Initial commit

SPR-BE/openvpn/spr/ccd/server-spr/VPN-SPR-chris

@@ -0,0 +1,7 @@
+ifconfig-push 10.0.92.2 255.255.255.0
+push "route 172.16.92.0 255.255.255.0"
+push "route 192.168.93.0 255.255.255.0 10.0.92.1"
+
+# - Already pushed from server config
+# -
+#push "route 192.168.92.0 255.255.255.0 10.0.92.1"

SPR-BE/openvpn/spr/client-configs/chris.conf

@@ -0,0 +1,270 @@
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server.     #
+#                                            #
+# This configuration can be used by multiple #
+# clients, however each client should have   #
+# its own cert and key files.                #
+#                                            #
+# On Windows, you might want to rename this  #
+# file so it has a .ovpn extension           #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Are we connecting to a TCP or
+# UDP server?  Use the same setting as
+# on the server
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote gw-spr.oopen.de 1195
+
+topology subnet
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server.  Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# Server CA
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIGzDCCBLSgAwIBAgIJAJa8ImRNIVSZMA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMH
+VlBOLVNQUjEQMA4GA1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
+b29wZW4uZGUwIBcNMTgwMzE4MTYwMTU3WhgPMjA1MDAzMTgxNjAxNTdaMIGeMQsw
+CQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzAN
+BgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UE
+AxMHVlBOLVNQUjEQMA4GA1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3DQEJARYOYXJn
+dXNAb29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDEhmCg
+nhfyO/Z8q6/cyBTn7/K74AJRHl+8sUv/YFf0AOTgIrO93qdzDZf16IioZ/2+lg5X
+0exZGcXCIEOnWlrnDiVYYsVyYrCWOhhhLBv5Oe+OZCOwWEBY/+/M9Zp2OUgS5zJ6
+1DX4rtmb+WsAjcNJJmZV6q9M0gEZsuCfpgrNGADpuTCEa4RMk7z4mG/yjh0dkT1a
+RT2vAYD2RgUdVyR/xFQNflWh101i06kKwrJOuBT+iopBbyz3X2NkkBba+F9qoOpJ
+3NiOr4UfIMW6chUQiF1+8/PPtVIPkYFjNpUF5l1HXQBjwRCZZPYog1w701jN0G4u
+9GH6ZJjCBzvuSS8lo5jMdUillMh7EoCNdZTq+LgM8ZAro6GJh9oOXf3YL3RBMTfX
+aLFTxHzN+PCG53buZkNiM23OaackKyeOhXbDIQwiaTOcANVGpXrh63Qoj7BFbKx0
+pLTynp6IUXBbsE+ToX5y/BAtm8Q4DXLLe0h82zJIQ/ZBhTorQaMbi0VpLD0zkamM
+YWdZPVnAv+SOAt/uVVLN9aFUZO4V1ebBKVhYY56iW/OlugcSNo7vRcrvBFLI9TLU
+cS9euI4HxKldRZOejoTIbQXVEV7fZ1v1YHC7dafW/YJIJTkliTCQ05E8eiW/0zQd
+V1DWNIiPBOKm1LnMkVr+Aa1JpgpcEEN7ngMvswIDAQABo4IBBzCCAQMwHQYDVR0O
+BBYEFHSigxuV60X8ONBxrGr1ItbazicLMIHTBgNVHSMEgcswgciAFHSigxuV60X8
+ONBxrGr1ItbazicLoYGkpIGhMIGeMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVy
+bGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQ
+TmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLVNQUjEQMA4GA1UEKRMHVlBO
+IFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQCWvCJkTSFUmTAM
+BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQBkzH3PqKEHjXZytQY7usSL
+6uAjH2jMhZb96GJpMNdpgzntACGjYl80Vxtwj0aIAYyOyIbfA9VyZsnc4dsYqJ82
+bN/K3AlEHeMBaxhrD6qOdyoXkwjx80WfvtF/FTyMHxsCIR/N2l0BM6THKOLMZWB2
+TmY/QBBsD+/nSwy/4JOeeJvtxuY0IXu0aONM+n4tDoVO9O7EyvpzcfrT/SosbtBB
+mBI1hH7/ThmXswvcrN7rCn00yaJC5Qv9HN4osKihzgigS5jh4lOYAvXhxTGU9Nzm
+kH21ONSNZql/mZCfs97RaoM7l2Uap5ex5vPA4BJvQ4WXWL89GYJGwTuOmIf77aX3
+Aoxl8ntuiE9R9oQKqcFe9uW25c1h1o6DRglc6oBEP1T40Ni8b/cTnwSeES4RiYAK
+ScSturvc/Nj2Z5nzR5iVKo/mW9SBHlbk52HvsIIhFRMoHahIcv2Z4+nyUPMlJCly
+lvp9yEFCnjwVbc3ruUqtYQHDxJf/SkBxuCLkN7W7W2voq1mOSOl3i7Aw2zf/kmG7
+BTLQVfIkUKLR6F2erz6QdEn8mST/Niz0la9mfK34ZgdG0zFZ0j5lLC3YnW91lr7B
+hlwVD/nIqjSOFLHdK2d/lefY1ZHcTbs3fUA8oKp8CdJb1NhfUWprigKHsSVHyqJ1
+CAgKxVPrsd1y2i/Xhg74YQ==
+-----END CERTIFICATE-----
+</ca>
+
+# Client Certificate
+<cert>
+-----BEGIN CERTIFICATE-----
+MIIHKDCCBRCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1TUFIx
+EDAOBgNVBCkTB1ZQTiBTUFIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRl
+MB4XDTE4MDMxODIyMjAzOFoXDTM4MDMxODIyMjAzOFowgaQxCzAJBgNVBAYTAkRF
+MQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5v
+cGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRYwFAYDVQQDEw1WUE4tU1BS
+LWNocmlzMRAwDgYDVQQpEwdWUE4gU1BSMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bv
+b3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALnzXmkGe5c+
+RW0VwkXg4e6ePXjxSQzq74RDNxvKxfwf7CoRBhP6yzQ2XfmZvumesqHHPbI/YjMJ
+Dac9lYKcBMYSAS+IW6WqPdC8NYmpGyRQfvJhoKlxFkDyTD5pOT5S0wXBJf+eZsJp
+H6glWboaJdz/4JpOOPFFGOrxVQyjp0YymCZv3Zc0nsqUhKcgxXTDm09G2oVze/X0
+mju2p1SK5alCyudadE4szi4XQSSctX4YGQ71w/jv7yVnARdIAL92YJ/Xx99wGlWR
+dolMUByrLZYYphEciNZSwXAyHXi/giXteUR5/IuaZ0FAzgWYDldKb5kD4CWzp1tP
+vlV2aw5kiawHzq27TE7sXJfC6UTnp2GIfXAqZ7S9cHT1D2YDMKrlUfMnbBrwyZVg
+rWHlUN6Gf2lmaGnc1loqk19J9v5uf5sD/QiI2R23X7xIxqfRx2QX28vPGUvgb6qI
+87/kpPGeI7q6KAXTW6wDDyhvhTqboSP7xNB/W6Yqc0/QFs2PxHTTBRMZmEkRk8Vd
++qxKwZYLK/4FucQHGWem6xF/XNYwJ/i7WGC4hjCvATN8JZNRCLPoEPrwZtuGiwD+
+jwXwQyX+djjjbkpo6NJGhnaYAQMetXYuGWEvhMzEEhLw7muVxBDIt59VA5lfSy+t
+jeRzWaIJl1IA3N0GQE9YZhMyUt6AlMmvAgMBAAGjggFnMIIBYzAJBgNVHRMEAjAA
+MC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUw
+HQYDVR0OBBYEFPEa0Qzkh0IB8EoZTuIQl5h6fygPMIHTBgNVHSMEgcswgciAFHSi
+gxuV60X8ONBxrGr1ItbazicLoYGkpIGhMIGeMQswCQYDVQQGEwJERTEPMA0GA1UE
+CBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcG
+A1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLVNQUjEQMA4GA1UE
+KRMHVlBOIFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQCWvCJk
+TSFUmTATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEAYDVR0RBAkw
+B4IFY2hyaXMwDQYJKoZIhvcNAQELBQADggIBADqIgd5cpkF8Q1hUrHhJHo0CIyio
+01zOCKQprLum4s8f1B08qUxwOlc82UCh6t/CjN/hYbQzhHth/pZyXoAJXj1AkxMt
+vmapyR3glVjxbwHC6sNj6hZDDKNXnkXLYXszTQx10pWpP51HzgkOWxUJ7qhWW/98
+RHCkvUkft7mfrHe/QuhkYXvgQjGJI3Z0Ab8ZsCh6wSdqEU0QcJOYQKNbGjRI9lfD
+TE1NNVjRtmcUaFPSlLWYuPAr4/UBW0pJifcC6jUtzmpPfs4pkrq/9JdUpO9H2y17
+7TSqU86YXkBf9apxu3l8vM+UQRdB69js+5OSNvtZwyyvmUr5JOujM6bUCN+PWco8
+pydvUNzIYC7H8One7giVV6Q20XSoMd4suR7W37jAkG02FbUHhOwFodtF8oo5UoLu
+EdB4m6ul+Qje7QsRT70BNFxyAUzXsFIW4qfk50Ay8XDlnBzGft4LDsPhmmDMdWJq
+Kt92Tfp5AdH6ga8i3LW1CxsNZFdlF1jXvRd6o5LwqEzEZwV8H/U8I3mUrCysouqw
+3bp68Tc+cQ25bZS16u5c17xh5VMvIbVTzR1IHURhovwcY98212h+J9bsx7RvjMCI
+wEQu81pjNu0Yx6NubhFJQ6pI/1NeF4I7H/Ksr4D1ng0G7xIOYx9yphVI0ZSoHH97
+16CJQbBARZ0gLeJr
+-----END CERTIFICATE-----
+</cert>
+
+# Client Key
+<key>
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI3P+UTRrv91ECAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECIGofT8rXdMtBIIJSMRkl94ROVWC
+v/madZNyDie+Wlec4pGWYgur/dfgeQyjMEleu642IrvRFgJwdZOhEEIDc/syOHzx
+Hiy6zxvWcnMAfzQKwHcMI4HsOcqtZKiA/UZ+mXIH8H0HW62N8WHpryqpVyZC5EZj
+0bFaulmD7rV0MtYS2z5pfGLTnKvsDIE3rMvwyZTcRSA6Zt3bOxsJN+SjD4AlmJbk
+XERauxx47EmvPle3aIna625eIQjfniLxrEq0e5E8FQdZipHzqKz3Pub2bepAbmFO
+S3t1Eqk3DkA1mG5PKog1IrTgFAJ24tk/EZuFLzGEL0Wc5hdtcIijJh0Us8w0lWJ1
+RMp2+Pr6zMZSK5L1GYubi0IfASsAmBPewLPt/cUqdNuaCFc1dUuaX2/1gtBl/G16
+s6GFwjK8BhMuYi3Z2ehwNCA2koWA9nGbWzT4CSL63Znupc0ieCBob1UqrbtiaIPn
+xMFrKvO2wdnDJiKyNVCx3jUeN7700E2BCdS/G1WLoocQZTooQGJIpWUhcjvf6wXa
+AZhz+z/uFBXslWEB4O3t8VTk2M2/dKqJOg6yg+MwpAQSOd/8ogV0VOpft5GD/t4c
+6mgBs5lwtau7GbTFj060X15znpzvtPRUrNbL5QrK9DpLw+vvYB+IwCq/CVpjjchz
+g3nkpPw0O0gzGf6AEBJLGsfGljifMc1pDd0KNNkAweZSOg5XufFJpjiFnuXS5Puo
+O+vnvy0iie1e0KzMBrWJWY1vt9JuNRI85qNcftRNnyboQBmnnBAvdA5hiYib7+lY
+akB6UNwkREl40/FsDYxJl4yLbtUC/Lr1hEmyQt4ZEI9v96nW/L0/qlOyiYNAP1r0
+/PEKfRKn7uMZnJXZ0SYf9uMfdy8M56DYEEG3X08F6MWVbEozGbbF8l46FH/9cqFp
+/crtnJZi/1W/A12wmzSgGk2zzLtr+drZ8w/rO0sI5Ptjh+G1dSqSTobCb0bOC7+t
+H+6vesuSAdEQuxasbleh1IyBKkPRwNf4FqAumFfZDKlh0+PVw/waSEIcg5Ef4whV
+EI6rUHigVoZ7AtU/XsjJ3YkRulBXgIOVNCHCJqd8tRqgc5dUeG1652L3q5sIljtE
+nT1t/CEGOd+/rjLwbYl7ZdW3E67QovB/CRIh/B23u4jsbdBkZgeRINcrwbOIXE6t
+jhzO6uGjVuu/6VxMBRSSfxvIsMVCt1rDumadckn+MMOM8E/jT7qN+5QAurdSVnPq
+d7R6M14Jlz39NXXYkdAjNpAH9XX+8y/isOD1La6J+bcxpO7BqcAlQTzhgwB56DrN
+UZ234vaAW1hNtSjNS0e3jZ6noiEjfG6qOw5+DxtXLP9Rq5DwjPrIc2dscY4//foM
+u1NvDB4SloHVy1r01sEA5OqO4KyJsxXotKMeY6k92c2SmP7E461UHLn54LTLOs3t
+iuzug6aJh9nK/NOGprJoNgI9C/46phTTfPE73eUVCpbnbd46dZ8qpMnil4YIpk1L
++mOZCDOQD0H1CmFRXu+EzZsZLDLFjLtKtiGO/ifxs+zdNpLCcJyycPy44zteoMFq
+mra1b3hFgGestzHz/2ANY6gIe5sZikZVXgTRP9oZYQ7Wm0c1PVqQ003n60hJlajx
+a+EItIYkQl16BZCBbanDuKwofXmxtGZXtU84qcRIzs6X4NSb1N+0xwBC0TM+xYnN
+ZmX6hkj/ELYbrktcML6yJyDJz2UvMRaORBnrUjfisJ8dUFSKX6J0JCQ5IMSyZjeL
+Vzv7CRKFQ3VTvWgAtY31yjpNrr6oHJQ+Wk8B987IAKIKqIBH+RYiBlf3jQVrB3vl
+kQ93LqTXw2Iiapevb0fEREwoU9qEC/lTv39nrYIpHXMlpfQqFLGMPgS1VP5fQzrU
+QET6SCxYaehYT64aWBARpYUcwc7xMA8WwLc40f1JfXvmbIZ4dC4OZeIHNyy+kDu2
+hVKL7bI6jGZVTmFKGXYF9iMjiV8m4q19WqgvBkKZFzmTAZ4gasieHtOi+TzrEH+u
+G06wcEilg6o9NS2JkNl8H+ReOasnhPs/nuWZlB7hUNXnPA6QARQGZEuk6lKAxl6V
+zjtniLdRsZwVBKb8lExcP+BQ0KovnaLOzorFdISlsuOCwt4YWUbQkN1LMDMd1bq9
+Z3ThemCCOvn4C/Ez6DzFul22jTj8s5XPPZXUKEpu8p6Spt7rCYA8+MLoYmeS1Ztu
+L4ufZler6891KMkn2mLhSb91IB/5MDomgo9H9rBJA5JWa6hG/QV/wTxR2WkKuJAv
+IX8Zkhs5pQBTh+WDf9W5ftv4fqqowEOOztN+XotNAqaSmTE8vTxjePbnDAX5+iyp
+s40aHaxj9BFZrj0/Sp0StL9OzgV8qN8rxeblSoBFU0nx3bTAp76CM6fvp0XqK0el
+Ua6PdBBHKmp0RQoguX99cz3WYNqxTWMWE8c9aoXakBGff1Uz1Qgq0Y7kFnaXxCRM
+aUbkPMBOeMJrt1fQQWSlzurYXAO8pPn63uzZGhiplYh6fJQ3m+8m+AYGwzLTXEkS
+Z88Ox1CCdtR40brDba0pvkRNfOkD8wGpe2uYcAjnhc2MF5DeZf+8syxRnTBYsud9
+dBDCjQkYUKEihmqz31SjojoxaYutFkEe5//Nov2BxxoyVHtpjmLWtEdhVTAkcYTt
+05aO30leUBQ3IX97K68s6GFA1nJCe5WrcpCgjA/718N5tGuvc53zACLzpdEaCm5g
+2nowfRP/lx/faFCC1/ePjlT+1g9BJiaqFBaWR2iQ9VR8nKNws4ULCu6uNr5xtpG9
+LIw3C6DrBWtzVHAiZvz6Ufma4u5TlFxR4IlFS2aY7QzL9+EYqrogZUZIvDH3nOHs
+qS/t+CBbItxpb25X5EI/jruhmHplgHmdqdstRtyxjObEOdm5TV4+oRTIA6YYc4Cz
+TXrdjDkOECV+U/OYzHWxKFyCarn6d81pRu79RuksIhE0uAd5rxT5uJlzf9UuQjFr
+63XCVmLnVXuF4qpdfT7lj0cvtGz/Z7itSPgR3gzu/VnR+u+kdAvRgtDg0BJqV/Om
+vJLAnlJxc0bhwVmWB6q1Tmy3ZpDMsEGz7fLsbUQp+TcjNfrFCTrRgMppUdET5fFc
+8+kUQiLjZYYYINwpeS3cU+5tOtNNsnbgt1xkvbQvJ7qEjL8wF3J4j62M36dKCo5p
+LOq4p2liZ+06x9mtaX7NIg==
+-----END ENCRYPTED PRIVATE KEY-----
+</key>
+
+# Verify server certificate by checking
+# that the certicate has the nsCertType
+# field set to "server".  This is an
+# important precaution to protect against
+# a potential attack discussed here:
+#  http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the nsCertType
+# field set to "server".  The build-key-server
+# script in the easy-rsa folder will do this.
+#
+# Note!
+# The option "ns-cert-type" has been deprecated since 
+# version 2.4 and will be removed from later distributions.
+#
+# Use the modern equivalent "remote-cert-tls"
+# 
+;ns-cert-type server
+remote-cert-tls server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+#
+# Don't forget to set the 'key-direction' Parameter if using
+# Inline Key. Usualy , sever has key direction '0', while client
+# has ke direction '1'.
+#
+key-direction 1
+<tls-auth>
+-----BEGIN OpenVPN Static key V1-----
+0f871c0affde12bf4aa4c3683db554ab
+5b289badc22171c46f4fcf749b94c3b3
+fc8da02a98f067a6b624e3755ff08e28
+6c74f622bcb49a31b94bf9e9e9619fd7
+2949dddce9997bdd6b8c08bf7785baba
+54267e89eabf34f4e729d09dad95fbb4
+f254ed52de9287436f718c138f29e927
+36a77a01b8801be92da98eec772e1d9f
+eb568dc508531ca7dbb92af3098f812f
+4b7bcff4c0badbd34b6e168fc7312da1
+030559d8278ea9d2ac200da87d4b9283
+8994c85e9ef639c82214107f12d67f9a
+d71ca5d6a991bf778222f8a87eb99009
+1e1de4379406d4008daf98437ffe0e98
+0dd90d7d41239a14489e6d077740e97a
+90b30b8b8f445e78073ae1f365601bb1
+-----END OpenVPN Static key V1-----
+</tls-auth>
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+;cipher BF-CBC        # Blowfish (default)
+;cipher AES-128-CBC   # AES
+;cipher DES-EDE3-CBC  # Triple-DES
+cipher none
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+;comp-lzo
+
+# Verbosity level.
+# 0 -- quiet except for fatal errors.
+# 1 -- mostly quiet, but display non-fatal network errors.
+# 3 -- medium output, good for normal operation.
+# 9 -- verbose, good for troubleshooting
+verb 1
+
+# Setting 'pull' on the client takes care to get the 'push' durectives
+# from the server
+pull

