o.open/Office_Networks
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Christoph
2018-05-08 03:01:03 +02:00
commit 1c4c595cd6
3256 changed files with 417972 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
OPP/README.txt Normal file
View File

@ -0,0 +1,25 @@
Notice:
You have to change some configuration files becaus the because
the configuration of network interfaces must not be equal.
!! Take care, to use the right device names !!
Maybe they are called i.e. 'enp0sXX', but you can rename it.
See also : README.rename.netdevices
For the backup gateway host:
eth1 --> LAN
eth2 --> WAN or ppp0 (DSL device)
eth0 --> WLAN or second LAN or what ever
or
br0 --> WLAN or second LAN or what ever
So you have to change the following files
dsl-provider.OPP: ppp0 comes over eth2
interfaces.OPP: see above
default_isc-dhcp-server.OPP
ipt-firewall.OPP: LAN device (mostly ) = eth1
second LAN WLAN or what ever (if present) = eth0

1
OPP/bin/admin-stuff Submodule

Submodule OPP/bin/admin-stuff added at 6c91fc0987

1
OPP/bin/manage-gw-config Submodule

Submodule OPP/bin/manage-gw-config added at 2a96dfdc8f

1
OPP/bin/monitoring Submodule

Submodule OPP/bin/monitoring added at 0611d0a2ad

1
OPP/bin/os-upgrade.sh Symbolic link
View File

@ -0,0 +1 @@
admin-stuff/os-upgrade.sh

1
OPP/bin/postfix Submodule

Submodule OPP/bin/postfix added at c1934d5bde

1
OPP/bin/test_email.sh Symbolic link
View File

@ -0,0 +1 @@
admin-stuff/test_email.sh

69
OPP/bind/bind.keys Normal file
View File

@ -0,0 +1,69 @@
# The bind.keys file is used to override the built-in DNSSEC trust anchors
# which are included as part of BIND 9. As of the current release, the only
# trust anchors it contains are those for the DNS root zone ("."), and for
# the ISC DNSSEC Lookaside Validation zone ("dlv.isc.org"). Trust anchors
# for any other zones MUST be configured elsewhere; if they are configured
# here, they will not be recognized or used by named.
#
# The built-in trust anchors are provided for convenience of configuration.
# They are not activated within named.conf unless specifically switched on.
# To use the built-in root key, set "dnssec-validation auto;" in
# named.conf options. To use the built-in DLV key, set
# "dnssec-lookaside auto;". Without these options being set,
# the keys in this file are ignored.
#
# This file is NOT expected to be user-configured.
#
# These keys are current as of Feburary 2017. If any key fails to
# initialize correctly, it may have expired. In that event you should
# replace this file with a current version. The latest version of
# bind.keys can always be obtained from ISC at https://www.isc.org/bind-keys.
managed-keys {
# ISC DLV: See https://www.isc.org/solutions/dlv for details.
#
# NOTE: The ISC DLV zone is being phased out as of February 2017;
# the key will remain in place but the zone will be otherwise empty.
# Configuring "dnssec-lookaside auto;" to activate this key is
# harmless, but is no longer useful and is not recommended.
dlv.isc.org. initial-key 257 3 5 "BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2
brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+
1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5
ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk
Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM
QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt
TDN0YUuWrBNh";
# ROOT KEYS: See https://data.iana.org/root-anchors/root-anchors.xml
# for current trust anchor information.
#
# These keys are activated by setting "dnssec-validation auto;"
# in named.conf.
#
# This key (19036) is to be phased out starting in 2017. It will
# remain in the root zone for some time after its successor key
# has been added. It will remain this file until it is removed from
# the root zone.
. initial-key 257 3 8 "AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF
FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX
bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD
X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz
W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS
Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq
QxA+Uk1ihz0=";
# This key (20326) is to be published in the root zone in 2017.
# Servers which were already using the old key (19036) should
# roll seamlessly to this new one via RFC 5011 rollover. Servers
# being set up for the first time can use the contents of this
# file as initializing keys; thereafter, the keys in the
# managed key database will be trusted and maintained
# automatically.
. initial-key 257 3 8 "AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3
+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kv
ArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF
0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+e
oZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfd
RUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwN
R1AkUTV74bU=";
};

12
OPP/bind/db.0 Normal file
View File

@ -0,0 +1,12 @@
;
; BIND reverse data file for broadcast zone
;
$TTL 604800
@ IN SOA localhost. root.localhost. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS localhost.

13
OPP/bind/db.127 Normal file
View File

@ -0,0 +1,13 @@
;
; BIND reverse data file for local loopback interface
;
$TTL 604800
@ IN SOA localhost. root.localhost. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS localhost.
1.0.0 IN PTR localhost.

86
OPP/bind/db.192.168.62.0 Normal file
View File

@ -0,0 +1,86 @@
;
; BIND reverse data file for local opp.netz zone
;
$TTL 43600
@ IN SOA ns.opp.netz. ckubu.oopen.de. (
2018010301 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
IN NS ns-opp.opp.netz.
; - Gateway/Firewall
254 IN PTR gw-opp.opp.netz.
; - (Caching ) Nameserver
53 IN PTR ns-opp.opp.netz.
; - Fileserver
1 IN PTR file-opp.opp.netz.
; - IPMI
;202 IN PTR ipmi-opp.opp.netz.
11 IN PTR file-ipmi.opp.netz.
12 IN PTR gw-ipmi.opp.netz.
; - Drucker
5 IN PTR hp-lj-3055.opp.netz.
6 IN PTR brother-mfc-7460.opp.netz.
7 IN PTR kyocera-m6535cidn.opp.netz.
; - Accesspoint
50 IN PTR wlan-opp.opp.netz.
51 IN PTR ap-unifi-1.opp.netz.
; - LAN
104 IN PTR opp4.opp.netz.
105 IN PTR opp5.opp.netz.
106 IN PTR opp6.opp.netz.
120 IN PTR opp3-lan.opp.netz.
121 IN PTR katja.opp.netz.
122 IN PTR katrin-eth-usb.opp.netz.
123 IN PTR marcus-eth-usb.opp.netz.
124 IN PTR ines.opp.netz.
125 IN PTR tobias.opp.netz.
126 IN PTR ulrike.opp.netz.
127 IN PTR opp2-lan.opp.netz.
128 IN PTR sofia.opp.netz.
129 IN PTR judith.opp.netz.
130 IN PTR amine.opp.netz.
131 IN PTR martin.opp.netz.
132 IN PTR cristina.opp.netz.
133 IN PTR katrin-priv.opp.netz.
135 IN PTR hannes.opp.netz.
136 IN PTR ingmar-eth-usb.opp.netz.
137 IN PTR opp1-lan.opp.netz.
139 IN PTR eli-eth-usb.opp.netz.
141 IN PTR katja-wlan.opp.netz.
142 IN PTR katrin-wlan.opp.netz.
143 IN PTR marcus-wlan.opp.netz.
144 IN PTR ines-wlan.opp.netz.
145 IN PTR tobias-wlan.opp.netz.
146 IN PTR ulrike-wlan.opp.netz.
147 IN PTR anne-wlan.opp.netz.
148 IN PTR sofia-wlan.opp.netz.
149 IN PTR judith-wlan.opp.netz.
150 IN PTR amine-wlan.opp.netz.
151 IN PTR martin-wlan.opp.netz.
152 IN PTR cristina-wlan.opp.netz.
153 IN PTR katrin-priv-wlan.opp.netz.
155 IN PTR hannes-wlan.opp.netz.
156 IN PTR ingmar-wlan.opp.netz.
157 IN PTR opp1-wlan.opp.netz.
159 IN PTR eli-wlan.opp.netz

12
OPP/bind/db.255 Normal file
View File

@ -0,0 +1,12 @@
;
; BIND reverse data file for broadcast zone
;
$TTL 604800
@ IN SOA localhost. root.localhost. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS localhost.

14
OPP/bind/db.empty Normal file
View File

@ -0,0 +1,14 @@
; BIND reverse data file for empty rfc1918 zone
;
; DO NOT EDIT THIS FILE - it is used for multiple zones.
; Instead, copy it, edit named.conf, and use that copy.
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
86400 ) ; Negative Cache TTL
;
@ IN NS localhost.

14
OPP/bind/db.local Normal file
View File

@ -0,0 +1,14 @@
;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA localhost. root.localhost. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS localhost.
@ IN A 127.0.0.1
@ IN AAAA ::1

180
OPP/bind/db.opp.netz Normal file
View File

@ -0,0 +1,180 @@
;
; BIND data file for local opp.netz zone
;
$TTL 43600
@ IN SOA ns.opp.netz. ckubu.oopen.de. (
2018010301 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
IN NS ns-opp.opp.netz.
; Gateway/Firewall
gw-opp IN A 192.168.62.254
gate IN CNAME gw-opp
gw IN CNAME gw-opp
; (Caching ) Nameserver
ns-opp IN A 192.168.62.53
ns IN CNAME ns-opp
nscache IN CNAME ns-opp
; Accesspoint Unifi AP AC PRO Ubiquiti
ap-unifi-1 IN A 192.168.62.51
ap-1 IN CNAME ap-unifi-1
; Controller for Unifi AP's
ctl-unifi IN A 192.168.62.254
; - Fileserver
file-opp IN A 192.168.62.1
file IN CNAME file-opp
zapata IN CNAME file-opp
; - IPMI
file-ipmi IN A 192.168.62.11
zapata-ipmi IN CNAME file-ipmi
gw-ipmi IN A 192.168.62.12
gate-ipmi IN CNAME gw-ipmi
; - Drucker
hp-lj-3055 IN A 192.168.62.5
hp-laserjet-3055 IN CNAME hp-lj-3055
brother-mfc-7460 IN A 192.168.62.6
brother IN CNAME brother-mfc-7460
kyocera-m6535cidn IN A 192.168.62.7
kyocera IN CNAME kyocera-m6535cidn
; - Accesspoint
wlan-opp IN A 192.168.62.50
ap IN CNAME wlan-opp
accesspoint IN CNAME wlan-opp
; - LAN
opp4 IN A 192.168.62.104
opp4-lan IN CNAME opp4
opp5 IN A 192.168.62.105
opp5-lan IN CNAME opp5
opp6 IN A 192.168.62.106
opp6-lan IN CNAME opp6
opp3-lan IN A 192.168.62.120
opp3 IN CNAME opp3-lan
opp3-eth-usb IN CNAME opp3-lan
katja IN A 192.168.62.121
katja-lan IN CNAME katja
katrin-eth-usb IN A 192.168.62.122
katrin-lan IN CNAME katrin-eth-usb
marcus-eth-usb IN A 192.168.62.123
marcus-lan IN CNAME marcus-eth-usb
marcus IN CNAME marcus-eth-usb
ines IN A 192.168.62.124
ines-lan IN CNAME ines
tobias IN A 192.168.62.125
tobias-lan IN CNAME tobias
ulrike IN A 192.168.62.126
ulrike-lan IN CNAME ulrike
opp2-lan IN A 192.168.62.127
opp2 IN CNAME opp2-lan
opp2-eth-usb IN CNAME opp2-lan
sofia IN A 192.168.62.128
sofia-lan IN CNAME sofia
judith IN A 192.168.62.129
judith-lan IN CNAME judith
amine-eth-usb IN A 192.168.62.130
amine-lan IN CNAME amine-eth-usb
amine IN CNAME amine-eth-usb
martin IN A 192.168.62.131
martin-lan IN CNAME martin
cristina IN A 192.168.62.132
cristina-lan IN CNAME cristina
katrin-priv IN A 192.168.62.133
katrin-priv-lan IN CNAME katrin
hannes IN A 192.168.62.135
hannes-lan IN CNAME hannes
ingmar-eth-usb IN A 192.168.62.136
ingmar-lan IN CNAME ingmar-eth-usb
ingmar IN CNAME ingmar-eth-usb
opp1-lan IN A 192.168.62.137
opp1 IN CNAME opp1-lan
opp1-eth-usb IN CNAME opp1-lan
eli-eth-usb IN A 192.168.62.139
eli IN CNAME eli-eth-usb
eli-lan IN CNAME eli-eth-usb
; - WLAN
opp3-wlan IN A 192.168.62.140
katja-wlan IN A 192.168.62.141
katrin-wlan IN A 192.168.62.142
marcus-wlan IN A 192.168.62.143
ines-wlan IN A 192.168.62.144
tobias-wlan IN A 192.168.62.145
ulrike-wlan IN A 192.168.62.146
opp2-wlan IN A 192.168.62.147
sofia-wlan IN A 192.168.62.148
judith-wlan IN A 192.168.62.149
amine-wlan IN A 192.168.62.150
martin-wlan IN A 192.168.62.151
cristina-wlan IN A 192.168.62.152
katrin-priv-wlan IN A 192.168.62.153
hannes-wlan IN A 192.168.62.155
ingmar-wlan IN A 192.168.62.156
opp1-wlan IN A 192.168.62.157
eli-wlan IN A 192.168.62.159
; - Services
wiki IN A 192.168.62.254

90
OPP/bind/db.root Normal file
View File

@ -0,0 +1,90 @@
; This file holds the information on root name servers needed to
; initialize cache of Internet domain name servers
; (e.g. reference this file in the "cache . <file>"
; configuration file of BIND domain name servers).
;
; This file is made available by InterNIC
; under anonymous FTP as
; file /domain/named.cache
; on server FTP.INTERNIC.NET
; -OR- RS.INTERNIC.NET
;
; last update: February 17, 2016
; related version of root zone: 2016021701
;
; formerly NS.INTERNIC.NET
;
. 3600000 NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:ba3e::2:30
;
; FORMERLY NS1.ISI.EDU
;
. 3600000 NS B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201
B.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:84::b
;
; FORMERLY C.PSI.NET
;
. 3600000 NS C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
C.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2::c
;
; FORMERLY TERP.UMD.EDU
;
. 3600000 NS D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13
D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2d::d
;
; FORMERLY NS.NASA.GOV
;
. 3600000 NS E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
;
; FORMERLY NS.ISC.ORG
;
. 3600000 NS F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2f::f
;
; FORMERLY NS.NIC.DDN.MIL
;
. 3600000 NS G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
;
; FORMERLY AOS.ARL.ARMY.MIL
;
. 3600000 NS H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET. 3600000 A 198.97.190.53
H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::53
;
; FORMERLY NIC.NORDU.NET
;
. 3600000 NS I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fe::53
;
; OPERATED BY VERISIGN, INC.
;
. 3600000 NS J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:c27::2:30
;
; OPERATED BY RIPE NCC
;
. 3600000 NS K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fd::1
;
; OPERATED BY ICANN
;
. 3600000 NS L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42
L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:3::42
;
; OPERATED BY WIDE
;
. 3600000 NS M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
M.ROOT-SERVERS.NET. 3600000 AAAA 2001:dc3::35
; End of file

11
OPP/bind/named.conf Normal file
View File

@ -0,0 +1,11 @@
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";

30
OPP/bind/named.conf.default-zones Normal file
View File

@ -0,0 +1,30 @@
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};

19
OPP/bind/named.conf.local Normal file
View File

@ -0,0 +1,19 @@
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
zone "opp.netz" {
type master;
file "/etc/bind/db.opp.netz";
};
zone "62.168.192.in-addr.arpa" {
type master;
file "/etc/bind/db.192.168.62.0";
};

8
OPP/bind/named.conf.local.ORIG Normal file
View File

@ -0,0 +1,8 @@
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

49
OPP/bind/named.conf.options Normal file
View File

@ -0,0 +1,49 @@
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
// forwarders {
// 0.0.0.0;
// };
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-validation auto;
// Security options
listen-on {
127.0.0.1;
192.168.62.53;
};
allow-query {
127.0.0.1;
192.168.0.0/16;
10.0.0.0/8;
::1;
2003:a:b3b:7900::/64;
fde2:8acd:e9d3::/64;
};
allow-recursion {
127.0.0.1;
192.168.0.0/16;
10.0.0.0/16;
::1;
2003:a:b3b:7900::/64;
fde2:8acd:e9d3::/64;
};
allow-transfer { none; };
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};

26
OPP/bind/named.conf.options.ORIG Normal file
View File

@ -0,0 +1,26 @@
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
// forwarders {
// 0.0.0.0;
// };
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};

4
OPP/bind/rndc.key Normal file
View File

@ -0,0 +1,4 @@
key "rndc-key" {
algorithm hmac-md5;
secret "5r5tsxgWPHVKFjKESl3w+g==";
};

20
OPP/bind/zones.rfc1918 Normal file
View File

@ -0,0 +1,20 @@
zone "10.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "16.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "17.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "18.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "19.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "20.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "21.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "22.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "23.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "24.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "25.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "26.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "27.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "28.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "29.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "30.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "31.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "168.192.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };

6
OPP/chap-secrets.OPP Normal file
View File

@ -0,0 +1,6 @@
# Secrets for authentication using CHAP
# client server secret IP addresses
"feste-ip3/6TB9UZGGP1GK@t-online-com.de" * "53506202"

43
OPP/cron_root.OPP Normal file
View File

@ -0,0 +1,43 @@
# DO NOT EDIT THIS FILE - edit the master and reinstall.
# (/tmp/crontab.1aoLfD/crontab installed on Wed Jan 31 01:35:00 2018)
# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $)
# Edit this file to introduce tasks to be run by cron.
#
# Each task to run has to be defined through a single line
# indicating with different fields when the task will be run
# and what command to run for the task
#
# To define the time you can provide concrete values for
# minute (m), hour (h), day of month (dom), month (mon),
# and day of week (dow) or use '*' in these fields (for 'any').#
# Notice that tasks will be started based on the cron's system
# daemon's notion of time and timezones.
#
# Output of the crontab jobs (including errors) is sent through
# email to the user the crontab file belongs to (unless redirected).
#
# For example, you can run a backup of all your user accounts
# at 5 a.m every week with:
# 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/
#
# For more information see the manual pages of crontab(5) and cron(8)
#
# m h dom mon dow command
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
## check forwarding ( /proc/sys/net/ipv4/ip_forward contains "1" )
## if not set this entry to "1"
##
0-59/2 * * * * /root/bin/monitoring/check_forwarding.sh
## check if openvpn is running if not restart the service
##
0-59/30 * * * * /root/bin/monitoring/check_vpn.sh
## - Copy gateway configuration
## -
49 3 * * * /root/bin/manage-gw-config/copy_gateway-config.sh OPP
# - Check if postfix mailservice is runnung. Restart service if needed.
# -
*/10 * * * * /root/bin/monitoring/check_postfix.sh

15
OPP/ddclient.conf.OPP Normal file
View File

@ -0,0 +1,15 @@
# Configuration file for ddclient generated by debconf
#
# /etc/ddclient.conf
protocol=dyndns2
use=web, web=checkip.dyndns.com, web-skip='IP Address'
server=members.dyndns.org
login=ckubu
password=7213b4e6178a11e6ab1362f831f6741e
mail=argus@oopen.de
opp.homelinux.org
ssl=yes
mail=argus@oopen.de
mail-failure=root

21
OPP/default_isc-dhcp-server.OPP Normal file
View File

@ -0,0 +1,21 @@
# Defaults for isc-dhcp-server initscript
# sourced by /etc/init.d/isc-dhcp-server
# installed at /etc/default/isc-dhcp-server by the maintainer scripts
#
# This is a POSIX shell fragment
#
# Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf).
#DHCPD_CONF=/etc/dhcp/dhcpd.conf
# Path to dhcpd's PID file (default: /var/run/dhcpd.pid).
#DHCPD_PID=/var/run/dhcpd.pid
# Additional options to start dhcpd with.
# Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead
#OPTIONS=""
# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
# Separate multiple interfaces with spaces, e.g. "eth0 eth1".
INTERFACESv4="eth1"

