o.open/Office_Networks
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Christoph
2018-05-08 03:01:03 +02:00
commit 1c4c595cd6
3256 changed files with 417972 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

260
MBR/openvpn/home/chris.conf Normal file
View File

@ -0,0 +1,260 @@
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote gw-mbr.oopen.de 1194
topology subnet
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Try to preserve some state across restarts.
persist-key
persist-tun
# Server CA
<ca>
-----BEGIN CERTIFICATE-----
MIIHDzCCBPegAwIBAgIJAJVCoWERyZjAMA0GCSqGSIb3DQEBCwUAMIG1MQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMH
VlBOLU1CUjEQMA4GA1UEKRMHVlBOIE1CUjE0MDIGCSqGSIb3DQEJARYlY2t1YnUt
YWRtLm9vcGVuLmRlQGNrdWJ1LWFkbS5vb3Blbi5kZTAeFw0xNzEyMTgyMDE0MDJa
Fw00OTEyMTgyMDE0MDJaMIG1MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGlu
MQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0
d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLU1CUjEQMA4GA1UEKRMHVlBOIE1C
UjE0MDIGCSqGSIb3DQEJARYlY2t1YnUtYWRtLm9vcGVuLmRlQGNrdWJ1LWFkbS5v
b3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANUaZu29kklR
KZaXQ2SgHjDribwcLM+XeBDZsrKXIkwYmOHXxX1BcDXhWYeQyJ1n7gyRHZzcSC9u
1NNnYvGMdpcuz9dwXZgBC5zspmyXIRaynlo9xtb44ug7CNoMuLReZB6cLWTbkd47
eQsQOXu+tIy5DvjDxybZaCudLUKfZ3sty64sydqUJZ8cXo1ucdGreB4RLWiI29Dt
ziLtJ0fvkmMLmfvh/RQqWqKYqHQRlMZCZnCghP3oCCZztfylB2iHsp4MZf42rXA4
Q9idVDD8PMu7opzzjgrbUjlJk/Hs6NcM2bjbsCp8/rj/akH6M14W8IJYpuHkgAmU
bCOnPTCcWVjpgF6R5ASXRfbegyNf05BrXQRHtW3Xh94aRrvDzh25aObHnV+P6pnv
8ek1vMSGk9FC1vBomHftqIL6sa+JOevWgK0jFYNungpBezfqDRpf0c/h8OGviN1r
m9s/D6Dc1eSf9vFlPN5faxb+V3xurC3e7/Lh9ZNXqBW4HYd1Da9BQM5vRY/H8ffj
szIrhJ/pTEVKChmBOqvfTuoLHBbiT+XUQcW7C3hKk06rBD9CSIywaC+ctHAtXvEA
Y+0q77VQus1TPcSeGHXShzvv5lEXoMygd786OKF/3ZtT+3YDbk1AeZx49o76hMmP
cWHCRmoWy8t2rHFYshMmPkl7EYlLA/C3AgMBAAGjggEeMIIBGjAdBgNVHQ4EFgQU
D8mVsJqjS31KjAa4+MfmGhkqJDowgeoGA1UdIwSB4jCB34AUD8mVsJqjS31KjAa4
+MfmGhkqJDqhgbukgbgwgbUxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4x
DzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3
b3JrIFNlcnZpY2VzMRAwDgYDVQQDEwdWUE4tTUJSMRAwDgYDVQQpEwdWUE4gTUJS
MTQwMgYJKoZIhvcNAQkBFiVja3VidS1hZG0ub29wZW4uZGVAY2t1YnUtYWRtLm9v
cGVuLmRlggkAlUKhYRHJmMAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC
AgEAV2wqjTAKpWww3jHS/tAMxd6JAjCp1MPV00dHXoez3kHwTw2KlnO0WwtYS4KU
s3+qtOBY35++42hH4U7KCKpjW0w5sTBjw+ql13xh0CueKMvs6T6kVGIBPiyosEE2
VLYeyZf47A/BQSAwNeLKIMxflTBVwqqeaO6bPu6xlfEAwNSmvj/uxKf0mHYCjNSc
Q2KBABU0A+AjvsvuSMec64tvWQA9ty6YZfo/qSRnUkCqISme9IFOWKyuSNGUgbfX
xFK8zcOUqLwvz8OlNHBcLiI4+ue2fy1TrLVyMkJFhllfuGTHpYqDqGJHAl5AocJx
eppXLhUR5xmVXQjn50HTj5GukxZbX+6eUxIpRvydAJ3emU/3g6vS1MygHDGTPb9b
Ovk0mrGS+wlHsx9kmrO3Ge/BULuX/M0qvqWk4w29f5CZy4vcI3l4uhnrFlmp21b7
+EGQQw2+CNyP5CsD+BQlx+5FhthuH+nU85mZkLRIebgNep5O09remcYNka80XFfs
OLXve4/ByQW8iXuxyIlEqv56Bz/H70yug8MI000pZ/DL44+0GnMz7ULP0nAHp3Yd
sU6nFG7fH5cvbw0CMniC+0LBuNzxgUwnoiqj95fvqbseM0LK6YxmblFnD7tCZh4W
Ns4Mjg+3sAI9gmpcFMUU1l+TMV48Xo2FRYwYtW/nz7CIzh0=
-----END CERTIFICATE-----
</ca>
# Client Certificate
<cert>
-----BEGIN CERTIFICATE-----
MIIHWjCCBUKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBtTELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1NQlIx
EDAOBgNVBCkTB1ZQTiBNQlIxNDAyBgkqhkiG9w0BCQEWJWNrdWJ1LWFkbS5vb3Bl
bi5kZUBja3VidS1hZG0ub29wZW4uZGUwHhcNMTcxMjE4MjM0MTI3WhcNMzcxMjE4
MjM0MTI3WjCBqDELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UE
BxMGQmVybGluMQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2Vy
dmljZXMxFjAUBgNVBAMTDVZQTi1NQlItY2hyaXMxEDAOBgNVBCkTB1ZQTiBNQlIx
ITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTCCAiIwDQYJKoZIhvcN
AQEBBQADggIPADCCAgoCggIBAMQtPb0fscWy9ex2AICZnA2ybIHVfEPbsUp24FUd
t6hZ9mIF7cqWKD00ujBUcdRBc9K/vq3wdjwTC9pyRmsFfnI4+EE3Sa8wNBtYA/K8
gIPte2jRlDiRswRjHyQAM7ICzUz1UcfqmI8gm9xz1iEi6FWNDdcPXqwEmWIIcn1T
Px9QqnT0c7J+MNs7G1uaaqlFitlKgTpMAyCi+9My+N0eXxmMT/l5OyMyyCttnRkz
y2I2I/dhoyNfNk0fE4lGwpzZUz+gWXZgxTNDZ+XaEcl84kyx/G1SWMQOe9W21tgW
DtkrXuyVy3qjzc2csSZxoA/ahmqxb+1pEngk1wvuF2y5/wSa4G+SjgSy0z6keygS
YbQ9IIx9ZKzHMxgoy30aEoSIYJ3LKpIZfu860M+LMuhzlKdlADj5MpEL3iOaxCUl
Jcq8j+VDogmJ1+xZauC0w+1bOi2+0z2Gp16s74zVFVCJqrN5JWFP40Z7pgVPb8Ji
foglEyoi+jAsaZ87q4rVHJCi/LKev8EGj20PAFacS2yCzubtLUyA4DJ/4aFIl4MH
3mO5oMPs9hQ06LbzYIjDbh8bUTczFnPhkZa7PHAnE5jwF36/aiP9iprTtMBEvJJ6
sKjlC/vPPk2y79Mc2WbyNlp2qAiEtminnZi7qY/495ePNv5WmG6UYQINwVfs2vxb
FCFNAgMBAAGjggF+MIIBejAJBgNVHRMEAjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5
LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFPb8U3JvkgcXvtSE
py6Qtz8e6/k0MIHqBgNVHSMEgeIwgd+AFA/JlbCao0t9SowGuPjH5hoZKiQ6oYG7
pIG4MIG1MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZC
ZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNl
czEQMA4GA1UEAxMHVlBOLU1CUjEQMA4GA1UEKRMHVlBOIE1CUjE0MDIGCSqGSIb3
DQEJARYlY2t1YnUtYWRtLm9vcGVuLmRlQGNrdWJ1LWFkbS5vb3Blbi5kZYIJAJVC
oWERyZjAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAQBgNVHREE
CTAHggVjaHJpczANBgkqhkiG9w0BAQsFAAOCAgEAR+vl8ToNdA0KId+ifagINHpz
OMfFlBkkFVLhZGcoQp+HJV5I97zSt41Ybozrwo6Jnjv3wX/vYzqTl/oUrT9gjAhB
qMy9CEgMzyxBMl6ys2YqdBiRDC6sSkSY0q0BuZ8wHmvvzymlrwjNXIkdk1bbYtzx
9P417K63FSoTmIB8eVNUIoX4xusM80NCAR+1jnSyFoN6CrrnQA5L13GvyPZl7HMY
7gANKpUcPkqo0vnltIih4qbDESVlUIwSLocO6e9QLfmEh6n5onJqSORdrRaj3XdY
vXKQmlu3i0AXhVkQXQ3mdZbjYyYfSXO31uuuAhTR0Ji+p/znHF7Fxc4otmamhFcv
lRuAu4ai5qPsjHMsHMIb6eKKVWTHQ8iDKcOteaJk1x5KqTuKq6aBcmIxIFbZTpR1
rQfQs/9GjdIyJwHVHFAgymHiXjxmx06ZTXdrAMJpnpcMZD0iIrE08UMi3/jTtE4z
PE65tITvaFLtnl1cr3fFNXS0vDkmRQ7ejA5NsggghVU+vWQ8UPKRab7hoWXylVvD
GLQRglmQbM5VQgKLSlDrWFbD6fnI2kWSZmtxK2Mu7ab+HpflWRKTt7xUNlhPWUKz
1I6NVweL4WZ+0l6Y2ETxlUzqCylBrKtqQ44lGsPvJ+j2bwM5OIjKeElWMb2dzZJL
Q3Ox4pNDPk+BEHQrxl0=
-----END CERTIFICATE-----
</cert>
# Client Key
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIxiEqdBH+tBACAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECHYLwIQAaxwVBIIJSDIjWSU9/Kok
bbatj//bCab//36qcLRn2ZF3xT5bUevvX6PMDhI9X6d612AVAd7V20/nloX6jmYE
5bmAWiUjDtJNynXcdxe4RtyVfViECX+vGCQwz1MhN24GzGIyCm7V0/nJU6Stqoh5
DQ+RSqpBrjcFZAWNvFYfRKG0K5QCPG3DirP02ndbqZZY+phklAwunZGaf0Ao3n2P
Iqr+/sF7D6MjcS3jFqWYyCtHrqCK+3OyQLoWcsJKK5boYq6ywcPF/9qZJoCAQX4r
tbQ+2hEvL1hVte8l+ZtM331irHdmJ8A3UJNp2zR8SBQoO61lKZ0gNcfQzfnBEJpS
Xymds+2jtcgwGYCNp3fpZk8cn3ejRGEu1Z/2KSXVlDqA4VF+tlQbcHHaQawdL5/i
Gu4tbbxt9ZfBjKn1N7GhOnheF/xK6jxaip5fP+GsU48Qhko7ng4ckGlM3dHEDkhY
005X3pwqNM5+nW73yl6Qhdj7AAq0Rjsxa3crqkDkJ+XFWq7E6Wo+g9xhous+I0lZ
LGE/GaJ8A0Hg/A35b9cCDDToxoSZm8MxZh6rBQeRlMddQ0Bki/WKqg3os9FLEY/a
T++sWWuoPw2Ei0TkKJcNStMhM/0cIY/WduOMx1zg3drApQYM4CU4lt1L8nyAzhoP
QJs0oZreY5Pt0VA9wfvg3ULlXlk0pMsIP58ci8MQ2veyTmmBEqe9TE7UiJuQrmD5
yQFfg56bcibeRJ7l6HCdgpL41s4NvNf/sPvUMx7rNkVOqgXtO5qAMhF1ODLe51BS
t990Ht6atPWEypKoxoja83OIAyn/78HLVyCf229ysQTM/YKF85H9ut+TOE9NgmLS
/7CJntWBf0wzLKzHLVhjnT1XWWvmyGQkci04+82gSwZiURPgNowTUNGozL0bNRQR
aRGlY/DT23vO3NmBz+sz92RUVBkAeJ5ujW8GozlVp8elhdgFnPbrNPVRW16XryyV
Ql/hS56GqswtJXHHMkRx4xLUujKDvkzNUboJZvZLj1pTBEH5irJFYvdHOfd/oZKx
197DIDcL72ESQHKAesogpDc8erl5AFYnEdRg54mR1lcgDzEbK4r1pQdE///H3XSU
90VlO7DOHR5tzp26njZTo8hokXVzxd2MEd8O/2tWCj55mZP8A8Fp+uWu+YBtV4KT
es3j9udI1cAMQiKL/jMOoH78+IRn2Cdw7WlLLCq3hduPJFCwH+S/WFFcDWDhCRcN
ko5CYLvHjb32PakjYgRBelTRGSBl75lUiNrRep5apCMuREvLNP3A+pmmwCs5H+fu
OKrOVHJ0pUHt8439DDeSozT3JKm+ngowuPO6JG77e1gSZ8rSHySoUBI4sGXEDcpp
6+PzATzDJr9ZLYg7UumjIQ08YX14yHPEjl64SHQZQpcE8T8XfSEESi2dBjCcQ14Q
G2a/40MFNn1a9XnMIAdw3DfPV6bTIi/LJaCCU//OFhuiPyONXuMtdCRkoA9tKHlZ
fGZ70AlLG82yJ+2BLLuvxmapmq0OFZQm+nobw0c7lZP8PWCekK6QYVREkDvn42DD
snO5gItiQIgLfW6zqq6kEXn3thBSFEFuizGprhLhnEJs+zDJ50CTs4I2QquGBdVn
Crtyp83Kf9TnaDs0VK0u/bYXjyDx82IZEIERf05La8wS3RprC7fAqAqTQ2BF2u57
2/6B7QvD8nFxYQszU1KUsaTfzRyVziAXC/t5XmMrOtZsWbimKd/o6rt0EsmNXl5R
S/GLJSqhIODLzpf1LclapRzA4JqXHpZ1JG2mr8ohKawouLvvXU39yHMOrnVaWL/S
75ZzcbKwNfnXe6lh8o7g6Ryq+5wRQpTBdEquzrPZod6uiM0Y6QgCOeDwTfpgpdXt
6JF7x75oPEW+Q5ZFvEuopzXCslIbHyycgFmlGNrYn6T0vQ5r3mYjPAtm14S0Yl0D
Dw1ykmqcLFAb6YQUKoSEJG8wPnrR6mYE1643ZQJtbgo5Grgrxd8a3+TJNhU0h4oP
1aMEG0DJFtBV6TSUojZYDwQ+pmWTp2wWyECUUkoFUeHU2oGUzEmUfj6DK3Ewh8mQ
zjUtiYN6yq68u0Y51MOIe2UrP/PjGO+EM7fmQc3oR/hA80+8LHXInEeMc3B6iLH1
MwkrslbSSaynD8bAoO9rQyvWCrwSJwjdGWYd/bPpEXILDkDhqD+E/7cJkSU2CJp9
SWrFm34IStVMGOkqRn0X4Q4Ml+RilgQy/0Nr7CQeODjHJJC6LdqePj8AMphZtWNo
QjI0ysctUJ9AZfy+xfdyxT/66kmisQFeRrYe9t9C1AEz7wQhTXTc/nPB0071JL+h
pcTVywqRPwLD+Dy4qpGc1Ocb355ieIJGi72rVieYCK5clohPeex/iM3Ay+yuhVfM
h/MS2oKaJi5M1HzOfNI/DLlEDtGHmbla12W9wWJGyQ+HKtNO2uFHgE1aRY3Exyev
E9jUDO7KUBwKutQVpvLiX0w8ftAx6QPu/7VZ8jVar9P2kIfijtIghBcPP+/Xb2/R
+OxXjwZrpJSanR8KVMxk1Gtp9dFrry2mtpMpPDqIat7Gj+/YBMov05M7Tk1arrYM
N29MylzYEaJj4+2apMzo3/TW53ld3mc4idVLNavAcCq+t6DZWdbUTkpUpNTMBEmC
ZZ+BOyQMqekM9Lo4My0XvairkmHSmRnQJND0MEc+C547z8vRFHYGo7WGFeaZXEo1
KHH+s1BFMEZFkJZPbuPuSXf+tNEfXjofMIBTUMMLv4MR1OwstDCDo95J6PvMr3/j
8mMJ6F85kkGpj5QfxP5liQhWrMiXJMEAaoZ84eGefeDMWWmiEANl+soCS/MKRYx4
DBWreg5EvXuC9wQM55UOe/DBRmK61WjOXmTuSAf3uxa4R3TjsJPny5U84s44Dq9B
1jN1hHKFLhAppgWqnGDfkp7cmsf5v600Fcn41lE4QMeDTrQMcYUseRv64uDQQI64
+mOaQ/5x26QFBFi7cyc/LkJwLfbQ7+OXgwYRlG1Z78Tx4vx/b3LfTltmSR+93hLW
x5k/sc/xt9nEUwYvqo5fv1pRU0FOJEuHueIz6ZBCjZPcYflm3Yiwzmip5CHf9Tvw
ycysCQUiTfM+oENgq9i6tFbCaOx80R+W6ckRgmXiCmDd6pKnfzZuIa/ODD7zQBh6
AiaXP+oXUEJe7qU8un0wyQ==
-----END ENCRYPTED PRIVATE KEY-----
</key>
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-serve
ns-cert-type server
# If a tls-auth key is used on the server
# then every client must also have the key.
#
# Don't forget to set the 'key-direction' Parameter if using
# Inline Key. Usualy , sever has key direction '0', while client
# has ke direction '1'.
#
key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
c1bb483e19d6c90def9e3b3054725c26
83dad3473e46c324617f10954a9ef0c0
04d3e53c787043db4b2f0c0f55d38928
13ccfe3325bdc2a12294ee4a6eee14e1
301e57912bdb03502032b97dd30fa67a
6f7f2af6759ed4a6f7d32e863417c38f
d0d29d7c1c2aea2b60c273878919c815
220984a3a5e996a8ad9e01bc5595b87c
2e60411d8d44f0769ed53afff6259395
112f2218b859ce5ae46542be229ec2aa
ab78338e1db08e5765571faf096fb5d3
ebf22fc761cd3a70ef97c4cb20dd1778
830a8b2b1463e8101825003181e8e188
74dd61d43462ef4f8271c68c5aebdb07
a4300e941ab9bfbdb5f34f23442222b8
7c5b89d7e9ff18e1367af366abf53c3d
-----END OpenVPN Static key V1-----
</tls-auth>
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
cipher AES-256-CBC
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
comp-lzo
# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 1
# Setting 'pull' on the client takes care to get the 'push' durectives
# from the server
pull

