Initial commit

SPR-BE/openvpn/gw-ckubu/ccd/server-gw-ckubu/VPN-SPR-gw-ckubu

@@ -0,0 +1,7 @@
+ifconfig-push 10.1.92.2 255.255.255.0
+push "route 192.168.92.0 255.255.255.0 10.1.92.1"
+push "route 192.168.93.0 255.255.255.0 10.1.92.1"
+push "route 192.168.150.0 255.255.255.0 10.1.92.1"
+push "route 172.16.92.0 255.255.255.0 10.1.92.1"
+iroute 192.168.63.0 255.255.255.0
+iroute 192.168.64.0 255.255.255.0

SPR-BE/openvpn/gw-ckubu/client-configs/gw-ckubu.conf

@@ -0,0 +1,270 @@
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server.     #
+#                                            #
+# This configuration can be used by multiple #
+# clients, however each client should have   #
+# its own cert and key files.                #
+#                                            #
+# On Windows, you might want to rename this  #
+# file so it has a .ovpn extension           #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Are we connecting to a TCP or
+# UDP server?  Use the same setting as
+# on the server
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote gw-spr.oopen.de 1195
+
+topology subnet
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server.  Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# Server CA
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIGzDCCBLSgAwIBAgIJAMzhic2M9z96MA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMH
+VlBOLVNQUjEQMA4GA1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
+b29wZW4uZGUwIBcNMTgwMzE4MTM1NDAzWhgPMjA1MDAzMTgxMzU0MDNaMIGeMQsw
+CQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzAN
+BgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UE
+AxMHVlBOLVNQUjEQMA4GA1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3DQEJARYOYXJn
+dXNAb29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDU3Y3K
+UW+th51pqc+MttFyQNVQ+TwGUFptpoES5KIDqXifbqQfTLNUch1us+C0e6qt6B/t
+ZSotqwAqBgA9bT4ws02sMP2U7U0+sn+rxvb9H/6Q0H4KixfsyTTxqrstEphEE2aF
+eC9L3Z4QlJuafsuUWIxT9LW1KnaPV5CIDz/cJZIO/Xc7/TRyiO0ylgf6+br2zAFH
+Rm8Tnr1TDUm2ftB0ukG2wsmGhd/+lXPBrXWwC83NBYjFi0o9OZZmAUekyNWUTHQY
+UJ1fLJAPLdpoVuxbV0BK6HQdpRvj4KyMBt/kEcGMXSLuAr1/848wI1EI8AuFyaZV
+RQdnS6yHxZ4+Mi8YSdXEj+nb/SwBGxz9kmmVUQCTlPm/B4Y5I+3ivS9PxihpSwHo
+zJkr8tr+xwfnFXSXB3wPdYu9rD8KmY3/uDYy9iWLg0/xW6keL4luDCVNjltMjc0x
+03MOpv9cjN2eBwGyU2dHyyfDPSqSsQi9FZeWmgCzwJ0rL4WywDRc5paXbaWtzdqQ
+98gVox7lFbmQIE5VoFc4VTKEIY9D/cLdmZpWzPHOn3vPEc5eAFKb5qZv2IlN420Q
+CSCFJAb5orrIj9ALAIvFXfvTv5o7G+ZEvk4eMP39nK1ZXc6/cL7/IapPfy3/vUs0
+tEph6pRHP39bcH9pxVAA7WkTS5ZEUshA7NrUEwIDAQABo4IBBzCCAQMwHQYDVR0O
+BBYEFHHdskSE3v+RJciX4ZEOWD5SJZ+qMIHTBgNVHSMEgcswgciAFHHdskSE3v+R
+JciX4ZEOWD5SJZ+qoYGkpIGhMIGeMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVy
+bGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQ
+TmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLVNQUjEQMA4GA1UEKRMHVlBO
+IFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDM4YnNjPc/ejAM
+BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQB1cA8o2Fo78xQ8jRdyfbvK
+GFH8+SMoOh/8qxj9prk0kLYAro5QnzEBmftHhf3sXevEAUWpr77VL1FxhTXgKUp2
+S06S/meC24M/KclxM+W/7AuG9yrJuW122l61OuWUcDWA24oj0KG896Mbw13ieeWS
+7XmC1YU5Lix3wiWnjD7QZ+E4dg09z722+zwUi1UwRekzJZmB8pTHHmbX4Yig/K27
+STnxQEiVZzlzcvjY6QvC3Sj/aA3YCSNl0bsSwH6GwXXJZ3BEKmm6w+ZRQMTz7+72
+q0ybGf43XH4sj2OBm1YvCD8LehygPy2uJYlDxG8zRq2kxYxiWLbncs1x9Acusd7l
+Te+k8YArRTqsWLN5Q47sGO4H1clz4ay80TTuz4Vc6JQ3banHDmMFV2nMsR2YtKX6
+lKD3lXvMU04ZvZe2SolP1uTto3Jw3cNarigj/nHjn5s16uvy6Q3x4TyVUqyAOqrG
+cuGrbYAEqtVnMrrovGZTj73HSwAx2PD+3jJKZH+suwBIijNL90wbkNlsNHlNcQeQ
+zQAlYRBdCYWFU+7d86kUWYYrActGZc2MJmBZzZ/Tt7YoOIw6NMnWcpMMTUV+zToP
+WWrD5OMDc7EX9BmMg7uif46UF6ol2puGXpQIF/yVRbFk1IiPwhc1ZyCuh+1ugh5+
+CZSTeKgLDVjfXlqH1ErAvQ==
+-----END CERTIFICATE-----
+</ca>
+
+# Client Certificate
+<cert>
+-----BEGIN CERTIFICATE-----
+MIIHLjCCBRagAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1TUFIx
+EDAOBgNVBCkTB1ZQTiBTUFIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRl
+MB4XDTE4MDMxODIyMTMwNloXDTM4MDMxODIyMTMwNlowgacxCzAJBgNVBAYTAkRF
+MQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5v
+cGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRkwFwYDVQQDExBWUE4tU1BS
+LWd3LWNrdWJ1MRAwDgYDVQQpEwdWUE4gU1BSMR0wGwYJKoZIhvcNAQkBFg5hcmd1
+c0Bvb3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANmowNDa
+f1Pz+ACS/w8DzUiRIu7i6yfteeWBnVTh4pF0wmmbIV6sq7nFXHefINYYju/szU5D
+jqm1750YUPKVmJi7c+CNKkQt2kNa80qPENaZ50TuQAWjHgIgVC1IPpkjk/+2dIk4
+rVKPwC0B2qolvH8lj1VXgt6ieRU6CwLCuB5JtvKbOEz0wCS2sCKPscz0R+/9jf+9
+DAB6Cr1t4MkawJ7h3mn17N3tmfDUqyGr3hf8nvJgMFBTJsRLKcgdNEfDUGYT1cJ5
+8rqNlBjssx24T2Kv/V72tvgv0Y88jDQLJIAO/swqWcYaqKHQAvvmg3zYfri10V9M
+sExKswfEvGLgly+3EkMhPuEU9Jqi+c5m4awKGx6Ww0YgJJkhgHw+D8/7/EjiaXM2
+sVwSWijStYRmf/LmYlS2Ts38MHAC0WjTd2j8iOB1a4djDv2jGSv0iq3zpv63I0FC
+DqVqTWhzJGkMsUowk4AyWrnKNsMfC4ZHG2c8DThAAuKW/OOu+hamGAkUuNC6SYMh
+GZus/VoPJudF5vp+5AkthAo/N5wPxIm/nWJXV8Nr9Cd24TIb7TeX6ESWCkZMs/O3
+1BWxJZ93n5Pv6uEPlBp1bh5oj69F2vVm9kal8YmpO8jkuwzuwJgs7f300aiG+JJF
++Pz68w/5B170pguuybyq8UQNJJhYMyo9L9nBAgMBAAGjggFqMIIBZjAJBgNVHRME
+AjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNh
+dGUwHQYDVR0OBBYEFBNSxrpHA9HfrvuHjvuKZnTXkdN2MIHTBgNVHSMEgcswgciA
+FHHdskSE3v+RJciX4ZEOWD5SJZ+qoYGkpIGhMIGeMQswCQYDVQQGEwJERTEPMA0G
+A1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZ
+MBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLVNQUjEQMA4G
+A1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDM
+4YnNjPc/ejATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEwYDVR0R
+BAwwCoIIZ3ctY2t1YnUwDQYJKoZIhvcNAQELBQADggIBAEDGKiwnx2nlVB4VpK+H
+4fE6KYLjqGCpZLliRxXD2V/zLwXt63hYGMPUxUmqq+nnQAIzbReOf4/3avwuaoMc
+h8PGmbTdoZic5Qxu0FwN7f24eemYuEtC8R6jrLVHffuCmNX+n94T9Fw8dh5Z4BY9
+W3JHr62y5CkRE03VTWgiu4nRluknwyJFYFcj8p8h6kt9qIoSpcaOTfyrhUUgxu4n
+jECCw7ZjZbLvaWq4k5Sea9zBL/5p9phJVvgmZBfioMXKbYrg9MUunWxMDJ2+DRdL
+vV7wWwByHrMhfbZ71KPAeJF8MsXR6WHaHTzckqOh0l8O5BPzU07IJxhKh2HI2joa
+ZfEf5df99ARtH7yUi9qb2/OgqUe2uF/Z6MDUuuipoK95PACf8yvGGEprzqAEusoS
+kvXJAkTHBajNPZf3M909Wqy0C8rRVC06+y9AT1Toba3yTb2wUEOFQ4vwJK+Iwi3d
+16za6vzZArEgpij2me5RVblwVoSDlqbTTKN/obTOm3Vr2tBX1NCdVaQuwwWTcAmj
+zuMd+bluEOOnlBfATuLdnRdgZAA0LbtQAxOcpdUsxR6KxyXFqlo7wPefx7GJKeTa
+At0U50Jw76gTAwxTgdgyBuol998pZheyuFavjH9KmWY/q1N+WyOtPgF30VjbpDNf
+GXH8zFh56LyFtBxdpjuVSUEj
+-----END CERTIFICATE-----
+</cert>
+
+# Client Key
+<key>
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJpDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIsMy/MytYtzsCAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECM8bcaVcNffeBIIJUNOSqKmf153a
+NBjm25drvNrgo+bEd2kxywgcjqIyl/csUjkbx3WWANZZAdRIFgtM2mN6xiGPAzpB
+AMU+0FhbMeSC4aaoE6kbu0QREcHxgLemoA1+3c/VMfzTXJQ5xtr84pyBfj7lwYTh
+uOC8k5WYV0VCWWwj39TAAfF/eqIzfuN4L2ybSgQyHHyWQPvCgfEPMZi5lBcPtZT5
+OQgS30tFTgNOmz+wTex6uOJi0Qqo6MvH3rWv5rRwO17FZU6v+SLXcopvZfrO4WLN
+AMHzjIvvfwmO+7/ypLnVdBYCd+CpvBUwcEbPVqrddWhNgidlOkoQzVnK34wexRvm
+eDjmm8JbTHFQP8+DMEAODlMPNxMD1vCC/vM7bKMjCNYGjRwrxtL9Z8drp1wgzULJ
+8AY3J72+lL1yMQNoch0Niuda3RDBs68FeVvGaFmGCPlzDdfTlex0Pi+BFeuTao0Q
+7Y9zfcjyv+p4HxMg6YoIIQYOEogWO58GF1UL0zOJD81j4ihkT7HTWtOskw5E6Kfq
+WEWyW5Oe4xR0PZpHNrYVURNg6kIxEBwRFfskFofGac36tKJ2fJseESkuqvXLenNt
+Y0Epi/AxwEZa0E+G2ewNPNoBAIvRlOx0CBWWQKeCVaOgsOD0zyqYPsCGFWDl+2d5
+i8afGhTw/8oqhwNwr25tWhW1xKbMEGchycywGGQloGvquv7kchJb6lDADZtF1++v
+4wgRwtiBYOvkqXSLOpFiZinvmUMmqXD7PqG9yWF7XlnRV8JJ61RP2cuKCTXXCGfI
+dtzLnet/4lUV7S0Wd3g1US2iPz6LJ+ngOBQEbAqFvInBiZFyduPwQJo0yswDyJYd
+WNhmHumuFSSCdnAF6qVjuKhsNhftY5w+xww6RhAqst1idoVqYSt1LLODwKVQfIPs
+uctF108LBYPBGf5tEC5Z1KRpDQO41q3F91eTZTVEH8Su1pW7IbMGt8XTUVRJESbQ
+SYH5ELMdd+tb1ccD2fZZV3R6V7vI7ejAzOWdmjqaITtPGsFcMevc36YmJ18OQVBe
+mTZJjdx28sGrsoqCSvgc7ii0DFLWZrRs4WRrgoxQq/G0zKLuuGXhlEgVw9QhIfeo
+fMj1ebR0oElSimcqwPJYI/DDfhYZUA5Mx2Ewnfs1NS+CGoo+UcDKNHQRR3uEmP7T
+1Mhg+MQ3b6ssZ8uZQut1E6bALf9ipH5xkN6rgniJsBL3lzvkN+/5XiE5qz16bmkN
+gpF1+8G0/pjDi7a0Fw602ffdD1XAfcV6SMobDgTyMmjybgZHzf6cFy9gKrRa6WV0
+do4Oc+uv0Nmj6wrAYO4s/nuJnpeTY0wbuHJgcYnTmUX15kIw+bPJ2UIGjyS8QpkF
+evX8XeN48U9mknoQv1OfC6+kE6jgqQiDzigy9nSHFc4kIQWsihO6NKDEia11RWCn
+QN3t8sHDNZdFY3dy7nnQRIhFNEy6InjLnUbfhuzgZVaVoaqULH8EmoE78z25zi0H
+Xt6P+hkW8zZthYHsucVvyiNqZmIb50MK/5VHuORXsepWD9hX/rEyFxsv71AyBl9x
+TSHjk4cgBqVh3uRH8NxNNvWnx7Th03Zk4/2dzNUc5taj3WX2jCH1vaKBMI1BBHJD
+QWNIrwCExUOIAbYJLGkyihnTv4PCRlZrYQtMyx0laxYRdWR6lsIk83jcMWkWfhPf
+YbYd/XIIR+hOFrUIM28Y2TTPHpJhbuORP7z18o2heUV0ZD3LdMi27/JtsSZHlbOu
+nqdP9reWG8Kx6mjEdSFe5hTD0VmZ3Yks1jGp3QBcxQivAbLoXsP5VOMOPr7zXmb1
+m9uWqtC+/1L6lAg5iH0YNyvrmRL02uzMiEXBQQDx0CYqcWJY+hwaXU6MnSyUMH7F
+H7wAW2cqq1XCBVFWUIPI6P63LUlgewzmseaAGgD7tfbGSsx7BwseMXUwtdOYt+Rp
+H8/3QeLLAfgD2Kl7Mv8F8l+KsBRNpaSJVYCqYH5ogzjRiuwDwsOmRdHKRh+r825g
+fAJsI3grgZOd7poDQSisRZKOAF/ytTclreostJGfwLEE7IpUA/R7yLPCTI/mdPwT
+4zRZ2N0fovkApA6hvhIpnhaA5XXuY7gmN8E0tgokZ7NsiL0JgFUFevEwzvZhlCJI
+7edh2kPl379+bT1lgy37Z0V8ntU0S3I/g+6RsepDuWtCGsW434Z+iAAv7aKPJz0H
+UqNHS4vElG8tQKBkO+qWRdC19hmM5itQoy/nD935hyZgRBZKFTmO3kNPPyvHVTdJ
+hYTN/WAuXAMrP5HvkMv4AXZLQSk/YJCcJsPN5p8Kd40oEuwMumI8HCwXlSnpHnro
+prdZrrCCUQ2232zCw5qQ4KZl7i5LB8AkLmNXtMUscHf6Nge3GSTILFaKoFYrDPF5
+P6u21fO1R2HcA+b7xKzK6ecpPZA25ggxPMqvRwCnT/gueVSXjOIhd3f2pEs3yVWM
+W0HenWuiWcbryuzcPAJytianU1KqtrEYhqFTxcdJAYa4xvFbCtGrmVuJ8NRomSg3
+BdL8lOfdYxE5R8VYfVxw2jcLiK4o2Bqjt17kHTzzP95E8Eybkzgo5vycmMedOBsn
+rBOUJXYFSo6hONNiMR1vlIxNi2Tdo9w5wKHUerVdXhVSLgvC7SeJeArN6+To+MVR
+n73jBAA48VcA8d5miDNnfwEDguP/Fg3+vo9VAWccR3lq9tHT1GkNyz0gyYLxmwoV
+2w+QkNYM2SzbrsDJ0GEN7s8gEkeQHuwcXHsdyJnLJQJsTrZaaHDd65BMXseE9dwu
+Lgf0zuiq2DCDTJEvabd9siS7wDOxJAKzd3atP1O4ylnzSHgvi7DNQJ8Xeu8FF43L
+Sn6KmWhdtfIhL3uNAvI2/6434qWKU4WE5Ro/TjI4uMxmfkTTQPmffJTGnH9nYJjJ
+aURTTNSKQGbeyBS9KEUjSyQAAXBaDka4zP93eOi66aeUNaMcod1aKLo9r1LpjVqe
+3qLBy7cCP56qaMTJChhwhYWtwyu5AqX2fk4LRAOrm7olFNlbJ/QMYEahztZzFuiO
+hCCGNebRqk7IYmXnvoA1gJ7VJEov1QYeLX9xnZqF+qwHzs29pNZwADtvBlWn+MT4
+yCy2JxLwIwfVuMsJWRzvHcpeOzmgtDIgUkqGzpjPB5bdtbr7GFbFkpms29DmGLtT
+Ujfylfy4W1TZtS1ryCsskAiOrTpXH0G7
+-----END ENCRYPTED PRIVATE KEY-----
+</key>
+
+# Verify server certificate by checking
+# that the certicate has the nsCertType
+# field set to "server".  This is an
+# important precaution to protect against
+# a potential attack discussed here:
+#  http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the nsCertType
+# field set to "server".  The build-key-server
+# script in the easy-rsa folder will do this.
+#
+# Note!
+# The option "ns-cert-type" has been deprecated since 
+# version 2.4 and will be removed from later distributions.
+#
+# Use the modern equivalent "remote-cert-tls"
+# 
+;ns-cert-type server
+remote-cert-tls server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+#
+# Don't forget to set the 'key-direction' Parameter if using
+# Inline Key. Usualy , sever has key direction '0', while client
+# has ke direction '1'.
+#
+key-direction 1
+<tls-auth>
+-----BEGIN OpenVPN Static key V1-----
+50c09d4cd2d32cbfadcc9ebff8e624d2
+f7a5730ff6b708aad8a6bb14b3a7619d
+e32764bbe875f11ce46213a35500cc2c
+fd0b6bf2e7b8cc2392a478ad7f4e7c7a
+3fbe2e50a781ea9a4fd83cfaf64725db
+98b4740b145e2d948b3b09975866c03b
+a268f82e767fa2517b469ec3e563d321
+8156f8f192f75bf8385697aeed6b9f33
+fd74e02426437c42dc7a85afd828012a
+911e7d8e837249d33a4209dbd0a2c017
+c0ee31207a0e5ba05e736fa1c9af1cbb
+0b39dab31939eb37df367d1eccf61ff3
+28135f42ba70344179186cdd0cac5058
+9cb4bac7dd08436d1efbd452b72416e8
+59bc9118c2c6aba6107faca0604d947f
+ff8569318b234e4ddbb68189b1504969
+-----END OpenVPN Static key V1-----
+</tls-auth>
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+;cipher BF-CBC        # Blowfish (default)
+;cipher AES-128-CBC   # AES
+;cipher DES-EDE3-CBC  # Triple-DES
+cipher AES-256-CBC
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+;comp-lzo
+
+# Verbosity level.
+# 0 -- quiet except for fatal errors.
+# 1 -- mostly quiet, but display non-fatal network errors.
+# 3 -- medium output, good for normal operation.
+# 9 -- verbose, good for troubleshooting
+verb 1
+
+# Setting 'pull' on the client takes care to get the 'push' durectives
+# from the server
+pull

