:95:26
X509v3 Authority Key Identifier:
keyid:61:E8:72:B9:32:10:5C:A3:BF:A7:A7:59:1D:35:E0:B4:B5:51:80:FB
DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-MBR/name=VPN MBR/emailAddress=ckubu-adm@oopen.de
serial:D1:1A:86:39:7D:76:92:5C
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Subject Alternative Name:
DNS:server
Signature Algorithm: sha256WithRSAEncryption
53:de:ad:c7:5d:b2:c0:6c:2e:45:50:21:7f:d8:ff:68:61:8e:
11:bc:13:d0:67:5b:ed:c6:48:46:74:9a:89:6b:2a:1b:8a:01:
c9:3b:5b:3e:1f:d2:24:1e:a0:59:ea:f5:99:d7:35:8d:13:55:
58:ea:8c:2d:8f:7e:8a:c1:0f:a1:0d:ea:ce:46:a9:e1:4f:00:
b8:94:f6:d4:fd:44:83:41:13:9a:98:3a:e2:d2:a2:09:1a:61:
44:39:84:9a:6e:4b:67:ab:18:93:e8:1e:cf:bd:15:2a:a8:76:
ae:d7:36:56:77:3f:88:0d:40:18:6d:e1:d5:a8:e0:17:fe:96:
58:cf:aa:2f:63:a9:f6:bd:c7:61:6d:ea:5f:72:92:8e:08:a9:
60:a3:48:66:91:e8:4b:0d:dc:92:10:b2:57:68:71:9d:f0:86:
36:31:95:3b:f5:ce:fe:fe:96:91:df:90:c4:0f:90:0c:cf:97:
73:38:7b:27:21:43:29:b6:13:5e:11:b3:7b:10:10:ac:3e:9c:
ee:88:cc:e1:c1:a2:40:0a:2b:78:82:85:ba:c1:a6:b9:e7:23:
af:13:ee:16:ba:e6:c9:6e:cd:5f:1c:44:c8:c1:e1:48:e7:0f:
d4:29:a2:c5:80:f3:0d:48:b8:cb:6c:8c:3c:b6:04:c6:a1:41:
2f:99:dd:d3:f6:bf:15:54:e0:a9:79:32:83:21:59:0a:2f:55:
7f:26:c9:28:33:17:24:32:19:a9:d4:41:d1:e2:c1:cf:13:76:
fd:d0:76:14:69:cc:bd:a0:66:5c:8e:8c:f8:23:76:8d:0a:c0:
a5:27:9c:36:21:16:26:18:90:31:97:91:61:4e:47:4f:ed:47:
54:b7:8f:ec:d5:44:cb:f5:c8:35:b1:11:90:8a:2a:d9:ab:97:
1b:26:1a:41:ef:f1:a8:4a:3d:bf:76:d4:e3:31:26:c2:cd:09:
9b:05:0b:8f:6e:ba:15:76:89:2a:38:1c:b2:9e:64:ba:3d:1c:
a4:fe:4b:a2:63:3d:80:07:f7:19:df:db:03:51:7d:ed:16:72:
4e:ce:46:76:47:5a:64:b1:7b:32:4a:53:cc:1a:93:7c:6e:ce:
e4:00:90:86:47:26:9a:51:7b:61:7e:78:05:c2:35:c0:2a:bc:
89:56:e2:4f:67:7f:96:1a:47:9c:99:d4:a2:34:87:b5:e3:c6:
34:45:4f:51:29:49:64:81:de:3b:d8:0c:df:9a:69:c1:e6:4c:
72:5f:a0:84:5e:b3:1d:ca:2b:01:79:a6:70:cb:f8:4b:3c:69:
d1:55:c8:6a:56:cc:6a:9e:24:5f:a6:6d:99:39:6e:bb:d9:09:
a9:70:8d:5f:e2:b4:01:da
-----BEGIN CERTIFICATE-----
MIIHUDCCBTigAwIBAgIBATANBgkqhkiG9w0BAQsFADCBojELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1NQlIx
EDAOBgNVBCkTB1ZQTiBNQlIxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Bl
bi5kZTAeFw0xNzEyMTgyMTI4NDBaFw0zNzEyMTgyMTI4NDBaMIGpMQswCQYDVQQG
EwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoT
Bk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEXMBUGA1UEAxMOVlBO
LU1CUi1zZXJ2ZXIxEDAOBgNVBCkTB1ZQTiBNQlIxITAfBgkqhkiG9w0BCQEWEmNr
dWJ1LWFkbUBvb3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
AKNZ2jh8L7rFyLdknYt78vX4YG5LGx7QzlB+gu3W2/fUKTixit8Un+1ywl6Gxa5a
CQ90YrbJ+EKVT3DWvM9iyAKXsCDsLetoCYIir2v5ns5j+TrRqTMK0BaVM+7f84iX
UTKIyPPnNrqOQC2rbsm3E9RZRl9iYf0hhgNFQCqWbfeH3HLxOitxZ4Zq72l0pt6g
3O2tx3+ay7MGYRo0RVcZ0TfgLTbDlJFcAs5AwvikQ4z3XqGxABkTzQaF4Nf4fbu2
5eTXfoLcllz6foijQr5DeMizQA9hBVWf0FZUGduFSAXObbJJ37ZUfTn0R7WYO9Vz
GxX13revqQYG3gNZhNsjcIfrFt6A8T+ssJMEaYeZ0dSn8KwtQnPVWvsd9NbpIMsf
ExVatx7s0ODUXQthZgFAb+aGOJXnpP8KjMkdNuZWWYQVpD9yF8ph+HSYSq/GVdlU
mbv7QIvUjKs93vOenT2kJ82LFxKOtzJcwGH6n1qd15z5a8faplAlgLU3iM/wDGJc
4owEsuGmSsqOk6n74XKJCCOeCMkQfPvOqRLgH/kbqLfX6oTTnPNfl2odRANC6YYa
+RQ+WGcGS67HTHdKgClee6e4CGXnuark60WTaCifPw9CQCPKTJ1cTbFV39dBLjFG
HmAFdTOKLL+xCMWyMVFVbHPvoovoqvq8SoEg5JYw+Qk/AgMBAAGjggGGMIIBgjAJ
BgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIGQDA0BglghkgBhvhCAQ0EJxYlRWFz
eS1SU0EgR2VuZXJhdGVkIFNlcnZlciBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUXn7F
L8peYieiB4kgoIrQ6wVVlSYwgdcGA1UdIwSBzzCBzIAUYehyuTIQXKO/p6dZHTXg
tLVRgPuhgaikgaUwgaIxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3Jr
IFNlcnZpY2VzMRAwDgYDVQQDEwdWUE4tTUJSMRAwDgYDVQQpEwdWUE4gTUJSMSEw
HwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGWCCQDRGoY5fXaSXDATBgNV
HSUEDDAKBggrBgEFBQcDATALBgNVHQ8EBAMCBaAwEQYDVR0RBAowCIIGc2VydmVy
MA0GCSqGSIb3DQEBCwUAA4ICAQBT3q3HXbLAbC5FUCF/2P9oYY4RvBPQZ1vtxkhG
dJqJayobigHJO1s+H9IkHqBZ6vWZ1zWNE1VY6owtj36KwQ+hDerORqnhTwC4lPbU
/USDQROamDri0qIJGmFEOYSabktnqxiT6B7PvRUqqHau1zZWdz+IDUAYbeHVqOAX
/pZYz6ovY6n2vcdhbepfcpKOCKlgo0hmkehLDdySELJXaHGd8IY2MZU79c7+/paR
35DED5AMz5dzOHsnIUMpthNeEbN7EBCsPpzuiMzhwaJACit4goW6waa55yOvE+4W
uubJbs1fHETIweFI5w/UKaLFgPMNSLjLbIw8tgTGoUEvmd3T9r8VVOCpeTKDIVkK
L1V/JskoMxckMhmp1EHR4sHPE3b90HYUacy9oGZcjoz4I3aNCsClJ5w2IRYmGJAx
l5FhTkdP7UdUt4/s1UTL9cg1sRGQiirZq5cbJhpB7/GoSj2/dtTjMSbCzQmbBQuP
broVdokqOByynmS6PRyk/kuiYz2AB/cZ39sDUX3tFnJOzkZ2R1pksXsySlPMGpN8
bs7kAJCGRyaaUXthfngFwjXAKryJVuJPZ3+WGkecmdSiNIe148Y0RU9RKUlkgd47
2AzfmmnB5kxyX6CEXrMdyisBeaZwy/hLPGnRVchqVsxqniRfpm2ZOW672QmpcI1f
4rQB2g==
-----END CERTIFICATE-----

139
MBR/openvpn/gw-ckubu/keys/02.pem Normal file
View File

@ -0,0 +1,139 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-MBR/name=VPN MBR/emailAddress=ckubu-adm@oopen.de
Validity
Not Before: Dec 18 23:33:30 2017 GMT
Not After : Dec 18 23:33:30 2037 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-MBR-gw-ckubu/name=VPN MBR/emailAddress=ckubu-adm@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:c7:f4:34:fb:98:b4:94:24:ec:32:95:ed:41:fc:
6a:8b:f3:96:70:63:a0:58:6e:74:96:a6:a9:56:c8:
66:08:e5:ca:87:92:53:e5:b5:91:62:aa:6e:98:e6:
01:4f:65:4b:a6:ba:56:9e:ea:d5:0a:49:2c:28:ee:
54:fe:b3:08:49:1c:66:29:c9:13:85:38:32:1b:d1:
89:2e:4c:3d:c1:ef:20:5f:15:c6:1d:f7:5f:4a:8d:
66:9d:8e:3c:f4:9d:fe:a6:9e:eb:f8:2d:ce:49:51:
9c:78:1b:f5:20:6b:e4:55:14:40:4b:68:cb:e4:82:
a2:f1:30:44:dd:84:9b:bc:f4:34:06:6f:42:1c:05:
97:b4:32:84:f3:96:b4:a1:c8:fe:fb:3d:ba:5a:f9:
ae:0a:79:79:99:86:ec:df:d2:f0:29:bb:ac:60:ec:
c4:40:df:9f:7e:e4:d4:db:83:ca:42:4e:51:df:66:
2a:c4:e8:82:c5:0a:fd:92:08:bc:9b:d0:94:b4:ed:
c1:56:01:7c:84:90:54:5d:57:36:b6:20:ee:ff:74:
21:a5:c6:9f:0e:2f:e7:7f:8a:cb:af:b9:a5:26:cf:
34:f0:14:f0:53:c8:30:d9:a3:fe:be:7a:9e:c9:3a:
ca:72:ff:b0:4e:5d:43:da:5c:a1:cb:75:95:12:b7:
2d:3c:91:bd:b6:28:eb:d0:1f:f6:72:70:1d:7a:a7:
fc:5e:1f:9f:07:2b:19:35:d5:7a:9b:cb:b8:8c:0d:
e5:a2:1b:7a:26:71:6a:6d:1b:69:99:48:7d:61:01:
1f:1a:6e:16:27:71:7f:04:9a:29:3e:f6:51:6b:9f:
83:65:82:85:63:24:9d:16:3b:71:88:99:97:3b:51:
3d:75:3d:45:db:f7:c1:51:54:01:76:03:aa:1d:82:
dc:73:24:8f:55:80:f2:e4:21:46:bb:45:6e:29:d9:
7f:6c:2a:81:f8:a3:73:95:08:b7:0c:5d:11:eb:80:
c6:30:97:c5:f0:db:16:d7:8f:92:9a:67:70:ca:d7:
18:c8:4d:0b:11:05:38:bc:bf:4d:8a:df:a9:65:b2:
9b:ac:c5:37:9d:78:0c:a0:0a:c0:88:a4:52:85:2e:
1c:78:93:a5:da:4a:0d:38:09:ab:65:ec:de:b0:9e:
df:d0:be:48:02:b8:e5:93:b1:f3:87:14:cd:5a:ae:
b7:00:6f:cd:b5:13:10:b4:9c:e4:76:58:a1:57:83:
95:13:41:ae:c9:af:cd:f1:29:27:65:73:e9:4d:99:
d6:2c:29:fb:56:ad:c5:88:f4:47:c3:48:9e:2c:3e:
9b:52:f6:2e:a8:49:38:25:65:bf:6e:bc:19:30:a0:
44:a5:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
C8:29:98:C5:DC:1F:5D:D3:FD:66:C4:EC:F5:11:E1:FC:66:20:F9:7C
X509v3 Authority Key Identifier:
keyid:61:E8:72:B9:32:10:5C:A3:BF:A7:A7:59:1D:35:E0:B4:B5:51:80:FB
DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-MBR/name=VPN MBR/emailAddress=ckubu-adm@oopen.de
serial:D1:1A:86:39:7D:76:92:5C
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:gw-ckubu
Signature Algorithm: sha256WithRSAEncryption
a6:97:d2:10:b0:ae:76:be:ad:0b:d4:05:0f:91:28:86:01:8d:
38:51:8c:db:b4:71:29:ba:39:92:20:56:a8:5d:86:a3:8a:7b:
70:94:d9:2c:29:cc:88:84:52:fd:af:80:df:70:69:ad:fc:55:
f7:ca:6b:d2:7d:e1:b6:2a:c4:15:42:35:34:2f:57:a8:4a:dd:
d5:5b:b2:68:95:15:15:d5:5a:41:b0:b4:e9:74:0c:f6:fe:50:
fa:28:5f:ba:ad:75:66:3c:fb:a8:ef:51:7c:fa:ae:13:99:97:
42:85:ad:7d:54:76:5d:3a:57:06:6b:1b:9f:8e:d2:2a:19:9c:
1a:53:12:a4:f2:fa:73:47:1b:e4:1f:7d:38:58:e1:13:31:93:
87:ee:f4:1e:b7:8b:46:d6:dd:d0:87:57:f5:2c:f5:fb:09:9f:
13:7e:4e:ab:25:2e:64:67:47:25:66:74:5a:81:eb:db:77:8e:
ff:51:bb:53:a7:70:2e:9b:17:b7:87:04:e9:97:3f:c1:3d:d4:
0b:6b:d7:5e:45:55:58:d9:5d:e6:7b:f8:d0:e9:37:de:e8:a8:
c5:fd:05:fd:8e:09:7b:bf:1e:31:10:21:6f:f3:be:81:52:71:
69:1f:f0:53:cb:8c:a5:76:fe:6b:38:5f:b1:f9:64:3c:4d:ba:
69:1a:24:1d:c3:44:33:f2:2a:b9:2f:25:94:3c:1e:a8:5c:30:
aa:3b:a8:f1:4b:9c:11:8e:45:a7:7f:7e:da:3e:48:02:68:04:
4d:af:21:ed:a1:eb:bb:d4:e1:6a:f7:a9:02:0b:79:b9:02:a8:
b9:18:61:d1:3d:5b:4d:82:01:97:19:fb:63:b4:05:90:ad:ae:
cd:47:6c:60:c8:22:de:42:7e:a9:2b:c6:e9:44:f2:8a:46:4b:
9d:d4:f0:0f:82:5e:e5:1c:39:d3:d1:ad:dc:f5:d3:fe:e8:ef:
a7:21:25:f1:1c:88:e4:35:51:a1:d2:86:d3:5e:e6:0d:38:fd:
20:e7:d5:44:2e:5a:5b:6f:62:17:00:66:6a:ce:51:bc:c8:63:
c1:56:14:b2:74:5f:00:8c:15:cd:66:d2:b0:01:b2:44:06:10:
38:db:dd:42:fa:e9:c8:0e:22:b5:20:d6:50:e5:28:66:69:8b:
9d:5c:e1:ea:93:7e:e4:75:76:4f:b0:b7:05:a0:35:4e:fc:52:
b2:20:3c:3c:35:4e:2b:40:fd:a0:d1:6a:e8:32:98:f5:27:55:
e3:3a:fc:24:6a:35:2a:e5:11:4f:90:98:85:5f:d9:54:99:5f:
19:2f:93:4b:05:3e:1f:f5:87:91:e4:f3:ab:5e:cd:d6:fa:b9:
c9:be:de:8c:37:1d:c0:9d
-----BEGIN CERTIFICATE-----
MIIHOjCCBSKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBojELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1NQlIx
EDAOBgNVBCkTB1ZQTiBNQlIxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Bl
bi5kZTAeFw0xNzEyMTgyMzMzMzBaFw0zNzEyMTgyMzMzMzBaMIGrMQswCQYDVQQG
EwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoT
Bk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEZMBcGA1UEAxMQVlBO
LU1CUi1ndy1ja3VidTEQMA4GA1UEKRMHVlBOIE1CUjEhMB8GCSqGSIb3DQEJARYS
Y2t1YnUtYWRtQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC
AgEAx/Q0+5i0lCTsMpXtQfxqi/OWcGOgWG50lqapVshmCOXKh5JT5bWRYqpumOYB
T2VLprpWnurVCkksKO5U/rMISRxmKckThTgyG9GJLkw9we8gXxXGHfdfSo1mnY48
9J3+pp7r+C3OSVGceBv1IGvkVRRAS2jL5IKi8TBE3YSbvPQ0Bm9CHAWXtDKE85a0
ocj++z26WvmuCnl5mYbs39LwKbusYOzEQN+ffuTU24PKQk5R32YqxOiCxQr9kgi8
m9CUtO3BVgF8hJBUXVc2tiDu/3QhpcafDi/nf4rLr7mlJs808BTwU8gw2aP+vnqe
yTrKcv+wTl1D2lyhy3WVErctPJG9tijr0B/2cnAdeqf8Xh+fBysZNdV6m8u4jA3l
oht6JnFqbRtpmUh9YQEfGm4WJ3F/BJopPvZRa5+DZYKFYySdFjtxiJmXO1E9dT1F
2/fBUVQBdgOqHYLccySPVYDy5CFGu0VuKdl/bCqB+KNzlQi3DF0R64DGMJfF8NsW
14+SmmdwytcYyE0LEQU4vL9Nit+pZbKbrMU3nXgMoArAiKRShS4ceJOl2koNOAmr
ZezesJ7f0L5IArjlk7HzhxTNWq63AG/NtRMQtJzkdlihV4OVE0Guya/N8SknZXPp
TZnWLCn7Vq3FiPRHw0ieLD6bUvYuqEk4JWW/brwZMKBEpeECAwEAAaOCAW4wggFq
MAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBD
ZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUyCmYxdwfXdP9ZsTs9RHh/GYg+XwwgdcGA1Ud
IwSBzzCBzIAUYehyuTIQXKO/p6dZHTXgtLVRgPuhgaikgaUwgaIxCzAJBgNVBAYT
AkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMG
Ty5PUEVOMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRAwDgYDVQQDEwdWUE4t
TUJSMRAwDgYDVQQpEwdWUE4gTUJSMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1A
b29wZW4uZGWCCQDRGoY5fXaSXDATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8E
BAMCB4AwEwYDVR0RBAwwCoIIZ3ctY2t1YnUwDQYJKoZIhvcNAQELBQADggIBAKaX
0hCwrna+rQvUBQ+RKIYBjThRjNu0cSm6OZIgVqhdhqOKe3CU2SwpzIiEUv2vgN9w
aa38VffKa9J94bYqxBVCNTQvV6hK3dVbsmiVFRXVWkGwtOl0DPb+UPooX7qtdWY8
+6jvUXz6rhOZl0KFrX1Udl06VwZrG5+O0ioZnBpTEqTy+nNHG+QffThY4RMxk4fu
9B63i0bW3dCHV/Us9fsJnxN+TqslLmRnRyVmdFqB69t3jv9Ru1OncC6bF7eHBOmX
P8E91Atr115FVVjZXeZ7+NDpN97oqMX9Bf2OCXu/HjEQIW/zvoFScWkf8FPLjKV2
/ms4X7H5ZDxNumkaJB3DRDPyKrkvJZQ8HqhcMKo7qPFLnBGORad/fto+SAJoBE2v
Ie2h67vU4Wr3qQILebkCqLkYYdE9W02CAZcZ+2O0BZCtrs1HbGDIIt5CfqkrxulE
8opGS53U8A+CXuUcOdPRrdz10/7o76chJfEciOQ1UaHShtNe5g04/SDn1UQuWltv
YhcAZmrOUbzIY8FWFLJ0XwCMFc1m0rABskQGEDjb3UL66cgOIrUg1lDlKGZpi51c
4eqTfuR1dk+wtwWgNU78UrIgPDw1TitA/aDRaugymPUnVeM6/CRqNSrlEU+QmIVf
2VSZXxkvk0sFPh/1h5Hk86tezdb6ucm+3ow3HcCd
-----END CERTIFICATE-----

39
MBR/openvpn/gw-ckubu/keys/ca.crt Normal file
View File

@ -0,0 +1,39 @@
-----BEGIN CERTIFICATE-----
MIIG1jCCBL6gAwIBAgIJANEahjl9dpJcMA0GCSqGSIb3DQEBCwUAMIGiMQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMH
VlBOLU1CUjEQMA4GA1UEKRMHVlBOIE1CUjEhMB8GCSqGSIb3DQEJARYSY2t1YnUt
YWRtQG9vcGVuLmRlMB4XDTE3MTIxODIwMzc1MVoXDTQ5MTIxODIwMzc1MVowgaIx
CzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEP
MA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRAwDgYD
VQQDEwdWUE4tTUJSMRAwDgYDVQQpEwdWUE4gTUJSMSEwHwYJKoZIhvcNAQkBFhJj
a3VidS1hZG1Ab29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
AQCxgVOFpm61twgXerJYeVjTi7Kv4R/aOxh9UCXqjJN6cfR2Dhj5CX07fIf7Ed0S
8s+xBrwl3PZXACiz3CkTP7Zygw4TtYyUuTvvjzfcJfE+hv7SeYxOU/YYVlznGbqC
o8R9uNJYKeKEJnX2oo9RnR3Q10d03twKFlm50Rv8L4Oi502Qo5gaeLMP2D81rz4o
UcEVWU1PtnblkV7ARQOR0QF77ea3UwM5pnBxD0UnsaH4tJc7MwDSUxaDaiUZ9ecE
sJ0+ZaTrsgB//kbF3iB0cjBs1/Qfz8vgQMVpOax6lckZZ4WKwdo3iOckglvjh6NU
SED6H8ru2p6bmfyqjMMzpj4AQw+BYFQhDuXQpx9d5vyxS+fjW1qDVGG84Ahaj6pf
XdznK5BXygnyItcD5Q4ZHQdz1GqCL1LdcNXiurWbSvUYLlIpotMxePEmncv006hx
YvbLzjvsAGfsbs2gnx9IxCi+sPiFacWvpYolVdd8l67kDAihG8iokTR3wpHM6Xe6
vD49xDnd86rRSn30dDgxsWSI8lyh15akAhzS2dUk/8aX7lIcpFNTPBJHppXalrsx
4wuXAR/78v2eiLpdORBerzIYjgyzcpsZZZe85BrkhKi3mgu1tJZMH1yhRKvgUhnu
K1HF8AgBi63YTvari6R1HiTtKXZqaxlJ4d3/OwIjvcxa5QIDAQABo4IBCzCCAQcw
HQYDVR0OBBYEFGHocrkyEFyjv6enWR014LS1UYD7MIHXBgNVHSMEgc8wgcyAFGHo
crkyEFyjv6enWR014LS1UYD7oYGopIGlMIGiMQswCQYDVQQGEwJERTEPMA0GA1UE
CBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcG
A1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLU1CUjEQMA4GA1UE
KRMHVlBOIE1CUjEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlggkA
0RqGOX12klwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAdTsZUi6m
BS0MqhTwPmCF2bjFOwFs+oHpEIRKwBQXSFJfOysFl6RPgn9PlmsGmNmn/2gH7GTN
YMjPjnlArRZTVhcULG7IsabXCAgWIXcxwYciCmtFAse15kda/EUohP2yG4EIJURK
cUCK/fer3Blh63t+K0/Dq9eWJ4bVrfLoYp+Fl+ciomQhQXz9pZrgGSvDZLGg0upi
zGPsrEJHT+zPcJfQunZHXGF36eq5uWMuB83WYhvE8rNwz4OIDhLlongt2Lf/gWP7
rpVlDzNarOc2tl800C3/UePtAhEr4Nr3UYcbV7Nb063o0nGklxIr3FE5jMkzOj3p
q8Lyd+wHqPG18ysXaSbyCAjXSOQ4OjIOz1tPC3QabycNkrV4QGN6KlJypfJ16P7t
2ui2HB1bfX9wbwXOHxjDlx7mssaaygI3+RVB5yjJGJs286AO+YInWul6T3kPAZNn
EXhjZz8fOjRsaKR4dVZfI6/zzyg7vv++iNQ2/yNe11Bcjo5jwpuKZyFmmFpj9xoL
0uCOJnnHrhqIfy/LVTH+b9K3UQDgBHd3InFKt/Uy1rMNyBbH0tcnj2PZGct7Mg2G
vIgjygOKrYJytFrVtHFw2xKGIW40ohy7JzXTPjTFUj2q5GtVcGLIBiryOlTz3bsv
s4eV4pJgMrNqR14qsRN3HvAvf4DLigpuYR8=
-----END CERTIFICATE-----