405
OPP/dhcpd.conf.OPP Normal file
View File

@ -0,0 +1,405 @@
#
# Sample configuration file for ISC dhcpd for Debian
#
#
# The ddns-updates-style parameter controls whether or not the server will
# attempt to do a DNS update when a lease is confirmed. We default to the
# behavior of the version 2 packages ('none', since DHCP v2 didn't
# have support for DDNS.)
ddns-update-style none;
# option definitions common to all supported networks...
option domain-name "opp.netz";
option domain-name-servers 192.168.62.53;
default-lease-time 3600;
max-lease-time 14400;
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;
# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;
# No service will be given on this subnet, but declaring it helps the
# DHCP server to understand the network topology.
subnet 192.168.62.0 netmask 255.255.255.0 {
# --- 192.168.22.160/27 ---
# network address....: 192.168.22.160
# Broadcast address..: 192.168.22.191
# netmask............: 255.255.255.224
# network range......: 192.168.22.160 - 192.168.22.191
# Usable range.......: 192.168.22.161 - 192.168.22.190
range 192.168.62.161 192.168.62.190;
# option domain-name "opp.local";
option domain-name "opp.netz";
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.62.255;
option domain-name-servers 192.168.62.53;
option routers 192.168.62.254;
default-lease-time 43200;
max-lease-time 86400;
}
host ap-unifi-1 {
hardware ethernet 78:8a:20:5c:d2:f1;
fixed-address ap-unifi-1.opp.netz;
}
host hp_lj_3055 {
hardware ethernet 00:14:38:d4:18:61 ;
fixed-address hp_lj_3055.opp.netz ;
}
host zapata {
#hardware ethernet 00:08:A1:24:98:07;
hardware ethernet 00:25:90:d6:ae:70;
fixed-address zapata.opp.netz ;
}
host file-ipmi {
hardware ethernet 00:25:90:d6:ab:c9 ;
fixed-address file-ipmi.opp.netz ;
}
host gw-ipmi {
hardware ethernet 0c:c4:7a:41:d5:55 ;
fixed-address gw-ipmi.opp.netz ;
}
## - MFC-7460DN
## -
host brother-mfc-7460 {
hardware ethernet 30:05:5c:44:0e:01 ;
fixed-address brother-mfc-7460.opp.netz ;
}
# - Kyocero Ecosys M6535cidn
# -
host kyocera-m6535cidn {
hardware ethernet 00:17:c8:59:78:dd ;
fixed-address kyocera-m6535cidn.opp.netz ;
}
## - opp4 Desktop - (LAN)
host opp4-lan {
hardware ethernet 00:27:0e:11:da:18;
fixed-address opp4-lan.opp.netz ;
}
## - opp4 Desktop - (WLAN)
host opp4-wlan {
hardware ethernet 00:16:B6:5D:D1:2D;
fixed-address opp4-wlan.opp.netz ;
}
## - opp5 Desktop - (LAN)
host opp5 {
hardware ethernet 00:27:0e:11:ea:cb;
fixed-address opp5.opp.netz ;
}
## - opp6 Desktop - (LAN)
host opp6 {
hardware ethernet fc:aa:14:06:31:64;
fixed-address opp6.opp.netz ;
}
## - laptop katja (ehemals opp3)
#(LAN)
host katja {
hardware ethernet 00:1C:25:10:B9:DE;
fixed-address katja.opp.netz ;
}
#(WLAN)
host katja-wlan {
hardware ethernet 00:1C:26:3E:EE:F5;
fixed-address katja-wlan.opp.netz ;
}
## - laptop katrin
#(LAN)
host katrin-eth-usb {
hardware ethernet 3c:18:a0:09:9d:a2;
fixed-address katrin-eth-usb.opp.netz ;
}
#(WLAN)
host katrin-wlan {
hardware ethernet 34:f3:9a:f4:53:44;
fixed-address katrin-wlan.opp.netz ;
}
## - laptop marcus
#(LAN)
host marcus-eth-usb {
hardware ethernet 3c:18:a0:09:9d:a5;
fixed-address marcus-eth-usb.opp.netz ;
}
#(WLAN)
host marcus-wlan {
hardware ethernet 68:07:15:fe:24:87;
fixed-address marcus-wlan.opp.netz ;
}
## - laptop ines
## - LAN
host ines {
hardware ethernet 28:d2:44:3c:e1:7f ;
fixed-address ines.opp.netz ;
}
## - WLAN
host ines-wlan {
hardware ethernet 5c:51:4f:87:13:bf ;
fixed-address ines-wlan.opp.netz ;
}
## - laptop tobias
## - LAN
host tobias {
hardware ethernet 00:16:d3:b3:dc:96;
fixed-address tobias.opp.netz ;
}
## - WLAN
host tobias-wlan {
hardware ethernet 00:1b:77:05:b3:0a;
fixed-address tobias-wlan.opp.netz ;
}
## - laptop ulrike
## - LAN
host ulrike {
hardware ethernet f0:de:f1:60:f1:16 ;
fixed-address ulrike.opp.netz ;
}
## - WLAN
host ulrike-wlan {
hardware ethernet 00:24:d7:df:85:ac ;
fixed-address ulrike-wlan.opp.netz ;
}
## - laptop anne (laptop-opp2)
## - WLAN
host opp2-wlan {
hardware ethernet 00:e1:8c:fb:0a:3b ;
fixed-address opp2-wlan.opp.netz;
}
## - LAN
host opp2-lan {
hardware ethernet 3c:18:a0:0d:31:99 ;
fixed-address opp2-lan.opp.netz ;
}
## - laptop martin (laptop-opp3)
## - WLAN
host opp3-wlan {
hardware ethernet 00:e1:8c:fb:7c:82 ;
fixed-address opp3-wlan.opp.netz;
}
## - LAN
host opp3-lan {
hardware ethernet 3c:18:a0:0d:31:9f ;
fixed-address opp3-lan.opp.netz ;
}
## - laptop sofia
## - LAN
host sofia {
hardware ethernet f0:de:f1:ec:8e:00 ;
fixed-address sofia.opp.netz ;
}
## - WLAN
host sofia-wlan {
hardware ethernet 44:6d:57:a5:51:d3 ;
fixed-address sofia-wlan.opp.netz ;
}
## - laptop judith
## - LAN
host judith {
hardware ethernet 28:d2:44:3c:e6:84 ;
fixed-address judith.opp.netz ;
}
## - WLAN
host judith-wlan {
hardware ethernet 5c:51:4f:87:03:a2 ;
fixed-address judith-wlan.opp.netz ;
}
## - laptop amine
#(LAN)
host amine-eth-usb {
hardware ethernet 3c:18:a0:0c:2c:dc;
fixed-address amine-eth-usb.opp.netz ;
}
#(WLAN)
host amine-wlan {
hardware ethernet 90:61:ae:21:4a:c1;
fixed-address amine-wlan.opp.netz ;
}
## - laptop martin
## - LAN
host martin {
hardware ethernet 60:eb:69:32:50:04 ;
fixed-address martin.opp.netz ;
}
## - WLAN
host martin-wlan {
hardware ethernet 5c:ac:4c:ba:60:71 ;
fixed-address martin-wlan.opp.netz ;
}
## - laptop cristina
## - LAN
host cristina {
hardware ethernet 28:d2:44:2f:83:d9 ;
fixed-address cristina.opp.netz ;
}
## - WLAN
host cristina-wlan {
hardware ethernet 5c:51:4f:9e:73:57 ;
fixed-address cristina-wlan.opp.netz ;
}
## - laptop katrin privat
## - LAN
host katrin-priv {
hardware ethernet 28:d2:44:d3:df:5b;
fixed-address katrin-priv.opp.netz ;
}
## - WLAN
host katrin-priv-wlan {
hardware ethernet 28:b2:bd:e8:30:d7;
fixed-address katrin-priv-wlan.opp.netz ;
}
## - laptop hannes
## - LAN
host hannes {
hardware ethernet 68:f7:28:34:f0:26 ;
fixed-address hannes.opp.netz ;
}
## - WLAN
host hannes-wlan {
hardware ethernet cc:3d:82:38:3f:42 ;
fixed-address hannes-wlan.opp.netz ;
}
## - laptop ingmer
## - WLAN
host ingmer-wlan {
hardware ethernet 34:f3:9a:f4:54:e3 ;
fixed-address ingmer-wlan.opp.netz ;
}
## - LAN
host ingmar-eth-usb {
hardware ethernet 3c:18:a0:09:9d:c1 ;
fixed-address ingmar-eth-usb.opp.netz ;
}
## - laptop joschka (laptop-opp1)
## - WLAN
host opp1-wlan {
hardware ethernet cc:2f:71:3d:d1:87 ;
fixed-address opp1-wlan.opp.netz ;
}
## - LAN
host opp1-lan {
hardware ethernet 3c:18:a0:0c:a0:87 ;
fixed-address opp1-lan.opp.netz ;
}
## - laptop eli
## - WLAN
host eli-wlan {
hardware ethernet 98:54:1b:f1:f8:bf ;
fixed-address eli-wlan.opp.netz ;
}
## - LAN
host eli-eth-usb {
hardware ethernet 3c:18:a0:0a:8a:cd ;
fixed-address eli-eth-usb.opp.netz ;
}
#subnet 10.152.187.0 netmask 255.255.255.0 {
#}
# This is a very basic subnet declaration.
#subnet 10.254.239.0 netmask 255.255.255.224 {
# range 10.254.239.10 10.254.239.20;
# option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
#}
# This declaration allows BOOTP clients to get dynamic addresses,
# which we don't really recommend.
#subnet 10.254.239.32 netmask 255.255.255.224 {
# range dynamic-bootp 10.254.239.40 10.254.239.60;
# option broadcast-address 10.254.239.31;
# option routers rtr-239-32-1.example.org;
#}
# A slightly different configuration for an internal subnet.
#subnet 10.5.5.0 netmask 255.255.255.224 {
# range 10.5.5.26 10.5.5.30;
# option domain-name-servers ns1.internal.example.org;
# option domain-name "internal.example.org";
# option routers 10.5.5.1;
# option broadcast-address 10.5.5.31;
# default-lease-time 600;
# max-lease-time 7200;
#}
# Hosts which require special configuration options can be listed in
# host statements. If no address is specified, the address will be
# allocated dynamically (if possible), but the host-specific information
# will still come from the host declaration.
#host passacaglia {
# hardware ethernet 0:0:c0:5d:bd:95;
# filename "vmunix.passacaglia";
# server-name "toccata.fugue.com";
#}
# Fixed IP addresses can also be specified for hosts. These addresses
# should not also be listed as being available for dynamic assignment.
# Hosts for which fixed IP addresses have been specified can boot using
# BOOTP or DHCP. Hosts for which no fixed address is specified can only
# be booted with DHCP, unless there is an address range on the subnet
# to which a BOOTP client is connected which has the dynamic-bootp flag
# set.
#host fantasia {
# hardware ethernet 08:00:07:26:c0:a5;
# fixed-address fantasia.fugue.com;
#}
# You can declare a class of clients and then do address allocation
# based on that. The example below shows a case where all clients
# in a certain class get addresses on the 10.17.224/24 subnet, and all
# other clients get addresses on the 10.0.29/24 subnet.
#class "foo" {
# match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
#}
#shared-network 224-29 {
# subnet 10.17.224.0 netmask 255.255.255.0 {
# option routers rtr-224.example.org;
# }
# subnet 10.0.29.0 netmask 255.255.255.0 {
# option routers rtr-29.example.org;
# }
# pool {
# allow members of "foo";
# range 10.17.224.10 10.17.224.250;
# }
# pool {
# deny members of "foo";
# range 10.0.29.10 10.0.29.230;
# }
#}

102
OPP/dhcpd6.conf.OPP Normal file
View File

@ -0,0 +1,102 @@
# Server configuration file example for DHCPv6
# From the file used for TAHI tests - addresses chosen
# to match TAHI rather than example block.
# IPv6 address valid lifetime
# (at the end the address is no longer usable by the client)
# (set to 30 days, the usual IPv6 default)
default-lease-time 2592000;
# IPv6 address preferred lifetime
# (at the end the address is deprecated, i.e., the client should use
# other addresses for new connections)
# (set to 7 days, the usual IPv6 default)
preferred-lifetime 604800;
# T1, the delay before Renew
# (default is 1/2 preferred lifetime)
# (set to 1 hour)
option dhcp-renewal-time 3600;
# T2, the delay before Rebind (if Renews failed)
# (default is 3/4 preferred lifetime)
# (set to 2 hours)
option dhcp-rebinding-time 7200;
# Enable RFC 5007 support (same than for DHCPv4)
allow leasequery;
# Global definitions for name server address(es) and domain search list
option dhcp6.name-servers 3ffe:501:ffff:100:200:ff:fe00:3f3e;
option dhcp6.domain-search "test.example.com","example.com";
# Set preference to 255 (maximum) in order to avoid waiting for
# additional servers when there is only one
##option dhcp6.preference 255;
# Server side command to enable rapid-commit (2 packet exchange)
##option dhcp6.rapid-commit;
# The delay before information-request refresh
# (minimum is 10 minutes, maximum one day, default is to not refresh)
# (set to 6 hours)
option dhcp6.info-refresh-time 21600;
# Static definition (must be global)
#host myclient {
# # The entry is looked up by this
# host-identifier option
# dhcp6.client-id 00:01:00:01:00:04:93:e0:00:00:00:00:a2:a2;
#
# # A fixed address
# fixed-address6 3ffe:501:ffff:100::1234;
#
# # A fixed prefix
# fixed-prefix6 3ffe:501:ffff:101::/64;
#
# # Override of the global definitions,
# # works only when a resource (address or prefix) is assigned
# option dhcp6.name-servers 3ffe:501:ffff:100:200:ff:fe00:4f4e;
#
# # For debug (to see when the entry statements are executed)
# # (log "sol" when a matching Solicitation is received)
# ##if packet(0,1) = 1 { log(debug,"sol"); }
#}
#
#host otherclient {
# # This host entry is hopefully matched if the client supplies a DUID-LL
# # or DUID-LLT containing this MAC address.
# hardware ethernet 01:00:80:a2:55:67;
#
# fixed-address6 3ffe:501:ffff:100::4321;
#}
# The subnet where the server is attached
# (i.e., the server has an address in this subnet)
#subnet6 3ffe:501:ffff:100::/64 {
# # Two addresses available to clients
# # (the third client should get NoAddrsAvail)
# range6 3ffe:501:ffff:100::10 3ffe:501:ffff:100::11;
#
# # Use the whole /64 prefix for temporary addresses
# # (i.e., direct application of RFC 4941)
# range6 3ffe:501:ffff:100:: temporary;
#
# # Some /64 prefixes available for Prefix Delegation (RFC 3633)
# prefix6 3ffe:501:ffff:100:: 3ffe:501:ffff:111:: /64;
#}
# A second subnet behind a relay agent
#subnet6 3ffe:501:ffff:101::/64 {
# range6 3ffe:501:ffff:101::10 3ffe:501:ffff:101::11;
#
# # Override of the global definitions,
# # works only when a resource (address or prefix) is assigned
# option dhcp6.name-servers 3ffe:501:ffff:101:200:ff:fe00:3f3e;
#
#}
# A third subnet behind a relay agent chain
#subnet6 3ffe:501:ffff:102::/64 {
# range6 3ffe:501:ffff:102::10 3ffe:501:ffff:102::11;
#}

42
OPP/email_notice.OPP Executable file
View File

@ -0,0 +1,42 @@
#!/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11
file=/tmp/mail_ip-up$$
admin_email=argus@oopen.de
from_address=ip-up_gw-ckubu@oopen.de
from_name="ip-up - ckubu local net"
host=`hostname -f`
echo "" > $file
echo " *************************************************************" >> $file
echo " *** This is an autogenerated mail from $host ***" >> $file
echo "" >> $file
echo " I brought up the ppp-daemon with the following" >> $file
echo -e " parameters:\n" >> $file
echo -e "\tInterface name...............: $PPP_IFACE" >> $file
echo -e "\tThe tty......................: $PPP_TTY" >> $file
echo -e "\tThe link speed...............: $PPP_SPEED" >> $file
echo -e "\tLocal IP number..............: $PPP_LOCAL" >> $file
echo -e "\tPeer IP number..............: $PPP_REMOTE" >> $file
if [ "$USEPEERDNS" ] && [ "$DNS1" ] ; then
echo -e "\tNameserver 1.................: $DNS1" >> $file
if [ "$DNS2" ] ; then
echo -e "\tNameserver 2.................: $DNS2" >> $file
fi
fi
echo -e "\tOptional \"ipparam\" value.....: $PPP_IPPARAM" >> $file
echo "" >> $file
echo -e "\tDate.........................: `date +\"%d.%m.%Y\"`" >> $file
echo -e "\tTime.........................: `date +\"%H:%M:%S\"`" >> $file
echo "" >> $file
echo " **************************************************************" >> $file
echo -e "To:${admin_email}\nSubject:$PPP_LOCAL\n`cat $file`" | /usr/sbin/sendmail -F "$from_name" -f $from_address $admin_email
rm -f $file

1
OPP/hostname.OPP Normal file
View File

@ -0,0 +1 @@
gw-opp

7
OPP/hosts.OPP Normal file
View File

@ -0,0 +1,7 @@
127.0.0.1 localhost
127.0.1.1 gw-opp.opp.netz gw-opp
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

55
OPP/interfaces.OPP Normal file
View File

@ -0,0 +1,55 @@
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
#-----------------------------
# eth2 - WAN
#-----------------------------
auto eth2
iface eth2 inet static
address 172.16.62.1
network 172.16.62.0
netmask 255.255.255.0
gateway 172.16.62.254
#post-up vconfig add eth2 7
#post-down vconfig rem eth2.7
#-----------------------------
# eth1 - LAN
#-----------------------------
auto eth1
iface eth1 inet static
address 192.168.62.254
network 192.168.62.0
netmask 255.255.255.0
broadcast 192.168.62.255
auto eth1:0
iface eth1:0 inet static
address 192.168.62.53
network 192.168.62.0
netmask 255.255.255.0
broadcast 192.168.62.255
auto eth1:rescue
iface eth1:rescue inet static
address 172.16.1.1
network 172.16.1.0
netmask 255.255.255.0
broadcast 172.16.1.255
#-----------------------------
# ppp0 - NOT IN USE
#-----------------------------
#auto dsl-provider
# iface dsl-provider inet ppp
# pre-up /sbin/ifconfig eth2.7 up # line maintained by pppoeconf
# provider dsl-provider

14
OPP/ipt-firewall.service.OPP Normal file
View File

@ -0,0 +1,14 @@
[Unit]
Description=IPv4 Firewall with iptables
After=network.target
[Service]
SyslogIdentifier="ipt-gateway"
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/local/sbin/ipt-firewall-gateway start
ExecStop=/usr/local/sbin/ipt-firewall-gateway stop
User=root
[Install]
WantedBy=multi-user.target

44
OPP/ipt-firewall/default_ports.conf Normal file
View File

@ -0,0 +1,44 @@
#!/usr/bin/env bash
# =============
# --- Define Ports for Services out
# =============
standard_ident_port=113
standard_silc_port=706
standard_irc_port=6667
standard_jabber_port=5222
standard_smtp_port=25
standard_ssh_port=22
standard_http_port=80
standard_https_port=443
standard_ftp_port=21
standard_tftp_udp_port=69
standard_ntp_port=123
standard_snmp_port=161
standard_snmp_trap_port=162
standard_timeserver_port=37
standard_pgp_keyserver_port=11371
standard_telnet_port=23
standard_whois_port=43
standard_cpan_wait_port=1404
standard_xymon_port=1984
standard_hbci_port=3000
standard_mysql_port=3306
standard_ipp_port=631
standard_cups_port=$standard_ipp_port
standard_print_raw_port=515
standard_print_port=9100
standard_remote_console_port=5900
# - IPsec - Internet Security Association and
# - Key Management Protocol
standard_isakmp_port=500
standard_ipsec_nat_t=4500
# - Comma separated lists
# -
standard_http_ports="80,443"
standard_mailuser_ports="587,465,110,995,143,993"

113
OPP/ipt-firewall/include_functions.conf Normal file
View File

@ -0,0 +1,113 @@
#!/usr/bin/env bash
# =============
# --- Some functions
# =============
# - Is this script running on terminal ?
# -
if [[ -t 1 ]] ; then
terminal=true
else
terminal=false
fi
echononl(){
echo X\\c > /tmp/shprompt$$
if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then
echo -e -n "$*\\c" 1>&2
else
echo -e -n "$*" 1>&2
fi
rm /tmp/shprompt$$
}
echo_done() {
if $terminal ; then
echo -e "\033[75G[ \033[32mdone\033[m ]"
else
echo " [ done ]"
fi
}
echo_ok() {
if $terminal ; then
echo -e "\033[75G[ \033[32mok\033[m ]"
else
echo " [ ok ]"
fi
}
echo_warning() {
if $terminal ; then
echo -e "\033[75G[ \033[33m\033[1mwarn\033[m ]"
else
echo " [ warning ]"
fi
}
echo_failed(){
if $terminal ; then
echo -e "\033[75G[ \033[1;31mfailed\033[m ]"
else
echo ' [ failed! ]'
fi
}
echo_skipped() {
if $terminal ; then
echo -e "\033[75G[ \033[37mskipped\033[m ]"
else
echo " [ skipped ]"
fi
}
fatal (){
echo ""
echo ""
if $terminal ; then
echo -e "\t[ \033[31m\033[1mFatal\033[m ]: \033[37m\033[1m$*\033[m"
echo ""
echo -e "\t\033[31m\033[1m Firewall Script will be interrupted..\033[m\033[m"
else
echo "fatal: $*"
echo "Firewall Script will be interrupted.."
fi
echo ""
exit 1
}
error(){
echo ""
if $terminal ; then
echo -e "\t[ \033[31m\033[1mFehler\033[m ]: $*"
else
echo "Error: $*"
fi
echo ""
}
warn (){
echo ""
if $terminal ; then
echo -e "\t[ \033[33m\033[1mWarning\033[m ]: $*"
else
echo "Warning: $*"
fi
echo ""
}
info (){
echo ""
if $terminal ; then
echo -e "\t[ \033[32m\033[1mInfo\033[m ]: $*"
else
echo "Info: $*"
fi
echo ""
}
## - Check if a given array (parameter 2) contains a given string (parameter 1)
## -
containsElement () {
local e
for e in "${@:2}"; do [[ "$e" == "$1" ]] && return 0; done
return 1
}

49
OPP/ipt-firewall/interfaces_ipv4.conf Normal file
View File

@ -0,0 +1,49 @@
#!/usr/bin/env bash
# =============
# --- Define Network Interfaces / Ip-Adresses / Ports
# =============
# - Extern Interfaces DSL Lines
# - (blank separated list)
ext_if_dsl_1=""
ext_if_dsl_2=""
ext_if_dsl_3=""
ext_if_dsl_4=""
ext_ifs_dsl="$ext_if_dsl_1 $ext_if_dsl_2 $ext_if_dsl_3 $ext_if_dsl_4"
# - Extern Interfaces Static Lines
# - (blank separated list)
ext_if_static_1="eth2"
ext_if_static_2=""
ext_if_static_3=""
ext_ifs_static="$ext_if_static_1 $ext_if_static_2 $ext_if_static_3"
# - VPN Interfaces
# - (blank separated list)
vpn_ifs="tun+"
# - Local Interfaces
local_if_1="eth1"
local_if_2=""
local_if_3=""
local_if_4=""
local_if_5=""
local_if_6=""
local_if_7=""
local_ifs="$local_if_1 $local_if_2 $local_if_3 $local_if_4 $local_if_5 $local_if_6 $local_if_7"
# - Devices given in list "nat_devices" will be natted
# -
# - Notice: Devices "ext_if_dsl_n" will be natted and must not been given here.
# -
# - Blank separated list
# -
nat_devices=""
# - Are local alias interfaces like eth0:0 defined"
# -
local_alias_interfaces=true

36
OPP/ipt-firewall/load_modules_ipv4.conf Normal file
View File

@ -0,0 +1,36 @@
# =============
# - Load Kernel Modules
# =============
# - Note:!
# - Since Kernel 4.7 the automatic conntrack helper assignment
# - is disabled by default (net.netfilter.nf_conntrack_helper = 0).
# - Enable it by setting this variable in file /etc/sysctl.conf:
# -
# - net.netfilter.nf_conntrack_helper = 1
# -
# - Reboot or type "sysctl -p"
ip_tables
iptable_nat
iptable_filter
iptable_mangle
iptable_raw
# - Load base modules for tracking
# -
nf_conntrack
nf_nat
# - Load module for FTP Connection tracking and NAT
# -
nf_conntrack_ftp
nf_nat_ftp
# - Load modules for SIP VOIP
# -
nf_conntrack_sip
nf_nat_sip

9
OPP/ipt-firewall/load_modules_ipv6.conf Normal file
View File

@ -0,0 +1,9 @@
# =============
# - Load Kernel Modules
# =============
ip6_tables
ip6table_filter
ip6t_REJECT
ip6table_mangle

40
OPP/ipt-firewall/logging_ipv4.conf Normal file
View File

@ -0,0 +1,40 @@
#!/usr/bin/env bash
# =============
# --- Logging
# =============
log_all=false
log_syn_flood=false
log_fragments=false
log_new_not_sync=false
log_invalid_state=false
log_invalid_flags=false
log_spoofed=false
log_spoofed_out=false
log_to_lo=false
log_not_wanted=false
log_blocked=false
log_unprotected=false
log_prohibited=false
log_voip=false
log_rejected=false
log_ssh=false
# - Log using the specified syslog level. 7 (debug) is a good choice
# - unless you specifically need something else.
# -
log_level=debug
# - logging messages
# -
log_prefix="IPv4:"
# ---
# - Log all traffic for givven ip address
# ---
log_ips=""