18
MBR/openvpn/home/crl.pem Normal file
View File

@ -0,0 +1,18 @@
-----BEGIN X509 CRL-----
MIIC/DCB5TANBgkqhkiG9w0BAQsFADCBtTELMAkGA1UEBhMCREUxDzANBgNVBAgT
BkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNV
BAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1NQlIxEDAOBgNVBCkT
B1ZQTiBNQlIxNDAyBgkqhkiG9w0BCQEWJWNrdWJ1LWFkbS5vb3Blbi5kZUBja3Vi
dS1hZG0ub29wZW4uZGUXDTE3MTIxODIwMzA0NFoXDTQ5MTIxODIwMzA0NFowDQYJ
KoZIhvcNAQELBQADggIBAGlcvnSenmJb68Gw3hLOwZiarTM3jDTvwTvPay3lYUbg
Y9bg1U8ctmfdX89jE1aC1eeD+yxuqy8YebYeHrxXDckQu0mEfXfbqzIXlSAFXqta
KahSofCNCGxBKw71Oa2vZLkZIE2jcmfyGRiZHUqe2RZPGFhz9Brq4yDfkBEwgz0J
Dpej5JKfMsrt1D1bFaATL5OmW/jDSVl9b9vQtBlfXo6LwkRezxuk3e39qctYHmc0
OEk0987lNw9FHfPJ3gBh1hHNui5/yCrKYZbrxInBiTDQIecr4MrV4d+xOyZmotZP
P1XPKtsiHKmvTM824iG7AlaKONmL3E7D4cnKoQGTfTShIAjHeRHvOr3MmKL1RcEk
0xrZXhQ3UjgWC89swD/Jnhoe6stgbzd5FLNxr9CTG02YtsBuTWybasccQCK1NlOK
A4Q+EDuW/gBa8F2n1VrSSxCY9Qx9nCJA+T1XolPDz2tc4lk8iV7KQD9vSnxbABcx
O9k510sqqHQ9w9DWsLp4NEOBIjNUvaki4YD6pUbFxeuNA0NK4swN6u38b5/qNM/S
E7ycFJReHDShp7ldYo0tPBgmC3vA85x5bHB7zMRYGTMFI2BAN9i+Y/fOjqa5VbLP
oNgjoQG/0odzM45YrR9J89dj4C3u9lVmoPi5+OEpLBToIf4cy9R7a/dlFNkZTIJT
-----END X509 CRL-----

1
MBR/openvpn/home/easy-rsa/build-ca Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-ca

1
MBR/openvpn/home/easy-rsa/build-dh Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-dh

1
MBR/openvpn/home/easy-rsa/build-inter Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-inter

1
MBR/openvpn/home/easy-rsa/build-key Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-key

1
MBR/openvpn/home/easy-rsa/build-key-pass Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-key-pass

1
MBR/openvpn/home/easy-rsa/build-key-pkcs12 Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-key-pkcs12

1
MBR/openvpn/home/easy-rsa/build-key-server Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-key-server

1
MBR/openvpn/home/easy-rsa/build-req Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-req

1
MBR/openvpn/home/easy-rsa/build-req-pass Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-req-pass

1
MBR/openvpn/home/easy-rsa/clean-all Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/clean-all

1
MBR/openvpn/home/easy-rsa/inherit-inter Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/inherit-inter

1
MBR/openvpn/home/easy-rsa/list-crl Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/list-crl

268
MBR/openvpn/home/easy-rsa/openssl-0.9.6.cnf Normal file
View File

@ -0,0 +1,268 @@
# For use with easy-rsa version 2.0
#
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = $ENV::KEY_DIR # Where everything is kept
certs = $dir # Where the issued certs are kept
crl_dir = $dir # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir # default place for new certs.
certificate = $dir/ca.crt # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/ca.key # The private key
RANDFILE = $dir/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 3650 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = sha256 # which md to use.
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
####################################################################
[ req ]
default_bits = $ENV::KEY_SIZE
default_keyfile = privkey.pem
default_md = sha256
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString.
# utf8only: only UTF8Strings.
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
# so use this option with caution!
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = $ENV::KEY_COUNTRY
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = $ENV::KEY_PROVINCE
localityName = Locality Name (eg, city)
localityName_default = $ENV::KEY_CITY
0.organizationName = Organization Name (eg, company)
0.organizationName_default = $ENV::KEY_ORG
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
emailAddress = Email Address
emailAddress_default = $ENV::KEY_EMAIL
emailAddress_max = 40
# JY -- added for batch mode
organizationalUnitName_default = $ENV::KEY_OU
commonName_default = $ENV::KEY_CN
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "Easy-RSA Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=clientAuth
keyUsage = digitalSignature
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
subjectAltName=$ENV::KEY_ALTNAMES
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ server ]
# JY ADDED -- Make a cert with nsCertType set to "server"
basicConstraints=CA:FALSE
nsCertType = server
nsComment = "Easy-RSA Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=serverAuth
keyUsage = digitalSignature, keyEncipherment
subjectAltName=$ENV::KEY_ALTNAMES
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always

293
MBR/openvpn/home/easy-rsa/openssl-0.9.8.cnf Normal file
View File

@ -0,0 +1,293 @@
# For use with easy-rsa version 2.0
#
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
openssl_conf = openssl_init
[ openssl_init ]
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
engines = engine_section
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = $ENV::KEY_DIR # Where everything is kept
certs = $dir # Where the issued certs are kept
crl_dir = $dir # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir # default place for new certs.
certificate = $dir/ca.crt # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/ca.key # The private key
RANDFILE = $dir/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 3650 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = sha256 # which md to use.
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
####################################################################
[ req ]
default_bits = $ENV::KEY_SIZE
default_keyfile = privkey.pem
default_md = sha256
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString.
# utf8only: only UTF8Strings.
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
# so use this option with caution!
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = $ENV::KEY_COUNTRY
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = $ENV::KEY_PROVINCE
localityName = Locality Name (eg, city)
localityName_default = $ENV::KEY_CITY
0.organizationName = Organization Name (eg, company)
0.organizationName_default = $ENV::KEY_ORG
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
name = Name
name_max = 64
emailAddress = Email Address
emailAddress_default = $ENV::KEY_EMAIL
emailAddress_max = 40
# JY -- added for batch mode
organizationalUnitName_default = $ENV::KEY_OU
commonName_default = $ENV::KEY_CN
name_default = $ENV::KEY_NAME
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "Easy-RSA Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=clientAuth
keyUsage = digitalSignature
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
subjectAltName=$ENV::KEY_ALTNAMES
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ server ]
# JY ADDED -- Make a cert with nsCertType set to "server"
basicConstraints=CA:FALSE
nsCertType = server
nsComment = "Easy-RSA Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=serverAuth
keyUsage = digitalSignature, keyEncipherment
subjectAltName=$ENV::KEY_ALTNAMES
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always
[ engine_section ]
#
# If you are using PKCS#11
# Install engine_pkcs11 of opensc (www.opensc.org)
# And uncomment the following
# verify that dynamic_path points to the correct location
#
#pkcs11 = pkcs11_section
[ pkcs11_section ]
engine_id = pkcs11
dynamic_path = /usr/lib/engines/engine_pkcs11.so
MODULE_PATH = $ENV::PKCS11_MODULE_PATH
PIN = $ENV::PKCS11_PIN
init = 0

290
MBR/openvpn/home/easy-rsa/openssl-1.0.0.cnf Normal file
View File

@ -0,0 +1,290 @@
# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
openssl_conf = openssl_init
[ openssl_init ]
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
engines = engine_section
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = $ENV::KEY_DIR # Where everything is kept
certs = $dir # Where the issued certs are kept
crl_dir = $dir # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir # default place for new certs.
certificate = $dir/ca.crt # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/ca.key # The private key
RANDFILE = $dir/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
#default_days = 3650 # how long to certify for
default_days = 11688
#default_crl_days= 30 # how long before next CRL
default_crl_days = 11688
default_md = sha256 # use public key default MD
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
####################################################################
[ req ]
default_bits = $ENV::KEY_SIZE
default_keyfile = privkey.pem
default_md = sha256
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString (PKIX recommendation after 2004).
# utf8only: only UTF8Strings (PKIX recommendation after 2004).
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = $ENV::KEY_COUNTRY
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = $ENV::KEY_PROVINCE
localityName = Locality Name (eg, city)
localityName_default = $ENV::KEY_CITY
0.organizationName = Organization Name (eg, company)
0.organizationName_default = $ENV::KEY_ORG
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
name = Name
name_max = 64
emailAddress = Email Address
emailAddress_default = $ENV::KEY_EMAIL
emailAddress_max = 40
# JY -- added for batch mode
organizationalUnitName_default = $ENV::KEY_OU
commonName_default = $ENV::KEY_CN
name_default = $ENV::KEY_NAME
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "Easy-RSA Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=clientAuth
keyUsage = digitalSignature
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
subjectAltName=$ENV::KEY_ALTNAMES
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ server ]
# JY ADDED -- Make a cert with nsCertType set to "server"
basicConstraints=CA:FALSE
nsCertType = server
nsComment = "Easy-RSA Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=serverAuth
keyUsage = digitalSignature, keyEncipherment
subjectAltName=$ENV::KEY_ALTNAMES
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always
[ engine_section ]
#
# If you are using PKCS#11
# Install engine_pkcs11 of opensc (www.opensc.org)
# And uncomment the following
# verify that dynamic_path points to the correct location
#
#pkcs11 = pkcs11_section
[ pkcs11_section ]
engine_id = pkcs11
dynamic_path = /usr/lib/engines/engine_pkcs11.so
MODULE_PATH = $ENV::PKCS11_MODULE_PATH
PIN = $ENV::PKCS11_PIN
init = 0

288
MBR/openvpn/home/easy-rsa/openssl-1.0.0.cnf.ORIG Normal file
View File

@ -0,0 +1,288 @@
# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
openssl_conf = openssl_init
[ openssl_init ]
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
engines = engine_section
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = $ENV::KEY_DIR # Where everything is kept
certs = $dir # Where the issued certs are kept
crl_dir = $dir # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir # default place for new certs.
certificate = $dir/ca.crt # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/ca.key # The private key
RANDFILE = $dir/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 3650 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = sha256 # use public key default MD
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
####################################################################
[ req ]
default_bits = $ENV::KEY_SIZE
default_keyfile = privkey.pem
default_md = sha256
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString (PKIX recommendation after 2004).
# utf8only: only UTF8Strings (PKIX recommendation after 2004).
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = $ENV::KEY_COUNTRY
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = $ENV::KEY_PROVINCE
localityName = Locality Name (eg, city)
localityName_default = $ENV::KEY_CITY
0.organizationName = Organization Name (eg, company)
0.organizationName_default = $ENV::KEY_ORG
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
name = Name
name_max = 64
emailAddress = Email Address
emailAddress_default = $ENV::KEY_EMAIL
emailAddress_max = 40
# JY -- added for batch mode
organizationalUnitName_default = $ENV::KEY_OU
commonName_default = $ENV::KEY_CN
name_default = $ENV::KEY_NAME
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "Easy-RSA Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=clientAuth
keyUsage = digitalSignature
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
subjectAltName=$ENV::KEY_ALTNAMES
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ server ]
# JY ADDED -- Make a cert with nsCertType set to "server"
basicConstraints=CA:FALSE
nsCertType = server
nsComment = "Easy-RSA Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=serverAuth
keyUsage = digitalSignature, keyEncipherment
subjectAltName=$ENV::KEY_ALTNAMES
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always
[ engine_section ]
#
# If you are using PKCS#11
# Install engine_pkcs11 of opensc (www.opensc.org)
# And uncomment the following
# verify that dynamic_path points to the correct location
#
#pkcs11 = pkcs11_section
[ pkcs11_section ]
engine_id = pkcs11
dynamic_path = /usr/lib/engines/engine_pkcs11.so
MODULE_PATH = $ENV::PKCS11_MODULE_PATH
PIN = $ENV::PKCS11_PIN
init = 0