52
MBR/openvpn/gw-ckubu/keys/ca.key Normal file
View File

@ -0,0 +1,52 @@
-----BEGIN PRIVATE KEY-----
MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCxgVOFpm61twgX
erJYeVjTi7Kv4R/aOxh9UCXqjJN6cfR2Dhj5CX07fIf7Ed0S8s+xBrwl3PZXACiz
3CkTP7Zygw4TtYyUuTvvjzfcJfE+hv7SeYxOU/YYVlznGbqCo8R9uNJYKeKEJnX2
oo9RnR3Q10d03twKFlm50Rv8L4Oi502Qo5gaeLMP2D81rz4oUcEVWU1PtnblkV7A
RQOR0QF77ea3UwM5pnBxD0UnsaH4tJc7MwDSUxaDaiUZ9ecEsJ0+ZaTrsgB//kbF
3iB0cjBs1/Qfz8vgQMVpOax6lckZZ4WKwdo3iOckglvjh6NUSED6H8ru2p6bmfyq
jMMzpj4AQw+BYFQhDuXQpx9d5vyxS+fjW1qDVGG84Ahaj6pfXdznK5BXygnyItcD
5Q4ZHQdz1GqCL1LdcNXiurWbSvUYLlIpotMxePEmncv006hxYvbLzjvsAGfsbs2g
nx9IxCi+sPiFacWvpYolVdd8l67kDAihG8iokTR3wpHM6Xe6vD49xDnd86rRSn30
dDgxsWSI8lyh15akAhzS2dUk/8aX7lIcpFNTPBJHppXalrsx4wuXAR/78v2eiLpd
ORBerzIYjgyzcpsZZZe85BrkhKi3mgu1tJZMH1yhRKvgUhnuK1HF8AgBi63YTvar
i6R1HiTtKXZqaxlJ4d3/OwIjvcxa5QIDAQABAoICAA0cmXfQ4HKpz340gQIKDKar
tgpJ3dl37gorpnFZ6vbrffxOdEfJDKgdPcos+qCQsQjJj5JYbRXmHBuVEq+qUCbL
SXnpOjYuLKA4ew7W+qf8vsv7UILkrtQDZR9pBh7qS/Rhd6Atj97lHGeYgG+t5Grt
zAh1Adn45q3UJXYOaHHbFh6uBulFqyxrc9faVwQRberOyugteUDh6RbYwje+MZbe
7uDxz9YtVjbzws74zxcY9+bWkKP4oTwZ1h3BzUvKZAMc7P7ACktqE/4/tzQCz1Lq
7MyAw/WPs0Vfjj8L22v1+qZSRXU+tpw6yODYvxbVs38GZC4alga2bDSI605gZEnv
KE9H0WoyC8alkne5cTVSrag1UDoHHpxZi0eWdSGIqSEv3vyhqCqrfk+Q0zhxfNwK
8YbiVyqaey5bc3oDf1zWtPkJM8fPs+zupfse8veGyA183WLcaRDNr5HiW8vilPj5
7cNnSwmBIDhEzk7oJi5eClXSFFwhllkNk+0Reo0qFsouSnBa6NTbVOsRU6PQ7hfx
2myZ92i4Ky4Vi/1NhIGIjgNSTdbfN26URQ/3DPNzTQGCAnFv6BHx9X9P+KJXK/uZ
YfSxcVqcWSOTiASReYo248BIBfAji/QUwPAsSXJuvse011Z3VfLpetf8ILbWvzN4
8J9ksAI2xSOFQLZKdp2NAoIBAQDbwnJeLzm3pjlGSE8fUsSVxmAqlwIHHpAl9ckJ
mGYsCD0laZVLtXTWt/+paplyA4c3a6s9dLjUe+MzCt7P67lB1bssCLQfeugwIYaV
D9AW8o0mydgNan9+QR58FlO3Nkxxnj846Xicay+KroxQ9eMfPZzG4oG/GvAIDGwb
Eq/6xlh6IDcfpKmjp8EVVIhW4eLm4KCazS3ABrSeIrgj3XbQfjFpaFPpVR7EWl36
tiH+ZWVRhB+RkFC4zsByk7/gLbAI2k88mtTHll6zDIA7m8Ne+I+zH4FaWM8smFhP
6NRvLr8j0ZIGSVjQBs3KXcFT3JQkJQp7ycqekXVwji4i+LpTAoIBAQDOxwiM0N/B
HnNmfgrRjmK/zy6HTtSE6bofyJR/vUHq/LQf17peWOoKO04Z9uD8VM4caPtwrNw8
AzpakVQX+CqewpDvACnt96oeMHHlpQg3yQDJdIZlUuyA19WkB7pihF69Rw+CHbFy
r/DSRLd1CtZKaMUrRYn6AAHjnHQIozJiEoHeItGk2ABnp7JTlo10bVgMGXZZgEpV
+aeHQszP+DKrhY4JM2IM3b7fLyclkcDtdNAQztCs3LvAZxOg5ApTyTFl96LNPXMC
mXWiuGajlAe4q6ZqDWPxKoy6lJ6GNFdU9Bi+nqYqQWyltk5yf5rOPyJ+CqeFJ+Tc
Nsnc1+4Ij57nAoIBAQC3/oKxFss1VygHD02nxS2w1Qn5PrvE6DL6hWIP9Zg975v6
cf89By1PBXk6CHV2/zs8DJqv9sU1qpBcURKidROD6oYu5Q6ieM5kVf2PWlD4lZXW
zxJkkTEzrSPv8uWetQil7D+0z81a8Wc5rtDujCDgLD7SSh0lu1ES/AubUzciOOUl
Q0nD5aLe0fqYeFE6pR/L/HCbi4RtjW+2Iw2XgboT8ERAo8f1yX3cGmkrG0k07QI6
kOu5fWIIiZqZk9kHwljr4JSNAnl6rgyVzraisdSO9H+kEpHD6i1zgg4WwbLzb+k6
/SFMwCZq7fdpIrxWEY27AYRYhmhuAQ2Z8oDwaN3fAoIBADSswUHWB9oTXsRyQWFG
y2MfbTPs4fiF7fMgzquH093/yAcAlqpoLh6zIt88Y+4D0ImuOLdoYaYsEFZ4BRsi
DgFpgTBRM106pSyRnMIqe2BypO+s7nurVzIvSW5CxblJDTVcf9feppCXv1phRPbc
7t//tpKiYVa9X73S4kA9Cp2vJ0QmTI+Ysum075mZlaleHXrflaWRJ96k/YdYfgJQ
sN++4wL3AvhSGMiUI33Pln0nL8XIWaJfjLijyX1H+lWDwEDAh8mO6Nh1rWDpZsQu
9pSVrYwAo0ARXc4+A/AeL00l7ZPJqHzFM983BN7oINB/htLi9e/WzNdIYb4Ph8TI
iWsCggEBAMXGvUHK0W/AMOas0R+bGd1IzPn/Isra6nlNHC0NuiwsaZfT4XUS6BTO
YNl30OPIsUoDhkH1Bm/N3BJSWimHC8lha181idM8MSe7wdMsKHtGjwgpvWfnWXOK
tuvQTABwLTYbdEeruvLdyHuFy5tTDWCViAOPW812FY1CP/NmBJuNK7fi9i3ovKIJ
SmQ92M6Pe8JJZLPOj9DO0wB74P8Gm+SGNsgpQUhHQB/V2By2PHwzyv7A2zsNvrel
5Jr5N4xjDQrFoE7Gt0WHrDD7GGy287DKFYF90Mlqnsx/bPneBCq/QHnsnr8HSAxO
P7s/MNBA2IUkoHc5DhptsFFVdl6MyOs=
-----END PRIVATE KEY-----

1
MBR/openvpn/gw-ckubu/keys/crl.pem Symbolic link
View File

@ -0,0 +1 @@
../crl.pem

13
MBR/openvpn/gw-ckubu/keys/dh4096.pem Normal file
View File

@ -0,0 +1,13 @@
-----BEGIN DH PARAMETERS-----
MIICCAKCAgEAzVro9WhEWdfKVpdJX04JR6fLe1n3lCDVA8a6/tQekZFcTAaapHMU
GT1wsDE0wWauJooT1BbsedDYkHD7ah8pAupqPEKBKOLjCGK3v4cinajL+HKVbZ9/
bCidCSXywCx4OGhihtXVsTta4FEkBUF08LCNoUC1wYKIsYVYB+FTiO0kvn5j6T10
p7yuUDmnIcqAaVoMwy+M2n8mOenPW1Flf2PtPnpaQ2noxvxUWyQ2KO2lZmv6WvDV
dnyKbqfYXZgFcH4B4ZudJYdDNDaTw3J2RxhotR7GeCjyvM3wC5CNsJeJpvXOt5uq
xriepBqrvpsRvCmJFcLmeqR+n/wJbeNZmqsyJ8t3UtkQlqAxjApI6XTgmjMK4P77
lbMySxfS3HMPyp8ZGwJMHSUHUee9WYpSpWwq4OUO2y8utuLQ8Sj3W7CKtXETzCNV
aQwhfHGPjmt/6HLJDqtoRJs1pqOLeP3w9/5mQWYBWnXfVjqTU5l0LvTFwzFGmGDX
7lReW1kIxFjEbPsyZahj5jbcr4qKfjihrn6TZnn4RsVBmTmz2sJZNkWG+RE3R59T
rO17CUtXhtl6hsfYWpfQM2ljCBfzA45y5e8d0kUIWyQo4o2OAhiNF/rbSY+eTWWv
kQHnPRB5K3pDm2SF92EVP0XaV3MBSlSHAgVCz3XT7HhLJTAvQf0hASMCAQI=
-----END DH PARAMETERS-----

139
MBR/openvpn/gw-ckubu/keys/gw-ckubu.crt Normal file
View File

@ -0,0 +1,139 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-MBR/name=VPN MBR/emailAddress=ckubu-adm@oopen.de
Validity
Not Before: Dec 18 23:33:30 2017 GMT
Not After : Dec 18 23:33:30 2037 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-MBR-gw-ckubu/name=VPN MBR/emailAddress=ckubu-adm@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:c7:f4:34:fb:98:b4:94:24:ec:32:95:ed:41:fc:
6a:8b:f3:96:70:63:a0:58:6e:74:96:a6:a9:56:c8:
66:08:e5:ca:87:92:53:e5:b5:91:62:aa:6e:98:e6:
01:4f:65:4b:a6:ba:56:9e:ea:d5:0a:49:2c:28:ee:
54:fe:b3:08:49:1c:66:29:c9:13:85:38:32:1b:d1:
89:2e:4c:3d:c1:ef:20:5f:15:c6:1d:f7:5f:4a:8d:
66:9d:8e:3c:f4:9d:fe:a6:9e:eb:f8:2d:ce:49:51:
9c:78:1b:f5:20:6b:e4:55:14:40:4b:68:cb:e4:82:
a2:f1:30:44:dd:84:9b:bc:f4:34:06:6f:42:1c:05:
97:b4:32:84:f3:96:b4:a1:c8:fe:fb:3d:ba:5a:f9:
ae:0a:79:79:99:86:ec:df:d2:f0:29:bb:ac:60:ec:
c4:40:df:9f:7e:e4:d4:db:83:ca:42:4e:51:df:66:
2a:c4:e8:82:c5:0a:fd:92:08:bc:9b:d0:94:b4:ed:
c1:56:01:7c:84:90:54:5d:57:36:b6:20:ee:ff:74:
21:a5:c6:9f:0e:2f:e7:7f:8a:cb:af:b9:a5:26:cf:
34:f0:14:f0:53:c8:30:d9:a3:fe:be:7a:9e:c9:3a:
ca:72:ff:b0:4e:5d:43:da:5c:a1:cb:75:95:12:b7:
2d:3c:91:bd:b6:28:eb:d0:1f:f6:72:70:1d:7a:a7:
fc:5e:1f:9f:07:2b:19:35:d5:7a:9b:cb:b8:8c:0d:
e5:a2:1b:7a:26:71:6a:6d:1b:69:99:48:7d:61:01:
1f:1a:6e:16:27:71:7f:04:9a:29:3e:f6:51:6b:9f:
83:65:82:85:63:24:9d:16:3b:71:88:99:97:3b:51:
3d:75:3d:45:db:f7:c1:51:54:01:76:03:aa:1d:82:
dc:73:24:8f:55:80:f2:e4:21:46:bb:45:6e:29:d9:
7f:6c:2a:81:f8:a3:73:95:08:b7:0c:5d:11:eb:80:
c6:30:97:c5:f0:db:16:d7:8f:92:9a:67:70:ca:d7:
18:c8:4d:0b:11:05:38:bc:bf:4d:8a:df:a9:65:b2:
9b:ac:c5:37:9d:78:0c:a0:0a:c0:88:a4:52:85:2e:
1c:78:93:a5:da:4a:0d:38:09:ab:65:ec:de:b0:9e:
df:d0:be:48:02:b8:e5:93:b1:f3:87:14:cd:5a:ae:
b7:00:6f:cd:b5:13:10:b4:9c:e4:76:58:a1:57:83:
95:13:41:ae:c9:af:cd:f1:29:27:65:73:e9:4d:99:
d6:2c:29:fb:56:ad:c5:88:f4:47:c3:48:9e:2c:3e:
9b:52:f6:2e:a8:49:38:25:65:bf:6e:bc:19:30:a0:
44:a5:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
C8:29:98:C5:DC:1F:5D:D3:FD:66:C4:EC:F5:11:E1:FC:66:20:F9:7C
X509v3 Authority Key Identifier:
keyid:61:E8:72:B9:32:10:5C:A3:BF:A7:A7:59:1D:35:E0:B4:B5:51:80:FB
DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-MBR/name=VPN MBR/emailAddress=ckubu-adm@oopen.de
serial:D1:1A:86:39:7D:76:92:5C
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:gw-ckubu
Signature Algorithm: sha256WithRSAEncryption
a6:97:d2:10:b0:ae:76:be:ad:0b:d4:05:0f:91:28:86:01:8d:
38:51:8c:db:b4:71:29:ba:39:92:20:56:a8:5d:86:a3:8a:7b:
70:94:d9:2c:29:cc:88:84:52:fd:af:80:df:70:69:ad:fc:55:
f7:ca:6b:d2:7d:e1:b6:2a:c4:15:42:35:34:2f:57:a8:4a:dd:
d5:5b:b2:68:95:15:15:d5:5a:41:b0:b4:e9:74:0c:f6:fe:50:
fa:28:5f:ba:ad:75:66:3c:fb:a8:ef:51:7c:fa:ae:13:99:97:
42:85:ad:7d:54:76:5d:3a:57:06:6b:1b:9f:8e:d2:2a:19:9c:
1a:53:12:a4:f2:fa:73:47:1b:e4:1f:7d:38:58:e1:13:31:93:
87:ee:f4:1e:b7:8b:46:d6:dd:d0:87:57:f5:2c:f5:fb:09:9f:
13:7e:4e:ab:25:2e:64:67:47:25:66:74:5a:81:eb:db:77:8e:
ff:51:bb:53:a7:70:2e:9b:17:b7:87:04:e9:97:3f:c1:3d:d4:
0b:6b:d7:5e:45:55:58:d9:5d:e6:7b:f8:d0:e9:37:de:e8:a8:
c5:fd:05:fd:8e:09:7b:bf:1e:31:10:21:6f:f3:be:81:52:71:
69:1f:f0:53:cb:8c:a5:76:fe:6b:38:5f:b1:f9:64:3c:4d:ba:
69:1a:24:1d:c3:44:33:f2:2a:b9:2f:25:94:3c:1e:a8:5c:30:
aa:3b:a8:f1:4b:9c:11:8e:45:a7:7f:7e:da:3e:48:02:68:04:
4d:af:21:ed:a1:eb:bb:d4:e1:6a:f7:a9:02:0b:79:b9:02:a8:
b9:18:61:d1:3d:5b:4d:82:01:97:19:fb:63:b4:05:90:ad:ae:
cd:47:6c:60:c8:22:de:42:7e:a9:2b:c6:e9:44:f2:8a:46:4b:
9d:d4:f0:0f:82:5e:e5:1c:39:d3:d1:ad:dc:f5:d3:fe:e8:ef:
a7:21:25:f1:1c:88:e4:35:51:a1:d2:86:d3:5e:e6:0d:38:fd:
20:e7:d5:44:2e:5a:5b:6f:62:17:00:66:6a:ce:51:bc:c8:63:
c1:56:14:b2:74:5f:00:8c:15:cd:66:d2:b0:01:b2:44:06:10:
38:db:dd:42:fa:e9:c8:0e:22:b5:20:d6:50:e5:28:66:69:8b:
9d:5c:e1:ea:93:7e:e4:75:76:4f:b0:b7:05:a0:35:4e:fc:52:
b2:20:3c:3c:35:4e:2b:40:fd:a0:d1:6a:e8:32:98:f5:27:55:
e3:3a:fc:24:6a:35:2a:e5:11:4f:90:98:85:5f:d9:54:99:5f:
19:2f:93:4b:05:3e:1f:f5:87:91:e4:f3:ab:5e:cd:d6:fa:b9:
c9:be:de:8c:37:1d:c0:9d
-----BEGIN CERTIFICATE-----
MIIHOjCCBSKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBojELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1NQlIx
EDAOBgNVBCkTB1ZQTiBNQlIxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Bl
bi5kZTAeFw0xNzEyMTgyMzMzMzBaFw0zNzEyMTgyMzMzMzBaMIGrMQswCQYDVQQG
EwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoT
Bk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEZMBcGA1UEAxMQVlBO
LU1CUi1ndy1ja3VidTEQMA4GA1UEKRMHVlBOIE1CUjEhMB8GCSqGSIb3DQEJARYS
Y2t1YnUtYWRtQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC
AgEAx/Q0+5i0lCTsMpXtQfxqi/OWcGOgWG50lqapVshmCOXKh5JT5bWRYqpumOYB
T2VLprpWnurVCkksKO5U/rMISRxmKckThTgyG9GJLkw9we8gXxXGHfdfSo1mnY48
9J3+pp7r+C3OSVGceBv1IGvkVRRAS2jL5IKi8TBE3YSbvPQ0Bm9CHAWXtDKE85a0
ocj++z26WvmuCnl5mYbs39LwKbusYOzEQN+ffuTU24PKQk5R32YqxOiCxQr9kgi8
m9CUtO3BVgF8hJBUXVc2tiDu/3QhpcafDi/nf4rLr7mlJs808BTwU8gw2aP+vnqe
yTrKcv+wTl1D2lyhy3WVErctPJG9tijr0B/2cnAdeqf8Xh+fBysZNdV6m8u4jA3l
oht6JnFqbRtpmUh9YQEfGm4WJ3F/BJopPvZRa5+DZYKFYySdFjtxiJmXO1E9dT1F
2/fBUVQBdgOqHYLccySPVYDy5CFGu0VuKdl/bCqB+KNzlQi3DF0R64DGMJfF8NsW
14+SmmdwytcYyE0LEQU4vL9Nit+pZbKbrMU3nXgMoArAiKRShS4ceJOl2koNOAmr
ZezesJ7f0L5IArjlk7HzhxTNWq63AG/NtRMQtJzkdlihV4OVE0Guya/N8SknZXPp
TZnWLCn7Vq3FiPRHw0ieLD6bUvYuqEk4JWW/brwZMKBEpeECAwEAAaOCAW4wggFq
MAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBD
ZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUyCmYxdwfXdP9ZsTs9RHh/GYg+XwwgdcGA1Ud
IwSBzzCBzIAUYehyuTIQXKO/p6dZHTXgtLVRgPuhgaikgaUwgaIxCzAJBgNVBAYT
AkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMG
Ty5PUEVOMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRAwDgYDVQQDEwdWUE4t
TUJSMRAwDgYDVQQpEwdWUE4gTUJSMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1A
b29wZW4uZGWCCQDRGoY5fXaSXDATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8E
BAMCB4AwEwYDVR0RBAwwCoIIZ3ctY2t1YnUwDQYJKoZIhvcNAQELBQADggIBAKaX
0hCwrna+rQvUBQ+RKIYBjThRjNu0cSm6OZIgVqhdhqOKe3CU2SwpzIiEUv2vgN9w
aa38VffKa9J94bYqxBVCNTQvV6hK3dVbsmiVFRXVWkGwtOl0DPb+UPooX7qtdWY8
+6jvUXz6rhOZl0KFrX1Udl06VwZrG5+O0ioZnBpTEqTy+nNHG+QffThY4RMxk4fu
9B63i0bW3dCHV/Us9fsJnxN+TqslLmRnRyVmdFqB69t3jv9Ru1OncC6bF7eHBOmX
P8E91Atr115FVVjZXeZ7+NDpN97oqMX9Bf2OCXu/HjEQIW/zvoFScWkf8FPLjKV2
/ms4X7H5ZDxNumkaJB3DRDPyKrkvJZQ8HqhcMKo7qPFLnBGORad/fto+SAJoBE2v
Ie2h67vU4Wr3qQILebkCqLkYYdE9W02CAZcZ+2O0BZCtrs1HbGDIIt5CfqkrxulE
8opGS53U8A+CXuUcOdPRrdz10/7o76chJfEciOQ1UaHShtNe5g04/SDn1UQuWltv
YhcAZmrOUbzIY8FWFLJ0XwCMFc1m0rABskQGEDjb3UL66cgOIrUg1lDlKGZpi51c
4eqTfuR1dk+wtwWgNU78UrIgPDw1TitA/aDRaugymPUnVeM6/CRqNSrlEU+QmIVf
2VSZXxkvk0sFPh/1h5Hk86tezdb6ucm+3ow3HcCd
-----END CERTIFICATE-----

29
MBR/openvpn/gw-ckubu/keys/gw-ckubu.csr Normal file
View File

@ -0,0 +1,29 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIE8TCCAtkCAQAwgasxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3Jr
IFNlcnZpY2VzMRkwFwYDVQQDExBWUE4tTUJSLWd3LWNrdWJ1MRAwDgYDVQQpEwdW
UE4gTUJSMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGUwggIiMA0G
CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDH9DT7mLSUJOwyle1B/GqL85ZwY6BY
bnSWpqlWyGYI5cqHklPltZFiqm6Y5gFPZUumulae6tUKSSwo7lT+swhJHGYpyROF
ODIb0YkuTD3B7yBfFcYd919KjWadjjz0nf6mnuv4Lc5JUZx4G/Uga+RVFEBLaMvk
gqLxMETdhJu89DQGb0IcBZe0MoTzlrShyP77Pbpa+a4KeXmZhuzf0vApu6xg7MRA
359+5NTbg8pCTlHfZirE6ILFCv2SCLyb0JS07cFWAXyEkFRdVza2IO7/dCGlxp8O
L+d/isuvuaUmzzTwFPBTyDDZo/6+ep7JOspy/7BOXUPaXKHLdZUSty08kb22KOvQ
H/ZycB16p/xeH58HKxk11Xqby7iMDeWiG3omcWptG2mZSH1hAR8abhYncX8Emik+
9lFrn4NlgoVjJJ0WO3GImZc7UT11PUXb98FRVAF2A6odgtxzJI9VgPLkIUa7RW4p
2X9sKoH4o3OVCLcMXRHrgMYwl8Xw2xbXj5KaZ3DK1xjITQsRBTi8v02K36llspus
xTedeAygCsCIpFKFLhx4k6XaSg04Catl7N6wnt/QvkgCuOWTsfOHFM1arrcAb821
ExC0nOR2WKFXg5UTQa7Jr83xKSdlc+lNmdYsKftWrcWI9EfDSJ4sPptS9i6oSTgl
Zb9uvBkwoESl4QIDAQABoAAwDQYJKoZIhvcNAQELBQADggIBALdkkMFEO7T9cpl8
tBREOTaOoy75nx3gMG/5f0HAOuOEo2fmiWgZLhpZqZxfAxffGzy6RN+41wOVkI2b
S102jY5hh2Qtfd09TSpniCGfLqWCLL4jzQgVrYPhSQi4bAEsf/QTspSv5IJliAdv
u4aQl0hrEPyiVqUohUtrEsjRR3aw7FRfU1q+GHcmoL6bOZrxt4wVbLaegsW99wx6
ID53SnMKZyQX40JNcT0WM/WAVh9GsOTij2Qj9beaASw7oOVHq1fjIqTojWOAa0Q9
5q+RWZUEACu3hIUWWwvLrsrr+hZ7fIL188QCFaQOV9FlKUk1S/F/qJpmjWzOf3CB
RAtl+24W7ZC22BgvBiWQA8ZKVSJ/JJaTO/z8pNtO6JP44hIkk8Rsm1psRfNUdNJw
zZhg57IYUFdqMcgLBtTqH6ViERQMNYKX3SfxMAgT3AAG0hSZ0eQeTD6TFaXUg1z3
//OCTtyPCHcxX7/LGG2ZdmbKGapzDE2AMSXAYdK6ZZtLE1w8IJNrddRjqR8h9wSq
AFOZPAJAAZz2umieuVy9kzKiQ2ySYfTPLt7zz+Dek6ATpsk58R2ka+rAfleL9JWV
pcTprTypWbBasH3YaPfBu83ZeA9zAOTftstDFzTG7CkRBlzQzIKN6P82SdagdX0H
B0S7gu4aEINauI/XSITQvOIB1EUH
-----END CERTIFICATE REQUEST-----

54
MBR/openvpn/gw-ckubu/keys/gw-ckubu.key Normal file
View File

@ -0,0 +1,54 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIoJKekP1ZYoMCAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECHiPXCkPcmkMBIIJSBkqxukBibbl
LdkzjsRmpDCFmPbmEzu/YKmXCMqSbgnEp0Ny2/05sWH2x7DDfZHC8IkzSZb6nqz3
G5AenJ6wZhPhtVEHFJaiVkJv0pIGXpGvqVsXimDSBWMnIwBFUfzrKSOu7Dhiw7Cx
1KdGgfoISh/BTLF2UAJjRqIL/Hw0nlqungeXV46twKFW83fBwxJBMj5HwfHtkTqN
yXOoRLOFJHwYAn6qqBw7n/pJyb4XzOqmmPqC8S96WPQwTCUDlJCSg6AGpobEfxQx
KFreSVCyQadyFSO3C8jGIOsP+55j7sk/GwABYx9iZ+hPiH1uBhhDNzLpnDbLsrgf
chvpMoftpmgZxxd6bFbWdhZGhWKSGivmujfaAQySc8+w9ejjpCiHg9oEBsm78whh
UcxXNrbfVpj4ivZm6K+BoM710imeQu22t/SNeO7S6Mko9Weu/8vlg3976H8E58PG
NwseCQRyVKmIC1i8EuKbYt4Fr66YTkuv+OGdqmvTPRe8aMQOgEFU3NaoQ5rHBfma
24NZoy/Hk1QXYSkCIc6izJdv07u44ZK2X0LGGiETin8lmCmyrph+iP51Hl2np8gk
5PiHAVcnhuSrBP9nVOZ6XFbBFYwItTdtlkpSfJBYlNnEHK2gA6wIF8dQhQE3VXS7
H9F3MdaJx7qVRy7qDwEG/ONBDX/QrU9cTom07TP1T7IHbqfF6koZE8fOEnwFPwpE
4sFuaRfrPdBDaE6jww0NLdAHC8eSdNgrHHVEUnwWosAldapfmj3JNONc+tJPYo4r
usMPPL+THX9UA9D7hxZ5wHz4fqyTlkK2bE0aK0euEaAe7tQ8+teYYEiO+OkRNQI4
yyHAX8b1jCaCOOMTeSHdV3gFhh8wmRsZqa4i1a4lWqeQlXKA9/Iq5Uk0ujNOSYMG
ttMyS7b38IvDCog9G1XYiSqH8DE/IzSi9tUbfUtqRX9jqUp9ZGlY0h8R/5I9oDKa
4IQRYAjktsJDi1dxYffQpWX0XeDZdlT6drhZv3OZHfTzX7pAI8TbEcu48tuI/JpB
zzI9/+yxF2hDNlecWYi8BP5vt5u58oiO+IEReFC1sPVssJSQisOJp1qNQCwgvNxu
/1heDohlurh5Ra3XtFddDVg5r92A9yuM5LZFGNA4VDZe8WzFOv9adKrZARBiWqBH
CG2KwL8o/psC37BT0SRCQd8iOHTlfMUIPd9j7WxfM1DcxywEcLCwtBjMXidVVIB+
YG58huH2AdEgm01f7UeJrd0RBCV4Lx58nNnnkBoTQXzP5KqpAHmSndsOy8dAUf4F
lk0zC1LARseF3r9eeFxNeMC+diQHzLOGLQNhyojlhA2/9FO546lOH3TLlBNgQ41w
CfhTRa5aU+w+OmYjkPEnhde4NzzSXEbFMjGQvt0rrn+6jFMQ/kDLSoJEHBEa+Anf
VAbVZThhy8JhkRrKpEht3sLUd/mR57Vrk47xZnV8uGBW0Ii28rRYdImHV3CGUys+
S6r5o5zLa1yRhz2hGQE8kpnu5HiF4Pz7svBp8FEiRLTxvTQ9D5MgdlXUHr5Ujaco
ivlm4WvXoNyji2FbWDVgscvfbOQgNnaQ5uY5g3rxC2PTCwNbTCGNLxYJbJ4zzkp+
NHS9xuV39AggXJpFpb6vl30NU4pQCLDTYpembdhNmIfgGo4DS1bMSWZyz9I1OkOa
rNtVWidyTgZd3I3v5r5weD30gb+D/aaCxSEa4CCp1e7Wbdjwb9tuj6bJsRlnAn/K
ucDfQzTlImshtBjtWG2C+dpRyTVLpo/49kQmHhXvr/OpDWv5tggrvEZ87gEvCgOA
KkPNFET5itNA3KkVX6fi9Lg4g94hwEqAUnKHFvhatMC6DYYXF2hnZLIAaXjCAysz
ubxOMEeyEYEBpGnWuWgK6uv+IgwYdA9+vca69upH19J9sxvdhUluRo4ghoH2Ufuz
gz1P852iCvVGsGgUgWsyRgEqylP726YxNyxBot8EZ8uUXVaUFs540nJRY85Sli4f
17WzMYKTgV+790XFUgYlV8K9wVL2qCcCPwlUS/sjLIUACnuiDucMT/3J9zQcssY6
3ka8UhMzaFGys0FQl1WwcXZ+gWtQJcF7R1nB8PCbUFt06+adyJaSrE4UTQAZYMM5
NS06CVaVBxhZDukAq9Rw/W1mnfkJTb9IHy3n/5RJqNzf0PXDe4CbXKqRDWx4aPbr
bklCRDCujoECsnYuTEdNbRawubCrt0uAAAudJkHQsDHJcjs1Uxr26duRhElsolJX
bkSOiarjckoGZG2k05aBkZq9HcOMNMHiGsia9/3TmEIWkuOxY+EVB/FHUdjeJA1F
1pI4phDz3rGYJOcWwMtW47P7vemKi7UXzfgCVW0wS/pxI5+PGUxq3NrxLz0TMdxa
lKAH18quz3tRaqlGNQ2d9NVEn17589JLS72OFROnK0tUBQevaVwP4MHwu5g/lz8h
C72U86jx1ps1N32y3SV5T/U0rch1PT9v8PO4kD3ojoMAjxXSe4Iv6gXaJSKmORdD
WHb7W2Tq7IWHRjUWWl0wVsqLyEfu9LAPTw688P17UWvK4fDQDvr0dOyMRSYNBTiU
YudmGZh0lphuEXnMmPgD5l06EmKbXzSIWwg1iMlOKQzENxTR5fr9ozvpe1KDqAGK
Fcd/QRNydHOJcLShwhX2ZTfVMMzoE3t5hizS7cbo3j+OYKJ30P4GFbXrEIj+c6Jd
FOT30UZWZ1lK+jFscJcKCZMDFvHVDk63pOLCdxxQlmovuaCjsdGXRh1mvtYyV+wE
kDCbCdjjlf5Qj8TwxNmKA9Rg5dlTIOSFALGM50YX3Iq/rwJahBOpirKXNcQ8/qoG
0sF+4jQyNQSMu6Y+9RKGBwPESZa05M9N0xbcAz+wFlOKBRXzioMRNoG5rOew1mTj
wgxpNTidqvnVE36gw0hYy1K8+jyYwFwdh+t++p+VQ3kctc1QPVgomouC8DY7UCNg
5wFFqm/lru87YJcsgrso6/fHvaTkA3toS5olRrmhq68hjISk1XArDm1vDo/hcvFX
L4MLrR/LpUCccUFV26NaNJuQdvpzBiGTwyetK1+rC5QtvNvfTQL/1WeKpbOpJCkl
2FqU9ZXvhJH4N3zxGf9LRkg/tQjYKLfDbvjZZzDnk66fJMK19FkuCm2uqeRQZHiQ
j3AScnn8S7SPYjaNkOxAmQ==
-----END ENCRYPTED PRIVATE KEY-----