SPR-BE/openvpn/gw-ckubu/crl.pem

@@ -0,0 +1,18 @@
+-----BEGIN X509 CRL-----
+MIIC5zCB0DANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCREUxDzANBgNVBAgT
+BkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNV
+BAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1TUFIxEDAOBgNVBCkT
+B1ZQTiBTUFIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlFw0xODAzMTgx
+NTU5NTZaGA8yMDUwMDMxODE1NTk1NlowDQYJKoZIhvcNAQELBQADggIBAHiAKVWa
+aJxRcohJGD6hfhXEOhBqV1GxWWuoEP1ONgdgsXTEfEDdK+lTS4P0PNyxEkbFS8OH
+TuRfg5OhmONezKAi6C3rGZHeM/jYwlCaoD1mNABgwkBKiU7BeXfdho1j3dhjgZ6f
+IYVEcWFM+0UDJsnZHeA6zkpjRTL1AlB0I+mYg5f8fb85SVoxNIk3C8Hh22X19wVd
+MHYb4/F/k6AAcetLwuptdgS7nsWQama8BkJ1d9nBLV+aKdx39ZSOWKy4TuExicN3
+B41kh1qOqOnTYGkKjLLxn8AGdk4cqvZprraO6UEL4xV7WWRk3n6eaWsp0WLUnpTq
+5y3QhdSwne/nT/WAsUVE0qoKz/0LIHwL3YyEFNPpfdKn+0ulp1loqlPfZiGDEZ9s
+qs1lPAb8hSj8Gtoh6Ehb9rjH3ia78EVhzG/Npnzcq8IkJW9U9KjvJkjLUYQB0cE9
+gAKjMtJ1XWf1G/H6jYHSt85FM/fq8gnQX/yBVJzXlVdYWL4giS1K3kATJ9OjH3TL
+xyB0Evi15vG4a5HlbNT6g/a6GvEEfS6ANaBC82uRFK1AjELRCiKvjnOT5AndB/uV
+Q/tgplEqJJX2CQrH+BRUe0PWtOl0UYC84fGNr1lySHeWaI3Z3UUYeBIgJ+Y3d7/4
+5u5CE+zRVhxqCD1bxxZdJq8F8zQe4fOlWR3L
+-----END X509 CRL-----

SPR-BE/openvpn/gw-ckubu/easy-rsa/build-ca

@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-ca

SPR-BE/openvpn/gw-ckubu/easy-rsa/build-dh

@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-dh

SPR-BE/openvpn/gw-ckubu/easy-rsa/build-inter

@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-inter

SPR-BE/openvpn/gw-ckubu/easy-rsa/build-key

@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key

SPR-BE/openvpn/gw-ckubu/easy-rsa/build-key-pass

@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-pass

SPR-BE/openvpn/gw-ckubu/easy-rsa/build-key-pkcs12

@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-pkcs12

SPR-BE/openvpn/gw-ckubu/easy-rsa/build-key-server

@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-server

SPR-BE/openvpn/gw-ckubu/easy-rsa/build-req

@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-req

SPR-BE/openvpn/gw-ckubu/easy-rsa/build-req-pass

@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-req-pass

SPR-BE/openvpn/gw-ckubu/easy-rsa/clean-all

@@ -0,0 +1 @@
+/usr/share/easy-rsa/clean-all

SPR-BE/openvpn/gw-ckubu/easy-rsa/inherit-inter

@@ -0,0 +1 @@
+/usr/share/easy-rsa/inherit-inter

SPR-BE/openvpn/gw-ckubu/easy-rsa/list-crl

@@ -0,0 +1 @@
+/usr/share/easy-rsa/list-crl

SPR-BE/openvpn/gw-ckubu/easy-rsa/openssl-0.9.6.cnf

@@ -0,0 +1,268 @@
+# For use with easy-rsa version 2.0
+
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		= 
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key	 	# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha256		# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options. 
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType			= server
+nsComment			= "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always

SPR-BE/openvpn/gw-ckubu/easy-rsa/openssl-0.9.8.cnf

@@ -0,0 +1,293 @@
+# For use with easy-rsa version 2.0
+
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines                 = engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key	 	# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha256		# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType			= server
+nsComment			= "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0

SPR-BE/openvpn/gw-ckubu/easy-rsa/openssl-1.0.0.cnf

@@ -0,0 +1,290 @@
+# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines			= engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key		# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+#default_days	= 3650			# how long to certify for
+default_days   = 11688
+#default_crl_days= 30			# how long before next CRL
+default_crl_days   = 11688
+default_md	= sha256		# use public key default MD
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString (PKIX recommendation after 2004).
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType                     = server
+nsComment                      = "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0

SPR-BE/openvpn/gw-ckubu/easy-rsa/openssl-1.0.0.cnf.ORIG

@@ -0,0 +1,288 @@
+# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines			= engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key		# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha256		# use public key default MD
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString (PKIX recommendation after 2004).
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType                     = server
+nsComment                      = "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0

SPR-BE/openvpn/gw-ckubu/easy-rsa/openssl.cnf

@@ -0,0 +1 @@
+/etc/openvpn/gw-ckubu/easy-rsa/openssl-1.0.0.cnf

SPR-BE/openvpn/gw-ckubu/easy-rsa/pkitool

@@ -0,0 +1 @@
+/usr/share/easy-rsa/pkitool

SPR-BE/openvpn/gw-ckubu/easy-rsa/revoke-full

@@ -0,0 +1 @@
+/usr/share/easy-rsa/revoke-full

SPR-BE/openvpn/gw-ckubu/easy-rsa/sign-req

@@ -0,0 +1 @@
+/usr/share/easy-rsa/sign-req

SPR-BE/openvpn/gw-ckubu/easy-rsa/vars

@@ -0,0 +1,96 @@
+# easy-rsa parameter settings
+
+# NOTE: If you installed from an RPM,
+# don't edit this file in place in
+# /usr/share/openvpn/easy-rsa --
+# instead, you should copy the whole
+# easy-rsa directory to another location
+# (such as /etc/openvpn) so that your
+# edits will not be wiped out by a future
+# OpenVPN package upgrade.
+
+# This variable should point to
+# the top level of the easy-rsa
+# tree.
+##export EASY_RSA="`pwd`"
+export BASE_DIR="/etc/openvpn/gw-ckubu"
+export EASY_RSA="$BASE_DIR/easy-rsa"
+
+#
+# This variable should point to
+# the requested executables
+#
+export OPENSSL="openssl"
+export PKCS11TOOL="pkcs11-tool"
+export GREP="grep"
+
+
+# This variable should point to
+# the openssl.cnf file included
+# with easy-rsa.
+export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
+
+# Edit this variable to point to
+# your soon-to-be-created key
+# directory.
+#
+# WARNING: clean-all will do
+# a rm -rf on this directory
+# so make sure you define
+# it correctly!
+##export KEY_DIR="$EASY_RSA/keys"
+export KEY_DIR="$BASE_DIR/keys"
+
+# Issue rm -rf warning
+echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
+
+# PKCS11 fixes
+export PKCS11_MODULE_PATH="dummy"
+export PKCS11_PIN="dummy"
+
+# Increase this to 2048 if you
+# are paranoid.  This will slow
+# down TLS negotiation performance
+# as well as the one-time DH parms
+# generation process.
+##export KEY_SIZE=2048
+export KEY_SIZE=4096
+
+# In how many days should the root CA key expire?
+##export CA_EXPIRE=3650
+export CA_EXPIRE=11688
+
+# In how many days should certificates expire?
+##export KEY_EXPIRE=3650
+export KEY_EXPIRE=7305
+
+# These are the default values for fields
+# which will be placed in the certificate.
+# Don't leave any of these fields blank.
+##export KEY_COUNTRY="US"
+export KEY_COUNTRY="DE"
+##export KEY_PROVINCE="CA"
+export KEY_PROVINCE="Berlin"
+##export KEY_CITY="SanFrancisco"
+export KEY_CITY="Berlin"
+##export KEY_ORG="Fort-Funston"
+export KEY_ORG="o.open"
+##export KEY_EMAIL="me@myhost.mydomain"
+export KEY_EMAIL="argus@oopen.de"
+##export KEY_OU="MyOrganizationalUnit"
+export KEY_OU="Network Services"
+
+# X509 Subject Field
+##export KEY_NAME="EasyRSA"
+export KEY_NAME="VPN SPR"
+
+# PKCS11 Smart Card
+# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
+# export PKCS11_PIN=1234
+
+# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
+# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
+## export KEY_CN="CommonName"
+export KEY_CN="VPN-SPR"
+
+export KEY_ALTNAMES="VPN-SPR"

SPR-BE/openvpn/gw-ckubu/easy-rsa/vars.2018-03-18-1452

@@ -0,0 +1,80 @@
+# easy-rsa parameter settings
+
+# NOTE: If you installed from an RPM,
+# don't edit this file in place in
+# /usr/share/openvpn/easy-rsa --
+# instead, you should copy the whole
+# easy-rsa directory to another location
+# (such as /etc/openvpn) so that your
+# edits will not be wiped out by a future
+# OpenVPN package upgrade.
+
+# This variable should point to
+# the top level of the easy-rsa
+# tree.
+export EASY_RSA="`pwd`"
+
+#
+# This variable should point to
+# the requested executables
+#
+export OPENSSL="openssl"
+export PKCS11TOOL="pkcs11-tool"
+export GREP="grep"
+
+
+# This variable should point to
+# the openssl.cnf file included
+# with easy-rsa.
+export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
+
+# Edit this variable to point to
+# your soon-to-be-created key
+# directory.
+#
+# WARNING: clean-all will do
+# a rm -rf on this directory
+# so make sure you define
+# it correctly!
+export KEY_DIR="$EASY_RSA/keys"
+
+# Issue rm -rf warning
+echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
+
+# PKCS11 fixes
+export PKCS11_MODULE_PATH="dummy"
+export PKCS11_PIN="dummy"
+
+# Increase this to 2048 if you
+# are paranoid.  This will slow
+# down TLS negotiation performance
+# as well as the one-time DH parms
+# generation process.
+export KEY_SIZE=2048
+
+# In how many days should the root CA key expire?
+export CA_EXPIRE=3650
+
+# In how many days should certificates expire?
+export KEY_EXPIRE=3650
+
+# These are the default values for fields
+# which will be placed in the certificate.
+# Don't leave any of these fields blank.
+export KEY_COUNTRY="US"
+export KEY_PROVINCE="CA"
+export KEY_CITY="SanFrancisco"
+export KEY_ORG="Fort-Funston"
+export KEY_EMAIL="me@myhost.mydomain"
+export KEY_OU="MyOrganizationalUnit"
+
+# X509 Subject Field
+export KEY_NAME="EasyRSA"
+
+# PKCS11 Smart Card
+# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
+# export PKCS11_PIN=1234
+
+# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
+# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
+# export KEY_CN="CommonName"