1
MBR/openvpn/home/easy-rsa/openssl.cnf Symbolic link
View File

@ -0,0 +1 @@
/etc/openvpn/home/easy-rsa/openssl-1.0.0.cnf

1
MBR/openvpn/home/easy-rsa/pkitool Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/pkitool

1
MBR/openvpn/home/easy-rsa/revoke-full Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/revoke-full

1
MBR/openvpn/home/easy-rsa/sign-req Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/sign-req

96
MBR/openvpn/home/easy-rsa/vars Normal file
View File

@ -0,0 +1,96 @@
# easy-rsa parameter settings
# NOTE: If you installed from an RPM,
# don't edit this file in place in
# /usr/share/openvpn/easy-rsa --
# instead, you should copy the whole
# easy-rsa directory to another location
# (such as /etc/openvpn) so that your
# edits will not be wiped out by a future
# OpenVPN package upgrade.
# This variable should point to
# the top level of the easy-rsa
# tree.
##export EASY_RSA="`pwd`"
export BASE_DIR="/etc/openvpn/home"
export EASY_RSA="$BASE_DIR/easy-rsa"
#
# This variable should point to
# the requested executables
#
export OPENSSL="openssl"
export PKCS11TOOL="pkcs11-tool"
export GREP="grep"
# This variable should point to
# the openssl.cnf file included
# with easy-rsa.
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
# Edit this variable to point to
# your soon-to-be-created key
# directory.
#
# WARNING: clean-all will do
# a rm -rf on this directory
# so make sure you define
# it correctly!
##export KEY_DIR="$EASY_RSA/keys"
export KEY_DIR="$BASE_DIR/keys"
# Issue rm -rf warning
echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
# PKCS11 fixes
export PKCS11_MODULE_PATH="dummy"
export PKCS11_PIN="dummy"
# Increase this to 2048 if you
# are paranoid. This will slow
# down TLS negotiation performance
# as well as the one-time DH parms
# generation process.
##export KEY_SIZE=2048
export KEY_SIZE=4096
# In how many days should the root CA key expire?
##export CA_EXPIRE=3650
export CA_EXPIRE=11688
# In how many days should certificates expire?
##export KEY_EXPIRE=3650
export KEY_EXPIRE=7305
# These are the default values for fields
# which will be placed in the certificate.
# Don't leave any of these fields blank.
##export KEY_COUNTRY="US"
export KEY_COUNTRY="DE"
##export KEY_PROVINCE="CA"
export KEY_PROVINCE="Berlin"
##export KEY_CITY="SanFrancisco"
export KEY_CITY="Berlin"
##export KEY_ORG="Fort-Funston"
export KEY_ORG="O.OPEN"
##export KEY_EMAIL="me@myhost.mydomain"
export KEY_EMAIL="ckubu-adm@oopen.de"
##export KEY_OU="MyOrganizationalUnit"
export KEY_OU="Network Services"
# X509 Subject Field
##export KEY_NAME="EasyRSA"
export KEY_NAME="VPN MBR"
# PKCS11 Smart Card
# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
# export PKCS11_PIN=1234
# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
## export KEY_CN="CommonName"
export KEY_CN="VPN-MBR"
export KEY_ALTNAMES="VPN MBR"

80
MBR/openvpn/home/easy-rsa/vars.2017-12-18-2109 Normal file
View File

@ -0,0 +1,80 @@
# easy-rsa parameter settings
# NOTE: If you installed from an RPM,
# don't edit this file in place in
# /usr/share/openvpn/easy-rsa --
# instead, you should copy the whole
# easy-rsa directory to another location
# (such as /etc/openvpn) so that your
# edits will not be wiped out by a future
# OpenVPN package upgrade.
# This variable should point to
# the top level of the easy-rsa
# tree.
export EASY_RSA="`pwd`"
#
# This variable should point to
# the requested executables
#
export OPENSSL="openssl"
export PKCS11TOOL="pkcs11-tool"
export GREP="grep"
# This variable should point to
# the openssl.cnf file included
# with easy-rsa.
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
# Edit this variable to point to
# your soon-to-be-created key
# directory.
#
# WARNING: clean-all will do
# a rm -rf on this directory
# so make sure you define
# it correctly!
export KEY_DIR="$EASY_RSA/keys"
# Issue rm -rf warning
echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
# PKCS11 fixes
export PKCS11_MODULE_PATH="dummy"
export PKCS11_PIN="dummy"
# Increase this to 2048 if you
# are paranoid. This will slow
# down TLS negotiation performance
# as well as the one-time DH parms
# generation process.
export KEY_SIZE=2048
# In how many days should the root CA key expire?
export CA_EXPIRE=3650
# In how many days should certificates expire?
export KEY_EXPIRE=3650
# These are the default values for fields
# which will be placed in the certificate.
# Don't leave any of these fields blank.
export KEY_COUNTRY="US"
export KEY_PROVINCE="CA"
export KEY_CITY="SanFrancisco"
export KEY_ORG="Fort-Funston"
export KEY_EMAIL="me@myhost.mydomain"
export KEY_OU="MyOrganizationalUnit"
# X509 Subject Field
export KEY_NAME="EasyRSA"
# PKCS11 Smart Card
# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
# export PKCS11_PIN=1234
# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
# export KEY_CN="CommonName"

1
MBR/openvpn/home/easy-rsa/whichopensslcnf Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/whichopensslcnf

1
MBR/openvpn/home/ipp.txt Normal file
View File

@ -0,0 +1 @@
VPN-MBR-chris,10.0.112.2

4
MBR/openvpn/home/keys-created.txt Normal file
View File

@ -0,0 +1,4 @@
key...............: chris.key
common name.......: VPN-MBR-chris
password..........: dbddhkpuka.&EadGl15E.

142
MBR/openvpn/home/keys/01.pem Normal file
View File

@ -0,0 +1,142 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-MBR/name=VPN MBR/emailAddress=ckubu-adm.oopen.de@ckubu-adm.oopen.de
Validity
Not Before: Dec 18 20:30:34 2017 GMT
Not After : Dec 18 20:30:34 2037 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-MBR-server/name=VPN MBR/emailAddress=ckubu-adm@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:c6:39:a5:51:7a:27:28:98:2e:bc:42:05:63:21:
36:af:e2:1d:dd:25:17:98:6e:56:af:71:9d:3d:34:
8a:b5:00:76:ea:24:9b:34:66:95:b2:a5:08:96:f6:
48:ae:b6:a1:03:1f:54:90:19:d4:a3:62:74:28:ce:
ed:32:d2:e1:c5:81:7e:e2:fe:bc:b5:ee:3d:8f:50:
1e:0d:ad:19:d4:e2:bb:2e:5d:dc:ef:99:82:04:12:
31:ee:da:fa:b8:6a:dd:1f:3d:fd:ab:ec:88:46:a2:
e1:ae:1d:14:97:ce:a0:fc:18:f8:e0:b1:dd:37:a0:
77:e7:e4:12:93:a0:a7:7b:96:f4:ef:97:ce:93:0f:
6a:0e:b8:f7:0c:f7:7a:e0:e5:ac:5f:9c:bb:1d:0d:
25:e6:ca:d9:72:c0:97:20:86:e8:d0:1b:9a:66:f7:
e7:47:f5:8a:b9:65:5a:cc:a1:16:f5:1b:b0:7f:8f:
76:77:01:57:78:0a:59:47:54:76:cc:f2:7b:d0:16:
aa:56:b5:92:41:d2:2f:6d:67:6c:5d:b8:9a:39:54:
2c:fa:d9:f5:8c:43:59:9f:a7:2f:74:42:94:0c:8f:
56:fd:38:3e:3d:20:48:73:8f:b5:6d:73:8b:3d:61:
7f:64:a3:fe:bd:6b:eb:9f:0b:ea:93:c2:12:0d:19:
43:30:c4:f3:34:63:6e:9c:52:e1:f1:c3:b0:be:66:
d2:81:16:33:a9:a0:35:23:da:3b:b6:d7:3d:77:a8:
a8:f7:79:67:ea:30:9c:55:3c:85:91:ae:3a:e8:6b:
23:e5:54:ef:70:11:32:9b:8d:cf:f4:a3:c3:a8:54:
ab:d3:6c:73:7a:c1:84:f0:a4:95:0c:8c:77:1d:a6:
a3:21:3e:4f:69:3d:d7:91:7d:ba:e0:41:ec:56:ed:
4e:b5:e5:ed:16:ca:df:bf:72:81:b0:0b:b8:73:f8:
59:8d:db:fe:46:be:35:d6:f6:f4:ac:4a:ca:49:a8:
d6:d4:c4:ec:4f:b2:61:4c:16:0d:20:9b:0d:92:96:
3f:a3:73:7d:a1:7c:30:a9:34:1f:95:3d:38:72:48:
04:b1:2a:8e:30:4b:ba:00:7f:d8:0c:a3:d3:ea:59:
6b:86:f1:03:5c:01:a4:d7:14:4b:1e:4a:be:18:c1:
24:64:26:52:56:5f:16:9e:c7:86:f3:9d:3b:50:cc:
74:e6:4c:f8:00:3c:0b:51:33:31:dd:6e:7d:44:93:
c3:3a:37:5f:17:78:7b:5f:41:21:25:d3:8c:ed:87:
31:1e:6f:14:e3:14:a2:68:67:52:6e:f4:6d:de:44:
63:d5:95:17:5c:a1:db:ff:de:2a:ee:4d:2c:be:c7:
df:8f:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Server
Netscape Comment:
Easy-RSA Generated Server Certificate
X509v3 Subject Key Identifier:
28:1E:56:DA:FB:5A:AE:0A:7D:40:8B:44:68:5C:AA:1E:30:D0:52:74
X509v3 Authority Key Identifier:
keyid:0F:C9:95:B0:9A:A3:4B:7D:4A:8C:06:B8:F8:C7:E6:1A:19:2A:24:3A
DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-MBR/name=VPN MBR/emailAddress=ckubu-adm.oopen.de@ckubu-adm.oopen.de
serial:95:42:A1:61:11:C9:98:C0
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Subject Alternative Name:
DNS:server
Signature Algorithm: sha256WithRSAEncryption
8d:75:14:4f:4e:81:35:96:11:3c:25:05:fa:4f:8a:71:f7:45:
2a:37:31:63:ee:6f:5e:18:98:0a:bd:cd:60:dc:01:2d:18:24:
f7:3f:f3:ce:fd:cc:1e:4d:bb:51:10:1d:b7:0a:fd:f6:bb:fd:
b7:79:cd:e0:36:2f:6e:9d:cb:3a:00:a7:ca:bf:49:34:3f:ed:
e3:da:c9:27:0f:38:67:e1:33:49:69:53:f1:44:4c:99:92:67:
e0:f3:d1:17:62:ea:3b:c9:30:14:07:f2:92:f9:87:30:62:51:
80:48:0c:e2:12:f7:88:84:71:e0:1c:cb:f2:f4:1d:a2:06:fa:
11:f6:31:7e:21:94:7b:7e:c7:2b:b8:96:e9:88:96:9c:f1:e8:
d7:2f:2d:93:c4:d5:8d:a7:15:54:28:a7:23:07:08:01:16:ee:
f1:d4:e2:5d:e5:7a:40:c0:15:44:70:6f:da:98:c7:20:24:c6:
50:f7:f6:13:1f:f2:d7:11:ac:8d:ca:04:1b:61:01:b3:0a:49:
4f:53:00:9a:4a:36:38:57:b6:c0:d9:bf:22:0d:2d:e3:da:7f:
f2:bb:7a:cd:ec:52:7c:38:68:b6:33:3b:f8:e4:12:6d:ef:90:
6d:b6:99:21:7b:30:a0:53:c0:09:f5:02:8c:88:ab:11:99:d1:
a1:b0:c5:eb:4b:f5:12:11:d6:b9:ee:62:25:b4:a2:bf:7e:37:
a8:4d:f1:5b:8e:f4:f8:02:9e:12:7c:4a:37:f4:f0:27:ea:94:
68:38:43:d7:d7:a9:3e:ef:f0:23:e9:a9:83:1c:c6:cb:0d:21:
15:b3:02:bd:0b:b7:44:ee:af:ac:3d:0f:72:4f:5d:43:1e:13:
96:fc:79:54:9e:f5:3d:56:21:1a:a3:52:89:e7:89:e1:5a:e2:
f2:ae:8e:b2:a3:fe:18:f9:7e:0d:35:75:a7:82:3c:51:fa:c9:
05:73:e1:ae:4a:76:d0:3c:36:e4:3c:24:3a:58:24:e0:7c:dc:
ec:3f:0b:b7:fa:68:53:03:b2:21:28:c6:57:4a:85:8f:19:91:
f2:6e:31:c3:1f:12:fd:67:72:d3:d3:3b:0b:2f:cc:c8:3a:c9:
ac:13:c5:51:eb:a5:7a:87:e3:4d:21:ba:c9:41:29:0c:78:5d:
5b:04:96:d3:0b:2e:75:db:2a:9d:fe:57:1c:7e:03:10:6b:30:
e9:c3:d7:6a:95:4b:65:48:4c:2f:62:d6:9d:36:02:a3:05:a0:
b4:f0:fa:c4:74:10:32:06:d5:a8:d7:be:b6:8e:b4:7d:b7:3f:
3e:01:45:50:25:e8:7d:51:da:5e:22:17:8d:1a:5f:4a:a4:7e:
e9:53:58:cd:30:11:0a:af
-----BEGIN CERTIFICATE-----
MIIHdjCCBV6gAwIBAgIBATANBgkqhkiG9w0BAQsFADCBtTELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1NQlIx
EDAOBgNVBCkTB1ZQTiBNQlIxNDAyBgkqhkiG9w0BCQEWJWNrdWJ1LWFkbS5vb3Bl
bi5kZUBja3VidS1hZG0ub29wZW4uZGUwHhcNMTcxMjE4MjAzMDM0WhcNMzcxMjE4
MjAzMDM0WjCBqTELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UE
BxMGQmVybGluMQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2Vy
dmljZXMxFzAVBgNVBAMTDlZQTi1NQlItc2VydmVyMRAwDgYDVQQpEwdWUE4gTUJS
MSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGUwggIiMA0GCSqGSIb3
DQEBAQUAA4ICDwAwggIKAoICAQDGOaVReicomC68QgVjITav4h3dJReYblavcZ09
NIq1AHbqJJs0ZpWypQiW9kiutqEDH1SQGdSjYnQozu0y0uHFgX7i/ry17j2PUB4N
rRnU4rsuXdzvmYIEEjHu2vq4at0fPf2r7IhGouGuHRSXzqD8GPjgsd03oHfn5BKT
oKd7lvTvl86TD2oOuPcM93rg5axfnLsdDSXmytlywJcghujQG5pm9+dH9Yq5ZVrM
oRb1G7B/j3Z3AVd4CllHVHbM8nvQFqpWtZJB0i9tZ2xduJo5VCz62fWMQ1mfpy90
QpQMj1b9OD49IEhzj7Vtc4s9YX9ko/69a+ufC+qTwhINGUMwxPM0Y26cUuHxw7C+
ZtKBFjOpoDUj2ju21z13qKj3eWfqMJxVPIWRrjroayPlVO9wETKbjc/0o8OoVKvT
bHN6wYTwpJUMjHcdpqMhPk9pPdeRfbrgQexW7U615e0Wyt+/coGwC7hz+FmN2/5G
vjXW9vSsSspJqNbUxOxPsmFMFg0gmw2Slj+jc32hfDCpNB+VPThySASxKo4wS7oA
f9gMo9PqWWuG8QNcAaTXFEseSr4YwSRkJlJWXxaex4bznTtQzHTmTPgAPAtRMzHd
bn1Ek8M6N18XeHtfQSEl04zthzEebxTjFKJoZ1Ju9G3eRGPVlRdcodv/3iruTSy+
x9+P2wIDAQABo4IBmTCCAZUwCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCBkAw
NAYJYIZIAYb4QgENBCcWJUVhc3ktUlNBIEdlbmVyYXRlZCBTZXJ2ZXIgQ2VydGlm
aWNhdGUwHQYDVR0OBBYEFCgeVtr7Wq4KfUCLRGhcqh4w0FJ0MIHqBgNVHSMEgeIw
gd+AFA/JlbCao0t9SowGuPjH5hoZKiQ6oYG7pIG4MIG1MQswCQYDVQQGEwJERTEP
MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBk8uT1BF
TjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLU1CUjEQ
MA4GA1UEKRMHVlBOIE1CUjE0MDIGCSqGSIb3DQEJARYlY2t1YnUtYWRtLm9vcGVu
LmRlQGNrdWJ1LWFkbS5vb3Blbi5kZYIJAJVCoWERyZjAMBMGA1UdJQQMMAoGCCsG
AQUFBwMBMAsGA1UdDwQEAwIFoDARBgNVHREECjAIggZzZXJ2ZXIwDQYJKoZIhvcN
AQELBQADggIBAI11FE9OgTWWETwlBfpPinH3RSo3MWPub14YmAq9zWDcAS0YJPc/
8879zB5Nu1EQHbcK/fa7/bd5zeA2L26dyzoAp8q/STQ/7ePayScPOGfhM0lpU/FE
TJmSZ+Dz0Rdi6jvJMBQH8pL5hzBiUYBIDOIS94iEceAcy/L0HaIG+hH2MX4hlHt+
xyu4lumIlpzx6NcvLZPE1Y2nFVQopyMHCAEW7vHU4l3lekDAFURwb9qYxyAkxlD3
9hMf8tcRrI3KBBthAbMKSU9TAJpKNjhXtsDZvyINLePaf/K7es3sUnw4aLYzO/jk
Em3vkG22mSF7MKBTwAn1AoyIqxGZ0aGwxetL9RIR1rnuYiW0or9+N6hN8VuO9PgC
nhJ8Sjf08CfqlGg4Q9fXqT7v8CPpqYMcxssNIRWzAr0Lt0Tur6w9D3JPXUMeE5b8
eVSe9T1WIRqjUonnieFa4vKujrKj/hj5fg01daeCPFH6yQVz4a5KdtA8NuQ8JDpY
JOB83Ow/C7f6aFMDsiEoxldKhY8ZkfJuMcMfEv1nctPTOwsvzMg6yawTxVHrpXqH
400huslBKQx4XVsEltMLLnXbKp3+Vxx+AxBrMOnD12qVS2VITC9i1p02AqMFoLTw
+sR0EDIG1ajXvraOtH23Pz4BRVAl6H1R2l4iF40aX0qkfulTWM0wEQqv
-----END CERTIFICATE-----