2
MBR/openvpn/gw-ckubu/keys/index.txt Normal file
View File

@ -0,0 +1,2 @@
V 371218212840Z 01 unknown /C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-MBR-server/name=VPN MBR/emailAddress=ckubu-adm@oopen.de
V 371218233330Z 02 unknown /C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-MBR-gw-ckubu/name=VPN MBR/emailAddress=ckubu-adm@oopen.de

1
MBR/openvpn/gw-ckubu/keys/index.txt.attr Normal file
View File

@ -0,0 +1 @@
unique_subject = yes

1
MBR/openvpn/gw-ckubu/keys/index.txt.attr.old Normal file
View File

@ -0,0 +1 @@
unique_subject = yes

1
MBR/openvpn/gw-ckubu/keys/index.txt.old Normal file
View File

@ -0,0 +1 @@
V 371218212840Z 01 unknown /C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-MBR-server/name=VPN MBR/emailAddress=ckubu-adm@oopen.de

1
MBR/openvpn/gw-ckubu/keys/serial Normal file
View File

@ -0,0 +1 @@
03

1
MBR/openvpn/gw-ckubu/keys/serial.old Normal file
View File

@ -0,0 +1 @@
02

142
MBR/openvpn/gw-ckubu/keys/server.crt Normal file
View File

@ -0,0 +1,142 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-MBR/name=VPN MBR/emailAddress=ckubu-adm@oopen.de
Validity
Not Before: Dec 18 21:28:40 2017 GMT
Not After : Dec 18 21:28:40 2037 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-MBR-server/name=VPN MBR/emailAddress=ckubu-adm@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:a3:59:da:38:7c:2f:ba:c5:c8:b7:64:9d:8b:7b:
f2:f5:f8:60:6e:4b:1b:1e:d0:ce:50:7e:82:ed:d6:
db:f7:d4:29:38:b1:8a:df:14:9f:ed:72:c2:5e:86:
c5:ae:5a:09:0f:74:62:b6:c9:f8:42:95:4f:70:d6:
bc:cf:62:c8:02:97:b0:20:ec:2d:eb:68:09:82:22:
af:6b:f9:9e:ce:63:f9:3a:d1:a9:33:0a:d0:16:95:
33:ee:df:f3:88:97:51:32:88:c8:f3:e7:36:ba:8e:
40:2d:ab:6e:c9:b7:13:d4:59:46:5f:62:61:fd:21:
86:03:45:40:2a:96:6d:f7:87:dc:72:f1:3a:2b:71:
67:86:6a:ef:69:74:a6:de:a0:dc:ed:ad:c7:7f:9a:
cb:b3:06:61:1a:34:45:57:19:d1:37:e0:2d:36:c3:
94:91:5c:02:ce:40:c2:f8:a4:43:8c:f7:5e:a1:b1:
00:19:13:cd:06:85:e0:d7:f8:7d:bb:b6:e5:e4:d7:
7e:82:dc:96:5c:fa:7e:88:a3:42:be:43:78:c8:b3:
40:0f:61:05:55:9f:d0:56:54:19:db:85:48:05:ce:
6d:b2:49:df:b6:54:7d:39:f4:47:b5:98:3b:d5:73:
1b:15:f5:de:b7:af:a9:06:06:de:03:59:84:db:23:
70:87:eb:16:de:80:f1:3f:ac:b0:93:04:69:87:99:
d1:d4:a7:f0:ac:2d:42:73:d5:5a:fb:1d:f4:d6:e9:
20:cb:1f:13:15:5a:b7:1e:ec:d0:e0:d4:5d:0b:61:
66:01:40:6f:e6:86:38:95:e7:a4:ff:0a:8c:c9:1d:
36:e6:56:59:84:15:a4:3f:72:17:ca:61:f8:74:98:
4a:af:c6:55:d9:54:99:bb:fb:40:8b:d4:8c:ab:3d:
de:f3:9e:9d:3d:a4:27:cd:8b:17:12:8e:b7:32:5c:
c0:61:fa:9f:5a:9d:d7:9c:f9:6b:c7:da:a6:50:25:
80:b5:37:88:cf:f0:0c:62:5c:e2:8c:04:b2:e1:a6:
4a:ca:8e:93:a9:fb:e1:72:89:08:23:9e:08:c9:10:
7c:fb:ce:a9:12:e0:1f:f9:1b:a8:b7:d7:ea:84:d3:
9c:f3:5f:97:6a:1d:44:03:42:e9:86:1a:f9:14:3e:
58:67:06:4b:ae:c7:4c:77:4a:80:29:5e:7b:a7:b8:
08:65:e7:b9:aa:e4:eb:45:93:68:28:9f:3f:0f:42:
40:23:ca:4c:9d:5c:4d:b1:55:df:d7:41:2e:31:46:
1e:60:05:75:33:8a:2c:bf:b1:08:c5:b2:31:51:55:
6c:73:ef:a2:8b:e8:aa:fa:bc:4a:81:20:e4:96:30:
f9:09:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Server
Netscape Comment:
Easy-RSA Generated Server Certificate
X509v3 Subject Key Identifier:
5E:7E:C5:2F:CA:5E:62:27:A2:07:89:20:A0:8A:D0:EB:05:55:95:26
X509v3 Authority Key Identifier:
keyid:61:E8:72:B9:32:10:5C:A3:BF:A7:A7:59:1D:35:E0:B4:B5:51:80:FB
DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-MBR/name=VPN MBR/emailAddress=ckubu-adm@oopen.de
serial:D1:1A:86:39:7D:76:92:5C
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Subject Alternative Name:
DNS:server
Signature Algorithm: sha256WithRSAEncryption
53:de:ad:c7:5d:b2:c0:6c:2e:45:50:21:7f:d8:ff:68:61:8e:
11:bc:13:d0:67:5b:ed:c6:48:46:74:9a:89:6b:2a:1b:8a:01:
c9:3b:5b:3e:1f:d2:24:1e:a0:59:ea:f5:99:d7:35:8d:13:55:
58:ea:8c:2d:8f:7e:8a:c1:0f:a1:0d:ea:ce:46:a9:e1:4f:00:
b8:94:f6:d4:fd:44:83:41:13:9a:98:3a:e2:d2:a2:09:1a:61:
44:39:84:9a:6e:4b:67:ab:18:93:e8:1e:cf:bd:15:2a:a8:76:
ae:d7:36:56:77:3f:88:0d:40:18:6d:e1:d5:a8:e0:17:fe:96:
58:cf:aa:2f:63:a9:f6:bd:c7:61:6d:ea:5f:72:92:8e:08:a9:
60:a3:48:66:91:e8:4b:0d:dc:92:10:b2:57:68:71:9d:f0:86:
36:31:95:3b:f5:ce:fe:fe:96:91:df:90:c4:0f:90:0c:cf:97:
73:38:7b:27:21:43:29:b6:13:5e:11:b3:7b:10:10:ac:3e:9c:
ee:88:cc:e1:c1:a2:40:0a:2b:78:82:85:ba:c1:a6:b9:e7:23:
af:13:ee:16:ba:e6:c9:6e:cd:5f:1c:44:c8:c1:e1:48:e7:0f:
d4:29:a2:c5:80:f3:0d:48:b8:cb:6c:8c:3c:b6:04:c6:a1:41:
2f:99:dd:d3:f6:bf:15:54:e0:a9:79:32:83:21:59:0a:2f:55:
7f:26:c9:28:33:17:24:32:19:a9:d4:41:d1:e2:c1:cf:13:76:
fd:d0:76:14:69:cc:bd:a0:66:5c:8e:8c:f8:23:76:8d:0a:c0:
a5:27:9c:36:21:16:26:18:90:31:97:91:61:4e:47:4f:ed:47:
54:b7:8f:ec:d5:44:cb:f5:c8:35:b1:11:90:8a:2a:d9:ab:97:
1b:26:1a:41:ef:f1:a8:4a:3d:bf:76:d4:e3:31:26:c2:cd:09:
9b:05:0b:8f:6e:ba:15:76:89:2a:38:1c:b2:9e:64:ba:3d:1c:
a4:fe:4b:a2:63:3d:80:07:f7:19:df:db:03:51:7d:ed:16:72:
4e:ce:46:76:47:5a:64:b1:7b:32:4a:53:cc:1a:93:7c:6e:ce:
e4:00:90:86:47:26:9a:51:7b:61:7e:78:05:c2:35:c0:2a:bc:
89:56:e2:4f:67:7f:96:1a:47:9c:99:d4:a2:34:87:b5:e3:c6:
34:45:4f:51:29:49:64:81:de:3b:d8:0c:df:9a:69:c1:e6:4c:
72:5f:a0:84:5e:b3:1d:ca:2b:01:79:a6:70:cb:f8:4b:3c:69:
d1:55:c8:6a:56:cc:6a:9e:24:5f:a6:6d:99:39:6e:bb:d9:09:
a9:70:8d:5f:e2:b4:01:da
-----BEGIN CERTIFICATE-----
MIIHUDCCBTigAwIBAgIBATANBgkqhkiG9w0BAQsFADCBojELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1NQlIx
EDAOBgNVBCkTB1ZQTiBNQlIxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Bl
bi5kZTAeFw0xNzEyMTgyMTI4NDBaFw0zNzEyMTgyMTI4NDBaMIGpMQswCQYDVQQG
EwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoT
Bk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEXMBUGA1UEAxMOVlBO
LU1CUi1zZXJ2ZXIxEDAOBgNVBCkTB1ZQTiBNQlIxITAfBgkqhkiG9w0BCQEWEmNr
dWJ1LWFkbUBvb3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
AKNZ2jh8L7rFyLdknYt78vX4YG5LGx7QzlB+gu3W2/fUKTixit8Un+1ywl6Gxa5a
CQ90YrbJ+EKVT3DWvM9iyAKXsCDsLetoCYIir2v5ns5j+TrRqTMK0BaVM+7f84iX
UTKIyPPnNrqOQC2rbsm3E9RZRl9iYf0hhgNFQCqWbfeH3HLxOitxZ4Zq72l0pt6g
3O2tx3+ay7MGYRo0RVcZ0TfgLTbDlJFcAs5AwvikQ4z3XqGxABkTzQaF4Nf4fbu2
5eTXfoLcllz6foijQr5DeMizQA9hBVWf0FZUGduFSAXObbJJ37ZUfTn0R7WYO9Vz
GxX13revqQYG3gNZhNsjcIfrFt6A8T+ssJMEaYeZ0dSn8KwtQnPVWvsd9NbpIMsf
ExVatx7s0ODUXQthZgFAb+aGOJXnpP8KjMkdNuZWWYQVpD9yF8ph+HSYSq/GVdlU
mbv7QIvUjKs93vOenT2kJ82LFxKOtzJcwGH6n1qd15z5a8faplAlgLU3iM/wDGJc
4owEsuGmSsqOk6n74XKJCCOeCMkQfPvOqRLgH/kbqLfX6oTTnPNfl2odRANC6YYa
+RQ+WGcGS67HTHdKgClee6e4CGXnuark60WTaCifPw9CQCPKTJ1cTbFV39dBLjFG
HmAFdTOKLL+xCMWyMVFVbHPvoovoqvq8SoEg5JYw+Qk/AgMBAAGjggGGMIIBgjAJ
BgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIGQDA0BglghkgBhvhCAQ0EJxYlRWFz
eS1SU0EgR2VuZXJhdGVkIFNlcnZlciBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUXn7F
L8peYieiB4kgoIrQ6wVVlSYwgdcGA1UdIwSBzzCBzIAUYehyuTIQXKO/p6dZHTXg
tLVRgPuhgaikgaUwgaIxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3Jr
IFNlcnZpY2VzMRAwDgYDVQQDEwdWUE4tTUJSMRAwDgYDVQQpEwdWUE4gTUJSMSEw
HwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGWCCQDRGoY5fXaSXDATBgNV
HSUEDDAKBggrBgEFBQcDATALBgNVHQ8EBAMCBaAwEQYDVR0RBAowCIIGc2VydmVy
MA0GCSqGSIb3DQEBCwUAA4ICAQBT3q3HXbLAbC5FUCF/2P9oYY4RvBPQZ1vtxkhG
dJqJayobigHJO1s+H9IkHqBZ6vWZ1zWNE1VY6owtj36KwQ+hDerORqnhTwC4lPbU
/USDQROamDri0qIJGmFEOYSabktnqxiT6B7PvRUqqHau1zZWdz+IDUAYbeHVqOAX
/pZYz6ovY6n2vcdhbepfcpKOCKlgo0hmkehLDdySELJXaHGd8IY2MZU79c7+/paR
35DED5AMz5dzOHsnIUMpthNeEbN7EBCsPpzuiMzhwaJACit4goW6waa55yOvE+4W
uubJbs1fHETIweFI5w/UKaLFgPMNSLjLbIw8tgTGoUEvmd3T9r8VVOCpeTKDIVkK
L1V/JskoMxckMhmp1EHR4sHPE3b90HYUacy9oGZcjoz4I3aNCsClJ5w2IRYmGJAx
l5FhTkdP7UdUt4/s1UTL9cg1sRGQiirZq5cbJhpB7/GoSj2/dtTjMSbCzQmbBQuP
broVdokqOByynmS6PRyk/kuiYz2AB/cZ39sDUX3tFnJOzkZ2R1pksXsySlPMGpN8
bs7kAJCGRyaaUXthfngFwjXAKryJVuJPZ3+WGkecmdSiNIe148Y0RU9RKUlkgd47
2AzfmmnB5kxyX6CEXrMdyisBeaZwy/hLPGnRVchqVsxqniRfpm2ZOW672QmpcI1f
4rQB2g==
-----END CERTIFICATE-----

29
MBR/openvpn/gw-ckubu/keys/server.csr Normal file
View File

@ -0,0 +1,29 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIE7zCCAtcCAQAwgakxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3Jr
IFNlcnZpY2VzMRcwFQYDVQQDEw5WUE4tTUJSLXNlcnZlcjEQMA4GA1UEKRMHVlBO
IE1CUjEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlMIICIjANBgkq
hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo1naOHwvusXIt2Sdi3vy9fhgbksbHtDO
UH6C7dbb99QpOLGK3xSf7XLCXobFrloJD3Ritsn4QpVPcNa8z2LIApewIOwt62gJ
giKva/mezmP5OtGpMwrQFpUz7t/ziJdRMojI8+c2uo5ALatuybcT1FlGX2Jh/SGG
A0VAKpZt94fccvE6K3FnhmrvaXSm3qDc7a3Hf5rLswZhGjRFVxnRN+AtNsOUkVwC
zkDC+KRDjPdeobEAGRPNBoXg1/h9u7bl5Nd+gtyWXPp+iKNCvkN4yLNAD2EFVZ/Q
VlQZ24VIBc5tsknftlR9OfRHtZg71XMbFfXet6+pBgbeA1mE2yNwh+sW3oDxP6yw
kwRph5nR1KfwrC1Cc9Va+x301ukgyx8TFVq3HuzQ4NRdC2FmAUBv5oY4leek/wqM
yR025lZZhBWkP3IXymH4dJhKr8ZV2VSZu/tAi9SMqz3e856dPaQnzYsXEo63MlzA
YfqfWp3XnPlrx9qmUCWAtTeIz/AMYlzijASy4aZKyo6TqfvhcokII54IyRB8+86p
EuAf+Ruot9fqhNOc81+Xah1EA0Lphhr5FD5YZwZLrsdMd0qAKV57p7gIZee5quTr
RZNoKJ8/D0JAI8pMnVxNsVXf10EuMUYeYAV1M4osv7EIxbIxUVVsc++ii+iq+rxK
gSDkljD5CT8CAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4ICAQCH/TKtCCVzFeCwvYAr
qUbQOobUW9V37cMvziQpHJSUXsWR0Y8VImlbEecCKRg0YpzzH0UKaprO+EFqXSfM
TOiuSIwaeJ/+kOF15mDQnbkCmvK+Dr6AN1DcC8H0SzutaUGMt5jiwIln/54o4/wp
B0NFhxkWg96+Mz3V6IvZUGfuRfaTPL9QYqqzQupdw9rJizVDCLf2JzR/bMfFcLwe
R+SNJRq21Cs9BBbUF9UOfw2gLS+SCFdIyeOFEYJ+nmdAWRVn9PEz+yKdKr9Q73DW
sDK2+M4E0FWUsUw4mDWOJL+Hrc97Vd2xSDmKubuPlK2re8LTiNoXX+xXEfPAL/k/
eJMNKeAm0fXkGqZylDxQyYETGUkxGQS5BOMODh9xRRO/Qazfz0Ym5kRDttIXhDbs
+o1e4f3Lvov9xPLOtEZ5EZF0QDHnrm6dv9lp95VHfC8Qnhf0cblLctU8Fdwk3oQn
zHG8NtlBcSg12GGi8IzNNtUWWI+wOn7SlIjydOCt9WwdrVktWLwyhozCN4AemPgi
MRjCDApvyj2Q1iSjIZJLBO6rvYjONX33XO4+zVe+uSAxRI5ywXCE5waG1q86svIG
857jQqfkpXGB885uPUDXx+sGMbipXHtNaR6Vq1Jk7RtW1eSh9zmDxav1pnbaWfT9
KF1CczRh3eC7miYzpj9lRzRKEg==
-----END CERTIFICATE REQUEST-----

52
MBR/openvpn/gw-ckubu/keys/server.key Normal file
View File

@ -0,0 +1,52 @@
-----BEGIN PRIVATE KEY-----
MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCjWdo4fC+6xci3
ZJ2Le/L1+GBuSxse0M5QfoLt1tv31Ck4sYrfFJ/tcsJehsWuWgkPdGK2yfhClU9w
1rzPYsgCl7Ag7C3raAmCIq9r+Z7OY/k60akzCtAWlTPu3/OIl1EyiMjz5za6jkAt
q27JtxPUWUZfYmH9IYYDRUAqlm33h9xy8TorcWeGau9pdKbeoNztrcd/msuzBmEa
NEVXGdE34C02w5SRXALOQML4pEOM916hsQAZE80GheDX+H27tuXk136C3JZc+n6I
o0K+Q3jIs0APYQVVn9BWVBnbhUgFzm2ySd+2VH059Ee1mDvVcxsV9d63r6kGBt4D
WYTbI3CH6xbegPE/rLCTBGmHmdHUp/CsLUJz1Vr7HfTW6SDLHxMVWrce7NDg1F0L
YWYBQG/mhjiV56T/CozJHTbmVlmEFaQ/chfKYfh0mEqvxlXZVJm7+0CL1IyrPd7z
np09pCfNixcSjrcyXMBh+p9andec+WvH2qZQJYC1N4jP8AxiXOKMBLLhpkrKjpOp
++FyiQgjngjJEHz7zqkS4B/5G6i31+qE05zzX5dqHUQDQumGGvkUPlhnBkuux0x3
SoApXnunuAhl57mq5OtFk2gonz8PQkAjykydXE2xVd/XQS4xRh5gBXUziiy/sQjF
sjFRVWxz76KL6Kr6vEqBIOSWMPkJPwIDAQABAoICAQCep7WoqQ2epV1GqmXORSv8
tSnL1gzYSEwqqEW4hbgOJDWJR/+unhSbBpw8PUAhEHe+V/dMvCvxV53Z5edqsfG7
euLphxsuilS53cBt6fvRUA6Qj3R8C+OCG5ZeS4v4vadyoqIzKv3gAivZb6liJ/wN
gkw0dpTfy8Ciyo8BDixuf7mgtiUebr3zM0enMFKm5qzN+LxMduej0O1dCynR6FRp
pcWkbB+Pc0OSWhpEbx7g+p4iA40pzi6TSFLS0RolyQXO13Kb3W35jp55TcCUlWnp
3Re6GCybNmaegn6+1NvYL+Ahi1jKeZNLR7SibuKmdW74TF7uH6HWJbNao4bDZM90
1qQmGtPS6njBaOb3tqm3LIyGfdxI30glzMVIkC0ckdsN0Tv8EzWvX9wa4Gez/Mjd
9BUVC81mvwnOiNUIkFmvFGrqLPQT2TAO8Ut4R3uBMml6mY6khCciR/oq+wmXpqZf
xoixb+6kleiBrVELnskyDHLHIpCNMM3HG/+opAXotbCi9Qq/ivIlUtANOgP74XBB
Ql32zojB6+RwF1ubw4BhFvbhSjyIF+ZgMFlAyUTfPdO7ReS+SnHueIzgiaD86Je2
FvXq+p9mu/I9pugwNYk8MJ/8HpeQzdfxmDMa7ERTQF8b+iI9gu4Gd1M+XvTKK8yO
/LSFkoHij7gdxbVCmcC+EQKCAQEAzhGW6cz3HX6K2J2HWDRPN7v9xPW+/c0PbTES
sfsF9OoFbcRR/H80D6eABCdTuJ3z3TPs8qmHzIElV5vySTncnWo6bOb+Cvd75/3l
5k05Sqcl4JO79WR0uhAcEVx9d+7zHT4ZXN57okog0Mx/szJE+IaOwOygQIXFCZAw
vCaK/QUTiblklVhuywhR/+zIYQLd25SYeQM8/ncL6ezwc8QxiaZRsA1bw00pOl8m
cOBoNaBm0R8dl/q3n7p7UXpKGJ7tZQ17xhw410wddXGpKPaqLfKaD5dq+18S7chN
bpFjCsS1liylQnPEmz9XcspUUsSqHwuIAI9/IL1SgVlcO1k2twKCAQEAyu59NY6S
n62ZLbzmkg3BIP5WpmrVt85guKnHvZ4wJhypB9GkvnlHfjy11iNS7/o4IxqfX5tK
Rtzxu2ZRgBogYXu80DTSIEywf/bYJALY2/i8UsIWSUs/yekHNI/QBY5sabgjtvnd
CrmIcUrRXIg26NRho4/aboGJTHUYHZYutq+8byCkeiNnPgPL7r5FKb7S4NNdeiFV
CYNDgsVNaH0DVph+69wPv4b4ZfyrzwIxdYtZB9NxISD+YkNZfWDiKpBQlpIQ+9pO
WrERQrHWUGVFwxcA217CMFBCJ2LmAlBs5r344xgu1Hi4AxUkclyo6XvpStvZ83mk
HeldLBwfbnx5uQKCAQBSDp0KsuzAWPCPO4N2szXMWta9xKHuTObUs1LffrcrhLju
sdt38WtYxHlsrgBfpr5CGnhDVRDXdaHaFiZP1HOuV2u2i/EjitNTWT5gC+ZBfPfP
SuTw3bTBlsKmgy8PQB6dSWouGgYfZOdWXeiIAf+G+4YC+vcBWoNQwJM3iR2VjZzv
Hd0Yv2M3BDQq9i4Au3R/CNgCcDCsn9klqI1DfB/B0XH76gXdam99aABVuHamzB3F
Ll/JcjQGreqHUmwJC9g6gjkEdZ6I1S1x4/XZcwfnThDdHo2iVYSjHT0AR3KqChTJ
HTQdlx32OC3pbvpPDzMzM5NPrdSQw/MDwQLCO09XAoIBADh0UHDt0OyLJuoKezp2
iRvcpc52Oi6AQ3gcA21E7LAtmPiL4gD7TGBaE1wXR6NrQOLDLUMzuF4uaTFxLYst
uYRlIAnsJ+jEbPWsfkTGZf4MHJgJVpndTUmmglKlD4H8NTzT9VuZ91xccRDTd5r+
aggrzV3rTyEe+EtE6AiTFzvLd+iSdC9mWfpuo/UvCZ6rb48MPh0T2MxksAtZSEeh
P6R/mA+VkOv/aGs297UHLys8MPB0aiyFOT+s7OBsa37b1w+MYx0thk7Eo8CiKLUE
93tmkt50ZiF6smyynrpWFXW7s9m5iI2jZ82zvAf0rykFR8mDkAaj+Hw5x6nVyQi7
qEECggEAN/vPu/WKtXI9Q5GtyjpoMmPSsATXkWGQnKJisVwfezg6a8juDkbKZH3T
Pxb9pGCKEqTQZVWRYOCR+HYzFijNZJTHMKR230QZl/j9yHCuu/VOnxEBI92hWckv
FEKochdlS0NYMpGuIC6lV355N0bqso08Ko6P2T+9CyFbicLCDzp/xb/pnJdMJdDn
Wbtui6gUOu+XL7Aul7AsdGv67hQlk4aUKqR4e8rx1mqZUmBt+9cydiog+kQIz1I7
dCMkGcQ23QTnHYQRbUIP5DEpsC6irHIUlOqrS5vMIWDY1Qa5dL6y9VRlFCpOGfVj
GAooHZf3VKr732fct7cALGhigjIPpA==
-----END PRIVATE KEY-----

21
MBR/openvpn/gw-ckubu/keys/ta.key Normal file
View File

@ -0,0 +1,21 @@
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
79d91376ee2c248cb615cd6291bf2954
a8e96540005b24814cf8b156c133033a
8d46114db5bb435551604fcb18c56b09
09750d641767657cebf8151735230e61
b2a9631cd7490ab824333b74e60e4cc0
c3fce42e7518bd6519347f7e111b9f61
be2682407cd8186c2c9b03987a6d0fd0
52599e30c6e2214cd9734f442e4d9a34
62e1dc096e13a894538798a94b2e2d54
f1c5bd884fe95aefdd919a96cdbf8f1d
c60a65e7b59990a11324fa1960b8cb3f
ac2fc846d6860e50f7b35f83eb6b791b
d59707320a80e639b2226c2d16830757
f7d29d94fd8c5fe1ab8c939e394d2126
bd880494edfa929b03b894c6984890c2
8e1ab55c781b17828ec1d4126a9736e2
-----END OpenVPN Static key V1-----