40
OPP/ipt-firewall/logging_ipv6.conf Normal file
View File

@ -0,0 +1,40 @@
#!/usr/bin/env bash
# =============
# --- Logging
# =============
log_all=false
log_syn_flood=false
log_fragments=false
log_new_not_sync=false
log_invalid_state=false
log_invalid_flags=false
log_spoofed=false
log_spoofed_out=false
log_to_lo=false
log_not_wanted=false
log_blocked=false
log_unprotected=false
log_prohibited=false
log_voip=false
log_rejected=false
log_ssh=false
# - Log using the specified syslog level. 7 (debug) is a good choice
# - unless you specifically need something else.
# -
log_level=debug
# - logging messages
# -
log_prefix="IPv6:"
# ---
# - Log all traffic for givven ip address
# ---
log_ips=""

1380
OPP/ipt-firewall/main_ipv4.conf Normal file
View File

File diff suppressed because it is too large Load Diff

505
OPP/ipt-firewall/post_decalrations.conf Normal file
View File

@ -0,0 +1,505 @@
#!/usr/bin/env bash
# -----------
# --- Define Arrays
# -----------
# ---
# - Masquerade TCP Connections
# ---
declare -a nat_network_arr
for _net in $nat_networks ; do
nat_network_arr+=("$_net")
done
declare -a masquerade_tcp_con_arr
for _str in $masquerade_tcp_cons ; do
masquerade_tcp_con_arr+=("$_str")
done
# ---
# - Extern Network interfaces (DSL, Staic Lines, All together)
# ---
declare -a nat_device_arr
declare -a dsl_device_arr
declare -a ext_if_arr
for _dev in $ext_ifs_dsl ; do
dsl_device_arr+=("$_dev")
ext_if_arr+=("$_dev")
nat_device_arr+=("$_dev")
done
for _dev in $ext_ifs_static ; do
ext_if_arr+=("$_dev")
done
for _dev in $nat_devices ; do
if ! containsElement $_dev "${nat_device_arr[@]}" ; then
nat_device_arr+=("$_dev")
fi
done
# ---
# - VPN Interfaces
# ---
declare -a vpn_if_arr
for _dev in $vpn_ifs ; do
vpn_if_arr+=("$_dev")
done
# ---
# - Local Network Interfaces
# ---
declare -a local_if_arr
for _dev in $local_ifs ; do
local_if_arr+=("$_dev")
done
# ---
# - Network Interfaces completly blocked
# ---
declare -a blocked_if_arr
for _dev in $blocked_ifs ; do
blocked_if_arr+=("$_dev")
done
# ---
# - Network Interfaces not firewalled
# ---
declare -a unprotected_if_arr
for _dev in $unprotected_ifs ; do
unprotected_if_arr+=("$_dev")
done
# ---
# - Allow these local networks any access to the internet
# ---
declare -a any_access_to_inet_network_arr
for _net in $any_access_to_inet_networks ; do
any_access_to_inet_network_arr+=("$_net")
done
declare -a any_access_from_inet_network_arr
for _net in $any_access_from_inet_networks ; do
any_access_from_inet_network_arr+=("$_net")
done
# ---
# - Allow local services from given extern networks
# ---
declare -a allow_ext_net_to_local_service_arr
for _val in $allow_ext_net_to_local_service ; do
allow_ext_net_to_local_service_arr+=("$_val")
done
# ---
# - Allow all traffic from extern address/network to local address/network
# ---
declare -a allow_ext_net_to_local_net_arr
for _val in $allow_ext_net_to_local_net ; do
allow_ext_net_to_local_net_arr+=("$_val")
done
# ---
# - Block all extern traffic to (given) local network
# ---
declare -a block_all_ext_to_local_net_arr
for _net in $block_all_ext_to_local_net ; do
block_all_ext_to_local_net_arr+=("$_net")
done
# ---
# - Allow local services from given local networks
# ---
declare -a allow_local_net_to_local_service_arr
for _val in $allow_local_net_to_local_service ; do
allow_local_net_to_local_service_arr+=("$_val")
done
# ---
# - Allow all traffic from local network to local ip-address
# ---
declare -a allow_local_net_to_local_ip_arr
for _val in $allow_local_net_to_local_ip ; do
allow_local_net_to_local_ip_arr+=("$_val")
done
# ---
# - Allow all traffic from local ip-address to local network
# ---
declare -a allow_local_ip_to_local_net_arr
for _val in $allow_local_ip_to_local_net ; do
allow_local_ip_to_local_net_arr+=("$_val")
done
# ---
# - Allow all traffic from (one) local network to (another) local network
# ---
declare -a allow_local_net_to_local_net_arr
for _val in $allow_local_net_to_local_net ; do
allow_local_net_to_local_net_arr+=("$_val")
done
# ---
# - Allow local ip address from given local interface
# ---
declare -a allow_local_if_to_local_ip_arr
for _val in $allow_local_if_to_local_ip ; do
allow_local_if_to_local_ip_arr+=("$_val")
done
# ---
# - Separate local Networks
# ---
declare -a separate_local_network_arr
for _net in $separate_local_networks ; do
separate_local_network_arr+=("$_net")
done
# ---
# - Separate local Interfaces
# ---
declare -a separate_local_if_arr
for _net in $separate_local_ifs ; do
separate_local_if_arr+=("$_net")
done
# ---
# - Generally block ports on extern interfaces
# ---
declare -a block_tcp_port_arr
for _port in $block_tcp_ports ; do
block_tcp_port_arr+=("$_port")
done
declare -a block_udp_port_arr
for _port in $block_udp_ports ; do
block_udp_port_arr+=("$_port")
done
# ---
# - Not wanted on intern interfaces
# ---
declare -a not_wanted_on_gw_tcp_port_arr
for _port in $not_wanted_on_gw_tcp_ports ; do
not_wanted_on_gw_tcp_port_arr+=("$_port")
done
declare -a not_wanted_on_gw_udp_port_arr
for _port in $not_wanted_on_gw_udp_ports ; do
not_wanted_on_gw_udp_port_arr+=("$_port")
done
# ---
# - Private IPs / IP-Ranges allowed to forward
# ---
declare -a forward_private_ip_arr
for _ip in $forward_private_ips ; do
forward_private_ip_arr+=("$_ip")
done
# ---
# - IP Addresses to log
# ---
declare -a log_ip_arr
for _ip in $log_ips ; do
log_ip_arr+=("$_ip")
done
# ---
# - Network Devices local DHCP Client
# ---
declare -a dhcp_client_interfaces_arr
for _dev in $dhcp_client_interfaces ; do
dhcp_client_interfaces_arr+=("$_dev")
done
# ---
# - IP Addresses DHCP Failover Server
# ---
declare -a dhcp_failover_server_ip_arr
for _ip in $dhcp_failover_server_ips ; do
dhcp_failover_server_ip_arr+=("$_ip")
done
# ---
# - IP Adresses DNS Server
# ---
declare -a dns_server_ip_arr
for _ip in $dns_server_ips ; do
dns_server_ip_arr+=("$_ip")
done
# ---
# - IP Adresses SSH Server only at ocal Networks
# ---
declare -a ssh_server_only_local_ip_arr
for _ip in $ssh_server_only_local_ips ; do
ssh_server_only_local_ip_arr+=("$_ip")
done
# ---
# - IP Adresses HTTP Server only local Networks
# ---
declare -a http_server_only_local_ip_arr
for _ip in $http_server_only_local_ips ; do
http_server_only_local_ip_arr+=("$_ip")
done
# ---
# - IP Addresses Mail Server only local Networks
# ---
declare -a mail_server_only_local_ip_arr
for _ip in $mail_server_only_local_ips ; do
mail_server_only_local_ip_arr+=("$_ip")
done
# ---
# - IP Addresses FTP Server
# ---
declare -a ftp_server_only_local_ip_arr
for _ip in $ftp_server_only_local_ips ; do
ftp_server_only_local_ip_arr+=("$_ip")
done
# ---
# - IP Addresses Samba Server
# ---
declare -a samba_server_local_ip_arr
for _ip in $samba_server_local_ips ; do
samba_server_local_ip_arr+=("$_ip")
done
# ---
# - IP Addresses LDAP Server
# ---
declare -a ldap_server_local_ip_arr
for _ip in $ldap_server_local_ips ; do
ldap_server_local_ip_arr+=("$_ip")
done
# ---
# - IP Adresses Telephone Systems
# ---
declare -a tele_sys_ip_arr
for _ip in $tele_sys_ips ; do
tele_sys_ip_arr+=("$_ip")
done
# ---
# - IP Adresses SNMP Server
# ---
declare -a snmp_server_ip_arr
for _ip in $snmp_server_ips ; do
snmp_server_ip_arr+=("$_ip")
done
# ---
# - IP Adresses Munin Service
# ---
declare -a munin_local_server_ip_arr
for _ip in $munin_local_server_ips ; do
munin_local_server_ip_arr+=("$_ip")
done
# ---
# - IP Adresses XyMon
# ---
declare -a xymon_server_ip_arr
for _ip in $xymon_server_ips ; do
xymon_server_ip_arr+=("$_ip")
done
# ---
# - IP Adresses IPMI interface
# ---
declare -a ipmi_server_ip_arr
for _ip in $ipmi_server_ips ; do
ipmi_server_ip_arr+=("$_ip")
done
# ---
# -IP Addresses Ubiquiti Unifi Accesspoints
# ---
declare -a unifi_ap_local_ip_arr
for _ip in $unifi_ap_local_ips ; do
unifi_ap_local_ip_arr+=("$_ip")
done
declare -a unifi_controller_gateway_ip_arr
for _ip in $unifi_controller_gateway_ips ; do
unifi_controller_gateway_ip_arr+=("$_ip")
done
declare -a unify_controller_local_net_ip_arr
for _ip in $unify_controller_local_net_ips ; do
unify_controller_local_net_ip_arr+=("$_ip")
done
# ---
# - IP Addresses Printer
# -
declare -a printer_ip_arr
for _ip in $printer_ips ; do
printer_ip_arr+=("$_ip")
done
# ---
# - IP Adresses Brother Scanner (brscan)
# ---
declare -a brother_scanner_ip_arr
for _ip in $brother_scanner_ips ; do
brother_scanner_ip_arr+=("$_ip")
done
# ---
# - IP Addresses PCNS Server
# ---
declare -a pcns_server_ip_arr
for _ip in $pcns_server_ips ; do
pcns_server_ip_arr+=("$_ip")
done
# ---
# - IP Addresses VNC Service
# ---
declare -a rm_server_ip_arr
for _ip in $rm_server_ips ; do
rm_server_ip_arr+=("$_ip")
done
# ---
# - IP Addresses Rsync Out
# ---
# local
declare -a rsync_out_ip_arr
for _ip in $rsync_out_ips ; do
rsync_out_ip_arr+=("$_ip")
done
# ---
# - Other local Services
# ---
declare -a other_service_arr
for _val in $other_services ; do
other_service_arr+=("$_val")
done
# ---
# - SSH Ports
# ---
declare -a ssh_port_arr
for _port in $ssh_ports ; do
ssh_port_arr+=("$_port")
done
# ---
# - Cisco kompartible VPN Ports
# ---
declare -a cisco_vpn_out_port_arr
for _port in $cisco_vpn_out_ports ; do
cisco_vpn_out_port_arr+=("$_port")
done
# ---
# - VPN Ports
# ---
declare -a vpn_gw_port_arr
for _port in $vpn_gw_ports ; do
vpn_gw_port_arr+=("$_port")
done
declare -a vpn_local_net_port_arr
for _port in $vpn_local_net_ports ; do
vpn_local_net_port_arr+=("$_port")
done
declare -a vpn_out_port_arr
for _port in $vpn_out_ports ; do
vpn_out_port_arr+=("$_port")
done
# ---
# - Rsync Out Ports
# --
declare -a rsync_port_arr
for _port in $rsync_ports ; do
rsync_port_arr+=("$_port")
done
# ---
# - Samba Ports
# ---
declare -a samba_udp_port_arr
for _port in $samba_udp_ports ; do
samba_udp_port_arr+=("$_port")
done
declare -a samba_tcp_port_arr
for _port in $samba_tcp_ports ; do
samba_tcp_port_arr+=("$_port")
done
# ---
# - LDAP Ports
# ---
declare -a ldap_udp_port_arr
for _port in $ldap_udp_ports ; do
ldap_udp_port_arr+=("$_port")
done
declare -a ldap_tcp_port_arr
for _port in $ldap_tcp_ports ; do
ldap_tcp_port_arr+=("$_port")
done
# ---
# - IPMI
# ---
declare -a ipmi_udp_port_arr
for _port in $ipmi_udp_ports ; do
ipmi_udp_port_arr+=("$_port")
done
declare -a ipmi_tcp_port_arr
for _port in $ipmi_tcp_ports ; do
ipmi_tcp_port_arr+=("$_port")
done
# ---
# - Portforwrds TCP
# ---
declare -a portforward_tcp_arr
for _str in $portforward_tcp ; do
portforward_tcp_arr+=("$_str")
done
# ---
# - Portforwrds UDP
# ---
declare -a portforward_udp_arr
for _str in $portforward_udp ; do
portforward_udp_arr+=("$_str")
done
# ---
# - MAC Address Filtering
# ---
declare -a allow_all_mac_src_address_arr
for _mac in $allow_all_mac_src_addresses ; do
allow_all_mac_src_address_arr+=("$_mac")
done
declare -a allow_local_mac_src_address_arr
for _mac in $allow_local_mac_src_addresses ; do
allow_local_mac_src_address_arr+=("$_mac")
done
declare -a allow_remote_mac_src_address_arr
for _mac in $allow_remote_mac_src_addresses ; do
allow_remote_mac_src_address_arr+=("$_mac")
done

1
OPP/mailname.OPP Normal file
View File

@ -0,0 +1 @@
gw-opp.opp.netz

219
OPP/main.cf.OPP Normal file
View File

@ -0,0 +1,219 @@
# ============ Basic settings ============
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = /usr/share/doc/postfix
html_directory = /usr/share/doc/postfix/html
## - The Internet protocols Postfix will attempt to use when making
## - or accepting connections.
## - DEFAULT: ipv4
inet_protocols = ipv4
#inet_interfaces = all
inet_interfaces =
127.0.0.1
#192.168.62.254
myhostname = gw-opp.opp.netz
mydestination =
gw-opp.opp.netz
localhost
## - The list of "trusted" SMTP clients that have more
## - privileges than "strangers"
## -
mynetworks =
127.0.0.0/8
#192.168.62.254/32
#smtp_bind_address = 192.168.62.254
#smtp_bind_address6 =
## - The maximal size of any local(8) individual mailbox or maildir file,
## - or zero (no limit). In fact, this limits the size of any file that is
## - written to upon local delivery, including files written by external
## - commands that are executed by the local(8) delivery agent.
## -
mailbox_size_limit = 0
## - The maximal size in bytes of a message, including envelope information.
## -
## - we user 50MB
## -
message_size_limit = 52480000
## - The system-wide recipient address extension delimiter
## -
recipient_delimiter = +
## - The alias databases that are used for local(8) delivery.
## -
alias_maps =
hash:/etc/aliases
## - The alias databases for local(8) delivery that are updated
## - with "newaliases" or with "sendmail -bi".
## -
alias_database =
hash:/etc/aliases
# ============ Relay parameters ============
#relayhost =
# ============ SASL authentication ============
# Enable SASL authentication
smtp_sasl_auth_enable = yes
# Forwarding to the ip-adress of host b.mx.oopen.de
relayhost = [b.mx.oopen.de]
# File including login data
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
# Disallow methods that allow anonymous authentication.
smtp_sasl_security_options = noanonymous
# ============ TLS parameters ============
## - Aktiviert TLS für den Mailempfang
## -
## - may:
## - Opportunistic TLS. Use TLS if this is supported by the remote
## - SMTP server, otherwise use plaintext
## -
## - This overrides the obsolete parameters smtpd_use_tls and
## - smtpd_enforce_tls. This parameter is ignored with
## - "smtpd_tls_wrappermode = yes".
#smtpd_use_tls=yes
smtp_tls_security_level = encrypt
## - Aktiviert TLS für den Mailversand
## -
## - may:
## - Opportunistic TLS: announce STARTTLS support to SMTP clients,
## - but do not require that clients use TLS encryption.
# smtp_use_tls=yes
smtpd_tls_security_level=may
## - 0 Disable logging of TLS activity.
## - 1 Log TLS handshake and certificate information.
## - 2 Log levels during TLS negotiation.
## - 3 Log hexadecimal and ASCII dump of TLS negotiation process.
## - 4 Also log hexadecimal and ASCII dump of complete transmission after STARTTLS.
## -
smtpd_tls_loglevel = 1
smtp_tls_loglevel = 1
smtpd_tls_cert_file = /etc/postfix/ssl/mailserver.crt
smtpd_tls_key_file = /etc/postfix/ssl/mailserver.key
## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers.
## -
## - Dont't forget to create it, e.g with openssl:
## - openssl gendh -out /etc/postfix/ssl/dh_1024.pem -2 1024
## -
smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_1024.pem
## - also possible to use 2048 key with that parameter
## -
#smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_2048.pem
## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers.
## -
## - Dont't forget to create it, e.g with openssl:
## - openssl gendh -out /etc/postfix/ssl/dh_512.pem -2 512
## -
smtpd_tls_dh512_param_file = /etc/postfix/ssl/dh_512.pem
## - File containing CA certificates of root CAs trusted to sign either remote SMTP
## - server certificates or intermediate CA certificates. These are loaded into
## - memory !! BEFORE !! the smtp(8) client enters the chroot jail.
## -
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
## - Directory with PEM format certificate authority certificates that the Postfix SMTP
## - client uses to verify a remote SMTP server certificate. Don't forget to create the
## - necessary "hash" links with, for example, "
## - /bin/c_rehash /etc/postfix/certs".
## -
## - !! Note !!
## - To use this option in chroot mode, this directory (or a copy) must be inside
## - the chroot jail.
## -
## - Note that a chrooted daemon resolves all filenames relative to the Postfix
## - queue directory (/var/spool/postfix)
## -
#smtpd_tls_CApath = /etc/postfix/certs
# Disable SSLv2 SSLv3 - Postfix SMTP server
#
# List of TLS protocols that the Postfix SMTP server will exclude or
# include with opportunistic TLS encryption.
smtpd_tls_protocols = !SSLv2, !SSLv3
#
# The SSL/TLS protocols accepted by the Postfix SMTP server
# with mandatory TLS encryption.
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
# Disable SSLv2 SSLv3 - Postfix SMTP client
#
# List of TLS protocols that the Postfix SMTP client will exclude or
# include with opportunistic TLS encryption.
smtp_tls_protocols = !SSLv2, !SSLv3
#
# List of SSL/TLS protocols that the Postfix SMTP client will use
# with mandatory TLS encryption
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
## - Activate des "Ephemeral Elliptic Curve Diffie-Hellman" (EECDH) key exchange
## - openssl > 1.0
## -
smtpd_tls_eecdh_grade = strong
# standard list cryptographic algorithm
tls_preempt_cipherlist = yes
# Disable ciphers which are less than 256-bit:
#
#smtpd_tls_mandatory_ciphers = high
#
# opportunistic
smtpd_tls_ciphers = high
# Exclude ciphers
smtpd_tls_exclude_ciphers =
RC4
aNULL
SEED-SHA
EXP
MD5
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

7
OPP/openvpn/ccd/README Normal file
View File

@ -0,0 +1,7 @@
## !! der name der user konfigurationsdatei muss gleich ##
## dem "common name" des zugehorigen zertifikats sein ##
## ##
## Show certificate fields: ##
## openssl x509 -in <cert.crt> -text ##
## !! ##

5
OPP/openvpn/ccd/server-gw-ckubu/OPP-Vpn-gw-ckubu Normal file
View File

@ -0,0 +1,5 @@
ifconfig-push 10.1.62.2 255.255.255.0
push "route 192.168.62.0 255.255.255.0 10.1.62.1"
push "route 172.16.62.0 255.255.255.0 10.1.62.1"
iroute 192.168.63.0 255.255.255.0
iroute 192.168.64.0 255.255.255.0

2
OPP/openvpn/ccd/server-home/OPP-Vpn-chris Normal file
View File

@ -0,0 +1,2 @@
ifconfig-push 10.0.62.2 255.255.255.0
#push "route 192.168.62.0 255.255.255.0 10.0.62.1"

1
OPP/openvpn/ccd/server-home/OPP-Vpn-chris_win Normal file
View File

@ -0,0 +1 @@
ifconfig-push 10.0.62.3 255.255.255.0

1
OPP/openvpn/ccd/server-home/OPP-Vpn-dominique Normal file
View File

@ -0,0 +1 @@
ifconfig-push 10.0.62.4 255.255.255.0

1
OPP/openvpn/ccd/server-home/OPP-Vpn-gesa Normal file
View File

@ -0,0 +1 @@
ifconfig-push 10.0.62.5 255.255.255.0

1
OPP/openvpn/ccd/server-home/OPP-Vpn-johanna Normal file
View File

@ -0,0 +1 @@
ifconfig-push 10.0.62.6 255.255.255.0

1
OPP/openvpn/ccd/server-home/OPP-Vpn-jonas Normal file
View File

@ -0,0 +1 @@
ifconfig-push 10.0.62.7 255.255.255.0

1
OPP/openvpn/ccd/server-home/OPP-Vpn-judith Normal file
View File

@ -0,0 +1 @@
ifconfig-push 10.0.62.8 255.255.255.0

1
OPP/openvpn/ccd/server-home/OPP-Vpn-melanie Normal file
View File

@ -0,0 +1 @@
ifconfig-push 10.0.62.9 255.255.255.0

1
OPP/openvpn/ccd/server-home/OPP-Vpn-opp3 Normal file
View File

@ -0,0 +1 @@
ifconfig-push 10.0.62.10 255.255.255.0

1
OPP/openvpn/ccd/server-home/OPP-Vpn-rene Normal file
View File

@ -0,0 +1 @@
ifconfig-push 10.0.62.11 255.255.255.0

1
OPP/openvpn/ccd/server-home/OPP-Vpn-tobias Normal file
View File

@ -0,0 +1 @@
ifconfig-push 10.0.62.12 255.255.255.0

7
OPP/openvpn/ccd/server-home/README Normal file
View File

@ -0,0 +1,7 @@
## !! der name der user konfigurationsdatei muss gleich ##
## dem "common name" des zugehorigen zertifikats sein ##
## ##
## Show certificate fields: ##
## openssl x509 -in <cert.crt> -text ##
## !! ##