SPR-BE/openvpn/gw-ckubu/easy-rsa/whichopensslcnf

@@ -0,0 +1 @@
+/usr/share/easy-rsa/whichopensslcnf

SPR-BE/openvpn/gw-ckubu/keys-created.txt

@@ -0,0 +1,4 @@
+
+key...............: gw-ckubu.key
+common name.......: VPN-SPR-gw-ckubu
+password..........: uoziengeeyiephu5voh7eothu1Aex8ar

SPR-BE/openvpn/gw-ckubu/keys/01.pem

@@ -0,0 +1,141 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-SPR/name=VPN SPR/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Mar 18 15:59:51 2018 GMT
+            Not After : Mar 18 15:59:51 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-SPR-server/name=VPN SPR/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:a3:49:18:ae:69:4f:5c:4a:34:b1:85:9a:4d:a5:
+                    ce:f6:2d:b5:6a:9e:40:27:02:3b:57:e0:75:ee:1c:
+                    fd:eb:20:56:eb:ed:24:f1:57:a5:cb:ad:0d:09:af:
+                    15:f3:9d:a4:67:8d:e5:a8:67:d5:1b:b8:36:f6:e6:
+                    9c:d3:e8:29:08:d6:8f:a3:5e:e1:e5:30:eb:07:bc:
+                    03:c2:95:a4:93:cc:19:86:c1:89:fb:9d:f5:38:9b:
+                    10:01:6b:74:d2:20:8e:4a:65:34:17:1a:85:39:d4:
+                    35:2b:04:f3:37:4f:f5:93:12:06:fa:c5:04:c3:73:
+                    30:30:1f:33:69:86:bc:60:cf:fb:38:ae:6f:8a:21:
+                    0e:76:35:7e:ba:0d:ad:ae:4c:6b:d0:cf:3b:73:a9:
+                    1e:58:cf:ce:bf:45:8c:52:75:ee:da:a3:f4:6c:24:
+                    8b:bd:b6:f2:db:59:fe:b7:7b:ef:8e:b8:30:ad:67:
+                    dc:bf:3d:ca:d6:e4:b3:86:bc:60:fc:f9:a5:ba:5a:
+                    0c:9d:c9:72:ec:ab:73:6d:2b:f5:9b:f0:a6:a5:c2:
+                    31:6c:5c:a6:54:47:1e:65:73:2b:47:80:bc:27:29:
+                    28:be:45:12:77:5c:44:51:cc:91:55:d3:36:5d:dd:
+                    f1:01:18:68:c5:08:de:ee:06:9b:0c:d3:a7:94:c7:
+                    99:75:c2:bb:f8:2e:19:46:db:d8:13:70:7d:a1:96:
+                    6e:21:8b:32:1b:d6:8d:74:4b:a9:1d:43:53:d2:11:
+                    3b:d9:63:b0:6a:ac:a8:e2:70:15:62:aa:c2:15:d2:
+                    1e:df:34:1e:45:3a:30:b7:54:1a:25:2f:73:c0:d8:
+                    1a:6d:8f:80:aa:7e:86:1a:84:e3:0a:c0:89:61:3f:
+                    fd:bd:19:40:b3:cb:de:2d:aa:97:af:dd:cd:a2:28:
+                    33:17:ae:50:bb:2b:00:d1:01:8a:25:32:56:d8:09:
+                    fd:58:22:fe:33:a1:f3:b5:16:cc:59:ca:d8:d3:8e:
+                    dc:62:13:25:05:c6:6a:02:fb:82:83:35:7b:e4:33:
+                    84:71:18:fa:bb:6e:48:3f:ec:be:72:a2:dd:38:bd:
+                    7a:69:89:28:6c:46:79:bf:34:30:39:5a:9f:a7:e3:
+                    9d:15:73:29:f3:24:f0:84:51:27:38:8a:20:5d:cd:
+                    d6:47:e8:2e:7c:6c:e1:8c:10:29:0a:79:96:24:fa:
+                    94:29:a1:6f:dc:d8:94:fd:d6:f7:62:24:6d:a5:cc:
+                    42:89:94:ee:8c:c4:19:31:0a:49:9d:e2:87:0a:29:
+                    cc:f0:b1:ab:8f:d8:11:71:46:de:2c:d3:a7:5b:2e:
+                    5c:f7:54:92:97:f8:1f:7b:42:23:b9:1e:47:0d:57:
+                    2a:24:bb
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Server
+            Netscape Comment: 
+                Easy-RSA Generated Server Certificate
+            X509v3 Subject Key Identifier: 
+                BD:B0:0D:2A:D9:8E:FF:E1:91:B4:A5:26:9C:C4:D3:E8:44:B2:BB:D5
+            X509v3 Authority Key Identifier: 
+                keyid:71:DD:B2:44:84:DE:FF:91:25:C8:97:E1:91:0E:58:3E:52:25:9F:AA
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-SPR/name=VPN SPR/emailAddress=argus@oopen.de
+                serial:CC:E1:89:CD:8C:F7:3F:7A
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+            X509v3 Subject Alternative Name: 
+                DNS:server
+    Signature Algorithm: sha256WithRSAEncryption
+         5a:36:4b:aa:dc:7c:3a:1d:93:f5:e3:d3:b4:cd:45:e9:ff:64:
+         9a:61:36:57:06:91:e7:39:24:cf:3c:4d:4a:3a:48:97:49:dc:
+         90:96:d4:4b:0c:35:a2:88:01:47:f6:a0:5a:74:71:cb:7d:08:
+         60:2f:4e:ba:de:99:20:e1:8e:75:d1:f6:96:69:9f:53:ed:e6:
+         7a:31:4a:e2:2a:10:10:94:1b:61:ac:e7:ee:f9:6a:37:ff:80:
+         49:12:35:f8:65:3e:1e:7d:9f:8a:31:cf:0b:31:cb:a2:37:d3:
+         7d:1c:41:cd:c9:0c:34:da:bf:5a:d5:52:da:6d:71:fa:37:10:
+         f1:73:02:5e:0d:01:34:ab:fb:88:5f:ea:ee:9e:e0:1a:e5:58:
+         e1:b7:f2:a6:01:62:bc:80:2c:42:c0:7a:b9:1d:9e:00:0a:bd:
+         87:d6:e4:a5:19:ba:65:c5:24:ba:e5:b7:a5:81:3d:34:b2:20:
+         1c:29:93:98:02:7f:1c:49:53:eb:c9:ef:73:35:cf:31:61:f8:
+         34:1f:cb:76:58:22:fe:4b:ab:93:b3:83:71:93:1a:5d:78:66:
+         29:3f:f4:f6:d5:4b:d5:ff:ff:f4:83:2d:f3:73:c3:d9:33:f2:
+         af:97:4f:f2:f3:f7:54:80:32:30:5b:b3:db:cb:a9:23:e0:df:
+         e1:d6:bd:db:3a:36:55:52:19:e7:1e:6e:72:0c:25:43:31:c3:
+         b5:01:27:af:72:85:e9:ab:ce:5a:62:8b:c0:73:be:67:52:56:
+         a2:6c:04:74:66:46:ab:fb:03:d3:3a:89:e9:7c:8a:0b:e5:d1:
+         01:52:00:41:f1:aa:fe:48:8b:ab:af:e1:4b:40:16:2e:f0:3e:
+         50:cb:6d:d9:bb:95:1f:f3:56:17:6e:67:aa:00:bd:da:9b:2c:
+         8c:b5:dc:3c:41:0d:87:7b:05:5a:6f:a5:a2:d2:cf:bb:a0:7e:
+         d5:aa:d1:cc:d8:57:9a:81:cb:ef:7f:ad:76:95:eb:65:6f:c0:
+         2e:21:61:fa:9c:6a:ee:f3:f9:d3:7a:9c:e1:5a:37:83:1d:61:
+         85:01:70:26:54:29:bf:52:50:7c:ff:5c:24:94:0a:5e:f5:37:
+         a8:36:2a:83:c8:d1:1a:ae:bb:19:b3:1b:a1:68:14:ef:33:a5:
+         7a:d1:b7:ff:74:d5:69:08:91:f7:f2:d6:e1:12:c2:17:70:e2:
+         13:f8:17:92:31:19:46:35:a9:13:79:f9:cf:2a:b9:8b:7a:2b:
+         b4:76:d0:0f:3b:75:0c:99:99:a7:dd:26:f1:da:82:7b:f7:d7:
+         67:8c:cc:c8:16:63:c9:c2:23:47:71:a1:cd:34:88:a9:8a:fa:
+         59:f3:1f:08:ab:e1:33:a6
+-----BEGIN CERTIFICATE-----
+MIIHRDCCBSygAwIBAgIBATANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1TUFIx
+EDAOBgNVBCkTB1ZQTiBTUFIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRl
+MB4XDTE4MDMxODE1NTk1MVoXDTM4MDMxODE1NTk1MVowgaUxCzAJBgNVBAYTAkRF
+MQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5v
+cGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRcwFQYDVQQDEw5WUE4tU1BS
+LXNlcnZlcjEQMA4GA1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
+b29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCjSRiuaU9c
+SjSxhZpNpc72LbVqnkAnAjtX4HXuHP3rIFbr7STxV6XLrQ0JrxXznaRnjeWoZ9Ub
+uDb25pzT6CkI1o+jXuHlMOsHvAPClaSTzBmGwYn7nfU4mxABa3TSII5KZTQXGoU5
+1DUrBPM3T/WTEgb6xQTDczAwHzNphrxgz/s4rm+KIQ52NX66Da2uTGvQzztzqR5Y
+z86/RYxSde7ao/RsJIu9tvLbWf63e++OuDCtZ9y/PcrW5LOGvGD8+aW6WgydyXLs
+q3NtK/Wb8KalwjFsXKZURx5lcytHgLwnKSi+RRJ3XERRzJFV0zZd3fEBGGjFCN7u
+BpsM06eUx5l1wrv4LhlG29gTcH2hlm4hizIb1o10S6kdQ1PSETvZY7BqrKjicBVi
+qsIV0h7fNB5FOjC3VBolL3PA2Bptj4CqfoYahOMKwIlhP/29GUCzy94tqpev3c2i
+KDMXrlC7KwDRAYolMlbYCf1YIv4zofO1FsxZytjTjtxiEyUFxmoC+4KDNXvkM4Rx
+GPq7bkg/7L5yot04vXppiShsRnm/NDA5Wp+n450VcynzJPCEUSc4iiBdzdZH6C58
+bOGMECkKeZYk+pQpoW/c2JT91vdiJG2lzEKJlO6MxBkxCkmd4ocKKczwsauP2BFx
+Rt4s06dbLlz3VJKX+B97QiO5HkcNVyokuwIDAQABo4IBgjCCAX4wCQYDVR0TBAIw
+ADARBglghkgBhvhCAQEEBAMCBkAwNAYJYIZIAYb4QgENBCcWJUVhc3ktUlNBIEdl
+bmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFL2wDSrZjv/hkbSl
+JpzE0+hEsrvVMIHTBgNVHSMEgcswgciAFHHdskSE3v+RJciX4ZEOWD5SJZ+qoYGk
+pIGhMIGeMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZC
+ZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNl
+czEQMA4GA1UEAxMHVlBOLVNQUjEQMA4GA1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3
+DQEJARYOYXJndXNAb29wZW4uZGWCCQDM4YnNjPc/ejATBgNVHSUEDDAKBggrBgEF
+BQcDATALBgNVHQ8EBAMCBaAwEQYDVR0RBAowCIIGc2VydmVyMA0GCSqGSIb3DQEB
+CwUAA4ICAQBaNkuq3Hw6HZP149O0zUXp/2SaYTZXBpHnOSTPPE1KOkiXSdyQltRL
+DDWiiAFH9qBadHHLfQhgL0663pkg4Y510faWaZ9T7eZ6MUriKhAQlBthrOfu+Wo3
+/4BJEjX4ZT4efZ+KMc8LMcuiN9N9HEHNyQw02r9a1VLabXH6NxDxcwJeDQE0q/uI
+X+runuAa5Vjht/KmAWK8gCxCwHq5HZ4ACr2H1uSlGbplxSS65belgT00siAcKZOY
+An8cSVPrye9zNc8xYfg0H8t2WCL+S6uTs4NxkxpdeGYpP/T21UvV///0gy3zc8PZ
+M/Kvl0/y8/dUgDIwW7Pby6kj4N/h1r3bOjZVUhnnHm5yDCVDMcO1ASevcoXpq85a
+YovAc75nUlaibAR0Zkar+wPTOonpfIoL5dEBUgBB8ar+SIurr+FLQBYu8D5Qy23Z
+u5Uf81YXbmeqAL3amyyMtdw8QQ2HewVab6Wi0s+7oH7VqtHM2Feagcvvf612letl
+b8AuIWH6nGru8/nTepzhWjeDHWGFAXAmVCm/UlB8/1wklApe9TeoNiqDyNEarrsZ
+sxuhaBTvM6V60bf/dNVpCJH38tbhEsIXcOIT+BeSMRlGNakTefnPKrmLeiu0dtAP
+O3UMmZmn3Sbx2oJ799dnjMzIFmPJwiNHcaHNNIipivpZ8x8Iq+Ezpg==
+-----END CERTIFICATE-----