260
MBR/openvpn/home/chris.conf Normal file
View File

@ -0,0 +1,260 @@
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote gw-mbr.oopen.de 1194
topology subnet
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Try to preserve some state across restarts.
persist-key
persist-tun
# Server CA
<ca>
-----BEGIN CERTIFICATE-----
MIIHDzCCBPegAwIBAgIJAJVCoWERyZjAMA0GCSqGSIb3DQEBCwUAMIG1MQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMH
VlBOLU1CUjEQMA4GA1UEKRMHVlBOIE1CUjE0MDIGCSqGSIb3DQEJARYlY2t1YnUt
YWRtLm9vcGVuLmRlQGNrdWJ1LWFkbS5vb3Blbi5kZTAeFw0xNzEyMTgyMDE0MDJa
Fw00OTEyMTgyMDE0MDJaMIG1MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGlu
MQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0
d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLU1CUjEQMA4GA1UEKRMHVlBOIE1C
UjE0MDIGCSqGSIb3DQEJARYlY2t1YnUtYWRtLm9vcGVuLmRlQGNrdWJ1LWFkbS5v
b3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANUaZu29kklR
KZaXQ2SgHjDribwcLM+XeBDZsrKXIkwYmOHXxX1BcDXhWYeQyJ1n7gyRHZzcSC9u
1NNnYvGMdpcuz9dwXZgBC5zspmyXIRaynlo9xtb44ug7CNoMuLReZB6cLWTbkd47
eQsQOXu+tIy5DvjDxybZaCudLUKfZ3sty64sydqUJZ8cXo1ucdGreB4RLWiI29Dt
ziLtJ0fvkmMLmfvh/RQqWqKYqHQRlMZCZnCghP3oCCZztfylB2iHsp4MZf42rXA4
Q9idVDD8PMu7opzzjgrbUjlJk/Hs6NcM2bjbsCp8/rj/akH6M14W8IJYpuHkgAmU
bCOnPTCcWVjpgF6R5ASXRfbegyNf05BrXQRHtW3Xh94aRrvDzh25aObHnV+P6pnv
8ek1vMSGk9FC1vBomHftqIL6sa+JOevWgK0jFYNungpBezfqDRpf0c/h8OGviN1r
m9s/D6Dc1eSf9vFlPN5faxb+V3xurC3e7/Lh9ZNXqBW4HYd1Da9BQM5vRY/H8ffj
szIrhJ/pTEVKChmBOqvfTuoLHBbiT+XUQcW7C3hKk06rBD9CSIywaC+ctHAtXvEA
Y+0q77VQus1TPcSeGHXShzvv5lEXoMygd786OKF/3ZtT+3YDbk1AeZx49o76hMmP
cWHCRmoWy8t2rHFYshMmPkl7EYlLA/C3AgMBAAGjggEeMIIBGjAdBgNVHQ4EFgQU
D8mVsJqjS31KjAa4+MfmGhkqJDowgeoGA1UdIwSB4jCB34AUD8mVsJqjS31KjAa4
+MfmGhkqJDqhgbukgbgwgbUxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4x
DzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3
b3JrIFNlcnZpY2VzMRAwDgYDVQQDEwdWUE4tTUJSMRAwDgYDVQQpEwdWUE4gTUJS
MTQwMgYJKoZIhvcNAQkBFiVja3VidS1hZG0ub29wZW4uZGVAY2t1YnUtYWRtLm9v
cGVuLmRlggkAlUKhYRHJmMAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC
AgEAV2wqjTAKpWww3jHS/tAMxd6JAjCp1MPV00dHXoez3kHwTw2KlnO0WwtYS4KU
s3+qtOBY35++42hH4U7KCKpjW0w5sTBjw+ql13xh0CueKMvs6T6kVGIBPiyosEE2
VLYeyZf47A/BQSAwNeLKIMxflTBVwqqeaO6bPu6xlfEAwNSmvj/uxKf0mHYCjNSc
Q2KBABU0A+AjvsvuSMec64tvWQA9ty6YZfo/qSRnUkCqISme9IFOWKyuSNGUgbfX
xFK8zcOUqLwvz8OlNHBcLiI4+ue2fy1TrLVyMkJFhllfuGTHpYqDqGJHAl5AocJx
eppXLhUR5xmVXQjn50HTj5GukxZbX+6eUxIpRvydAJ3emU/3g6vS1MygHDGTPb9b
Ovk0mrGS+wlHsx9kmrO3Ge/BULuX/M0qvqWk4w29f5CZy4vcI3l4uhnrFlmp21b7
+EGQQw2+CNyP5CsD+BQlx+5FhthuH+nU85mZkLRIebgNep5O09remcYNka80XFfs
OLXve4/ByQW8iXuxyIlEqv56Bz/H70yug8MI000pZ/DL44+0GnMz7ULP0nAHp3Yd
sU6nFG7fH5cvbw0CMniC+0LBuNzxgUwnoiqj95fvqbseM0LK6YxmblFnD7tCZh4W
Ns4Mjg+3sAI9gmpcFMUU1l+TMV48Xo2FRYwYtW/nz7CIzh0=
-----END CERTIFICATE-----
</ca>
# Client Certificate
<cert>
-----BEGIN CERTIFICATE-----
MIIHWjCCBUKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBtTELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1NQlIx
EDAOBgNVBCkTB1ZQTiBNQlIxNDAyBgkqhkiG9w0BCQEWJWNrdWJ1LWFkbS5vb3Bl
bi5kZUBja3VidS1hZG0ub29wZW4uZGUwHhcNMTcxMjE4MjM0MTI3WhcNMzcxMjE4
MjM0MTI3WjCBqDELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UE
BxMGQmVybGluMQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2Vy
dmljZXMxFjAUBgNVBAMTDVZQTi1NQlItY2hyaXMxEDAOBgNVBCkTB1ZQTiBNQlIx
ITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTCCAiIwDQYJKoZIhvcN
AQEBBQADggIPADCCAgoCggIBAMQtPb0fscWy9ex2AICZnA2ybIHVfEPbsUp24FUd
t6hZ9mIF7cqWKD00ujBUcdRBc9K/vq3wdjwTC9pyRmsFfnI4+EE3Sa8wNBtYA/K8
gIPte2jRlDiRswRjHyQAM7ICzUz1UcfqmI8gm9xz1iEi6FWNDdcPXqwEmWIIcn1T
Px9QqnT0c7J+MNs7G1uaaqlFitlKgTpMAyCi+9My+N0eXxmMT/l5OyMyyCttnRkz
y2I2I/dhoyNfNk0fE4lGwpzZUz+gWXZgxTNDZ+XaEcl84kyx/G1SWMQOe9W21tgW
DtkrXuyVy3qjzc2csSZxoA/ahmqxb+1pEngk1wvuF2y5/wSa4G+SjgSy0z6keygS
YbQ9IIx9ZKzHMxgoy30aEoSIYJ3LKpIZfu860M+LMuhzlKdlADj5MpEL3iOaxCUl
Jcq8j+VDogmJ1+xZauC0w+1bOi2+0z2Gp16s74zVFVCJqrN5JWFP40Z7pgVPb8Ji
foglEyoi+jAsaZ87q4rVHJCi/LKev8EGj20PAFacS2yCzubtLUyA4DJ/4aFIl4MH
3mO5oMPs9hQ06LbzYIjDbh8bUTczFnPhkZa7PHAnE5jwF36/aiP9iprTtMBEvJJ6
sKjlC/vPPk2y79Mc2WbyNlp2qAiEtminnZi7qY/495ePNv5WmG6UYQINwVfs2vxb
FCFNAgMBAAGjggF+MIIBejAJBgNVHRMEAjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5
LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFPb8U3JvkgcXvtSE
py6Qtz8e6/k0MIHqBgNVHSMEgeIwgd+AFA/JlbCao0t9SowGuPjH5hoZKiQ6oYG7
pIG4MIG1MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZC
ZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNl
czEQMA4GA1UEAxMHVlBOLU1CUjEQMA4GA1UEKRMHVlBOIE1CUjE0MDIGCSqGSIb3
DQEJARYlY2t1YnUtYWRtLm9vcGVuLmRlQGNrdWJ1LWFkbS5vb3Blbi5kZYIJAJVC
oWERyZjAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAQBgNVHREE
CTAHggVjaHJpczANBgkqhkiG9w0BAQsFAAOCAgEAR+vl8ToNdA0KId+ifagINHpz
OMfFlBkkFVLhZGcoQp+HJV5I97zSt41Ybozrwo6Jnjv3wX/vYzqTl/oUrT9gjAhB
qMy9CEgMzyxBMl6ys2YqdBiRDC6sSkSY0q0BuZ8wHmvvzymlrwjNXIkdk1bbYtzx
9P417K63FSoTmIB8eVNUIoX4xusM80NCAR+1jnSyFoN6CrrnQA5L13GvyPZl7HMY
7gANKpUcPkqo0vnltIih4qbDESVlUIwSLocO6e9QLfmEh6n5onJqSORdrRaj3XdY
vXKQmlu3i0AXhVkQXQ3mdZbjYyYfSXO31uuuAhTR0Ji+p/znHF7Fxc4otmamhFcv
lRuAu4ai5qPsjHMsHMIb6eKKVWTHQ8iDKcOteaJk1x5KqTuKq6aBcmIxIFbZTpR1
rQfQs/9GjdIyJwHVHFAgymHiXjxmx06ZTXdrAMJpnpcMZD0iIrE08UMi3/jTtE4z
PE65tITvaFLtnl1cr3fFNXS0vDkmRQ7ejA5NsggghVU+vWQ8UPKRab7hoWXylVvD
GLQRglmQbM5VQgKLSlDrWFbD6fnI2kWSZmtxK2Mu7ab+HpflWRKTt7xUNlhPWUKz
1I6NVweL4WZ+0l6Y2ETxlUzqCylBrKtqQ44lGsPvJ+j2bwM5OIjKeElWMb2dzZJL
Q3Ox4pNDPk+BEHQrxl0=
-----END CERTIFICATE-----
</cert>
# Client Key
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIxiEqdBH+tBACAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECHYLwIQAaxwVBIIJSDIjWSU9/Kok
bbatj//bCab//36qcLRn2ZF3xT5bUevvX6PMDhI9X6d612AVAd7V20/nloX6jmYE
5bmAWiUjDtJNynXcdxe4RtyVfViECX+vGCQwz1MhN24GzGIyCm7V0/nJU6Stqoh5
DQ+RSqpBrjcFZAWNvFYfRKG0K5QCPG3DirP02ndbqZZY+phklAwunZGaf0Ao3n2P
Iqr+/sF7D6MjcS3jFqWYyCtHrqCK+3OyQLoWcsJKK5boYq6ywcPF/9qZJoCAQX4r
tbQ+2hEvL1hVte8l+ZtM331irHdmJ8A3UJNp2zR8SBQoO61lKZ0gNcfQzfnBEJpS
Xymds+2jtcgwGYCNp3fpZk8cn3ejRGEu1Z/2KSXVlDqA4VF+tlQbcHHaQawdL5/i
Gu4tbbxt9ZfBjKn1N7GhOnheF/xK6jxaip5fP+GsU48Qhko7ng4ckGlM3dHEDkhY
005X3pwqNM5+nW73yl6Qhdj7AAq0Rjsxa3crqkDkJ+XFWq7E6Wo+g9xhous+I0lZ
LGE/GaJ8A0Hg/A35b9cCDDToxoSZm8MxZh6rBQeRlMddQ0Bki/WKqg3os9FLEY/a
T++sWWuoPw2Ei0TkKJcNStMhM/0cIY/WduOMx1zg3drApQYM4CU4lt1L8nyAzhoP
QJs0oZreY5Pt0VA9wfvg3ULlXlk0pMsIP58ci8MQ2veyTmmBEqe9TE7UiJuQrmD5
yQFfg56bcibeRJ7l6HCdgpL41s4NvNf/sPvUMx7rNkVOqgXtO5qAMhF1ODLe51BS
t990Ht6atPWEypKoxoja83OIAyn/78HLVyCf229ysQTM/YKF85H9ut+TOE9NgmLS
/7CJntWBf0wzLKzHLVhjnT1XWWvmyGQkci04+82gSwZiURPgNowTUNGozL0bNRQR
aRGlY/DT23vO3NmBz+sz92RUVBkAeJ5ujW8GozlVp8elhdgFnPbrNPVRW16XryyV
Ql/hS56GqswtJXHHMkRx4xLUujKDvkzNUboJZvZLj1pTBEH5irJFYvdHOfd/oZKx
197DIDcL72ESQHKAesogpDc8erl5AFYnEdRg54mR1lcgDzEbK4r1pQdE///H3XSU
90VlO7DOHR5tzp26njZTo8hokXVzxd2MEd8O/2tWCj55mZP8A8Fp+uWu+YBtV4KT
es3j9udI1cAMQiKL/jMOoH78+IRn2Cdw7WlLLCq3hduPJFCwH+S/WFFcDWDhCRcN
ko5CYLvHjb32PakjYgRBelTRGSBl75lUiNrRep5apCMuREvLNP3A+pmmwCs5H+fu
OKrOVHJ0pUHt8439DDeSozT3JKm+ngowuPO6JG77e1gSZ8rSHySoUBI4sGXEDcpp
6+PzATzDJr9ZLYg7UumjIQ08YX14yHPEjl64SHQZQpcE8T8XfSEESi2dBjCcQ14Q
G2a/40MFNn1a9XnMIAdw3DfPV6bTIi/LJaCCU//OFhuiPyONXuMtdCRkoA9tKHlZ
fGZ70AlLG82yJ+2BLLuvxmapmq0OFZQm+nobw0c7lZP8PWCekK6QYVREkDvn42DD
snO5gItiQIgLfW6zqq6kEXn3thBSFEFuizGprhLhnEJs+zDJ50CTs4I2QquGBdVn
Crtyp83Kf9TnaDs0VK0u/bYXjyDx82IZEIERf05La8wS3RprC7fAqAqTQ2BF2u57
2/6B7QvD8nFxYQszU1KUsaTfzRyVziAXC/t5XmMrOtZsWbimKd/o6rt0EsmNXl5R
S/GLJSqhIODLzpf1LclapRzA4JqXHpZ1JG2mr8ohKawouLvvXU39yHMOrnVaWL/S
75ZzcbKwNfnXe6lh8o7g6Ryq+5wRQpTBdEquzrPZod6uiM0Y6QgCOeDwTfpgpdXt
6JF7x75oPEW+Q5ZFvEuopzXCslIbHyycgFmlGNrYn6T0vQ5r3mYjPAtm14S0Yl0D
Dw1ykmqcLFAb6YQUKoSEJG8wPnrR6mYE1643ZQJtbgo5Grgrxd8a3+TJNhU0h4oP
1aMEG0DJFtBV6TSUojZYDwQ+pmWTp2wWyECUUkoFUeHU2oGUzEmUfj6DK3Ewh8mQ
zjUtiYN6yq68u0Y51MOIe2UrP/PjGO+EM7fmQc3oR/hA80+8LHXInEeMc3B6iLH1
MwkrslbSSaynD8bAoO9rQyvWCrwSJwjdGWYd/bPpEXILDkDhqD+E/7cJkSU2CJp9
SWrFm34IStVMGOkqRn0X4Q4Ml+RilgQy/0Nr7CQeODjHJJC6LdqePj8AMphZtWNo
QjI0ysctUJ9AZfy+xfdyxT/66kmisQFeRrYe9t9C1AEz7wQhTXTc/nPB0071JL+h
pcTVywqRPwLD+Dy4qpGc1Ocb355ieIJGi72rVieYCK5clohPeex/iM3Ay+yuhVfM
h/MS2oKaJi5M1HzOfNI/DLlEDtGHmbla12W9wWJGyQ+HKtNO2uFHgE1aRY3Exyev
E9jUDO7KUBwKutQVpvLiX0w8ftAx6QPu/7VZ8jVar9P2kIfijtIghBcPP+/Xb2/R
+OxXjwZrpJSanR8KVMxk1Gtp9dFrry2mtpMpPDqIat7Gj+/YBMov05M7Tk1arrYM
N29MylzYEaJj4+2apMzo3/TW53ld3mc4idVLNavAcCq+t6DZWdbUTkpUpNTMBEmC
ZZ+BOyQMqekM9Lo4My0XvairkmHSmRnQJND0MEc+C547z8vRFHYGo7WGFeaZXEo1
KHH+s1BFMEZFkJZPbuPuSXf+tNEfXjofMIBTUMMLv4MR1OwstDCDo95J6PvMr3/j
8mMJ6F85kkGpj5QfxP5liQhWrMiXJMEAaoZ84eGefeDMWWmiEANl+soCS/MKRYx4
DBWreg5EvXuC9wQM55UOe/DBRmK61WjOXmTuSAf3uxa4R3TjsJPny5U84s44Dq9B
1jN1hHKFLhAppgWqnGDfkp7cmsf5v600Fcn41lE4QMeDTrQMcYUseRv64uDQQI64
+mOaQ/5x26QFBFi7cyc/LkJwLfbQ7+OXgwYRlG1Z78Tx4vx/b3LfTltmSR+93hLW
x5k/sc/xt9nEUwYvqo5fv1pRU0FOJEuHueIz6ZBCjZPcYflm3Yiwzmip5CHf9Tvw
ycysCQUiTfM+oENgq9i6tFbCaOx80R+W6ckRgmXiCmDd6pKnfzZuIa/ODD7zQBh6
AiaXP+oXUEJe7qU8un0wyQ==
-----END ENCRYPTED PRIVATE KEY-----
</key>
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-serve
ns-cert-type server
# If a tls-auth key is used on the server
# then every client must also have the key.
#
# Don't forget to set the 'key-direction' Parameter if using
# Inline Key. Usualy , sever has key direction '0', while client
# has ke direction '1'.
#
key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
c1bb483e19d6c90def9e3b3054725c26
83dad3473e46c324617f10954a9ef0c0
04d3e53c787043db4b2f0c0f55d38928
13ccfe3325bdc2a12294ee4a6eee14e1
301e57912bdb03502032b97dd30fa67a
6f7f2af6759ed4a6f7d32e863417c38f
d0d29d7c1c2aea2b60c273878919c815
220984a3a5e996a8ad9e01bc5595b87c
2e60411d8d44f0769ed53afff6259395
112f2218b859ce5ae46542be229ec2aa
ab78338e1db08e5765571faf096fb5d3
ebf22fc761cd3a70ef97c4cb20dd1778
830a8b2b1463e8101825003181e8e188
74dd61d43462ef4f8271c68c5aebdb07
a4300e941ab9bfbdb5f34f23442222b8
7c5b89d7e9ff18e1367af366abf53c3d
-----END OpenVPN Static key V1-----
</tls-auth>
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
cipher AES-256-CBC
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
comp-lzo
# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 1
# Setting 'pull' on the client takes care to get the 'push' durectives
# from the server
pull

18
MBR/openvpn/home/crl.pem Normal file
View File

@ -0,0 +1,18 @@
-----BEGIN X509 CRL-----
MIIC/DCB5TANBgkqhkiG9w0BAQsFADCBtTELMAkGA1UEBhMCREUxDzANBgNVBAgT
BkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNV
BAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1NQlIxEDAOBgNVBCkT
B1ZQTiBNQlIxNDAyBgkqhkiG9w0BCQEWJWNrdWJ1LWFkbS5vb3Blbi5kZUBja3Vi
dS1hZG0ub29wZW4uZGUXDTE3MTIxODIwMzA0NFoXDTQ5MTIxODIwMzA0NFowDQYJ
KoZIhvcNAQELBQADggIBAGlcvnSenmJb68Gw3hLOwZiarTM3jDTvwTvPay3lYUbg
Y9bg1U8ctmfdX89jE1aC1eeD+yxuqy8YebYeHrxXDckQu0mEfXfbqzIXlSAFXqta
KahSofCNCGxBKw71Oa2vZLkZIE2jcmfyGRiZHUqe2RZPGFhz9Brq4yDfkBEwgz0J
Dpej5JKfMsrt1D1bFaATL5OmW/jDSVl9b9vQtBlfXo6LwkRezxuk3e39qctYHmc0
OEk0987lNw9FHfPJ3gBh1hHNui5/yCrKYZbrxInBiTDQIecr4MrV4d+xOyZmotZP
P1XPKtsiHKmvTM824iG7AlaKONmL3E7D4cnKoQGTfTShIAjHeRHvOr3MmKL1RcEk
0xrZXhQ3UjgWC89swD/Jnhoe6stgbzd5FLNxr9CTG02YtsBuTWybasccQCK1NlOK
A4Q+EDuW/gBa8F2n1VrSSxCY9Qx9nCJA+T1XolPDz2tc4lk8iV7KQD9vSnxbABcx
O9k510sqqHQ9w9DWsLp4NEOBIjNUvaki4YD6pUbFxeuNA0NK4swN6u38b5/qNM/S
E7ycFJReHDShp7ldYo0tPBgmC3vA85x5bHB7zMRYGTMFI2BAN9i+Y/fOjqa5VbLP
oNgjoQG/0odzM45YrR9J89dj4C3u9lVmoPi5+OEpLBToIf4cy9R7a/dlFNkZTIJT
-----END X509 CRL-----

1
MBR/openvpn/home/easy-rsa/build-ca Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-ca

1
MBR/openvpn/home/easy-rsa/build-dh Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-dh

1
MBR/openvpn/home/easy-rsa/build-inter Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-inter

1
MBR/openvpn/home/easy-rsa/build-key Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-key

1
MBR/openvpn/home/easy-rsa/build-key-pass Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-key-pass

1
MBR/openvpn/home/easy-rsa/build-key-pkcs12 Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-key-pkcs12

1
MBR/openvpn/home/easy-rsa/build-key-server Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-key-server

1
MBR/openvpn/home/easy-rsa/build-req Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-req

1
MBR/openvpn/home/easy-rsa/build-req-pass Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-req-pass

1
MBR/openvpn/home/easy-rsa/clean-all Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/clean-all

1
MBR/openvpn/home/easy-rsa/inherit-inter Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/inherit-inter

1
MBR/openvpn/home/easy-rsa/list-crl Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/list-crl

268
MBR/openvpn/home/easy-rsa/openssl-0.9.6.cnf Normal file
View File

@ -0,0 +1,268 @@
# For use with easy-rsa version 2.0
#
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = $ENV::KEY_DIR # Where everything is kept
certs = $dir # Where the issued certs are kept
crl_dir = $dir # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir # default place for new certs.
certificate = $dir/ca.crt # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/ca.key # The private key
RANDFILE = $dir/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 3650 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = sha256 # which md to use.
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
####################################################################
[ req ]
default_bits = $ENV::KEY_SIZE
default_keyfile = privkey.pem
default_md = sha256
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString.
# utf8only: only UTF8Strings.
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
# so use this option with caution!
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = $ENV::KEY_COUNTRY
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = $ENV::KEY_PROVINCE
localityName = Locality Name (eg, city)
localityName_default = $ENV::KEY_CITY
0.organizationName = Organization Name (eg, company)
0.organizationName_default = $ENV::KEY_ORG
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
emailAddress = Email Address
emailAddress_default = $ENV::KEY_EMAIL
emailAddress_max = 40
# JY -- added for batch mode
organizationalUnitName_default = $ENV::KEY_OU
commonName_default = $ENV::KEY_CN
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "Easy-RSA Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=clientAuth
keyUsage = digitalSignature
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
subjectAltName=$ENV::KEY_ALTNAMES
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ server ]
# JY ADDED -- Make a cert with nsCertType set to "server"
basicConstraints=CA:FALSE
nsCertType = server
nsComment = "Easy-RSA Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=serverAuth
keyUsage = digitalSignature, keyEncipherment
subjectAltName=$ENV::KEY_ALTNAMES
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always

293
MBR/openvpn/home/easy-rsa/openssl-0.9.8.cnf Normal file
View File

@ -0,0 +1,293 @@
# For use with easy-rsa version 2.0
#
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
openssl_conf = openssl_init
[ openssl_init ]
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
engines = engine_section
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = $ENV::KEY_DIR # Where everything is kept
certs = $dir # Where the issued certs are kept
crl_dir = $dir # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir # default place for new certs.
certificate = $dir/ca.crt # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/ca.key # The private key
RANDFILE = $dir/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 3650 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = sha256 # which md to use.
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
####################################################################
[ req ]
default_bits = $ENV::KEY_SIZE
default_keyfile = privkey.pem
default_md = sha256
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString.
# utf8only: only UTF8Strings.
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
# so use this option with caution!
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = $ENV::KEY_COUNTRY
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = $ENV::KEY_PROVINCE
localityName = Locality Name (eg, city)
localityName_default = $ENV::KEY_CITY
0.organizationName = Organization Name (eg, company)
0.organizationName_default = $ENV::KEY_ORG
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
name = Name
name_max = 64
emailAddress = Email Address
emailAddress_default = $ENV::KEY_EMAIL
emailAddress_max = 40
# JY -- added for batch mode
organizationalUnitName_default = $ENV::KEY_OU
commonName_default = $ENV::KEY_CN
name_default = $ENV::KEY_NAME
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "Easy-RSA Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=clientAuth
keyUsage = digitalSignature
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
subjectAltName=$ENV::KEY_ALTNAMES
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ server ]
# JY ADDED -- Make a cert with nsCertType set to "server"
basicConstraints=CA:FALSE
nsCertType = server
nsComment = "Easy-RSA Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=serverAuth
keyUsage = digitalSignature, keyEncipherment
subjectAltName=$ENV::KEY_ALTNAMES
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always
[ engine_section ]
#
# If you are using PKCS#11
# Install engine_pkcs11 of opensc (www.opensc.org)
# And uncomment the following
# verify that dynamic_path points to the correct location
#
#pkcs11 = pkcs11_section
[ pkcs11_section ]
engine_id = pkcs11
dynamic_path = /usr/lib/engines/engine_pkcs11.so
MODULE_PATH = $ENV::PKCS11_MODULE_PATH
PIN = $ENV::PKCS11_PIN
init = 0

290
MBR/openvpn/home/easy-rsa/openssl-1.0.0.cnf Normal file
View File

@ -0,0 +1,290 @@
# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
openssl_conf = openssl_init
[ openssl_init ]
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
engines = engine_section
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = $ENV::KEY_DIR # Where everything is kept
certs = $dir # Where the issued certs are kept
crl_dir = $dir # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir # default place for new certs.
certificate = $dir/ca.crt # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/ca.key # The private key
RANDFILE = $dir/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
#default_days = 3650 # how long to certify for
default_days = 11688
#default_crl_days= 30 # how long before next CRL
default_crl_days = 11688
default_md = sha256 # use public key default MD
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
####################################################################
[ req ]
default_bits = $ENV::KEY_SIZE
default_keyfile = privkey.pem
default_md = sha256
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString (PKIX recommendation after 2004).
# utf8only: only UTF8Strings (PKIX recommendation after 2004).
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = $ENV::KEY_COUNTRY
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = $ENV::KEY_PROVINCE
localityName = Locality Name (eg, city)
localityName_default = $ENV::KEY_CITY
0.organizationName = Organization Name (eg, company)
0.organizationName_default = $ENV::KEY_ORG
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
name = Name
name_max = 64
emailAddress = Email Address
emailAddress_default = $ENV::KEY_EMAIL
emailAddress_max = 40
# JY -- added for batch mode
organizationalUnitName_default = $ENV::KEY_OU
commonName_default = $ENV::KEY_CN
name_default = $ENV::KEY_NAME
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "Easy-RSA Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=clientAuth
keyUsage = digitalSignature
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
subjectAltName=$ENV::KEY_ALTNAMES
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ server ]
# JY ADDED -- Make a cert with nsCertType set to "server"
basicConstraints=CA:FALSE
nsCertType = server
nsComment = "Easy-RSA Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=serverAuth
keyUsage = digitalSignature, keyEncipherment
subjectAltName=$ENV::KEY_ALTNAMES
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always
[ engine_section ]
#
# If you are using PKCS#11
# Install engine_pkcs11 of opensc (www.opensc.org)
# And uncomment the following
# verify that dynamic_path points to the correct location
#
#pkcs11 = pkcs11_section
[ pkcs11_section ]
engine_id = pkcs11
dynamic_path = /usr/lib/engines/engine_pkcs11.so
MODULE_PATH = $ENV::PKCS11_MODULE_PATH
PIN = $ENV::PKCS11_PIN
init = 0

288
MBR/openvpn/home/easy-rsa/openssl-1.0.0.cnf.ORIG Normal file
View File

@ -0,0 +1,288 @@
# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
openssl_conf = openssl_init
[ openssl_init ]
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
engines = engine_section
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = $ENV::KEY_DIR # Where everything is kept
certs = $dir # Where the issued certs are kept
crl_dir = $dir # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir # default place for new certs.
certificate = $dir/ca.crt # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/ca.key # The private key
RANDFILE = $dir/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 3650 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = sha256 # use public key default MD
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
####################################################################
[ req ]
default_bits = $ENV::KEY_SIZE
default_keyfile = privkey.pem
default_md = sha256
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString (PKIX recommendation after 2004).
# utf8only: only UTF8Strings (PKIX recommendation after 2004).
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = $ENV::KEY_COUNTRY
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = $ENV::KEY_PROVINCE
localityName = Locality Name (eg, city)
localityName_default = $ENV::KEY_CITY
0.organizationName = Organization Name (eg, company)
0.organizationName_default = $ENV::KEY_ORG
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
name = Name
name_max = 64
emailAddress = Email Address
emailAddress_default = $ENV::KEY_EMAIL
emailAddress_max = 40
# JY -- added for batch mode
organizationalUnitName_default = $ENV::KEY_OU
commonName_default = $ENV::KEY_CN
name_default = $ENV::KEY_NAME
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "Easy-RSA Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=clientAuth
keyUsage = digitalSignature
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
subjectAltName=$ENV::KEY_ALTNAMES
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ server ]
# JY ADDED -- Make a cert with nsCertType set to "server"
basicConstraints=CA:FALSE
nsCertType = server
nsComment = "Easy-RSA Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=serverAuth
keyUsage = digitalSignature, keyEncipherment
subjectAltName=$ENV::KEY_ALTNAMES
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always
[ engine_section ]
#
# If you are using PKCS#11
# Install engine_pkcs11 of opensc (www.opensc.org)
# And uncomment the following
# verify that dynamic_path points to the correct location
#
#pkcs11 = pkcs11_section
[ pkcs11_section ]
engine_id = pkcs11
dynamic_path = /usr/lib/engines/engine_pkcs11.so
MODULE_PATH = $ENV::PKCS11_MODULE_PATH
PIN = $ENV::PKCS11_PIN
init = 0