140
MBR/openvpn/home/keys/02.pem Normal file
View File

@ -0,0 +1,140 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-MBR/name=VPN MBR/emailAddress=ckubu-adm.oopen.de@ckubu-adm.oopen.de
Validity
Not Before: Dec 18 23:41:27 2017 GMT
Not After : Dec 18 23:41:27 2037 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-MBR-chris/name=VPN MBR/emailAddress=ckubu-adm@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:c4:2d:3d:bd:1f:b1:c5:b2:f5:ec:76:00:80:99:
9c:0d:b2:6c:81:d5:7c:43:db:b1:4a:76:e0:55:1d:
b7:a8:59:f6:62:05:ed:ca:96:28:3d:34:ba:30:54:
71:d4:41:73:d2:bf:be:ad:f0:76:3c:13:0b:da:72:
46:6b:05:7e:72:38:f8:41:37:49:af:30:34:1b:58:
03:f2:bc:80:83:ed:7b:68:d1:94:38:91:b3:04:63:
1f:24:00:33:b2:02:cd:4c:f5:51:c7:ea:98:8f:20:
9b:dc:73:d6:21:22:e8:55:8d:0d:d7:0f:5e:ac:04:
99:62:08:72:7d:53:3f:1f:50:aa:74:f4:73:b2:7e:
30:db:3b:1b:5b:9a:6a:a9:45:8a:d9:4a:81:3a:4c:
03:20:a2:fb:d3:32:f8:dd:1e:5f:19:8c:4f:f9:79:
3b:23:32:c8:2b:6d:9d:19:33:cb:62:36:23:f7:61:
a3:23:5f:36:4d:1f:13:89:46:c2:9c:d9:53:3f:a0:
59:76:60:c5:33:43:67:e5:da:11:c9:7c:e2:4c:b1:
fc:6d:52:58:c4:0e:7b:d5:b6:d6:d8:16:0e:d9:2b:
5e:ec:95:cb:7a:a3:cd:cd:9c:b1:26:71:a0:0f:da:
86:6a:b1:6f:ed:69:12:78:24:d7:0b:ee:17:6c:b9:
ff:04:9a:e0:6f:92:8e:04:b2:d3:3e:a4:7b:28:12:
61:b4:3d:20:8c:7d:64:ac:c7:33:18:28:cb:7d:1a:
12:84:88:60:9d:cb:2a:92:19:7e:ef:3a:d0:cf:8b:
32:e8:73:94:a7:65:00:38:f9:32:91:0b:de:23:9a:
c4:25:25:25:ca:bc:8f:e5:43:a2:09:89:d7:ec:59:
6a:e0:b4:c3:ed:5b:3a:2d:be:d3:3d:86:a7:5e:ac:
ef:8c:d5:15:50:89:aa:b3:79:25:61:4f:e3:46:7b:
a6:05:4f:6f:c2:62:7e:88:25:13:2a:22:fa:30:2c:
69:9f:3b:ab:8a:d5:1c:90:a2:fc:b2:9e:bf:c1:06:
8f:6d:0f:00:56:9c:4b:6c:82:ce:e6:ed:2d:4c:80:
e0:32:7f:e1:a1:48:97:83:07:de:63:b9:a0:c3:ec:
f6:14:34:e8:b6:f3:60:88:c3:6e:1f:1b:51:37:33:
16:73:e1:91:96:bb:3c:70:27:13:98:f0:17:7e:bf:
6a:23:fd:8a:9a:d3:b4:c0:44:bc:92:7a:b0:a8:e5:
0b:fb:cf:3e:4d:b2:ef:d3:1c:d9:66:f2:36:5a:76:
a8:08:84:b6:68:a7:9d:98:bb:a9:8f:f8:f7:97:8f:
36:fe:56:98:6e:94:61:02:0d:c1:57:ec:da:fc:5b:
14:21:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
F6:FC:53:72:6F:92:07:17:BE:D4:84:A7:2E:90:B7:3F:1E:EB:F9:34
X509v3 Authority Key Identifier:
keyid:0F:C9:95:B0:9A:A3:4B:7D:4A:8C:06:B8:F8:C7:E6:1A:19:2A:24:3A
DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-MBR/name=VPN MBR/emailAddress=ckubu-adm.oopen.de@ckubu-adm.oopen.de
serial:95:42:A1:61:11:C9:98:C0
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:chris
Signature Algorithm: sha256WithRSAEncryption
47:eb:e5:f1:3a:0d:74:0d:0a:21:df:a2:7d:a8:08:34:7a:73:
38:c7:c5:94:19:24:15:52:e1:64:67:28:42:9f:87:25:5e:48:
f7:bc:d2:b7:8d:58:6e:8c:eb:c2:8e:89:9e:3b:f7:c1:7f:ef:
63:3a:93:97:fa:14:ad:3f:60:8c:08:41:a8:cc:bd:08:48:0c:
cf:2c:41:32:5e:b2:b3:66:2a:74:18:91:0c:2e:ac:4a:44:98:
d2:ad:01:b9:9f:30:1e:6b:ef:cf:29:a5:af:08:cd:5c:89:1d:
93:56:db:62:dc:f1:f4:fe:35:ec:ae:b7:15:2a:13:98:80:7c:
79:53:54:22:85:f8:c6:eb:0c:f3:43:42:01:1f:b5:8e:74:b2:
16:83:7a:0a:ba:e7:40:0e:4b:d7:71:af:c8:f6:65:ec:73:18:
ee:00:0d:2a:95:1c:3e:4a:a8:d2:f9:e5:b4:88:a1:e2:a6:c3:
11:25:65:50:8c:12:2e:87:0e:e9:ef:50:2d:f9:84:87:a9:f9:
a2:72:6a:48:e4:5d:ad:16:a3:dd:77:58:bd:72:90:9a:5b:b7:
8b:40:17:85:59:10:5d:0d:e6:75:96:e3:63:26:1f:49:73:b7:
d6:eb:ae:02:14:d1:d0:98:be:a7:fc:e7:1c:5e:c5:c5:ce:28:
b6:66:a6:84:57:2f:95:1b:80:bb:86:a2:e6:a3:ec:8c:73:2c:
1c:c2:1b:e9:e2:8a:55:64:c7:43:c8:83:29:c3:ad:79:a2:64:
d7:1e:4a:a9:3b:8a:ab:a6:81:72:62:31:20:56:d9:4e:94:75:
ad:07:d0:b3:ff:46:8d:d2:32:27:01:d5:1c:50:20:ca:61:e2:
5e:3c:66:c7:4e:99:4d:77:6b:00:c2:69:9e:97:0c:64:3d:22:
22:b1:34:f1:43:22:df:f8:d3:b4:4e:33:3c:4e:b9:b4:84:ef:
68:52:ed:9e:5d:5c:af:77:c5:35:74:b4:bc:39:26:45:0e:de:
8c:0e:4d:b2:08:20:85:55:3e:bd:64:3c:50:f2:91:69:be:e1:
a1:65:f2:95:5b:c3:18:b4:11:82:59:90:6c:ce:55:42:02:8b:
4a:50:eb:58:56:c3:e9:f9:c8:da:45:92:66:6b:71:2b:63:2e:
ed:a6:fe:1e:97:e5:59:12:93:b7:bc:54:36:58:4f:59:42:b3:
d4:8e:8d:57:07:8b:e1:66:7e:d2:5e:98:d8:44:f1:95:4c:ea:
0b:29:41:ac:ab:6a:43:8e:25:1a:c3:ef:27:e8:f6:6f:03:39:
38:88:ca:78:49:56:31:bd:9d:cd:92:4b:43:73:b1:e2:93:43:
3e:4f:81:10:74:2b:c6:5d
-----BEGIN CERTIFICATE-----
MIIHWjCCBUKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBtTELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1NQlIx
EDAOBgNVBCkTB1ZQTiBNQlIxNDAyBgkqhkiG9w0BCQEWJWNrdWJ1LWFkbS5vb3Bl
bi5kZUBja3VidS1hZG0ub29wZW4uZGUwHhcNMTcxMjE4MjM0MTI3WhcNMzcxMjE4
MjM0MTI3WjCBqDELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UE
BxMGQmVybGluMQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2Vy
dmljZXMxFjAUBgNVBAMTDVZQTi1NQlItY2hyaXMxEDAOBgNVBCkTB1ZQTiBNQlIx
ITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTCCAiIwDQYJKoZIhvcN
AQEBBQADggIPADCCAgoCggIBAMQtPb0fscWy9ex2AICZnA2ybIHVfEPbsUp24FUd
t6hZ9mIF7cqWKD00ujBUcdRBc9K/vq3wdjwTC9pyRmsFfnI4+EE3Sa8wNBtYA/K8
gIPte2jRlDiRswRjHyQAM7ICzUz1UcfqmI8gm9xz1iEi6FWNDdcPXqwEmWIIcn1T
Px9QqnT0c7J+MNs7G1uaaqlFitlKgTpMAyCi+9My+N0eXxmMT/l5OyMyyCttnRkz
y2I2I/dhoyNfNk0fE4lGwpzZUz+gWXZgxTNDZ+XaEcl84kyx/G1SWMQOe9W21tgW
DtkrXuyVy3qjzc2csSZxoA/ahmqxb+1pEngk1wvuF2y5/wSa4G+SjgSy0z6keygS
YbQ9IIx9ZKzHMxgoy30aEoSIYJ3LKpIZfu860M+LMuhzlKdlADj5MpEL3iOaxCUl
Jcq8j+VDogmJ1+xZauC0w+1bOi2+0z2Gp16s74zVFVCJqrN5JWFP40Z7pgVPb8Ji
foglEyoi+jAsaZ87q4rVHJCi/LKev8EGj20PAFacS2yCzubtLUyA4DJ/4aFIl4MH
3mO5oMPs9hQ06LbzYIjDbh8bUTczFnPhkZa7PHAnE5jwF36/aiP9iprTtMBEvJJ6
sKjlC/vPPk2y79Mc2WbyNlp2qAiEtminnZi7qY/495ePNv5WmG6UYQINwVfs2vxb
FCFNAgMBAAGjggF+MIIBejAJBgNVHRMEAjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5
LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFPb8U3JvkgcXvtSE
py6Qtz8e6/k0MIHqBgNVHSMEgeIwgd+AFA/JlbCao0t9SowGuPjH5hoZKiQ6oYG7
pIG4MIG1MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZC
ZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNl
czEQMA4GA1UEAxMHVlBOLU1CUjEQMA4GA1UEKRMHVlBOIE1CUjE0MDIGCSqGSIb3
DQEJARYlY2t1YnUtYWRtLm9vcGVuLmRlQGNrdWJ1LWFkbS5vb3Blbi5kZYIJAJVC
oWERyZjAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAQBgNVHREE
CTAHggVjaHJpczANBgkqhkiG9w0BAQsFAAOCAgEAR+vl8ToNdA0KId+ifagINHpz
OMfFlBkkFVLhZGcoQp+HJV5I97zSt41Ybozrwo6Jnjv3wX/vYzqTl/oUrT9gjAhB
qMy9CEgMzyxBMl6ys2YqdBiRDC6sSkSY0q0BuZ8wHmvvzymlrwjNXIkdk1bbYtzx
9P417K63FSoTmIB8eVNUIoX4xusM80NCAR+1jnSyFoN6CrrnQA5L13GvyPZl7HMY
7gANKpUcPkqo0vnltIih4qbDESVlUIwSLocO6e9QLfmEh6n5onJqSORdrRaj3XdY
vXKQmlu3i0AXhVkQXQ3mdZbjYyYfSXO31uuuAhTR0Ji+p/znHF7Fxc4otmamhFcv
lRuAu4ai5qPsjHMsHMIb6eKKVWTHQ8iDKcOteaJk1x5KqTuKq6aBcmIxIFbZTpR1
rQfQs/9GjdIyJwHVHFAgymHiXjxmx06ZTXdrAMJpnpcMZD0iIrE08UMi3/jTtE4z
PE65tITvaFLtnl1cr3fFNXS0vDkmRQ7ejA5NsggghVU+vWQ8UPKRab7hoWXylVvD
GLQRglmQbM5VQgKLSlDrWFbD6fnI2kWSZmtxK2Mu7ab+HpflWRKTt7xUNlhPWUKz
1I6NVweL4WZ+0l6Y2ETxlUzqCylBrKtqQ44lGsPvJ+j2bwM5OIjKeElWMb2dzZJL
Q3Ox4pNDPk+BEHQrxl0=
-----END CERTIFICATE-----