182
OPP/openvpn/client-configs/chris.conf Normal file
View File

@ -0,0 +1,182 @@
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote gw-opp.oopen.de 1194
topology subnet
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Try to preserve some state across restarts.
persist-key
persist-tun
# Server CA
<ca>
-----BEGIN CERTIFICATE-----
MIIDljCCAv+gAwIBAgIJANdEFItVo9+IMA0GCSqGSIb3DQEBBQUAMIGPMQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczETMBEGA1UEAxMK
T1BQLVZwbi1jYTEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwHhcNMDgw
NTE5MTMxNDA1WhcNMTgwNTE3MTMxNDA1WjCBjzELMAkGA1UEBhMCREUxDzANBgNV
BAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAX
BgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4tY2ExHTAb
BgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GN
ADCBiQKBgQC1RgTR9sLzgKQW/1iSnMYgrl0OIc9KUxg4lwnA0WcMTPk5iQrX6guV
BAP6gTzf23qd1mwXqJDGIYaeA7D4KI3kKZdM6vCtKPZ+E2d4j8Kt5JzWAdy2fXVg
75PCqY2KWfkAh8EGlxmGeSQCuDGqVeiL+ekbp0hx7M57Gst5yxN44wIDAQABo4H3
MIH0MB0GA1UdDgQWBBThTcNr9HyBexayzG0kbMrdm5NT4zCBxAYDVR0jBIG8MIG5
gBThTcNr9HyBexayzG0kbMrdm5NT46GBlaSBkjCBjzELMAkGA1UEBhMCREUxDzAN
BgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4x
GTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4tY2Ex
HTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlggkA10QUi1Wj34gwDAYDVR0T
BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBgKYEcUleLw/trPJbbeI/s0ZKRGVki
nk7jY7+k8qa88FqrTP3V7pgGnWunINBgTBxM1dH/H4p8DXiIGWJrY7KCddIJSA5J
JiX7UJBXFQDXflP+MhqIdHfGjd37djMqUD2//WLAKuahxNSuf4L9FfoeNGghlYKX
Y/hjEv3y78V8QA==
-----END CERTIFICATE-----
</ca>
# Client Certificate
<cert>
-----BEGIN CERTIFICATE-----
MIIDrTCCAxagAwIBAgIBAjANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTA4MDUxOTEzMTkx
MFoXDTE4MDUxNzEzMTkxMFowgYExCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
aW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEW
MBQGA1UEAxMNT1BQLVZwbi1jaHJpczEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29w
ZW4uZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKZ8ei4OsN/qAkPpipXs
M9KpuihqNi9m1dzT1LEAMxg80aBNzKXHIgeFDzp94CAqDRdKEHPGLDR+rB+LHG4x
Gzvx7vRqMelaPTFPW7qOuMegYyOzfkrIzzxuTzV0loiUNm1Xqp+gcW2WLRkSZrzr
xXmSCi8uwDeScuBvYGjde+GfAgMBAAGjggEjMIIBHzAJBgNVHRMEAjAAMCwGCWCG
SAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E
FgQUNBKw7jurj9fRbOw5po4SKu4CDQswgcQGA1UdIwSBvDCBuYAU4U3Da/R8gXsW
ssxtJGzK3ZuTU+OhgZWkgZIwgY8xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
ZXR3b3JrIHNlcnZpY2VzMRMwEQYDVQQDEwpPUFAtVnBuLWNhMR0wGwYJKoZIhvcN
AQkBFg5hcmd1c0Bvb3Blbi5kZYIJANdEFItVo9+IMA0GCSqGSIb3DQEBBAUAA4GB
AAZIwXWsEwIwbt4Rj45EBVl22JwjV+dTlyrFoY4RPMAoV8h92Umrh//+cuvMVzPT
hwrGUzcjFlFNKrm5U2kEmfG9nhgViCvqKo16aj5lnF7H+nTlteFa/XYw814Q+RKi
rDAsrJfwVMOfZAEsDEdr/Lmscuh9ZPphej5rZIRxnCFB
-----END CERTIFICATE-----
</cert>
# Client Key
<key>
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQCmfHouDrDf6gJD6YqV7DPSqbooajYvZtXc09SxADMYPNGgTcyl
xyIHhQ86feAgKg0XShBzxiw0fqwfixxuMRs78e70ajHpWj0xT1u6jrjHoGMjs35K
yM88bk81dJaIlDZtV6qfoHFtli0ZEma868V5kgovLsA3knLgb2Bo3XvhnwIDAQAB
AoGAOdvYuljwr2CsGN35A9Fq0TObNqBy5FZgzLXxnPHsz+eTEpr3HEXwVZywhito
0MTMd+ONhC7C/htnxi6aWtFGHSdr2xpVS/WUzSgBIlskb5XzJhMf54tbG+PN1dpA
UG1S2wSRa5rQC2ifX6t3m0UwpMlymtimVxzH5YR7/cwD08ECQQDZ0OG1DqjdYQfH
PJKH+xat7HI55FV9aWhjH/t2KJcT72wnoKJfjzG5aW8ePAXMX++J6PP28s1HQcXB
/R3vrQczAkEAw6wG8tFazT0+hNBcT63VsoAW7FxsZp0ME1kFNdceZbbcPMH2SDdR
QXFLarBCcYnvKthwO9Xeyz93J6k5ZQXL5QJAKf1kpZzP3O2JrFT3ApPbCWhdlN95
w5WAdCuENIEartMnDHShGL7oHRBARZnYnE+aRAHOljq0bBo332/GR6AZlQJBAKQS
Vk07AOGBzi99qzngsISZZR9SLE8qtppulbDcrY9qcme72DAbulWekzdljoE3wMTz
ccCqh8Nzdw1Zl1e/MYUCQQC+p3L5N0j/lC17/jCDWQ424UKCo9Kml9obBcKXW32X
s2V6x1PgpLcouXzVAgXjlNwbcIRJMEivDYTr3frW9sUT
-----END RSA PRIVATE KEY-----
</key>
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-serve
ns-cert-type server
# If a tls-auth key is used on the server
# then every client must also have the key.
#
# Don't forget to set the 'key-direction' Parameter if using
# Inline Key. Usualy , sever has key direction '0', while client
# has ke direction '1'.
#
key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
ff2b7b56af351769ba703f874d389327
2e8fed8405df740d51d58eff3eb25af3
d6de19376333a9b05aa72f8b90124bbf
5ea3085029070d28952a1fe9baa392fc
4865bd5dbc58a4ccfc373d2ce772a217
17f099df7d2354e404ae7690cbc50002
151667c2af583705bd3896327917327a
a8b2c9073e58b7deabb3ad04336170b9
6fcce57b50827b0f393b7d1f0a7f6299
d15140e46f6108983234eb53b0a6d56c
6ce3815bc7f5ec9f52bc7eb680562b4f
1241f1378b774491ca817b56f1d5ba09
c25e8a4dff3610c60e4f9f3c306c15af
8a70829075343f2ab24d61560804c78a
dda39ceb12e11a0079b59dcb607166e5
567cbf1dc83c2f32f8ce1cb4576c12df
-----END OpenVPN Static key V1-----
</tls-auth>
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
comp-lzo
# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 1
# Setting 'pull' on the client takes care to get the 'push' durectives
# from the server
pull

202
OPP/openvpn/client-configs/jenny.conf Normal file
View File

@ -0,0 +1,202 @@
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote gw-opp.oopen.de 1194
topology subnet
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Try to preserve some state across restarts.
persist-key
persist-tun
# Server CA
<ca>
-----BEGIN CERTIFICATE-----
MIIDljCCAv+gAwIBAgIJANdEFItVo9+IMA0GCSqGSIb3DQEBBQUAMIGPMQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczETMBEGA1UEAxMK
T1BQLVZwbi1jYTEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwHhcNMDgw
NTE5MTMxNDA1WhcNMTgwNTE3MTMxNDA1WjCBjzELMAkGA1UEBhMCREUxDzANBgNV
BAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAX
BgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4tY2ExHTAb
BgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GN
ADCBiQKBgQC1RgTR9sLzgKQW/1iSnMYgrl0OIc9KUxg4lwnA0WcMTPk5iQrX6guV
BAP6gTzf23qd1mwXqJDGIYaeA7D4KI3kKZdM6vCtKPZ+E2d4j8Kt5JzWAdy2fXVg
75PCqY2KWfkAh8EGlxmGeSQCuDGqVeiL+ekbp0hx7M57Gst5yxN44wIDAQABo4H3
MIH0MB0GA1UdDgQWBBThTcNr9HyBexayzG0kbMrdm5NT4zCBxAYDVR0jBIG8MIG5
gBThTcNr9HyBexayzG0kbMrdm5NT46GBlaSBkjCBjzELMAkGA1UEBhMCREUxDzAN
BgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4x
GTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4tY2Ex
HTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlggkA10QUi1Wj34gwDAYDVR0T
BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBgKYEcUleLw/trPJbbeI/s0ZKRGVki
nk7jY7+k8qa88FqrTP3V7pgGnWunINBgTBxM1dH/H4p8DXiIGWJrY7KCddIJSA5J
JiX7UJBXFQDXflP+MhqIdHfGjd37djMqUD2//WLAKuahxNSuf4L9FfoeNGghlYKX
Y/hjEv3y78V8QA==
-----END CERTIFICATE-----
</ca>
# Client Certificate
<cert>
-----BEGIN CERTIFICATE-----
MIIEiTCCA/KgAwIBAgIBLDANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTE4MDIyODIzNTI0
MFoXDTM4MDIyODIzNTI0MFowgaQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
ZXR3b3JrIHNlcnZpY2VzMRYwFAYDVQQDEw1PUFAtVnBuLWplbm55MRAwDgYDVQQp
EwdPUFAtVnBuMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMMY7okQO+8IO7QsNXV27LOJeejIy6Pt
QesB+86pV6MgD0E6sRg1nfNSMcfL4YLD5qIHGu9fI24iG+51eGNZtwnm11uafwOm
nB2NRezuc2uzNkQxmla03sSLTG+UWstfLwzocJjCev4WVbv79XYdpfvbTCOrK3y8
qNm3euJ39zT136j/68hu8GEp29Kg3/IN+M5/cnlsWsnPnDy76EBTshLPXH/XgIQ9
sspuSxIP3c3xjKwAenkS3yZNIQB252+fOscAoS8ad+poGKyC+8UiMMyYAiOJv/kz
wPSofV3ncxBdeK2ZAXn3WNNndxszOFZNeaPD5A4T+ZqDsgvtlqmY8tMCAwEAAaOC
AVgwggFUMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVy
YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQURxib0KicE0d0jkEkKDwikV5xpnUw
gcQGA1UdIwSBvDCBuYAU4U3Da/R8gXsWssxtJGzK3ZuTU+OhgZWkgZIwgY8xCzAJ
BgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0G
A1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRMwEQYDVQQD
EwpPUFAtVnBuLWNhMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZYIJANdE
FItVo9+IMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAQBgNVHREE
CTAHggVqZW5ueTANBgkqhkiG9w0BAQsFAAOBgQBsrcotHRmOTMrGCT3FQ2d+tEJ2
oAojPknBpmwDopbZ/cyncCrHCW82WeH1UaoRHjXztI0g8HCrAjs+ipYhwFcrlyAW
FWMYrNanGWzMfP9vuC+4zArojqo5oqQ88oX9jDZpOScfP6IUeXdNxgI4f5FzneD9
wWnFsSS/PcuWPpPyXQ==
-----END CERTIFICATE-----
</cert>
# Client Key
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIS7C0EfAOtV8CAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECBZSzA/4v2DJBIIEyPuxNdmVDWIk
SNpc3sF+WU8cUcOyqiQT854zZNfULzcuQDMaYLxYTDJcJPlrwMkSrXh/W417b6XY
aOSkS2GqkbSrpVRCUY3e0nuBMYolT8nVgcZINw+x6ZtM2pHPOAGHGYRIg5CBIW7c
ZGySvj8MXzQDFFf0XnfSDqpviQv6WDBzM/Ekoculh151+gj94CkVd2VsCN6czfNQ
s6S6n4XFlCO4cehDjekqURCRZ7cB+1tdUlO1Fx0sFvbpJdvCndlizrsgw0TGrYiH
imgx4qvFJ1YmpKUv3M8/P2ywMSGuukvaUfmZLon82wGD6dtn/Javgq2x32bcqUwf
helR6VVz9luxkk7DlbcANTn2N1QE8jsbsCCUDPS7TKy7XHZaxKUR1DwroDLf9BNG
eoxC5T9obpRigECvmmZvwmtZmq+Xscly6w5eICDzN/yquRswQII3kkHHi2K5bMs/
F2KKf2wheNljvYHgfyzZRM28iDUq7qnpZv1oh/zuwmk3bHVIVtSujFiqDaD4h8uh
TDt+Ou82VSjlkHMGxkJ5bbMOxEHujZGfQvx77yUEctQi/uhgdhdJYRiLrw6UTIql
rQ+tPbOqRyiKuv2WRSm0G8uswe4P38mesIbsMKHXT+sRjbJfmjzDCi0rNZlyNfLN
xUdMLD7mRyiundsXVekSPy5sA7we7Sg/TyPdMuWrHzgU6OzIedLTXpBqQAgFRXhG
6CmM8CzEcmsSnSCKBedzy6jYH7XaCVG7q+D7n/WEc3YgVilkafiNZWtTgdR5w8Bf
/Ww5WorrQpB9lwX+Rn4hI7m46pl5mVpNuYNJTrRj+pb3biLMPYpKRQY0tc4HkvrM
RS9qA1Y1YWwh5ScyxwknGEqqLBsWEyAZcCKagt+SoK7QYSfodm1gQSdUDMNC/4iE
EsTMipAB9TppMAKMOvkNgOP8m3cr8nm7l8Rwbm2PBRmPCoANNxAKewwh5ZJ26Kiu
IRZfPptyJu9kSIfRmOjNGyvH13fhaTffwXr5UKZqWB2i/tsRo5d1xj2UIsfXs/2p
4s4AAfI8qn3jtsi9RDXxws/l0oIHuYbdXN99AwqoN5ZzysO24ieY81IoNjyfayca
Ymzl6al9BaBaRzgqDpQzKJZxVUrQJFq0MrdS+KHFSc094gbHdi/e/wKkuV7e6sss
RhSDD/PtUT5BmWiS2Ch9JgglQDYmzuDSC2wLfVARwXBgwpXjlnjUKOtacSQ4T/Zw
UZJAuxUMPO1rQeR8aUZF4yYZ8xMD0vTyp27BKIPiQDUyLsfjTO9fgVXXOYNc2CKX
EoWoqnZWrROZ/qoGJHW+0YTFGDYENZfdDxaGFDyaBcd+uXf97nh+6bQmtgqNpqGT
575/JZ0KRsAfmVLxXhwaYWkRg4Usl7dAqUOslkhHlcuTU209iydTHmTPRKS8GmIC
dBVFoJDdIIh+/R+euLOb2MQ2A719YRYZjmjsxLpezrXmJOppp6aUBWs6SKrNABah
8GEumCrKAjWUVoFT85rCm8dlAiXEZhTnVkrAwvsioXx4j6xcRC1OCi0d56wMODai
RY7dizBLIukqzHmsQaXSVM2jYHE+cbixqgaIW9LgZ28a9M2vWNetbnZV/5DK2kWr
rKWZ097uKHSd78Ta9/W5yg==
-----END ENCRYPTED PRIVATE KEY-----
</key>
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-serve
ns-cert-type server
# If a tls-auth key is used on the server
# then every client must also have the key.
#
# Don't forget to set the 'key-direction' Parameter if using
# Inline Key. Usualy , sever has key direction '0', while client
# has ke direction '1'.
#
key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
ff2b7b56af351769ba703f874d389327
2e8fed8405df740d51d58eff3eb25af3
d6de19376333a9b05aa72f8b90124bbf
5ea3085029070d28952a1fe9baa392fc
4865bd5dbc58a4ccfc373d2ce772a217
17f099df7d2354e404ae7690cbc50002
151667c2af583705bd3896327917327a
a8b2c9073e58b7deabb3ad04336170b9
6fcce57b50827b0f393b7d1f0a7f6299
d15140e46f6108983234eb53b0a6d56c
6ce3815bc7f5ec9f52bc7eb680562b4f
1241f1378b774491ca817b56f1d5ba09
c25e8a4dff3610c60e4f9f3c306c15af
8a70829075343f2ab24d61560804c78a
dda39ceb12e11a0079b59dcb607166e5
567cbf1dc83c2f32f8ce1cb4576c12df
-----END OpenVPN Static key V1-----
</tls-auth>
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
comp-lzo
# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 1
# Setting 'pull' on the client takes care to get the 'push' durectives
# from the server
pull

202
OPP/openvpn/client-configs/laptop-opp1.conf Normal file
View File

@ -0,0 +1,202 @@
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote gw-opp.oopen.de 1195
topology subnet
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Try to preserve some state across restarts.
persist-key
persist-tun
# Server CA
<ca>
-----BEGIN CERTIFICATE-----
MIIDljCCAv+gAwIBAgIJANdEFItVo9+IMA0GCSqGSIb3DQEBBQUAMIGPMQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczETMBEGA1UEAxMK
T1BQLVZwbi1jYTEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwHhcNMDgw
NTE5MTMxNDA1WhcNMTgwNTE3MTMxNDA1WjCBjzELMAkGA1UEBhMCREUxDzANBgNV
BAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAX
BgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4tY2ExHTAb
BgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GN
ADCBiQKBgQC1RgTR9sLzgKQW/1iSnMYgrl0OIc9KUxg4lwnA0WcMTPk5iQrX6guV
BAP6gTzf23qd1mwXqJDGIYaeA7D4KI3kKZdM6vCtKPZ+E2d4j8Kt5JzWAdy2fXVg
75PCqY2KWfkAh8EGlxmGeSQCuDGqVeiL+ekbp0hx7M57Gst5yxN44wIDAQABo4H3
MIH0MB0GA1UdDgQWBBThTcNr9HyBexayzG0kbMrdm5NT4zCBxAYDVR0jBIG8MIG5
gBThTcNr9HyBexayzG0kbMrdm5NT46GBlaSBkjCBjzELMAkGA1UEBhMCREUxDzAN
BgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4x
GTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4tY2Ex
HTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlggkA10QUi1Wj34gwDAYDVR0T
BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBgKYEcUleLw/trPJbbeI/s0ZKRGVki
nk7jY7+k8qa88FqrTP3V7pgGnWunINBgTBxM1dH/H4p8DXiIGWJrY7KCddIJSA5J
JiX7UJBXFQDXflP+MhqIdHfGjd37djMqUD2//WLAKuahxNSuf4L9FfoeNGghlYKX
Y/hjEv3y78V8QA==
-----END CERTIFICATE-----
</ca>
# Client Certificate
<cert>
-----BEGIN CERTIFICATE-----
MIIElTCCA/6gAwIBAgIBKDANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTE3MTExNDAyMzg0
NloXDTM3MTExNDAyMzg0NlowgaoxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
ZXR3b3JrIHNlcnZpY2VzMRwwGgYDVQQDExNPUFAtVnBuLWxhcHRvcC1vcHAxMRAw
DgYDVQQpEwdPUFAtVnBuMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMVtoq8Nm7zrdwjTwdp5zprQ
J3TSXs5oUjXqcmOmuqjVR0GVENVW/AfCJE4oBgT1dEMFUoY2hvmPecVzDqjC51t+
CHkCoqghWW71GcZZbJZm3CTDHBjgCeRuLDMzxDetvwaTk6zfmIqTEYxrydg53WYB
2IDtq0Iegngu4KKYPbM5uEcagUuk6cMvshB6q7plc44KI1SdPktPCZX3b8gzOq5j
hx+6Z/YDAmLFIpu2lzbrEfcTYvMcebEisbjy+e1XDFRQaUnOpuNN8jlBToocMqqH
nrDekzeHNLYeypTSSApQMcXAQXh7LsGLdZVEEAaRIDlUqVA2tJUvaXshzBOjOC0C
AwEAAaOCAV4wggFaMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNB
IEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUgqI6aUjw3mBYjMZ1vcFU
T5mjPFAwgcQGA1UdIwSBvDCBuYAU4U3Da/R8gXsWssxtJGzK3ZuTU+OhgZWkgZIw
gY8xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxp
bjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRMw
EQYDVQQDEwpPUFAtVnBuLWNhMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5k
ZYIJANdEFItVo9+IMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAW
BgNVHREEDzANggtsYXB0b3Atb3BwMTANBgkqhkiG9w0BAQsFAAOBgQATpNUsLFk/
n++sNtQhpVrZ874TCfVTn+kt4iWccvCmu4oSbZ34HGSNudtYwWtJugbrRWkxjSIp
VUrLLE8Nxsev5JrBRzQuh28bDYgJPtvggpaNzbhmBqftoC/l1vCr59uOC1uB5BYt
gwgKxTNOJ5bKYIg7TIDrr0XVWaLwMc8wUg==
-----END CERTIFICATE-----
</cert>
# Client Key
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIvHFbhmmWccUCAggA
MBQGCCqGSIb3DQMHBAg3Iz/FqmdZ7wSCBMjNGSrcP1d2uS3KGvLQAIHxIcTJado+
ORafYeIi3yI1Ymw0NuJTBkED7ht6uIHPZObMFvSz6FPKXW4AgJ61bUrUO02FMFWS
b8dSYOVhNXYUmyUdR0a1Ocq+LWQQehVFckgZoZuWKnSJntLDFlL7rbNj3FQrpS5P
fjUv7dy/fv9H56EJjsREt7N3IGz3zf5apjFhLFi5G6cvvo0wIZr4TzunkO3/LGRq
J2GUASJEvYs0U99HpK2wYUN3IJqYI6UfvT+I6Ra57oYMBQsTiJtAsWkiRpxIE3Vw
/UfrKwp4PnVcw0TAEeZ/uc4HLGWY4YoQueBeagnIZeJcQTpd/Mf9iIGeGWa4Mpp+
kLEDgS4uyZvgYEQ9iN9I6KykUrHZKgVv+wwC1RlYtQANXkff0RRMIrSKSnxnk2tn
TncaccDEAlXwB6yQLUdCPzEfa4X7QsM7hSOXPN369qqaM4mwg66Qt2AmWq4c87Ta
CWITdQ/ko0B6fLrenvY25g1e+NpszjGfDw4MqPE7j8ieXy6BFdlPAdqr2gHGxlwO
LS2Zt+zbffhNmlq8xQA+b/lU+UpoxzSZzT88I15jFeeT3OsWIHNM66wk1PAKRhPQ
gj1NAC9zyLftGoJei+B9ZNkF9b/a72rPNac3X5FQzFdVQ20AAsKeEBFgtmwWc/KT
10206UCSGm9hau63yWv7uOrwnFG/t2pJcA+C8pnHwEMFbNzX7jYJgAG1WwmQNTsJ
RALHfQkvJwgXlOv0bHntSvOHBhDjVmhDilrqJLjJTlZ1nhFy4U8ziSNWCHTvSXyO
f95faLJUEdIOFKIdvKvvzkBqTB829EmbkFsJMVJ1vC566jX3IulNzkpO0eP+oRQs
xBIUipGDFwy8qMaPOW4TC3edjhvBuTGfrriIZfsUaQHuqtD8HDA6tM2BJppjMvfi
zVPtZB/0LaHjRNqJB5paSws+Q8Rd9ENJIUI8u7aLkOU8foO+17pQZ4msSzUCVd4E
mWiJ+TAFM8hmlQ2u6NznM9RABBpsGrzmhC1XhkwU9V41KHcKMdRAkrPvixX8qthp
cG7EoyVXcl2lC8emr6sbGwhKmOCTz0gSm/REnoQZpnIMpSIsTqw6gPzHvK9vVRP4
nZUt4SCEaVqGrykgj/GzEfiAQyyDqNZDeqJwJnjkcs3qeR7Arr7wlL88Bk14TmHu
DBoWxkjPxmGD7ZdE2C6yqETNNyMHQVxHDafraOc51WQz8w0HUGl/9OjDt7jZBtdN
PbtiDFxhZLvHpo6CNKsPTwNgdIfgg/NRRWpjoDnf8prY0m6DVbvwqm4BxKxA5r3E
k1YreW2evOFP6nOU31ptY58vWlaWTJAv61Xp2N3J4fzydc1sJQckQG/XWdORb7Bl
FBNona7NPY6y+RGWYhfkzHqoAY4QEpZcjSPEN+Z5ULbxfL1tCN5i145vv9FRDu5A
MTCCd7XIc5WIKKz2AfIR3H9LSJGEY231VGtPOJkCqkzUF4NHRwcPOnrvRqHwlfOZ
7h7OGOQsj1FPANBRj4upEM4/WNeyT9fQNWguYR5kNCwLkryO965AqHNCOHeFL7K6
+0+NPEOF9qLxM6dSxnP6HkH2dodVmqiUbDeypPnmrh71ncrgBKMtJ75THEBA5k4Q
8UQ=
-----END ENCRYPTED PRIVATE KEY-----
</key>
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-serve
ns-cert-type server
# If a tls-auth key is used on the server
# then every client must also have the key.
#
# Don't forget to set the 'key-direction' Parameter if using
# Inline Key. Usualy , sever has key direction '0', while client
# has ke direction '1'.
#
key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
ff2b7b56af351769ba703f874d389327
2e8fed8405df740d51d58eff3eb25af3
d6de19376333a9b05aa72f8b90124bbf
5ea3085029070d28952a1fe9baa392fc
4865bd5dbc58a4ccfc373d2ce772a217
17f099df7d2354e404ae7690cbc50002
151667c2af583705bd3896327917327a
a8b2c9073e58b7deabb3ad04336170b9
6fcce57b50827b0f393b7d1f0a7f6299
d15140e46f6108983234eb53b0a6d56c
6ce3815bc7f5ec9f52bc7eb680562b4f
1241f1378b774491ca817b56f1d5ba09
c25e8a4dff3610c60e4f9f3c306c15af
8a70829075343f2ab24d61560804c78a
dda39ceb12e11a0079b59dcb607166e5
567cbf1dc83c2f32f8ce1cb4576c12df
-----END OpenVPN Static key V1-----
</tls-auth>
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
comp-lzo
# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 1
# Setting 'pull' on the client takes care to get the 'push' durectives
# from the server
pull