SPR-BE/openvpn/spr/crl.pem

@@ -0,0 +1,18 @@
+-----BEGIN X509 CRL-----
+MIIC5zCB0DANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCREUxDzANBgNVBAgT
+BkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNV
+BAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1TUFIxEDAOBgNVBCkT
+B1ZQTiBTUFIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlFw0xODAzMTgx
+ODA4MTlaGA8yMDUwMDMxODE4MDgxOVowDQYJKoZIhvcNAQELBQADggIBAJCORgWK
+d6nbaAD4ZdnTMAfqRxkiSLyQ1PMTnriA0A6NxXWr905HYwcrPROpSOSF4YCluDwe
+dLmYgfzqJ/FhygXk45Ko9QNnsN6/222CBO0LThN829B3pq4oRmykXVyAp6gCyK3K
++T+GljZ67LOwOe0wz1zqrv2MbqqBeHLkOqlpKnaXSPTFGNhTzwWSUPlubV43Fi8+
+amedFAhchCIAQ8QJ2oY0wE6cnmkPZx5Gd1hmZZxVo/Xh2kBjj2oprxF3R2vMDl3J
+LSkpArUVRuRjo545oSFtEq5qlbuW8L5krgivAPqdGXcvn4fK/2pwzWwPqJxa5MYY
++dHFr29pYcWYT5p0mcZOH56RCTYIGCxNrEnofSgCeotN5q/0/SCbTUT8zUeyPl4P
+FFIeWpifGh6EDB8IW5XtHmxxMykO3g8CPE8KvTRODFj3cYk2DxMgniIX/CoIsNux
+BZ3aMf4KaU5GF3wKipdWe1RBzrO2v5o6nsOKlR8atTsg56pfKZCfqglJwHnblRm2
+DA/Nc8UcCS4DM+wtHgCyhA/ssZGpv0Wli+I004Kwn1BQjpnfwHU/6upSGVza5q37
+NZtJIoh1wSmu3weDaoSgRThSC6KrjlIt7rXeLxfa2qv5h4v1drm5CV65vp/x8nuo
+09TJ/dsYQRRsHXQiSv4Bw6Kiv5t6P+21G6lq
+-----END X509 CRL-----

SPR-BE/openvpn/spr/easy-rsa/build-ca

@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-ca

SPR-BE/openvpn/spr/easy-rsa/build-dh

@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-dh

SPR-BE/openvpn/spr/easy-rsa/build-inter

@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-inter

SPR-BE/openvpn/spr/easy-rsa/build-key

@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key

SPR-BE/openvpn/spr/easy-rsa/build-key-pass

@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-pass

SPR-BE/openvpn/spr/easy-rsa/build-key-pkcs12

@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-pkcs12

SPR-BE/openvpn/spr/easy-rsa/build-key-server

@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-server

SPR-BE/openvpn/spr/easy-rsa/build-req

@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-req

SPR-BE/openvpn/spr/easy-rsa/build-req-pass

@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-req-pass

SPR-BE/openvpn/spr/easy-rsa/clean-all

@@ -0,0 +1 @@
+/usr/share/easy-rsa/clean-all

SPR-BE/openvpn/spr/easy-rsa/inherit-inter

@@ -0,0 +1 @@
+/usr/share/easy-rsa/inherit-inter

SPR-BE/openvpn/spr/easy-rsa/list-crl

@@ -0,0 +1 @@
+/usr/share/easy-rsa/list-crl

SPR-BE/openvpn/spr/easy-rsa/openssl-0.9.6.cnf

@@ -0,0 +1,268 @@
+# For use with easy-rsa version 2.0
+
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		= 
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key	 	# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha256		# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options. 
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType			= server
+nsComment			= "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always

SPR-BE/openvpn/spr/easy-rsa/openssl-0.9.8.cnf

@@ -0,0 +1,293 @@
+# For use with easy-rsa version 2.0
+
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines                 = engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key	 	# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha256		# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType			= server
+nsComment			= "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0

SPR-BE/openvpn/spr/easy-rsa/openssl-1.0.0.cnf

@@ -0,0 +1,290 @@
+# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines			= engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key		# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+#default_days	= 3650			# how long to certify for
+default_days   = 11688
+#default_crl_days= 30			# how long before next CRL
+default_crl_days   = 11688
+default_md	= sha256		# use public key default MD
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString (PKIX recommendation after 2004).
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType                     = server
+nsComment                      = "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0

SPR-BE/openvpn/spr/easy-rsa/openssl-1.0.0.cnf.ORIG

@@ -0,0 +1,288 @@
+# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines			= engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key		# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha256		# use public key default MD
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString (PKIX recommendation after 2004).
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType                     = server
+nsComment                      = "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0

SPR-BE/openvpn/spr/easy-rsa/openssl.cnf

@@ -0,0 +1 @@
+/etc/openvpn/spr/easy-rsa/openssl-1.0.0.cnf

SPR-BE/openvpn/spr/easy-rsa/pkitool

@@ -0,0 +1 @@
+/usr/share/easy-rsa/pkitool

SPR-BE/openvpn/spr/easy-rsa/revoke-full

@@ -0,0 +1 @@
+/usr/share/easy-rsa/revoke-full

SPR-BE/openvpn/spr/easy-rsa/sign-req

@@ -0,0 +1 @@
+/usr/share/easy-rsa/sign-req

SPR-BE/openvpn/spr/easy-rsa/vars

@@ -0,0 +1,96 @@
+# easy-rsa parameter settings
+
+# NOTE: If you installed from an RPM,
+# don't edit this file in place in
+# /usr/share/openvpn/easy-rsa --
+# instead, you should copy the whole
+# easy-rsa directory to another location
+# (such as /etc/openvpn) so that your
+# edits will not be wiped out by a future
+# OpenVPN package upgrade.
+
+# This variable should point to
+# the top level of the easy-rsa
+# tree.
+##export EASY_RSA="`pwd`"
+export BASE_DIR="/etc/openvpn/spr"
+export EASY_RSA="$BASE_DIR/easy-rsa"
+
+#
+# This variable should point to
+# the requested executables
+#
+export OPENSSL="openssl"
+export PKCS11TOOL="pkcs11-tool"
+export GREP="grep"
+
+
+# This variable should point to
+# the openssl.cnf file included
+# with easy-rsa.
+export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
+
+# Edit this variable to point to
+# your soon-to-be-created key
+# directory.
+#
+# WARNING: clean-all will do
+# a rm -rf on this directory
+# so make sure you define
+# it correctly!
+##export KEY_DIR="$EASY_RSA/keys"
+export KEY_DIR="$BASE_DIR/keys"
+
+# Issue rm -rf warning
+echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
+
+# PKCS11 fixes
+export PKCS11_MODULE_PATH="dummy"
+export PKCS11_PIN="dummy"
+
+# Increase this to 2048 if you
+# are paranoid.  This will slow
+# down TLS negotiation performance
+# as well as the one-time DH parms
+# generation process.
+##export KEY_SIZE=2048
+export KEY_SIZE=4096
+
+# In how many days should the root CA key expire?
+##export CA_EXPIRE=3650
+export CA_EXPIRE=11688
+
+# In how many days should certificates expire?
+##export KEY_EXPIRE=3650
+export KEY_EXPIRE=7305
+
+# These are the default values for fields
+# which will be placed in the certificate.
+# Don't leave any of these fields blank.
+##export KEY_COUNTRY="US"
+export KEY_COUNTRY="DE"
+##export KEY_PROVINCE="CA"
+export KEY_PROVINCE="Berlin"
+##export KEY_CITY="SanFrancisco"
+export KEY_CITY="Berlin"
+##export KEY_ORG="Fort-Funston"
+export KEY_ORG="o.open"
+##export KEY_EMAIL="me@myhost.mydomain"
+export KEY_EMAIL="argus@oopen.de"
+##export KEY_OU="MyOrganizationalUnit"
+export KEY_OU="Network Services"
+
+# X509 Subject Field
+##export KEY_NAME="EasyRSA"
+export KEY_NAME="VPN SPR"
+
+# PKCS11 Smart Card
+# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
+# export PKCS11_PIN=1234
+
+# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
+# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
+## export KEY_CN="CommonName"
+export KEY_CN="VPN-SPR"
+
+export KEY_ALTNAMES="VPN-SPR"

SPR-BE/openvpn/spr/easy-rsa/vars.2018-03-18-1700

@@ -0,0 +1,80 @@
+# easy-rsa parameter settings
+
+# NOTE: If you installed from an RPM,
+# don't edit this file in place in
+# /usr/share/openvpn/easy-rsa --
+# instead, you should copy the whole
+# easy-rsa directory to another location
+# (such as /etc/openvpn) so that your
+# edits will not be wiped out by a future
+# OpenVPN package upgrade.
+
+# This variable should point to
+# the top level of the easy-rsa
+# tree.
+export EASY_RSA="`pwd`"
+
+#
+# This variable should point to
+# the requested executables
+#
+export OPENSSL="openssl"
+export PKCS11TOOL="pkcs11-tool"
+export GREP="grep"
+
+
+# This variable should point to
+# the openssl.cnf file included
+# with easy-rsa.
+export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
+
+# Edit this variable to point to
+# your soon-to-be-created key
+# directory.
+#
+# WARNING: clean-all will do
+# a rm -rf on this directory
+# so make sure you define
+# it correctly!
+export KEY_DIR="$EASY_RSA/keys"
+
+# Issue rm -rf warning
+echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
+
+# PKCS11 fixes
+export PKCS11_MODULE_PATH="dummy"
+export PKCS11_PIN="dummy"
+
+# Increase this to 2048 if you
+# are paranoid.  This will slow
+# down TLS negotiation performance
+# as well as the one-time DH parms
+# generation process.
+export KEY_SIZE=2048
+
+# In how many days should the root CA key expire?
+export CA_EXPIRE=3650
+
+# In how many days should certificates expire?
+export KEY_EXPIRE=3650
+
+# These are the default values for fields
+# which will be placed in the certificate.
+# Don't leave any of these fields blank.
+export KEY_COUNTRY="US"
+export KEY_PROVINCE="CA"
+export KEY_CITY="SanFrancisco"
+export KEY_ORG="Fort-Funston"
+export KEY_EMAIL="me@myhost.mydomain"
+export KEY_OU="MyOrganizationalUnit"
+
+# X509 Subject Field
+export KEY_NAME="EasyRSA"
+
+# PKCS11 Smart Card
+# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
+# export PKCS11_PIN=1234
+
+# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
+# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
+# export KEY_CN="CommonName"

SPR-BE/openvpn/spr/easy-rsa/whichopensslcnf

@@ -0,0 +1 @@
+/usr/share/easy-rsa/whichopensslcnf

SPR-BE/openvpn/spr/keys-created.txt

@@ -0,0 +1,4 @@
+
+key...............: chris.key
+common name.......: VPN-SPR-chris
+password..........: dbddhkpuka.&EadGl15E.