SPR-BE/openvpn/gw-ckubu/keys/02.pem

@@ -0,0 +1,139 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-SPR/name=VPN SPR/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Mar 18 22:13:06 2018 GMT
+            Not After : Mar 18 22:13:06 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-SPR-gw-ckubu/name=VPN SPR/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:d9:a8:c0:d0:da:7f:53:f3:f8:00:92:ff:0f:03:
+                    cd:48:91:22:ee:e2:eb:27:ed:79:e5:81:9d:54:e1:
+                    e2:91:74:c2:69:9b:21:5e:ac:ab:b9:c5:5c:77:9f:
+                    20:d6:18:8e:ef:ec:cd:4e:43:8e:a9:b5:ef:9d:18:
+                    50:f2:95:98:98:bb:73:e0:8d:2a:44:2d:da:43:5a:
+                    f3:4a:8f:10:d6:99:e7:44:ee:40:05:a3:1e:02:20:
+                    54:2d:48:3e:99:23:93:ff:b6:74:89:38:ad:52:8f:
+                    c0:2d:01:da:aa:25:bc:7f:25:8f:55:57:82:de:a2:
+                    79:15:3a:0b:02:c2:b8:1e:49:b6:f2:9b:38:4c:f4:
+                    c0:24:b6:b0:22:8f:b1:cc:f4:47:ef:fd:8d:ff:bd:
+                    0c:00:7a:0a:bd:6d:e0:c9:1a:c0:9e:e1:de:69:f5:
+                    ec:dd:ed:99:f0:d4:ab:21:ab:de:17:fc:9e:f2:60:
+                    30:50:53:26:c4:4b:29:c8:1d:34:47:c3:50:66:13:
+                    d5:c2:79:f2:ba:8d:94:18:ec:b3:1d:b8:4f:62:af:
+                    fd:5e:f6:b6:f8:2f:d1:8f:3c:8c:34:0b:24:80:0e:
+                    fe:cc:2a:59:c6:1a:a8:a1:d0:02:fb:e6:83:7c:d8:
+                    7e:b8:b5:d1:5f:4c:b0:4c:4a:b3:07:c4:bc:62:e0:
+                    97:2f:b7:12:43:21:3e:e1:14:f4:9a:a2:f9:ce:66:
+                    e1:ac:0a:1b:1e:96:c3:46:20:24:99:21:80:7c:3e:
+                    0f:cf:fb:fc:48:e2:69:73:36:b1:5c:12:5a:28:d2:
+                    b5:84:66:7f:f2:e6:62:54:b6:4e:cd:fc:30:70:02:
+                    d1:68:d3:77:68:fc:88:e0:75:6b:87:63:0e:fd:a3:
+                    19:2b:f4:8a:ad:f3:a6:fe:b7:23:41:42:0e:a5:6a:
+                    4d:68:73:24:69:0c:b1:4a:30:93:80:32:5a:b9:ca:
+                    36:c3:1f:0b:86:47:1b:67:3c:0d:38:40:02:e2:96:
+                    fc:e3:ae:fa:16:a6:18:09:14:b8:d0:ba:49:83:21:
+                    19:9b:ac:fd:5a:0f:26:e7:45:e6:fa:7e:e4:09:2d:
+                    84:0a:3f:37:9c:0f:c4:89:bf:9d:62:57:57:c3:6b:
+                    f4:27:76:e1:32:1b:ed:37:97:e8:44:96:0a:46:4c:
+                    b3:f3:b7:d4:15:b1:25:9f:77:9f:93:ef:ea:e1:0f:
+                    94:1a:75:6e:1e:68:8f:af:45:da:f5:66:f6:46:a5:
+                    f1:89:a9:3b:c8:e4:bb:0c:ee:c0:98:2c:ed:fd:f4:
+                    d1:a8:86:f8:92:45:f8:fc:fa:f3:0f:f9:07:5e:f4:
+                    a6:0b:ae:c9:bc:aa:f1:44:0d:24:98:58:33:2a:3d:
+                    2f:d9:c1
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                13:52:C6:BA:47:03:D1:DF:AE:FB:87:8E:FB:8A:66:74:D7:91:D3:76
+            X509v3 Authority Key Identifier: 
+                keyid:71:DD:B2:44:84:DE:FF:91:25:C8:97:E1:91:0E:58:3E:52:25:9F:AA
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-SPR/name=VPN SPR/emailAddress=argus@oopen.de
+                serial:CC:E1:89:CD:8C:F7:3F:7A
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:gw-ckubu
+    Signature Algorithm: sha256WithRSAEncryption
+         40:c6:2a:2c:27:c7:69:e5:54:1e:15:a4:af:87:e1:f1:3a:29:
+         82:e3:a8:60:a9:64:b9:62:47:15:c3:d9:5f:f3:2f:05:ed:eb:
+         78:58:18:c3:d4:c5:49:aa:ab:e9:e7:40:02:33:6d:17:8e:7f:
+         8f:f7:6a:fc:2e:6a:83:1c:87:c3:c6:99:b4:dd:a1:98:9c:e5:
+         0c:6e:d0:5c:0d:ed:fd:b8:79:e9:98:b8:4b:42:f1:1e:a3:ac:
+         b5:47:7d:fb:82:98:d5:fe:9f:de:13:f4:5c:3c:76:1e:59:e0:
+         16:3d:5b:72:47:af:ad:b2:e4:29:11:13:4d:d5:4d:68:22:bb:
+         89:d1:96:e9:27:c3:22:45:60:57:23:f2:9f:21:ea:4b:7d:a8:
+         8a:12:a5:c6:8e:4d:fc:ab:85:45:20:c6:ee:27:8c:40:82:c3:
+         b6:63:65:b2:ef:69:6a:b8:93:94:9e:6b:dc:c1:2f:fe:69:f6:
+         98:49:56:f8:26:64:17:e2:a0:c5:ca:6d:8a:e0:f4:c5:2e:9d:
+         6c:4c:0c:9d:be:0d:17:4b:bd:5e:f0:5b:00:72:1e:b3:21:7d:
+         b6:7b:d4:a3:c0:78:91:7c:32:c5:d1:e9:61:da:1d:3c:dc:92:
+         a3:a1:d2:5f:0e:e4:13:f3:53:4e:c8:27:18:4a:87:61:c8:da:
+         3a:1a:65:f1:1f:e5:d7:fd:f4:04:6d:1f:bc:94:8b:da:9b:db:
+         f3:a0:a9:47:b6:b8:5f:d9:e8:c0:d4:ba:e8:a9:a0:af:79:3c:
+         00:9f:f3:2b:c6:18:4a:6b:ce:a0:04:ba:ca:12:92:f5:c9:02:
+         44:c7:05:a8:cd:3d:97:f7:33:dd:3d:5a:ac:b4:0b:ca:d1:54:
+         2d:3a:fb:2f:40:4f:54:e8:6d:ad:f2:4d:bd:b0:50:43:85:43:
+         8b:f0:24:af:88:c2:2d:dd:d7:ac:da:ea:fc:d9:02:b1:20:a6:
+         28:f6:99:ee:51:55:b9:70:56:84:83:96:a6:d3:4c:a3:7f:a1:
+         b4:ce:9b:75:6b:da:d0:57:d4:d0:9d:55:a4:2e:c3:05:93:70:
+         09:a3:ce:e3:1d:f9:b9:6e:10:e3:a7:94:17:c0:4e:e2:dd:9d:
+         17:60:64:00:34:2d:bb:50:03:13:9c:a5:d5:2c:c5:1e:8a:c7:
+         25:c5:aa:5a:3b:c0:f7:9f:c7:b1:89:29:e4:da:02:dd:14:e7:
+         42:70:ef:a8:13:03:0c:53:81:d8:32:06:ea:25:f7:df:29:66:
+         17:b2:b8:56:af:8c:7f:4a:99:66:3f:ab:53:7e:5b:23:ad:3e:
+         01:77:d1:58:db:a4:33:5f:19:71:fc:cc:58:79:e8:bc:85:b4:
+         1c:5d:a6:3b:95:49:41:23
+-----BEGIN CERTIFICATE-----
+MIIHLjCCBRagAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1TUFIx
+EDAOBgNVBCkTB1ZQTiBTUFIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRl
+MB4XDTE4MDMxODIyMTMwNloXDTM4MDMxODIyMTMwNlowgacxCzAJBgNVBAYTAkRF
+MQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5v
+cGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRkwFwYDVQQDExBWUE4tU1BS
+LWd3LWNrdWJ1MRAwDgYDVQQpEwdWUE4gU1BSMR0wGwYJKoZIhvcNAQkBFg5hcmd1
+c0Bvb3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANmowNDa
+f1Pz+ACS/w8DzUiRIu7i6yfteeWBnVTh4pF0wmmbIV6sq7nFXHefINYYju/szU5D
+jqm1750YUPKVmJi7c+CNKkQt2kNa80qPENaZ50TuQAWjHgIgVC1IPpkjk/+2dIk4
+rVKPwC0B2qolvH8lj1VXgt6ieRU6CwLCuB5JtvKbOEz0wCS2sCKPscz0R+/9jf+9
+DAB6Cr1t4MkawJ7h3mn17N3tmfDUqyGr3hf8nvJgMFBTJsRLKcgdNEfDUGYT1cJ5
+8rqNlBjssx24T2Kv/V72tvgv0Y88jDQLJIAO/swqWcYaqKHQAvvmg3zYfri10V9M
+sExKswfEvGLgly+3EkMhPuEU9Jqi+c5m4awKGx6Ww0YgJJkhgHw+D8/7/EjiaXM2
+sVwSWijStYRmf/LmYlS2Ts38MHAC0WjTd2j8iOB1a4djDv2jGSv0iq3zpv63I0FC
+DqVqTWhzJGkMsUowk4AyWrnKNsMfC4ZHG2c8DThAAuKW/OOu+hamGAkUuNC6SYMh
+GZus/VoPJudF5vp+5AkthAo/N5wPxIm/nWJXV8Nr9Cd24TIb7TeX6ESWCkZMs/O3
+1BWxJZ93n5Pv6uEPlBp1bh5oj69F2vVm9kal8YmpO8jkuwzuwJgs7f300aiG+JJF
++Pz68w/5B170pguuybyq8UQNJJhYMyo9L9nBAgMBAAGjggFqMIIBZjAJBgNVHRME
+AjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNh
+dGUwHQYDVR0OBBYEFBNSxrpHA9HfrvuHjvuKZnTXkdN2MIHTBgNVHSMEgcswgciA
+FHHdskSE3v+RJciX4ZEOWD5SJZ+qoYGkpIGhMIGeMQswCQYDVQQGEwJERTEPMA0G
+A1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZ
+MBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLVNQUjEQMA4G
+A1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDM
+4YnNjPc/ejATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEwYDVR0R
+BAwwCoIIZ3ctY2t1YnUwDQYJKoZIhvcNAQELBQADggIBAEDGKiwnx2nlVB4VpK+H
+4fE6KYLjqGCpZLliRxXD2V/zLwXt63hYGMPUxUmqq+nnQAIzbReOf4/3avwuaoMc
+h8PGmbTdoZic5Qxu0FwN7f24eemYuEtC8R6jrLVHffuCmNX+n94T9Fw8dh5Z4BY9
+W3JHr62y5CkRE03VTWgiu4nRluknwyJFYFcj8p8h6kt9qIoSpcaOTfyrhUUgxu4n
+jECCw7ZjZbLvaWq4k5Sea9zBL/5p9phJVvgmZBfioMXKbYrg9MUunWxMDJ2+DRdL
+vV7wWwByHrMhfbZ71KPAeJF8MsXR6WHaHTzckqOh0l8O5BPzU07IJxhKh2HI2joa
+ZfEf5df99ARtH7yUi9qb2/OgqUe2uF/Z6MDUuuipoK95PACf8yvGGEprzqAEusoS
+kvXJAkTHBajNPZf3M909Wqy0C8rRVC06+y9AT1Toba3yTb2wUEOFQ4vwJK+Iwi3d
+16za6vzZArEgpij2me5RVblwVoSDlqbTTKN/obTOm3Vr2tBX1NCdVaQuwwWTcAmj
+zuMd+bluEOOnlBfATuLdnRdgZAA0LbtQAxOcpdUsxR6KxyXFqlo7wPefx7GJKeTa
+At0U50Jw76gTAwxTgdgyBuol998pZheyuFavjH9KmWY/q1N+WyOtPgF30VjbpDNf
+GXH8zFh56LyFtBxdpjuVSUEj
+-----END CERTIFICATE-----

SPR-BE/openvpn/gw-ckubu/keys/ca.crt

@@ -0,0 +1,39 @@
+-----BEGIN CERTIFICATE-----
+MIIGzDCCBLSgAwIBAgIJAMzhic2M9z96MA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMH
+VlBOLVNQUjEQMA4GA1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
+b29wZW4uZGUwIBcNMTgwMzE4MTM1NDAzWhgPMjA1MDAzMTgxMzU0MDNaMIGeMQsw
+CQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzAN
+BgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UE
+AxMHVlBOLVNQUjEQMA4GA1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3DQEJARYOYXJn
+dXNAb29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDU3Y3K
+UW+th51pqc+MttFyQNVQ+TwGUFptpoES5KIDqXifbqQfTLNUch1us+C0e6qt6B/t
+ZSotqwAqBgA9bT4ws02sMP2U7U0+sn+rxvb9H/6Q0H4KixfsyTTxqrstEphEE2aF
+eC9L3Z4QlJuafsuUWIxT9LW1KnaPV5CIDz/cJZIO/Xc7/TRyiO0ylgf6+br2zAFH
+Rm8Tnr1TDUm2ftB0ukG2wsmGhd/+lXPBrXWwC83NBYjFi0o9OZZmAUekyNWUTHQY
+UJ1fLJAPLdpoVuxbV0BK6HQdpRvj4KyMBt/kEcGMXSLuAr1/848wI1EI8AuFyaZV
+RQdnS6yHxZ4+Mi8YSdXEj+nb/SwBGxz9kmmVUQCTlPm/B4Y5I+3ivS9PxihpSwHo
+zJkr8tr+xwfnFXSXB3wPdYu9rD8KmY3/uDYy9iWLg0/xW6keL4luDCVNjltMjc0x
+03MOpv9cjN2eBwGyU2dHyyfDPSqSsQi9FZeWmgCzwJ0rL4WywDRc5paXbaWtzdqQ
+98gVox7lFbmQIE5VoFc4VTKEIY9D/cLdmZpWzPHOn3vPEc5eAFKb5qZv2IlN420Q
+CSCFJAb5orrIj9ALAIvFXfvTv5o7G+ZEvk4eMP39nK1ZXc6/cL7/IapPfy3/vUs0
+tEph6pRHP39bcH9pxVAA7WkTS5ZEUshA7NrUEwIDAQABo4IBBzCCAQMwHQYDVR0O
+BBYEFHHdskSE3v+RJciX4ZEOWD5SJZ+qMIHTBgNVHSMEgcswgciAFHHdskSE3v+R
+JciX4ZEOWD5SJZ+qoYGkpIGhMIGeMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVy
+bGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQ
+TmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLVNQUjEQMA4GA1UEKRMHVlBO
+IFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDM4YnNjPc/ejAM
+BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQB1cA8o2Fo78xQ8jRdyfbvK
+GFH8+SMoOh/8qxj9prk0kLYAro5QnzEBmftHhf3sXevEAUWpr77VL1FxhTXgKUp2
+S06S/meC24M/KclxM+W/7AuG9yrJuW122l61OuWUcDWA24oj0KG896Mbw13ieeWS
+7XmC1YU5Lix3wiWnjD7QZ+E4dg09z722+zwUi1UwRekzJZmB8pTHHmbX4Yig/K27
+STnxQEiVZzlzcvjY6QvC3Sj/aA3YCSNl0bsSwH6GwXXJZ3BEKmm6w+ZRQMTz7+72
+q0ybGf43XH4sj2OBm1YvCD8LehygPy2uJYlDxG8zRq2kxYxiWLbncs1x9Acusd7l
+Te+k8YArRTqsWLN5Q47sGO4H1clz4ay80TTuz4Vc6JQ3banHDmMFV2nMsR2YtKX6
+lKD3lXvMU04ZvZe2SolP1uTto3Jw3cNarigj/nHjn5s16uvy6Q3x4TyVUqyAOqrG
+cuGrbYAEqtVnMrrovGZTj73HSwAx2PD+3jJKZH+suwBIijNL90wbkNlsNHlNcQeQ
+zQAlYRBdCYWFU+7d86kUWYYrActGZc2MJmBZzZ/Tt7YoOIw6NMnWcpMMTUV+zToP
+WWrD5OMDc7EX9BmMg7uif46UF6ol2puGXpQIF/yVRbFk1IiPwhc1ZyCuh+1ugh5+
+CZSTeKgLDVjfXlqH1ErAvQ==
+-----END CERTIFICATE-----