202
OPP/openvpn/client-configs/laptop-opp2.conf Normal file
View File

@ -0,0 +1,202 @@
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote gw-opp.oopen.de 1195
topology subnet
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Try to preserve some state across restarts.
persist-key
persist-tun
# Server CA
<ca>
-----BEGIN CERTIFICATE-----
MIIDljCCAv+gAwIBAgIJANdEFItVo9+IMA0GCSqGSIb3DQEBBQUAMIGPMQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczETMBEGA1UEAxMK
T1BQLVZwbi1jYTEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwHhcNMDgw
NTE5MTMxNDA1WhcNMTgwNTE3MTMxNDA1WjCBjzELMAkGA1UEBhMCREUxDzANBgNV
BAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAX
BgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4tY2ExHTAb
BgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GN
ADCBiQKBgQC1RgTR9sLzgKQW/1iSnMYgrl0OIc9KUxg4lwnA0WcMTPk5iQrX6guV
BAP6gTzf23qd1mwXqJDGIYaeA7D4KI3kKZdM6vCtKPZ+E2d4j8Kt5JzWAdy2fXVg
75PCqY2KWfkAh8EGlxmGeSQCuDGqVeiL+ekbp0hx7M57Gst5yxN44wIDAQABo4H3
MIH0MB0GA1UdDgQWBBThTcNr9HyBexayzG0kbMrdm5NT4zCBxAYDVR0jBIG8MIG5
gBThTcNr9HyBexayzG0kbMrdm5NT46GBlaSBkjCBjzELMAkGA1UEBhMCREUxDzAN
BgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4x
GTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4tY2Ex
HTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlggkA10QUi1Wj34gwDAYDVR0T
BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBgKYEcUleLw/trPJbbeI/s0ZKRGVki
nk7jY7+k8qa88FqrTP3V7pgGnWunINBgTBxM1dH/H4p8DXiIGWJrY7KCddIJSA5J
JiX7UJBXFQDXflP+MhqIdHfGjd37djMqUD2//WLAKuahxNSuf4L9FfoeNGghlYKX
Y/hjEv3y78V8QA==
-----END CERTIFICATE-----
</ca>
# Client Certificate
<cert>
-----BEGIN CERTIFICATE-----
MIIElTCCA/6gAwIBAgIBKjANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTE3MTIxMTIzNDIy
MVoXDTM3MTIxMTIzNDIyMVowgaoxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
ZXR3b3JrIHNlcnZpY2VzMRwwGgYDVQQDExNPUFAtVnBuLWxhcHRvcC1vcHAyMRAw
DgYDVQQpEwdPUFAtVnBuMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL7iPPaeJzTmsK05kNWd1xS7
MF//l5D0baIAbmoYbtoJ6AIzALMfoeLigt5clkmsSNbERO2XdmuN1+05QtfaXUZo
SqV/18Pfoe+NGI8tlMS4IewD5WCGWLkm8akn2AigxUYc92lhRLpZHWu1k5NSjHc+
Mzgi8QIgIpb7/gjbgFoKnIR5dJy6WLoTke+pDSB7JM73ZXiHuiwT2/MqQ7Clb7e6
K74yoM5rBZPdgvLbPkRRaaAHg9x15UnmucdQ09Ny3hJ6MAJzao+tOpEQqitrGfzi
m5yFFIxNLAI1YVnUSHTGcQGAloBJby7o0rTTTIZuQYEGBSozf2F4U8bRJ/3vn98C
AwEAAaOCAV4wggFaMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNB
IEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUmgpK2Gop3E6rlrU38NZL
UnaRhXAwgcQGA1UdIwSBvDCBuYAU4U3Da/R8gXsWssxtJGzK3ZuTU+OhgZWkgZIw
gY8xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxp
bjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRMw
EQYDVQQDEwpPUFAtVnBuLWNhMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5k
ZYIJANdEFItVo9+IMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAW
BgNVHREEDzANggtsYXB0b3Atb3BwMjANBgkqhkiG9w0BAQsFAAOBgQBuOP7fJrTK
ntl8UBuMT6garKT95ZO8ZvXNEhwxhE6Pd7PcLaHlRV/R6f1MQmDjm6PakOswo8aX
KX0ENM+Bv9cPVOM4/iHpsMo3rVGsJjFxGQmjPYqzBKnhp7scnZe+5fdj31OpB4Qj
4QyH8FlYvZ4atU7Aao2pSaUprjduTGkg2Q==
-----END CERTIFICATE-----
</cert>
# Client Key
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIQGWwJ/0e9vkCAggA
MBQGCCqGSIb3DQMHBAgYCqryO9FhewSCBMj8TDpUkZHLx1K//VFwpVIB18bMXyhF
DErbYLXoUeqYPIiZ+Scu1HsHPpVq3whDybcSRDFLL/cKsHRmJzbowHakxI5KABJG
iW+nxWHmeL75GTOGOexv+WmyjFce0LNTSuoQrLPg5JKZl6sTiq55+0uaU8MqxrXN
nGv98J/s8AR8u5PVpkbta79gKQEgkQQhd/0FNDLF/2zvrJ4eZAekHwwXBairatWK
NSu18vJuqX6LzHfxS6d/boexCVsPgp1GfQQP3pQsvafCpUWd5pdrSPaaKEUNPLrt
39uoybJUMHJLBaAE1VukBXHQUIrhzjYO3cEU07UUJH/91+MNMjFjN5W+FtaIHyuy
BGlg06x/lVEuuXWXoBw6z9ucIkVsbXo4KsXJWjrCmMyCKpSg2NUY/X6OcjX/oe/M
FUg08ZoRuE5cWuE00Xc4dGfAaQ0ILlfZr32rBzsCLGE1QaV6qwncWVO9uyK1eIF/
ekVytBuYRxqNI3zaNG338gDNB5SZZnYlnYqx9BeTenYJXuZp6tqiK1QrL2+Da2m8
GrL2U9pbihl1QfOURKZMmSY4kiDlyFq6Gg+1YkHKGmc8kx2hGH8VEo9O0nlQ2Dd6
xPSmio9yHSfkBte+rcPCc35DggBDOd1ZFIgs/m9d8xrxPx8Fn0f//duFbfqdKmty
hyFksx7ToXRNQamOedaegSxyQ/62okzuQHLhgAQb368asVjfYnlb/o2CBkVLT/t3
3wyV8waSK1Wlm8aEG33TUBb1QA46qY8Xl3JEdPRLxrSO9BAaU5AlNvhXcg1yvAml
nvS/2aF/5VHHeh7F2eq2WhFR5CBbOSC20Oxx/PeHcgORxxNzDsbsUWVKhLvB8V6O
fqz9hsQ6uGG4foFAfEXHA5p/RLXzJT+N2lwAlmq4awyTrddDOptOjnHiUFTcrt0Q
3AA6QZN6Poi7wTPfdW71/NqwJbxSoW+ZwD5gc6KPc9LGJ4aoTv6hUleK7oVPYlhP
Nu5ql85bVe3f2FWuYA1pt2uP80OgLy0Sfyx8zrkDLB5IlA7N7krc3BDW4fOuezow
tYzPypdjhIgUtQEe9+g7UyuK9GQmolakAptcznIgAdpyANuxm6ZzTFZeCnbj5gji
Bwft3pWz91KUJ9puK8NhgYLK0kX6/1tkzWN1HAJ7EuUVEVDZa84sG18TzP8qA7CV
S44VmC+G3naDsAhiUkElbOzs9Mon8cMy4WRO5bozwMyPnk2GQAthGI99g+PA7ZJj
Nnlc9DCxRHhT3sCVw9Hrg6fe/fi2Eecvq94rSHVM5duVlVug0ah9Q1/acA/bmPuE
h+jIhieD0oduPJ0n0nFRh/m4mRqqVsT981xK+tXOznB2AIlikX/Clb1rWlaWNvO/
RqnY123/TsAD+fsRVfS0UZY5y4SujSJr6swGuURSpnJnrNR7mRBLVvmOEmknoLRO
5eLFkWJ2+G1k6nUDcmoVOzicndpPrk87MXFXFA/75UdNLpg+iJv00n5X6oTwokwR
Cz61T0uYO/R+8eBvIym4ym4ks2H5fZ/tCxzyGrUcCT5Zd9nQ5oQBzaoxfcCqwZlF
Oxq3/4xNfvrv1KMPUVYDj7zMUDv4Au775yIGBomhayCmDZDzsB6wZL4pMsWZFedB
5Co=
-----END ENCRYPTED PRIVATE KEY-----
</key>
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-serve
ns-cert-type server
# If a tls-auth key is used on the server
# then every client must also have the key.
#
# Don't forget to set the 'key-direction' Parameter if using
# Inline Key. Usualy , sever has key direction '0', while client
# has ke direction '1'.
#
key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
ff2b7b56af351769ba703f874d389327
2e8fed8405df740d51d58eff3eb25af3
d6de19376333a9b05aa72f8b90124bbf
5ea3085029070d28952a1fe9baa392fc
4865bd5dbc58a4ccfc373d2ce772a217
17f099df7d2354e404ae7690cbc50002
151667c2af583705bd3896327917327a
a8b2c9073e58b7deabb3ad04336170b9
6fcce57b50827b0f393b7d1f0a7f6299
d15140e46f6108983234eb53b0a6d56c
6ce3815bc7f5ec9f52bc7eb680562b4f
1241f1378b774491ca817b56f1d5ba09
c25e8a4dff3610c60e4f9f3c306c15af
8a70829075343f2ab24d61560804c78a
dda39ceb12e11a0079b59dcb607166e5
567cbf1dc83c2f32f8ce1cb4576c12df
-----END OpenVPN Static key V1-----
</tls-auth>
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
comp-lzo
# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 1
# Setting 'pull' on the client takes care to get the 'push' durectives
# from the server
pull

202
OPP/openvpn/client-configs/laptop-opp3.conf Normal file
View File

@ -0,0 +1,202 @@
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote gw-opp.oopen.de 1195
topology subnet
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Try to preserve some state across restarts.
persist-key
persist-tun
# Server CA
<ca>
-----BEGIN CERTIFICATE-----
MIIDljCCAv+gAwIBAgIJANdEFItVo9+IMA0GCSqGSIb3DQEBBQUAMIGPMQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczETMBEGA1UEAxMK
T1BQLVZwbi1jYTEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwHhcNMDgw
NTE5MTMxNDA1WhcNMTgwNTE3MTMxNDA1WjCBjzELMAkGA1UEBhMCREUxDzANBgNV
BAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAX
BgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4tY2ExHTAb
BgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GN
ADCBiQKBgQC1RgTR9sLzgKQW/1iSnMYgrl0OIc9KUxg4lwnA0WcMTPk5iQrX6guV
BAP6gTzf23qd1mwXqJDGIYaeA7D4KI3kKZdM6vCtKPZ+E2d4j8Kt5JzWAdy2fXVg
75PCqY2KWfkAh8EGlxmGeSQCuDGqVeiL+ekbp0hx7M57Gst5yxN44wIDAQABo4H3
MIH0MB0GA1UdDgQWBBThTcNr9HyBexayzG0kbMrdm5NT4zCBxAYDVR0jBIG8MIG5
gBThTcNr9HyBexayzG0kbMrdm5NT46GBlaSBkjCBjzELMAkGA1UEBhMCREUxDzAN
BgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4x
GTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4tY2Ex
HTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlggkA10QUi1Wj34gwDAYDVR0T
BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBgKYEcUleLw/trPJbbeI/s0ZKRGVki
nk7jY7+k8qa88FqrTP3V7pgGnWunINBgTBxM1dH/H4p8DXiIGWJrY7KCddIJSA5J
JiX7UJBXFQDXflP+MhqIdHfGjd37djMqUD2//WLAKuahxNSuf4L9FfoeNGghlYKX
Y/hjEv3y78V8QA==
-----END CERTIFICATE-----
</ca>
# Client Certificate
<cert>
-----BEGIN CERTIFICATE-----
MIIElTCCA/6gAwIBAgIBKTANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTE3MTIxMTE4MzA0
OFoXDTM3MTIxMTE4MzA0OFowgaoxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
ZXR3b3JrIHNlcnZpY2VzMRwwGgYDVQQDExNPUFAtVnBuLWxhcHRvcC1vcHAzMRAw
DgYDVQQpEwdPUFAtVnBuMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOY+T33t6+MGoC2ZVVucGMp9
Bz12/5TsG1oh1L47K1CLckhVM3pUKWvYuxHPmn+cIGn9bnohrBlG2y4YNm1PkTvk
pWozI8YGYsXVKMPEKD44FuYDZJUYExmV4craQaYcmVYW6/JwwGfcDN3YvG9hB30C
dsMs9IBMQuhVl6Cg6ngecYq7e7+1LVWmoTQNOg7UAjKTKzyztIEfYznI5irprE+T
vSptv7N3m9h6Jw2yRNnkuQ/MsCdb+zKieXdV2LbQY8eYxURHT01nIuJAmOAKD7yV
RtdLNwvppxGo/Qf4GG1ZjVQR/J4jYhRkYs8NSV1BlcTT7NQD5i5pFWs/NhVmWMEC
AwEAAaOCAV4wggFaMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNB
IEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU5+o1f7cxB1BbVCp8NffX
QMqfsNowgcQGA1UdIwSBvDCBuYAU4U3Da/R8gXsWssxtJGzK3ZuTU+OhgZWkgZIw
gY8xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxp
bjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRMw
EQYDVQQDEwpPUFAtVnBuLWNhMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5k
ZYIJANdEFItVo9+IMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAW
BgNVHREEDzANggtsYXB0b3Atb3BwMzANBgkqhkiG9w0BAQsFAAOBgQBGTCJBsP42
28Lml/xQ/3QmQg4fD9x2jOo8JLmy04/iWhlXuxXITun6BrhhHWXpRirGz1XFGoF6
yw8uXWq8VXqo33oWYmp1nd4ZdQ1YKj2Swbx5UrjfGSSsY/2wzoxlEsUDyWLnFIXs
OiBrkyXKN3tdOn2y8hTP5szeXqrVKaL8Bw==
-----END CERTIFICATE-----
</cert>
# Client Key
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIPc/olWb82e8CAggA
MBQGCCqGSIb3DQMHBAjhtAZshhbq9ASCBMhnZCLp5esIptXvS4mIfbJfO1lRdMwz
cCUUw5htYnETJZ6E8f2oisM0pYKCkKEXY/C/G0lXpQYduzIDYv3dK2t1pfHbebp+
KHWWojuMmoXxcE7I4cxrf61dnz7huYHJsUGzJR43IlV9i/VFWvqcPA4ei5Ir1PLG
3Vn6IlYJlw6BhOWH5Dh7ay080rsqOuQ4rXSqhodKJ4XMal3XCLzhCUm2NyK+bgTX
kM16O+4QVhG+X8Rq+zUkyLXFuxgc/GEdOGJejHOp4u14ojVkPRD7oj2CPZjnNpen
3BvxV40lCv7XLXeeTonmWTEsdYnbGeNhFG92TCVvLA/FVo8QaIUUL9OgxIPg2Y0Q
+ui6kUZW97Q1tICvkNC5ZBWv24OXPPELJfxFvNlibw0J6osQ0HJEOxGCFUeJ6e6w
eW28vof72aW5mtaq74KBlcIfOvdC2sylKxAVIpVGV8SICz928CA16oad9nvnqSTZ
PLvDwwkQyQL2UoafxovxSHFCH2FdTDPScjfmd+M68TpVZWOpWQFnW5PDIF8ipNla
nZvWvv8826LY08YNgAUDHtXEGQWUeqB22uel1QEkFWqoVADqmGW7VANvEbuORhMG
yCbQ66wUbOmaSiAMUX965eXNBPOg7ZWoHEvAxtid94eJK8g9cXKPwKg+ggUx4CYu
Dexga2P8jYIdZfK8mfFoLuz+A5buCm/nwpEnORPIhoO9NzvGzfUeSy+BJZeM0Ol4
5eN4NuHzhSiSi6PdIf5oTOS3+lxCQe53OULsRfSZ87jF/bGTMFIR58fLCgte2JYC
6Z7C09L07+BP/c2yRrI5qiRdYf3xgjsQdQqYgYQCuIu3a/gcvGpneJH/hSTiS/Or
G5suQ56fjkh6BnPcQ/KRCtsHeR0RaZe66UR+ilI3DRSzBG5BM/+cHI2ZvETu5dsX
JsPfmvRqcZ5h/GkJ69Sw9h/6DMYvNfZ/7ABwWgS80vX879JCC/G1epjTsI584PXy
0HcWXe1ZbTECpgZE2D7dnd9yYTFlYJIdCAhdUK3MfML+rLwL6voY5Wi0+OmiAGhP
9u4jrJpY9lSnD8okZXPyeqX4zDH2F+o5NQ+6lL7rCviaLbBSsAHj255yS/FYH+Wl
4MV6uprLf1VW97Lk8KU9/uEJfBsKLls7i0zHQJcWHmiyciX7R62KTyKwzyuHdC/Y
SGy9KEUesA8281oBeIQEPQSGmJJrn90BoDu/Y8zeNOkPma0wRtSUhg8ybncHlHU9
T8cvY+ZYeHMqOUMzji4FvALqtVSzrxwmRkPhHN9CCJyY4zS2PtuyzKLUKNiL1JF/
qk5oxoaoEcC6y/eb9Z5WwjNUguvAFjzulzqZ28g47hWQ2o7blkGWv6q1EHY5H8LC
kBGvrZpXRmysDJnQs17DZi9/AxT9REtPsHSy8zXxk3b5SBBlziiPbta9UQVdas1g
u4VMXRioJ1AOoSTx9VeOKyp+3AVf8Fbrt189+ea8Hvdx74YTn97O5LFYxyYom5Yd
eKMH/s62EM+YTE0Px/7MEkXS5ShHGymp3OnmWJ5WA3Go/iBT9SWnPPVExeskhCCd
PXpHe50srF4NQXISqPWHrGdwil/TDaNbgHv9vloOqpziKAQID92C7I1beeNJ15QC
e64=
-----END ENCRYPTED PRIVATE KEY-----
</key>
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-serve
ns-cert-type server
# If a tls-auth key is used on the server
# then every client must also have the key.
#
# Don't forget to set the 'key-direction' Parameter if using
# Inline Key. Usualy , sever has key direction '0', while client
# has ke direction '1'.
#
key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
ff2b7b56af351769ba703f874d389327
2e8fed8405df740d51d58eff3eb25af3
d6de19376333a9b05aa72f8b90124bbf
5ea3085029070d28952a1fe9baa392fc
4865bd5dbc58a4ccfc373d2ce772a217
17f099df7d2354e404ae7690cbc50002
151667c2af583705bd3896327917327a
a8b2c9073e58b7deabb3ad04336170b9
6fcce57b50827b0f393b7d1f0a7f6299
d15140e46f6108983234eb53b0a6d56c
6ce3815bc7f5ec9f52bc7eb680562b4f
1241f1378b774491ca817b56f1d5ba09
c25e8a4dff3610c60e4f9f3c306c15af
8a70829075343f2ab24d61560804c78a
dda39ceb12e11a0079b59dcb607166e5
567cbf1dc83c2f32f8ce1cb4576c12df
-----END OpenVPN Static key V1-----
</tls-auth>
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
comp-lzo
# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 1
# Setting 'pull' on the client takes care to get the 'push' durectives
# from the server
pull