SPR-BE/openvpn/spr/keys/01.pem

@@ -0,0 +1,141 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-SPR/name=VPN SPR/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Mar 18 18:08:15 2018 GMT
+            Not After : Mar 18 18:08:15 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-SPR-server/name=VPN SPR/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:f5:57:0f:71:d1:a5:17:ec:2c:74:fd:16:8f:f7:
+                    8d:16:80:5f:0a:60:e9:3b:9e:65:19:fe:30:71:41:
+                    14:55:f3:f8:17:5a:10:c8:b7:16:1c:bf:21:63:bb:
+                    33:64:75:f0:3a:a9:9b:1a:27:68:33:71:fc:85:a7:
+                    f8:7f:b2:f5:31:c4:39:a2:e4:2e:53:8b:3d:20:49:
+                    0d:e7:83:83:82:54:ff:05:00:5e:5a:e5:e1:b4:9d:
+                    2e:0b:61:c2:71:19:11:10:30:2e:ed:95:62:01:70:
+                    f2:5f:77:25:71:8b:2b:b3:4d:f2:68:13:41:85:3f:
+                    03:82:88:98:89:e5:58:b4:83:e2:65:1f:5e:c1:b1:
+                    b9:80:54:35:f4:00:7e:92:fe:e5:2a:ad:c1:d1:b8:
+                    f3:33:f9:c8:de:ac:08:87:84:5c:61:65:25:a7:cc:
+                    7d:c1:b8:00:63:59:31:68:af:8e:0d:26:ef:62:7c:
+                    93:a8:94:32:18:fb:19:0e:d6:39:36:d8:89:35:eb:
+                    82:5e:cd:32:a0:b9:6b:37:83:c7:51:7e:24:38:84:
+                    d9:dd:c3:6c:f9:5e:7a:aa:c8:7e:d8:3b:ee:e3:bb:
+                    b5:9f:87:b8:c1:ce:91:a6:d5:5c:76:e0:cb:40:f8:
+                    97:4a:3d:bc:0a:d3:06:1b:08:ef:72:50:7c:b9:c5:
+                    72:3f:3a:c6:70:da:d5:4f:db:c9:a4:7a:d2:ac:56:
+                    e5:71:37:34:42:48:f8:8b:d1:ce:ae:34:2b:71:5b:
+                    9c:9d:47:5c:47:6e:f0:90:55:95:a3:81:de:f3:a9:
+                    34:c2:9e:9e:be:e3:ce:f5:46:e1:70:7a:42:d4:71:
+                    c9:78:f7:b4:a0:9e:2f:db:97:e6:e3:44:a4:55:29:
+                    1a:d5:d2:23:b8:a5:37:47:40:5d:c1:1f:67:4d:84:
+                    b6:67:2c:bc:dd:83:ea:1a:75:a7:96:f9:90:7c:29:
+                    47:32:72:fe:79:d4:b8:48:13:e1:80:a9:d2:06:20:
+                    ff:52:16:e8:7c:58:86:ab:3e:9a:ff:f4:c0:e0:7e:
+                    aa:46:eb:16:53:5c:9b:9e:b6:07:8f:a7:1d:68:0a:
+                    81:80:49:1e:45:05:78:d1:7f:0c:29:b9:06:9e:19:
+                    2d:d2:39:a1:a0:dc:d6:54:ac:da:da:20:0e:6d:a2:
+                    22:04:23:95:3b:5e:8a:6c:e9:53:b2:41:8a:86:98:
+                    89:e9:a8:60:45:f0:ba:8b:50:c3:4b:a0:a2:a5:16:
+                    ac:d3:27:bd:dc:a4:dc:b7:69:39:10:60:5e:6f:56:
+                    7a:dd:1a:e7:7d:bd:06:3d:be:b5:09:44:48:79:c7:
+                    69:f1:ea:48:60:6b:cb:eb:5a:43:7c:36:0a:a4:05:
+                    d4:ff:ef
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Server
+            Netscape Comment: 
+                Easy-RSA Generated Server Certificate
+            X509v3 Subject Key Identifier: 
+                AE:A8:6B:BE:2E:F3:60:22:A3:76:8F:4F:F5:26:69:83:AC:2E:19:29
+            X509v3 Authority Key Identifier: 
+                keyid:74:A2:83:1B:95:EB:45:FC:38:D0:71:AC:6A:F5:22:D6:DA:CE:27:0B
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-SPR/name=VPN SPR/emailAddress=argus@oopen.de
+                serial:96:BC:22:64:4D:21:54:99
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+            X509v3 Subject Alternative Name: 
+                DNS:server
+    Signature Algorithm: sha256WithRSAEncryption
+         b4:51:ec:9d:ec:39:ed:c1:29:83:0e:e8:eb:c3:ec:5f:0e:1d:
+         53:d7:51:b9:d2:2e:90:09:a3:27:e8:f7:24:3f:de:15:d9:92:
+         22:80:ae:12:ab:17:5f:a1:7e:01:44:be:54:28:d8:76:42:ba:
+         60:77:7c:46:1d:42:6d:a9:25:ae:57:52:94:f7:76:44:b9:93:
+         de:a4:a7:c8:a3:4a:8d:72:bd:96:15:9a:42:37:b0:1c:e0:38:
+         7d:72:53:45:dc:11:28:62:e5:7d:0f:f9:32:21:81:8a:23:39:
+         85:05:bc:46:6a:23:34:a9:38:a3:fd:3e:a6:76:ae:82:d3:32:
+         a3:d4:6d:7e:33:0c:91:b2:04:26:99:ab:eb:43:9c:22:ab:ca:
+         ce:b1:c0:e9:10:0c:5b:cc:4e:42:8e:c9:e0:1d:59:b1:83:64:
+         57:7a:02:38:bc:b8:4b:ff:be:36:3f:a0:66:43:c6:1a:7e:17:
+         5a:d6:b8:5b:a7:08:7a:9f:e7:3c:00:0e:0b:46:f1:a1:90:73:
+         bd:b4:3e:11:a3:b6:96:4d:30:24:75:fb:fd:24:cc:63:b7:ac:
+         a5:6e:06:ba:1c:c2:6a:b2:fe:59:6e:5a:53:dc:0f:dc:e4:6f:
+         28:7d:c0:b1:cd:e9:14:95:06:ef:e9:91:7d:39:55:62:61:3c:
+         72:8f:0f:35:b4:e8:9b:49:50:41:2f:07:6d:3f:1f:92:94:ed:
+         e2:10:d3:08:75:43:cc:da:7f:00:3b:f9:d2:f1:97:21:2d:c5:
+         d0:30:2e:0e:84:1b:fd:3c:bd:ab:9d:bf:b7:18:ad:01:36:6c:
+         43:7e:04:33:29:14:b1:c7:68:64:a9:cc:85:57:67:f7:a3:3e:
+         c2:d5:a7:bf:f4:20:fb:41:91:2c:8f:6a:c5:d3:55:76:0f:79:
+         3d:12:59:d7:0e:59:f6:02:0c:31:07:39:09:55:97:40:e1:a9:
+         27:01:ad:fa:42:d7:67:14:7b:0f:e6:e3:1d:6f:28:71:17:9f:
+         de:97:2f:d1:a6:95:ba:d4:42:80:9c:0e:db:06:91:8e:bb:c4:
+         af:23:ae:85:9f:e2:57:e4:4a:87:e1:d0:64:9f:9a:15:30:c8:
+         bc:96:ea:da:98:eb:0a:5a:be:13:70:d6:35:50:0e:48:07:2b:
+         8a:19:e5:35:e6:a7:a2:ca:42:50:7b:bc:72:ea:99:4d:b8:2c:
+         06:75:e9:a6:c1:45:1e:97:42:9b:5b:a4:61:92:3c:45:88:31:
+         f4:1f:da:e4:01:72:f9:93:08:e4:66:4d:2c:4c:2f:19:10:49:
+         21:52:ca:18:59:38:76:79:ae:99:8e:ac:20:85:85:af:a8:b6:
+         ab:73:04:66:d5:56:a5:9e
+-----BEGIN CERTIFICATE-----
+MIIHRDCCBSygAwIBAgIBATANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1TUFIx
+EDAOBgNVBCkTB1ZQTiBTUFIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRl
+MB4XDTE4MDMxODE4MDgxNVoXDTM4MDMxODE4MDgxNVowgaUxCzAJBgNVBAYTAkRF
+MQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5v
+cGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRcwFQYDVQQDEw5WUE4tU1BS
+LXNlcnZlcjEQMA4GA1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
+b29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQD1Vw9x0aUX
+7Cx0/RaP940WgF8KYOk7nmUZ/jBxQRRV8/gXWhDItxYcvyFjuzNkdfA6qZsaJ2gz
+cfyFp/h/svUxxDmi5C5Tiz0gSQ3ng4OCVP8FAF5a5eG0nS4LYcJxGREQMC7tlWIB
+cPJfdyVxiyuzTfJoE0GFPwOCiJiJ5Vi0g+JlH17BsbmAVDX0AH6S/uUqrcHRuPMz
++cjerAiHhFxhZSWnzH3BuABjWTFor44NJu9ifJOolDIY+xkO1jk22Ik164JezTKg
+uWs3g8dRfiQ4hNndw2z5XnqqyH7YO+7ju7Wfh7jBzpGm1Vx24MtA+JdKPbwK0wYb
+CO9yUHy5xXI/OsZw2tVP28mketKsVuVxNzRCSPiL0c6uNCtxW5ydR1xHbvCQVZWj
+gd7zqTTCnp6+4871RuFwekLUccl497Sgni/bl+bjRKRVKRrV0iO4pTdHQF3BH2dN
+hLZnLLzdg+oadaeW+ZB8KUcycv551LhIE+GAqdIGIP9SFuh8WIarPpr/9MDgfqpG
+6xZTXJuetgePpx1oCoGASR5FBXjRfwwpuQaeGS3SOaGg3NZUrNraIA5toiIEI5U7
+Xops6VOyQYqGmInpqGBF8LqLUMNLoKKlFqzTJ73cpNy3aTkQYF5vVnrdGud9vQY9
+vrUJREh5x2nx6khga8vrWkN8NgqkBdT/7wIDAQABo4IBgjCCAX4wCQYDVR0TBAIw
+ADARBglghkgBhvhCAQEEBAMCBkAwNAYJYIZIAYb4QgENBCcWJUVhc3ktUlNBIEdl
+bmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFK6oa74u82Aio3aP
+T/UmaYOsLhkpMIHTBgNVHSMEgcswgciAFHSigxuV60X8ONBxrGr1ItbazicLoYGk
+pIGhMIGeMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZC
+ZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNl
+czEQMA4GA1UEAxMHVlBOLVNQUjEQMA4GA1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3
+DQEJARYOYXJndXNAb29wZW4uZGWCCQCWvCJkTSFUmTATBgNVHSUEDDAKBggrBgEF
+BQcDATALBgNVHQ8EBAMCBaAwEQYDVR0RBAowCIIGc2VydmVyMA0GCSqGSIb3DQEB
+CwUAA4ICAQC0Ueyd7DntwSmDDujrw+xfDh1T11G50i6QCaMn6PckP94V2ZIigK4S
+qxdfoX4BRL5UKNh2Qrpgd3xGHUJtqSWuV1KU93ZEuZPepKfIo0qNcr2WFZpCN7Ac
+4Dh9clNF3BEoYuV9D/kyIYGKIzmFBbxGaiM0qTij/T6mdq6C0zKj1G1+MwyRsgQm
+mavrQ5wiq8rOscDpEAxbzE5CjsngHVmxg2RXegI4vLhL/742P6BmQ8Yafhda1rhb
+pwh6n+c8AA4LRvGhkHO9tD4Ro7aWTTAkdfv9JMxjt6ylbga6HMJqsv5ZblpT3A/c
+5G8ofcCxzekUlQbv6ZF9OVViYTxyjw81tOibSVBBLwdtPx+SlO3iENMIdUPM2n8A
+O/nS8ZchLcXQMC4OhBv9PL2rnb+3GK0BNmxDfgQzKRSxx2hkqcyFV2f3oz7C1ae/
+9CD7QZEsj2rF01V2D3k9ElnXDln2AgwxBzkJVZdA4aknAa36QtdnFHsP5uMdbyhx
+F5/ely/RppW61EKAnA7bBpGOu8SvI66Fn+JX5EqH4dBkn5oVMMi8luramOsKWr4T
+cNY1UA5IByuKGeU15qeiykJQe7xy6plNuCwGdemmwUUel0KbW6RhkjxFiDH0H9rk
+AXL5kwjkZk0sTC8ZEEkhUsoYWTh2ea6ZjqwghYWvqLarcwRm1Valng==
+-----END CERTIFICATE-----