40
MBR/openvpn/home/keys/ca.crt Normal file
View File

@ -0,0 +1,40 @@
-----BEGIN CERTIFICATE-----
MIIHDzCCBPegAwIBAgIJAJVCoWERyZjAMA0GCSqGSIb3DQEBCwUAMIG1MQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMH
VlBOLU1CUjEQMA4GA1UEKRMHVlBOIE1CUjE0MDIGCSqGSIb3DQEJARYlY2t1YnUt
YWRtLm9vcGVuLmRlQGNrdWJ1LWFkbS5vb3Blbi5kZTAeFw0xNzEyMTgyMDE0MDJa
Fw00OTEyMTgyMDE0MDJaMIG1MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGlu
MQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0
d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLU1CUjEQMA4GA1UEKRMHVlBOIE1C
UjE0MDIGCSqGSIb3DQEJARYlY2t1YnUtYWRtLm9vcGVuLmRlQGNrdWJ1LWFkbS5v
b3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANUaZu29kklR
KZaXQ2SgHjDribwcLM+XeBDZsrKXIkwYmOHXxX1BcDXhWYeQyJ1n7gyRHZzcSC9u
1NNnYvGMdpcuz9dwXZgBC5zspmyXIRaynlo9xtb44ug7CNoMuLReZB6cLWTbkd47
eQsQOXu+tIy5DvjDxybZaCudLUKfZ3sty64sydqUJZ8cXo1ucdGreB4RLWiI29Dt
ziLtJ0fvkmMLmfvh/RQqWqKYqHQRlMZCZnCghP3oCCZztfylB2iHsp4MZf42rXA4
Q9idVDD8PMu7opzzjgrbUjlJk/Hs6NcM2bjbsCp8/rj/akH6M14W8IJYpuHkgAmU
bCOnPTCcWVjpgF6R5ASXRfbegyNf05BrXQRHtW3Xh94aRrvDzh25aObHnV+P6pnv
8ek1vMSGk9FC1vBomHftqIL6sa+JOevWgK0jFYNungpBezfqDRpf0c/h8OGviN1r
m9s/D6Dc1eSf9vFlPN5faxb+V3xurC3e7/Lh9ZNXqBW4HYd1Da9BQM5vRY/H8ffj
szIrhJ/pTEVKChmBOqvfTuoLHBbiT+XUQcW7C3hKk06rBD9CSIywaC+ctHAtXvEA
Y+0q77VQus1TPcSeGHXShzvv5lEXoMygd786OKF/3ZtT+3YDbk1AeZx49o76hMmP
cWHCRmoWy8t2rHFYshMmPkl7EYlLA/C3AgMBAAGjggEeMIIBGjAdBgNVHQ4EFgQU
D8mVsJqjS31KjAa4+MfmGhkqJDowgeoGA1UdIwSB4jCB34AUD8mVsJqjS31KjAa4
+MfmGhkqJDqhgbukgbgwgbUxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4x
DzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3
b3JrIFNlcnZpY2VzMRAwDgYDVQQDEwdWUE4tTUJSMRAwDgYDVQQpEwdWUE4gTUJS
MTQwMgYJKoZIhvcNAQkBFiVja3VidS1hZG0ub29wZW4uZGVAY2t1YnUtYWRtLm9v
cGVuLmRlggkAlUKhYRHJmMAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC
AgEAV2wqjTAKpWww3jHS/tAMxd6JAjCp1MPV00dHXoez3kHwTw2KlnO0WwtYS4KU
s3+qtOBY35++42hH4U7KCKpjW0w5sTBjw+ql13xh0CueKMvs6T6kVGIBPiyosEE2
VLYeyZf47A/BQSAwNeLKIMxflTBVwqqeaO6bPu6xlfEAwNSmvj/uxKf0mHYCjNSc
Q2KBABU0A+AjvsvuSMec64tvWQA9ty6YZfo/qSRnUkCqISme9IFOWKyuSNGUgbfX
xFK8zcOUqLwvz8OlNHBcLiI4+ue2fy1TrLVyMkJFhllfuGTHpYqDqGJHAl5AocJx
eppXLhUR5xmVXQjn50HTj5GukxZbX+6eUxIpRvydAJ3emU/3g6vS1MygHDGTPb9b
Ovk0mrGS+wlHsx9kmrO3Ge/BULuX/M0qvqWk4w29f5CZy4vcI3l4uhnrFlmp21b7
+EGQQw2+CNyP5CsD+BQlx+5FhthuH+nU85mZkLRIebgNep5O09remcYNka80XFfs
OLXve4/ByQW8iXuxyIlEqv56Bz/H70yug8MI000pZ/DL44+0GnMz7ULP0nAHp3Yd
sU6nFG7fH5cvbw0CMniC+0LBuNzxgUwnoiqj95fvqbseM0LK6YxmblFnD7tCZh4W
Ns4Mjg+3sAI9gmpcFMUU1l+TMV48Xo2FRYwYtW/nz7CIzh0=
-----END CERTIFICATE-----

52
MBR/openvpn/home/keys/ca.key Normal file
View File

@ -0,0 +1,52 @@
-----BEGIN PRIVATE KEY-----
MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQDVGmbtvZJJUSmW
l0NkoB4w64m8HCzPl3gQ2bKylyJMGJjh18V9QXA14VmHkMidZ+4MkR2c3EgvbtTT
Z2LxjHaXLs/XcF2YAQuc7KZslyEWsp5aPcbW+OLoOwjaDLi0XmQenC1k25HeO3kL
EDl7vrSMuQ74w8cm2WgrnS1Cn2d7LcuuLMnalCWfHF6NbnHRq3geES1oiNvQ7c4i
7SdH75JjC5n74f0UKlqimKh0EZTGQmZwoIT96Agmc7X8pQdoh7KeDGX+Nq1wOEPY
nVQw/DzLu6Kc844K21I5SZPx7OjXDNm427AqfP64/2pB+jNeFvCCWKbh5IAJlGwj
pz0wnFlY6YBekeQEl0X23oMjX9OQa10ER7Vt14feGka7w84duWjmx51fj+qZ7/Hp
NbzEhpPRQtbwaJh37aiC+rGviTnr1oCtIxWDbp4KQXs36g0aX9HP4fDhr4jda5vb
Pw+g3NXkn/bxZTzeX2sW/ld8bqwt3u/y4fWTV6gVuB2HdQ2vQUDOb0WPx/H347My
K4Sf6UxFSgoZgTqr307qCxwW4k/l1EHFuwt4SpNOqwQ/QkiMsGgvnLRwLV7xAGPt
Ku+1ULrNUz3Enhh10oc77+ZRF6DMoHe/Ojihf92bU/t2A25NQHmcePaO+oTJj3Fh
wkZqFsvLdqxxWLITJj5JexGJSwPwtwIDAQABAoICAQCD1bGXoo+9i9iOsUWgGu6S
lSTAmy2dv7cntYY3tgghy5XJIhOrSbCBpMgedhOmTYWXgK8xO5XswkQoBO3RQXSc
UvmB7qH4R61Hh5/tzhFKWXZdnZpFo/O8d8kiHHyoGT0XMsdiffPf6CsaDQ+C3pgT
9uisPXIXNqibUsGNVdBPBCXduxelgcFEjehw1sLTU6Eb+MR+xyw2NOgx80U525xU
afj5OvW2Y/1uWcLdC4Neo/V799JOwh1IrI0Jn47VvB1kaYcvnePuaOCQQcS0CVgT
MiGHt6VIUiasCjjckhP59pk7I634mxt6l4jFCGR+8PIZsX6MgTA0vP2pkOzqBc+/
cAudJRzTc8vdQJLjSNMqFabYO/jXkuUzFeIcANR5B5o2Ypw0IN4kJrFqIRQP9+F9
HbjTiiDz1Ss9ITy2oK7LQEIj6/8/19PuAMG3BIGth0E3NlGURofyhcnm07yK8ij3
8uVNQNTuP0DpFQSK0tuYXYFTZrxzzCaFmLyuNruSwe+UVBEZWoNuvia8FCaQcpcy
4RQhWZcfgzA5ZPWj72FoMbJL/Z07mfVnBf2mRnTy9fqdGlH7DGXIk86JPqxL3cf9
cC3zMjciKbezLFSZgpFjEJHSM+AO5ryuvRGvijv6+AwArlTROIgXOsN1aUeFy3fy
pkEcya0cWzKbjv7J8eWeAQKCAQEA+f0mB/AzXlHKj7uLEuGlCg4+Qht/j99BNPY1
GKLfSJ/MuCJkjLQ2J/3JAqlFpxBRpyS+cgfDXl4jMEdwhm8bMqi7VSfiG1d4sb8w
oPMIwuGJ4c95pUMGAtZWuQlgbIRNUiOQYne78OfH1b5liwWYE9Xw9VdQTnlfE299
s4yak5aGYxbSJlJu4hiGPINHnFF10ufcIbd0Fsebo+ci4vwfFhLAD41682CBbwdu
mBK01bMdMF1i01OzcSaq3JzCSH6epUSFkxhxaYe4KqnHQDSjFz/SalP3SsH64FkW
xSSeN66t6o5sXpIdGSCSD7UG4J2qlWcGi8nYHYyQQ4m9M4HuGQKCAQEA2joyXyfK
pt/cN3EXntYecZEpNjAiVdKaGRutca6d1Xzw3KXfwQasfUKeKcsNpgVJDyGecks2
VuyBqBrkGpmkF/Bd0CF7mQ+S2F++GnlS0ch6lmbYbk/853sVNS6rorS8GoWWhBHR
r3pdxRozooymzy62Tk+yt2MiizT3C2S7yos6FT2bnP8MIMlh0BMYspBLXz9R5VGO
f+R5TnYo5z/TjbnYtr+zCoNqDktV/ktNYTA0CKIUoscEN5rT5vB7wf9lFL8IsJ4Y
aG5CR7aKgOAaxhs3VVWYLpGxDzYxzq6tSp4fSV8LsWhe2yxW/fPkzyXbLu+6V0AV
zc12h5Qqv7gPTwKCAQAsJg7vW/ZWc+9oDuDyxrLU4csQ9bZDfFQRvGGIJkt0kfQf
mMNVLgZabbFwLODGLlWdRRn1HXXdVpa0UgmHVFvjSHU9BrwhxALmsTMvWXx0nkwx
euiqzPlkyuGp8AP9ZigZl3pKSYcBdo2OK//W23gOGLxjN7ZRBZJK5me2q+AorG6z
VTZr2icG+vnJ+g1Nh/1c7+GqerGfzESqX4mDuK7swQb2ODA8hxCUwSVA6hzRmL5Q
6k0nsSKBmyiVqYGON/5ghYdpgOmWj4dw0WcE6cbbtkO8z3Ne2n8p29HvoxXmE41X
XSu6T+efpmblKz05sd6MYBOB4HWwUkCwDMVDMXERAoIBAQChDCPSX35JqplM/RQO
bzwmWZdNWzZrmbGJaAiXBeOLAtqKK4u2WuN+yWQJucVHyUzCcvAIrwLaIU4KLlY6
XzpfRE8nYx5gtcKMFhQoW3LISKhXSGze8/7TId1j0x5tQ+4xsHaE3tWdJ7P92rlS
c3RDH9kAcAaXGf0LOLo8WUnRTvA9bqrhsMNViui5cu5eEOje0M7yaj68mXMAeWj0
SAEq7YVGULCjyJnDFMvQj+f6GmW8HUkXW8H7+zH4k27xmzYQmm6iUPn4T65wWAFc
3IZFvx4VxsY5T+GYNUmKmxReJdU3A4KQmVKvcsh8P7qTOP/JYrdk3nF44PFhWvI1
bHM3AoIBAQCVFkb5bJD9EhE+8SALxaDav0q8+R1y6P9EhxtgolXkCn4yVvB9FJMN
8fEq3jblmU7jAjJPToDufif/1OgZWDP9uauY9bguvi8xP07by+8avCg+z1y2nHvY
iIW92BfzIJ/84dDaXCzMM4ONxwVyZvrQJat8ca/aAKtl5PIMfVQX7bI7wNpvrvRl
McyQzkObtRL6Goz704BiuzO+4NIcrMNYC3gtkDErcQQQdMRP1SwbpR8htfR+fj6D
DQ5RNbS5ocAhIpXZc0kNT0a4oW0trlUbVrx6YMOqaxvqbaxJKMHzWQyWsyimeFVC
V+fp94QkDInOyrcavMH+SC1EDT5jgxgZ
-----END PRIVATE KEY-----