185
OPP/openvpn/client-configs/marcus.conf Normal file
View File

@ -0,0 +1,185 @@
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote gw-opp.oopen.de 1194
topology subnet
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Try to preserve some state across restarts.
persist-key
persist-tun
# Server CA
<ca>
-----BEGIN CERTIFICATE-----
MIIDljCCAv+gAwIBAgIJANdEFItVo9+IMA0GCSqGSIb3DQEBBQUAMIGPMQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczETMBEGA1UEAxMK
T1BQLVZwbi1jYTEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwHhcNMDgw
NTE5MTMxNDA1WhcNMTgwNTE3MTMxNDA1WjCBjzELMAkGA1UEBhMCREUxDzANBgNV
BAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAX
BgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4tY2ExHTAb
BgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GN
ADCBiQKBgQC1RgTR9sLzgKQW/1iSnMYgrl0OIc9KUxg4lwnA0WcMTPk5iQrX6guV
BAP6gTzf23qd1mwXqJDGIYaeA7D4KI3kKZdM6vCtKPZ+E2d4j8Kt5JzWAdy2fXVg
75PCqY2KWfkAh8EGlxmGeSQCuDGqVeiL+ekbp0hx7M57Gst5yxN44wIDAQABo4H3
MIH0MB0GA1UdDgQWBBThTcNr9HyBexayzG0kbMrdm5NT4zCBxAYDVR0jBIG8MIG5
gBThTcNr9HyBexayzG0kbMrdm5NT46GBlaSBkjCBjzELMAkGA1UEBhMCREUxDzAN
BgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4x
GTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4tY2Ex
HTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlggkA10QUi1Wj34gwDAYDVR0T
BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBgKYEcUleLw/trPJbbeI/s0ZKRGVki
nk7jY7+k8qa88FqrTP3V7pgGnWunINBgTBxM1dH/H4p8DXiIGWJrY7KCddIJSA5J
JiX7UJBXFQDXflP+MhqIdHfGjd37djMqUD2//WLAKuahxNSuf4L9FfoeNGghlYKX
Y/hjEv3y78V8QA==
-----END CERTIFICATE-----
</ca>
# Client Certificate
<cert>
-----BEGIN CERTIFICATE-----
MIIDrjCCAxegAwIBAgIBGDANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTEyMTIyMzAyMjEx
OFoXDTIyMTIyMTAyMjExOFowgYIxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
aW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEX
MBUGA1UEAxMOT1BQLVZwbi1tYXJjdXMxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9v
cGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCYjd4rAReGsVYhl9Q+
9JpnXLI9kXTqvpPPijklpsXggo/u+F1lWiC8Ti07xl7vAAhag3ha/FTqjWGDYa2X
l/LPYS3AzeFr76rdJe3PToxLAFZrmgCXOGZBCXhjHMpBX9XG7KVno9ccmXhRxBk0
QqYH3wPM5nt5jSf+eQXsNLjuaQIDAQABo4IBIzCCAR8wCQYDVR0TBAIwADAsBglg
hkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0O
BBYEFMF+61oxtK9x4AUQlfqRWUOVSflyMIHEBgNVHSMEgbwwgbmAFOFNw2v0fIF7
FrLMbSRsyt2bk1PjoYGVpIGSMIGPMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVy
bGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQ
bmV0d29yayBzZXJ2aWNlczETMBEGA1UEAxMKT1BQLVZwbi1jYTEdMBsGCSqGSIb3
DQEJARYOYXJndXNAb29wZW4uZGWCCQDXRBSLVaPfiDANBgkqhkiG9w0BAQQFAAOB
gQChe4cGuoK3Y9dyUPct+jhLKAUGeSDqIgwgSLah4vpd6SNKPFMklapbAENAi8d2
u0C7ZCY9sY+17f7NCqSvzs5crPxGgXhLxFDg+uWfBDHYbnqnMvGJ5N7KUye1gF7F
ypHHq6STIdjGaqx2ZunhqlM7tX4jmtyrzpkaVdrtuv79LA==
-----END CERTIFICATE-----
</cert>
# Client Key
<key>
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,17B9907A94C0924E
krHc1xE84ce/mYSlw95UdKuic+wC1J1cAIMq170+Lez43232Qy9/evNW8lVl7BXS
9fs9ayCX8Xdr5lyCOxWukZQ6Lk2tySBCkdTFnhDQgUXjwx9tNqLmMkajF/GrGyJ0
Tn+LQG5r6Z05ogE+4naWH12iE9OMqGNNIebbNbmTc1jYMUtKgWIuQkpe+9DMWBN+
PhKHM7BA420Z9E74KmkhmAJYdHgSle7U7Ca27IY/u9gXUoa+MxLsET+KTY665NJq
KP8+H9Hsw3zVQmu2XR9s/UfayOFYcMJBEATI9K7dBDB3zTblcYHmFfXSxpAW7AZz
bbFHmpitgkzC657Xw6d/TRktYGQbNbi6Zwsc2dcQuyHtpiF443fN77m5N4g/7IgQ
MghSlTImS+K9r357UQN43cXRIpgEoKk+22H/fLGtxVDlkYmx9MNzXnmGNooJFIkS
FcV164sSr3FOSZ6oQANsRNIJtHy79gUyh0fgPzng7kKrNwsQCVsTzsdglZEXDCLt
BbKpiAB8JcB/EHHR/vx0xj0LJPWskVj8v07GKwQCvW8mD0oKnm9OuDAzXUvR/bj+
mv0yYA2ZRvJeC7ZFYIanzmmMH5EuoKLsFzvp+79+beKDD24x8xbQVjxi5cmfzH6s
pfXY6suLB4wtzVbj+TzMPuP+W12V5oShO2Q0ifUuBMkgUNEyem593l72yy1CERcf
O9gR8hUpP0yHCFRhds00EkllKDvb9FixL8EWO9JGVLZhLuYead5yOcop0tdT2aXT
v8kWDFBcGdNg9u7HgjapeTKjBnI1bYNsC5knB1TugR41PcJUN5qCRw==
-----END RSA PRIVATE KEY-----
</key>
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-serve
ns-cert-type server
# If a tls-auth key is used on the server
# then every client must also have the key.
#
# Don't forget to set the 'key-direction' Parameter if using
# Inline Key. Usualy , sever has key direction '0', while client
# has ke direction '1'.
#
key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
ff2b7b56af351769ba703f874d389327
2e8fed8405df740d51d58eff3eb25af3
d6de19376333a9b05aa72f8b90124bbf
5ea3085029070d28952a1fe9baa392fc
4865bd5dbc58a4ccfc373d2ce772a217
17f099df7d2354e404ae7690cbc50002
151667c2af583705bd3896327917327a
a8b2c9073e58b7deabb3ad04336170b9
6fcce57b50827b0f393b7d1f0a7f6299
d15140e46f6108983234eb53b0a6d56c
6ce3815bc7f5ec9f52bc7eb680562b4f
1241f1378b774491ca817b56f1d5ba09
c25e8a4dff3610c60e4f9f3c306c15af
8a70829075343f2ab24d61560804c78a
dda39ceb12e11a0079b59dcb607166e5
567cbf1dc83c2f32f8ce1cb4576c12df
-----END OpenVPN Static key V1-----
</tls-auth>
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
comp-lzo
# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 1
# Setting 'pull' on the client takes care to get the 'push' durectives
# from the server
pull

202
OPP/openvpn/client-configs/oezge.conf Normal file
View File

@ -0,0 +1,202 @@
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote gw-opp.oopen.de 1195
topology subnet
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Try to preserve some state across restarts.
persist-key
persist-tun
# Server CA
<ca>
-----BEGIN CERTIFICATE-----
MIIDljCCAv+gAwIBAgIJANdEFItVo9+IMA0GCSqGSIb3DQEBBQUAMIGPMQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczETMBEGA1UEAxMK
T1BQLVZwbi1jYTEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwHhcNMDgw
NTE5MTMxNDA1WhcNMTgwNTE3MTMxNDA1WjCBjzELMAkGA1UEBhMCREUxDzANBgNV
BAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAX
BgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4tY2ExHTAb
BgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GN
ADCBiQKBgQC1RgTR9sLzgKQW/1iSnMYgrl0OIc9KUxg4lwnA0WcMTPk5iQrX6guV
BAP6gTzf23qd1mwXqJDGIYaeA7D4KI3kKZdM6vCtKPZ+E2d4j8Kt5JzWAdy2fXVg
75PCqY2KWfkAh8EGlxmGeSQCuDGqVeiL+ekbp0hx7M57Gst5yxN44wIDAQABo4H3
MIH0MB0GA1UdDgQWBBThTcNr9HyBexayzG0kbMrdm5NT4zCBxAYDVR0jBIG8MIG5
gBThTcNr9HyBexayzG0kbMrdm5NT46GBlaSBkjCBjzELMAkGA1UEBhMCREUxDzAN
BgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4x
GTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4tY2Ex
HTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlggkA10QUi1Wj34gwDAYDVR0T
BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBgKYEcUleLw/trPJbbeI/s0ZKRGVki
nk7jY7+k8qa88FqrTP3V7pgGnWunINBgTBxM1dH/H4p8DXiIGWJrY7KCddIJSA5J
JiX7UJBXFQDXflP+MhqIdHfGjd37djMqUD2//WLAKuahxNSuf4L9FfoeNGghlYKX
Y/hjEv3y78V8QA==
-----END CERTIFICATE-----
</ca>
# Client Certificate
<cert>
-----BEGIN CERTIFICATE-----
MIIEiTCCA/KgAwIBAgIBKzANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTE4MDExNTE0NDE1
NVoXDTM4MDExNTE0NDE1NVowgaQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
ZXR3b3JrIHNlcnZpY2VzMRYwFAYDVQQDEw1PUFAtVnBuLW9lemdlMRAwDgYDVQQp
EwdPUFAtVnBuMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBALmEvhRYDUvByjUngr8Nn/VcioUI+cFV
C9ihDBHOMCDdNQGYi5jZkSmMboF/KJRg5UeZNz0ZjxTZfunYvxZPjdGuPUbOtcs2
t7xwsi1Isuckdnt/a099uhGx34S4yWOIPY/stw7zs+fVZfnmsIH6I/uWXvL5kvdz
abAqdsp9j74QYrDC1n/ApdakD3xHnL4X7FD6VgAsC+Yx0gHGaZ8ad8sFTn9+LryI
dumPyEMamzSn39SeUk74dxC15R3Z8Y091U5xCkrjwaQtDVBfbanLYPhHZpC4oG6N
jus/iOvS+QZtBa6g+nsE71GxOh5eXz++Tekcxqpr5AVjLYytJ5+uQ20CAwEAAaOC
AVgwggFUMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVy
YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUAi7CtRdjoxft1/BxZ7ukuHolxygw
gcQGA1UdIwSBvDCBuYAU4U3Da/R8gXsWssxtJGzK3ZuTU+OhgZWkgZIwgY8xCzAJ
BgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0G
A1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRMwEQYDVQQD
EwpPUFAtVnBuLWNhMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZYIJANdE
FItVo9+IMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAQBgNVHREE
CTAHggVvZXpnZTANBgkqhkiG9w0BAQsFAAOBgQCqbhrn5H8GWGbn6+V7GLK1Ti0I
TMmqU7xaO7lbTquxFUzMQ/uCtIHbIkH7fYD5ZGiH4PTSjrGmLcQhHFirRche/+EA
XJVrbVCGdJjbwypI94H0+uv5tijsC+bWSmzfdLYcWYAtVTL0bbakCYWq/dqe4FsB
6hJRbeRHBqcNKVSJDA==
-----END CERTIFICATE-----
</cert>
# Client Key
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQInZcrDe1GppMCAggA
MBQGCCqGSIb3DQMHBAjoFMe8YudLQgSCBMja856e0ws511Wcto3qmJ3FNYtvYaty
TFHOaVjXcDqbEyLOv5PztBV+P3kWE8LukwBnlrtcmxuEbsL2yZYmuKOeifZY+87N
JLyqa6v/3HbmELSn1Zqf8xlgjjr6mmcyJDnORVN8j4lqK0NR2KAAG+2XDXV62EyV
Umk5TD5LKzsSVvrUJzH0Ve2d/WklNJXJGqB021mJ5f1k1nRxcKW87eqSPMnEy6h/
6m8moFa8YuFgljw0bnhRo4nP0rL2uIVtQhYXVc2pMc+Jg5TmUI6fyOR2j+FWcvgq
R1SaHkNaV3Y+1Bb+ujvx5tlnVtiIrSXt7fKUa3NX/3ayAt6PSsWAWbM3hF1oRTsX
yu7+s/S3sOk1cwOJOYEZMMSb4BOTBnR89dAFQYZl2XmClM1oJW1/01QL8Z3KANf4
vETbDD03CbGiU7FsKxVjAGUpaI9dvbHNY9L+G2crH4fl+Vqx0Y9XN4Ql7N4xT1LR
PMTAmkE7msA5QIRpVnqIq1QPa8nR7lSeMQR4yYjMcAEdVykHFJzAifJ/QI9vwzpJ
5ndp4vvGmHmx0nRCRcwWWLdEdlkL6nfAddW/zrBtVOXX6QzH6G3ab1D8EhrzMe1c
UJ0dswBz1/nWl/eOdznkddGgu97SQun2wrsvFrkvpaZSSlLMrP+BhoBcWp7wHfWO
z3cyzbsga9lxT275lYeN3aEL29y/riQ/fgNqi7P3S8CtFo3oG3CICAeLZIzJiHlE
IoK7tpeGaUgwh6zA3X5p51I8u3WEcq9H8jUhmujSoKkD5RLGSPsh8ZL3S20b8lLW
CVUBh0Z21jWpCsqA6gPuYcBtIg5NYGvinOvvIpSwEOXYOiTM9cfiQWwqJjBaA1gr
GAtJwel9lg44D2V8owCKKrvtTS8TYsD+6pKZMWQnhNSQvQg/3pKWlCklQpKKLFsz
yM3Ga4hCMT3y5XIzIo+Rosd/4m77E02NMO8o/ijCuELUNjQEBFEvESRU4N9DfEqh
nSPEjh9ADJZzAg5wbEIWSvBBZNlqrir6R6s5ncU8tYNsnrpbUyOnY5QMkyBjfxZQ
GnQLpy1SmShTpDvqglJjS34HPIJPNCsOd2vjxrMHmgMovjC+8uXIijKbHRTSYENy
MXJOW2S2ThEZeIHdTxS0NZkeuyxENSeqS7sXtq2nWPMXn4U8bTiVC0EHX3Qz7Afo
1dzNc76vplz+SrVC+ukKnFA6JkHotxro5jUelzcWw9AV3y+Yv9PnRDCuvcQOmoLS
rha8PvaEElZ+pUyueUzzTsLaBTO+eMIy4XagEPrYX89YDzHyVG0aHj5eTAofl5gb
6tKKBmMiTP5mwSpxInU4BxF2BHr/9FTfBwDFTpvagGE9EA7q7CGMjlpQcSGIcIPN
Mc8a/8O8jhP3DPcKzwBdw2XphM8ffuplX+wZEmxJwVlDBWiW9iODgnC3XeLAmyAp
BOurcNIk5yI9Lyh31cTN/krn49L9JMVpqpHihN0PhUe+iHlYit3JvzBiNFT6xVco
S+JWNZeKmc5t6Kx/piuGHvb5iXeCROjW9vDyTIRaqEudb6Mrhu4ZMp+2x0ZtER9g
m9NpKZrJMz2CUgfs9WXyU5bK56OeFs2NSMnXFsXA3LT/27CeT5q6LBZYcmxfowiV
Bf0=
-----END ENCRYPTED PRIVATE KEY-----
</key>
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-serve
ns-cert-type server
# If a tls-auth key is used on the server
# then every client must also have the key.
#
# Don't forget to set the 'key-direction' Parameter if using
# Inline Key. Usualy , sever has key direction '0', while client
# has ke direction '1'.
#
key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
ff2b7b56af351769ba703f874d389327
2e8fed8405df740d51d58eff3eb25af3
d6de19376333a9b05aa72f8b90124bbf
5ea3085029070d28952a1fe9baa392fc
4865bd5dbc58a4ccfc373d2ce772a217
17f099df7d2354e404ae7690cbc50002
151667c2af583705bd3896327917327a
a8b2c9073e58b7deabb3ad04336170b9
6fcce57b50827b0f393b7d1f0a7f6299
d15140e46f6108983234eb53b0a6d56c
6ce3815bc7f5ec9f52bc7eb680562b4f
1241f1378b774491ca817b56f1d5ba09
c25e8a4dff3610c60e4f9f3c306c15af
8a70829075343f2ab24d61560804c78a
dda39ceb12e11a0079b59dcb607166e5
567cbf1dc83c2f32f8ce1cb4576c12df
-----END OpenVPN Static key V1-----
</tls-auth>
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
comp-lzo
# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 1
# Setting 'pull' on the client takes care to get the 'push' durectives
# from the server
pull