SPR-BE/openvpn/gw-ckubu/keys/ca.key

@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDU3Y3KUW+th51p
+qc+MttFyQNVQ+TwGUFptpoES5KIDqXifbqQfTLNUch1us+C0e6qt6B/tZSotqwAq
+BgA9bT4ws02sMP2U7U0+sn+rxvb9H/6Q0H4KixfsyTTxqrstEphEE2aFeC9L3Z4Q
+lJuafsuUWIxT9LW1KnaPV5CIDz/cJZIO/Xc7/TRyiO0ylgf6+br2zAFHRm8Tnr1T
+DUm2ftB0ukG2wsmGhd/+lXPBrXWwC83NBYjFi0o9OZZmAUekyNWUTHQYUJ1fLJAP
+LdpoVuxbV0BK6HQdpRvj4KyMBt/kEcGMXSLuAr1/848wI1EI8AuFyaZVRQdnS6yH
+xZ4+Mi8YSdXEj+nb/SwBGxz9kmmVUQCTlPm/B4Y5I+3ivS9PxihpSwHozJkr8tr+
+xwfnFXSXB3wPdYu9rD8KmY3/uDYy9iWLg0/xW6keL4luDCVNjltMjc0x03MOpv9c
+jN2eBwGyU2dHyyfDPSqSsQi9FZeWmgCzwJ0rL4WywDRc5paXbaWtzdqQ98gVox7l
+FbmQIE5VoFc4VTKEIY9D/cLdmZpWzPHOn3vPEc5eAFKb5qZv2IlN420QCSCFJAb5
+orrIj9ALAIvFXfvTv5o7G+ZEvk4eMP39nK1ZXc6/cL7/IapPfy3/vUs0tEph6pRH
+P39bcH9pxVAA7WkTS5ZEUshA7NrUEwIDAQABAoICAGlmxyXOCzFuvFgsuFOh1rXv
+OnEc6EbsFMrErpbvVPXhPZQcUfIZpZaD5uUA9pwHvCzeiqie9jKkwLEORaIk7K1q
+q2Q+4eGTWzNXaXZiT7xo0kFcq3yHATLDMo8Tjhk0YucagCJIr4quUu082Iu4iw+K
+hPmxayQowYoavrtQabuVcuwvP5IZv5WTDXiF56+zZot72oozax7Y9EAijURrKMcT
+zyQy8VzF/3LtB+N4A5VHUwFY4y+F2B3W3QznR1VmCLOk47uCd1pAE5kgiEwv9lsI
+KhKtZYmkTtoYTvgLE2O4ExFwsLIP80tfC6C3bBGz4tC9V7pTMuZIB0c3aDK94KkL
+geojeQg/D81yRzrIImcQDW+6asJJBdV6fdjeWW7oMG6pvweg5xKG53dUgqrcC4yz
+EC4mMO4MF4oTUnOv2yYnQOA2GIy7myf87rFKonqB6vzlA7KoE7aOvX3ZTiuydBZ+
+StIZ6aJIK7IINa/4QE1TZBLG51GO+u8SE8BMlm96HB//TVp+AmgtrXlqlbREfYHk
+CgUB4aIYsvtcfBoy/T0tWREByIFBTDZMO68Ifcaspvys62y1H879BmKTGiq9XCX/
+PPQduHUBzcS1wUmnRerSOyvhqqsOvJMEXjbQAJP2J8mBWd8TLaQWtftFb7Y4XXjt
+lTsjK5+a+Vux+bugK4rZAoIBAQD5Mvwd9ETTGrW33Gss2u5GswzFIWQymjYHaXlJ
+j9YgqmUMRnClBFRCODmBONjw5A866/adXi5N8ZZAxCQUOnrCLJ0TdMb5JnhcH//G
+dPHO2iiZV+JUsZbOaxD9m2SPogStqSGVt9i1CRyVC/SWGAxgKdHB52kEfDp/PhOH
+dY5iH+kPaPvQd7DSrIjuY9vqlavDAMZ4Wf/Pigeh1/j1LvALZoqb0fAj/qD81U9W
++4BnPBQz/fMhOTu/z+lUC5T4l2WT5zmQ89knkSeUOboCjQ9Int9FH8DFGXY0YKmC
+5y9HBt1xypWesnqGCCESiU8lWXvM5T3V6zXyOHpF/72+p/e9AoIBAQDarLnG24Ef
+SoIQgEgOuTwajsjducGl/YuHtz6fKLD1OtAbQDYmQCUSUraJXFtYVe0sZa1dQPj3
+yGJ0whJW1Po8tIAIfacjJ/gQ6F4xNhqxmbcxGEvMDCWFyyxKOTcmY4tT/Q00Cv4z
+Oz+RGWD1Mnw90fFs+KLe7gAfbZgXZ/CDriSEyBPGLARZYCrpQ74FogUGAVcAhZb9
+l/2vxaMBr4EVkuIrpd7yP8tWEdnta4ACeW6CcX2KIAGi12o6Z35RO4nfo3BZszUy
+pnA4Lau2TmzSqV3/hn2M6tJP9mXaiF7HnvGw2t+/o5nTv2clBm2L2MZOEpNANS3J
+YUVVb5W+XZAPAoIBAQCgZb+/bAWMt6l1YaueYIB0AzVaAUckBvx1wt7tiWZy+ho2
+T3Sb0nCFevkQgs2oJ7Lh4xWGbyNwyepDX7w1RPrU1rB34Hdd0PQxn+sbCxTFZsgx
+A09L4k7GKEX0ZrvQc6F9Qdq7Km2TAP1jtiFFJs94ahJ4M4H2ABwK4KLjUrhF0nJJ
+l/JVWWT4BVPR1XasxI+c4Xfd6VftdtO4yXGWJxMc03CuIO/nyzJF6uq5ewJH8HS0
+jmWa4eLicGmnzhih9ZjNHUyBT2Nbw2NtVcazc6X9wTzGmkyS0POzfPA+sJ1Oo02P
+u6yYTBrvAHaBHt5RlQpJdNhbQ50iflW9joHMIQMlAoIBAQDU/ucZjhcQPoe/wOPv
+C3hCug9nARdhMjylXdSuPHlY9Adec8YKrfIuDcjktMP4oAGbfBJIQg//cfyMk7g/
+QcXYOUx4eMPC15ymA2Az+Oo5UWuBc5Po1W/7CTJDvcU9LDq6/UHODmMZzb0V/S1W
+x+0CXisVpH0oPZR7CEnbio9YA9hoSWYRYjB+SdCiUyyU2gKgnc97n6O5sUEV46Dp
+9GP8eoy4TSGCvqa1WD/4JPyT7Gm6vwaz8ocFcWN0Lfh48VBTOCQoCwlnI30tCzc1
+JOCUtQns6bgC+XsPDgaZvLjtIaFzTU4hoR4lhUrXYpJzZBuMUkWBhgrqG0fodv7Z
+ZNL7AoIBAFiZkq/ccCajhfGw/3XJaGsT9n+X5IZFr4HwK8ucZhVsBidrV7MVT/iU
+gzmicc0vj3gktvUJt4WpwYxkneriS0Pxlf9yPny499TczgVgkqxaLVdFTUNPE4zv
+MIhvqgtyaSBo1sG9zP01hk7sdUroSnn28TOAPnLXCPgRvdK5q78NflsztokHMGnf
+48RE4kEs8x+1u1xHOOe1SwXSeGjQ2HCiEtHjcHuCkeyIMuc3g7ihHAkflKx3jdRd
+KbQNVAvuMy+9lUzUXgXWbbk3sU27WGP87pP5D+BlAEA2ZeJ+CmxV+jy+9MEVFVi0
+liKWQWNz50yAIjjVr0jSOoWfnCLxXb4=
+-----END PRIVATE KEY-----

SPR-BE/openvpn/gw-ckubu/keys/crl.pem

@@ -0,0 +1 @@
+../crl.pem

SPR-BE/openvpn/gw-ckubu/keys/dh4096.pem

@@ -0,0 +1,13 @@
+-----BEGIN DH PARAMETERS-----
+MIICCAKCAgEA8AcG6srQW5kZUMnDpQ3FlcyKqlJ4qL10h72+PfKfbXeKwg3a5n0v
+kiUIFNSsPZ9Zei9mpEVvVAfy9y1WeewVzvTN+rp5W5gUfMDZHJLSMZt038iWeEhK
+x2Regp3Bb+2suBrG53YfVmKLjxyrtb5lZc25YJWnholXMaf19dCl7B301vLKS5dA
+RXhHqHWrzZ8Mr6Z1IijOZyOY9tK4zpACS/5qs+lPNam89WdTxdRfwNuxdyDWpWV2
+NL5pIJ3D81gslw68bNqVVO2GGjIJlG33CxgvkyR8/WC5YyhkGhufQzyMxmFHeaVb
+bsgF57LhjDCKz7HmmNnwhJJnfoeYis3BGHJsTO2tDh4bxJeyNqtqvAnh0DnK1KED
+QExIcnCrx7UcaoeFZTtYfRzwPejfB3lhlXckvVHcKiDZvCotCJRXyYQJVQja5mYS
+k8a4Qbxx07h94FeEXErHKsLcLqzKXa+RzX07+yzwgWsphWFtmeBroOUzVr+dCtK4
+YLzYcZYq+LBMtl7d6NXXsFS1P5Rw5iu0G1o7CuiXeez6bsoj622gghhc23d727Nx
+phmv74FINMjJsdraJShpwuYwbwVQCevfvE3FddDf/eR5WMqLx1EdpX3WT+udGQ3l
+2oVss5bY7eMFtNnT1eX7G8C9iUSWC9kJEu5ERA8JS0x6eb3pcAy+lWsCAQI=
+-----END DH PARAMETERS-----