1
MBR/openvpn/home/easy-rsa/openssl.cnf Symbolic link
View File

@ -0,0 +1 @@
/etc/openvpn/home/easy-rsa/openssl-1.0.0.cnf

1
MBR/openvpn/home/easy-rsa/pkitool Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/pkitool

1
MBR/openvpn/home/easy-rsa/revoke-full Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/revoke-full

1
MBR/openvpn/home/easy-rsa/sign-req Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/sign-req

96
MBR/openvpn/home/easy-rsa/vars Normal file
View File

@ -0,0 +1,96 @@
# easy-rsa parameter settings
# NOTE: If you installed from an RPM,
# don't edit this file in place in
# /usr/share/openvpn/easy-rsa --
# instead, you should copy the whole
# easy-rsa directory to another location
# (such as /etc/openvpn) so that your
# edits will not be wiped out by a future
# OpenVPN package upgrade.
# This variable should point to
# the top level of the easy-rsa
# tree.
##export EASY_RSA="`pwd`"
export BASE_DIR="/etc/openvpn/home"
export EASY_RSA="$BASE_DIR/easy-rsa"
#
# This variable should point to
# the requested executables
#
export OPENSSL="openssl"
export PKCS11TOOL="pkcs11-tool"
export GREP="grep"
# This variable should point to
# the openssl.cnf file included
# with easy-rsa.
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
# Edit this variable to point to
# your soon-to-be-created key
# directory.
#
# WARNING: clean-all will do
# a rm -rf on this directory
# so make sure you define
# it correctly!
##export KEY_DIR="$EASY_RSA/keys"
export KEY_DIR="$BASE_DIR/keys"
# Issue rm -rf warning
echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
# PKCS11 fixes
export PKCS11_MODULE_PATH="dummy"
export PKCS11_PIN="dummy"
# Increase this to 2048 if you
# are paranoid. This will slow
# down TLS negotiation performance
# as well as the one-time DH parms
# generation process.
##export KEY_SIZE=2048
export KEY_SIZE=4096
# In how many days should the root CA key expire?
##export CA_EXPIRE=3650
export CA_EXPIRE=11688
# In how many days should certificates expire?
##export KEY_EXPIRE=3650
export KEY_EXPIRE=7305
# These are the default values for fields
# which will be placed in the certificate.
# Don't leave any of these fields blank.
##export KEY_COUNTRY="US"
export KEY_COUNTRY="DE"
##export KEY_PROVINCE="CA"
export KEY_PROVINCE="Berlin"
##export KEY_CITY="SanFrancisco"
export KEY_CITY="Berlin"
##export KEY_ORG="Fort-Funston"
export KEY_ORG="O.OPEN"
##export KEY_EMAIL="me@myhost.mydomain"
export KEY_EMAIL="ckubu-adm@oopen.de"
##export KEY_OU="MyOrganizationalUnit"
export KEY_OU="Network Services"
# X509 Subject Field
##export KEY_NAME="EasyRSA"
export KEY_NAME="VPN MBR"
# PKCS11 Smart Card
# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
# export PKCS11_PIN=1234
# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
## export KEY_CN="CommonName"
export KEY_CN="VPN-MBR"
export KEY_ALTNAMES="VPN MBR"

80
MBR/openvpn/home/easy-rsa/vars.2017-12-18-2109 Normal file
View File

@ -0,0 +1,80 @@
# easy-rsa parameter settings
# NOTE: If you installed from an RPM,
# don't edit this file in place in
# /usr/share/openvpn/easy-rsa --
# instead, you should copy the whole
# easy-rsa directory to another location
# (such as /etc/openvpn) so that your
# edits will not be wiped out by a future
# OpenVPN package upgrade.
# This variable should point to
# the top level of the easy-rsa
# tree.
export EASY_RSA="`pwd`"
#
# This variable should point to
# the requested executables
#
export OPENSSL="openssl"
export PKCS11TOOL="pkcs11-tool"
export GREP="grep"
# This variable should point to
# the openssl.cnf file included
# with easy-rsa.
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
# Edit this variable to point to
# your soon-to-be-created key
# directory.
#
# WARNING: clean-all will do
# a rm -rf on this directory
# so make sure you define
# it correctly!
export KEY_DIR="$EASY_RSA/keys"
# Issue rm -rf warning
echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
# PKCS11 fixes
export PKCS11_MODULE_PATH="dummy"
export PKCS11_PIN="dummy"
# Increase this to 2048 if you
# are paranoid. This will slow
# down TLS negotiation performance
# as well as the one-time DH parms
# generation process.
export KEY_SIZE=2048
# In how many days should the root CA key expire?
export CA_EXPIRE=3650
# In how many days should certificates expire?
export KEY_EXPIRE=3650
# These are the default values for fields
# which will be placed in the certificate.
# Don't leave any of these fields blank.
export KEY_COUNTRY="US"
export KEY_PROVINCE="CA"
export KEY_CITY="SanFrancisco"
export KEY_ORG="Fort-Funston"
export KEY_EMAIL="me@myhost.mydomain"
export KEY_OU="MyOrganizationalUnit"
# X509 Subject Field
export KEY_NAME="EasyRSA"
# PKCS11 Smart Card
# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
# export PKCS11_PIN=1234
# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
# export KEY_CN="CommonName"

1
MBR/openvpn/home/easy-rsa/whichopensslcnf Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/whichopensslcnf

1
MBR/openvpn/home/ipp.txt Normal file
View File

@ -0,0 +1 @@
VPN-MBR-chris,10.0.112.2

4
MBR/openvpn/home/keys-created.txt Normal file
View File

@ -0,0 +1,4 @@
key...............: chris.key
common name.......: VPN-MBR-chris
password..........: dbddhkpuka.&EadGl15E.

142
MBR/openvpn/home/keys/01.pem Normal file
View File

@ -0,0 +1,142 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-MBR/name=VPN MBR/emailAddress=ckubu-adm.oopen.de@ckubu-adm.oopen.de
Validity
Not Before: Dec 18 20:30:34 2017 GMT
Not After : Dec 18 20:30:34 2037 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-MBR-server/name=VPN MBR/emailAddress=ckubu-adm@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:c6:39:a5:51:7a:27:28:98:2e:bc:42:05:63:21:
36:af:e2:1d:dd:25:17:98:6e:56:af:71:9d:3d:34:
8a:b5:00:76:ea:24:9b:34:66:95:b2:a5:08:96:f6:
48:ae:b6:a1:03:1f:54:90:19:d4:a3:62:74:28:ce:
ed:32:d2:e1:c5:81:7e:e2:fe:bc:b5:ee:3d:8f:50:
1e:0d:ad:19:d4:e2:bb:2e:5d:dc:ef:99:82:04:12:
31:ee:da:fa:b8:6a:dd:1f:3d:fd:ab:ec:88:46:a2:
e1:ae:1d:14:97:ce:a0:fc:18:f8:e0:b1:dd:37:a0:
77:e7:e4:12:93:a0:a7:7b:96:f4:ef:97:ce:93:0f:
6a:0e:b8:f7:0c:f7:7a:e0:e5:ac:5f:9c:bb:1d:0d:
25:e6:ca:d9:72:c0:97:20:86:e8:d0:1b:9a:66:f7:
e7:47:f5:8a:b9:65:5a:cc:a1:16:f5:1b:b0:7f:8f:
76:77:01:57:78:0a:59:47:54:76:cc:f2:7b:d0:16:
aa:56:b5:92:41:d2:2f:6d:67:6c:5d:b8:9a:39:54:
2c:fa:d9:f5:8c:43:59:9f:a7:2f:74:42:94:0c:8f:
56:fd:38:3e:3d:20:48:73:8f:b5:6d:73:8b:3d:61:
7f:64:a3:fe:bd:6b:eb:9f:0b:ea:93:c2:12:0d:19:
43:30:c4:f3:34:63:6e:9c:52:e1:f1:c3:b0:be:66:
d2:81:16:33:a9:a0:35:23:da:3b:b6:d7:3d:77:a8:
a8:f7:79:67:ea:30:9c:55:3c:85:91:ae:3a:e8:6b:
23:e5:54:ef:70:11:32:9b:8d:cf:f4:a3:c3:a8:54:
ab:d3:6c:73:7a:c1:84:f0:a4:95:0c:8c:77:1d:a6:
a3:21:3e:4f:69:3d:d7:91:7d:ba:e0:41:ec:56:ed:
4e:b5:e5:ed:16:ca:df:bf:72:81:b0:0b:b8:73:f8:
59:8d:db:fe:46:be:35:d6:f6:f4:ac:4a:ca:49:a8:
d6:d4:c4:ec:4f:b2:61:4c:16:0d:20:9b:0d:92:96:
3f:a3:73:7d:a1:7c:30:a9:34:1f:95:3d:38:72:48:
04:b1:2a:8e:30:4b:ba:00:7f:d8:0c:a3:d3:ea:59:
6b:86:f1:03:5c:01:a4:d7:14:4b:1e:4a:be:18:c1:
24:64:26:52:56:5f:16:9e:c7:86:f3:9d:3b:50:cc:
74:e6:4c:f8:00:3c:0b:51:33:31:dd:6e:7d:44:93:
c3:3a:37:5f:17:78:7b:5f:41:21:25:d3:8c:ed:87:
31:1e:6f:14:e3:14:a2:68:67:52:6e:f4:6d:de:44:
63:d5:95:17:5c:a1:db:ff:de:2a:ee:4d:2c:be:c7:
df:8f:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Server
Netscape Comment:
Easy-RSA Generated Server Certificate
X509v3 Subject Key Identifier:
28:1E:56:DA:FB:5A:AE:0A:7D:40:8B:44:68:5C:AA:1E:30:D0:52:74
X509v3 Authority Key Identifier:
keyid:0F:C9:95:B0:9A:A3:4B:7D:4A:8C:06:B8:F8:C7:E6:1A:19:2A:24:3A
DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-MBR/name=VPN MBR/emailAddress=ckubu-adm.oopen.de@ckubu-adm.oopen.de
serial:95:42:A1:61:11:C9:98:C0
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Subject Alternative Name:
DNS:server
Signature Algorithm: sha256WithRSAEncryption
8d:75:14:4f:4e:81:35:96:11:3c:25:05:fa:4f:8a:71:f7:45:
2a:37:31:63:ee:6f:5e:18:98:0a:bd:cd:60:dc:01:2d:18:24:
f7:3f:f3:ce:fd:cc:1e:4d:bb:51:10:1d:b7:0a:fd:f6:bb:fd:
b7:79:cd:e0:36:2f:6e:9d:cb:3a:00:a7:ca:bf:49:34:3f:ed:
e3:da:c9:27:0f:38:67:e1:33:49:69:53:f1:44:4c:99:92:67:
e0:f3:d1:17:62:ea:3b:c9:30:14:07:f2:92:f9:87:30:62:51:
80:48:0c:e2:12:f7:88:84:71:e0:1c:cb:f2:f4:1d:a2:06:fa:
11:f6:31:7e:21:94:7b:7e:c7:2b:b8:96:e9:88:96:9c:f1:e8:
d7:2f:2d:93:c4:d5:8d:a7:15:54:28:a7:23:07:08:01:16:ee:
f1:d4:e2:5d:e5:7a:40:c0:15:44:70:6f:da:98:c7:20:24:c6:
50:f7:f6:13:1f:f2:d7:11:ac:8d:ca:04:1b:61:01:b3:0a:49:
4f:53:00:9a:4a:36:38:57:b6:c0:d9:bf:22:0d:2d:e3:da:7f:
f2:bb:7a:cd:ec:52:7c:38:68:b6:33:3b:f8:e4:12:6d:ef:90:
6d:b6:99:21:7b:30:a0:53:c0:09:f5:02:8c:88:ab:11:99:d1:
a1:b0:c5:eb:4b:f5:12:11:d6:b9:ee:62:25:b4:a2:bf:7e:37:
a8:4d:f1:5b:8e:f4:f8:02:9e:12:7c:4a:37:f4:f0:27:ea:94:
68:38:43:d7:d7:a9:3e:ef:f0:23:e9:a9:83:1c:c6:cb:0d:21:
15:b3:02:bd:0b:b7:44:ee:af:ac:3d:0f:72:4f:5d:43:1e:13:
96:fc:79:54:9e:f5:3d:56:21:1a:a3:52:89:e7:89:e1:5a:e2:
f2:ae:8e:b2:a3:fe:18:f9:7e:0d:35:75:a7:82:3c:51:fa:c9:
05:73:e1:ae:4a:76:d0:3c:36:e4:3c:24:3a:58:24:e0:7c:dc:
ec:3f:0b:b7:fa:68:53:03:b2:21:28:c6:57:4a:85:8f:19:91:
f2:6e:31:c3:1f:12:fd:67:72:d3:d3:3b:0b:2f:cc:c8:3a:c9:
ac:13:c5:51:eb:a5:7a:87:e3:4d:21:ba:c9:41:29:0c:78:5d:
5b:04:96:d3:0b:2e:75:db:2a:9d:fe:57:1c:7e:03:10:6b:30:
e9:c3:d7:6a:95:4b:65:48:4c:2f:62:d6:9d:36:02:a3:05:a0:
b4:f0:fa:c4:74:10:32:06:d5:a8:d7:be:b6:8e:b4:7d:b7:3f:
3e:01:45:50:25:e8:7d:51:da:5e:22:17:8d:1a:5f:4a:a4:7e:
e9:53:58:cd:30:11:0a:af
-----BEGIN CERTIFICATE-----
MIIHdjCCBV6gAwIBAgIBATANBgkqhkiG9w0BAQsFADCBtTELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1NQlIx
EDAOBgNVBCkTB1ZQTiBNQlIxNDAyBgkqhkiG9w0BCQEWJWNrdWJ1LWFkbS5vb3Bl
bi5kZUBja3VidS1hZG0ub29wZW4uZGUwHhcNMTcxMjE4MjAzMDM0WhcNMzcxMjE4
MjAzMDM0WjCBqTELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UE
BxMGQmVybGluMQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2Vy
dmljZXMxFzAVBgNVBAMTDlZQTi1NQlItc2VydmVyMRAwDgYDVQQpEwdWUE4gTUJS
MSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGUwggIiMA0GCSqGSIb3
DQEBAQUAA4ICDwAwggIKAoICAQDGOaVReicomC68QgVjITav4h3dJReYblavcZ09
NIq1AHbqJJs0ZpWypQiW9kiutqEDH1SQGdSjYnQozu0y0uHFgX7i/ry17j2PUB4N
rRnU4rsuXdzvmYIEEjHu2vq4at0fPf2r7IhGouGuHRSXzqD8GPjgsd03oHfn5BKT
oKd7lvTvl86TD2oOuPcM93rg5axfnLsdDSXmytlywJcghujQG5pm9+dH9Yq5ZVrM
oRb1G7B/j3Z3AVd4CllHVHbM8nvQFqpWtZJB0i9tZ2xduJo5VCz62fWMQ1mfpy90
QpQMj1b9OD49IEhzj7Vtc4s9YX9ko/69a+ufC+qTwhINGUMwxPM0Y26cUuHxw7C+
ZtKBFjOpoDUj2ju21z13qKj3eWfqMJxVPIWRrjroayPlVO9wETKbjc/0o8OoVKvT
bHN6wYTwpJUMjHcdpqMhPk9pPdeRfbrgQexW7U615e0Wyt+/coGwC7hz+FmN2/5G
vjXW9vSsSspJqNbUxOxPsmFMFg0gmw2Slj+jc32hfDCpNB+VPThySASxKo4wS7oA
f9gMo9PqWWuG8QNcAaTXFEseSr4YwSRkJlJWXxaex4bznTtQzHTmTPgAPAtRMzHd
bn1Ek8M6N18XeHtfQSEl04zthzEebxTjFKJoZ1Ju9G3eRGPVlRdcodv/3iruTSy+
x9+P2wIDAQABo4IBmTCCAZUwCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCBkAw
NAYJYIZIAYb4QgENBCcWJUVhc3ktUlNBIEdlbmVyYXRlZCBTZXJ2ZXIgQ2VydGlm
aWNhdGUwHQYDVR0OBBYEFCgeVtr7Wq4KfUCLRGhcqh4w0FJ0MIHqBgNVHSMEgeIw
gd+AFA/JlbCao0t9SowGuPjH5hoZKiQ6oYG7pIG4MIG1MQswCQYDVQQGEwJERTEP
MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBk8uT1BF
TjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLU1CUjEQ
MA4GA1UEKRMHVlBOIE1CUjE0MDIGCSqGSIb3DQEJARYlY2t1YnUtYWRtLm9vcGVu
LmRlQGNrdWJ1LWFkbS5vb3Blbi5kZYIJAJVCoWERyZjAMBMGA1UdJQQMMAoGCCsG
AQUFBwMBMAsGA1UdDwQEAwIFoDARBgNVHREECjAIggZzZXJ2ZXIwDQYJKoZIhvcN
AQELBQADggIBAI11FE9OgTWWETwlBfpPinH3RSo3MWPub14YmAq9zWDcAS0YJPc/
8879zB5Nu1EQHbcK/fa7/bd5zeA2L26dyzoAp8q/STQ/7ePayScPOGfhM0lpU/FE
TJmSZ+Dz0Rdi6jvJMBQH8pL5hzBiUYBIDOIS94iEceAcy/L0HaIG+hH2MX4hlHt+
xyu4lumIlpzx6NcvLZPE1Y2nFVQopyMHCAEW7vHU4l3lekDAFURwb9qYxyAkxlD3
9hMf8tcRrI3KBBthAbMKSU9TAJpKNjhXtsDZvyINLePaf/K7es3sUnw4aLYzO/jk
Em3vkG22mSF7MKBTwAn1AoyIqxGZ0aGwxetL9RIR1rnuYiW0or9+N6hN8VuO9PgC
nhJ8Sjf08CfqlGg4Q9fXqT7v8CPpqYMcxssNIRWzAr0Lt0Tur6w9D3JPXUMeE5b8
eVSe9T1WIRqjUonnieFa4vKujrKj/hj5fg01daeCPFH6yQVz4a5KdtA8NuQ8JDpY
JOB83Ow/C7f6aFMDsiEoxldKhY8ZkfJuMcMfEv1nctPTOwsvzMg6yawTxVHrpXqH
400huslBKQx4XVsEltMLLnXbKp3+Vxx+AxBrMOnD12qVS2VITC9i1p02AqMFoLTw
+sR0EDIG1ajXvraOtH23Pz4BRVAl6H1R2l4iF40aX0qkfulTWM0wEQqv
-----END CERTIFICATE-----

140
MBR/openvpn/home/keys/02.pem Normal file
View File

@ -0,0 +1,140 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-MBR/name=VPN MBR/emailAddress=ckubu-adm.oopen.de@ckubu-adm.oopen.de
Validity
Not Before: Dec 18 23:41:27 2017 GMT
Not After : Dec 18 23:41:27 2037 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-MBR-chris/name=VPN MBR/emailAddress=ckubu-adm@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:c4:2d:3d:bd:1f:b1:c5:b2:f5:ec:76:00:80:99:
9c:0d:b2:6c:81:d5:7c:43:db:b1:4a:76:e0:55:1d:
b7:a8:59:f6:62:05:ed:ca:96:28:3d:34:ba:30:54:
71:d4:41:73:d2:bf:be:ad:f0:76:3c:13:0b:da:72:
46:6b:05:7e:72:38:f8:41:37:49:af:30:34:1b:58:
03:f2:bc:80:83:ed:7b:68:d1:94:38:91:b3:04:63:
1f:24:00:33:b2:02:cd:4c:f5:51:c7:ea:98:8f:20:
9b:dc:73:d6:21:22:e8:55:8d:0d:d7:0f:5e:ac:04:
99:62:08:72:7d:53:3f:1f:50:aa:74:f4:73:b2:7e:
30:db:3b:1b:5b:9a:6a:a9:45:8a:d9:4a:81:3a:4c:
03:20:a2:fb:d3:32:f8:dd:1e:5f:19:8c:4f:f9:79:
3b:23:32:c8:2b:6d:9d:19:33:cb:62:36:23:f7:61:
a3:23:5f:36:4d:1f:13:89:46:c2:9c:d9:53:3f:a0:
59:76:60:c5:33:43:67:e5:da:11:c9:7c:e2:4c:b1:
fc:6d:52:58:c4:0e:7b:d5:b6:d6:d8:16:0e:d9:2b:
5e:ec:95:cb:7a:a3:cd:cd:9c:b1:26:71:a0:0f:da:
86:6a:b1:6f:ed:69:12:78:24:d7:0b:ee:17:6c:b9:
ff:04:9a:e0:6f:92:8e:04:b2:d3:3e:a4:7b:28:12:
61:b4:3d:20:8c:7d:64:ac:c7:33:18:28:cb:7d:1a:
12:84:88:60:9d:cb:2a:92:19:7e:ef:3a:d0:cf:8b:
32:e8:73:94:a7:65:00:38:f9:32:91:0b:de:23:9a:
c4:25:25:25:ca:bc:8f:e5:43:a2:09:89:d7:ec:59:
6a:e0:b4:c3:ed:5b:3a:2d:be:d3:3d:86:a7:5e:ac:
ef:8c:d5:15:50:89:aa:b3:79:25:61:4f:e3:46:7b:
a6:05:4f:6f:c2:62:7e:88:25:13:2a:22:fa:30:2c:
69:9f:3b:ab:8a:d5:1c:90:a2:fc:b2:9e:bf:c1:06:
8f:6d:0f:00:56:9c:4b:6c:82:ce:e6:ed:2d:4c:80:
e0:32:7f:e1:a1:48:97:83:07:de:63:b9:a0:c3:ec:
f6:14:34:e8:b6:f3:60:88:c3:6e:1f:1b:51:37:33:
16:73:e1:91:96:bb:3c:70:27:13:98:f0:17:7e:bf:
6a:23:fd:8a:9a:d3:b4:c0:44:bc:92:7a:b0:a8:e5:
0b:fb:cf:3e:4d:b2:ef:d3:1c:d9:66:f2:36:5a:76:
a8:08:84:b6:68:a7:9d:98:bb:a9:8f:f8:f7:97:8f:
36:fe:56:98:6e:94:61:02:0d:c1:57:ec:da:fc:5b:
14:21:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
F6:FC:53:72:6F:92:07:17:BE:D4:84:A7:2E:90:B7:3F:1E:EB:F9:34
X509v3 Authority Key Identifier:
keyid:0F:C9:95:B0:9A:A3:4B:7D:4A:8C:06:B8:F8:C7:E6:1A:19:2A:24:3A
DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-MBR/name=VPN MBR/emailAddress=ckubu-adm.oopen.de@ckubu-adm.oopen.de
serial:95:42:A1:61:11:C9:98:C0
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:chris
Signature Algorithm: sha256WithRSAEncryption
47:eb:e5:f1:3a:0d:74:0d:0a:21:df:a2:7d:a8:08:34:7a:73:
38:c7:c5:94:19:24:15:52:e1:64:67:28:42:9f:87:25:5e:48:
f7:bc:d2:b7:8d:58:6e:8c:eb:c2:8e:89:9e:3b:f7:c1:7f:ef:
63:3a:93:97:fa:14:ad:3f:60:8c:08:41:a8:cc:bd:08:48:0c:
cf:2c:41:32:5e:b2:b3:66:2a:74:18:91:0c:2e:ac:4a:44:98:
d2:ad:01:b9:9f:30:1e:6b:ef:cf:29:a5:af:08:cd:5c:89:1d:
93:56:db:62:dc:f1:f4:fe:35:ec:ae:b7:15:2a:13:98:80:7c:
79:53:54:22:85:f8:c6:eb:0c:f3:43:42:01:1f:b5:8e:74:b2:
16:83:7a:0a:ba:e7:40:0e:4b:d7:71:af:c8:f6:65:ec:73:18:
ee:00:0d:2a:95:1c:3e:4a:a8:d2:f9:e5:b4:88:a1:e2:a6:c3:
11:25:65:50:8c:12:2e:87:0e:e9:ef:50:2d:f9:84:87:a9:f9:
a2:72:6a:48:e4:5d:ad:16:a3:dd:77:58:bd:72:90:9a:5b:b7:
8b:40:17:85:59:10:5d:0d:e6:75:96:e3:63:26:1f:49:73:b7:
d6:eb:ae:02:14:d1:d0:98:be:a7:fc:e7:1c:5e:c5:c5:ce:28:
b6:66:a6:84:57:2f:95:1b:80:bb:86:a2:e6:a3:ec:8c:73:2c:
1c:c2:1b:e9:e2:8a:55:64:c7:43:c8:83:29:c3:ad:79:a2:64:
d7:1e:4a:a9:3b:8a:ab:a6:81:72:62:31:20:56:d9:4e:94:75:
ad:07:d0:b3:ff:46:8d:d2:32:27:01:d5:1c:50:20:ca:61:e2:
5e:3c:66:c7:4e:99:4d:77:6b:00:c2:69:9e:97:0c:64:3d:22:
22:b1:34:f1:43:22:df:f8:d3:b4:4e:33:3c:4e:b9:b4:84:ef:
68:52:ed:9e:5d:5c:af:77:c5:35:74:b4:bc:39:26:45:0e:de:
8c:0e:4d:b2:08:20:85:55:3e:bd:64:3c:50:f2:91:69:be:e1:
a1:65:f2:95:5b:c3:18:b4:11:82:59:90:6c:ce:55:42:02:8b:
4a:50:eb:58:56:c3:e9:f9:c8:da:45:92:66:6b:71:2b:63:2e:
ed:a6:fe:1e:97:e5:59:12:93:b7:bc:54:36:58:4f:59:42:b3:
d4:8e:8d:57:07:8b:e1:66:7e:d2:5e:98:d8:44:f1:95:4c:ea:
0b:29:41:ac:ab:6a:43:8e:25:1a:c3:ef:27:e8:f6:6f:03:39:
38:88:ca:78:49:56:31:bd:9d:cd:92:4b:43:73:b1:e2:93:43:
3e:4f:81:10:74:2b:c6:5d
-----BEGIN CERTIFICATE-----
MIIHWjCCBUKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBtTELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1NQlIx
EDAOBgNVBCkTB1ZQTiBNQlIxNDAyBgkqhkiG9w0BCQEWJWNrdWJ1LWFkbS5vb3Bl
bi5kZUBja3VidS1hZG0ub29wZW4uZGUwHhcNMTcxMjE4MjM0MTI3WhcNMzcxMjE4
MjM0MTI3WjCBqDELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UE
BxMGQmVybGluMQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2Vy
dmljZXMxFjAUBgNVBAMTDVZQTi1NQlItY2hyaXMxEDAOBgNVBCkTB1ZQTiBNQlIx
ITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTCCAiIwDQYJKoZIhvcN
AQEBBQADggIPADCCAgoCggIBAMQtPb0fscWy9ex2AICZnA2ybIHVfEPbsUp24FUd
t6hZ9mIF7cqWKD00ujBUcdRBc9K/vq3wdjwTC9pyRmsFfnI4+EE3Sa8wNBtYA/K8
gIPte2jRlDiRswRjHyQAM7ICzUz1UcfqmI8gm9xz1iEi6FWNDdcPXqwEmWIIcn1T
Px9QqnT0c7J+MNs7G1uaaqlFitlKgTpMAyCi+9My+N0eXxmMT/l5OyMyyCttnRkz
y2I2I/dhoyNfNk0fE4lGwpzZUz+gWXZgxTNDZ+XaEcl84kyx/G1SWMQOe9W21tgW
DtkrXuyVy3qjzc2csSZxoA/ahmqxb+1pEngk1wvuF2y5/wSa4G+SjgSy0z6keygS
YbQ9IIx9ZKzHMxgoy30aEoSIYJ3LKpIZfu860M+LMuhzlKdlADj5MpEL3iOaxCUl
Jcq8j+VDogmJ1+xZauC0w+1bOi2+0z2Gp16s74zVFVCJqrN5JWFP40Z7pgVPb8Ji
foglEyoi+jAsaZ87q4rVHJCi/LKev8EGj20PAFacS2yCzubtLUyA4DJ/4aFIl4MH
3mO5oMPs9hQ06LbzYIjDbh8bUTczFnPhkZa7PHAnE5jwF36/aiP9iprTtMBEvJJ6
sKjlC/vPPk2y79Mc2WbyNlp2qAiEtminnZi7qY/495ePNv5WmG6UYQINwVfs2vxb
FCFNAgMBAAGjggF+MIIBejAJBgNVHRMEAjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5
LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFPb8U3JvkgcXvtSE
py6Qtz8e6/k0MIHqBgNVHSMEgeIwgd+AFA/JlbCao0t9SowGuPjH5hoZKiQ6oYG7
pIG4MIG1MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZC
ZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNl
czEQMA4GA1UEAxMHVlBOLU1CUjEQMA4GA1UEKRMHVlBOIE1CUjE0MDIGCSqGSIb3
DQEJARYlY2t1YnUtYWRtLm9vcGVuLmRlQGNrdWJ1LWFkbS5vb3Blbi5kZYIJAJVC
oWERyZjAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAQBgNVHREE
CTAHggVjaHJpczANBgkqhkiG9w0BAQsFAAOCAgEAR+vl8ToNdA0KId+ifagINHpz
OMfFlBkkFVLhZGcoQp+HJV5I97zSt41Ybozrwo6Jnjv3wX/vYzqTl/oUrT9gjAhB
qMy9CEgMzyxBMl6ys2YqdBiRDC6sSkSY0q0BuZ8wHmvvzymlrwjNXIkdk1bbYtzx
9P417K63FSoTmIB8eVNUIoX4xusM80NCAR+1jnSyFoN6CrrnQA5L13GvyPZl7HMY
7gANKpUcPkqo0vnltIih4qbDESVlUIwSLocO6e9QLfmEh6n5onJqSORdrRaj3XdY
vXKQmlu3i0AXhVkQXQ3mdZbjYyYfSXO31uuuAhTR0Ji+p/znHF7Fxc4otmamhFcv
lRuAu4ai5qPsjHMsHMIb6eKKVWTHQ8iDKcOteaJk1x5KqTuKq6aBcmIxIFbZTpR1
rQfQs/9GjdIyJwHVHFAgymHiXjxmx06ZTXdrAMJpnpcMZD0iIrE08UMi3/jTtE4z
PE65tITvaFLtnl1cr3fFNXS0vDkmRQ7ejA5NsggghVU+vWQ8UPKRab7hoWXylVvD
GLQRglmQbM5VQgKLSlDrWFbD6fnI2kWSZmtxK2Mu7ab+HpflWRKTt7xUNlhPWUKz
1I6NVweL4WZ+0l6Y2ETxlUzqCylBrKtqQ44lGsPvJ+j2bwM5OIjKeElWMb2dzZJL
Q3Ox4pNDPk+BEHQrxl0=
-----END CERTIFICATE-----