SPR-BE/openvpn/spr/keys/02.pem

@@ -0,0 +1,139 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-SPR/name=VPN SPR/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Mar 18 22:20:38 2018 GMT
+            Not After : Mar 18 22:20:38 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-SPR-chris/name=VPN SPR/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:b9:f3:5e:69:06:7b:97:3e:45:6d:15:c2:45:e0:
+                    e1:ee:9e:3d:78:f1:49:0c:ea:ef:84:43:37:1b:ca:
+                    c5:fc:1f:ec:2a:11:06:13:fa:cb:34:36:5d:f9:99:
+                    be:e9:9e:b2:a1:c7:3d:b2:3f:62:33:09:0d:a7:3d:
+                    95:82:9c:04:c6:12:01:2f:88:5b:a5:aa:3d:d0:bc:
+                    35:89:a9:1b:24:50:7e:f2:61:a0:a9:71:16:40:f2:
+                    4c:3e:69:39:3e:52:d3:05:c1:25:ff:9e:66:c2:69:
+                    1f:a8:25:59:ba:1a:25:dc:ff:e0:9a:4e:38:f1:45:
+                    18:ea:f1:55:0c:a3:a7:46:32:98:26:6f:dd:97:34:
+                    9e:ca:94:84:a7:20:c5:74:c3:9b:4f:46:da:85:73:
+                    7b:f5:f4:9a:3b:b6:a7:54:8a:e5:a9:42:ca:e7:5a:
+                    74:4e:2c:ce:2e:17:41:24:9c:b5:7e:18:19:0e:f5:
+                    c3:f8:ef:ef:25:67:01:17:48:00:bf:76:60:9f:d7:
+                    c7:df:70:1a:55:91:76:89:4c:50:1c:ab:2d:96:18:
+                    a6:11:1c:88:d6:52:c1:70:32:1d:78:bf:82:25:ed:
+                    79:44:79:fc:8b:9a:67:41:40:ce:05:98:0e:57:4a:
+                    6f:99:03:e0:25:b3:a7:5b:4f:be:55:76:6b:0e:64:
+                    89:ac:07:ce:ad:bb:4c:4e:ec:5c:97:c2:e9:44:e7:
+                    a7:61:88:7d:70:2a:67:b4:bd:70:74:f5:0f:66:03:
+                    30:aa:e5:51:f3:27:6c:1a:f0:c9:95:60:ad:61:e5:
+                    50:de:86:7f:69:66:68:69:dc:d6:5a:2a:93:5f:49:
+                    f6:fe:6e:7f:9b:03:fd:08:88:d9:1d:b7:5f:bc:48:
+                    c6:a7:d1:c7:64:17:db:cb:cf:19:4b:e0:6f:aa:88:
+                    f3:bf:e4:a4:f1:9e:23:ba:ba:28:05:d3:5b:ac:03:
+                    0f:28:6f:85:3a:9b:a1:23:fb:c4:d0:7f:5b:a6:2a:
+                    73:4f:d0:16:cd:8f:c4:74:d3:05:13:19:98:49:11:
+                    93:c5:5d:fa:ac:4a:c1:96:0b:2b:fe:05:b9:c4:07:
+                    19:67:a6:eb:11:7f:5c:d6:30:27:f8:bb:58:60:b8:
+                    86:30:af:01:33:7c:25:93:51:08:b3:e8:10:fa:f0:
+                    66:db:86:8b:00:fe:8f:05:f0:43:25:fe:76:38:e3:
+                    6e:4a:68:e8:d2:46:86:76:98:01:03:1e:b5:76:2e:
+                    19:61:2f:84:cc:c4:12:12:f0:ee:6b:95:c4:10:c8:
+                    b7:9f:55:03:99:5f:4b:2f:ad:8d:e4:73:59:a2:09:
+                    97:52:00:dc:dd:06:40:4f:58:66:13:32:52:de:80:
+                    94:c9:af
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                F1:1A:D1:0C:E4:87:42:01:F0:4A:19:4E:E2:10:97:98:7A:7F:28:0F
+            X509v3 Authority Key Identifier: 
+                keyid:74:A2:83:1B:95:EB:45:FC:38:D0:71:AC:6A:F5:22:D6:DA:CE:27:0B
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-SPR/name=VPN SPR/emailAddress=argus@oopen.de
+                serial:96:BC:22:64:4D:21:54:99
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:chris
+    Signature Algorithm: sha256WithRSAEncryption
+         3a:88:81:de:5c:a6:41:7c:43:58:54:ac:78:49:1e:8d:02:23:
+         28:a8:d3:5c:ce:08:a4:29:ac:bb:a6:e2:cf:1f:d4:1d:3c:a9:
+         4c:70:3a:57:3c:d9:40:a1:ea:df:c2:8c:df:e1:61:b4:33:84:
+         7b:61:fe:96:72:5e:80:09:5e:3d:40:93:13:2d:be:66:a9:c9:
+         1d:e0:95:58:f1:6f:01:c2:ea:c3:63:ea:16:43:0c:a3:57:9e:
+         45:cb:61:7b:33:4d:0c:75:d2:95:a9:3f:9d:47:ce:09:0e:5b:
+         15:09:ee:a8:56:5b:ff:7c:44:70:a4:bd:49:1f:b7:b9:9f:ac:
+         77:bf:42:e8:64:61:7b:e0:42:31:89:23:76:74:01:bf:19:b0:
+         28:7a:c1:27:6a:11:4d:10:70:93:98:40:a3:5b:1a:34:48:f6:
+         57:c3:4c:4d:4d:35:58:d1:b6:67:14:68:53:d2:94:b5:98:b8:
+         f0:2b:e3:f5:01:5b:4a:49:89:f7:02:ea:35:2d:ce:6a:4f:7e:
+         ce:29:92:ba:bf:f4:97:54:a4:ef:47:db:2d:7b:ed:34:aa:53:
+         ce:98:5e:40:5f:f5:aa:71:bb:79:7c:bc:cf:94:41:17:41:eb:
+         d8:ec:fb:93:92:36:fb:59:c3:2c:af:99:4a:f9:24:eb:a3:33:
+         a6:d4:08:df:8f:59:ca:3c:a7:27:6f:50:dc:c8:60:2e:c7:f0:
+         e9:de:ee:08:95:57:a4:36:d1:74:a8:31:de:2c:b9:1e:d6:df:
+         b8:c0:90:6d:36:15:b5:07:84:ec:05:a1:db:45:f2:8a:39:52:
+         82:ee:11:d0:78:9b:ab:a5:f9:08:de:ed:0b:11:4f:bd:01:34:
+         5c:72:01:4c:d7:b0:52:16:e2:a7:e4:e7:40:32:f1:70:e5:9c:
+         1c:c6:7e:de:0b:0e:c3:e1:9a:60:cc:75:62:6a:2a:df:76:4d:
+         fa:79:01:d1:fa:81:af:22:dc:b5:b5:0b:1b:0d:64:57:65:17:
+         58:d7:bd:17:7a:a3:92:f0:a8:4c:c4:67:05:7c:1f:f5:3c:23:
+         79:94:ac:2c:ac:a2:ea:b0:dd:ba:7a:f1:37:3e:71:0d:b9:6d:
+         94:b5:ea:ee:5c:d7:bc:61:e5:53:2f:21:b5:53:cd:1d:48:1d:
+         44:61:a2:fc:1c:63:df:36:d7:68:7e:27:d6:ec:c7:b4:6f:8c:
+         c0:88:c0:44:2e:f3:5a:63:36:ed:18:c7:a3:6e:6e:11:49:43:
+         aa:48:ff:53:5e:17:82:3b:1f:f2:ac:af:80:f5:9e:0d:06:ef:
+         12:0e:63:1f:72:a6:15:48:d1:94:a8:1c:7f:7b:d7:a0:89:41:
+         b0:40:45:9d:20:2d:e2:6b
+-----BEGIN CERTIFICATE-----
+MIIHKDCCBRCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1TUFIx
+EDAOBgNVBCkTB1ZQTiBTUFIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRl
+MB4XDTE4MDMxODIyMjAzOFoXDTM4MDMxODIyMjAzOFowgaQxCzAJBgNVBAYTAkRF
+MQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5v
+cGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRYwFAYDVQQDEw1WUE4tU1BS
+LWNocmlzMRAwDgYDVQQpEwdWUE4gU1BSMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bv
+b3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALnzXmkGe5c+
+RW0VwkXg4e6ePXjxSQzq74RDNxvKxfwf7CoRBhP6yzQ2XfmZvumesqHHPbI/YjMJ
+Dac9lYKcBMYSAS+IW6WqPdC8NYmpGyRQfvJhoKlxFkDyTD5pOT5S0wXBJf+eZsJp
+H6glWboaJdz/4JpOOPFFGOrxVQyjp0YymCZv3Zc0nsqUhKcgxXTDm09G2oVze/X0
+mju2p1SK5alCyudadE4szi4XQSSctX4YGQ71w/jv7yVnARdIAL92YJ/Xx99wGlWR
+dolMUByrLZYYphEciNZSwXAyHXi/giXteUR5/IuaZ0FAzgWYDldKb5kD4CWzp1tP
+vlV2aw5kiawHzq27TE7sXJfC6UTnp2GIfXAqZ7S9cHT1D2YDMKrlUfMnbBrwyZVg
+rWHlUN6Gf2lmaGnc1loqk19J9v5uf5sD/QiI2R23X7xIxqfRx2QX28vPGUvgb6qI
+87/kpPGeI7q6KAXTW6wDDyhvhTqboSP7xNB/W6Yqc0/QFs2PxHTTBRMZmEkRk8Vd
++qxKwZYLK/4FucQHGWem6xF/XNYwJ/i7WGC4hjCvATN8JZNRCLPoEPrwZtuGiwD+
+jwXwQyX+djjjbkpo6NJGhnaYAQMetXYuGWEvhMzEEhLw7muVxBDIt59VA5lfSy+t
+jeRzWaIJl1IA3N0GQE9YZhMyUt6AlMmvAgMBAAGjggFnMIIBYzAJBgNVHRMEAjAA
+MC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUw
+HQYDVR0OBBYEFPEa0Qzkh0IB8EoZTuIQl5h6fygPMIHTBgNVHSMEgcswgciAFHSi
+gxuV60X8ONBxrGr1ItbazicLoYGkpIGhMIGeMQswCQYDVQQGEwJERTEPMA0GA1UE
+CBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcG
+A1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLVNQUjEQMA4GA1UE
+KRMHVlBOIFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQCWvCJk
+TSFUmTATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEAYDVR0RBAkw
+B4IFY2hyaXMwDQYJKoZIhvcNAQELBQADggIBADqIgd5cpkF8Q1hUrHhJHo0CIyio
+01zOCKQprLum4s8f1B08qUxwOlc82UCh6t/CjN/hYbQzhHth/pZyXoAJXj1AkxMt
+vmapyR3glVjxbwHC6sNj6hZDDKNXnkXLYXszTQx10pWpP51HzgkOWxUJ7qhWW/98
+RHCkvUkft7mfrHe/QuhkYXvgQjGJI3Z0Ab8ZsCh6wSdqEU0QcJOYQKNbGjRI9lfD
+TE1NNVjRtmcUaFPSlLWYuPAr4/UBW0pJifcC6jUtzmpPfs4pkrq/9JdUpO9H2y17
+7TSqU86YXkBf9apxu3l8vM+UQRdB69js+5OSNvtZwyyvmUr5JOujM6bUCN+PWco8
+pydvUNzIYC7H8One7giVV6Q20XSoMd4suR7W37jAkG02FbUHhOwFodtF8oo5UoLu
+EdB4m6ul+Qje7QsRT70BNFxyAUzXsFIW4qfk50Ay8XDlnBzGft4LDsPhmmDMdWJq
+Kt92Tfp5AdH6ga8i3LW1CxsNZFdlF1jXvRd6o5LwqEzEZwV8H/U8I3mUrCysouqw
+3bp68Tc+cQ25bZS16u5c17xh5VMvIbVTzR1IHURhovwcY98212h+J9bsx7RvjMCI
+wEQu81pjNu0Yx6NubhFJQ6pI/1NeF4I7H/Ksr4D1ng0G7xIOYx9yphVI0ZSoHH97
+16CJQbBARZ0gLeJr
+-----END CERTIFICATE-----