140
MBR/openvpn/home/keys/chris.crt Normal file
View File

@ -0,0 +1,140 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-MBR/name=VPN MBR/emailAddress=ckubu-adm.oopen.de@ckubu-adm.oopen.de
Validity
Not Before: Dec 18 23:41:27 2017 GMT
Not After : Dec 18 23:41:27 2037 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-MBR-chris/name=VPN MBR/emailAddress=ckubu-adm@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:c4:2d:3d:bd:1f:b1:c5:b2:f5:ec:76:00:80:99:
9c:0d:b2:6c:81:d5:7c:43:db:b1:4a:76:e0:55:1d:
b7:a8:59:f6:62:05:ed:ca:96:28:3d:34:ba:30:54:
71:d4:41:73:d2:bf:be:ad:f0:76:3c:13:0b:da:72:
46:6b:05:7e:72:38:f8:41:37:49:af:30:34:1b:58:
03:f2:bc:80:83:ed:7b:68:d1:94:38:91:b3:04:63:
1f:24:00:33:b2:02:cd:4c:f5:51:c7:ea:98:8f:20:
9b:dc:73:d6:21:22:e8:55:8d:0d:d7:0f:5e:ac:04:
99:62:08:72:7d:53:3f:1f:50:aa:74:f4:73:b2:7e:
30:db:3b:1b:5b:9a:6a:a9:45:8a:d9:4a:81:3a:4c:
03:20:a2:fb:d3:32:f8:dd:1e:5f:19:8c:4f:f9:79:
3b:23:32:c8:2b:6d:9d:19:33:cb:62:36:23:f7:61:
a3:23:5f:36:4d:1f:13:89:46:c2:9c:d9:53:3f:a0:
59:76:60:c5:33:43:67:e5:da:11:c9:7c:e2:4c:b1:
fc:6d:52:58:c4:0e:7b:d5:b6:d6:d8:16:0e:d9:2b:
5e:ec:95:cb:7a:a3:cd:cd:9c:b1:26:71:a0:0f:da:
86:6a:b1:6f:ed:69:12:78:24:d7:0b:ee:17:6c:b9:
ff:04:9a:e0:6f:92:8e:04:b2:d3:3e:a4:7b:28:12:
61:b4:3d:20:8c:7d:64:ac:c7:33:18:28:cb:7d:1a:
12:84:88:60:9d:cb:2a:92:19:7e:ef:3a:d0:cf:8b:
32:e8:73:94:a7:65:00:38:f9:32:91:0b:de:23:9a:
c4:25:25:25:ca:bc:8f:e5:43:a2:09:89:d7:ec:59:
6a:e0:b4:c3:ed:5b:3a:2d:be:d3:3d:86:a7:5e:ac:
ef:8c:d5:15:50:89:aa:b3:79:25:61:4f:e3:46:7b:
a6:05:4f:6f:c2:62:7e:88:25:13:2a:22:fa:30:2c:
69:9f:3b:ab:8a:d5:1c:90:a2:fc:b2:9e:bf:c1:06:
8f:6d:0f:00:56:9c:4b:6c:82:ce:e6:ed:2d:4c:80:
e0:32:7f:e1:a1:48:97:83:07:de:63:b9:a0:c3:ec:
f6:14:34:e8:b6:f3:60:88:c3:6e:1f:1b:51:37:33:
16:73:e1:91:96:bb:3c:70:27:13:98:f0:17:7e:bf:
6a:23:fd:8a:9a:d3:b4:c0:44:bc:92:7a:b0:a8:e5:
0b:fb:cf:3e:4d:b2:ef:d3:1c:d9:66:f2:36:5a:76:
a8:08:84:b6:68:a7:9d:98:bb:a9:8f:f8:f7:97:8f:
36:fe:56:98:6e:94:61:02:0d:c1:57:ec:da:fc:5b:
14:21:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
F6:FC:53:72:6F:92:07:17:BE:D4:84:A7:2E:90:B7:3F:1E:EB:F9:34
X509v3 Authority Key Identifier:
keyid:0F:C9:95:B0:9A:A3:4B:7D:4A:8C:06:B8:F8:C7:E6:1A:19:2A:24:3A
DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-MBR/name=VPN MBR/emailAddress=ckubu-adm.oopen.de@ckubu-adm.oopen.de
serial:95:42:A1:61:11:C9:98:C0
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:chris
Signature Algorithm: sha256WithRSAEncryption
47:eb:e5:f1:3a:0d:74:0d:0a:21:df:a2:7d:a8:08:34:7a:73:
38:c7:c5:94:19:24:15:52:e1:64:67:28:42:9f:87:25:5e:48:
f7:bc:d2:b7:8d:58:6e:8c:eb:c2:8e:89:9e:3b:f7:c1:7f:ef:
63:3a:93:97:fa:14:ad:3f:60:8c:08:41:a8:cc:bd:08:48:0c:
cf:2c:41:32:5e:b2:b3:66:2a:74:18:91:0c:2e:ac:4a:44:98:
d2:ad:01:b9:9f:30:1e:6b:ef:cf:29:a5:af:08:cd:5c:89:1d:
93:56:db:62:dc:f1:f4:fe:35:ec:ae:b7:15:2a:13:98:80:7c:
79:53:54:22:85:f8:c6:eb:0c:f3:43:42:01:1f:b5:8e:74:b2:
16:83:7a:0a:ba:e7:40:0e:4b:d7:71:af:c8:f6:65:ec:73:18:
ee:00:0d:2a:95:1c:3e:4a:a8:d2:f9:e5:b4:88:a1:e2:a6:c3:
11:25:65:50:8c:12:2e:87:0e:e9:ef:50:2d:f9:84:87:a9:f9:
a2:72:6a:48:e4:5d:ad:16:a3:dd:77:58:bd:72:90:9a:5b:b7:
8b:40:17:85:59:10:5d:0d:e6:75:96:e3:63:26:1f:49:73:b7:
d6:eb:ae:02:14:d1:d0:98:be:a7:fc:e7:1c:5e:c5:c5:ce:28:
b6:66:a6:84:57:2f:95:1b:80:bb:86:a2:e6:a3:ec:8c:73:2c:
1c:c2:1b:e9:e2:8a:55:64:c7:43:c8:83:29:c3:ad:79:a2:64:
d7:1e:4a:a9:3b:8a:ab:a6:81:72:62:31:20:56:d9:4e:94:75:
ad:07:d0:b3:ff:46:8d:d2:32:27:01:d5:1c:50:20:ca:61:e2:
5e:3c:66:c7:4e:99:4d:77:6b:00:c2:69:9e:97:0c:64:3d:22:
22:b1:34:f1:43:22:df:f8:d3:b4:4e:33:3c:4e:b9:b4:84:ef:
68:52:ed:9e:5d:5c:af:77:c5:35:74:b4:bc:39:26:45:0e:de:
8c:0e:4d:b2:08:20:85:55:3e:bd:64:3c:50:f2:91:69:be:e1:
a1:65:f2:95:5b:c3:18:b4:11:82:59:90:6c:ce:55:42:02:8b:
4a:50:eb:58:56:c3:e9:f9:c8:da:45:92:66:6b:71:2b:63:2e:
ed:a6:fe:1e:97:e5:59:12:93:b7:bc:54:36:58:4f:59:42:b3:
d4:8e:8d:57:07:8b:e1:66:7e:d2:5e:98:d8:44:f1:95:4c:ea:
0b:29:41:ac:ab:6a:43:8e:25:1a:c3:ef:27:e8:f6:6f:03:39:
38:88:ca:78:49:56:31:bd:9d:cd:92:4b:43:73:b1:e2:93:43:
3e:4f:81:10:74:2b:c6:5d
-----BEGIN CERTIFICATE-----
MIIHWjCCBUKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBtTELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1NQlIx
EDAOBgNVBCkTB1ZQTiBNQlIxNDAyBgkqhkiG9w0BCQEWJWNrdWJ1LWFkbS5vb3Bl
bi5kZUBja3VidS1hZG0ub29wZW4uZGUwHhcNMTcxMjE4MjM0MTI3WhcNMzcxMjE4
MjM0MTI3WjCBqDELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UE
BxMGQmVybGluMQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2Vy
dmljZXMxFjAUBgNVBAMTDVZQTi1NQlItY2hyaXMxEDAOBgNVBCkTB1ZQTiBNQlIx
ITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTCCAiIwDQYJKoZIhvcN
AQEBBQADggIPADCCAgoCggIBAMQtPb0fscWy9ex2AICZnA2ybIHVfEPbsUp24FUd
t6hZ9mIF7cqWKD00ujBUcdRBc9K/vq3wdjwTC9pyRmsFfnI4+EE3Sa8wNBtYA/K8
gIPte2jRlDiRswRjHyQAM7ICzUz1UcfqmI8gm9xz1iEi6FWNDdcPXqwEmWIIcn1T
Px9QqnT0c7J+MNs7G1uaaqlFitlKgTpMAyCi+9My+N0eXxmMT/l5OyMyyCttnRkz
y2I2I/dhoyNfNk0fE4lGwpzZUz+gWXZgxTNDZ+XaEcl84kyx/G1SWMQOe9W21tgW
DtkrXuyVy3qjzc2csSZxoA/ahmqxb+1pEngk1wvuF2y5/wSa4G+SjgSy0z6keygS
YbQ9IIx9ZKzHMxgoy30aEoSIYJ3LKpIZfu860M+LMuhzlKdlADj5MpEL3iOaxCUl
Jcq8j+VDogmJ1+xZauC0w+1bOi2+0z2Gp16s74zVFVCJqrN5JWFP40Z7pgVPb8Ji
foglEyoi+jAsaZ87q4rVHJCi/LKev8EGj20PAFacS2yCzubtLUyA4DJ/4aFIl4MH
3mO5oMPs9hQ06LbzYIjDbh8bUTczFnPhkZa7PHAnE5jwF36/aiP9iprTtMBEvJJ6
sKjlC/vPPk2y79Mc2WbyNlp2qAiEtminnZi7qY/495ePNv5WmG6UYQINwVfs2vxb
FCFNAgMBAAGjggF+MIIBejAJBgNVHRMEAjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5
LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFPb8U3JvkgcXvtSE
py6Qtz8e6/k0MIHqBgNVHSMEgeIwgd+AFA/JlbCao0t9SowGuPjH5hoZKiQ6oYG7
pIG4MIG1MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZC
ZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNl
czEQMA4GA1UEAxMHVlBOLU1CUjEQMA4GA1UEKRMHVlBOIE1CUjE0MDIGCSqGSIb3
DQEJARYlY2t1YnUtYWRtLm9vcGVuLmRlQGNrdWJ1LWFkbS5vb3Blbi5kZYIJAJVC
oWERyZjAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAQBgNVHREE
CTAHggVjaHJpczANBgkqhkiG9w0BAQsFAAOCAgEAR+vl8ToNdA0KId+ifagINHpz
OMfFlBkkFVLhZGcoQp+HJV5I97zSt41Ybozrwo6Jnjv3wX/vYzqTl/oUrT9gjAhB
qMy9CEgMzyxBMl6ys2YqdBiRDC6sSkSY0q0BuZ8wHmvvzymlrwjNXIkdk1bbYtzx
9P417K63FSoTmIB8eVNUIoX4xusM80NCAR+1jnSyFoN6CrrnQA5L13GvyPZl7HMY
7gANKpUcPkqo0vnltIih4qbDESVlUIwSLocO6e9QLfmEh6n5onJqSORdrRaj3XdY
vXKQmlu3i0AXhVkQXQ3mdZbjYyYfSXO31uuuAhTR0Ji+p/znHF7Fxc4otmamhFcv
lRuAu4ai5qPsjHMsHMIb6eKKVWTHQ8iDKcOteaJk1x5KqTuKq6aBcmIxIFbZTpR1
rQfQs/9GjdIyJwHVHFAgymHiXjxmx06ZTXdrAMJpnpcMZD0iIrE08UMi3/jTtE4z
PE65tITvaFLtnl1cr3fFNXS0vDkmRQ7ejA5NsggghVU+vWQ8UPKRab7hoWXylVvD
GLQRglmQbM5VQgKLSlDrWFbD6fnI2kWSZmtxK2Mu7ab+HpflWRKTt7xUNlhPWUKz
1I6NVweL4WZ+0l6Y2ETxlUzqCylBrKtqQ44lGsPvJ+j2bwM5OIjKeElWMb2dzZJL
Q3Ox4pNDPk+BEHQrxl0=
-----END CERTIFICATE-----

29
MBR/openvpn/home/keys/chris.csr Normal file
View File

@ -0,0 +1,29 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIE7jCCAtYCAQAwgagxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3Jr
IFNlcnZpY2VzMRYwFAYDVQQDEw1WUE4tTUJSLWNocmlzMRAwDgYDVQQpEwdWUE4g
TUJSMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGUwggIiMA0GCSqG
SIb3DQEBAQUAA4ICDwAwggIKAoICAQDELT29H7HFsvXsdgCAmZwNsmyB1XxD27FK
duBVHbeoWfZiBe3Klig9NLowVHHUQXPSv76t8HY8EwvackZrBX5yOPhBN0mvMDQb
WAPyvICD7Xto0ZQ4kbMEYx8kADOyAs1M9VHH6piPIJvcc9YhIuhVjQ3XD16sBJli
CHJ9Uz8fUKp09HOyfjDbOxtbmmqpRYrZSoE6TAMgovvTMvjdHl8ZjE/5eTsjMsgr
bZ0ZM8tiNiP3YaMjXzZNHxOJRsKc2VM/oFl2YMUzQ2fl2hHJfOJMsfxtUljEDnvV
ttbYFg7ZK17slct6o83NnLEmcaAP2oZqsW/taRJ4JNcL7hdsuf8EmuBvko4EstM+
pHsoEmG0PSCMfWSsxzMYKMt9GhKEiGCdyyqSGX7vOtDPizLoc5SnZQA4+TKRC94j
msQlJSXKvI/lQ6IJidfsWWrgtMPtWzotvtM9hqderO+M1RVQiaqzeSVhT+NGe6YF
T2/CYn6IJRMqIvowLGmfO6uK1RyQovyynr/BBo9tDwBWnEtsgs7m7S1MgOAyf+Gh
SJeDB95juaDD7PYUNOi282CIw24fG1E3MxZz4ZGWuzxwJxOY8Bd+v2oj/Yqa07TA
RLySerCo5Qv7zz5Nsu/THNlm8jZadqgIhLZop52Yu6mP+PeXjzb+VphulGECDcFX
7Nr8WxQhTQIDAQABoAAwDQYJKoZIhvcNAQELBQADggIBAGb0Q69hSYu0oZTe78/l
w5RJbfRrdVgnVB3G89tb8UhU02BJgESoRf5etbz8yhmRmLCRZZLfOxaHoIrVjnw5
3Davc9Tkm2jOvEOeGClL8xJRgeCyfnPox7+wkOh9D484JpkA82C3TVekY2ofL9w+
Wvm9hoK+y6ZNVDAOZHANgaQfSYBkHH1SJhLjKDxEKxAqsyL7hz4fsHaS0o248xG4
8o3RtitLzFdHpHQAkxBhvi2FVRVp61Sm7G7sRJrxsp80wuKGDeueYb9bGGvqQi+0
TAETvW0ty2Kqd3PYy2EaRZDjq7o0Te/wtaPWnFOZ68PIY3Gc2vTO9+6rut5GPDb0
ijz/lLX7tkFo7n4KDTSIGfGmsagTKdZSI3+sMnRkU0WLi3bydpvP+mYKviWDVBU/
NprTa2drZ6xscR1yKwhf+2z6PREkifl13TkxlKEbpzBuDAw1NrV1NosBHjS3Pzgt
Fljnka8h2ygPT2n9GpSvCn0TmUmH9F5OSJEZf+su1sfCPbzIZd+JsmhRU4cek/dV
M8CoBKbZC/DCp/hHloDbHoZPzAycW57DqLYXBI2crSwd9e/gz3innj5GzYSUEHdY
jbxVVYtbAEAEWxjN/6+wDyozxhtY/N5a+WDNcp7s8WK17TjoP/d+lyoJgRWt/duY
q0syjofcpL5SshO9sRWrNcT1
-----END CERTIFICATE REQUEST-----

54
MBR/openvpn/home/keys/chris.key Normal file
View File

@ -0,0 +1,54 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIxiEqdBH+tBACAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECHYLwIQAaxwVBIIJSDIjWSU9/Kok
bbatj//bCab//36qcLRn2ZF3xT5bUevvX6PMDhI9X6d612AVAd7V20/nloX6jmYE
5bmAWiUjDtJNynXcdxe4RtyVfViECX+vGCQwz1MhN24GzGIyCm7V0/nJU6Stqoh5
DQ+RSqpBrjcFZAWNvFYfRKG0K5QCPG3DirP02ndbqZZY+phklAwunZGaf0Ao3n2P
Iqr+/sF7D6MjcS3jFqWYyCtHrqCK+3OyQLoWcsJKK5boYq6ywcPF/9qZJoCAQX4r
tbQ+2hEvL1hVte8l+ZtM331irHdmJ8A3UJNp2zR8SBQoO61lKZ0gNcfQzfnBEJpS
Xymds+2jtcgwGYCNp3fpZk8cn3ejRGEu1Z/2KSXVlDqA4VF+tlQbcHHaQawdL5/i
Gu4tbbxt9ZfBjKn1N7GhOnheF/xK6jxaip5fP+GsU48Qhko7ng4ckGlM3dHEDkhY
005X3pwqNM5+nW73yl6Qhdj7AAq0Rjsxa3crqkDkJ+XFWq7E6Wo+g9xhous+I0lZ
LGE/GaJ8A0Hg/A35b9cCDDToxoSZm8MxZh6rBQeRlMddQ0Bki/WKqg3os9FLEY/a
T++sWWuoPw2Ei0TkKJcNStMhM/0cIY/WduOMx1zg3drApQYM4CU4lt1L8nyAzhoP
QJs0oZreY5Pt0VA9wfvg3ULlXlk0pMsIP58ci8MQ2veyTmmBEqe9TE7UiJuQrmD5
yQFfg56bcibeRJ7l6HCdgpL41s4NvNf/sPvUMx7rNkVOqgXtO5qAMhF1ODLe51BS
t990Ht6atPWEypKoxoja83OIAyn/78HLVyCf229ysQTM/YKF85H9ut+TOE9NgmLS
/7CJntWBf0wzLKzHLVhjnT1XWWvmyGQkci04+82gSwZiURPgNowTUNGozL0bNRQR
aRGlY/DT23vO3NmBz+sz92RUVBkAeJ5ujW8GozlVp8elhdgFnPbrNPVRW16XryyV
Ql/hS56GqswtJXHHMkRx4xLUujKDvkzNUboJZvZLj1pTBEH5irJFYvdHOfd/oZKx
197DIDcL72ESQHKAesogpDc8erl5AFYnEdRg54mR1lcgDzEbK4r1pQdE///H3XSU
90VlO7DOHR5tzp26njZTo8hokXVzxd2MEd8O/2tWCj55mZP8A8Fp+uWu+YBtV4KT
es3j9udI1cAMQiKL/jMOoH78+IRn2Cdw7WlLLCq3hduPJFCwH+S/WFFcDWDhCRcN
ko5CYLvHjb32PakjYgRBelTRGSBl75lUiNrRep5apCMuREvLNP3A+pmmwCs5H+fu
OKrOVHJ0pUHt8439DDeSozT3JKm+ngowuPO6JG77e1gSZ8rSHySoUBI4sGXEDcpp
6+PzATzDJr9ZLYg7UumjIQ08YX14yHPEjl64SHQZQpcE8T8XfSEESi2dBjCcQ14Q
G2a/40MFNn1a9XnMIAdw3DfPV6bTIi/LJaCCU//OFhuiPyONXuMtdCRkoA9tKHlZ
fGZ70AlLG82yJ+2BLLuvxmapmq0OFZQm+nobw0c7lZP8PWCekK6QYVREkDvn42DD
snO5gItiQIgLfW6zqq6kEXn3thBSFEFuizGprhLhnEJs+zDJ50CTs4I2QquGBdVn
Crtyp83Kf9TnaDs0VK0u/bYXjyDx82IZEIERf05La8wS3RprC7fAqAqTQ2BF2u57
2/6B7QvD8nFxYQszU1KUsaTfzRyVziAXC/t5XmMrOtZsWbimKd/o6rt0EsmNXl5R
S/GLJSqhIODLzpf1LclapRzA4JqXHpZ1JG2mr8ohKawouLvvXU39yHMOrnVaWL/S
75ZzcbKwNfnXe6lh8o7g6Ryq+5wRQpTBdEquzrPZod6uiM0Y6QgCOeDwTfpgpdXt
6JF7x75oPEW+Q5ZFvEuopzXCslIbHyycgFmlGNrYn6T0vQ5r3mYjPAtm14S0Yl0D
Dw1ykmqcLFAb6YQUKoSEJG8wPnrR6mYE1643ZQJtbgo5Grgrxd8a3+TJNhU0h4oP
1aMEG0DJFtBV6TSUojZYDwQ+pmWTp2wWyECUUkoFUeHU2oGUzEmUfj6DK3Ewh8mQ
zjUtiYN6yq68u0Y51MOIe2UrP/PjGO+EM7fmQc3oR/hA80+8LHXInEeMc3B6iLH1
MwkrslbSSaynD8bAoO9rQyvWCrwSJwjdGWYd/bPpEXILDkDhqD+E/7cJkSU2CJp9
SWrFm34IStVMGOkqRn0X4Q4Ml+RilgQy/0Nr7CQeODjHJJC6LdqePj8AMphZtWNo
QjI0ysctUJ9AZfy+xfdyxT/66kmisQFeRrYe9t9C1AEz7wQhTXTc/nPB0071JL+h
pcTVywqRPwLD+Dy4qpGc1Ocb355ieIJGi72rVieYCK5clohPeex/iM3Ay+yuhVfM
h/MS2oKaJi5M1HzOfNI/DLlEDtGHmbla12W9wWJGyQ+HKtNO2uFHgE1aRY3Exyev
E9jUDO7KUBwKutQVpvLiX0w8ftAx6QPu/7VZ8jVar9P2kIfijtIghBcPP+/Xb2/R
+OxXjwZrpJSanR8KVMxk1Gtp9dFrry2mtpMpPDqIat7Gj+/YBMov05M7Tk1arrYM
N29MylzYEaJj4+2apMzo3/TW53ld3mc4idVLNavAcCq+t6DZWdbUTkpUpNTMBEmC
ZZ+BOyQMqekM9Lo4My0XvairkmHSmRnQJND0MEc+C547z8vRFHYGo7WGFeaZXEo1
KHH+s1BFMEZFkJZPbuPuSXf+tNEfXjofMIBTUMMLv4MR1OwstDCDo95J6PvMr3/j
8mMJ6F85kkGpj5QfxP5liQhWrMiXJMEAaoZ84eGefeDMWWmiEANl+soCS/MKRYx4
DBWreg5EvXuC9wQM55UOe/DBRmK61WjOXmTuSAf3uxa4R3TjsJPny5U84s44Dq9B
1jN1hHKFLhAppgWqnGDfkp7cmsf5v600Fcn41lE4QMeDTrQMcYUseRv64uDQQI64
+mOaQ/5x26QFBFi7cyc/LkJwLfbQ7+OXgwYRlG1Z78Tx4vx/b3LfTltmSR+93hLW
x5k/sc/xt9nEUwYvqo5fv1pRU0FOJEuHueIz6ZBCjZPcYflm3Yiwzmip5CHf9Tvw
ycysCQUiTfM+oENgq9i6tFbCaOx80R+W6ckRgmXiCmDd6pKnfzZuIa/ODD7zQBh6
AiaXP+oXUEJe7qU8un0wyQ==
-----END ENCRYPTED PRIVATE KEY-----