40
MBR/openvpn/home/keys/ca.crt Normal file
View File

@ -0,0 +1,40 @@
-----BEGIN CERTIFICATE-----
MIIHDzCCBPegAwIBAgIJAJVCoWERyZjAMA0GCSqGSIb3DQEBCwUAMIG1MQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMH
VlBOLU1CUjEQMA4GA1UEKRMHVlBOIE1CUjE0MDIGCSqGSIb3DQEJARYlY2t1YnUt
YWRtLm9vcGVuLmRlQGNrdWJ1LWFkbS5vb3Blbi5kZTAeFw0xNzEyMTgyMDE0MDJa
Fw00OTEyMTgyMDE0MDJaMIG1MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGlu
MQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0
d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLU1CUjEQMA4GA1UEKRMHVlBOIE1C
UjE0MDIGCSqGSIb3DQEJARYlY2t1YnUtYWRtLm9vcGVuLmRlQGNrdWJ1LWFkbS5v
b3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANUaZu29kklR
KZaXQ2SgHjDribwcLM+XeBDZsrKXIkwYmOHXxX1BcDXhWYeQyJ1n7gyRHZzcSC9u
1NNnYvGMdpcuz9dwXZgBC5zspmyXIRaynlo9xtb44ug7CNoMuLReZB6cLWTbkd47
eQsQOXu+tIy5DvjDxybZaCudLUKfZ3sty64sydqUJZ8cXo1ucdGreB4RLWiI29Dt
ziLtJ0fvkmMLmfvh/RQqWqKYqHQRlMZCZnCghP3oCCZztfylB2iHsp4MZf42rXA4
Q9idVDD8PMu7opzzjgrbUjlJk/Hs6NcM2bjbsCp8/rj/akH6M14W8IJYpuHkgAmU
bCOnPTCcWVjpgF6R5ASXRfbegyNf05BrXQRHtW3Xh94aRrvDzh25aObHnV+P6pnv
8ek1vMSGk9FC1vBomHftqIL6sa+JOevWgK0jFYNungpBezfqDRpf0c/h8OGviN1r
m9s/D6Dc1eSf9vFlPN5faxb+V3xurC3e7/Lh9ZNXqBW4HYd1Da9BQM5vRY/H8ffj
szIrhJ/pTEVKChmBOqvfTuoLHBbiT+XUQcW7C3hKk06rBD9CSIywaC+ctHAtXvEA
Y+0q77VQus1TPcSeGHXShzvv5lEXoMygd786OKF/3ZtT+3YDbk1AeZx49o76hMmP
cWHCRmoWy8t2rHFYshMmPkl7EYlLA/C3AgMBAAGjggEeMIIBGjAdBgNVHQ4EFgQU
D8mVsJqjS31KjAa4+MfmGhkqJDowgeoGA1UdIwSB4jCB34AUD8mVsJqjS31KjAa4
+MfmGhkqJDqhgbukgbgwgbUxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4x
DzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3
b3JrIFNlcnZpY2VzMRAwDgYDVQQDEwdWUE4tTUJSMRAwDgYDVQQpEwdWUE4gTUJS
MTQwMgYJKoZIhvcNAQkBFiVja3VidS1hZG0ub29wZW4uZGVAY2t1YnUtYWRtLm9v
cGVuLmRlggkAlUKhYRHJmMAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC
AgEAV2wqjTAKpWww3jHS/tAMxd6JAjCp1MPV00dHXoez3kHwTw2KlnO0WwtYS4KU
s3+qtOBY35++42hH4U7KCKpjW0w5sTBjw+ql13xh0CueKMvs6T6kVGIBPiyosEE2
VLYeyZf47A/BQSAwNeLKIMxflTBVwqqeaO6bPu6xlfEAwNSmvj/uxKf0mHYCjNSc
Q2KBABU0A+AjvsvuSMec64tvWQA9ty6YZfo/qSRnUkCqISme9IFOWKyuSNGUgbfX
xFK8zcOUqLwvz8OlNHBcLiI4+ue2fy1TrLVyMkJFhllfuGTHpYqDqGJHAl5AocJx
eppXLhUR5xmVXQjn50HTj5GukxZbX+6eUxIpRvydAJ3emU/3g6vS1MygHDGTPb9b
Ovk0mrGS+wlHsx9kmrO3Ge/BULuX/M0qvqWk4w29f5CZy4vcI3l4uhnrFlmp21b7
+EGQQw2+CNyP5CsD+BQlx+5FhthuH+nU85mZkLRIebgNep5O09remcYNka80XFfs
OLXve4/ByQW8iXuxyIlEqv56Bz/H70yug8MI000pZ/DL44+0GnMz7ULP0nAHp3Yd
sU6nFG7fH5cvbw0CMniC+0LBuNzxgUwnoiqj95fvqbseM0LK6YxmblFnD7tCZh4W
Ns4Mjg+3sAI9gmpcFMUU1l+TMV48Xo2FRYwYtW/nz7CIzh0=
-----END CERTIFICATE-----

52
MBR/openvpn/home/keys/ca.key Normal file
View File

@ -0,0 +1,52 @@
-----BEGIN PRIVATE KEY-----
MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQDVGmbtvZJJUSmW
l0NkoB4w64m8HCzPl3gQ2bKylyJMGJjh18V9QXA14VmHkMidZ+4MkR2c3EgvbtTT
Z2LxjHaXLs/XcF2YAQuc7KZslyEWsp5aPcbW+OLoOwjaDLi0XmQenC1k25HeO3kL
EDl7vrSMuQ74w8cm2WgrnS1Cn2d7LcuuLMnalCWfHF6NbnHRq3geES1oiNvQ7c4i
7SdH75JjC5n74f0UKlqimKh0EZTGQmZwoIT96Agmc7X8pQdoh7KeDGX+Nq1wOEPY
nVQw/DzLu6Kc844K21I5SZPx7OjXDNm427AqfP64/2pB+jNeFvCCWKbh5IAJlGwj
pz0wnFlY6YBekeQEl0X23oMjX9OQa10ER7Vt14feGka7w84duWjmx51fj+qZ7/Hp
NbzEhpPRQtbwaJh37aiC+rGviTnr1oCtIxWDbp4KQXs36g0aX9HP4fDhr4jda5vb
Pw+g3NXkn/bxZTzeX2sW/ld8bqwt3u/y4fWTV6gVuB2HdQ2vQUDOb0WPx/H347My
K4Sf6UxFSgoZgTqr307qCxwW4k/l1EHFuwt4SpNOqwQ/QkiMsGgvnLRwLV7xAGPt
Ku+1ULrNUz3Enhh10oc77+ZRF6DMoHe/Ojihf92bU/t2A25NQHmcePaO+oTJj3Fh
wkZqFsvLdqxxWLITJj5JexGJSwPwtwIDAQABAoICAQCD1bGXoo+9i9iOsUWgGu6S
lSTAmy2dv7cntYY3tgghy5XJIhOrSbCBpMgedhOmTYWXgK8xO5XswkQoBO3RQXSc
UvmB7qH4R61Hh5/tzhFKWXZdnZpFo/O8d8kiHHyoGT0XMsdiffPf6CsaDQ+C3pgT
9uisPXIXNqibUsGNVdBPBCXduxelgcFEjehw1sLTU6Eb+MR+xyw2NOgx80U525xU
afj5OvW2Y/1uWcLdC4Neo/V799JOwh1IrI0Jn47VvB1kaYcvnePuaOCQQcS0CVgT
MiGHt6VIUiasCjjckhP59pk7I634mxt6l4jFCGR+8PIZsX6MgTA0vP2pkOzqBc+/
cAudJRzTc8vdQJLjSNMqFabYO/jXkuUzFeIcANR5B5o2Ypw0IN4kJrFqIRQP9+F9
HbjTiiDz1Ss9ITy2oK7LQEIj6/8/19PuAMG3BIGth0E3NlGURofyhcnm07yK8ij3
8uVNQNTuP0DpFQSK0tuYXYFTZrxzzCaFmLyuNruSwe+UVBEZWoNuvia8FCaQcpcy
4RQhWZcfgzA5ZPWj72FoMbJL/Z07mfVnBf2mRnTy9fqdGlH7DGXIk86JPqxL3cf9
cC3zMjciKbezLFSZgpFjEJHSM+AO5ryuvRGvijv6+AwArlTROIgXOsN1aUeFy3fy
pkEcya0cWzKbjv7J8eWeAQKCAQEA+f0mB/AzXlHKj7uLEuGlCg4+Qht/j99BNPY1
GKLfSJ/MuCJkjLQ2J/3JAqlFpxBRpyS+cgfDXl4jMEdwhm8bMqi7VSfiG1d4sb8w
oPMIwuGJ4c95pUMGAtZWuQlgbIRNUiOQYne78OfH1b5liwWYE9Xw9VdQTnlfE299
s4yak5aGYxbSJlJu4hiGPINHnFF10ufcIbd0Fsebo+ci4vwfFhLAD41682CBbwdu
mBK01bMdMF1i01OzcSaq3JzCSH6epUSFkxhxaYe4KqnHQDSjFz/SalP3SsH64FkW
xSSeN66t6o5sXpIdGSCSD7UG4J2qlWcGi8nYHYyQQ4m9M4HuGQKCAQEA2joyXyfK
pt/cN3EXntYecZEpNjAiVdKaGRutca6d1Xzw3KXfwQasfUKeKcsNpgVJDyGecks2
VuyBqBrkGpmkF/Bd0CF7mQ+S2F++GnlS0ch6lmbYbk/853sVNS6rorS8GoWWhBHR
r3pdxRozooymzy62Tk+yt2MiizT3C2S7yos6FT2bnP8MIMlh0BMYspBLXz9R5VGO
f+R5TnYo5z/TjbnYtr+zCoNqDktV/ktNYTA0CKIUoscEN5rT5vB7wf9lFL8IsJ4Y
aG5CR7aKgOAaxhs3VVWYLpGxDzYxzq6tSp4fSV8LsWhe2yxW/fPkzyXbLu+6V0AV
zc12h5Qqv7gPTwKCAQAsJg7vW/ZWc+9oDuDyxrLU4csQ9bZDfFQRvGGIJkt0kfQf
mMNVLgZabbFwLODGLlWdRRn1HXXdVpa0UgmHVFvjSHU9BrwhxALmsTMvWXx0nkwx
euiqzPlkyuGp8AP9ZigZl3pKSYcBdo2OK//W23gOGLxjN7ZRBZJK5me2q+AorG6z
VTZr2icG+vnJ+g1Nh/1c7+GqerGfzESqX4mDuK7swQb2ODA8hxCUwSVA6hzRmL5Q
6k0nsSKBmyiVqYGON/5ghYdpgOmWj4dw0WcE6cbbtkO8z3Ne2n8p29HvoxXmE41X
XSu6T+efpmblKz05sd6MYBOB4HWwUkCwDMVDMXERAoIBAQChDCPSX35JqplM/RQO
bzwmWZdNWzZrmbGJaAiXBeOLAtqKK4u2WuN+yWQJucVHyUzCcvAIrwLaIU4KLlY6
XzpfRE8nYx5gtcKMFhQoW3LISKhXSGze8/7TId1j0x5tQ+4xsHaE3tWdJ7P92rlS
c3RDH9kAcAaXGf0LOLo8WUnRTvA9bqrhsMNViui5cu5eEOje0M7yaj68mXMAeWj0
SAEq7YVGULCjyJnDFMvQj+f6GmW8HUkXW8H7+zH4k27xmzYQmm6iUPn4T65wWAFc
3IZFvx4VxsY5T+GYNUmKmxReJdU3A4KQmVKvcsh8P7qTOP/JYrdk3nF44PFhWvI1
bHM3AoIBAQCVFkb5bJD9EhE+8SALxaDav0q8+R1y6P9EhxtgolXkCn4yVvB9FJMN
8fEq3jblmU7jAjJPToDufif/1OgZWDP9uauY9bguvi8xP07by+8avCg+z1y2nHvY
iIW92BfzIJ/84dDaXCzMM4ONxwVyZvrQJat8ca/aAKtl5PIMfVQX7bI7wNpvrvRl
McyQzkObtRL6Goz704BiuzO+4NIcrMNYC3gtkDErcQQQdMRP1SwbpR8htfR+fj6D
DQ5RNbS5ocAhIpXZc0kNT0a4oW0trlUbVrx6YMOqaxvqbaxJKMHzWQyWsyimeFVC
V+fp94QkDInOyrcavMH+SC1EDT5jgxgZ
-----END PRIVATE KEY-----

140
MBR/openvpn/home/keys/chris.crt Normal file
View File

@ -0,0 +1,140 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-MBR/name=VPN MBR/emailAddress=ckubu-adm.oopen.de@ckubu-adm.oopen.de
Validity
Not Before: Dec 18 23:41:27 2017 GMT
Not After : Dec 18 23:41:27 2037 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-MBR-chris/name=VPN MBR/emailAddress=ckubu-adm@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:c4:2d:3d:bd:1f:b1:c5:b2:f5:ec:76:00:80:99:
9c:0d:b2:6c:81:d5:7c:43:db:b1:4a:76:e0:55:1d:
b7:a8:59:f6:62:05:ed:ca:96:28:3d:34:ba:30:54:
71:d4:41:73:d2:bf:be:ad:f0:76:3c:13:0b:da:72:
46:6b:05:7e:72:38:f8:41:37:49:af:30:34:1b:58:
03:f2:bc:80:83:ed:7b:68:d1:94:38:91:b3:04:63:
1f:24:00:33:b2:02:cd:4c:f5:51:c7:ea:98:8f:20:
9b:dc:73:d6:21:22:e8:55:8d:0d:d7:0f:5e:ac:04:
99:62:08:72:7d:53:3f:1f:50:aa:74:f4:73:b2:7e:
30:db:3b:1b:5b:9a:6a:a9:45:8a:d9:4a:81:3a:4c:
03:20:a2:fb:d3:32:f8:dd:1e:5f:19:8c:4f:f9:79:
3b:23:32:c8:2b:6d:9d:19:33:cb:62:36:23:f7:61:
a3:23:5f:36:4d:1f:13:89:46:c2:9c:d9:53:3f:a0:
59:76:60:c5:33:43:67:e5:da:11:c9:7c:e2:4c:b1:
fc:6d:52:58:c4:0e:7b:d5:b6:d6:d8:16:0e:d9:2b:
5e:ec:95:cb:7a:a3:cd:cd:9c:b1:26:71:a0:0f:da:
86:6a:b1:6f:ed:69:12:78:24:d7:0b:ee:17:6c:b9:
ff:04:9a:e0:6f:92:8e:04:b2:d3:3e:a4:7b:28:12:
61:b4:3d:20:8c:7d:64:ac:c7:33:18:28:cb:7d:1a:
12:84:88:60:9d:cb:2a:92:19:7e:ef:3a:d0:cf:8b:
32:e8:73:94:a7:65:00:38:f9:32:91:0b:de:23:9a:
c4:25:25:25:ca:bc:8f:e5:43:a2:09:89:d7:ec:59:
6a:e0:b4:c3:ed:5b:3a:2d:be:d3:3d:86:a7:5e:ac:
ef:8c:d5:15:50:89:aa:b3:79:25:61:4f:e3:46:7b:
a6:05:4f:6f:c2:62:7e:88:25:13:2a:22:fa:30:2c:
69:9f:3b:ab:8a:d5:1c:90:a2:fc:b2:9e:bf:c1:06:
8f:6d:0f:00:56:9c:4b:6c:82:ce:e6:ed:2d:4c:80:
e0:32:7f:e1:a1:48:97:83:07:de:63:b9:a0:c3:ec:
f6:14:34:e8:b6:f3:60:88:c3:6e:1f:1b:51:37:33:
16:73:e1:91:96:bb:3c:70:27:13:98:f0:17:7e:bf:
6a:23:fd:8a:9a:d3:b4:c0:44:bc:92:7a:b0:a8:e5:
0b:fb:cf:3e:4d:b2:ef:d3:1c:d9:66:f2:36:5a:76:
a8:08:84:b6:68:a7:9d:98:bb:a9:8f:f8:f7:97:8f:
36:fe:56:98:6e:94:61:02:0d:c1:57:ec:da:fc:5b:
14:21:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
F6:FC:53:72:6F:92:07:17:BE:D4:84:A7:2E:90:B7:3F:1E:EB:F9:34
X509v3 Authority Key Identifier:
keyid:0F:C9:95:B0:9A:A3:4B:7D:4A:8C:06:B8:F8:C7:E6:1A:19:2A:24:3A
DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-MBR/name=VPN MBR/emailAddress=ckubu-adm.oopen.de@ckubu-adm.oopen.de
serial:95:42:A1:61:11:C9:98:C0
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:chris
Signature Algorithm: sha256WithRSAEncryption
47:eb:e5:f1:3a:0d:74:0d:0a:21:df:a2:7d:a8:08:34:7a:73:
38:c7:c5:94:19:24:15:52:e1:64:67:28:42:9f:87:25:5e:48:
f7:bc:d2:b7:8d:58:6e:8c:eb:c2:8e:89:9e:3b:f7:c1:7f:ef:
63:3a:93:97:fa:14:ad:3f:60:8c:08:41:a8:cc:bd:08:48:0c:
cf:2c:41:32:5e:b2:b3:66:2a:74:18:91:0c:2e:ac:4a:44:98:
d2:ad:01:b9:9f:30:1e:6b:ef:cf:29:a5:af:08:cd:5c:89:1d:
93:56:db:62:dc:f1:f4:fe:35:ec:ae:b7:15:2a:13:98:80:7c:
79:53:54:22:85:f8:c6:eb:0c:f3:43:42:01:1f:b5:8e:74:b2:
16:83:7a:0a:ba:e7:40:0e:4b:d7:71:af:c8:f6:65:ec:73:18:
ee:00:0d:2a:95:1c:3e:4a:a8:d2:f9:e5:b4:88:a1:e2:a6:c3:
11:25:65:50:8c:12:2e:87:0e:e9:ef:50:2d:f9:84:87:a9:f9:
a2:72:6a:48:e4:5d:ad:16:a3:dd:77:58:bd:72:90:9a:5b:b7:
8b:40:17:85:59:10:5d:0d:e6:75:96:e3:63:26:1f:49:73:b7:
d6:eb:ae:02:14:d1:d0:98:be:a7:fc:e7:1c:5e:c5:c5:ce:28:
b6:66:a6:84:57:2f:95:1b:80:bb:86:a2:e6:a3:ec:8c:73:2c:
1c:c2:1b:e9:e2:8a:55:64:c7:43:c8:83:29:c3:ad:79:a2:64:
d7:1e:4a:a9:3b:8a:ab:a6:81:72:62:31:20:56:d9:4e:94:75:
ad:07:d0:b3:ff:46:8d:d2:32:27:01:d5:1c:50:20:ca:61:e2:
5e:3c:66:c7:4e:99:4d:77:6b:00:c2:69:9e:97:0c:64:3d:22:
22:b1:34:f1:43:22:df:f8:d3:b4:4e:33:3c:4e:b9:b4:84:ef:
68:52:ed:9e:5d:5c:af:77:c5:35:74:b4:bc:39:26:45:0e:de:
8c:0e:4d:b2:08:20:85:55:3e:bd:64:3c:50:f2:91:69:be:e1:
a1:65:f2:95:5b:c3:18:b4:11:82:59:90:6c:ce:55:42:02:8b:
4a:50:eb:58:56:c3:e9:f9:c8:da:45:92:66:6b:71:2b:63:2e:
ed:a6:fe:1e:97:e5:59:12:93:b7:bc:54:36:58:4f:59:42:b3:
d4:8e:8d:57:07:8b:e1:66:7e:d2:5e:98:d8:44:f1:95:4c:ea:
0b:29:41:ac:ab:6a:43:8e:25:1a:c3:ef:27:e8:f6:6f:03:39:
38:88:ca:78:49:56:31:bd:9d:cd:92:4b:43:73:b1:e2:93:43:
3e:4f:81:10:74:2b:c6:5d
-----BEGIN CERTIFICATE-----
MIIHWjCCBUKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBtTELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1NQlIx
EDAOBgNVBCkTB1ZQTiBNQlIxNDAyBgkqhkiG9w0BCQEWJWNrdWJ1LWFkbS5vb3Bl
bi5kZUBja3VidS1hZG0ub29wZW4uZGUwHhcNMTcxMjE4MjM0MTI3WhcNMzcxMjE4
MjM0MTI3WjCBqDELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UE
BxMGQmVybGluMQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2Vy
dmljZXMxFjAUBgNVBAMTDVZQTi1NQlItY2hyaXMxEDAOBgNVBCkTB1ZQTiBNQlIx
ITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTCCAiIwDQYJKoZIhvcN
AQEBBQADggIPADCCAgoCggIBAMQtPb0fscWy9ex2AICZnA2ybIHVfEPbsUp24FUd
t6hZ9mIF7cqWKD00ujBUcdRBc9K/vq3wdjwTC9pyRmsFfnI4+EE3Sa8wNBtYA/K8
gIPte2jRlDiRswRjHyQAM7ICzUz1UcfqmI8gm9xz1iEi6FWNDdcPXqwEmWIIcn1T
Px9QqnT0c7J+MNs7G1uaaqlFitlKgTpMAyCi+9My+N0eXxmMT/l5OyMyyCttnRkz
y2I2I/dhoyNfNk0fE4lGwpzZUz+gWXZgxTNDZ+XaEcl84kyx/G1SWMQOe9W21tgW
DtkrXuyVy3qjzc2csSZxoA/ahmqxb+1pEngk1wvuF2y5/wSa4G+SjgSy0z6keygS
YbQ9IIx9ZKzHMxgoy30aEoSIYJ3LKpIZfu860M+LMuhzlKdlADj5MpEL3iOaxCUl
Jcq8j+VDogmJ1+xZauC0w+1bOi2+0z2Gp16s74zVFVCJqrN5JWFP40Z7pgVPb8Ji
foglEyoi+jAsaZ87q4rVHJCi/LKev8EGj20PAFacS2yCzubtLUyA4DJ/4aFIl4MH
3mO5oMPs9hQ06LbzYIjDbh8bUTczFnPhkZa7PHAnE5jwF36/aiP9iprTtMBEvJJ6
sKjlC/vPPk2y79Mc2WbyNlp2qAiEtminnZi7qY/495ePNv5WmG6UYQINwVfs2vxb
FCFNAgMBAAGjggF+MIIBejAJBgNVHRMEAjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5
LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFPb8U3JvkgcXvtSE
py6Qtz8e6/k0MIHqBgNVHSMEgeIwgd+AFA/JlbCao0t9SowGuPjH5hoZKiQ6oYG7
pIG4MIG1MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZC
ZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNl
czEQMA4GA1UEAxMHVlBOLU1CUjEQMA4GA1UEKRMHVlBOIE1CUjE0MDIGCSqGSIb3
DQEJARYlY2t1YnUtYWRtLm9vcGVuLmRlQGNrdWJ1LWFkbS5vb3Blbi5kZYIJAJVC
oWERyZjAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAQBgNVHREE
CTAHggVjaHJpczANBgkqhkiG9w0BAQsFAAOCAgEAR+vl8ToNdA0KId+ifagINHpz
OMfFlBkkFVLhZGcoQp+HJV5I97zSt41Ybozrwo6Jnjv3wX/vYzqTl/oUrT9gjAhB
qMy9CEgMzyxBMl6ys2YqdBiRDC6sSkSY0q0BuZ8wHmvvzymlrwjNXIkdk1bbYtzx
9P417K63FSoTmIB8eVNUIoX4xusM80NCAR+1jnSyFoN6CrrnQA5L13GvyPZl7HMY
7gANKpUcPkqo0vnltIih4qbDESVlUIwSLocO6e9QLfmEh6n5onJqSORdrRaj3XdY
vXKQmlu3i0AXhVkQXQ3mdZbjYyYfSXO31uuuAhTR0Ji+p/znHF7Fxc4otmamhFcv
lRuAu4ai5qPsjHMsHMIb6eKKVWTHQ8iDKcOteaJk1x5KqTuKq6aBcmIxIFbZTpR1
rQfQs/9GjdIyJwHVHFAgymHiXjxmx06ZTXdrAMJpnpcMZD0iIrE08UMi3/jTtE4z
PE65tITvaFLtnl1cr3fFNXS0vDkmRQ7ejA5NsggghVU+vWQ8UPKRab7hoWXylVvD
GLQRglmQbM5VQgKLSlDrWFbD6fnI2kWSZmtxK2Mu7ab+HpflWRKTt7xUNlhPWUKz
1I6NVweL4WZ+0l6Y2ETxlUzqCylBrKtqQ44lGsPvJ+j2bwM5OIjKeElWMb2dzZJL
Q3Ox4pNDPk+BEHQrxl0=
-----END CERTIFICATE-----

29
MBR/openvpn/home/keys/chris.csr Normal file
View File

@ -0,0 +1,29 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIE7jCCAtYCAQAwgagxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3Jr
IFNlcnZpY2VzMRYwFAYDVQQDEw1WUE4tTUJSLWNocmlzMRAwDgYDVQQpEwdWUE4g
TUJSMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGUwggIiMA0GCSqG
SIb3DQEBAQUAA4ICDwAwggIKAoICAQDELT29H7HFsvXsdgCAmZwNsmyB1XxD27FK
duBVHbeoWfZiBe3Klig9NLowVHHUQXPSv76t8HY8EwvackZrBX5yOPhBN0mvMDQb
WAPyvICD7Xto0ZQ4kbMEYx8kADOyAs1M9VHH6piPIJvcc9YhIuhVjQ3XD16sBJli
CHJ9Uz8fUKp09HOyfjDbOxtbmmqpRYrZSoE6TAMgovvTMvjdHl8ZjE/5eTsjMsgr
bZ0ZM8tiNiP3YaMjXzZNHxOJRsKc2VM/oFl2YMUzQ2fl2hHJfOJMsfxtUljEDnvV
ttbYFg7ZK17slct6o83NnLEmcaAP2oZqsW/taRJ4JNcL7hdsuf8EmuBvko4EstM+
pHsoEmG0PSCMfWSsxzMYKMt9GhKEiGCdyyqSGX7vOtDPizLoc5SnZQA4+TKRC94j
msQlJSXKvI/lQ6IJidfsWWrgtMPtWzotvtM9hqderO+M1RVQiaqzeSVhT+NGe6YF
T2/CYn6IJRMqIvowLGmfO6uK1RyQovyynr/BBo9tDwBWnEtsgs7m7S1MgOAyf+Gh
SJeDB95juaDD7PYUNOi282CIw24fG1E3MxZz4ZGWuzxwJxOY8Bd+v2oj/Yqa07TA
RLySerCo5Qv7zz5Nsu/THNlm8jZadqgIhLZop52Yu6mP+PeXjzb+VphulGECDcFX
7Nr8WxQhTQIDAQABoAAwDQYJKoZIhvcNAQELBQADggIBAGb0Q69hSYu0oZTe78/l
w5RJbfRrdVgnVB3G89tb8UhU02BJgESoRf5etbz8yhmRmLCRZZLfOxaHoIrVjnw5
3Davc9Tkm2jOvEOeGClL8xJRgeCyfnPox7+wkOh9D484JpkA82C3TVekY2ofL9w+
Wvm9hoK+y6ZNVDAOZHANgaQfSYBkHH1SJhLjKDxEKxAqsyL7hz4fsHaS0o248xG4
8o3RtitLzFdHpHQAkxBhvi2FVRVp61Sm7G7sRJrxsp80wuKGDeueYb9bGGvqQi+0
TAETvW0ty2Kqd3PYy2EaRZDjq7o0Te/wtaPWnFOZ68PIY3Gc2vTO9+6rut5GPDb0
ijz/lLX7tkFo7n4KDTSIGfGmsagTKdZSI3+sMnRkU0WLi3bydpvP+mYKviWDVBU/
NprTa2drZ6xscR1yKwhf+2z6PREkifl13TkxlKEbpzBuDAw1NrV1NosBHjS3Pzgt
Fljnka8h2ygPT2n9GpSvCn0TmUmH9F5OSJEZf+su1sfCPbzIZd+JsmhRU4cek/dV
M8CoBKbZC/DCp/hHloDbHoZPzAycW57DqLYXBI2crSwd9e/gz3innj5GzYSUEHdY
jbxVVYtbAEAEWxjN/6+wDyozxhtY/N5a+WDNcp7s8WK17TjoP/d+lyoJgRWt/duY
q0syjofcpL5SshO9sRWrNcT1
-----END CERTIFICATE REQUEST-----