SPR-BE/openvpn/spr/keys/ca.crt

@@ -0,0 +1,39 @@
+-----BEGIN CERTIFICATE-----
+MIIGzDCCBLSgAwIBAgIJAJa8ImRNIVSZMA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMH
+VlBOLVNQUjEQMA4GA1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
+b29wZW4uZGUwIBcNMTgwMzE4MTYwMTU3WhgPMjA1MDAzMTgxNjAxNTdaMIGeMQsw
+CQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzAN
+BgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UE
+AxMHVlBOLVNQUjEQMA4GA1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3DQEJARYOYXJn
+dXNAb29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDEhmCg
+nhfyO/Z8q6/cyBTn7/K74AJRHl+8sUv/YFf0AOTgIrO93qdzDZf16IioZ/2+lg5X
+0exZGcXCIEOnWlrnDiVYYsVyYrCWOhhhLBv5Oe+OZCOwWEBY/+/M9Zp2OUgS5zJ6
+1DX4rtmb+WsAjcNJJmZV6q9M0gEZsuCfpgrNGADpuTCEa4RMk7z4mG/yjh0dkT1a
+RT2vAYD2RgUdVyR/xFQNflWh101i06kKwrJOuBT+iopBbyz3X2NkkBba+F9qoOpJ
+3NiOr4UfIMW6chUQiF1+8/PPtVIPkYFjNpUF5l1HXQBjwRCZZPYog1w701jN0G4u
+9GH6ZJjCBzvuSS8lo5jMdUillMh7EoCNdZTq+LgM8ZAro6GJh9oOXf3YL3RBMTfX
+aLFTxHzN+PCG53buZkNiM23OaackKyeOhXbDIQwiaTOcANVGpXrh63Qoj7BFbKx0
+pLTynp6IUXBbsE+ToX5y/BAtm8Q4DXLLe0h82zJIQ/ZBhTorQaMbi0VpLD0zkamM
+YWdZPVnAv+SOAt/uVVLN9aFUZO4V1ebBKVhYY56iW/OlugcSNo7vRcrvBFLI9TLU
+cS9euI4HxKldRZOejoTIbQXVEV7fZ1v1YHC7dafW/YJIJTkliTCQ05E8eiW/0zQd
+V1DWNIiPBOKm1LnMkVr+Aa1JpgpcEEN7ngMvswIDAQABo4IBBzCCAQMwHQYDVR0O
+BBYEFHSigxuV60X8ONBxrGr1ItbazicLMIHTBgNVHSMEgcswgciAFHSigxuV60X8
+ONBxrGr1ItbazicLoYGkpIGhMIGeMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVy
+bGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQ
+TmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLVNQUjEQMA4GA1UEKRMHVlBO
+IFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQCWvCJkTSFUmTAM
+BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQBkzH3PqKEHjXZytQY7usSL
+6uAjH2jMhZb96GJpMNdpgzntACGjYl80Vxtwj0aIAYyOyIbfA9VyZsnc4dsYqJ82
+bN/K3AlEHeMBaxhrD6qOdyoXkwjx80WfvtF/FTyMHxsCIR/N2l0BM6THKOLMZWB2
+TmY/QBBsD+/nSwy/4JOeeJvtxuY0IXu0aONM+n4tDoVO9O7EyvpzcfrT/SosbtBB
+mBI1hH7/ThmXswvcrN7rCn00yaJC5Qv9HN4osKihzgigS5jh4lOYAvXhxTGU9Nzm
+kH21ONSNZql/mZCfs97RaoM7l2Uap5ex5vPA4BJvQ4WXWL89GYJGwTuOmIf77aX3
+Aoxl8ntuiE9R9oQKqcFe9uW25c1h1o6DRglc6oBEP1T40Ni8b/cTnwSeES4RiYAK
+ScSturvc/Nj2Z5nzR5iVKo/mW9SBHlbk52HvsIIhFRMoHahIcv2Z4+nyUPMlJCly
+lvp9yEFCnjwVbc3ruUqtYQHDxJf/SkBxuCLkN7W7W2voq1mOSOl3i7Aw2zf/kmG7
+BTLQVfIkUKLR6F2erz6QdEn8mST/Niz0la9mfK34ZgdG0zFZ0j5lLC3YnW91lr7B
+hlwVD/nIqjSOFLHdK2d/lefY1ZHcTbs3fUA8oKp8CdJb1NhfUWprigKHsSVHyqJ1
+CAgKxVPrsd1y2i/Xhg74YQ==
+-----END CERTIFICATE-----

SPR-BE/openvpn/spr/keys/ca.key

@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQDEhmCgnhfyO/Z8
+q6/cyBTn7/K74AJRHl+8sUv/YFf0AOTgIrO93qdzDZf16IioZ/2+lg5X0exZGcXC
+IEOnWlrnDiVYYsVyYrCWOhhhLBv5Oe+OZCOwWEBY/+/M9Zp2OUgS5zJ61DX4rtmb
++WsAjcNJJmZV6q9M0gEZsuCfpgrNGADpuTCEa4RMk7z4mG/yjh0dkT1aRT2vAYD2
+RgUdVyR/xFQNflWh101i06kKwrJOuBT+iopBbyz3X2NkkBba+F9qoOpJ3NiOr4Uf
+IMW6chUQiF1+8/PPtVIPkYFjNpUF5l1HXQBjwRCZZPYog1w701jN0G4u9GH6ZJjC
+BzvuSS8lo5jMdUillMh7EoCNdZTq+LgM8ZAro6GJh9oOXf3YL3RBMTfXaLFTxHzN
++PCG53buZkNiM23OaackKyeOhXbDIQwiaTOcANVGpXrh63Qoj7BFbKx0pLTynp6I
+UXBbsE+ToX5y/BAtm8Q4DXLLe0h82zJIQ/ZBhTorQaMbi0VpLD0zkamMYWdZPVnA
+v+SOAt/uVVLN9aFUZO4V1ebBKVhYY56iW/OlugcSNo7vRcrvBFLI9TLUcS9euI4H
+xKldRZOejoTIbQXVEV7fZ1v1YHC7dafW/YJIJTkliTCQ05E8eiW/0zQdV1DWNIiP
+BOKm1LnMkVr+Aa1JpgpcEEN7ngMvswIDAQABAoICAARc82I9gEyZdjR4X1QogQZR
+NnNjWsnQQdHfoc9OpUU+i9ZKDvGFMvSD9b645efPPzvu+uyKNZQY1WIk8zuQ7vm4
+P64Bq16JwF/ldEsb/pb+6UmhAYXVv7/6FqnXPhGn3ejFh0Jg2b3mq+AhnnWJsC88
+kgMQTcoH04xtgz0oI49AHC0UNnaKKIrGsOhYAgxBiXXxloodhWwQPXu6PDzVhXLs
+uez+xAnuzMIH7vXVMr46qgSosL8ZJ8dqL7u40zkTUJL+dZUkOQ6Z6Puy75DfHYab
+cG/0HJKc9PBxi4zXVmGmJqYB85NDYwn0yt5FZFPTsmIHYZrbRB2aBCYyoOr+ZvSF
+/44fBymBWiCNkTSHPp6aJUKh5pUxbpV5JWQtQZMbzc4sWONRhqwLnIQITuJg4b1q
+szWH9xyzrceBNCpKvaIWA8++cAexTR648NW4KxO3Po5EYlAYkfZFBsK3SvE18noV
+hMK/Yis8yBVDCTsg45LlACxi/ErYQAGfY1s4kfBYhJgy5aWow9MnKdnA5v5menOw
+w7N4YkrBy4iRcE2NZzd6YQY6ow0+LcEQMoPyj7UKVnmb2EgMRvjEKMngSdEeHL7w
+Amp+fEzgFGIaNZCxBLwOV7waF8mF3QH5/T4sIl3JfQ1oDDv/yFUJwnROR/RDgJ3X
+PCFyWvPEOBUbd1U4TpqJAoIBAQDrmm7QAY1X9brxH2L10QunCbUcx/B9ckzfDrOW
+D/OXgvDZKS9Vkb76MqUUExbdTjRQncUoma5KiVb2DnmGbQubUmgCiD4CEOeWuJl1
+6MQuOu2qjbCbK6iQIO01Lqz6Dbm3ZebobYB+qrnK5OMIhbHhlBTRhP+j5X1Q0vzv
+jTFMFdW3xt+S0aoc0Y5gLjw6i6Q2gXNgxenrCgyuAxJng82xX25O5DyvsXatxOw5
+DbFj7/96OeWc7OFluhpHAxCsgYgG7ff8UyUzr85DoAVSfU7nqMr/M9WmiTQ7Vvwa
+Ku5KtlaGVX5Pv4PCY+ECX07/YyDOXTdg+uwCuS8ROTaIGxOVAoIBAQDVid6Cvh2Z
+9nvq4Q+tIgem3NTmVrrh9QQNdW/HzAwdUvekDgL3Jlev+aO8D3YQHtJJndTJQ46m
+3H5jE+Rzs+Ld5FlpWS2NUMVya/QuUpUPmJ4lml7jsqof52To8NXKi74drNJt6PHq
+uRFUPPHAlLu+IvinSErCCezcDh75Hkf7b43MMFhH5s8msIC2f18SQI3SNnsdyL2u
+zJI4zYPg1lJ3Cn0gt3V97kkGT+FuRgUj5u5fXkvORi0+2TMmyWqybkZA+RQyRhC+
+rAs6qlxVfEvQt1vnGehDefSlyKlrXHdhyKJJ8RZROvbwNY8XDYo/zm3a7MPnLjWr
+FdMq8uymCWQnAoIBAD/ZpYhns0eQR+6K5AXcdnz5a4T2Rp2ouV6GHHNhtVFtYhpo
+R/S3v/sMeKJ9HegyBomGiGUdaRe4KsIaYCLnMIsShS+SfsOOk0TMmIJU573jqH9d
+UOxso40T71VHZgeKardiPXbmHjm1yQ5Mg57OpMuOlynFEob3bcPWuketixukmzvo
+ALVIbwLKY/x660WujH1dDci/OkrBeXg7SuSU2szkIP/uaOfwf0pOoPpBVL7Rzvnv
+8ONbayZnjjGKih1GKXg/S8KtQdrFHXBEUMzvOtAbdZA+Gvu8GVSvmTj6Q4Qp8D8N
+smKoc2veJ5+99qnN0pk6uARnXEjMqQ3Q5I90TxUCggEAX54mtuCunJyUjG5O+LW+
+O2ezJZk8gaWXNPebIBosao0WOq3Tghv3M+NTAAjkUv+aJkC4YY8Qt4MQTQlBSNYK
+BlYT+2plTVwXrc7NPljYSm2Kk0f2qXr9Vt/kfbIp6VJ9xQf4CiM/AF3ydof7sMJo
+9xDtyupCH3UWTMs970sx7FLdactUHI4rwCVU3WNXjPK/Dpw6sPGMjlMoPqs4HFub
+/ZYCxb2grM0ggeUPCrPr5VGo96dfxnQCGpxjnUCfuFpMtxdRhdl98gNT2+chBV5t
+DH6udmNRb7WSaRHbWynCg1S15uo/lgwTOyigdDAp8bxb0KYoasJ0YbGaJycz9H1M
+DQKCAQBElhUv4LAHzwIJJN5dnhUgqraSDzn7es5zRM1MPc+cFfLuZOrHSldFZ6ss
+DrHZ7+FdBqxPHqBso/iUsKZqmPMZFwrVjiGuRvZm6XqH076Zpq7iijQh+DlT67h/
+G3IbYAcH8h6mBSxDHoDDZSDIB6kw2zczSET/XViDtEQOnZD35n9KpI5n81o3iCi3
+R7bpeJe2aDWiWSMnSTE2q6hjw9yKDe/dcHswVGR6VwPdkwAnFPf3Kaa1e4OKWgyt
+c9nDLtdNLw24XZtEHxJrCBlZGfSGVR+l7IMzIAw76sbfh5H0opOQUMYvY+i7mkiq
+iNFVi9ygF7UxmEskpH/4gFKMSJZq
+-----END PRIVATE KEY-----