214
OPP/openvpn/client-configs/tine.conf Normal file
View File

@ -0,0 +1,214 @@
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote gw-opp.oopen.de 1194
topology subnet
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Try to preserve some state across restarts.
persist-key
persist-tun
# Server CA
<ca>
-----BEGIN CERTIFICATE-----
MIIDljCCAv+gAwIBAgIJANdEFItVo9+IMA0GCSqGSIb3DQEBBQUAMIGPMQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczETMBEGA1UEAxMK
T1BQLVZwbi1jYTEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwHhcNMDgw
NTE5MTMxNDA1WhcNMTgwNTE3MTMxNDA1WjCBjzELMAkGA1UEBhMCREUxDzANBgNV
BAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAX
BgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4tY2ExHTAb
BgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GN
ADCBiQKBgQC1RgTR9sLzgKQW/1iSnMYgrl0OIc9KUxg4lwnA0WcMTPk5iQrX6guV
BAP6gTzf23qd1mwXqJDGIYaeA7D4KI3kKZdM6vCtKPZ+E2d4j8Kt5JzWAdy2fXVg
75PCqY2KWfkAh8EGlxmGeSQCuDGqVeiL+ekbp0hx7M57Gst5yxN44wIDAQABo4H3
MIH0MB0GA1UdDgQWBBThTcNr9HyBexayzG0kbMrdm5NT4zCBxAYDVR0jBIG8MIG5
gBThTcNr9HyBexayzG0kbMrdm5NT46GBlaSBkjCBjzELMAkGA1UEBhMCREUxDzAN
BgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4x
GTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4tY2Ex
HTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlggkA10QUi1Wj34gwDAYDVR0T
BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBgKYEcUleLw/trPJbbeI/s0ZKRGVki
nk7jY7+k8qa88FqrTP3V7pgGnWunINBgTBxM1dH/H4p8DXiIGWJrY7KCddIJSA5J
JiX7UJBXFQDXflP+MhqIdHfGjd37djMqUD2//WLAKuahxNSuf4L9FfoeNGghlYKX
Y/hjEv3y78V8QA==
-----END CERTIFICATE-----
</ca>
# Client Certificate
<cert>
-----BEGIN CERTIFICATE-----
MIIEhzCCA/CgAwIBAgIBLTANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTE4MDMyODExMTYy
MFoXDTM4MDMyODExMTYyMFowgaMxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
ZXR3b3JrIHNlcnZpY2VzMRUwEwYDVQQDEwxPUFAtVnBuLXRpbmUxEDAOBgNVBCkT
B09QUC1WcG4xHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA50omlH/EGN/wsMPXSLcKnjcGPkfYDW0b
VJz7gECICBxbXPVRbdtoxKTjv8agwtdjQAWnz/QQdwkxkkFedQfZTmyoosefS9BH
CYgQ8Qi2Ecsn82tsv+UqsGG9JAToOAxBQ3pRh5miMP7W3ZXtn/czkZLFktQcaEg/
nsg1nyruueJKVTfDKz4EeC3NfEAFAC4pkoWMJWABCXxSfSinPiItxrQVaRTPFBz/
gZc7+Se2xmp8KYZm0oZs10Fo4Gij10HsJXKFi1+xONo5pDWTWPRupLLwkWVqAe/U
+198AT9CbMkXEyRVKh3IvEMpYInAfsibhR1+i6RD+6QUCmH6daly7wIDAQABo4IB
VzCCAVMwCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2VuZXJh
dGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBSYxQH+ro6ZoC5i6w6LN3taxROr+DCB
xAYDVR0jBIG8MIG5gBThTcNr9HyBexayzG0kbMrdm5NT46GBlaSBkjCBjzELMAkG
A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
VQQKEwZvLm9wZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMT
Ck9QUC1WcG4tY2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlggkA10QU
i1Wj34gwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMA8GA1UdEQQI
MAaCBHRpbmUwDQYJKoZIhvcNAQELBQADgYEAibRKSFGTe5RySYDZ2js5DfR8vSLa
itT3m6c+/cAMXw3gbsFWkS7sWDnbIITTjtGKbCOBqvzFSWAjXN7RPStYWZ2Vgnbj
EFYYsqwRnUZ2oQAkaqb4EWOK388QzcHalJEje59sqL50HbuivjCsvooWxDgf86A1
adoBSkjcWSDYTII=
-----END CERTIFICATE-----
</cert>
# Client Key
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIF/vrJSsqA4MCAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECBEetYsU2fdyBIIEyB5TzrKMZaI/
+apP3cyZt/GY3fTquGzdfxuZtc4PiFVEsbPrFAen+TZPPw9RITvOTJOJBBwGWgYN
QtKmGSw5ns4/xM44pVS3jI2CkP5XxNiFTQYwQ+9xiSUjsxzKLn2EbsBhuLVB+8oE
3MAomBNdLBVaiL1Pb5sKG5IfTprKnPCg6B0/CL5i6woH0cTw9usSuY1p2m8fMsKn
00mP71V/RP0WzLkbdhUI5pYNe1OLlo6IEp32L1Df4iILbdqMhIhOfZgG9ODGa0rP
2yPOaU8YHYdTvXwtr9Tdcu4Gh3aKppz1v5UA4McbAbs2TG5org7vLqg8BKx/ne0t
+9K3oRZEA7dIwIOnmO/jowrMngQsldKUSS7GktObSn4pu5E3ElPjdRzJAZvbM5qe
aKv0zAt2L7zEATPJ4p5bOhAHseYTm2Nf9rzYV3zppQHKPXllrmli0IWoaUIWvdYD
0DMWg+OBevcF7azfE+AhbvVQ2WMmtqrgvN31MtenwaBrWh2U6FP+ctCe/026EqAO
2hj5wqgOWA7n09+IswTRM6ApNFI/2bNqWIDXlAjhH8PVDa6UMxTf/2t9zmfP4fT1
f0i2fNMetLAznhX3N5BawXLHXvFC1C7Lf4vuptJS/oHQevocq7Ke03XEjIB00KAR
XI5G22x+FIoPMWgY65AWsLT4UgttWODdUc6h37pKthBaZR3wqhKNN5XhJut6kbRG
X8o1YdunTRvNp77wAA0aaRbeLGS4B7gTZ7EBIZ8OTDn0onYB7Ra/pJFkEizgnbQn
qKwZadSBBUN7KSdMDQepU8zwnQ5S9uLmlY/YF0a9M+mhyqt270kxGhi5Z0EoNaOz
NG/20/FZshZ07CzzGhWNCotVrQCsSpT7QSYbVlC4w/VPDUiAdZDS66sQ65lNKL6A
+2ILYcBaB2Z2lZ1pf0h07csMa+XHhoAZvzOw2iHmXl0rJkDmZSpqe6tWAQagbRS9
Gz77j8UimJpf1WxOpvCHUEqv6baTQE/NhN7iuz4ZSmN4n/yjXyeAlYZNB1oxuKtv
LQUG7fMel7hwT5Mzkw16v8VD4q/ZVytPho8+VqvAthCxkEJKoJui0SHk4KzqBsaQ
jFf2eaR4lPDkywd01weBb14kcqXxEDnZ4heeqRcytZPrw2BlHdhcDF7bDYlISxNH
b+dACg43JmQCVYpDDBOKafB5lSTHKV1zDHmChqq+MCEUyW1gGkNK/DOcbMToQ9lQ
4WjxvPCWwIcOwrGtgYfakkfIsK+CbFdR1kQ1uUBzpSpRUzwMdndC3+cZ6YoMvl1o
ICu0oF7af23JYo0iiCcTpVmuU2tKm2psRcjjUiVabLDRVj4Uk6sw8v0HyznHDwWC
Y8pHgeQhQx5SSpy2p/w7gbxHKxlrwpwfxZNvRDmx9SMZgbUlM/MNjx171ORaDr+V
eGDUKsqE5p7pYkWrSWp4oK1wX8dA4qzm2bu6tNpANYdJghxrsgGMeO03AX1kQOSr
uwv5e/PX4COqN2Tk+9B7k0i8FWUf0DuRlLfVuUZ23Cj2b7APhBFS/OH09IN9U7w5
lvMTHgLRr3u41KKfDwFOS9srKqvL3ZVAxa/nuGoVNGBhY/GXMoxXL2KF8GLBTMsO
S3Z9EBDJyV3qcr98xfQdbw==
-----END ENCRYPTED PRIVATE KEY-----
</key>
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-server
# script in the easy-rsa folder will do this.
#
# Note!
# The option "ns-cert-type" has been deprecated since
# version 2.4 and will be removed from later distributions.
#
# Use the modern equivalent "remote-cert-tls"
#
;ns-cert-type server
remote-cert-tls server
# If a tls-auth key is used on the server
# then every client must also have the key.
#
# Don't forget to set the 'key-direction' Parameter if using
# Inline Key. Usualy , sever has key direction '0', while client
# has ke direction '1'.
#
key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
ff2b7b56af351769ba703f874d389327
2e8fed8405df740d51d58eff3eb25af3
d6de19376333a9b05aa72f8b90124bbf
5ea3085029070d28952a1fe9baa392fc
4865bd5dbc58a4ccfc373d2ce772a217
17f099df7d2354e404ae7690cbc50002
151667c2af583705bd3896327917327a
a8b2c9073e58b7deabb3ad04336170b9
6fcce57b50827b0f393b7d1f0a7f6299
d15140e46f6108983234eb53b0a6d56c
6ce3815bc7f5ec9f52bc7eb680562b4f
1241f1378b774491ca817b56f1d5ba09
c25e8a4dff3610c60e4f9f3c306c15af
8a70829075343f2ab24d61560804c78a
dda39ceb12e11a0079b59dcb607166e5
567cbf1dc83c2f32f8ce1cb4576c12df
-----END OpenVPN Static key V1-----
</tls-auth>
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
comp-lzo
# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 1
# Setting 'pull' on the client takes care to get the 'push' durectives
# from the server
pull

1
OPP/openvpn/crl.pem Symbolic link
View File

@ -0,0 +1 @@
keys/crl.pem

1
OPP/openvpn/easy-rsa/build-ca Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-ca

1
OPP/openvpn/easy-rsa/build-dh Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-dh

1
OPP/openvpn/easy-rsa/build-inter Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-inter

1
OPP/openvpn/easy-rsa/build-key Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-key

1
OPP/openvpn/easy-rsa/build-key-pass Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-key-pass

1
OPP/openvpn/easy-rsa/build-key-pkcs12 Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-key-pkcs12

1
OPP/openvpn/easy-rsa/build-key-server Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-key-server

1
OPP/openvpn/easy-rsa/build-req Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-req

1
OPP/openvpn/easy-rsa/build-req-pass Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-req-pass

1
OPP/openvpn/easy-rsa/clean-all Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/clean-all

1
OPP/openvpn/easy-rsa/inherit-inter Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/inherit-inter

1
OPP/openvpn/easy-rsa/list-crl Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/list-crl

268
OPP/openvpn/easy-rsa/openssl-0.9.6.cnf Normal file
View File

@ -0,0 +1,268 @@
# For use with easy-rsa version 2.0
#
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = $ENV::KEY_DIR # Where everything is kept
certs = $dir # Where the issued certs are kept
crl_dir = $dir # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir # default place for new certs.
certificate = $dir/ca.crt # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/ca.key # The private key
RANDFILE = $dir/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 3650 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = sha256 # which md to use.
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
####################################################################
[ req ]
default_bits = $ENV::KEY_SIZE
default_keyfile = privkey.pem
default_md = sha256
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString.
# utf8only: only UTF8Strings.
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
# so use this option with caution!
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = $ENV::KEY_COUNTRY
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = $ENV::KEY_PROVINCE
localityName = Locality Name (eg, city)
localityName_default = $ENV::KEY_CITY
0.organizationName = Organization Name (eg, company)
0.organizationName_default = $ENV::KEY_ORG
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
emailAddress = Email Address
emailAddress_default = $ENV::KEY_EMAIL
emailAddress_max = 40
# JY -- added for batch mode
organizationalUnitName_default = $ENV::KEY_OU
commonName_default = $ENV::KEY_CN
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "Easy-RSA Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=clientAuth
keyUsage = digitalSignature
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
subjectAltName=$ENV::KEY_ALTNAMES
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ server ]
# JY ADDED -- Make a cert with nsCertType set to "server"
basicConstraints=CA:FALSE
nsCertType = server
nsComment = "Easy-RSA Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=serverAuth
keyUsage = digitalSignature, keyEncipherment
subjectAltName=$ENV::KEY_ALTNAMES
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always

293
OPP/openvpn/easy-rsa/openssl-0.9.8.cnf Normal file
View File

@ -0,0 +1,293 @@
# For use with easy-rsa version 2.0
#
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
openssl_conf = openssl_init
[ openssl_init ]
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
engines = engine_section
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = $ENV::KEY_DIR # Where everything is kept
certs = $dir # Where the issued certs are kept
crl_dir = $dir # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir # default place for new certs.
certificate = $dir/ca.crt # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/ca.key # The private key
RANDFILE = $dir/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 3650 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = sha256 # which md to use.
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
####################################################################
[ req ]
default_bits = $ENV::KEY_SIZE
default_keyfile = privkey.pem
default_md = sha256
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString.
# utf8only: only UTF8Strings.
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
# so use this option with caution!
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = $ENV::KEY_COUNTRY
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = $ENV::KEY_PROVINCE
localityName = Locality Name (eg, city)
localityName_default = $ENV::KEY_CITY
0.organizationName = Organization Name (eg, company)
0.organizationName_default = $ENV::KEY_ORG
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
name = Name
name_max = 64
emailAddress = Email Address
emailAddress_default = $ENV::KEY_EMAIL
emailAddress_max = 40
# JY -- added for batch mode
organizationalUnitName_default = $ENV::KEY_OU
commonName_default = $ENV::KEY_CN
name_default = $ENV::KEY_NAME
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "Easy-RSA Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=clientAuth
keyUsage = digitalSignature
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
subjectAltName=$ENV::KEY_ALTNAMES
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ server ]
# JY ADDED -- Make a cert with nsCertType set to "server"
basicConstraints=CA:FALSE
nsCertType = server
nsComment = "Easy-RSA Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=serverAuth
keyUsage = digitalSignature, keyEncipherment
subjectAltName=$ENV::KEY_ALTNAMES
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always
[ engine_section ]
#
# If you are using PKCS#11
# Install engine_pkcs11 of opensc (www.opensc.org)
# And uncomment the following
# verify that dynamic_path points to the correct location
#
#pkcs11 = pkcs11_section
[ pkcs11_section ]
engine_id = pkcs11
dynamic_path = /usr/lib/engines/engine_pkcs11.so
MODULE_PATH = $ENV::PKCS11_MODULE_PATH
PIN = $ENV::PKCS11_PIN
init = 0

288
OPP/openvpn/easy-rsa/openssl-1.0.0.cnf Normal file
View File

@ -0,0 +1,288 @@
# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
openssl_conf = openssl_init
[ openssl_init ]
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
engines = engine_section
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = $ENV::KEY_DIR # Where everything is kept
certs = $dir # Where the issued certs are kept
crl_dir = $dir # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir # default place for new certs.
certificate = $dir/ca.crt # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/ca.key # The private key
RANDFILE = $dir/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 3650 # how long to certify for
default_crl_days= 3650 # how long before next CRL
default_md = sha256 # use public key default MD
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
####################################################################
[ req ]
default_bits = $ENV::KEY_SIZE
default_keyfile = privkey.pem
default_md = sha256
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString (PKIX recommendation after 2004).
# utf8only: only UTF8Strings (PKIX recommendation after 2004).
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = $ENV::KEY_COUNTRY
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = $ENV::KEY_PROVINCE
localityName = Locality Name (eg, city)
localityName_default = $ENV::KEY_CITY
0.organizationName = Organization Name (eg, company)
0.organizationName_default = $ENV::KEY_ORG
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
name = Name
name_max = 64
emailAddress = Email Address
emailAddress_default = $ENV::KEY_EMAIL
emailAddress_max = 40
# JY -- added for batch mode
organizationalUnitName_default = $ENV::KEY_OU
commonName_default = $ENV::KEY_CN
name_default = $ENV::KEY_NAME
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "Easy-RSA Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=clientAuth
keyUsage = digitalSignature
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
subjectAltName=$ENV::KEY_ALTNAMES
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ server ]
# JY ADDED -- Make a cert with nsCertType set to "server"
basicConstraints=CA:FALSE
nsCertType = server
nsComment = "Easy-RSA Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=serverAuth
keyUsage = digitalSignature, keyEncipherment
subjectAltName=$ENV::KEY_ALTNAMES
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always
[ engine_section ]
#
# If you are using PKCS#11
# Install engine_pkcs11 of opensc (www.opensc.org)
# And uncomment the following
# verify that dynamic_path points to the correct location
#
#pkcs11 = pkcs11_section
[ pkcs11_section ]
engine_id = pkcs11
dynamic_path = /usr/lib/engines/engine_pkcs11.so
MODULE_PATH = $ENV::PKCS11_MODULE_PATH
PIN = $ENV::PKCS11_PIN
init = 0

1
OPP/openvpn/easy-rsa/openssl.cnf Symbolic link
View File

@ -0,0 +1 @@
openssl-1.0.0.cnf

1
OPP/openvpn/easy-rsa/pkitool Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/pkitool

1
OPP/openvpn/easy-rsa/revoke-full Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/revoke-full

1
OPP/openvpn/easy-rsa/sign-req Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/sign-req

95
OPP/openvpn/easy-rsa/vars Normal file
View File

@ -0,0 +1,95 @@
# easy-rsa parameter settings
# NOTE: If you installed from an RPM,
# don't edit this file in place in
# /usr/share/openvpn/easy-rsa --
# instead, you should copy the whole
# easy-rsa directory to another location
# (such as /etc/openvpn) so that your
# edits will not be wiped out by a future
# OpenVPN package upgrade.
# This variable should point to
# the top level of the easy-rsa
# tree.
#export EASY_RSA="`pwd`"
BASE_DIR=/etc/openvpn
export EASY_RSA=${BASE_DIR}/easy-rsa
#
# This variable should point to
# the requested executables
#
export OPENSSL="openssl"
export PKCS11TOOL="pkcs11-tool"
export GREP="grep"
# This variable should point to
# the openssl.cnf file included
# with easy-rsa.
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
#export KEY_CONFIG="$EASY_RSA/openssl.cnf"
# Edit this variable to point to
# your soon-to-be-created key
# directory.
#
# WARNING: clean-all will do
# a rm -rf on this directory
# so make sure you define
# it correctly!
#export KEY_DIR="$EASY_RSA/keys"
export KEY_DIR="${BASE_DIR}/keys"
# Issue rm -rf warning
echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
# PKCS11 fixes
export PKCS11_MODULE_PATH="dummy"
export PKCS11_PIN="dummy"
# Increase this to 2048 if you
# are paranoid. This will slow
# down TLS negotiation performance
# as well as the one-time DH parms
# generation process.
export KEY_SIZE=2048
# In how many days should the root CA key expire?
#export CA_EXPIRE=3650
export CA_EXPIRE=10957
# In how many days should certificates expire?
#export KEY_EXPIRE=3650
export KEY_EXPIRE=7305
# These are the default values for fields
# which will be placed in the certificate.
# Don't leave any of these fields blank.
#export KEY_COUNTRY="US"
#export KEY_PROVINCE="CA"
#export KEY_CITY="SanFrancisco"
#export KEY_ORG="Fort-Funston"
#export KEY_EMAIL="me@myhost.mydomain"
#export KEY_OU="MyOrganizationalUnit"
export KEY_COUNTRY=DE
export KEY_PROVINCE=Berlin
export KEY_CITY=Berlin
export KEY_ORG="o.open"
export KEY_EMAIL="argus@oopen.de"
export KEY_OU="network services"
export KEY_ALTNAMES="VPN OPP"
# X509 Subject Field
export KEY_NAME="OPP-Vpn"
# PKCS11 Smart Card
# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
# export PKCS11_PIN=1234
# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
# export KEY_CN="CommonName"

1
OPP/openvpn/easy-rsa/whichopensslcnf Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/whichopensslcnf

20
OPP/openvpn/ipaddresses.txt Normal file
View File

@ -0,0 +1,20 @@
10.0.62.1 openvpn server
10.0.62.2 -- frei --
10.0.62.3 chris
10.0.62.4 rene
10.0.62.5 -- frei --
10.0.62.6 -- frei --
10.0.62.7 -- frei --
10.0.62.8 -- frei --
10.0.62.9 chris_win
10.0.62.10 -- reserviert --
10.0.62.11 gesa
10.0.62.12 johanna
10.0.62.13 melanie
10.0.62.14 dominique
10.0.62.15 judith
10.0.62.16 jonas
10.0.62.17 ulf
10.0.62.18 antje
10.0.62.19 tobias
10.0.62.20 anne

4
OPP/openvpn/ipp.txt Normal file
View File

@ -0,0 +1,4 @@
OPP-Vpn-ingmar,10.0.62.2
OPP-Vpn-jenny,10.0.62.3
OPP-Vpn-oezge,10.0.62.4
OPP-Vpn-cristina,10.0.62.5

24
OPP/openvpn/keys-created.txt Normal file
View File

@ -0,0 +1,24 @@
key...............: laptop-opp1.key
common name.......: OPP-Vpn-laptop-opp1
password..........: KhhT3CtjkCx4
key...............: laptop-opp3.key
common name.......: OPP-Vpn-laptop-opp3
password..........: ncW7fh44L97f
key...............: laptop-opp2.key
common name.......: OPP-Vpn-laptop-opp2
password..........: 7NXL9T4cq4Xb
key...............: oezge.key
common name.......: OPP-Vpn-oezge
password..........: VNm3LXg9RTrH
key...............: jenny.key
common name.......: OPP-Vpn-jenny
password..........: jXzRxb44RnhN
key...............: tine.key
common name.......: OPP-Vpn-tine
password..........: Lfj9fWMf9d%g

70
OPP/openvpn/keys/01.pem Normal file
View File

@ -0,0 +1,70 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
Validity
Not Before: May 19 13:17:18 2008 GMT
Not After : May 17 13:17:18 2018 GMT
Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-server/emailAddress=argus@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:dc:bc:9a:57:b7:b0:ab:5a:cf:38:2f:0b:2a:94:
29:d7:20:98:67:3c:fc:f7:1c:9f:fb:75:12:c3:0b:
87:ab:a8:e2:d8:07:67:2b:9a:4c:51:33:2a:4e:e7:
df:f6:be:32:98:15:62:42:d6:38:f1:fc:0f:34:87:
b4:c1:1a:67:e8:b8:2a:b8:fb:f7:ed:d0:a6:54:0a:
30:ea:ab:32:d1:52:01:d5:1d:f7:8d:2a:63:79:65:
ff:cc:40:ae:75:68:b8:32:2f:0a:57:4d:3c:71:35:
af:48:14:f0:b5:b5:73:5c:e7:e4:6e:6c:fc:7a:3e:
47:b6:8c:87:b0:28:55:1b:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Server
Netscape Comment:
OpenSSL Generated Server Certificate
X509v3 Subject Key Identifier:
02:6B:50:96:D0:73:B9:16:DC:FE:F0:90:50:EE:C2:00:68:2B:14:97
X509v3 Authority Key Identifier:
keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
serial:D7:44:14:8B:55:A3:DF:88
Signature Algorithm: md5WithRSAEncryption
1c:e9:c7:6b:54:79:2e:c7:d0:89:0c:c3:ba:54:67:d0:e5:4f:
a3:5f:af:3d:39:74:4b:af:25:25:e1:20:be:af:1f:5b:94:26:
b3:95:69:8e:1c:8f:cc:b0:ce:3a:52:07:e1:8c:24:5e:f8:df:
d5:db:83:12:85:04:16:05:84:9f:c5:c9:12:a6:0d:da:30:ee:
6d:bb:92:dd:b5:24:98:61:e1:ec:d0:db:cc:c4:7e:3e:da:91:
a2:73:67:b1:60:10:16:e7:e8:d2:1a:e2:b0:75:a3:43:fd:29:
a3:c9:34:5c:19:03:cf:0d:39:2e:9f:a3:9c:f5:1f:6c:14:bd:
3c:a1
-----BEGIN CERTIFICATE-----
MIIDyDCCAzGgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTA4MDUxOTEzMTcx
OFoXDTE4MDUxNzEzMTcxOFowgYIxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
aW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEX
MBUGA1UEAxMOT1BQLVZwbi1zZXJ2ZXIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9v
cGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDcvJpXt7CrWs84Lwsq
lCnXIJhnPPz3HJ/7dRLDC4erqOLYB2crmkxRMypO59/2vjKYFWJC1jjx/A80h7TB
GmfouCq4+/ft0KZUCjDqqzLRUgHVHfeNKmN5Zf/MQK51aLgyLwpXTTxxNa9IFPC1
tXNc5+RubPx6Pke2jIewKFUbtQIDAQABo4IBPTCCATkwCQYDVR0TBAIwADARBglg
hkgBhvhCAQEEBAMCBkAwMwYJYIZIAYb4QgENBCYWJE9wZW5TU0wgR2VuZXJhdGVk
IFNlcnZlciBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUAmtQltBzuRbc/vCQUO7CAGgr
FJcwgcQGA1UdIwSBvDCBuYAU4U3Da/R8gXsWssxtJGzK3ZuTU+OhgZWkgZIwgY8x
CzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEP
MA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRMwEQYD
VQQDEwpPUFAtVnBuLWNhMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZYIJ
ANdEFItVo9+IMA0GCSqGSIb3DQEBBAUAA4GBABzpx2tUeS7H0IkMw7pUZ9DlT6Nf
rz05dEuvJSXhIL6vH1uUJrOVaY4cj8ywzjpSB+GMJF7439XbgxKFBBYFhJ/FyRKm
Ddow7m27kt21JJhh4ezQ28zEfj7akaJzZ7FgEBbn6NIa4rB1o0P9KaPJNFwZA88N
OS6fo5z1H2wUvTyh
-----END CERTIFICATE-----