SPR-BE/openvpn/gw-ckubu/keys/gw-ckubu.crt

@@ -0,0 +1,139 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-SPR/name=VPN SPR/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Mar 18 22:13:06 2018 GMT
+            Not After : Mar 18 22:13:06 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-SPR-gw-ckubu/name=VPN SPR/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:d9:a8:c0:d0:da:7f:53:f3:f8:00:92:ff:0f:03:
+                    cd:48:91:22:ee:e2:eb:27:ed:79:e5:81:9d:54:e1:
+                    e2:91:74:c2:69:9b:21:5e:ac:ab:b9:c5:5c:77:9f:
+                    20:d6:18:8e:ef:ec:cd:4e:43:8e:a9:b5:ef:9d:18:
+                    50:f2:95:98:98:bb:73:e0:8d:2a:44:2d:da:43:5a:
+                    f3:4a:8f:10:d6:99:e7:44:ee:40:05:a3:1e:02:20:
+                    54:2d:48:3e:99:23:93:ff:b6:74:89:38:ad:52:8f:
+                    c0:2d:01:da:aa:25:bc:7f:25:8f:55:57:82:de:a2:
+                    79:15:3a:0b:02:c2:b8:1e:49:b6:f2:9b:38:4c:f4:
+                    c0:24:b6:b0:22:8f:b1:cc:f4:47:ef:fd:8d:ff:bd:
+                    0c:00:7a:0a:bd:6d:e0:c9:1a:c0:9e:e1:de:69:f5:
+                    ec:dd:ed:99:f0:d4:ab:21:ab:de:17:fc:9e:f2:60:
+                    30:50:53:26:c4:4b:29:c8:1d:34:47:c3:50:66:13:
+                    d5:c2:79:f2:ba:8d:94:18:ec:b3:1d:b8:4f:62:af:
+                    fd:5e:f6:b6:f8:2f:d1:8f:3c:8c:34:0b:24:80:0e:
+                    fe:cc:2a:59:c6:1a:a8:a1:d0:02:fb:e6:83:7c:d8:
+                    7e:b8:b5:d1:5f:4c:b0:4c:4a:b3:07:c4:bc:62:e0:
+                    97:2f:b7:12:43:21:3e:e1:14:f4:9a:a2:f9:ce:66:
+                    e1:ac:0a:1b:1e:96:c3:46:20:24:99:21:80:7c:3e:
+                    0f:cf:fb:fc:48:e2:69:73:36:b1:5c:12:5a:28:d2:
+                    b5:84:66:7f:f2:e6:62:54:b6:4e:cd:fc:30:70:02:
+                    d1:68:d3:77:68:fc:88:e0:75:6b:87:63:0e:fd:a3:
+                    19:2b:f4:8a:ad:f3:a6:fe:b7:23:41:42:0e:a5:6a:
+                    4d:68:73:24:69:0c:b1:4a:30:93:80:32:5a:b9:ca:
+                    36:c3:1f:0b:86:47:1b:67:3c:0d:38:40:02:e2:96:
+                    fc:e3:ae:fa:16:a6:18:09:14:b8:d0:ba:49:83:21:
+                    19:9b:ac:fd:5a:0f:26:e7:45:e6:fa:7e:e4:09:2d:
+                    84:0a:3f:37:9c:0f:c4:89:bf:9d:62:57:57:c3:6b:
+                    f4:27:76:e1:32:1b:ed:37:97:e8:44:96:0a:46:4c:
+                    b3:f3:b7:d4:15:b1:25:9f:77:9f:93:ef:ea:e1:0f:
+                    94:1a:75:6e:1e:68:8f:af:45:da:f5:66:f6:46:a5:
+                    f1:89:a9:3b:c8:e4:bb:0c:ee:c0:98:2c:ed:fd:f4:
+                    d1:a8:86:f8:92:45:f8:fc:fa:f3:0f:f9:07:5e:f4:
+                    a6:0b:ae:c9:bc:aa:f1:44:0d:24:98:58:33:2a:3d:
+                    2f:d9:c1
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                13:52:C6:BA:47:03:D1:DF:AE:FB:87:8E:FB:8A:66:74:D7:91:D3:76
+            X509v3 Authority Key Identifier: 
+                keyid:71:DD:B2:44:84:DE:FF:91:25:C8:97:E1:91:0E:58:3E:52:25:9F:AA
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-SPR/name=VPN SPR/emailAddress=argus@oopen.de
+                serial:CC:E1:89:CD:8C:F7:3F:7A
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:gw-ckubu
+    Signature Algorithm: sha256WithRSAEncryption
+         40:c6:2a:2c:27:c7:69:e5:54:1e:15:a4:af:87:e1:f1:3a:29:
+         82:e3:a8:60:a9:64:b9:62:47:15:c3:d9:5f:f3:2f:05:ed:eb:
+         78:58:18:c3:d4:c5:49:aa:ab:e9:e7:40:02:33:6d:17:8e:7f:
+         8f:f7:6a:fc:2e:6a:83:1c:87:c3:c6:99:b4:dd:a1:98:9c:e5:
+         0c:6e:d0:5c:0d:ed:fd:b8:79:e9:98:b8:4b:42:f1:1e:a3:ac:
+         b5:47:7d:fb:82:98:d5:fe:9f:de:13:f4:5c:3c:76:1e:59:e0:
+         16:3d:5b:72:47:af:ad:b2:e4:29:11:13:4d:d5:4d:68:22:bb:
+         89:d1:96:e9:27:c3:22:45:60:57:23:f2:9f:21:ea:4b:7d:a8:
+         8a:12:a5:c6:8e:4d:fc:ab:85:45:20:c6:ee:27:8c:40:82:c3:
+         b6:63:65:b2:ef:69:6a:b8:93:94:9e:6b:dc:c1:2f:fe:69:f6:
+         98:49:56:f8:26:64:17:e2:a0:c5:ca:6d:8a:e0:f4:c5:2e:9d:
+         6c:4c:0c:9d:be:0d:17:4b:bd:5e:f0:5b:00:72:1e:b3:21:7d:
+         b6:7b:d4:a3:c0:78:91:7c:32:c5:d1:e9:61:da:1d:3c:dc:92:
+         a3:a1:d2:5f:0e:e4:13:f3:53:4e:c8:27:18:4a:87:61:c8:da:
+         3a:1a:65:f1:1f:e5:d7:fd:f4:04:6d:1f:bc:94:8b:da:9b:db:
+         f3:a0:a9:47:b6:b8:5f:d9:e8:c0:d4:ba:e8:a9:a0:af:79:3c:
+         00:9f:f3:2b:c6:18:4a:6b:ce:a0:04:ba:ca:12:92:f5:c9:02:
+         44:c7:05:a8:cd:3d:97:f7:33:dd:3d:5a:ac:b4:0b:ca:d1:54:
+         2d:3a:fb:2f:40:4f:54:e8:6d:ad:f2:4d:bd:b0:50:43:85:43:
+         8b:f0:24:af:88:c2:2d:dd:d7:ac:da:ea:fc:d9:02:b1:20:a6:
+         28:f6:99:ee:51:55:b9:70:56:84:83:96:a6:d3:4c:a3:7f:a1:
+         b4:ce:9b:75:6b:da:d0:57:d4:d0:9d:55:a4:2e:c3:05:93:70:
+         09:a3:ce:e3:1d:f9:b9:6e:10:e3:a7:94:17:c0:4e:e2:dd:9d:
+         17:60:64:00:34:2d:bb:50:03:13:9c:a5:d5:2c:c5:1e:8a:c7:
+         25:c5:aa:5a:3b:c0:f7:9f:c7:b1:89:29:e4:da:02:dd:14:e7:
+         42:70:ef:a8:13:03:0c:53:81:d8:32:06:ea:25:f7:df:29:66:
+         17:b2:b8:56:af:8c:7f:4a:99:66:3f:ab:53:7e:5b:23:ad:3e:
+         01:77:d1:58:db:a4:33:5f:19:71:fc:cc:58:79:e8:bc:85:b4:
+         1c:5d:a6:3b:95:49:41:23
+-----BEGIN CERTIFICATE-----
+MIIHLjCCBRagAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1TUFIx
+EDAOBgNVBCkTB1ZQTiBTUFIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRl
+MB4XDTE4MDMxODIyMTMwNloXDTM4MDMxODIyMTMwNlowgacxCzAJBgNVBAYTAkRF
+MQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5v
+cGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRkwFwYDVQQDExBWUE4tU1BS
+LWd3LWNrdWJ1MRAwDgYDVQQpEwdWUE4gU1BSMR0wGwYJKoZIhvcNAQkBFg5hcmd1
+c0Bvb3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANmowNDa
+f1Pz+ACS/w8DzUiRIu7i6yfteeWBnVTh4pF0wmmbIV6sq7nFXHefINYYju/szU5D
+jqm1750YUPKVmJi7c+CNKkQt2kNa80qPENaZ50TuQAWjHgIgVC1IPpkjk/+2dIk4
+rVKPwC0B2qolvH8lj1VXgt6ieRU6CwLCuB5JtvKbOEz0wCS2sCKPscz0R+/9jf+9
+DAB6Cr1t4MkawJ7h3mn17N3tmfDUqyGr3hf8nvJgMFBTJsRLKcgdNEfDUGYT1cJ5
+8rqNlBjssx24T2Kv/V72tvgv0Y88jDQLJIAO/swqWcYaqKHQAvvmg3zYfri10V9M
+sExKswfEvGLgly+3EkMhPuEU9Jqi+c5m4awKGx6Ww0YgJJkhgHw+D8/7/EjiaXM2
+sVwSWijStYRmf/LmYlS2Ts38MHAC0WjTd2j8iOB1a4djDv2jGSv0iq3zpv63I0FC
+DqVqTWhzJGkMsUowk4AyWrnKNsMfC4ZHG2c8DThAAuKW/OOu+hamGAkUuNC6SYMh
+GZus/VoPJudF5vp+5AkthAo/N5wPxIm/nWJXV8Nr9Cd24TIb7TeX6ESWCkZMs/O3
+1BWxJZ93n5Pv6uEPlBp1bh5oj69F2vVm9kal8YmpO8jkuwzuwJgs7f300aiG+JJF
++Pz68w/5B170pguuybyq8UQNJJhYMyo9L9nBAgMBAAGjggFqMIIBZjAJBgNVHRME
+AjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNh
+dGUwHQYDVR0OBBYEFBNSxrpHA9HfrvuHjvuKZnTXkdN2MIHTBgNVHSMEgcswgciA
+FHHdskSE3v+RJciX4ZEOWD5SJZ+qoYGkpIGhMIGeMQswCQYDVQQGEwJERTEPMA0G
+A1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZ
+MBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLVNQUjEQMA4G
+A1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDM
+4YnNjPc/ejATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEwYDVR0R
+BAwwCoIIZ3ctY2t1YnUwDQYJKoZIhvcNAQELBQADggIBAEDGKiwnx2nlVB4VpK+H
+4fE6KYLjqGCpZLliRxXD2V/zLwXt63hYGMPUxUmqq+nnQAIzbReOf4/3avwuaoMc
+h8PGmbTdoZic5Qxu0FwN7f24eemYuEtC8R6jrLVHffuCmNX+n94T9Fw8dh5Z4BY9
+W3JHr62y5CkRE03VTWgiu4nRluknwyJFYFcj8p8h6kt9qIoSpcaOTfyrhUUgxu4n
+jECCw7ZjZbLvaWq4k5Sea9zBL/5p9phJVvgmZBfioMXKbYrg9MUunWxMDJ2+DRdL
+vV7wWwByHrMhfbZ71KPAeJF8MsXR6WHaHTzckqOh0l8O5BPzU07IJxhKh2HI2joa
+ZfEf5df99ARtH7yUi9qb2/OgqUe2uF/Z6MDUuuipoK95PACf8yvGGEprzqAEusoS
+kvXJAkTHBajNPZf3M909Wqy0C8rRVC06+y9AT1Toba3yTb2wUEOFQ4vwJK+Iwi3d
+16za6vzZArEgpij2me5RVblwVoSDlqbTTKN/obTOm3Vr2tBX1NCdVaQuwwWTcAmj
+zuMd+bluEOOnlBfATuLdnRdgZAA0LbtQAxOcpdUsxR6KxyXFqlo7wPefx7GJKeTa
+At0U50Jw76gTAwxTgdgyBuol998pZheyuFavjH9KmWY/q1N+WyOtPgF30VjbpDNf
+GXH8zFh56LyFtBxdpjuVSUEj
+-----END CERTIFICATE-----

SPR-BE/openvpn/gw-ckubu/keys/gw-ckubu.csr

@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIE7TCCAtUCAQAwgacxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMRkwFwYDVQQDExBWUE4tU1BSLWd3LWNrdWJ1MRAwDgYDVQQpEwdW
+UE4gU1BSMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCCAiIwDQYJKoZI
+hvcNAQEBBQADggIPADCCAgoCggIBANmowNDaf1Pz+ACS/w8DzUiRIu7i6yfteeWB
+nVTh4pF0wmmbIV6sq7nFXHefINYYju/szU5Djqm1750YUPKVmJi7c+CNKkQt2kNa
+80qPENaZ50TuQAWjHgIgVC1IPpkjk/+2dIk4rVKPwC0B2qolvH8lj1VXgt6ieRU6
+CwLCuB5JtvKbOEz0wCS2sCKPscz0R+/9jf+9DAB6Cr1t4MkawJ7h3mn17N3tmfDU
+qyGr3hf8nvJgMFBTJsRLKcgdNEfDUGYT1cJ58rqNlBjssx24T2Kv/V72tvgv0Y88
+jDQLJIAO/swqWcYaqKHQAvvmg3zYfri10V9MsExKswfEvGLgly+3EkMhPuEU9Jqi
++c5m4awKGx6Ww0YgJJkhgHw+D8/7/EjiaXM2sVwSWijStYRmf/LmYlS2Ts38MHAC
+0WjTd2j8iOB1a4djDv2jGSv0iq3zpv63I0FCDqVqTWhzJGkMsUowk4AyWrnKNsMf
+C4ZHG2c8DThAAuKW/OOu+hamGAkUuNC6SYMhGZus/VoPJudF5vp+5AkthAo/N5wP
+xIm/nWJXV8Nr9Cd24TIb7TeX6ESWCkZMs/O31BWxJZ93n5Pv6uEPlBp1bh5oj69F
+2vVm9kal8YmpO8jkuwzuwJgs7f300aiG+JJF+Pz68w/5B170pguuybyq8UQNJJhY
+Myo9L9nBAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAgEAGvhTaDqObFzTbnEdTmfM
+Oyatagcmh3GIrnyfrn1YK6eZcLCbAodoJMoQE7h0vY32wgwBb59LmjCHElE3GZLG
+8OF/cF8qWwSeQYH3rQ7+xsL1b5VF0pdM6UVFfGWUQZJEybj7Hg99ZDjb3co9NdkZ
+a1qUub+fi6K9ldcZuFfK92eb6ujj8dGCWNcPIsnqbO+hJAvyZBdJxeeEuiaEvPI0
+cv+jaqcuf1txzDwsUG4GVZFjaL2bbk9C+PWKO1lH5dtT0EYhHCGMMthp9dGR513X
+M0CLQZhBSFKVt/ZeYD6u4T5fnMylMkSw10vGFmFZTrOa0mvh8QjRzdOJvlxv1lnr
+9ZRYIBhzZ47I3N7Hm0xopXpLx22em0P1rk6cXyu5Rjt0NQuyLQHbgKV1r5Z/l9KI
+0MN3zB/NSRB/SU+60w0f5Vm4n/6radE4BSXlwMyL9AJy5UpKMePEkSI2eTe58JnH
+bIpphpJapGTKdkKyEegdZql7VuZKEoitZLcsIiY040rMYIPTr4w9QADHHFdF1TGy
+oIYwgJF0KagHLCTUAte35B9WZ+23ASnUIuYFtv2HgpVCGMrW94Psy8efFI+iM+Yk
+zJp3mTVhihoypS36XPnOSgMZJzRkdd0i1tAGSRzfuSqTCHz4CcerXl7W/d7vX5YC
+kE4SPiTbo4N2pDtRsu0leQA=
+-----END CERTIFICATE REQUEST-----