SPR-BE/openvpn/spr/keys/chris.crt

@@ -0,0 +1,139 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-SPR/name=VPN SPR/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Mar 18 22:20:38 2018 GMT
+            Not After : Mar 18 22:20:38 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-SPR-chris/name=VPN SPR/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:b9:f3:5e:69:06:7b:97:3e:45:6d:15:c2:45:e0:
+                    e1:ee:9e:3d:78:f1:49:0c:ea:ef:84:43:37:1b:ca:
+                    c5:fc:1f:ec:2a:11:06:13:fa:cb:34:36:5d:f9:99:
+                    be:e9:9e:b2:a1:c7:3d:b2:3f:62:33:09:0d:a7:3d:
+                    95:82:9c:04:c6:12:01:2f:88:5b:a5:aa:3d:d0:bc:
+                    35:89:a9:1b:24:50:7e:f2:61:a0:a9:71:16:40:f2:
+                    4c:3e:69:39:3e:52:d3:05:c1:25:ff:9e:66:c2:69:
+                    1f:a8:25:59:ba:1a:25:dc:ff:e0:9a:4e:38:f1:45:
+                    18:ea:f1:55:0c:a3:a7:46:32:98:26:6f:dd:97:34:
+                    9e:ca:94:84:a7:20:c5:74:c3:9b:4f:46:da:85:73:
+                    7b:f5:f4:9a:3b:b6:a7:54:8a:e5:a9:42:ca:e7:5a:
+                    74:4e:2c:ce:2e:17:41:24:9c:b5:7e:18:19:0e:f5:
+                    c3:f8:ef:ef:25:67:01:17:48:00:bf:76:60:9f:d7:
+                    c7:df:70:1a:55:91:76:89:4c:50:1c:ab:2d:96:18:
+                    a6:11:1c:88:d6:52:c1:70:32:1d:78:bf:82:25:ed:
+                    79:44:79:fc:8b:9a:67:41:40:ce:05:98:0e:57:4a:
+                    6f:99:03:e0:25:b3:a7:5b:4f:be:55:76:6b:0e:64:
+                    89:ac:07:ce:ad:bb:4c:4e:ec:5c:97:c2:e9:44:e7:
+                    a7:61:88:7d:70:2a:67:b4:bd:70:74:f5:0f:66:03:
+                    30:aa:e5:51:f3:27:6c:1a:f0:c9:95:60:ad:61:e5:
+                    50:de:86:7f:69:66:68:69:dc:d6:5a:2a:93:5f:49:
+                    f6:fe:6e:7f:9b:03:fd:08:88:d9:1d:b7:5f:bc:48:
+                    c6:a7:d1:c7:64:17:db:cb:cf:19:4b:e0:6f:aa:88:
+                    f3:bf:e4:a4:f1:9e:23:ba:ba:28:05:d3:5b:ac:03:
+                    0f:28:6f:85:3a:9b:a1:23:fb:c4:d0:7f:5b:a6:2a:
+                    73:4f:d0:16:cd:8f:c4:74:d3:05:13:19:98:49:11:
+                    93:c5:5d:fa:ac:4a:c1:96:0b:2b:fe:05:b9:c4:07:
+                    19:67:a6:eb:11:7f:5c:d6:30:27:f8:bb:58:60:b8:
+                    86:30:af:01:33:7c:25:93:51:08:b3:e8:10:fa:f0:
+                    66:db:86:8b:00:fe:8f:05:f0:43:25:fe:76:38:e3:
+                    6e:4a:68:e8:d2:46:86:76:98:01:03:1e:b5:76:2e:
+                    19:61:2f:84:cc:c4:12:12:f0:ee:6b:95:c4:10:c8:
+                    b7:9f:55:03:99:5f:4b:2f:ad:8d:e4:73:59:a2:09:
+                    97:52:00:dc:dd:06:40:4f:58:66:13:32:52:de:80:
+                    94:c9:af
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                F1:1A:D1:0C:E4:87:42:01:F0:4A:19:4E:E2:10:97:98:7A:7F:28:0F
+            X509v3 Authority Key Identifier: 
+                keyid:74:A2:83:1B:95:EB:45:FC:38:D0:71:AC:6A:F5:22:D6:DA:CE:27:0B
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-SPR/name=VPN SPR/emailAddress=argus@oopen.de
+                serial:96:BC:22:64:4D:21:54:99
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:chris
+    Signature Algorithm: sha256WithRSAEncryption
+         3a:88:81:de:5c:a6:41:7c:43:58:54:ac:78:49:1e:8d:02:23:
+         28:a8:d3:5c:ce:08:a4:29:ac:bb:a6:e2:cf:1f:d4:1d:3c:a9:
+         4c:70:3a:57:3c:d9:40:a1:ea:df:c2:8c:df:e1:61:b4:33:84:
+         7b:61:fe:96:72:5e:80:09:5e:3d:40:93:13:2d:be:66:a9:c9:
+         1d:e0:95:58:f1:6f:01:c2:ea:c3:63:ea:16:43:0c:a3:57:9e:
+         45:cb:61:7b:33:4d:0c:75:d2:95:a9:3f:9d:47:ce:09:0e:5b:
+         15:09:ee:a8:56:5b:ff:7c:44:70:a4:bd:49:1f:b7:b9:9f:ac:
+         77:bf:42:e8:64:61:7b:e0:42:31:89:23:76:74:01:bf:19:b0:
+         28:7a:c1:27:6a:11:4d:10:70:93:98:40:a3:5b:1a:34:48:f6:
+         57:c3:4c:4d:4d:35:58:d1:b6:67:14:68:53:d2:94:b5:98:b8:
+         f0:2b:e3:f5:01:5b:4a:49:89:f7:02:ea:35:2d:ce:6a:4f:7e:
+         ce:29:92:ba:bf:f4:97:54:a4:ef:47:db:2d:7b:ed:34:aa:53:
+         ce:98:5e:40:5f:f5:aa:71:bb:79:7c:bc:cf:94:41:17:41:eb:
+         d8:ec:fb:93:92:36:fb:59:c3:2c:af:99:4a:f9:24:eb:a3:33:
+         a6:d4:08:df:8f:59:ca:3c:a7:27:6f:50:dc:c8:60:2e:c7:f0:
+         e9:de:ee:08:95:57:a4:36:d1:74:a8:31:de:2c:b9:1e:d6:df:
+         b8:c0:90:6d:36:15:b5:07:84:ec:05:a1:db:45:f2:8a:39:52:
+         82:ee:11:d0:78:9b:ab:a5:f9:08:de:ed:0b:11:4f:bd:01:34:
+         5c:72:01:4c:d7:b0:52:16:e2:a7:e4:e7:40:32:f1:70:e5:9c:
+         1c:c6:7e:de:0b:0e:c3:e1:9a:60:cc:75:62:6a:2a:df:76:4d:
+         fa:79:01:d1:fa:81:af:22:dc:b5:b5:0b:1b:0d:64:57:65:17:
+         58:d7:bd:17:7a:a3:92:f0:a8:4c:c4:67:05:7c:1f:f5:3c:23:
+         79:94:ac:2c:ac:a2:ea:b0:dd:ba:7a:f1:37:3e:71:0d:b9:6d:
+         94:b5:ea:ee:5c:d7:bc:61:e5:53:2f:21:b5:53:cd:1d:48:1d:
+         44:61:a2:fc:1c:63:df:36:d7:68:7e:27:d6:ec:c7:b4:6f:8c:
+         c0:88:c0:44:2e:f3:5a:63:36:ed:18:c7:a3:6e:6e:11:49:43:
+         aa:48:ff:53:5e:17:82:3b:1f:f2:ac:af:80:f5:9e:0d:06:ef:
+         12:0e:63:1f:72:a6:15:48:d1:94:a8:1c:7f:7b:d7:a0:89:41:
+         b0:40:45:9d:20:2d:e2:6b
+-----BEGIN CERTIFICATE-----
+MIIHKDCCBRCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1TUFIx
+EDAOBgNVBCkTB1ZQTiBTUFIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRl
+MB4XDTE4MDMxODIyMjAzOFoXDTM4MDMxODIyMjAzOFowgaQxCzAJBgNVBAYTAkRF
+MQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5v
+cGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRYwFAYDVQQDEw1WUE4tU1BS
+LWNocmlzMRAwDgYDVQQpEwdWUE4gU1BSMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bv
+b3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALnzXmkGe5c+
+RW0VwkXg4e6ePXjxSQzq74RDNxvKxfwf7CoRBhP6yzQ2XfmZvumesqHHPbI/YjMJ
+Dac9lYKcBMYSAS+IW6WqPdC8NYmpGyRQfvJhoKlxFkDyTD5pOT5S0wXBJf+eZsJp
+H6glWboaJdz/4JpOOPFFGOrxVQyjp0YymCZv3Zc0nsqUhKcgxXTDm09G2oVze/X0
+mju2p1SK5alCyudadE4szi4XQSSctX4YGQ71w/jv7yVnARdIAL92YJ/Xx99wGlWR
+dolMUByrLZYYphEciNZSwXAyHXi/giXteUR5/IuaZ0FAzgWYDldKb5kD4CWzp1tP
+vlV2aw5kiawHzq27TE7sXJfC6UTnp2GIfXAqZ7S9cHT1D2YDMKrlUfMnbBrwyZVg
+rWHlUN6Gf2lmaGnc1loqk19J9v5uf5sD/QiI2R23X7xIxqfRx2QX28vPGUvgb6qI
+87/kpPGeI7q6KAXTW6wDDyhvhTqboSP7xNB/W6Yqc0/QFs2PxHTTBRMZmEkRk8Vd
++qxKwZYLK/4FucQHGWem6xF/XNYwJ/i7WGC4hjCvATN8JZNRCLPoEPrwZtuGiwD+
+jwXwQyX+djjjbkpo6NJGhnaYAQMetXYuGWEvhMzEEhLw7muVxBDIt59VA5lfSy+t
+jeRzWaIJl1IA3N0GQE9YZhMyUt6AlMmvAgMBAAGjggFnMIIBYzAJBgNVHRMEAjAA
+MC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUw
+HQYDVR0OBBYEFPEa0Qzkh0IB8EoZTuIQl5h6fygPMIHTBgNVHSMEgcswgciAFHSi
+gxuV60X8ONBxrGr1ItbazicLoYGkpIGhMIGeMQswCQYDVQQGEwJERTEPMA0GA1UE
+CBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcG
+A1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLVNQUjEQMA4GA1UE
+KRMHVlBOIFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQCWvCJk
+TSFUmTATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEAYDVR0RBAkw
+B4IFY2hyaXMwDQYJKoZIhvcNAQELBQADggIBADqIgd5cpkF8Q1hUrHhJHo0CIyio
+01zOCKQprLum4s8f1B08qUxwOlc82UCh6t/CjN/hYbQzhHth/pZyXoAJXj1AkxMt
+vmapyR3glVjxbwHC6sNj6hZDDKNXnkXLYXszTQx10pWpP51HzgkOWxUJ7qhWW/98
+RHCkvUkft7mfrHe/QuhkYXvgQjGJI3Z0Ab8ZsCh6wSdqEU0QcJOYQKNbGjRI9lfD
+TE1NNVjRtmcUaFPSlLWYuPAr4/UBW0pJifcC6jUtzmpPfs4pkrq/9JdUpO9H2y17
+7TSqU86YXkBf9apxu3l8vM+UQRdB69js+5OSNvtZwyyvmUr5JOujM6bUCN+PWco8
+pydvUNzIYC7H8One7giVV6Q20XSoMd4suR7W37jAkG02FbUHhOwFodtF8oo5UoLu
+EdB4m6ul+Qje7QsRT70BNFxyAUzXsFIW4qfk50Ay8XDlnBzGft4LDsPhmmDMdWJq
+Kt92Tfp5AdH6ga8i3LW1CxsNZFdlF1jXvRd6o5LwqEzEZwV8H/U8I3mUrCysouqw
+3bp68Tc+cQ25bZS16u5c17xh5VMvIbVTzR1IHURhovwcY98212h+J9bsx7RvjMCI
+wEQu81pjNu0Yx6NubhFJQ6pI/1NeF4I7H/Ksr4D1ng0G7xIOYx9yphVI0ZSoHH97
+16CJQbBARZ0gLeJr
+-----END CERTIFICATE-----

SPR-BE/openvpn/spr/keys/chris.csr

@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIE6jCCAtICAQAwgaQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMRYwFAYDVQQDEw1WUE4tU1BSLWNocmlzMRAwDgYDVQQpEwdWUE4g
+U1BSMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCCAiIwDQYJKoZIhvcN
+AQEBBQADggIPADCCAgoCggIBALnzXmkGe5c+RW0VwkXg4e6ePXjxSQzq74RDNxvK
+xfwf7CoRBhP6yzQ2XfmZvumesqHHPbI/YjMJDac9lYKcBMYSAS+IW6WqPdC8NYmp
+GyRQfvJhoKlxFkDyTD5pOT5S0wXBJf+eZsJpH6glWboaJdz/4JpOOPFFGOrxVQyj
+p0YymCZv3Zc0nsqUhKcgxXTDm09G2oVze/X0mju2p1SK5alCyudadE4szi4XQSSc
+tX4YGQ71w/jv7yVnARdIAL92YJ/Xx99wGlWRdolMUByrLZYYphEciNZSwXAyHXi/
+giXteUR5/IuaZ0FAzgWYDldKb5kD4CWzp1tPvlV2aw5kiawHzq27TE7sXJfC6UTn
+p2GIfXAqZ7S9cHT1D2YDMKrlUfMnbBrwyZVgrWHlUN6Gf2lmaGnc1loqk19J9v5u
+f5sD/QiI2R23X7xIxqfRx2QX28vPGUvgb6qI87/kpPGeI7q6KAXTW6wDDyhvhTqb
+oSP7xNB/W6Yqc0/QFs2PxHTTBRMZmEkRk8Vd+qxKwZYLK/4FucQHGWem6xF/XNYw
+J/i7WGC4hjCvATN8JZNRCLPoEPrwZtuGiwD+jwXwQyX+djjjbkpo6NJGhnaYAQMe
+tXYuGWEvhMzEEhLw7muVxBDIt59VA5lfSy+tjeRzWaIJl1IA3N0GQE9YZhMyUt6A
+lMmvAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAgEAJngSSAfyxqID3NeeFhxtpb0I
+FE3bQs8tr6UjJusGPGpqLt42t6AZV36saj11WQqt+coexxz6rtevbIThKmi5jleY
+FBjt64cL47TeHY3aM4zIZ7n3YVcxGIbgZS5rDmYYFmydiI7PfOo9P2qUaLoB8I2l
+XL4SKv6NqKuu8k1rKiRt7WjZi3h6YG3P2DhU4BwkP7L/d9JjlLNOcsU7lCS2x/W+
+aBu0wYGZJNb0yxKdY1g0q5G4ciJGtisOt87DPyPi5uMK9zGCrOgdAFNvgYyL7HWy
+sdRPNorcnJxKl2OGTGSGMfy/H8dl7eHnFCtfYlDg1CKPFTrv6RypFE4f0/U1H7n5
+pk2rRKewgsSoex7YZrU8iVgs6/GZZwd+bfSzML0nAgp7Zg9CGV9UmGfgrTz6IdUH
+Me2iZXOSLrHBM8e9rBsDiTC7Fasd/9vm1oTJyEV29aWLodXRVOmE+pA5kloH6Mbk
+CZmKYxU2yBbuHRO7+f3aLa9sMzu5FW+X71qNczTWJ9nGY+mQ9OyPZAYXloRjgchj
+N5rIPu0zJhkWz3m84QG5y3ZCmzVkpqdfQPaY/B0xN9LytqlPcn+wvhiS+DK3PtYL
+jH1vvxaqfnIi89xnCuKEi1o8+SkpCsIKIjZlHAjM76KFnPc6f7w5Jfwh8Ax2jnQ/
++jtW4o7Fj0YKLjomVvo=
+-----END CERTIFICATE REQUEST-----