67
OPP/openvpn/keys/02.pem Normal file
View File

@ -0,0 +1,67 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
Validity
Not Before: May 19 13:19:10 2008 GMT
Not After : May 17 13:19:10 2018 GMT
Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-chris/emailAddress=argus@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:a6:7c:7a:2e:0e:b0:df:ea:02:43:e9:8a:95:ec:
33:d2:a9:ba:28:6a:36:2f:66:d5:dc:d3:d4:b1:00:
33:18:3c:d1:a0:4d:cc:a5:c7:22:07:85:0f:3a:7d:
e0:20:2a:0d:17:4a:10:73:c6:2c:34:7e:ac:1f:8b:
1c:6e:31:1b:3b:f1:ee:f4:6a:31:e9:5a:3d:31:4f:
5b:ba:8e:b8:c7:a0:63:23:b3:7e:4a:c8:cf:3c:6e:
4f:35:74:96:88:94:36:6d:57:aa:9f:a0:71:6d:96:
2d:19:12:66:bc:eb:c5:79:92:0a:2f:2e:c0:37:92:
72:e0:6f:60:68:dd:7b:e1:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
34:12:B0:EE:3B:AB:8F:D7:D1:6C:EC:39:A6:8E:12:2A:EE:02:0D:0B
X509v3 Authority Key Identifier:
keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
serial:D7:44:14:8B:55:A3:DF:88
Signature Algorithm: md5WithRSAEncryption
06:48:c1:75:ac:13:02:30:6e:de:11:8f:8e:44:05:59:76:d8:
9c:23:57:e7:53:97:2a:c5:a1:8e:11:3c:c0:28:57:c8:7d:d9:
49:ab:87:ff:fe:72:eb:cc:57:33:d3:87:0a:c6:53:37:23:16:
51:4d:2a:b9:b9:53:69:04:99:f1:bd:9e:18:15:88:2b:ea:2a:
8d:7a:6a:3e:65:9c:5e:c7:fa:74:e5:b5:e1:5a:fd:76:30:f3:
5e:10:f9:12:a2:ac:30:2c:ac:97:f0:54:c3:9f:64:01:2c:0c:
47:6b:fc:b9:ac:72:e8:7d:64:fa:61:7a:3e:6b:64:84:71:9c:
21:41
-----BEGIN CERTIFICATE-----
MIIDrTCCAxagAwIBAgIBAjANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTA4MDUxOTEzMTkx
MFoXDTE4MDUxNzEzMTkxMFowgYExCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
aW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEW
MBQGA1UEAxMNT1BQLVZwbi1jaHJpczEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29w
ZW4uZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKZ8ei4OsN/qAkPpipXs
M9KpuihqNi9m1dzT1LEAMxg80aBNzKXHIgeFDzp94CAqDRdKEHPGLDR+rB+LHG4x
Gzvx7vRqMelaPTFPW7qOuMegYyOzfkrIzzxuTzV0loiUNm1Xqp+gcW2WLRkSZrzr
xXmSCi8uwDeScuBvYGjde+GfAgMBAAGjggEjMIIBHzAJBgNVHRMEAjAAMCwGCWCG
SAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E
FgQUNBKw7jurj9fRbOw5po4SKu4CDQswgcQGA1UdIwSBvDCBuYAU4U3Da/R8gXsW
ssxtJGzK3ZuTU+OhgZWkgZIwgY8xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
ZXR3b3JrIHNlcnZpY2VzMRMwEQYDVQQDEwpPUFAtVnBuLWNhMR0wGwYJKoZIhvcN
AQkBFg5hcmd1c0Bvb3Blbi5kZYIJANdEFItVo9+IMA0GCSqGSIb3DQEBBAUAA4GB
AAZIwXWsEwIwbt4Rj45EBVl22JwjV+dTlyrFoY4RPMAoV8h92Umrh//+cuvMVzPT
hwrGUzcjFlFNKrm5U2kEmfG9nhgViCvqKo16aj5lnF7H+nTlteFa/XYw814Q+RKi
rDAsrJfwVMOfZAEsDEdr/Lmscuh9ZPphej5rZIRxnCFB
-----END CERTIFICATE-----

67
OPP/openvpn/keys/03.pem Normal file
View File

@ -0,0 +1,67 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3 (0x3)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
Validity
Not Before: May 19 13:55:46 2008 GMT
Not After : May 17 13:55:46 2018 GMT
Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-jonas/emailAddress=argus@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:cb:9c:0c:a4:23:e7:df:db:2b:2e:2d:37:9d:61:
cb:27:8d:ed:9f:1c:e9:b9:2d:83:3f:2f:1a:2a:90:
e7:1c:8b:41:28:a0:2f:3a:c2:67:a9:5a:e8:0a:a5:
fc:3e:38:e8:fb:a6:5e:e4:14:3e:8e:70:ec:49:d6:
20:81:f5:96:69:8e:8f:82:c1:d2:d7:fa:4b:e8:be:
3c:20:05:41:f9:05:9f:8e:2f:38:a8:f7:d8:fe:1e:
65:3c:68:0c:b0:db:74:57:fe:35:3f:70:ac:f9:fd:
e0:9b:31:e5:32:18:ea:eb:87:06:d1:8d:03:fe:de:
ed:17:77:c1:e7:07:92:20:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
33:08:DF:6E:0D:57:08:50:3C:7F:87:8F:29:3E:1A:EF:64:69:30:CD
X509v3 Authority Key Identifier:
keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
serial:D7:44:14:8B:55:A3:DF:88
Signature Algorithm: md5WithRSAEncryption
1d:1b:07:ad:33:48:cf:b8:59:30:fb:5f:6f:ea:15:37:9f:12:
b6:03:30:2a:93:46:47:d4:42:2b:99:d2:a1:c8:ca:20:58:e3:
71:9c:fa:a1:ff:53:85:41:5a:dd:df:80:6c:ca:f5:ca:75:56:
5b:9f:ff:90:06:07:a4:8b:4f:c1:58:fd:02:ad:d8:1b:6c:6e:
bd:4f:6a:40:1e:43:47:3b:b6:cb:45:be:f1:68:9f:9f:05:b9:
3b:b9:7f:4a:0c:0f:53:c3:ab:15:54:cc:93:f1:4d:a7:88:7b:
f1:e5:59:9e:ac:4f:f6:9e:cb:05:e7:bd:fc:33:27:53:0d:07:
c0:07
-----BEGIN CERTIFICATE-----
MIIDrTCCAxagAwIBAgIBAzANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTA4MDUxOTEzNTU0
NloXDTE4MDUxNzEzNTU0NlowgYExCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
aW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEW
MBQGA1UEAxMNT1BQLVZwbi1qb25hczEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29w
ZW4uZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMucDKQj59/bKy4tN51h
yyeN7Z8c6bktgz8vGiqQ5xyLQSigLzrCZ6la6Aql/D446PumXuQUPo5w7EnWIIH1
lmmOj4LB0tf6S+i+PCAFQfkFn44vOKj32P4eZTxoDLDbdFf+NT9wrPn94Jsx5TIY
6uuHBtGNA/7e7Rd3wecHkiDzAgMBAAGjggEjMIIBHzAJBgNVHRMEAjAAMCwGCWCG
SAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E
FgQUMwjfbg1XCFA8f4ePKT4a72RpMM0wgcQGA1UdIwSBvDCBuYAU4U3Da/R8gXsW
ssxtJGzK3ZuTU+OhgZWkgZIwgY8xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
ZXR3b3JrIHNlcnZpY2VzMRMwEQYDVQQDEwpPUFAtVnBuLWNhMR0wGwYJKoZIhvcN
AQkBFg5hcmd1c0Bvb3Blbi5kZYIJANdEFItVo9+IMA0GCSqGSIb3DQEBBAUAA4GB
AB0bB60zSM+4WTD7X2/qFTefErYDMCqTRkfUQiuZ0qHIyiBY43Gc+qH/U4VBWt3f
gGzK9cp1Vluf/5AGB6SLT8FY/QKt2Btsbr1PakAeQ0c7tstFvvFon58FuTu5f0oM
D1PDqxVUzJPxTaeIe/HlWZ6sT/aeywXnvfwzJ1MNB8AH
-----END CERTIFICATE-----

67
OPP/openvpn/keys/04.pem Normal file
View File

@ -0,0 +1,67 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4 (0x4)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
Validity
Not Before: May 19 14:10:25 2008 GMT
Not After : May 17 14:10:25 2018 GMT
Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-anne/emailAddress=argus@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:a9:01:86:b4:76:7b:0e:42:cc:95:2c:97:8d:c8:
5b:a2:7d:a0:8b:8e:06:97:e7:f3:48:5c:a4:90:1f:
67:3e:ae:43:1d:c0:01:29:c9:f8:3d:b9:a4:42:d7:
2a:18:53:64:22:3b:88:70:62:3b:7c:6f:e1:50:6e:
86:6d:e1:31:13:f7:d3:42:20:d0:b2:83:fb:71:f3:
72:a5:ae:b2:cd:3b:da:c2:61:eb:7f:e8:67:72:83:
de:50:a3:ad:17:ad:e4:b8:a0:09:63:09:9d:8c:5b:
47:a7:fb:9e:51:32:9a:95:2f:81:98:19:c1:94:46:
f9:cd:78:99:41:fe:27:4b:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
16:84:EC:50:65:D5:87:51:13:EB:A5:5E:6A:00:8E:4D:1E:80:52:C4
X509v3 Authority Key Identifier:
keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
serial:D7:44:14:8B:55:A3:DF:88
Signature Algorithm: md5WithRSAEncryption
35:b0:0a:3e:43:aa:72:39:8a:03:e6:77:36:f3:84:b1:18:dc:
b1:45:9c:f9:c6:b5:49:4c:51:ec:e2:ba:c7:39:0f:cd:f6:3f:
ed:c6:86:a3:3c:39:82:bb:cb:27:8b:b4:c7:f8:07:a3:ee:d2:
9a:8f:fa:34:81:de:a0:68:f0:b3:2b:6e:30:b2:96:5f:84:48:
21:25:2e:3a:69:36:49:4d:bc:40:98:5a:56:58:98:d3:22:94:
b6:13:33:c6:4b:3c:30:22:04:91:e4:1b:f9:f4:e1:ed:0d:d4:
32:05:e7:ab:b9:8b:b7:15:16:97:6d:2a:2a:f4:07:dc:54:be:
a4:26
-----BEGIN CERTIFICATE-----
MIIDrDCCAxWgAwIBAgIBBDANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTA4MDUxOTE0MTAy
NVoXDTE4MDUxNzE0MTAyNVowgYAxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
aW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEV
MBMGA1UEAxMMT1BQLVZwbi1hbm5lMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Bl
bi5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqQGGtHZ7DkLMlSyXjchb
on2gi44Gl+fzSFykkB9nPq5DHcABKcn4PbmkQtcqGFNkIjuIcGI7fG/hUG6GbeEx
E/fTQiDQsoP7cfNypa6yzTvawmHrf+hncoPeUKOtF63kuKAJYwmdjFtHp/ueUTKa
lS+BmBnBlEb5zXiZQf4nS/sCAwEAAaOCASMwggEfMAkGA1UdEwQCMAAwLAYJYIZI
AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW
BBQWhOxQZdWHURPrpV5qAI5NHoBSxDCBxAYDVR0jBIG8MIG5gBThTcNr9HyBexay
zG0kbMrdm5NT46GBlaSBkjCBjzELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxp
bjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsTEG5l
dHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4tY2ExHTAbBgkqhkiG9w0B
CQEWDmFyZ3VzQG9vcGVuLmRlggkA10QUi1Wj34gwDQYJKoZIhvcNAQEEBQADgYEA
NbAKPkOqcjmKA+Z3NvOEsRjcsUWc+ca1SUxR7OK6xzkPzfY/7caGozw5grvLJ4u0
x/gHo+7Smo/6NIHeoGjwsytuMLKWX4RIISUuOmk2SU28QJhaVliY0yKUthMzxks8
MCIEkeQb+fTh7Q3UMgXnq7mLtxUWl20qKvQH3FS+pCY=
-----END CERTIFICATE-----

67
OPP/openvpn/keys/05.pem Normal file
View File

@ -0,0 +1,67 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5 (0x5)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
Validity
Not Before: May 19 14:11:07 2008 GMT
Not After : May 17 14:11:07 2018 GMT
Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-antje/emailAddress=argus@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:d9:af:d5:10:fd:3d:66:4a:1f:86:43:3a:eb:9d:
c3:3d:eb:9a:fd:c9:ac:76:79:b4:8b:62:3a:b0:22:
92:70:ef:dc:b4:90:08:af:0e:69:c1:e1:41:42:f1:
5a:9a:34:28:c1:4b:73:9f:cb:48:8d:e8:4e:fc:ae:
98:aa:87:7a:a0:09:77:6c:d2:db:51:f9:0b:a1:93:
37:57:4d:71:ed:5a:07:2b:0e:29:6c:c1:2c:79:e7:
82:6c:f2:49:fd:1f:44:18:df:07:3b:4a:9e:53:49:
b7:29:1c:17:ed:28:0a:72:64:3e:3d:98:ab:ce:0b:
99:19:a4:36:7d:12:dd:6a:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
DD:6A:35:36:EE:4B:F6:AE:4C:80:30:12:74:49:60:87:44:FA:09:D6
X509v3 Authority Key Identifier:
keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
serial:D7:44:14:8B:55:A3:DF:88
Signature Algorithm: md5WithRSAEncryption
ad:af:8f:8a:fa:30:43:ce:95:ff:9d:39:65:a9:da:1e:49:dc:
df:10:63:4a:76:74:5f:46:e6:2a:e6:be:ca:de:99:1a:84:07:
53:f4:ec:1b:27:ae:3d:f5:21:b5:9c:27:5f:18:f8:3b:fa:39:
6c:3a:d8:2a:01:2d:61:22:a1:36:4e:21:0a:48:e1:46:57:98:
43:fa:f6:b1:6a:32:75:5a:b6:15:f6:3e:5b:61:8d:73:de:ff:
cd:3c:90:8a:ca:41:88:55:97:eb:e8:92:d8:89:96:34:99:9f:
eb:e7:4e:37:01:3d:33:dd:32:17:c6:d2:0c:1d:9e:ee:72:37:
a6:85
-----BEGIN CERTIFICATE-----
MIIDrTCCAxagAwIBAgIBBTANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTA4MDUxOTE0MTEw
N1oXDTE4MDUxNzE0MTEwN1owgYExCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
aW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEW
MBQGA1UEAxMNT1BQLVZwbi1hbnRqZTEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29w
ZW4uZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANmv1RD9PWZKH4ZDOuud
wz3rmv3JrHZ5tItiOrAiknDv3LSQCK8OacHhQULxWpo0KMFLc5/LSI3oTvyumKqH
eqAJd2zS21H5C6GTN1dNce1aBysOKWzBLHnngmzySf0fRBjfBztKnlNJtykcF+0o
CnJkPj2Yq84LmRmkNn0S3WqvAgMBAAGjggEjMIIBHzAJBgNVHRMEAjAAMCwGCWCG
SAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E
FgQU3Wo1Nu5L9q5MgDASdElgh0T6CdYwgcQGA1UdIwSBvDCBuYAU4U3Da/R8gXsW
ssxtJGzK3ZuTU+OhgZWkgZIwgY8xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
ZXR3b3JrIHNlcnZpY2VzMRMwEQYDVQQDEwpPUFAtVnBuLWNhMR0wGwYJKoZIhvcN
AQkBFg5hcmd1c0Bvb3Blbi5kZYIJANdEFItVo9+IMA0GCSqGSIb3DQEBBAUAA4GB
AK2vj4r6MEPOlf+dOWWp2h5J3N8QY0p2dF9G5irmvsremRqEB1P07Bsnrj31IbWc
J18Y+Dv6OWw62CoBLWEioTZOIQpI4UZXmEP69rFqMnVathX2PlthjXPe/808kIrK
QYhVl+voktiJljSZn+vnTjcBPTPdMhfG0gwdnu5yN6aF
-----END CERTIFICATE-----

67
OPP/openvpn/keys/06.pem Normal file
View File

@ -0,0 +1,67 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6 (0x6)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
Validity
Not Before: May 19 14:11:52 2008 GMT
Not After : May 17 14:11:52 2018 GMT
Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-dominique/emailAddress=argus@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:c1:38:3f:b0:d4:de:b8:36:d8:39:59:f5:e7:f0:
90:30:28:ea:08:8f:89:22:a6:20:ab:30:cd:fd:6d:
05:49:a8:75:44:5b:2a:8c:d0:f2:7a:ad:8e:2d:f8:
61:3a:ca:96:6b:f7:fa:8f:9e:cf:b6:1f:05:28:0f:
17:7b:30:72:38:b4:d7:2e:11:7d:4e:bd:0e:34:f5:
73:b8:fc:96:bf:dc:08:b4:42:5c:28:79:c9:13:21:
41:56:8b:46:b4:22:3a:ce:67:7e:ee:22:e4:0d:6b:
2a:6d:5e:20:1a:cd:bb:00:98:e6:a8:c5:40:e6:cf:
64:5e:73:c3:5c:07:64:67:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
E4:85:C4:03:74:D3:5B:17:7C:9A:8A:F7:CE:62:23:56:CE:45:14:80
X509v3 Authority Key Identifier:
keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
serial:D7:44:14:8B:55:A3:DF:88
Signature Algorithm: md5WithRSAEncryption
23:5f:8b:84:36:8f:5c:85:64:4c:13:36:df:64:4f:6e:15:b3:
21:2e:1c:3f:90:d4:9c:03:2e:1d:c8:6d:54:d7:19:03:46:b5:
e9:50:eb:92:7c:cf:14:5d:b4:0c:58:3e:8d:e8:a0:19:aa:16:
43:b5:c5:9b:4e:4e:1c:4b:a3:80:78:43:c8:77:79:6e:ac:13:
28:c8:5d:c1:a2:b2:dd:1f:ca:ad:c5:7b:81:3f:8d:15:43:6e:
e4:39:73:a9:07:85:4c:a7:ad:34:73:80:06:1f:97:63:38:53:
77:db:e0:5f:ea:0b:40:a8:55:9a:d2:68:75:20:ca:29:0f:7f:
67:e5
-----BEGIN CERTIFICATE-----
MIIDsTCCAxqgAwIBAgIBBjANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTA4MDUxOTE0MTE1
MloXDTE4MDUxNzE0MTE1MlowgYUxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
aW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEa
MBgGA1UEAxMRT1BQLVZwbi1kb21pbmlxdWUxHTAbBgkqhkiG9w0BCQEWDmFyZ3Vz
QG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBOD+w1N64Ntg5
WfXn8JAwKOoIj4kipiCrMM39bQVJqHVEWyqM0PJ6rY4t+GE6ypZr9/qPns+2HwUo
Dxd7MHI4tNcuEX1OvQ409XO4/Ja/3Ai0QlwoeckTIUFWi0a0IjrOZ37uIuQNaypt
XiAazbsAmOaoxUDmz2Rec8NcB2RnSwIDAQABo4IBIzCCAR8wCQYDVR0TBAIwADAs
BglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYD
VR0OBBYEFOSFxAN001sXfJqK985iI1bORRSAMIHEBgNVHSMEgbwwgbmAFOFNw2v0
fIF7FrLMbSRsyt2bk1PjoYGVpIGSMIGPMQswCQYDVQQGEwJERTEPMA0GA1UECBMG
QmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UE
CxMQbmV0d29yayBzZXJ2aWNlczETMBEGA1UEAxMKT1BQLVZwbi1jYTEdMBsGCSqG
SIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDXRBSLVaPfiDANBgkqhkiG9w0BAQQF
AAOBgQAjX4uENo9chWRMEzbfZE9uFbMhLhw/kNScAy4dyG1U1xkDRrXpUOuSfM8U
XbQMWD6N6KAZqhZDtcWbTk4cS6OAeEPId3lurBMoyF3BorLdH8qtxXuBP40VQ27k
OXOpB4VMp600c4AGH5djOFN32+Bf6gtAqFWa0mh1IMopD39n5Q==
-----END CERTIFICATE-----

67
OPP/openvpn/keys/07.pem Normal file
View File

@ -0,0 +1,67 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7 (0x7)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
Validity
Not Before: May 19 14:12:31 2008 GMT
Not After : May 17 14:12:31 2018 GMT
Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-gesa/emailAddress=argus@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:dd:3f:12:ed:6e:50:5f:83:73:b2:02:06:39:79:
4c:8f:5c:1a:cf:24:8b:48:ad:26:30:5e:33:dc:97:
ee:8a:01:4b:4c:be:78:0e:6c:a7:04:5b:2d:12:bd:
2e:c1:7f:71:6d:84:52:b5:19:e8:b2:6c:57:bd:54:
4b:9d:97:ca:12:a4:9e:7b:d6:b3:26:88:b2:f9:ee:
e8:92:27:1a:50:e1:8e:44:ba:a8:81:db:c6:03:9b:
8e:92:a6:f5:28:61:d9:a8:9b:6c:74:41:e4:3d:a2:
2e:98:75:9f:3f:37:6f:79:84:44:ff:53:39:cf:96:
31:b4:82:54:dd:46:b8:8c:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
20:D1:BD:E0:49:1C:2D:5C:06:98:E8:85:E7:B4:9B:34:0F:23:DB:21
X509v3 Authority Key Identifier:
keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
serial:D7:44:14:8B:55:A3:DF:88
Signature Algorithm: md5WithRSAEncryption
69:8a:2e:2b:93:da:48:7a:0a:3a:8d:84:0e:f9:16:d7:23:c6:
29:e2:75:67:e8:59:f2:21:2b:31:7f:15:94:10:0b:49:5a:a4:
4c:7f:ef:3e:02:ad:04:d5:be:f7:10:03:cd:77:73:bb:b4:93:
03:c8:27:51:0e:1a:27:91:51:e6:6f:43:ad:cd:91:be:ab:3c:
5c:ba:54:e8:4f:b5:07:22:d4:46:b1:e6:41:34:cc:56:84:3b:
f2:bf:eb:b9:a5:d8:43:95:b5:42:67:3a:08:99:f9:d9:3d:9e:
fa:2d:e3:a8:da:4c:de:3e:00:cc:92:8c:56:92:d0:da:47:b0:
fa:eb
-----BEGIN CERTIFICATE-----
MIIDrDCCAxWgAwIBAgIBBzANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTA4MDUxOTE0MTIz
MVoXDTE4MDUxNzE0MTIzMVowgYAxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
aW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEV
MBMGA1UEAxMMT1BQLVZwbi1nZXNhMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Bl
bi5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA3T8S7W5QX4NzsgIGOXlM
j1wazySLSK0mMF4z3JfuigFLTL54DmynBFstEr0uwX9xbYRStRnosmxXvVRLnZfK
EqSee9azJoiy+e7okicaUOGORLqogdvGA5uOkqb1KGHZqJtsdEHkPaIumHWfPzdv
eYRE/1M5z5YxtIJU3Ua4jIUCAwEAAaOCASMwggEfMAkGA1UdEwQCMAAwLAYJYIZI
AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW
BBQg0b3gSRwtXAaY6IXntJs0DyPbITCBxAYDVR0jBIG8MIG5gBThTcNr9HyBexay
zG0kbMrdm5NT46GBlaSBkjCBjzELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxp
bjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsTEG5l
dHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4tY2ExHTAbBgkqhkiG9w0B
CQEWDmFyZ3VzQG9vcGVuLmRlggkA10QUi1Wj34gwDQYJKoZIhvcNAQEEBQADgYEA
aYouK5PaSHoKOo2EDvkW1yPGKeJ1Z+hZ8iErMX8VlBALSVqkTH/vPgKtBNW+9xAD
zXdzu7STA8gnUQ4aJ5FR5m9Drc2Rvqs8XLpU6E+1ByLURrHmQTTMVoQ78r/ruaXY
Q5W1Qmc6CJn52T2e+i3jqNpM3j4AzJKMVpLQ2kew+us=
-----END CERTIFICATE-----

Some files were not shown because too many files have changed in this diff Show More