54
MBR/openvpn/home/keys/chris.key Normal file
View File

@ -0,0 +1,54 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIxiEqdBH+tBACAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECHYLwIQAaxwVBIIJSDIjWSU9/Kok
bbatj//bCab//36qcLRn2ZF3xT5bUevvX6PMDhI9X6d612AVAd7V20/nloX6jmYE
5bmAWiUjDtJNynXcdxe4RtyVfViECX+vGCQwz1MhN24GzGIyCm7V0/nJU6Stqoh5
DQ+RSqpBrjcFZAWNvFYfRKG0K5QCPG3DirP02ndbqZZY+phklAwunZGaf0Ao3n2P
Iqr+/sF7D6MjcS3jFqWYyCtHrqCK+3OyQLoWcsJKK5boYq6ywcPF/9qZJoCAQX4r
tbQ+2hEvL1hVte8l+ZtM331irHdmJ8A3UJNp2zR8SBQoO61lKZ0gNcfQzfnBEJpS
Xymds+2jtcgwGYCNp3fpZk8cn3ejRGEu1Z/2KSXVlDqA4VF+tlQbcHHaQawdL5/i
Gu4tbbxt9ZfBjKn1N7GhOnheF/xK6jxaip5fP+GsU48Qhko7ng4ckGlM3dHEDkhY
005X3pwqNM5+nW73yl6Qhdj7AAq0Rjsxa3crqkDkJ+XFWq7E6Wo+g9xhous+I0lZ
LGE/GaJ8A0Hg/A35b9cCDDToxoSZm8MxZh6rBQeRlMddQ0Bki/WKqg3os9FLEY/a
T++sWWuoPw2Ei0TkKJcNStMhM/0cIY/WduOMx1zg3drApQYM4CU4lt1L8nyAzhoP
QJs0oZreY5Pt0VA9wfvg3ULlXlk0pMsIP58ci8MQ2veyTmmBEqe9TE7UiJuQrmD5
yQFfg56bcibeRJ7l6HCdgpL41s4NvNf/sPvUMx7rNkVOqgXtO5qAMhF1ODLe51BS
t990Ht6atPWEypKoxoja83OIAyn/78HLVyCf229ysQTM/YKF85H9ut+TOE9NgmLS
/7CJntWBf0wzLKzHLVhjnT1XWWvmyGQkci04+82gSwZiURPgNowTUNGozL0bNRQR
aRGlY/DT23vO3NmBz+sz92RUVBkAeJ5ujW8GozlVp8elhdgFnPbrNPVRW16XryyV
Ql/hS56GqswtJXHHMkRx4xLUujKDvkzNUboJZvZLj1pTBEH5irJFYvdHOfd/oZKx
197DIDcL72ESQHKAesogpDc8erl5AFYnEdRg54mR1lcgDzEbK4r1pQdE///H3XSU
90VlO7DOHR5tzp26njZTo8hokXVzxd2MEd8O/2tWCj55mZP8A8Fp+uWu+YBtV4KT
es3j9udI1cAMQiKL/jMOoH78+IRn2Cdw7WlLLCq3hduPJFCwH+S/WFFcDWDhCRcN
ko5CYLvHjb32PakjYgRBelTRGSBl75lUiNrRep5apCMuREvLNP3A+pmmwCs5H+fu
OKrOVHJ0pUHt8439DDeSozT3JKm+ngowuPO6JG77e1gSZ8rSHySoUBI4sGXEDcpp
6+PzATzDJr9ZLYg7UumjIQ08YX14yHPEjl64SHQZQpcE8T8XfSEESi2dBjCcQ14Q
G2a/40MFNn1a9XnMIAdw3DfPV6bTIi/LJaCCU//OFhuiPyONXuMtdCRkoA9tKHlZ
fGZ70AlLG82yJ+2BLLuvxmapmq0OFZQm+nobw0c7lZP8PWCekK6QYVREkDvn42DD
snO5gItiQIgLfW6zqq6kEXn3thBSFEFuizGprhLhnEJs+zDJ50CTs4I2QquGBdVn
Crtyp83Kf9TnaDs0VK0u/bYXjyDx82IZEIERf05La8wS3RprC7fAqAqTQ2BF2u57
2/6B7QvD8nFxYQszU1KUsaTfzRyVziAXC/t5XmMrOtZsWbimKd/o6rt0EsmNXl5R
S/GLJSqhIODLzpf1LclapRzA4JqXHpZ1JG2mr8ohKawouLvvXU39yHMOrnVaWL/S
75ZzcbKwNfnXe6lh8o7g6Ryq+5wRQpTBdEquzrPZod6uiM0Y6QgCOeDwTfpgpdXt
6JF7x75oPEW+Q5ZFvEuopzXCslIbHyycgFmlGNrYn6T0vQ5r3mYjPAtm14S0Yl0D
Dw1ykmqcLFAb6YQUKoSEJG8wPnrR6mYE1643ZQJtbgo5Grgrxd8a3+TJNhU0h4oP
1aMEG0DJFtBV6TSUojZYDwQ+pmWTp2wWyECUUkoFUeHU2oGUzEmUfj6DK3Ewh8mQ
zjUtiYN6yq68u0Y51MOIe2UrP/PjGO+EM7fmQc3oR/hA80+8LHXInEeMc3B6iLH1
MwkrslbSSaynD8bAoO9rQyvWCrwSJwjdGWYd/bPpEXILDkDhqD+E/7cJkSU2CJp9
SWrFm34IStVMGOkqRn0X4Q4Ml+RilgQy/0Nr7CQeODjHJJC6LdqePj8AMphZtWNo
QjI0ysctUJ9AZfy+xfdyxT/66kmisQFeRrYe9t9C1AEz7wQhTXTc/nPB0071JL+h
pcTVywqRPwLD+Dy4qpGc1Ocb355ieIJGi72rVieYCK5clohPeex/iM3Ay+yuhVfM
h/MS2oKaJi5M1HzOfNI/DLlEDtGHmbla12W9wWJGyQ+HKtNO2uFHgE1aRY3Exyev
E9jUDO7KUBwKutQVpvLiX0w8ftAx6QPu/7VZ8jVar9P2kIfijtIghBcPP+/Xb2/R
+OxXjwZrpJSanR8KVMxk1Gtp9dFrry2mtpMpPDqIat7Gj+/YBMov05M7Tk1arrYM
N29MylzYEaJj4+2apMzo3/TW53ld3mc4idVLNavAcCq+t6DZWdbUTkpUpNTMBEmC
ZZ+BOyQMqekM9Lo4My0XvairkmHSmRnQJND0MEc+C547z8vRFHYGo7WGFeaZXEo1
KHH+s1BFMEZFkJZPbuPuSXf+tNEfXjofMIBTUMMLv4MR1OwstDCDo95J6PvMr3/j
8mMJ6F85kkGpj5QfxP5liQhWrMiXJMEAaoZ84eGefeDMWWmiEANl+soCS/MKRYx4
DBWreg5EvXuC9wQM55UOe/DBRmK61WjOXmTuSAf3uxa4R3TjsJPny5U84s44Dq9B
1jN1hHKFLhAppgWqnGDfkp7cmsf5v600Fcn41lE4QMeDTrQMcYUseRv64uDQQI64
+mOaQ/5x26QFBFi7cyc/LkJwLfbQ7+OXgwYRlG1Z78Tx4vx/b3LfTltmSR+93hLW
x5k/sc/xt9nEUwYvqo5fv1pRU0FOJEuHueIz6ZBCjZPcYflm3Yiwzmip5CHf9Tvw
ycysCQUiTfM+oENgq9i6tFbCaOx80R+W6ckRgmXiCmDd6pKnfzZuIa/ODD7zQBh6
AiaXP+oXUEJe7qU8un0wyQ==
-----END ENCRYPTED PRIVATE KEY-----

1
MBR/openvpn/home/keys/crl.pem Symbolic link
View File

@ -0,0 +1 @@
../crl.pem

13
MBR/openvpn/home/keys/dh4096.pem Normal file
View File

@ -0,0 +1,13 @@
-----BEGIN DH PARAMETERS-----
MIICCAKCAgEAoJC1F6ZpKKOI4Dd15mboakcnTA30LZRo4xGgJE6CWMkaxQQcfYef
vDH779iXoBVNc16lcnikszrK6UMDOS0ncB9wG3zyjgNVQJGqAK8T+iUT4JEBKjX9
SdpmkreDgshe8ETHVu0KNjihw5IpH3Skh4BrM+iD40QRuEaVvIAXp3e9qDqHEOMY
wMIBI7DpUu/eJjCXzR7vAayNo+7UH1mlOn9+pkA8Ylbrxo2xACZpxappyVv2C+y3
E0mNYNWgQJykHuIYema6UhfR29QzCc9va70dr1MjVSrKIDPR/L5CYwyRk1bZaJ7f
OH+IEkWHUaSubym+1HVgnFhw1cnPjn5ZoqmrpHjl5yi+HxcBqc4LqkLrveRQ0Uh7
lXUSAN6uc9ECctcd/9IFvKpn4Q/g2vDKwpn4nvL0od5rmfZJGGXPZ5matH11Vsds
M/qYepk9IBavMlh5AUNph2v232OoP62oQkfxxijZqfDLSOyTIagwlXkukU+/NmHl
2K2EC3eTF+hh0uojfV7yqkyDCBEmCovmFB8nQZcUk9NC0Y90Bz1VxLv0DatkM4Kg
QRGZKJGPKqDgjnjzTInKsNQtLnV+5Kbc5fQFJNYBtLfp3d2tFv/XmZ6s1VModtrv
aqYSbEKSSjD8+DX0Q5e6loRAC91eCbnGyfcXyO7TFORKfKSfHBCjXrsCAQI=
-----END DH PARAMETERS-----

2
MBR/openvpn/home/keys/index.txt Normal file
View File

@ -0,0 +1,2 @@
V 371218203034Z 01 unknown /C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-MBR-server/name=VPN MBR/emailAddress=ckubu-adm@oopen.de
V 371218234127Z 02 unknown /C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-MBR-chris/name=VPN MBR/emailAddress=ckubu-adm@oopen.de

1
MBR/openvpn/home/keys/index.txt.attr Normal file
View File

@ -0,0 +1 @@
unique_subject = yes

1
MBR/openvpn/home/keys/index.txt.attr.old Normal file
View File

@ -0,0 +1 @@
unique_subject = yes

1
MBR/openvpn/home/keys/index.txt.old Normal file
View File

@ -0,0 +1 @@
V 371218203034Z 01 unknown /C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-MBR-server/name=VPN MBR/emailAddress=ckubu-adm@oopen.de

1
MBR/openvpn/home/keys/serial Normal file
View File

@ -0,0 +1 @@
03

1
MBR/openvpn/home/keys/serial.old Normal file
View File

@ -0,0 +1 @@
02

142
MBR/openvpn/home/keys/server.crt Normal file
View File

@ -0,0 +1,142 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-MBR/name=VPN MBR/emailAddress=ckubu-adm.oopen.de@ckubu-adm.oopen.de
Validity
Not Before: Dec 18 20:30:34 2017 GMT
Not After : Dec 18 20:30:34 2037 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-MBR-server/name=VPN MBR/emailAddress=ckubu-adm@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:c6:39:a5:51:7a:27:28:98:2e:bc:42:05:63:21:
36:af:e2:1d:dd:25:17:98:6e:56:af:71:9d:3d:34:
8a:b5:00:76:ea:24:9b:34:66:95:b2:a5:08:96:f6:
48:ae:b6:a1:03:1f:54:90:19:d4:a3:62:74:28:ce:
ed:32:d2:e1:c5:81:7e:e2:fe:bc:b5:ee:3d:8f:50:
1e:0d:ad:19:d4:e2:bb:2e:5d:dc:ef:99:82:04:12:
31:ee:da:fa:b8:6a:dd:1f:3d:fd:ab:ec:88:46:a2:
e1:ae:1d:14:97:ce:a0:fc:18:f8:e0:b1:dd:37:a0:
77:e7:e4:12:93:a0:a7:7b:96:f4:ef:97:ce:93:0f:
6a:0e:b8:f7:0c:f7:7a:e0:e5:ac:5f:9c:bb:1d:0d:
25:e6:ca:d9:72:c0:97:20:86:e8:d0:1b:9a:66:f7:
e7:47:f5:8a:b9:65:5a:cc:a1:16:f5:1b:b0:7f:8f:
76:77:01:57:78:0a:59:47:54:76:cc:f2:7b:d0:16:
aa:56:b5:92:41:d2:2f:6d:67:6c:5d:b8:9a:39:54:
2c:fa:d9:f5:8c:43:59:9f:a7:2f:74:42:94:0c:8f:
56:fd:38:3e:3d:20:48:73:8f:b5:6d:73:8b:3d:61:
7f:64:a3:fe:bd:6b:eb:9f:0b:ea:93:c2:12:0d:19:
43:30:c4:f3:34:63:6e:9c:52:e1:f1:c3:b0:be:66:
d2:81:16:33:a9:a0:35:23:da:3b:b6:d7:3d:77:a8:
a8:f7:79:67:ea:30:9c:55:3c:85:91:ae:3a:e8:6b:
23:e5:54:ef:70:11:32:9b:8d:cf:f4:a3:c3:a8:54:
ab:d3:6c:73:7a:c1:84:f0:a4:95:0c:8c:77:1d:a6:
a3:21:3e:4f:69:3d:d7:91:7d:ba:e0:41:ec:56:ed:
4e:b5:e5:ed:16:ca:df:bf:72:81:b0:0b:b8:73:f8:
59:8d:db:fe:46:be:35:d6:f6:f4:ac:4a:ca:49:a8:
d6:d4:c4:ec:4f:b2:61:4c:16:0d:20:9b:0d:92:96:
3f:a3:73:7d:a1:7c:30:a9:34:1f:95:3d:38:72:48:
04:b1:2a:8e:30:4b:ba:00:7f:d8:0c:a3:d3:ea:59:
6b:86:f1:03:5c:01:a4:d7:14:4b:1e:4a:be:18:c1:
24:64:26:52:56:5f:16:9e:c7:86:f3:9d:3b:50:cc:
74:e6:4c:f8:00:3c:0b:51:33:31:dd:6e:7d:44:93:
c3:3a:37:5f:17:78:7b:5f:41:21:25:d3:8c:ed:87:
31:1e:6f:14:e3:14:a2:68:67:52:6e:f4:6d:de:44:
63:d5:95:17:5c:a1:db:ff:de:2a:ee:4d:2c:be:c7:
df:8f:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Server
Netscape Comment:
Easy-RSA Generated Server Certificate
X509v3 Subject Key Identifier:
28:1E:56:DA:FB:5A:AE:0A:7D:40:8B:44:68:5C:AA:1E:30:D0:52:74
X509v3 Authority Key Identifier:
keyid:0F:C9:95:B0:9A:A3:4B:7D:4A:8C:06:B8:F8:C7:E6:1A:19:2A:24:3A
DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-MBR/name=VPN MBR/emailAddress=ckubu-adm.oopen.de@ckubu-adm.oopen.de
serial:95:42:A1:61:11:C9:98:C0
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Subject Alternative Name:
DNS:server
Signature Algorithm: sha256WithRSAEncryption
8d:75:14:4f:4e:81:35:96:11:3c:25:05:fa:4f:8a:71:f7:45:
2a:37:31:63:ee:6f:5e:18:98:0a:bd:cd:60:dc:01:2d:18:24:
f7:3f:f3:ce:fd:cc:1e:4d:bb:51:10:1d:b7:0a:fd:f6:bb:fd:
b7:79:cd:e0:36:2f:6e:9d:cb:3a:00:a7:ca:bf:49:34:3f:ed:
e3:da:c9:27:0f:38:67:e1:33:49:69:53:f1:44:4c:99:92:67:
e0:f3:d1:17:62:ea:3b:c9:30:14:07:f2:92:f9:87:30:62:51:
80:48:0c:e2:12:f7:88:84:71:e0:1c:cb:f2:f4:1d:a2:06:fa:
11:f6:31:7e:21:94:7b:7e:c7:2b:b8:96:e9:88:96:9c:f1:e8:
d7:2f:2d:93:c4:d5:8d:a7:15:54:28:a7:23:07:08:01:16:ee:
f1:d4:e2:5d:e5:7a:40:c0:15:44:70:6f:da:98:c7:20:24:c6:
50:f7:f6:13:1f:f2:d7:11:ac:8d:ca:04:1b:61:01:b3:0a:49:
4f:53:00:9a:4a:36:38:57:b6:c0:d9:bf:22:0d:2d:e3:da:7f:
f2:bb:7a:cd:ec:52:7c:38:68:b6:33:3b:f8:e4:12:6d:ef:90:
6d:b6:99:21:7b:30:a0:53:c0:09:f5:02:8c:88:ab:11:99:d1:
a1:b0:c5:eb:4b:f5:12:11:d6:b9:ee:62:25:b4:a2:bf:7e:37:
a8:4d:f1:5b:8e:f4:f8:02:9e:12:7c:4a:37:f4:f0:27:ea:94:
68:38:43:d7:d7:a9:3e:ef:f0:23:e9:a9:83:1c:c6:cb:0d:21:
15:b3:02:bd:0b:b7:44:ee:af:ac:3d:0f:72:4f:5d:43:1e:13:
96:fc:79:54:9e:f5:3d:56:21:1a:a3:52:89:e7:89:e1:5a:e2:
f2:ae:8e:b2:a3:fe:18:f9:7e:0d:35:75:a7:82:3c:51:fa:c9:
05:73:e1:ae:4a:76:d0:3c:36:e4:3c:24:3a:58:24:e0:7c:dc:
ec:3f:0b:b7:fa:68:53:03:b2:21:28:c6:57:4a:85:8f:19:91:
f2:6e:31:c3:1f:12:fd:67:72:d3:d3:3b:0b:2f:cc:c8:3a:c9:
ac:13:c5:51:eb:a5:7a:87:e3:4d:21:ba:c9:41:29:0c:78:5d:
5b:04:96:d3:0b:2e:75:db:2a:9d:fe:57:1c:7e:03:10:6b:30:
e9:c3:d7:6a:95:4b:65:48:4c:2f:62:d6:9d:36:02:a3:05:a0:
b4:f0:fa:c4:74:10:32:06:d5:a8:d7:be:b6:8e:b4:7d:b7:3f:
3e:01:45:50:25:e8:7d:51:da:5e:22:17:8d:1a:5f:4a:a4:7e:
e9:53:58:cd:30:11:0a:af
-----BEGIN CERTIFICATE-----
MIIHdjCCBV6gAwIBAgIBATANBgkqhkiG9w0BAQsFADCBtTELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1NQlIx
EDAOBgNVBCkTB1ZQTiBNQlIxNDAyBgkqhkiG9w0BCQEWJWNrdWJ1LWFkbS5vb3Bl
bi5kZUBja3VidS1hZG0ub29wZW4uZGUwHhcNMTcxMjE4MjAzMDM0WhcNMzcxMjE4
MjAzMDM0WjCBqTELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UE
BxMGQmVybGluMQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2Vy
dmljZXMxFzAVBgNVBAMTDlZQTi1NQlItc2VydmVyMRAwDgYDVQQpEwdWUE4gTUJS
MSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGUwggIiMA0GCSqGSIb3
DQEBAQUAA4ICDwAwggIKAoICAQDGOaVReicomC68QgVjITav4h3dJReYblavcZ09
NIq1AHbqJJs0ZpWypQiW9kiutqEDH1SQGdSjYnQozu0y0uHFgX7i/ry17j2PUB4N
rRnU4rsuXdzvmYIEEjHu2vq4at0fPf2r7IhGouGuHRSXzqD8GPjgsd03oHfn5BKT
oKd7lvTvl86TD2oOuPcM93rg5axfnLsdDSXmytlywJcghujQG5pm9+dH9Yq5ZVrM
oRb1G7B/j3Z3AVd4CllHVHbM8nvQFqpWtZJB0i9tZ2xduJo5VCz62fWMQ1mfpy90
QpQMj1b9OD49IEhzj7Vtc4s9YX9ko/69a+ufC+qTwhINGUMwxPM0Y26cUuHxw7C+
ZtKBFjOpoDUj2ju21z13qKj3eWfqMJxVPIWRrjroayPlVO9wETKbjc/0o8OoVKvT
bHN6wYTwpJUMjHcdpqMhPk9pPdeRfbrgQexW7U615e0Wyt+/coGwC7hz+FmN2/5G
vjXW9vSsSspJqNbUxOxPsmFMFg0gmw2Slj+jc32hfDCpNB+VPThySASxKo4wS7oA
f9gMo9PqWWuG8QNcAaTXFEseSr4YwSRkJlJWXxaex4bznTtQzHTmTPgAPAtRMzHd
bn1Ek8M6N18XeHtfQSEl04zthzEebxTjFKJoZ1Ju9G3eRGPVlRdcodv/3iruTSy+
x9+P2wIDAQABo4IBmTCCAZUwCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCBkAw
NAYJYIZIAYb4QgENBCcWJUVhc3ktUlNBIEdlbmVyYXRlZCBTZXJ2ZXIgQ2VydGlm
aWNhdGUwHQYDVR0OBBYEFCgeVtr7Wq4KfUCLRGhcqh4w0FJ0MIHqBgNVHSMEgeIw
gd+AFA/JlbCao0t9SowGuPjH5hoZKiQ6oYG7pIG4MIG1MQswCQYDVQQGEwJERTEP
MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBk8uT1BF
TjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLU1CUjEQ
MA4GA1UEKRMHVlBOIE1CUjE0MDIGCSqGSIb3DQEJARYlY2t1YnUtYWRtLm9vcGVu
LmRlQGNrdWJ1LWFkbS5vb3Blbi5kZYIJAJVCoWERyZjAMBMGA1UdJQQMMAoGCCsG
AQUFBwMBMAsGA1UdDwQEAwIFoDARBgNVHREECjAIggZzZXJ2ZXIwDQYJKoZIhvcN
AQELBQADggIBAI11FE9OgTWWETwlBfpPinH3RSo3MWPub14YmAq9zWDcAS0YJPc/
8879zB5Nu1EQHbcK/fa7/bd5zeA2L26dyzoAp8q/STQ/7ePayScPOGfhM0lpU/FE
TJmSZ+Dz0Rdi6jvJMBQH8pL5hzBiUYBIDOIS94iEceAcy/L0HaIG+hH2MX4hlHt+
xyu4lumIlpzx6NcvLZPE1Y2nFVQopyMHCAEW7vHU4l3lekDAFURwb9qYxyAkxlD3
9hMf8tcRrI3KBBthAbMKSU9TAJpKNjhXtsDZvyINLePaf/K7es3sUnw4aLYzO/jk
Em3vkG22mSF7MKBTwAn1AoyIqxGZ0aGwxetL9RIR1rnuYiW0or9+N6hN8VuO9PgC
nhJ8Sjf08CfqlGg4Q9fXqT7v8CPpqYMcxssNIRWzAr0Lt0Tur6w9D3JPXUMeE5b8
eVSe9T1WIRqjUonnieFa4vKujrKj/hj5fg01daeCPFH6yQVz4a5KdtA8NuQ8JDpY
JOB83Ow/C7f6aFMDsiEoxldKhY8ZkfJuMcMfEv1nctPTOwsvzMg6yawTxVHrpXqH
400huslBKQx4XVsEltMLLnXbKp3+Vxx+AxBrMOnD12qVS2VITC9i1p02AqMFoLTw
+sR0EDIG1ajXvraOtH23Pz4BRVAl6H1R2l4iF40aX0qkfulTWM0wEQqv
-----END CERTIFICATE-----

29
MBR/openvpn/home/keys/server.csr Normal file
View File

@ -0,0 +1,29 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIE7zCCAtcCAQAwgakxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3Jr
IFNlcnZpY2VzMRcwFQYDVQQDEw5WUE4tTUJSLXNlcnZlcjEQMA4GA1UEKRMHVlBO
IE1CUjEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlMIICIjANBgkq
hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxjmlUXonKJguvEIFYyE2r+Id3SUXmG5W
r3GdPTSKtQB26iSbNGaVsqUIlvZIrrahAx9UkBnUo2J0KM7tMtLhxYF+4v68te49
j1AeDa0Z1OK7Ll3c75mCBBIx7tr6uGrdHz39q+yIRqLhrh0Ul86g/Bj44LHdN6B3
5+QSk6Cne5b075fOkw9qDrj3DPd64OWsX5y7HQ0l5srZcsCXIIbo0BuaZvfnR/WK
uWVazKEW9Ruwf492dwFXeApZR1R2zPJ70BaqVrWSQdIvbWdsXbiaOVQs+tn1jENZ
n6cvdEKUDI9W/Tg+PSBIc4+1bXOLPWF/ZKP+vWvrnwvqk8ISDRlDMMTzNGNunFLh
8cOwvmbSgRYzqaA1I9o7ttc9d6io93ln6jCcVTyFka466Gsj5VTvcBEym43P9KPD
qFSr02xzesGE8KSVDIx3HaajIT5PaT3XkX264EHsVu1OteXtFsrfv3KBsAu4c/hZ
jdv+Rr411vb0rErKSajW1MTsT7JhTBYNIJsNkpY/o3N9oXwwqTQflT04ckgEsSqO
MEu6AH/YDKPT6llrhvEDXAGk1xRLHkq+GMEkZCZSVl8WnseG8507UMx05kz4ADwL
UTMx3W59RJPDOjdfF3h7X0EhJdOM7YcxHm8U4xSiaGdSbvRt3kRj1ZUXXKHb/94q
7k0svsffj9sCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4ICAQBiG/MjEDzsPZ/ZI6j6
ZPug5lbGTS0T2ZpOvRRMqE4rMaCSrTmS61Zw5VXsVIKNVuJN20B1NGo46lrSPYt8
Om7k3QaxHxGTrRs0bsAtfInvzh6j7n0P80hliyTHyT3NzK7zP9gkcq2wCk/b6X/6
Dvjm8nNZz3PfUmpXNVSaHSILvvvbtCf/nxYzXRktG7OQJCgUx0KQdDigwIx4rREE
bwzJt5E7ybt/NglZw3B2QoLsMGh89L8J37iICOanbf1JHeMgW+svepskm9J28xvE
QP1gq/htnYHmCaD5xMqgSbMFZgrV4ipixrcxdvz7Ek/4+uc42nrZfnf3j3qFKqej
UZtpmochzN1PkdKkxrpVKSTh97zsXCwtbIcLxEAd9RdUloIUNrQAvzSgTIT2tjF3
aqrt4YUbxxvMERgwINxye4FQYBQQvnaucrzLNow9YZf9Owzf02fNigBnz/Hbk726
OVcqww0z7KJs4VkFhTGkATsAyKRe8gDuGshpQpPB3x5hr/cW2Z5mKbIrHKDK1jov
6jsADFZTr8r7CrNo3aDqxjFn5a9iRo1w348aQq/cqBYHrKPddcrQrPH+4m6h19QJ
Vn7i+iz8ZdvMhnE8sl4g/ZoMYEvuKn5eT8yzbL0Xf9mhDNcTuSgqEu+1u/eW04Uy
gXfX67DLAAmQ26mUM6dcMYSutA==
-----END CERTIFICATE REQUEST-----