SPR-BE/openvpn/spr/keys/chris.key

@@ -0,0 +1,54 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI3P+UTRrv91ECAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECIGofT8rXdMtBIIJSMRkl94ROVWC
+v/madZNyDie+Wlec4pGWYgur/dfgeQyjMEleu642IrvRFgJwdZOhEEIDc/syOHzx
+Hiy6zxvWcnMAfzQKwHcMI4HsOcqtZKiA/UZ+mXIH8H0HW62N8WHpryqpVyZC5EZj
+0bFaulmD7rV0MtYS2z5pfGLTnKvsDIE3rMvwyZTcRSA6Zt3bOxsJN+SjD4AlmJbk
+XERauxx47EmvPle3aIna625eIQjfniLxrEq0e5E8FQdZipHzqKz3Pub2bepAbmFO
+S3t1Eqk3DkA1mG5PKog1IrTgFAJ24tk/EZuFLzGEL0Wc5hdtcIijJh0Us8w0lWJ1
+RMp2+Pr6zMZSK5L1GYubi0IfASsAmBPewLPt/cUqdNuaCFc1dUuaX2/1gtBl/G16
+s6GFwjK8BhMuYi3Z2ehwNCA2koWA9nGbWzT4CSL63Znupc0ieCBob1UqrbtiaIPn
+xMFrKvO2wdnDJiKyNVCx3jUeN7700E2BCdS/G1WLoocQZTooQGJIpWUhcjvf6wXa
+AZhz+z/uFBXslWEB4O3t8VTk2M2/dKqJOg6yg+MwpAQSOd/8ogV0VOpft5GD/t4c
+6mgBs5lwtau7GbTFj060X15znpzvtPRUrNbL5QrK9DpLw+vvYB+IwCq/CVpjjchz
+g3nkpPw0O0gzGf6AEBJLGsfGljifMc1pDd0KNNkAweZSOg5XufFJpjiFnuXS5Puo
+O+vnvy0iie1e0KzMBrWJWY1vt9JuNRI85qNcftRNnyboQBmnnBAvdA5hiYib7+lY
+akB6UNwkREl40/FsDYxJl4yLbtUC/Lr1hEmyQt4ZEI9v96nW/L0/qlOyiYNAP1r0
+/PEKfRKn7uMZnJXZ0SYf9uMfdy8M56DYEEG3X08F6MWVbEozGbbF8l46FH/9cqFp
+/crtnJZi/1W/A12wmzSgGk2zzLtr+drZ8w/rO0sI5Ptjh+G1dSqSTobCb0bOC7+t
+H+6vesuSAdEQuxasbleh1IyBKkPRwNf4FqAumFfZDKlh0+PVw/waSEIcg5Ef4whV
+EI6rUHigVoZ7AtU/XsjJ3YkRulBXgIOVNCHCJqd8tRqgc5dUeG1652L3q5sIljtE
+nT1t/CEGOd+/rjLwbYl7ZdW3E67QovB/CRIh/B23u4jsbdBkZgeRINcrwbOIXE6t
+jhzO6uGjVuu/6VxMBRSSfxvIsMVCt1rDumadckn+MMOM8E/jT7qN+5QAurdSVnPq
+d7R6M14Jlz39NXXYkdAjNpAH9XX+8y/isOD1La6J+bcxpO7BqcAlQTzhgwB56DrN
+UZ234vaAW1hNtSjNS0e3jZ6noiEjfG6qOw5+DxtXLP9Rq5DwjPrIc2dscY4//foM
+u1NvDB4SloHVy1r01sEA5OqO4KyJsxXotKMeY6k92c2SmP7E461UHLn54LTLOs3t
+iuzug6aJh9nK/NOGprJoNgI9C/46phTTfPE73eUVCpbnbd46dZ8qpMnil4YIpk1L
++mOZCDOQD0H1CmFRXu+EzZsZLDLFjLtKtiGO/ifxs+zdNpLCcJyycPy44zteoMFq
+mra1b3hFgGestzHz/2ANY6gIe5sZikZVXgTRP9oZYQ7Wm0c1PVqQ003n60hJlajx
+a+EItIYkQl16BZCBbanDuKwofXmxtGZXtU84qcRIzs6X4NSb1N+0xwBC0TM+xYnN
+ZmX6hkj/ELYbrktcML6yJyDJz2UvMRaORBnrUjfisJ8dUFSKX6J0JCQ5IMSyZjeL
+Vzv7CRKFQ3VTvWgAtY31yjpNrr6oHJQ+Wk8B987IAKIKqIBH+RYiBlf3jQVrB3vl
+kQ93LqTXw2Iiapevb0fEREwoU9qEC/lTv39nrYIpHXMlpfQqFLGMPgS1VP5fQzrU
+QET6SCxYaehYT64aWBARpYUcwc7xMA8WwLc40f1JfXvmbIZ4dC4OZeIHNyy+kDu2
+hVKL7bI6jGZVTmFKGXYF9iMjiV8m4q19WqgvBkKZFzmTAZ4gasieHtOi+TzrEH+u
+G06wcEilg6o9NS2JkNl8H+ReOasnhPs/nuWZlB7hUNXnPA6QARQGZEuk6lKAxl6V
+zjtniLdRsZwVBKb8lExcP+BQ0KovnaLOzorFdISlsuOCwt4YWUbQkN1LMDMd1bq9
+Z3ThemCCOvn4C/Ez6DzFul22jTj8s5XPPZXUKEpu8p6Spt7rCYA8+MLoYmeS1Ztu
+L4ufZler6891KMkn2mLhSb91IB/5MDomgo9H9rBJA5JWa6hG/QV/wTxR2WkKuJAv
+IX8Zkhs5pQBTh+WDf9W5ftv4fqqowEOOztN+XotNAqaSmTE8vTxjePbnDAX5+iyp
+s40aHaxj9BFZrj0/Sp0StL9OzgV8qN8rxeblSoBFU0nx3bTAp76CM6fvp0XqK0el
+Ua6PdBBHKmp0RQoguX99cz3WYNqxTWMWE8c9aoXakBGff1Uz1Qgq0Y7kFnaXxCRM
+aUbkPMBOeMJrt1fQQWSlzurYXAO8pPn63uzZGhiplYh6fJQ3m+8m+AYGwzLTXEkS
+Z88Ox1CCdtR40brDba0pvkRNfOkD8wGpe2uYcAjnhc2MF5DeZf+8syxRnTBYsud9
+dBDCjQkYUKEihmqz31SjojoxaYutFkEe5//Nov2BxxoyVHtpjmLWtEdhVTAkcYTt
+05aO30leUBQ3IX97K68s6GFA1nJCe5WrcpCgjA/718N5tGuvc53zACLzpdEaCm5g
+2nowfRP/lx/faFCC1/ePjlT+1g9BJiaqFBaWR2iQ9VR8nKNws4ULCu6uNr5xtpG9
+LIw3C6DrBWtzVHAiZvz6Ufma4u5TlFxR4IlFS2aY7QzL9+EYqrogZUZIvDH3nOHs
+qS/t+CBbItxpb25X5EI/jruhmHplgHmdqdstRtyxjObEOdm5TV4+oRTIA6YYc4Cz
+TXrdjDkOECV+U/OYzHWxKFyCarn6d81pRu79RuksIhE0uAd5rxT5uJlzf9UuQjFr
+63XCVmLnVXuF4qpdfT7lj0cvtGz/Z7itSPgR3gzu/VnR+u+kdAvRgtDg0BJqV/Om
+vJLAnlJxc0bhwVmWB6q1Tmy3ZpDMsEGz7fLsbUQp+TcjNfrFCTrRgMppUdET5fFc
+8+kUQiLjZYYYINwpeS3cU+5tOtNNsnbgt1xkvbQvJ7qEjL8wF3J4j62M36dKCo5p
+LOq4p2liZ+06x9mtaX7NIg==
+-----END ENCRYPTED PRIVATE KEY-----

SPR-BE/openvpn/spr/keys/crl.pem

@@ -0,0 +1 @@
+../crl.pem

SPR-BE/openvpn/spr/keys/dh4096.pem

@@ -0,0 +1,13 @@
+-----BEGIN DH PARAMETERS-----
+MIICCAKCAgEA8HMy/i1H5AJVhuI3mRhJyAW+60dvO7tHI24uyoVwvUPpyoz5VWYw
+XtqTF1a2pOQNsDORvofWgdV6zoj/pzaWUV1IT4TbTxif/G30a7cMbOKK9yQK5cWZ
+CiaDjh96gEL64qF5qk4o2m/9Yg0qQE3NhJvt9VDz/EcfFu78OJP259/6KsPozSwk
+id93JjaMtXUmoAcLclylvVfKAV0uP03PzO8XlsVQnXYy+zSpvC0nhYpPATMcMFeY
+pDxbhoBaN51VoMP+CUeCZp0/s7hZBsistMVoh/Qgkhorru0TpAhsNVUwG0GfMbE1
+jm3Rq1LMT3rFhlxXy2imiSd4Q2dGz5SBjmjwyQ3Jdoovji62q3MfjMTVi1CI4OMH
+kjDZQiLu3nD8DpgHELfDi/Olel8VnSvQ1j1OOINw2MM4h0tINWKMuKKoBFxG2lCl
+86CYZ6nZKlN99FH3dz6vQjzM03zkB+w05PC6mXSkzkoLaTD+pyU/Q9mbwUyfE4ZE
+T79sJ+tBl1uSNPAflqx8AJYkJIHY1STR9YeAk03ZUF21GZtALSJH/+Vy3BbApKEY
++YpemjqXeUoQ9rMYEJu8O26E78KbSqjt/hh+9CKnqllqbXI6EdAV23MlFimxoFSw
+NvOeD3iyUAlqC2RccNwUD8z2z1/fHozcYHE1GCBgXCsVm9HUV38BQVMCAQI=
+-----END DH PARAMETERS-----

SPR-BE/openvpn/spr/keys/index.txt

@@ -0,0 +1,2 @@
+V	380318180815Z		01	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-SPR-server/name=VPN SPR/emailAddress=argus@oopen.de
+V	380318222038Z		02	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-SPR-chris/name=VPN SPR/emailAddress=argus@oopen.de

SPR-BE/openvpn/spr/keys/index.txt.attr

@@ -0,0 +1 @@
+unique_subject = yes

SPR-BE/openvpn/spr/keys/index.txt.attr.old

@@ -0,0 +1 @@
+unique_subject = yes

SPR-BE/openvpn/spr/keys/index.txt.old

@@ -0,0 +1 @@
+V	380318180815Z		01	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-SPR-server/name=VPN SPR/emailAddress=argus@oopen.de