SPR-BE/openvpn/gw-ckubu/keys/gw-ckubu.key

@@ -0,0 +1,54 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJpDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIsMy/MytYtzsCAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECM8bcaVcNffeBIIJUNOSqKmf153a
+NBjm25drvNrgo+bEd2kxywgcjqIyl/csUjkbx3WWANZZAdRIFgtM2mN6xiGPAzpB
+AMU+0FhbMeSC4aaoE6kbu0QREcHxgLemoA1+3c/VMfzTXJQ5xtr84pyBfj7lwYTh
+uOC8k5WYV0VCWWwj39TAAfF/eqIzfuN4L2ybSgQyHHyWQPvCgfEPMZi5lBcPtZT5
+OQgS30tFTgNOmz+wTex6uOJi0Qqo6MvH3rWv5rRwO17FZU6v+SLXcopvZfrO4WLN
+AMHzjIvvfwmO+7/ypLnVdBYCd+CpvBUwcEbPVqrddWhNgidlOkoQzVnK34wexRvm
+eDjmm8JbTHFQP8+DMEAODlMPNxMD1vCC/vM7bKMjCNYGjRwrxtL9Z8drp1wgzULJ
+8AY3J72+lL1yMQNoch0Niuda3RDBs68FeVvGaFmGCPlzDdfTlex0Pi+BFeuTao0Q
+7Y9zfcjyv+p4HxMg6YoIIQYOEogWO58GF1UL0zOJD81j4ihkT7HTWtOskw5E6Kfq
+WEWyW5Oe4xR0PZpHNrYVURNg6kIxEBwRFfskFofGac36tKJ2fJseESkuqvXLenNt
+Y0Epi/AxwEZa0E+G2ewNPNoBAIvRlOx0CBWWQKeCVaOgsOD0zyqYPsCGFWDl+2d5
+i8afGhTw/8oqhwNwr25tWhW1xKbMEGchycywGGQloGvquv7kchJb6lDADZtF1++v
+4wgRwtiBYOvkqXSLOpFiZinvmUMmqXD7PqG9yWF7XlnRV8JJ61RP2cuKCTXXCGfI
+dtzLnet/4lUV7S0Wd3g1US2iPz6LJ+ngOBQEbAqFvInBiZFyduPwQJo0yswDyJYd
+WNhmHumuFSSCdnAF6qVjuKhsNhftY5w+xww6RhAqst1idoVqYSt1LLODwKVQfIPs
+uctF108LBYPBGf5tEC5Z1KRpDQO41q3F91eTZTVEH8Su1pW7IbMGt8XTUVRJESbQ
+SYH5ELMdd+tb1ccD2fZZV3R6V7vI7ejAzOWdmjqaITtPGsFcMevc36YmJ18OQVBe
+mTZJjdx28sGrsoqCSvgc7ii0DFLWZrRs4WRrgoxQq/G0zKLuuGXhlEgVw9QhIfeo
+fMj1ebR0oElSimcqwPJYI/DDfhYZUA5Mx2Ewnfs1NS+CGoo+UcDKNHQRR3uEmP7T
+1Mhg+MQ3b6ssZ8uZQut1E6bALf9ipH5xkN6rgniJsBL3lzvkN+/5XiE5qz16bmkN
+gpF1+8G0/pjDi7a0Fw602ffdD1XAfcV6SMobDgTyMmjybgZHzf6cFy9gKrRa6WV0
+do4Oc+uv0Nmj6wrAYO4s/nuJnpeTY0wbuHJgcYnTmUX15kIw+bPJ2UIGjyS8QpkF
+evX8XeN48U9mknoQv1OfC6+kE6jgqQiDzigy9nSHFc4kIQWsihO6NKDEia11RWCn
+QN3t8sHDNZdFY3dy7nnQRIhFNEy6InjLnUbfhuzgZVaVoaqULH8EmoE78z25zi0H
+Xt6P+hkW8zZthYHsucVvyiNqZmIb50MK/5VHuORXsepWD9hX/rEyFxsv71AyBl9x
+TSHjk4cgBqVh3uRH8NxNNvWnx7Th03Zk4/2dzNUc5taj3WX2jCH1vaKBMI1BBHJD
+QWNIrwCExUOIAbYJLGkyihnTv4PCRlZrYQtMyx0laxYRdWR6lsIk83jcMWkWfhPf
+YbYd/XIIR+hOFrUIM28Y2TTPHpJhbuORP7z18o2heUV0ZD3LdMi27/JtsSZHlbOu
+nqdP9reWG8Kx6mjEdSFe5hTD0VmZ3Yks1jGp3QBcxQivAbLoXsP5VOMOPr7zXmb1
+m9uWqtC+/1L6lAg5iH0YNyvrmRL02uzMiEXBQQDx0CYqcWJY+hwaXU6MnSyUMH7F
+H7wAW2cqq1XCBVFWUIPI6P63LUlgewzmseaAGgD7tfbGSsx7BwseMXUwtdOYt+Rp
+H8/3QeLLAfgD2Kl7Mv8F8l+KsBRNpaSJVYCqYH5ogzjRiuwDwsOmRdHKRh+r825g
+fAJsI3grgZOd7poDQSisRZKOAF/ytTclreostJGfwLEE7IpUA/R7yLPCTI/mdPwT
+4zRZ2N0fovkApA6hvhIpnhaA5XXuY7gmN8E0tgokZ7NsiL0JgFUFevEwzvZhlCJI
+7edh2kPl379+bT1lgy37Z0V8ntU0S3I/g+6RsepDuWtCGsW434Z+iAAv7aKPJz0H
+UqNHS4vElG8tQKBkO+qWRdC19hmM5itQoy/nD935hyZgRBZKFTmO3kNPPyvHVTdJ
+hYTN/WAuXAMrP5HvkMv4AXZLQSk/YJCcJsPN5p8Kd40oEuwMumI8HCwXlSnpHnro
+prdZrrCCUQ2232zCw5qQ4KZl7i5LB8AkLmNXtMUscHf6Nge3GSTILFaKoFYrDPF5
+P6u21fO1R2HcA+b7xKzK6ecpPZA25ggxPMqvRwCnT/gueVSXjOIhd3f2pEs3yVWM
+W0HenWuiWcbryuzcPAJytianU1KqtrEYhqFTxcdJAYa4xvFbCtGrmVuJ8NRomSg3
+BdL8lOfdYxE5R8VYfVxw2jcLiK4o2Bqjt17kHTzzP95E8Eybkzgo5vycmMedOBsn
+rBOUJXYFSo6hONNiMR1vlIxNi2Tdo9w5wKHUerVdXhVSLgvC7SeJeArN6+To+MVR
+n73jBAA48VcA8d5miDNnfwEDguP/Fg3+vo9VAWccR3lq9tHT1GkNyz0gyYLxmwoV
+2w+QkNYM2SzbrsDJ0GEN7s8gEkeQHuwcXHsdyJnLJQJsTrZaaHDd65BMXseE9dwu
+Lgf0zuiq2DCDTJEvabd9siS7wDOxJAKzd3atP1O4ylnzSHgvi7DNQJ8Xeu8FF43L
+Sn6KmWhdtfIhL3uNAvI2/6434qWKU4WE5Ro/TjI4uMxmfkTTQPmffJTGnH9nYJjJ
+aURTTNSKQGbeyBS9KEUjSyQAAXBaDka4zP93eOi66aeUNaMcod1aKLo9r1LpjVqe
+3qLBy7cCP56qaMTJChhwhYWtwyu5AqX2fk4LRAOrm7olFNlbJ/QMYEahztZzFuiO
+hCCGNebRqk7IYmXnvoA1gJ7VJEov1QYeLX9xnZqF+qwHzs29pNZwADtvBlWn+MT4
+yCy2JxLwIwfVuMsJWRzvHcpeOzmgtDIgUkqGzpjPB5bdtbr7GFbFkpms29DmGLtT
+Ujfylfy4W1TZtS1ryCsskAiOrTpXH0G7
+-----END ENCRYPTED PRIVATE KEY-----

SPR-BE/openvpn/gw-ckubu/keys/index.txt

@@ -0,0 +1,2 @@
+V	380318155951Z		01	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-SPR-server/name=VPN SPR/emailAddress=argus@oopen.de
+V	380318221306Z		02	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-SPR-gw-ckubu/name=VPN SPR/emailAddress=argus@oopen.de

SPR-BE/openvpn/gw-ckubu/keys/index.txt.attr

@@ -0,0 +1 @@
+unique_subject = yes

SPR-BE/openvpn/gw-ckubu/keys/index.txt.attr.old

@@ -0,0 +1 @@
+unique_subject = yes

SPR-BE/openvpn/gw-ckubu/keys/index.txt.old

@@ -0,0 +1 @@
+V	380318155951Z		01	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-SPR-server/name=VPN SPR/emailAddress=argus@oopen.de

SPR-BE/openvpn/gw-ckubu/keys/serial

@@ -0,0 +1 @@
+03

SPR-BE/openvpn/gw-ckubu/keys/serial.old

@@ -0,0 +1 @@
+02

SPR-BE/openvpn/gw-ckubu/keys/server.crt

@@ -0,0 +1,141 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-SPR/name=VPN SPR/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Mar 18 15:59:51 2018 GMT
+            Not After : Mar 18 15:59:51 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-SPR-server/name=VPN SPR/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:a3:49:18:ae:69:4f:5c:4a:34:b1:85:9a:4d:a5:
+                    ce:f6:2d:b5:6a:9e:40:27:02:3b:57:e0:75:ee:1c:
+                    fd:eb:20:56:eb:ed:24:f1:57:a5:cb:ad:0d:09:af:
+                    15:f3:9d:a4:67:8d:e5:a8:67:d5:1b:b8:36:f6:e6:
+                    9c:d3:e8:29:08:d6:8f:a3:5e:e1:e5:30:eb:07:bc:
+                    03:c2:95:a4:93:cc:19:86:c1:89:fb:9d:f5:38:9b:
+                    10:01:6b:74:d2:20:8e:4a:65:34:17:1a:85:39:d4:
+                    35:2b:04:f3:37:4f:f5:93:12:06:fa:c5:04:c3:73:
+                    30:30:1f:33:69:86:bc:60:cf:fb:38:ae:6f:8a:21:
+                    0e:76:35:7e:ba:0d:ad:ae:4c:6b:d0:cf:3b:73:a9:
+                    1e:58:cf:ce:bf:45:8c:52:75:ee:da:a3:f4:6c:24:
+                    8b:bd:b6:f2:db:59:fe:b7:7b:ef:8e:b8:30:ad:67:
+                    dc:bf:3d:ca:d6:e4:b3:86:bc:60:fc:f9:a5:ba:5a:
+                    0c:9d:c9:72:ec:ab:73:6d:2b:f5:9b:f0:a6:a5:c2:
+                    31:6c:5c:a6:54:47:1e:65:73:2b:47:80:bc:27:29:
+                    28:be:45:12:77:5c:44:51:cc:91:55:d3:36:5d:dd:
+                    f1:01:18:68:c5:08:de:ee:06:9b:0c:d3:a7:94:c7:
+                    99:75:c2:bb:f8:2e:19:46:db:d8:13:70:7d:a1:96:
+                    6e:21:8b:32:1b:d6:8d:74:4b:a9:1d:43:53:d2:11:
+                    3b:d9:63:b0:6a:ac:a8:e2:70:15:62:aa:c2:15:d2:
+                    1e:df:34:1e:45:3a:30:b7:54:1a:25:2f:73:c0:d8:
+                    1a:6d:8f:80:aa:7e:86:1a:84:e3:0a:c0:89:61:3f:
+                    fd:bd:19:40:b3:cb:de:2d:aa:97:af:dd:cd:a2:28:
+                    33:17:ae:50:bb:2b:00:d1:01:8a:25:32:56:d8:09:
+                    fd:58:22:fe:33:a1:f3:b5:16:cc:59:ca:d8:d3:8e:
+                    dc:62:13:25:05:c6:6a:02:fb:82:83:35:7b:e4:33:
+                    84:71:18:fa:bb:6e:48:3f:ec:be:72:a2:dd:38:bd:
+                    7a:69:89:28:6c:46:79:bf:34:30:39:5a:9f:a7:e3:
+                    9d:15:73:29:f3:24:f0:84:51:27:38:8a:20:5d:cd:
+                    d6:47:e8:2e:7c:6c:e1:8c:10:29:0a:79:96:24:fa:
+                    94:29:a1:6f:dc:d8:94:fd:d6:f7:62:24:6d:a5:cc:
+                    42:89:94:ee:8c:c4:19:31:0a:49:9d:e2:87:0a:29:
+                    cc:f0:b1:ab:8f:d8:11:71:46:de:2c:d3:a7:5b:2e:
+                    5c:f7:54:92:97:f8:1f:7b:42:23:b9:1e:47:0d:57:
+                    2a:24:bb
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Server
+            Netscape Comment: 
+                Easy-RSA Generated Server Certificate
+            X509v3 Subject Key Identifier: 
+                BD:B0:0D:2A:D9:8E:FF:E1:91:B4:A5:26:9C:C4:D3:E8:44:B2:BB:D5
+            X509v3 Authority Key Identifier: 
+                keyid:71:DD:B2:44:84:DE:FF:91:25:C8:97:E1:91:0E:58:3E:52:25:9F:AA
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-SPR/name=VPN SPR/emailAddress=argus@oopen.de
+                serial:CC:E1:89:CD:8C:F7:3F:7A
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+            X509v3 Subject Alternative Name: 
+                DNS:server
+    Signature Algorithm: sha256WithRSAEncryption
+         5a:36:4b:aa:dc:7c:3a:1d:93:f5:e3:d3:b4:cd:45:e9:ff:64:
+         9a:61:36:57:06:91:e7:39:24:cf:3c:4d:4a:3a:48:97:49:dc:
+         90:96:d4:4b:0c:35:a2:88:01:47:f6:a0:5a:74:71:cb:7d:08:
+         60:2f:4e:ba:de:99:20:e1:8e:75:d1:f6:96:69:9f:53:ed:e6:
+         7a:31:4a:e2:2a:10:10:94:1b:61:ac:e7:ee:f9:6a:37:ff:80:
+         49:12:35:f8:65:3e:1e:7d:9f:8a:31:cf:0b:31:cb:a2:37:d3:
+         7d:1c:41:cd:c9:0c:34:da:bf:5a:d5:52:da:6d:71:fa:37:10:
+         f1:73:02:5e:0d:01:34:ab:fb:88:5f:ea:ee:9e:e0:1a:e5:58:
+         e1:b7:f2:a6:01:62:bc:80:2c:42:c0:7a:b9:1d:9e:00:0a:bd:
+         87:d6:e4:a5:19:ba:65:c5:24:ba:e5:b7:a5:81:3d:34:b2:20:
+         1c:29:93:98:02:7f:1c:49:53:eb:c9:ef:73:35:cf:31:61:f8:
+         34:1f:cb:76:58:22:fe:4b:ab:93:b3:83:71:93:1a:5d:78:66:
+         29:3f:f4:f6:d5:4b:d5:ff:ff:f4:83:2d:f3:73:c3:d9:33:f2:
+         af:97:4f:f2:f3:f7:54:80:32:30:5b:b3:db:cb:a9:23:e0:df:
+         e1:d6:bd:db:3a:36:55:52:19:e7:1e:6e:72:0c:25:43:31:c3:
+         b5:01:27:af:72:85:e9:ab:ce:5a:62:8b:c0:73:be:67:52:56:
+         a2:6c:04:74:66:46:ab:fb:03:d3:3a:89:e9:7c:8a:0b:e5:d1:
+         01:52:00:41:f1:aa:fe:48:8b:ab:af:e1:4b:40:16:2e:f0:3e:
+         50:cb:6d:d9:bb:95:1f:f3:56:17:6e:67:aa:00:bd:da:9b:2c:
+         8c:b5:dc:3c:41:0d:87:7b:05:5a:6f:a5:a2:d2:cf:bb:a0:7e:
+         d5:aa:d1:cc:d8:57:9a:81:cb:ef:7f:ad:76:95:eb:65:6f:c0:
+         2e:21:61:fa:9c:6a:ee:f3:f9:d3:7a:9c:e1:5a:37:83:1d:61:
+         85:01:70:26:54:29:bf:52:50:7c:ff:5c:24:94:0a:5e:f5:37:
+         a8:36:2a:83:c8:d1:1a:ae:bb:19:b3:1b:a1:68:14:ef:33:a5:
+         7a:d1:b7:ff:74:d5:69:08:91:f7:f2:d6:e1:12:c2:17:70:e2:
+         13:f8:17:92:31:19:46:35:a9:13:79:f9:cf:2a:b9:8b:7a:2b:
+         b4:76:d0:0f:3b:75:0c:99:99:a7:dd:26:f1:da:82:7b:f7:d7:
+         67:8c:cc:c8:16:63:c9:c2:23:47:71:a1:cd:34:88:a9:8a:fa:
+         59:f3:1f:08:ab:e1:33:a6
+-----BEGIN CERTIFICATE-----
+MIIHRDCCBSygAwIBAgIBATANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1TUFIx
+EDAOBgNVBCkTB1ZQTiBTUFIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRl
+MB4XDTE4MDMxODE1NTk1MVoXDTM4MDMxODE1NTk1MVowgaUxCzAJBgNVBAYTAkRF
+MQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5v
+cGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRcwFQYDVQQDEw5WUE4tU1BS
+LXNlcnZlcjEQMA4GA1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
+b29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCjSRiuaU9c
+SjSxhZpNpc72LbVqnkAnAjtX4HXuHP3rIFbr7STxV6XLrQ0JrxXznaRnjeWoZ9Ub
+uDb25pzT6CkI1o+jXuHlMOsHvAPClaSTzBmGwYn7nfU4mxABa3TSII5KZTQXGoU5
+1DUrBPM3T/WTEgb6xQTDczAwHzNphrxgz/s4rm+KIQ52NX66Da2uTGvQzztzqR5Y
+z86/RYxSde7ao/RsJIu9tvLbWf63e++OuDCtZ9y/PcrW5LOGvGD8+aW6WgydyXLs
+q3NtK/Wb8KalwjFsXKZURx5lcytHgLwnKSi+RRJ3XERRzJFV0zZd3fEBGGjFCN7u
+BpsM06eUx5l1wrv4LhlG29gTcH2hlm4hizIb1o10S6kdQ1PSETvZY7BqrKjicBVi
+qsIV0h7fNB5FOjC3VBolL3PA2Bptj4CqfoYahOMKwIlhP/29GUCzy94tqpev3c2i
+KDMXrlC7KwDRAYolMlbYCf1YIv4zofO1FsxZytjTjtxiEyUFxmoC+4KDNXvkM4Rx
+GPq7bkg/7L5yot04vXppiShsRnm/NDA5Wp+n450VcynzJPCEUSc4iiBdzdZH6C58
+bOGMECkKeZYk+pQpoW/c2JT91vdiJG2lzEKJlO6MxBkxCkmd4ocKKczwsauP2BFx
+Rt4s06dbLlz3VJKX+B97QiO5HkcNVyokuwIDAQABo4IBgjCCAX4wCQYDVR0TBAIw
+ADARBglghkgBhvhCAQEEBAMCBkAwNAYJYIZIAYb4QgENBCcWJUVhc3ktUlNBIEdl
+bmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFL2wDSrZjv/hkbSl
+JpzE0+hEsrvVMIHTBgNVHSMEgcswgciAFHHdskSE3v+RJciX4ZEOWD5SJZ+qoYGk
+pIGhMIGeMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZC
+ZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNl
+czEQMA4GA1UEAxMHVlBOLVNQUjEQMA4GA1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3
+DQEJARYOYXJndXNAb29wZW4uZGWCCQDM4YnNjPc/ejATBgNVHSUEDDAKBggrBgEF
+BQcDATALBgNVHQ8EBAMCBaAwEQYDVR0RBAowCIIGc2VydmVyMA0GCSqGSIb3DQEB
+CwUAA4ICAQBaNkuq3Hw6HZP149O0zUXp/2SaYTZXBpHnOSTPPE1KOkiXSdyQltRL
+DDWiiAFH9qBadHHLfQhgL0663pkg4Y510faWaZ9T7eZ6MUriKhAQlBthrOfu+Wo3
+/4BJEjX4ZT4efZ+KMc8LMcuiN9N9HEHNyQw02r9a1VLabXH6NxDxcwJeDQE0q/uI
+X+runuAa5Vjht/KmAWK8gCxCwHq5HZ4ACr2H1uSlGbplxSS65belgT00siAcKZOY
+An8cSVPrye9zNc8xYfg0H8t2WCL+S6uTs4NxkxpdeGYpP/T21UvV///0gy3zc8PZ
+M/Kvl0/y8/dUgDIwW7Pby6kj4N/h1r3bOjZVUhnnHm5yDCVDMcO1ASevcoXpq85a
+YovAc75nUlaibAR0Zkar+wPTOonpfIoL5dEBUgBB8ar+SIurr+FLQBYu8D5Qy23Z
+u5Uf81YXbmeqAL3amyyMtdw8QQ2HewVab6Wi0s+7oH7VqtHM2Feagcvvf612letl
+b8AuIWH6nGru8/nTepzhWjeDHWGFAXAmVCm/UlB8/1wklApe9TeoNiqDyNEarrsZ
+sxuhaBTvM6V60bf/dNVpCJH38tbhEsIXcOIT+BeSMRlGNakTefnPKrmLeiu0dtAP
+O3UMmZmn3Sbx2oJ799dnjMzIFmPJwiNHcaHNNIipivpZ8x8Iq+Ezpg==
+-----END CERTIFICATE-----