52
MBR/openvpn/home/keys/server.key Normal file
View File

@ -0,0 +1,52 @@
-----BEGIN PRIVATE KEY-----
MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDGOaVReicomC68
QgVjITav4h3dJReYblavcZ09NIq1AHbqJJs0ZpWypQiW9kiutqEDH1SQGdSjYnQo
zu0y0uHFgX7i/ry17j2PUB4NrRnU4rsuXdzvmYIEEjHu2vq4at0fPf2r7IhGouGu
HRSXzqD8GPjgsd03oHfn5BKToKd7lvTvl86TD2oOuPcM93rg5axfnLsdDSXmytly
wJcghujQG5pm9+dH9Yq5ZVrMoRb1G7B/j3Z3AVd4CllHVHbM8nvQFqpWtZJB0i9t
Z2xduJo5VCz62fWMQ1mfpy90QpQMj1b9OD49IEhzj7Vtc4s9YX9ko/69a+ufC+qT
whINGUMwxPM0Y26cUuHxw7C+ZtKBFjOpoDUj2ju21z13qKj3eWfqMJxVPIWRrjro
ayPlVO9wETKbjc/0o8OoVKvTbHN6wYTwpJUMjHcdpqMhPk9pPdeRfbrgQexW7U61
5e0Wyt+/coGwC7hz+FmN2/5GvjXW9vSsSspJqNbUxOxPsmFMFg0gmw2Slj+jc32h
fDCpNB+VPThySASxKo4wS7oAf9gMo9PqWWuG8QNcAaTXFEseSr4YwSRkJlJWXxae
x4bznTtQzHTmTPgAPAtRMzHdbn1Ek8M6N18XeHtfQSEl04zthzEebxTjFKJoZ1Ju
9G3eRGPVlRdcodv/3iruTSy+x9+P2wIDAQABAoICADVHYz7uFT5dARrKqAYH9Fn7
7cj14kyvQ49uezPrPmj+EfhHFIxWEmBs6U0iL1D+d3KOZj1BJB0yJkSdsbWaZuKe
Nsuuamx/933gq+NDJpFIy8Tfp7WizgZoGZG4u/D7kCmIkPk33z0VJJGW8WUIPc7k
q2hBhlMgR3pFnBSf9sRKQ9VuOTDf0MLaRlTu49E1Ckq8prJdSVWqKh4k07oDaOoe
sTaB5WE7Byljq68akUAaTCtNFStRagAyz+JTOodFma/Jl8ksjn4wj1zZko/yQUmt
bVWTZeNoatt1pVSbXI2vrVLsXhYx6idddgdQKhm6bfJP/fVN34vlOQyz+gQZSSyG
MMXC9sKscUL9291zWjPZOzX4xskSXQD+QLZ2cKB8FHvYjCe/AzyrVTy0NO8PlrVX
n1eRZJV8hi1zM1HRj0Oh7DzY10EKD0pRW3i/H+pBh9JhuwuEJPz0C3vVo+qR0W50
Q4wlaR/E3Z2pRIiiP3PPnBYBiZNGmhmVlCGqfyZ1IaQLT3orUKqLnwQn8UcMwocg
XJ6NnvmNKEMJq7hr1RY2chLpjf8CLsTg4fulrTFylkEk+jaCBKAhv7VPWnkBw3g6
UZtgTbLQpzjzzsgdsEBlI4wqi7Y6xPZ3+Vd33RsRmHqHtEK0AkiyUN0LK/o5nb5Z
erjVufPngHwGZ4pZ13RRAoIBAQDxW+2ERneA2J4l+9Y5I5mE3XSnVer0bXF9Z+Kd
gJaUDmspEjWodcbN2+qzOzGrLVWhM9zJtEtHKYMG/+Ll27S7b4Lc7gInqz5Y9DpE
UCS+8jWpk2/uiNEgLU22TXzXVeiVqCfeVgLzsTiNaQC3D9uOG6r4iQSEY88Y2qYd
2A/TVpDHRBzoU6tK8xPAbeDJYumUUU7vi06/6Mz1YIJMtEDzm5VWhWnDGxmObiND
B0ZiNye9YOBTNIojgqvh5v36t1FTDeVGn9wtBf5dC/fGwnbU5lfmsTgGR9sL5Tbt
Dj4Hn3wzVyFuBCT8Pu+YZxD7rLXoyUamkIZxupDOXIjjDoqTAoIBAQDSP+PkC/+g
nEOgvwR4nupO5ASE4xcbK4n46uROAi/K/LBpkKiyB3SDPpip3Fv991bCaq30g/eX
d0gAvKb9fJgJ1cq3vME3Fcgvu85dB8dFtQmbbN/Kp4HGcF3sg2swEZL/aMsAPauS
c3u77VSx6SGaAADCjt1nG2ZK62hnoa5A/y5XFez7/uwqFo3OhEpxmk0ukTSMnHNC
LJYaL6pbk/YS1lhNGybIeDzf2bKWSsnUNtbO5tow+8nJJZku9jyytotJEVm8ZiJt
BSeoiFhfVcwzCn+4sbLDsyvkM1K9VDEbypn9jqnTxcwuJTj9ZsXDBq2g+5O60I8Z
rpaRfqAcRwqZAoIBABIejJ45jA8oM/c2CMcRXR0UYwWM9a6T6Mk5W1HnrWZADttu
eojDDsG1mNELyJbJOHx5oEGkP2KAQ03rN+V5sP/BR1m+pHrF6FBVRWqLeba8CDtK
zkRiERERVZwyBQVFdciGbzfJzT7uNwimsV8M2ba5bQRrhONLeuiqwX3MEqQTA5ty
CZmHbnyZ8wmnNhDoVBDGad6h3q+Zkol5TU7k2Vtweq2cJmx3RFvk+NC3YxlMerdE
5pJYh2ZTEQRMixSfXoOVr3i115mpsYbatyc8wh8Ji9/Nvh76lf82ngD96Lo5xuEz
0VapCP3G28XdNvEt7hojwiIPB4jSMLzNRZmGJfECggEAT0JqpNOpIGEIVZbtFpPB
/M+UrIv3b/Sv5LiYLJhCcCFmV8WC8upAkCGO56n8u/b8K/qPbXg6ZE1BRZXY1gKc
RkjkTPPJWvzJJMWF/CgshSjEYGVg0ELpd2dw4PKB+/MEGWjl7kdRYLpMUQIdRZx/
YFDT+IRnDrGTlHa+OyMGT9ZjH81SM4VcfllWSB4y+jSTGBUBXGi2QqIQS/rgG/nh
cCSB0T+FFVnOiQzGeEXlZCzwObtpUcH5xex4nO2S4ERUqczyqUVPgQ3Kb4xG1FnB
yxQQJg5HN+NZjoOSk3EjujhcaOvZNc6BNHwvycdukiD4X5G3lVt+Ns5MULkNntth
MQKCAQEAt2ZKJKPToeHR+xmFCch57tn0RU41bJFiTZLRq9ukWM3fA6ZAdGlin+o6
1GNGWjUO0WBM2FChXSgSn/8PygNdvpVmAynNBdyfHYC1rNIivJIUF49XQIYoeWXO
+zV4nKx3iMAAvdcGp8q+ArBWi6mgggX5pGIh707IlK5HPBqzR939Q46eOQ+DCzgY
IrRReX5n3QibZSOm5SxnKXWi59xOHjNIh7Q4yAAdN7BZV5v1ZEPVuMZQ3gNf6cbz
/TCiyGhDtya6ATEqvrGQotUvyhv/SU9QImBY2LZtCEMIywi1vSKaUQo6k8aVKpzj
SNWtOv+BRPbSTymad6j1nxTu83Ij4A==
-----END PRIVATE KEY-----

21
MBR/openvpn/home/keys/ta.key Normal file
View File

@ -0,0 +1,21 @@
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
c1bb483e19d6c90def9e3b3054725c26
83dad3473e46c324617f10954a9ef0c0
04d3e53c787043db4b2f0c0f55d38928
13ccfe3325bdc2a12294ee4a6eee14e1
301e57912bdb03502032b97dd30fa67a
6f7f2af6759ed4a6f7d32e863417c38f
d0d29d7c1c2aea2b60c273878919c815
220984a3a5e996a8ad9e01bc5595b87c
2e60411d8d44f0769ed53afff6259395
112f2218b859ce5ae46542be229ec2aa
ab78338e1db08e5765571faf096fb5d3
ebf22fc761cd3a70ef97c4cb20dd1778
830a8b2b1463e8101825003181e8e188
74dd61d43462ef4f8271c68c5aebdb07
a4300e941ab9bfbdb5f34f23442222b8
7c5b89d7e9ff18e1367af366abf53c3d
-----END OpenVPN Static key V1-----

319
MBR/openvpn/server-gw-ckubu.conf Normal file
View File

@ -0,0 +1,319 @@
#################################################
# Sample OpenVPN 2.0 config file for #
# multi-client server. #
# #
# This file is for the server side #
# of a many-clients <-> one-server #
# OpenVPN configuration. #
# #
# OpenVPN also supports #
# single-machine <-> single-machine #
# configurations (See the Examples page #
# on the web site for more info). #
# #
# This config should work on Windows #
# or Linux/BSD systems. Remember on #
# Windows to quote pathnames and use #
# double backslashes, e.g.: #
# "C:\\Program Files\\OpenVPN\\config\\foo.key" #
# #
# Comments are preceded with '#' or ';' #
#################################################
# Which local IP address should OpenVPN
# listen on? (optional)
;local a.b.c.d
# Which TCP/UDP port should OpenVPN listen on?
# If you want to run multiple OpenVPN instances
# on the same machine, use a different port
# number for each one. You will need to
# open up this port on your firewall.
port 1195
# TCP or UDP server?
;proto tcp
proto udp
topology subnet
route 192.168.63.0 255.255.255.0 10.1.112.1
route 192.168.64.0 255.255.255.0 10.1.112.1
# "dev tun" will create a routed IP tunnel,
# "dev tap" will create an ethernet tunnel.
# Use "dev tap" if you are ethernet bridging.
# If you want to control access policies
# over the VPN, you must create firewall
# rules for the the TUN/TAP interface.
# On non-Windows systems, you can give
# an explicit unit number, such as tun0.
# On Windows, use "dev-node" for this.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Enable TUN IPv6 module
;tun-ipv6
# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel if you
# have more than one. On XP SP2 or higher,
# you may need to selectively disable the
# Windows firewall for the TAP adapter.
# Non-Windows systems usually don't need this.
;dev-node MyTap
# SSL/TLS root certificate (ca), certificate
# (cert), and private key (key). Each client
# and the server must have their own cert and
# key file. The server and all clients will
# use the same ca file.
#
# See the "easy-rsa" directory for a series
# of scripts for generating RSA certificates
# and private keys. Remember to use
# a unique Common Name for the server
# and each of the client certificates.
#
# Any X509 key management system can be used.
# OpenVPN can also use a PKCS #12 formatted key file
# (see "pkcs12" directive in man page).
ca /etc/openvpn/gw-ckubu/keys/ca.crt
cert /etc/openvpn/gw-ckubu/keys/server.crt
key /etc/openvpn/gw-ckubu/keys/server.key # This file should be kept secret
# Diffie hellman parameters.
# Generate your own with:
# openssl dhparam -out dh1024.pem 1024
# Substitute 2048 for 1024 if you are using
# 2048 bit keys.
dh /etc/openvpn/gw-ckubu/keys/dh4096.pem
# Configure server mode and supply a VPN subnet
# for OpenVPN to draw client addresses from.
# The server will take 10.8.0.1 for itself,
# the rest will be made available to clients.
# Each client will be able to reach the server
# on 10.8.0.1. Comment this line out if you are
# ethernet bridging. See the man page for more info.
;server 10.8.0.0 255.255.255.0
;server-ipv6 2a01:30:1fff:fd00::/64
server 10.1.112.0 255.255.255.0
# Maintain a record of client <-> virtual IP address
# associations in this file. If OpenVPN goes down or
# is restarted, reconnecting clients can be assigned
# the same virtual IP address from the pool that was
# previously assigned.
ifconfig-pool-persist /etc/openvpn/gw-ckubu/ipp.txt
# Configure server mode for ethernet bridging.
# You must first use your OS's bridging capability
# to bridge the TAP interface with the ethernet
# NIC interface. Then you must manually set the
# IP/netmask on the bridge interface, here we
# assume 10.8.0.4/255.255.255.0. Finally we
# must set aside an IP range in this subnet
# (start=10.8.0.50 end=10.8.0.100) to allocate
# to connecting clients. Leave this line commented
# out unless you are ethernet bridging.
;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
# Push routes to the client to allow it
# to reach other private subnets behind
# the server. Remember that these
# private subnets will also need
# to know to route the OpenVPN client
# address pool (10.8.0.0/255.255.255.0)
# back to the OpenVPN server.
;push "route 10.8.0.0 255.255.255.0"
push "route 172.16.112.0 255.255.255.0"
push "route 192.168.112.0 255.255.255.0"
push "route 192.168.113.0 255.255.255.0"
# To assign specific IP addresses to specific
# clients or if a connecting client has a private
# subnet behind it that should also have VPN access,
# use the subdirectory "ccd" for client-specific
# configuration files (see man page for more info).
client-config-dir /etc/openvpn/gw-ckubu/ccd/server-gw-ckubu
# ---
# EXAMPLE: Suppose the client
# having the certificate common name "Thelonious"
# also has a small subnet behind his connecting
# machine, such as 192.168.40.128/255.255.255.248.
# First, uncomment out these lines:
;client-config-dir /etc/openvpn/ccd
;route 192.168.40.128 255.255.255.248
# Then create a file ccd/Thelonious with this line:
# iroute 192.168.40.128 255.255.255.248
# This will allow Thelonious' private subnet to
# access the VPN. This example will only work
# if you are routing, not bridging, i.e. you are
# using "dev tun" and "server" directives.
# ---
# ---
# EXAMPLE: Suppose you want to give
# Thelonious a fixed VPN IP address of 10.9.0.1.
# First uncomment out these lines:
;client-config-dir ccd
;route 10.9.0.0 255.255.255.252
# Then add this line to ccd/Thelonious:
# ifconfig-push 10.9.0.1 10.9.0.2
# ---
# ---
# Suppose that you want to enable different
# firewall access policies for different groups
# of clients. There are two methods:
# (1) Run multiple OpenVPN daemons, one for each
# group, and firewall the TUN/TAP interface
# for each group/daemon appropriately.
# (2) (Advanced) Create a script to dynamically
# modify the firewall in response to access
# from different clients. See man
# page for more info on learn-address script.
;learn-address ./script
# ---
# If enabled, this directive will configure
# all clients to redirect their default
# network gateway through the VPN, causing
# all IP traffic such as web browsing and
# and DNS lookups to go through the VPN
# (The OpenVPN server machine may need to NAT
# the TUN/TAP interface to the internet in
# order for this to work properly).
# CAVEAT: May break client's network config if
# client's local DHCP server packets get routed
# through the tunnel. Solution: make sure
# client's local DHCP server is reachable via
# a more specific route than the default route
# of 0.0.0.0/0.0.0.0.
;push "redirect-gateway"
# Certain Windows-specific network settings
# can be pushed to clients, such as DNS
# or WINS server addresses. CAVEAT:
# http://openvpn.net/faq.html#dhcpcaveats
;push "dhcp-option WINS 10.8.0.1"
push "dhcp-option DNS 192.168.112.1"
push "dhcp-option DOMAIN mbr-bln.netz"
# Uncomment this directive to allow different
# clients to be able to "see" each other.
# By default, clients will only see the server.
# To force clients to only see the server, you
# will also need to appropriately firewall the
# server's TUN/TAP interface.
client-to-client
# Uncomment this directive if multiple clients
# might connect with the same certificate/key
# files or common names. This is recommended
# only for testing purposes. For production use,
# each client should have its own certificate/key
# pair.
#
# IF YOU HAVE NOT GENERATED INDIVIDUAL
# CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
# EACH HAVING ITS OWN UNIQUE "COMMON NAME",
# UNCOMMENT THIS LINE OUT.
;duplicate-cn
# The keepalive directive causes ping-like
# messages to be sent back and forth over
# the link so that each side knows when
# the other side has gone down.
# Ping every 10 seconds, assume that remote
# peer is down if no ping received during
# a 120 second time period.
keepalive 10 120
# For extra security beyond that provided
# by SSL/TLS, create an "HMAC firewall"
# to help block DoS attacks and UDP port flooding.
#
# Generate with:
# openvpn --genkey --secret ta.key
#
# The server and each client must have
# a copy of this key.
# The second parameter should be '0'
# on the server and '1' on the clients.
;tls-auth ta.key 0 # This file is secret
tls-auth /etc/openvpn/gw-ckubu/keys/ta.key 0
# Select a cryptographic cipher.
# This config item must be copied to
# the client config file as well.
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
cipher AES-256-CBC
# Enable compression on the VPN link.
# If you enable it here, you must also
# enable it in the client config file.
comp-lzo
# The maximum number of concurrently connected
# clients we want to allow.
;max-clients 100
# It's a good idea to reduce the OpenVPN
# daemon's privileges after initialization.
#
# You can uncomment this out on
# non-Windows systems.
user nobody
group nogroup
# The persist options will try to avoid
# accessing certain resources on restart
# that may no longer be accessible because
# of the privilege downgrade.
persist-key
persist-tun
persist-local-ip
persist-remote-ip
# Output a short status file showing
# current connections, truncated
# and rewritten every minute.
;status openvpn-status.log
status /var/log/openvpn/status-server-gw-ckubu.log
# By default, log messages will go to the syslog (or
# on Windows, if running as a service, they will go to
# the "\Program Files\OpenVPN\log" directory).
# Use log or log-append to override this default.
# "log" will truncate the log file on OpenVPN startup,
# while "log-append" will append to it. Use one
# or the other (but not both).
;log-append openvpn.log
;log openvpn.log
log /var/log/openvpn/server-gw-ckubu.log
# Set the appropriate level of log
# file verbosity.
#
# 0 is silent, except for fatal errors
# 4 is reasonable for general usage
# 5 and 6 can help to debug connection problems
# 9 is extremely verbose
verb 1
# Silence repeating messages. At most 20
# sequential messages of the same message
# category will be output to the log.
;mute 20
# CRL (certificate revocation list) verification
crl-verify /etc/openvpn/gw-ckubu/crl.pem

316
MBR/openvpn/server-home.conf Normal file
View File

@ -0,0 +1,316 @@
#################################################
# Sample OpenVPN 2.0 config file for #
# multi-client server. #
# #
# This file is for the server side #
# of a many-clients <-> one-server #
# OpenVPN configuration. #
# #
# OpenVPN also supports #
# single-machine <-> single-machine #
# configurations (See the Examples page #
# on the web site for more info). #
# #
# This config should work on Windows #
# or Linux/BSD systems. Remember on #
# Windows to quote pathnames and use #
# double backslashes, e.g.: #
# "C:\\Program Files\\OpenVPN\\config\\foo.key" #
# #
# Comments are preceded with '#' or ';' #
#################################################
# Which local IP address should OpenVPN
# listen on? (optional)
;local a.b.c.d
# Which TCP/UDP port should OpenVPN listen on?
# If you want to run multiple OpenVPN instances
# on the same machine, use a different port
# number for each one. You will need to
# open up this port on your firewall.
port 1194
# TCP or UDP server?
;proto tcp
proto udp
topology subnet
# "dev tun" will create a routed IP tunnel,
# "dev tap" will create an ethernet tunnel.
# Use "dev tap" if you are ethernet bridging.
# If you want to control access policies
# over the VPN, you must create firewall
# rules for the the TUN/TAP interface.
# On non-Windows systems, you can give
# an explicit unit number, such as tun0.
# On Windows, use "dev-node" for this.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Enable TUN IPv6 module
;tun-ipv6
# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel if you
# have more than one. On XP SP2 or higher,
# you may need to selectively disable the
# Windows firewall for the TAP adapter.
# Non-Windows systems usually don't need this.
;dev-node MyTap
# SSL/TLS root certificate (ca), certificate
# (cert), and private key (key). Each client
# and the server must have their own cert and
# key file. The server and all clients will
# use the same ca file.
#
# See the "easy-rsa" directory for a series
# of scripts for generating RSA certificates
# and private keys. Remember to use
# a unique Common Name for the server
# and each of the client certificates.
#
# Any X509 key management system can be used.
# OpenVPN can also use a PKCS #12 formatted key file
# (see "pkcs12" directive in man page).
ca /etc/openvpn/home/keys/ca.crt
cert /etc/openvpn/home/keys/server.crt
key /etc/openvpn/home/keys/server.key # This file should be kept secret
# Diffie hellman parameters.
# Generate your own with:
# openssl dhparam -out dh1024.pem 1024
# Substitute 2048 for 1024 if you are using
# 2048 bit keys.
dh /etc/openvpn/home/keys/dh4096.pem
# Configure server mode and supply a VPN subnet
# for OpenVPN to draw client addresses from.
# The server will take 10.8.0.1 for itself,
# the rest will be made available to clients.
# Each client will be able to reach the server
# on 10.8.0.1. Comment this line out if you are
# ethernet bridging. See the man page for more info.
;server 10.8.0.0 255.255.255.0
;server-ipv6 2a01:30:1fff:fd00::/64
server 10.0.112.0 255.255.255.0
# Maintain a record of client <-> virtual IP address
# associations in this file. If OpenVPN goes down or
# is restarted, reconnecting clients can be assigned
# the same virtual IP address from the pool that was
# previously assigned.
ifconfig-pool-persist /etc/openvpn/home/ipp.txt
# Configure server mode for ethernet bridging.
# You must first use your OS's bridging capability
# to bridge the TAP interface with the ethernet
# NIC interface. Then you must manually set the
# IP/netmask on the bridge interface, here we
# assume 10.8.0.4/255.255.255.0. Finally we
# must set aside an IP range in this subnet
# (start=10.8.0.50 end=10.8.0.100) to allocate
# to connecting clients. Leave this line commented
# out unless you are ethernet bridging.
;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
# Push routes to the client to allow it
# to reach other private subnets behind
# the server. Remember that these
# private subnets will also need
# to know to route the OpenVPN client
# address pool (10.8.0.0/255.255.255.0)
# back to the OpenVPN server.
;push "route 10.8.0.0 255.255.255.0"
push "route 192.168.112.0 255.255.255.0"
push "route 192.168.113.0 255.255.255.0"
# To assign specific IP addresses to specific
# clients or if a connecting client has a private
# subnet behind it that should also have VPN access,
# use the subdirectory "ccd" for client-specific
# configuration files (see man page for more info).
client-config-dir /etc/openvpn/home/ccd/server-home
# ---
# EXAMPLE: Suppose the client
# having the certificate common name "Thelonious"
# also has a small subnet behind his connecting
# machine, such as 192.168.40.128/255.255.255.248.
# First, uncomment out these lines:
;client-config-dir /etc/openvpn/ccd
;route 192.168.40.128 255.255.255.248
# Then create a file ccd/Thelonious with this line:
# iroute 192.168.40.128 255.255.255.248
# This will allow Thelonious' private subnet to
# access the VPN. This example will only work
# if you are routing, not bridging, i.e. you are
# using "dev tun" and "server" directives.
# ---
# ---
# EXAMPLE: Suppose you want to give
# Thelonious a fixed VPN IP address of 10.9.0.1.
# First uncomment out these lines:
;client-config-dir ccd
;route 10.9.0.0 255.255.255.252
# Then add this line to ccd/Thelonious:
# ifconfig-push 10.9.0.1 10.9.0.2
# ---
# ---
# Suppose that you want to enable different
# firewall access policies for different groups
# of clients. There are two methods:
# (1) Run multiple OpenVPN daemons, one for each
# group, and firewall the TUN/TAP interface
# for each group/daemon appropriately.
# (2) (Advanced) Create a script to dynamically
# modify the firewall in response to access
# from different clients. See man
# page for more info on learn-address script.
;learn-address ./script
# ---
# If enabled, this directive will configure
# all clients to redirect their default
# network gateway through the VPN, causing
# all IP traffic such as web browsing and
# and DNS lookups to go through the VPN
# (The OpenVPN server machine may need to NAT
# the TUN/TAP interface to the internet in
# order for this to work properly).
# CAVEAT: May break client's network config if
# client's local DHCP server packets get routed
# through the tunnel. Solution: make sure
# client's local DHCP server is reachable via
# a more specific route than the default route
# of 0.0.0.0/0.0.0.0.
;push "redirect-gateway"
# Certain Windows-specific network settings
# can be pushed to clients, such as DNS
# or WINS server addresses. CAVEAT:
# http://openvpn.net/faq.html#dhcpcaveats
;push "dhcp-option WINS 10.8.0.1"
push "dhcp-option DNS 192.168.112.1"
push "dhcp-option DOMAIN mbr-bln.netz"
# Uncomment this directive to allow different
# clients to be able to "see" each other.
# By default, clients will only see the server.
# To force clients to only see the server, you
# will also need to appropriately firewall the
# server's TUN/TAP interface.
client-to-client
# Uncomment this directive if multiple clients
# might connect with the same certificate/key
# files or common names. This is recommended
# only for testing purposes. For production use,
# each client should have its own certificate/key
# pair.
#
# IF YOU HAVE NOT GENERATED INDIVIDUAL
# CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
# EACH HAVING ITS OWN UNIQUE "COMMON NAME",
# UNCOMMENT THIS LINE OUT.
;duplicate-cn
# The keepalive directive causes ping-like
# messages to be sent back and forth over
# the link so that each side knows when
# the other side has gone down.
# Ping every 10 seconds, assume that remote
# peer is down if no ping received during
# a 120 second time period.
keepalive 10 120
# For extra security beyond that provided
# by SSL/TLS, create an "HMAC firewall"
# to help block DoS attacks and UDP port flooding.
#
# Generate with:
# openvpn --genkey --secret ta.key
#
# The server and each client must have
# a copy of this key.
# The second parameter should be '0'
# on the server and '1' on the clients.
;tls-auth ta.key 0 # This file is secret
tls-auth /etc/openvpn/home/keys/ta.key 0
# Select a cryptographic cipher.
# This config item must be copied to
# the client config file as well.
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
cipher AES-256-CBC
# Enable compression on the VPN link.
# If you enable it here, you must also
# enable it in the client config file.
comp-lzo
# The maximum number of concurrently connected
# clients we want to allow.
;max-clients 100
# It's a good idea to reduce the OpenVPN
# daemon's privileges after initialization.
#
# You can uncomment this out on
# non-Windows systems.
user nobody
group nogroup
# The persist options will try to avoid
# accessing certain resources on restart
# that may no longer be accessible because
# of the privilege downgrade.
persist-key
persist-tun
persist-local-ip
persist-remote-ip
# Output a short status file showing
# current connections, truncated
# and rewritten every minute.
;status openvpn-status.log
status /var/log/openvpn/status-server-home.log
# By default, log messages will go to the syslog (or
# on Windows, if running as a service, they will go to
# the "\Program Files\OpenVPN\log" directory).
# Use log or log-append to override this default.
# "log" will truncate the log file on OpenVPN startup,
# while "log-append" will append to it. Use one
# or the other (but not both).
;log-append openvpn.log
;log openvpn.log
log /var/log/openvpn/server-home.log
# Set the appropriate level of log
# file verbosity.
#
# 0 is silent, except for fatal errors
# 4 is reasonable for general usage
# 5 and 6 can help to debug connection problems
# 9 is extremely verbose
verb 1
# Silence repeating messages. At most 20
# sequential messages of the same message
# category will be output to the log.
;mute 20
# CRL (certificate revocation list) verification
crl-verify /etc/openvpn/home/crl.pem

58
MBR/openvpn/update-resolv-conf Executable file
View File

@ -0,0 +1,58 @@
#!/bin/bash
#
# Parses DHCP options from openvpn to update resolv.conf
# To use set as 'up' and 'down' script in your openvpn *.conf:
# up /etc/openvpn/update-resolv-conf
# down /etc/openvpn/update-resolv-conf
#
# Used snippets of resolvconf script by Thomas Hood and Chris Hanson.
# Licensed under the GNU GPL. See /usr/share/common-licenses/GPL.
#
# Example envs set from openvpn:
#
# foreign_option_1='dhcp-option DNS 193.43.27.132'
# foreign_option_2='dhcp-option DNS 193.43.27.133'
# foreign_option_3='dhcp-option DOMAIN be.bnc.ch'
#
[ -x /sbin/resolvconf ] || exit 0
[ "$script_type" ] || exit 0
[ "$dev" ] || exit 0
split_into_parts()
{
part1="$1"
part2="$2"
part3="$3"
}
case "$script_type" in
up)
NMSRVRS=""
SRCHS=""
for optionvarname in ${!foreign_option_*} ; do
option="${!optionvarname}"
echo "$option"
split_into_parts $option
if [ "$part1" = "dhcp-option" ] ; then
if [ "$part2" = "DNS" ] ; then
NMSRVRS="${NMSRVRS:+$NMSRVRS }$part3"
elif [ "$part2" = "DOMAIN" ] ; then
SRCHS="${SRCHS:+$SRCHS }$part3"
fi
fi
done
R=""
[ "$SRCHS" ] && R="search $SRCHS
"
for NS in $NMSRVRS ; do
R="${R}nameserver $NS
"
done
echo -n "$R" | /sbin/resolvconf -a "${dev}.openvpn"
;;
down)
/sbin/resolvconf -d "${dev}.openvpn"
;;
esac