1
MBR/openvpn/home/keys/crl.pem Symbolic link
View File

@ -0,0 +1 @@
../crl.pem

13
MBR/openvpn/home/keys/dh4096.pem Normal file
View File

@ -0,0 +1,13 @@
-----BEGIN DH PARAMETERS-----
MIICCAKCAgEAoJC1F6ZpKKOI4Dd15mboakcnTA30LZRo4xGgJE6CWMkaxQQcfYef
vDH779iXoBVNc16lcnikszrK6UMDOS0ncB9wG3zyjgNVQJGqAK8T+iUT4JEBKjX9
SdpmkreDgshe8ETHVu0KNjihw5IpH3Skh4BrM+iD40QRuEaVvIAXp3e9qDqHEOMY
wMIBI7DpUu/eJjCXzR7vAayNo+7UH1mlOn9+pkA8Ylbrxo2xACZpxappyVv2C+y3
E0mNYNWgQJykHuIYema6UhfR29QzCc9va70dr1MjVSrKIDPR/L5CYwyRk1bZaJ7f
OH+IEkWHUaSubym+1HVgnFhw1cnPjn5ZoqmrpHjl5yi+HxcBqc4LqkLrveRQ0Uh7
lXUSAN6uc9ECctcd/9IFvKpn4Q/g2vDKwpn4nvL0od5rmfZJGGXPZ5matH11Vsds
M/qYepk9IBavMlh5AUNph2v232OoP62oQkfxxijZqfDLSOyTIagwlXkukU+/NmHl
2K2EC3eTF+hh0uojfV7yqkyDCBEmCovmFB8nQZcUk9NC0Y90Bz1VxLv0DatkM4Kg
QRGZKJGPKqDgjnjzTInKsNQtLnV+5Kbc5fQFJNYBtLfp3d2tFv/XmZ6s1VModtrv
aqYSbEKSSjD8+DX0Q5e6loRAC91eCbnGyfcXyO7TFORKfKSfHBCjXrsCAQI=
-----END DH PARAMETERS-----

2
MBR/openvpn/home/keys/index.txt Normal file
View File

@ -0,0 +1,2 @@
V 371218203034Z 01 unknown /C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-MBR-server/name=VPN MBR/emailAddress=ckubu-adm@oopen.de
V 371218234127Z 02 unknown /C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-MBR-chris/name=VPN MBR/emailAddress=ckubu-adm@oopen.de

1
MBR/openvpn/home/keys/index.txt.attr Normal file
View File

@ -0,0 +1 @@
unique_subject = yes

1
MBR/openvpn/home/keys/index.txt.attr.old Normal file
View File

@ -0,0 +1 @@
unique_subject = yes

1
MBR/openvpn/home/keys/index.txt.old Normal file
View File

@ -0,0 +1 @@
V 371218203034Z 01 unknown /C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-MBR-server/name=VPN MBR/emailAddress=ckubu-adm@oopen.de

1
MBR/openvpn/home/keys/serial Normal file
View File

@ -0,0 +1 @@
03

1
MBR/openvpn/home/keys/serial.old Normal file
View File

@ -0,0 +1 @@
02

142
MBR/openvpn/home/keys/server.crt Normal file
View File

@ -0,0 +1,142 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-MBR/name=VPN MBR/emailAddress=ckubu-adm.oopen.de@ckubu-adm.oopen.de
Validity
Not Before: Dec 18 20:30:34 2017 GMT
Not After : Dec 18 20:30:34 2037 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-MBR-server/name=VPN MBR/emailAddress=ckubu-adm@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:c6:39:a5:51:7a:27:28:98:2e:bc:42:05:63:21:
36:af:e2:1d:dd:25:17:98:6e:56:af:71:9d:3d:34:
8a:b5:00:76:ea:24:9b:34:66:95:b2:a5:08:96:f6:
48:ae:b6:a1:03:1f:54:90:19:d4:a3:62:74:28:ce:
ed:32:d2:e1:c5:81:7e:e2:fe:bc:b5:ee:3d:8f:50:
1e:0d:ad:19:d4:e2:bb:2e:5d:dc:ef:99:82:04:12:
31:ee:da:fa:b8:6a:dd:1f:3d:fd:ab:ec:88:46:a2:
e1:ae:1d:14:97:ce:a0:fc:18:f8:e0:b1:dd:37:a0:
77:e7:e4:12:93:a0:a7:7b:96:f4:ef:97:ce:93:0f:
6a:0e:b8:f7:0c:f7:7a:e0:e5:ac:5f:9c:bb:1d:0d:
25:e6:ca:d9:72:c0:97:20:86:e8:d0:1b:9a:66:f7:
e7:47:f5:8a:b9:65:5a:cc:a1:16:f5:1b:b0:7f:8f:
76:77:01:57:78:0a:59:47:54:76:cc:f2:7b:d0:16:
aa:56:b5:92:41:d2:2f:6d:67:6c:5d:b8:9a:39:54:
2c:fa:d9:f5:8c:43:59:9f:a7:2f:74:42:94:0c:8f:
56:fd:38:3e:3d:20:48:73:8f:b5:6d:73:8b:3d:61:
7f:64:a3:fe:bd:6b:eb:9f:0b:ea:93:c2:12:0d:19:
43:30:c4:f3:34:63:6e:9c:52:e1:f1:c3:b0:be:66:
d2:81:16:33:a9:a0:35:23:da:3b:b6:d7:3d:77:a8:
a8:f7:79:67:ea:30:9c:55:3c:85:91:ae:3a:e8:6b:
23:e5:54:ef:70:11:32:9b:8d:cf:f4:a3:c3:a8:54:
ab:d3:6c:73:7a:c1:84:f0:a4:95:0c:8c:77:1d:a6:
a3:21:3e:4f:69:3d:d7:91:7d:ba:e0:41:ec:56:ed:
4e:b5:e5:ed:16:ca:df:bf:72:81:b0:0b:b8:73:f8:
59:8d:db:fe:46:be:35:d6:f6:f4:ac:4a:ca:49:a8:
d6:d4:c4:ec:4f:b2:61:4c:16:0d:20:9b:0d:92:96:
3f:a3:73:7d:a1:7c:30:a9:34:1f:95:3d:38:72:48:
04:b1:2a:8e:30:4b:ba:00:7f:d8:0c:a3:d3:ea:59:
6b:86:f1:03:5c:01:a4:d7:14:4b:1e:4a:be:18:c1:
24:64:26:52:56:5f:16:9e:c7:86:f3:9d:3b:50:cc:
74:e6:4c:f8:00:3c:0b:51:33:31:dd:6e:7d:44:93:
c3:3a:37:5f:17:78:7b:5f:41:21:25:d3:8c:ed:87:
31:1e:6f:14:e3:14:a2:68:67:52:6e:f4:6d:de:44:
63:d5:95:17:5c:a1:db:ff:de:2a:ee:4d:2c:be:c7:
df:8f:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Server
Netscape Comment:
Easy-RSA Generated Server Certificate
X509v3 Subject Key Identifier:
28:1E:56:DA:FB:5A:AE:0A:7D:40:8B:44:68:5C:AA:1E:30:D0:52:74
X509v3 Authority Key Identifier:
keyid:0F:C9:95:B0:9A:A3:4B:7D:4A:8C:06:B8:F8:C7:E6:1A:19:2A:24:3A
DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-MBR/name=VPN MBR/emailAddress=ckubu-adm.oopen.de@ckubu-adm.oopen.de
serial:95:42:A1:61:11:C9:98:C0
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Subject Alternative Name:
DNS:server
Signature Algorithm: sha256WithRSAEncryption
8d:75:14:4f:4e:81:35:96:11:3c:25:05:fa:4f:8a:71:f7:45:
2a:37:31:63:ee:6f:5e:18:98:0a:bd:cd:60:dc:01:2d:18:24:
f7:3f:f3:ce:fd:cc:1e:4d:bb:51:10:1d:b7:0a:fd:f6:bb:fd:
b7:79:cd:e0:36:2f:6e:9d:cb:3a:00:a7:ca:bf:49:34:3f:ed:
e3:da:c9:27:0f:38:67:e1:33:49:69:53:f1:44:4c:99:92:67:
e0:f3:d1:17:62:ea:3b:c9:30:14:07:f2:92:f9:87:30:62:51:
80:48:0c:e2:12:f7:88:84:71:e0:1c:cb:f2:f4:1d:a2:06:fa:
11:f6:31:7e:21:94:7b:7e:c7:2b:b8:96:e9:88:96:9c:f1:e8:
d7:2f:2d:93:c4:d5:8d:a7:15:54:28:a7:23:07:08:01:16:ee:
f1:d4:e2:5d:e5:7a:40:c0:15:44:70:6f:da:98:c7:20:24:c6:
50:f7:f6:13:1f:f2:d7:11:ac:8d:ca:04:1b:61:01:b3:0a:49:
4f:53:00:9a:4a:36:38:57:b6:c0:d9:bf:22:0d:2d:e3:da:7f:
f2:bb:7a:cd:ec:52:7c:38:68:b6:33:3b:f8:e4:12:6d:ef:90:
6d:b6:99:21:7b:30:a0:53:c0:09:f5:02:8c:88:ab:11:99:d1:
a1:b0:c5:eb:4b:f5:12:11:d6:b9:ee:62:25:b4:a2:bf:7e:37:
a8:4d:f1:5b:8e:f4:f8:02:9e:12:7c:4a:37:f4:f0:27:ea:94:
68:38:43:d7:d7:a9:3e:ef:f0:23:e9:a9:83:1c:c6:cb:0d:21:
15:b3:02:bd:0b:b7:44:ee:af:ac:3d:0f:72:4f:5d:43:1e:13:
96:fc:79:54:9e:f5:3d:56:21:1a:a3:52:89:e7:89:e1:5a:e2:
f2:ae:8e:b2:a3:fe:18:f9:7e:0d:35:75:a7:82:3c:51:fa:c9:
05:73:e1:ae:4a:76:d0:3c:36:e4:3c:24:3a:58:24:e0:7c:dc:
ec:3f:0b:b7:fa:68:53:03:b2:21:28:c6:57:4a:85:8f:19:91:
f2:6e:31:c3:1f:12:fd:67:72:d3:d3:3b:0b:2f:cc:c8:3a:c9:
ac:13:c5:51:eb:a5:7a:87:e3:4d:21:ba:c9:41:29:0c:78:5d:
5b:04:96:d3:0b:2e:75:db:2a:9d:fe:57:1c:7e:03:10:6b:30:
e9:c3:d7:6a:95:4b:65:48:4c:2f:62:d6:9d:36:02:a3:05:a0:
b4:f0:fa:c4:74:10:32:06:d5:a8:d7:be:b6:8e:b4:7d:b7:3f:
3e:01:45:50:25:e8:7d:51:da:5e:22:17:8d:1a:5f:4a:a4:7e:
e9:53:58:cd:30:11:0a:af
-----BEGIN CERTIFICATE-----
MIIHdjCCBV6gAwIBAgIBATANBgkqhkiG9w0BAQsFADCBtTELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1NQlIx
EDAOBgNVBCkTB1ZQTiBNQlIxNDAyBgkqhkiG9w0BCQEWJWNrdWJ1LWFkbS5vb3Bl
bi5kZUBja3VidS1hZG0ub29wZW4uZGUwHhcNMTcxMjE4MjAzMDM0WhcNMzcxMjE4
MjAzMDM0WjCBqTELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UE
BxMGQmVybGluMQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2Vy
dmljZXMxFzAVBgNVBAMTDlZQTi1NQlItc2VydmVyMRAwDgYDVQQpEwdWUE4gTUJS
MSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGUwggIiMA0GCSqGSIb3
DQEBAQUAA4ICDwAwggIKAoICAQDGOaVReicomC68QgVjITav4h3dJReYblavcZ09
NIq1AHbqJJs0ZpWypQiW9kiutqEDH1SQGdSjYnQozu0y0uHFgX7i/ry17j2PUB4N
rRnU4rsuXdzvmYIEEjHu2vq4at0fPf2r7IhGouGuHRSXzqD8GPjgsd03oHfn5BKT
oKd7lvTvl86TD2oOuPcM93rg5axfnLsdDSXmytlywJcghujQG5pm9+dH9Yq5ZVrM
oRb1G7B/j3Z3AVd4CllHVHbM8nvQFqpWtZJB0i9tZ2xduJo5VCz62fWMQ1mfpy90
QpQMj1b9OD49IEhzj7Vtc4s9YX9ko/69a+ufC+qTwhINGUMwxPM0Y26cUuHxw7C+
ZtKBFjOpoDUj2ju21z13qKj3eWfqMJxVPIWRrjroayPlVO9wETKbjc/0o8OoVKvT
bHN6wYTwpJUMjHcdpqMhPk9pPdeRfbrgQexW7U615e0Wyt+/coGwC7hz+FmN2/5G
vjXW9vSsSspJqNbUxOxPsmFMFg0gmw2Slj+jc32hfDCpNB+VPThySASxKo4wS7oA
f9gMo9PqWWuG8QNcAaTXFEseSr4YwSRkJlJWXxaex4bznTtQzHTmTPgAPAtRMzHd
bn1Ek8M6N18XeHtfQSEl04zthzEebxTjFKJoZ1Ju9G3eRGPVlRdcodv/3iruTSy+
x9+P2wIDAQABo4IBmTCCAZUwCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCBkAw
NAYJYIZIAYb4QgENBCcWJUVhc3ktUlNBIEdlbmVyYXRlZCBTZXJ2ZXIgQ2VydGlm
aWNhdGUwHQYDVR0OBBYEFCgeVtr7Wq4KfUCLRGhcqh4w0FJ0MIHqBgNVHSMEgeIw
gd+AFA/JlbCao0t9SowGuPjH5hoZKiQ6oYG7pIG4MIG1MQswCQYDVQQGEwJERTEP
MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBk8uT1BF
TjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLU1CUjEQ
MA4GA1UEKRMHVlBOIE1CUjE0MDIGCSqGSIb3DQEJARYlY2t1YnUtYWRtLm9vcGVu
LmRlQGNrdWJ1LWFkbS5vb3Blbi5kZYIJAJVCoWERyZjAMBMGA1UdJQQMMAoGCCsG
AQUFBwMBMAsGA1UdDwQEAwIFoDARBgNVHREECjAIggZzZXJ2ZXIwDQYJKoZIhvcN
AQELBQADggIBAI11FE9OgTWWETwlBfpPinH3RSo3MWPub14YmAq9zWDcAS0YJPc/
8879zB5Nu1EQHbcK/fa7/bd5zeA2L26dyzoAp8q/STQ/7ePayScPOGfhM0lpU/FE
TJmSZ+Dz0Rdi6jvJMBQH8pL5hzBiUYBIDOIS94iEceAcy/L0HaIG+hH2MX4hlHt+
xyu4lumIlpzx6NcvLZPE1Y2nFVQopyMHCAEW7vHU4l3lekDAFURwb9qYxyAkxlD3
9hMf8tcRrI3KBBthAbMKSU9TAJpKNjhXtsDZvyINLePaf/K7es3sUnw4aLYzO/jk
Em3vkG22mSF7MKBTwAn1AoyIqxGZ0aGwxetL9RIR1rnuYiW0or9+N6hN8VuO9PgC
nhJ8Sjf08CfqlGg4Q9fXqT7v8CPpqYMcxssNIRWzAr0Lt0Tur6w9D3JPXUMeE5b8
eVSe9T1WIRqjUonnieFa4vKujrKj/hj5fg01daeCPFH6yQVz4a5KdtA8NuQ8JDpY
JOB83Ow/C7f6aFMDsiEoxldKhY8ZkfJuMcMfEv1nctPTOwsvzMg6yawTxVHrpXqH
400huslBKQx4XVsEltMLLnXbKp3+Vxx+AxBrMOnD12qVS2VITC9i1p02AqMFoLTw
+sR0EDIG1ajXvraOtH23Pz4BRVAl6H1R2l4iF40aX0qkfulTWM0wEQqv
-----END CERTIFICATE-----