SPR-BE/openvpn/gw-ckubu/keys/server.csr

@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIE6zCCAtMCAQAwgaUxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMRcwFQYDVQQDEw5WUE4tU1BSLXNlcnZlcjEQMA4GA1UEKRMHVlBO
+IFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwggIiMA0GCSqGSIb3
+DQEBAQUAA4ICDwAwggIKAoICAQCjSRiuaU9cSjSxhZpNpc72LbVqnkAnAjtX4HXu
+HP3rIFbr7STxV6XLrQ0JrxXznaRnjeWoZ9UbuDb25pzT6CkI1o+jXuHlMOsHvAPC
+laSTzBmGwYn7nfU4mxABa3TSII5KZTQXGoU51DUrBPM3T/WTEgb6xQTDczAwHzNp
+hrxgz/s4rm+KIQ52NX66Da2uTGvQzztzqR5Yz86/RYxSde7ao/RsJIu9tvLbWf63
+e++OuDCtZ9y/PcrW5LOGvGD8+aW6WgydyXLsq3NtK/Wb8KalwjFsXKZURx5lcytH
+gLwnKSi+RRJ3XERRzJFV0zZd3fEBGGjFCN7uBpsM06eUx5l1wrv4LhlG29gTcH2h
+lm4hizIb1o10S6kdQ1PSETvZY7BqrKjicBViqsIV0h7fNB5FOjC3VBolL3PA2Bpt
+j4CqfoYahOMKwIlhP/29GUCzy94tqpev3c2iKDMXrlC7KwDRAYolMlbYCf1YIv4z
+ofO1FsxZytjTjtxiEyUFxmoC+4KDNXvkM4RxGPq7bkg/7L5yot04vXppiShsRnm/
+NDA5Wp+n450VcynzJPCEUSc4iiBdzdZH6C58bOGMECkKeZYk+pQpoW/c2JT91vdi
+JG2lzEKJlO6MxBkxCkmd4ocKKczwsauP2BFxRt4s06dbLlz3VJKX+B97QiO5HkcN
+VyokuwIDAQABoAAwDQYJKoZIhvcNAQELBQADggIBAI6QRLHWK/ezt9t8yLbpFx4M
+mtORWMRiS1JWK3so4CHiXNihm8RIAUkigfKk8PLn25DO9ZRuv4uoB6/lOcYX448Z
+CuAW3y1ciej3uNYh3ok+rqrd2QMSiNsq1ZKSrxH3apzm7Bx2RcXUzE/1pYbWXcY5
+6VbuKjHmMcGMtRXr2DJyhZURmFs03d38b2qJ+TtbpEQJQr/J9nnC2bouFo9MiV8A
+drBS2mfFtjby7kdvHOGMuE4uoy8ANXdde1dMfpIyy+znsX8o0Byi91wWqKueaWpV
+62TxyJfXCA0BbZH0oeaVDReSYK7Q1oLOai2sGjWpK0JmZV6t+X7Ra3SqWNgQrgPw
+n/W+U/hcKFSedhaY5xu+HnonNUVDLNhHH1P4LngaCpUOGLdW/deJm3DoFGj2jSp3
+eDbLCFdj2Hi+LXYrpN7GNYnz5WdkRhsd2AWDnvxNi+LrQUbM4n0JCCVAglSTHnze
+c/zG1ssuD9AuU5RcvBd9no4EWdeygxr3MFNB85cMuKF5x/fkPcP7XM2JXlEgDusU
+UvJp9VnWNgB/zvpjetqbL5KCfUdXyRAxuQ7NK01vtZzVz3pjiV/iT21ocobIySPB
+LPI9ZpVvWwkQPM1wLmez4nLg7+Kj6fyrX/kx6fAaCQVjOrJI22IoKMg/rNxDgkQe
+Y2UEmQLAqTK8ichJa/Pi
+-----END CERTIFICATE REQUEST-----

SPR-BE/openvpn/gw-ckubu/keys/server.key

@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCjSRiuaU9cSjSx
+hZpNpc72LbVqnkAnAjtX4HXuHP3rIFbr7STxV6XLrQ0JrxXznaRnjeWoZ9UbuDb2
+5pzT6CkI1o+jXuHlMOsHvAPClaSTzBmGwYn7nfU4mxABa3TSII5KZTQXGoU51DUr
+BPM3T/WTEgb6xQTDczAwHzNphrxgz/s4rm+KIQ52NX66Da2uTGvQzztzqR5Yz86/
+RYxSde7ao/RsJIu9tvLbWf63e++OuDCtZ9y/PcrW5LOGvGD8+aW6WgydyXLsq3Nt
+K/Wb8KalwjFsXKZURx5lcytHgLwnKSi+RRJ3XERRzJFV0zZd3fEBGGjFCN7uBpsM
+06eUx5l1wrv4LhlG29gTcH2hlm4hizIb1o10S6kdQ1PSETvZY7BqrKjicBViqsIV
+0h7fNB5FOjC3VBolL3PA2Bptj4CqfoYahOMKwIlhP/29GUCzy94tqpev3c2iKDMX
+rlC7KwDRAYolMlbYCf1YIv4zofO1FsxZytjTjtxiEyUFxmoC+4KDNXvkM4RxGPq7
+bkg/7L5yot04vXppiShsRnm/NDA5Wp+n450VcynzJPCEUSc4iiBdzdZH6C58bOGM
+ECkKeZYk+pQpoW/c2JT91vdiJG2lzEKJlO6MxBkxCkmd4ocKKczwsauP2BFxRt4s
+06dbLlz3VJKX+B97QiO5HkcNVyokuwIDAQABAoICAEX72Vk/h6UdpPIFOjpXe5nl
+w2C8DPDrMvYaHVF+GZKCHN8nl/LcxxHBzNm+siDlCwbbOXhxcFReIyi1dLgaRCQm
+mg/CZf1udv2spsvqiUxTaQlpwDMY43Zsd3K0VLCPBY17TNUuJ7W+bz9N8tRdL/rl
++hnXAZCnuRqW9Nkgx3KTEbCciu/f9SvTB8rEfBE9beRkPa336SrVfl5ad6cMJuCM
+7wC+tSoN1I8RRmvr8aPw6+QWpPVOjbaG9S8lZEho05BIcinaoqgvX9yFv9IjVbmr
+vrUcDKoIhU2kDAOseHgsWusZ/a0s3ZdVn2DyktWuf1Ih3R2+DJZmPGRF/wh0eB/i
+gbht0nQXCylbiA0BxwS3HtRg2eqU7xE07YEuo19hKl8JmWe2aFwqs9L7WvkNU1Y9
+Ega62Z83vPZdDkdWKhEj/y6lgbMj0N8OLHAjXRVfecMM3X5Rq5l6sTpwu6Np2jH4
+J0QSPGipFt1Z1WWrgxuMTh+O0vMYRzZHoBqRORT1fFClAxbBe9NA7hia+uq8c+PQ
+cE2jb8o2gsqm8x236RjgIg0jA8yjryx8KNnpYyN+IHKaXrgykNS6LPM0t7NjpXEA
+Ym98u4Vw6Wx/PjE/uFVvP7IJO0705la7He3Mokqk6Irln5JRyaJcKIPF6goP3UmT
+4cLakO3Rz0jA69T/d6HxAoIBAQDUTjJks9jGOwkOb38Kao761IUUfl2LjNV4SFUm
+S83ZO+8yqEbI2ylcR8WmGGc+y+8RtXDkDEcR/UungnqrmDFMt8DxPlYSvD6AYvnF
+OxBhrR86YF780kIaGR5HCliNyj1nbUsbmPcAZN+DtzPwJ/JcH0hVI77CkaDHaQTM
+CDmJRCW6nThvAkNG5vNEajvdTXW+2WeHtQKBET7foDoEy63E9ic+1bKUeonlsTvN
+JnPSzKzhEQ2mInUF5ujpPrJJLQrkCck0cFrsckGXpYuhtxJKfCy7UUo0JKN2oN5k
+ENXP+yx3/VTs9w8wg5/NtxXfcGTlyExEVRGb8vsAbQ6NNrFTAoIBAQDE5Cv1IoRD
+Wo9pgbQIkr9I1bbqLPN9e2abdGyclvKSr+cs978ZTijo/FEJQZYvs59Gb70hBkHF
+rRXivviLw5Y0Fzf8W9pCh98RfQMuki+eJg9tERvcoqZwYRIJ4lvkiG4WCDdNFV08
+rJTebgUXPExkBjG0iKuFe8Fex2dOSaIpBSf10Y7mEdWgtENySAymvpJrU+Z3S8o5
+c4k3qPuTBLJKCSZ6uAX6CaVsS0kdb1IrnI8h2xrW/rhP14JH/+qEvi7qNOO6X/n3
+cn8RoB8q1O7i9tPnytiQ34MuzIL9qddcK0juXkZHta61rLs+s5mMgOMr0XrYcImB
+LY6H9+O6HUn5AoIBAQCgUykFGTejgyN0rkg+wneU/fY9oqvb3Y+7VMxQrkAWQ4eA
+Nsm1lqOmV2Dv7E/TgUfZlK5a2Na2xBRkvEkM2lKof7+JrqxrW5LLe3LpOZBGYulJ
+OUuiGtnmQX+24B49fTNfro5gmeQ1fPe5zRjAzDnezZTfDq5Y2oaS8EC6H5/rg/YF
+9gKO+iN6IKAm0x7AIWXAqQbg2ZW5iB912tbVlkZ0jfrXHaPNMrh+J5hkdRxUXVJU
+aH9pLW439cd/lGQolIY77RPvsMVI94OHFHHcvpZmf118W4fw1pZG2Hb5FCmS9TgA
+qOOAS5ZB6bQ9MnynDoZzbA4EMEWrAhQAn1q000+XAoIBADXifGVKXQhR8I3fgXYX
+M2KrmrPcOYdODnbdFhyE8z5SBeK4qwQx7+BTrZnq6T+E2UJdslUncTi4dhToTv1x
+OdpnwFrAiKtMpDAVFpnYSE/v+qjO1eE8YnC/IEC0QpH5BKfi97+Q6UOBt/xn/9ys
+E/wL9e6CuO5/QBzAVfWHEWpIjvcnswQkPWMN8qeEMHIyFcBp5dkgVOgERrmE9dT2
+pBS/DFjppDkaCrvonsn/fW2SG1oYrO/KJoczY+Rwla5enlhawThwq+ic3UnlmKIQ
+RJC5HKWDTmHXyf802WSy5s3CyuLxyio1/uqZq2Utoghh/cowOn6hzgAch7WOkjSN
+b4ECggEBALCHLM/0yNro6VoT+4t7xt4qAySwgqHGVB6p6ab4gQlE6vxVc/VizUSg
+Tv+u4TRAvT6zWesaw7rk3EdK+0Rh3YEJRQdA0dPhHF6uKoM3Sm5dBQwbH/EUbpL+
+mfq25Q0ODC63967tx+/w8he5jrjcHUblVCSYbGpap3edOEpTkF+y4afJqqJtDico
+hxog9InN+dO1cQ8VstVVt0WEtBWtCF5MsE8y07UYw1fwagbbrUsX13oqF0iRP3yy
+oZOKgOBMpSMwgHEtQSOxM72GRAMbiqE+NX7TGjCH8TqarSf9d0F16tIx+ThYDrva
+tFQ3nrI6uytJXZJKQ6yzsnPZyLYxRE0=
+-----END PRIVATE KEY-----

SPR-BE/openvpn/gw-ckubu/keys/ta.key

@@ -0,0 +1,21 @@
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+50c09d4cd2d32cbfadcc9ebff8e624d2
+f7a5730ff6b708aad8a6bb14b3a7619d
+e32764bbe875f11ce46213a35500cc2c
+fd0b6bf2e7b8cc2392a478ad7f4e7c7a
+3fbe2e50a781ea9a4fd83cfaf64725db
+98b4740b145e2d948b3b09975866c03b
+a268f82e767fa2517b469ec3e563d321
+8156f8f192f75bf8385697aeed6b9f33
+fd74e02426437c42dc7a85afd828012a
+911e7d8e837249d33a4209dbd0a2c017
+c0ee31207a0e5ba05e736fa1c9af1cbb
+0b39dab31939eb37df367d1eccf61ff3
+28135f42ba70344179186cdd0cac5058
+9cb4bac7dd08436d1efbd452b72416e8
+59bc9118c2c6aba6107faca0604d947f
+ff8569318b234e4ddbb68189b1504969
+-----END OpenVPN Static key V1-----