29
MBR/openvpn/home/keys/server.csr Normal file
View File

@ -0,0 +1,29 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIE7zCCAtcCAQAwgakxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3Jr
IFNlcnZpY2VzMRcwFQYDVQQDEw5WUE4tTUJSLXNlcnZlcjEQMA4GA1UEKRMHVlBO
IE1CUjEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlMIICIjANBgkq
hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxjmlUXonKJguvEIFYyE2r+Id3SUXmG5W
r3GdPTSKtQB26iSbNGaVsqUIlvZIrrahAx9UkBnUo2J0KM7tMtLhxYF+4v68te49
j1AeDa0Z1OK7Ll3c75mCBBIx7tr6uGrdHz39q+yIRqLhrh0Ul86g/Bj44LHdN6B3
5+QSk6Cne5b075fOkw9qDrj3DPd64OWsX5y7HQ0l5srZcsCXIIbo0BuaZvfnR/WK
uWVazKEW9Ruwf492dwFXeApZR1R2zPJ70BaqVrWSQdIvbWdsXbiaOVQs+tn1jENZ
n6cvdEKUDI9W/Tg+PSBIc4+1bXOLPWF/ZKP+vWvrnwvqk8ISDRlDMMTzNGNunFLh
8cOwvmbSgRYzqaA1I9o7ttc9d6io93ln6jCcVTyFka466Gsj5VTvcBEym43P9KPD
qFSr02xzesGE8KSVDIx3HaajIT5PaT3XkX264EHsVu1OteXtFsrfv3KBsAu4c/hZ
jdv+Rr411vb0rErKSajW1MTsT7JhTBYNIJsNkpY/o3N9oXwwqTQflT04ckgEsSqO
MEu6AH/YDKPT6llrhvEDXAGk1xRLHkq+GMEkZCZSVl8WnseG8507UMx05kz4ADwL
UTMx3W59RJPDOjdfF3h7X0EhJdOM7YcxHm8U4xSiaGdSbvRt3kRj1ZUXXKHb/94q
7k0svsffj9sCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4ICAQBiG/MjEDzsPZ/ZI6j6
ZPug5lbGTS0T2ZpOvRRMqE4rMaCSrTmS61Zw5VXsVIKNVuJN20B1NGo46lrSPYt8
Om7k3QaxHxGTrRs0bsAtfInvzh6j7n0P80hliyTHyT3NzK7zP9gkcq2wCk/b6X/6
Dvjm8nNZz3PfUmpXNVSaHSILvvvbtCf/nxYzXRktG7OQJCgUx0KQdDigwIx4rREE
bwzJt5E7ybt/NglZw3B2QoLsMGh89L8J37iICOanbf1JHeMgW+svepskm9J28xvE
QP1gq/htnYHmCaD5xMqgSbMFZgrV4ipixrcxdvz7Ek/4+uc42nrZfnf3j3qFKqej
UZtpmochzN1PkdKkxrpVKSTh97zsXCwtbIcLxEAd9RdUloIUNrQAvzSgTIT2tjF3
aqrt4YUbxxvMERgwINxye4FQYBQQvnaucrzLNow9YZf9Owzf02fNigBnz/Hbk726
OVcqww0z7KJs4VkFhTGkATsAyKRe8gDuGshpQpPB3x5hr/cW2Z5mKbIrHKDK1jov
6jsADFZTr8r7CrNo3aDqxjFn5a9iRo1w348aQq/cqBYHrKPddcrQrPH+4m6h19QJ
Vn7i+iz8ZdvMhnE8sl4g/ZoMYEvuKn5eT8yzbL0Xf9mhDNcTuSgqEu+1u/eW04Uy
gXfX67DLAAmQ26mUM6dcMYSutA==
-----END CERTIFICATE REQUEST-----

52
MBR/openvpn/home/keys/server.key Normal file
View File

@ -0,0 +1,52 @@
-----BEGIN PRIVATE KEY-----
MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDGOaVReicomC68
QgVjITav4h3dJReYblavcZ09NIq1AHbqJJs0ZpWypQiW9kiutqEDH1SQGdSjYnQo
zu0y0uHFgX7i/ry17j2PUB4NrRnU4rsuXdzvmYIEEjHu2vq4at0fPf2r7IhGouGu
HRSXzqD8GPjgsd03oHfn5BKToKd7lvTvl86TD2oOuPcM93rg5axfnLsdDSXmytly
wJcghujQG5pm9+dH9Yq5ZVrMoRb1G7B/j3Z3AVd4CllHVHbM8nvQFqpWtZJB0i9t
Z2xduJo5VCz62fWMQ1mfpy90QpQMj1b9OD49IEhzj7Vtc4s9YX9ko/69a+ufC+qT
whINGUMwxPM0Y26cUuHxw7C+ZtKBFjOpoDUj2ju21z13qKj3eWfqMJxVPIWRrjro
ayPlVO9wETKbjc/0o8OoVKvTbHN6wYTwpJUMjHcdpqMhPk9pPdeRfbrgQexW7U61
5e0Wyt+/coGwC7hz+FmN2/5GvjXW9vSsSspJqNbUxOxPsmFMFg0gmw2Slj+jc32h
fDCpNB+VPThySASxKo4wS7oAf9gMo9PqWWuG8QNcAaTXFEseSr4YwSRkJlJWXxae
x4bznTtQzHTmTPgAPAtRMzHdbn1Ek8M6N18XeHtfQSEl04zthzEebxTjFKJoZ1Ju
9G3eRGPVlRdcodv/3iruTSy+x9+P2wIDAQABAoICADVHYz7uFT5dARrKqAYH9Fn7
7cj14kyvQ49uezPrPmj+EfhHFIxWEmBs6U0iL1D+d3KOZj1BJB0yJkSdsbWaZuKe
Nsuuamx/933gq+NDJpFIy8Tfp7WizgZoGZG4u/D7kCmIkPk33z0VJJGW8WUIPc7k
q2hBhlMgR3pFnBSf9sRKQ9VuOTDf0MLaRlTu49E1Ckq8prJdSVWqKh4k07oDaOoe
sTaB5WE7Byljq68akUAaTCtNFStRagAyz+JTOodFma/Jl8ksjn4wj1zZko/yQUmt
bVWTZeNoatt1pVSbXI2vrVLsXhYx6idddgdQKhm6bfJP/fVN34vlOQyz+gQZSSyG
MMXC9sKscUL9291zWjPZOzX4xskSXQD+QLZ2cKB8FHvYjCe/AzyrVTy0NO8PlrVX
n1eRZJV8hi1zM1HRj0Oh7DzY10EKD0pRW3i/H+pBh9JhuwuEJPz0C3vVo+qR0W50
Q4wlaR/E3Z2pRIiiP3PPnBYBiZNGmhmVlCGqfyZ1IaQLT3orUKqLnwQn8UcMwocg
XJ6NnvmNKEMJq7hr1RY2chLpjf8CLsTg4fulrTFylkEk+jaCBKAhv7VPWnkBw3g6
UZtgTbLQpzjzzsgdsEBlI4wqi7Y6xPZ3+Vd33RsRmHqHtEK0AkiyUN0LK/o5nb5Z
erjVufPngHwGZ4pZ13RRAoIBAQDxW+2ERneA2J4l+9Y5I5mE3XSnVer0bXF9Z+Kd
gJaUDmspEjWodcbN2+qzOzGrLVWhM9zJtEtHKYMG/+Ll27S7b4Lc7gInqz5Y9DpE
UCS+8jWpk2/uiNEgLU22TXzXVeiVqCfeVgLzsTiNaQC3D9uOG6r4iQSEY88Y2qYd
2A/TVpDHRBzoU6tK8xPAbeDJYumUUU7vi06/6Mz1YIJMtEDzm5VWhWnDGxmObiND
B0ZiNye9YOBTNIojgqvh5v36t1FTDeVGn9wtBf5dC/fGwnbU5lfmsTgGR9sL5Tbt
Dj4Hn3wzVyFuBCT8Pu+YZxD7rLXoyUamkIZxupDOXIjjDoqTAoIBAQDSP+PkC/+g
nEOgvwR4nupO5ASE4xcbK4n46uROAi/K/LBpkKiyB3SDPpip3Fv991bCaq30g/eX
d0gAvKb9fJgJ1cq3vME3Fcgvu85dB8dFtQmbbN/Kp4HGcF3sg2swEZL/aMsAPauS
c3u77VSx6SGaAADCjt1nG2ZK62hnoa5A/y5XFez7/uwqFo3OhEpxmk0ukTSMnHNC
LJYaL6pbk/YS1lhNGybIeDzf2bKWSsnUNtbO5tow+8nJJZku9jyytotJEVm8ZiJt
BSeoiFhfVcwzCn+4sbLDsyvkM1K9VDEbypn9jqnTxcwuJTj9ZsXDBq2g+5O60I8Z
rpaRfqAcRwqZAoIBABIejJ45jA8oM/c2CMcRXR0UYwWM9a6T6Mk5W1HnrWZADttu
eojDDsG1mNELyJbJOHx5oEGkP2KAQ03rN+V5sP/BR1m+pHrF6FBVRWqLeba8CDtK
zkRiERERVZwyBQVFdciGbzfJzT7uNwimsV8M2ba5bQRrhONLeuiqwX3MEqQTA5ty
CZmHbnyZ8wmnNhDoVBDGad6h3q+Zkol5TU7k2Vtweq2cJmx3RFvk+NC3YxlMerdE
5pJYh2ZTEQRMixSfXoOVr3i115mpsYbatyc8wh8Ji9/Nvh76lf82ngD96Lo5xuEz
0VapCP3G28XdNvEt7hojwiIPB4jSMLzNRZmGJfECggEAT0JqpNOpIGEIVZbtFpPB
/M+UrIv3b/Sv5LiYLJhCcCFmV8WC8upAkCGO56n8u/b8K/qPbXg6ZE1BRZXY1gKc
RkjkTPPJWvzJJMWF/CgshSjEYGVg0ELpd2dw4PKB+/MEGWjl7kdRYLpMUQIdRZx/
YFDT+IRnDrGTlHa+OyMGT9ZjH81SM4VcfllWSB4y+jSTGBUBXGi2QqIQS/rgG/nh
cCSB0T+FFVnOiQzGeEXlZCzwObtpUcH5xex4nO2S4ERUqczyqUVPgQ3Kb4xG1FnB
yxQQJg5HN+NZjoOSk3EjujhcaOvZNc6BNHwvycdukiD4X5G3lVt+Ns5MULkNntth
MQKCAQEAt2ZKJKPToeHR+xmFCch57tn0RU41bJFiTZLRq9ukWM3fA6ZAdGlin+o6
1GNGWjUO0WBM2FChXSgSn/8PygNdvpVmAynNBdyfHYC1rNIivJIUF49XQIYoeWXO
+zV4nKx3iMAAvdcGp8q+ArBWi6mgggX5pGIh707IlK5HPBqzR939Q46eOQ+DCzgY
IrRReX5n3QibZSOm5SxnKXWi59xOHjNIh7Q4yAAdN7BZV5v1ZEPVuMZQ3gNf6cbz
/TCiyGhDtya6ATEqvrGQotUvyhv/SU9QImBY2LZtCEMIywi1vSKaUQo6k8aVKpzj
SNWtOv+BRPbSTymad6j1nxTu83Ij4A==
-----END PRIVATE KEY-----

21
MBR/openvpn/home/keys/ta.key Normal file
View File

@ -0,0 +1,21 @@
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
c1bb483e19d6c90def9e3b3054725c26
83dad3473e46c324617f10954a9ef0c0
04d3e53c787043db4b2f0c0f55d38928
13ccfe3325bdc2a12294ee4a6eee14e1
301e57912bdb03502032b97dd30fa67a
6f7f2af6759ed4a6f7d32e863417c38f
d0d29d7c1c2aea2b60c273878919c815
220984a3a5e996a8ad9e01bc5595b87c
2e60411d8d44f0769ed53afff6259395
112f2218b859ce5ae46542be229ec2aa
ab78338e1db08e5765571faf096fb5d3
ebf22fc761cd3a70ef97c4cb20dd1778
830a8b2b1463e8101825003181e8e188
74dd61d43462ef4f8271c68c5aebdb07
a4300e941ab9bfbdb5f34f23442222b8
7c5b89d7e9ff18e1367af366abf53c3d
-----END OpenVPN Static key V1-----