SPR-BE/openvpn/spr/keys/serial

@@ -0,0 +1 @@
+03

SPR-BE/openvpn/spr/keys/serial.old

@@ -0,0 +1 @@
+02

SPR-BE/openvpn/spr/keys/server.crt

@@ -0,0 +1,141 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-SPR/name=VPN SPR/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Mar 18 18:08:15 2018 GMT
+            Not After : Mar 18 18:08:15 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-SPR-server/name=VPN SPR/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:f5:57:0f:71:d1:a5:17:ec:2c:74:fd:16:8f:f7:
+                    8d:16:80:5f:0a:60:e9:3b:9e:65:19:fe:30:71:41:
+                    14:55:f3:f8:17:5a:10:c8:b7:16:1c:bf:21:63:bb:
+                    33:64:75:f0:3a:a9:9b:1a:27:68:33:71:fc:85:a7:
+                    f8:7f:b2:f5:31:c4:39:a2:e4:2e:53:8b:3d:20:49:
+                    0d:e7:83:83:82:54:ff:05:00:5e:5a:e5:e1:b4:9d:
+                    2e:0b:61:c2:71:19:11:10:30:2e:ed:95:62:01:70:
+                    f2:5f:77:25:71:8b:2b:b3:4d:f2:68:13:41:85:3f:
+                    03:82:88:98:89:e5:58:b4:83:e2:65:1f:5e:c1:b1:
+                    b9:80:54:35:f4:00:7e:92:fe:e5:2a:ad:c1:d1:b8:
+                    f3:33:f9:c8:de:ac:08:87:84:5c:61:65:25:a7:cc:
+                    7d:c1:b8:00:63:59:31:68:af:8e:0d:26:ef:62:7c:
+                    93:a8:94:32:18:fb:19:0e:d6:39:36:d8:89:35:eb:
+                    82:5e:cd:32:a0:b9:6b:37:83:c7:51:7e:24:38:84:
+                    d9:dd:c3:6c:f9:5e:7a:aa:c8:7e:d8:3b:ee:e3:bb:
+                    b5:9f:87:b8:c1:ce:91:a6:d5:5c:76:e0:cb:40:f8:
+                    97:4a:3d:bc:0a:d3:06:1b:08:ef:72:50:7c:b9:c5:
+                    72:3f:3a:c6:70:da:d5:4f:db:c9:a4:7a:d2:ac:56:
+                    e5:71:37:34:42:48:f8:8b:d1:ce:ae:34:2b:71:5b:
+                    9c:9d:47:5c:47:6e:f0:90:55:95:a3:81:de:f3:a9:
+                    34:c2:9e:9e:be:e3:ce:f5:46:e1:70:7a:42:d4:71:
+                    c9:78:f7:b4:a0:9e:2f:db:97:e6:e3:44:a4:55:29:
+                    1a:d5:d2:23:b8:a5:37:47:40:5d:c1:1f:67:4d:84:
+                    b6:67:2c:bc:dd:83:ea:1a:75:a7:96:f9:90:7c:29:
+                    47:32:72:fe:79:d4:b8:48:13:e1:80:a9:d2:06:20:
+                    ff:52:16:e8:7c:58:86:ab:3e:9a:ff:f4:c0:e0:7e:
+                    aa:46:eb:16:53:5c:9b:9e:b6:07:8f:a7:1d:68:0a:
+                    81:80:49:1e:45:05:78:d1:7f:0c:29:b9:06:9e:19:
+                    2d:d2:39:a1:a0:dc:d6:54:ac:da:da:20:0e:6d:a2:
+                    22:04:23:95:3b:5e:8a:6c:e9:53:b2:41:8a:86:98:
+                    89:e9:a8:60:45:f0:ba:8b:50:c3:4b:a0:a2:a5:16:
+                    ac:d3:27:bd:dc:a4:dc:b7:69:39:10:60:5e:6f:56:
+                    7a:dd:1a:e7:7d:bd:06:3d:be:b5:09:44:48:79:c7:
+                    69:f1:ea:48:60:6b:cb:eb:5a:43:7c:36:0a:a4:05:
+                    d4:ff:ef
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Server
+            Netscape Comment: 
+                Easy-RSA Generated Server Certificate
+            X509v3 Subject Key Identifier: 
+                AE:A8:6B:BE:2E:F3:60:22:A3:76:8F:4F:F5:26:69:83:AC:2E:19:29
+            X509v3 Authority Key Identifier: 
+                keyid:74:A2:83:1B:95:EB:45:FC:38:D0:71:AC:6A:F5:22:D6:DA:CE:27:0B
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-SPR/name=VPN SPR/emailAddress=argus@oopen.de
+                serial:96:BC:22:64:4D:21:54:99
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+            X509v3 Subject Alternative Name: 
+                DNS:server
+    Signature Algorithm: sha256WithRSAEncryption
+         b4:51:ec:9d:ec:39:ed:c1:29:83:0e:e8:eb:c3:ec:5f:0e:1d:
+         53:d7:51:b9:d2:2e:90:09:a3:27:e8:f7:24:3f:de:15:d9:92:
+         22:80:ae:12:ab:17:5f:a1:7e:01:44:be:54:28:d8:76:42:ba:
+         60:77:7c:46:1d:42:6d:a9:25:ae:57:52:94:f7:76:44:b9:93:
+         de:a4:a7:c8:a3:4a:8d:72:bd:96:15:9a:42:37:b0:1c:e0:38:
+         7d:72:53:45:dc:11:28:62:e5:7d:0f:f9:32:21:81:8a:23:39:
+         85:05:bc:46:6a:23:34:a9:38:a3:fd:3e:a6:76:ae:82:d3:32:
+         a3:d4:6d:7e:33:0c:91:b2:04:26:99:ab:eb:43:9c:22:ab:ca:
+         ce:b1:c0:e9:10:0c:5b:cc:4e:42:8e:c9:e0:1d:59:b1:83:64:
+         57:7a:02:38:bc:b8:4b:ff:be:36:3f:a0:66:43:c6:1a:7e:17:
+         5a:d6:b8:5b:a7:08:7a:9f:e7:3c:00:0e:0b:46:f1:a1:90:73:
+         bd:b4:3e:11:a3:b6:96:4d:30:24:75:fb:fd:24:cc:63:b7:ac:
+         a5:6e:06:ba:1c:c2:6a:b2:fe:59:6e:5a:53:dc:0f:dc:e4:6f:
+         28:7d:c0:b1:cd:e9:14:95:06:ef:e9:91:7d:39:55:62:61:3c:
+         72:8f:0f:35:b4:e8:9b:49:50:41:2f:07:6d:3f:1f:92:94:ed:
+         e2:10:d3:08:75:43:cc:da:7f:00:3b:f9:d2:f1:97:21:2d:c5:
+         d0:30:2e:0e:84:1b:fd:3c:bd:ab:9d:bf:b7:18:ad:01:36:6c:
+         43:7e:04:33:29:14:b1:c7:68:64:a9:cc:85:57:67:f7:a3:3e:
+         c2:d5:a7:bf:f4:20:fb:41:91:2c:8f:6a:c5:d3:55:76:0f:79:
+         3d:12:59:d7:0e:59:f6:02:0c:31:07:39:09:55:97:40:e1:a9:
+         27:01:ad:fa:42:d7:67:14:7b:0f:e6:e3:1d:6f:28:71:17:9f:
+         de:97:2f:d1:a6:95:ba:d4:42:80:9c:0e:db:06:91:8e:bb:c4:
+         af:23:ae:85:9f:e2:57:e4:4a:87:e1:d0:64:9f:9a:15:30:c8:
+         bc:96:ea:da:98:eb:0a:5a:be:13:70:d6:35:50:0e:48:07:2b:
+         8a:19:e5:35:e6:a7:a2:ca:42:50:7b:bc:72:ea:99:4d:b8:2c:
+         06:75:e9:a6:c1:45:1e:97:42:9b:5b:a4:61:92:3c:45:88:31:
+         f4:1f:da:e4:01:72:f9:93:08:e4:66:4d:2c:4c:2f:19:10:49:
+         21:52:ca:18:59:38:76:79:ae:99:8e:ac:20:85:85:af:a8:b6:
+         ab:73:04:66:d5:56:a5:9e
+-----BEGIN CERTIFICATE-----
+MIIHRDCCBSygAwIBAgIBATANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1TUFIx
+EDAOBgNVBCkTB1ZQTiBTUFIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRl
+MB4XDTE4MDMxODE4MDgxNVoXDTM4MDMxODE4MDgxNVowgaUxCzAJBgNVBAYTAkRF
+MQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5v
+cGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRcwFQYDVQQDEw5WUE4tU1BS
+LXNlcnZlcjEQMA4GA1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
+b29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQD1Vw9x0aUX
+7Cx0/RaP940WgF8KYOk7nmUZ/jBxQRRV8/gXWhDItxYcvyFjuzNkdfA6qZsaJ2gz
+cfyFp/h/svUxxDmi5C5Tiz0gSQ3ng4OCVP8FAF5a5eG0nS4LYcJxGREQMC7tlWIB
+cPJfdyVxiyuzTfJoE0GFPwOCiJiJ5Vi0g+JlH17BsbmAVDX0AH6S/uUqrcHRuPMz
++cjerAiHhFxhZSWnzH3BuABjWTFor44NJu9ifJOolDIY+xkO1jk22Ik164JezTKg
+uWs3g8dRfiQ4hNndw2z5XnqqyH7YO+7ju7Wfh7jBzpGm1Vx24MtA+JdKPbwK0wYb
+CO9yUHy5xXI/OsZw2tVP28mketKsVuVxNzRCSPiL0c6uNCtxW5ydR1xHbvCQVZWj
+gd7zqTTCnp6+4871RuFwekLUccl497Sgni/bl+bjRKRVKRrV0iO4pTdHQF3BH2dN
+hLZnLLzdg+oadaeW+ZB8KUcycv551LhIE+GAqdIGIP9SFuh8WIarPpr/9MDgfqpG
+6xZTXJuetgePpx1oCoGASR5FBXjRfwwpuQaeGS3SOaGg3NZUrNraIA5toiIEI5U7
+Xops6VOyQYqGmInpqGBF8LqLUMNLoKKlFqzTJ73cpNy3aTkQYF5vVnrdGud9vQY9
+vrUJREh5x2nx6khga8vrWkN8NgqkBdT/7wIDAQABo4IBgjCCAX4wCQYDVR0TBAIw
+ADARBglghkgBhvhCAQEEBAMCBkAwNAYJYIZIAYb4QgENBCcWJUVhc3ktUlNBIEdl
+bmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFK6oa74u82Aio3aP
+T/UmaYOsLhkpMIHTBgNVHSMEgcswgciAFHSigxuV60X8ONBxrGr1ItbazicLoYGk
+pIGhMIGeMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZC
+ZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNl
+czEQMA4GA1UEAxMHVlBOLVNQUjEQMA4GA1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3
+DQEJARYOYXJndXNAb29wZW4uZGWCCQCWvCJkTSFUmTATBgNVHSUEDDAKBggrBgEF
+BQcDATALBgNVHQ8EBAMCBaAwEQYDVR0RBAowCIIGc2VydmVyMA0GCSqGSIb3DQEB
+CwUAA4ICAQC0Ueyd7DntwSmDDujrw+xfDh1T11G50i6QCaMn6PckP94V2ZIigK4S
+qxdfoX4BRL5UKNh2Qrpgd3xGHUJtqSWuV1KU93ZEuZPepKfIo0qNcr2WFZpCN7Ac
+4Dh9clNF3BEoYuV9D/kyIYGKIzmFBbxGaiM0qTij/T6mdq6C0zKj1G1+MwyRsgQm
+mavrQ5wiq8rOscDpEAxbzE5CjsngHVmxg2RXegI4vLhL/742P6BmQ8Yafhda1rhb
+pwh6n+c8AA4LRvGhkHO9tD4Ro7aWTTAkdfv9JMxjt6ylbga6HMJqsv5ZblpT3A/c
+5G8ofcCxzekUlQbv6ZF9OVViYTxyjw81tOibSVBBLwdtPx+SlO3iENMIdUPM2n8A
+O/nS8ZchLcXQMC4OhBv9PL2rnb+3GK0BNmxDfgQzKRSxx2hkqcyFV2f3oz7C1ae/
+9CD7QZEsj2rF01V2D3k9ElnXDln2AgwxBzkJVZdA4aknAa36QtdnFHsP5uMdbyhx
+F5/ely/RppW61EKAnA7bBpGOu8SvI66Fn+JX5EqH4dBkn5oVMMi8luramOsKWr4T
+cNY1UA5IByuKGeU15qeiykJQe7xy6plNuCwGdemmwUUel0KbW6RhkjxFiDH0H9rk
+AXL5kwjkZk0sTC8ZEEkhUsoYWTh2ea6ZjqwghYWvqLarcwRm1Valng==
+-----END CERTIFICATE-----

SPR-BE/openvpn/spr/keys/server.csr

@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIE6zCCAtMCAQAwgaUxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMRcwFQYDVQQDEw5WUE4tU1BSLXNlcnZlcjEQMA4GA1UEKRMHVlBO
+IFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwggIiMA0GCSqGSIb3
+DQEBAQUAA4ICDwAwggIKAoICAQD1Vw9x0aUX7Cx0/RaP940WgF8KYOk7nmUZ/jBx
+QRRV8/gXWhDItxYcvyFjuzNkdfA6qZsaJ2gzcfyFp/h/svUxxDmi5C5Tiz0gSQ3n
+g4OCVP8FAF5a5eG0nS4LYcJxGREQMC7tlWIBcPJfdyVxiyuzTfJoE0GFPwOCiJiJ
+5Vi0g+JlH17BsbmAVDX0AH6S/uUqrcHRuPMz+cjerAiHhFxhZSWnzH3BuABjWTFo
+r44NJu9ifJOolDIY+xkO1jk22Ik164JezTKguWs3g8dRfiQ4hNndw2z5XnqqyH7Y
+O+7ju7Wfh7jBzpGm1Vx24MtA+JdKPbwK0wYbCO9yUHy5xXI/OsZw2tVP28mketKs
+VuVxNzRCSPiL0c6uNCtxW5ydR1xHbvCQVZWjgd7zqTTCnp6+4871RuFwekLUccl4
+97Sgni/bl+bjRKRVKRrV0iO4pTdHQF3BH2dNhLZnLLzdg+oadaeW+ZB8KUcycv55
+1LhIE+GAqdIGIP9SFuh8WIarPpr/9MDgfqpG6xZTXJuetgePpx1oCoGASR5FBXjR
+fwwpuQaeGS3SOaGg3NZUrNraIA5toiIEI5U7Xops6VOyQYqGmInpqGBF8LqLUMNL
+oKKlFqzTJ73cpNy3aTkQYF5vVnrdGud9vQY9vrUJREh5x2nx6khga8vrWkN8Ngqk
+BdT/7wIDAQABoAAwDQYJKoZIhvcNAQELBQADggIBAA4yKihpqPJAXK45e30X9Prz
+/C/RSinDDRctSxEF1tfleUgg+WhNg0xvzee/C0oDJXEovJy0w0/RJzRTvwnFCTlq
+En8L86Gdan4SOKDV+UkXEJCtOmYOiL6AvqKcfMoVThTYSqbNkZ/rkSHAZ9g5hIq8
+sPVfbt5gdWKD7/ZVzbvqKZC7bvS4taFRJutejKgdHyXHpJr9MYfRZncxQT7XtBFe
+LrM8fqJ14fWYTg8Q/E2qL28kPK1YZf+nEawnAldG4zaOyrKGplWf830815EyrQOn
+AhjJgz5RraTHQwo6l0vDtuSnO+1r52RyUA202O04Kdj/eOhtGDdA1vEsQKmVnFzq
+dvwVGVm+SzRb8otGx8JSf+Bc0W/+zGWT9CewW+apM7tpcZ8IyWlYxObMtcXJTEPL
+8XIvkcOGal9+NEqduSEo6goeuiuYo991WeQStrM/gioa6S9x6zzQW36dFmb7Y0VC
+HYjjgG6YOOfJPd2mWIs61c/2u3NDB+9Jy88PvdbJ7ukOAHxkyGq2ctsBZYwzCfoH
+WGq0dvP4qHNqCfhpfXOZsMKfopDmcE1+M6JFKv6OYYoXgOrCumEEly/AVNcr9ExU
+WmqBp5D1DBlaDrcJe/TBAOOBbDB2Ui/kCO3mhONRDKDemF5vriR+jATU4tZ5AVT0
+37MQGB4tDI1V8Iq9ovdD
+-----END CERTIFICATE REQUEST-----

SPR-BE/openvpn/spr/keys/server.key

@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQD1Vw9x0aUX7Cx0
+/RaP940WgF8KYOk7nmUZ/jBxQRRV8/gXWhDItxYcvyFjuzNkdfA6qZsaJ2gzcfyF
+p/h/svUxxDmi5C5Tiz0gSQ3ng4OCVP8FAF5a5eG0nS4LYcJxGREQMC7tlWIBcPJf
+dyVxiyuzTfJoE0GFPwOCiJiJ5Vi0g+JlH17BsbmAVDX0AH6S/uUqrcHRuPMz+cje
+rAiHhFxhZSWnzH3BuABjWTFor44NJu9ifJOolDIY+xkO1jk22Ik164JezTKguWs3
+g8dRfiQ4hNndw2z5XnqqyH7YO+7ju7Wfh7jBzpGm1Vx24MtA+JdKPbwK0wYbCO9y
+UHy5xXI/OsZw2tVP28mketKsVuVxNzRCSPiL0c6uNCtxW5ydR1xHbvCQVZWjgd7z
+qTTCnp6+4871RuFwekLUccl497Sgni/bl+bjRKRVKRrV0iO4pTdHQF3BH2dNhLZn
+LLzdg+oadaeW+ZB8KUcycv551LhIE+GAqdIGIP9SFuh8WIarPpr/9MDgfqpG6xZT
+XJuetgePpx1oCoGASR5FBXjRfwwpuQaeGS3SOaGg3NZUrNraIA5toiIEI5U7Xops
+6VOyQYqGmInpqGBF8LqLUMNLoKKlFqzTJ73cpNy3aTkQYF5vVnrdGud9vQY9vrUJ
+REh5x2nx6khga8vrWkN8NgqkBdT/7wIDAQABAoICAQDNJFneswyXnzxhKgqGoNjR
+Os+9buE2n7Ar9tZsrJ0jbddBN2cXXbfYm5yAttQ3KUKQ2qa9TLwdYC9lVtk7ddj+
+HvSOlruB0chvyYYd0mLRRN7kQLWkzdlXW6JXlAuw4+PXpGJo+GK1j8qqNocRlOwa
+ho+tpIRBtTnrGOprS2FLt4dDROLHlSLmAgQHHa64nPfkItwQz9RT3oWuYyzSm8Nf
+EONWlm+E3qU8bSUaQsjFiIvbzwzshdYJ+1Oti0TV7mN0uZMOUAgISmIzTjYIlzAU
+Lkm526GwNebeDL27cwnCVH9+gE7lhyNU28zv/fEWR4bBZjNo3aCaVHNbI5/W+hkW
+0Ix5cJq18cv0k5pqfdgeUyQsYCH+pWpJg8xRidlq6vrrHnYrYfZfg86WkIZHtkQy
+b81s0Pi4Hy9bd1fvJIwBHG1Q/I47H7G4BD4sRTIGpm4/eXWGk6ceUlQROLu0b0ij
+d9/1K7VeB8IQom+DhRdyJ08tU2p/7/qS+sDR77+A1TfL6pEmtvwaNO8QJmSUE6kR
+/3nQKqJIR0s5R1qHzn6yXQFODVyzi9yWtG92mhyCOIx+hZmyhAzDszx1tTDPDarD
+pxdtaMTO6V6Br7V6x8jlM2iRgh3IVVxdG1pG7ZF5633LPeXycoKaCUL/yyEtGYw1
+NpY4tevGxUueiE8hWp3DYQKCAQEA/9+nkHICSSCWHbRnkkGmJii/ZMWMqr0Yv6wa
+OyaqRswElVFSgh44dYSv2Gw6MkNSb6hytOvSYHMVvbsG54TolO4uXHjsW8KfYaR/
+R7iWsNhJ0woZzJXyjKTPH7vTkeVgwbouqmoM3sFsXdzJMEV2TAsclZYhec7FaWMX
+EYkGEVC2DH7kMrLXddm3h74G4kkm9k8LYVFnXbNeK7Rwlrx9HtdkqrcYC5oiN/cc
+z8JyYt+5WZRB1ovksTv4rhHVe6xsgJb/k/Mdhykdnawl6NnTNcaMGInxH+xt+4st
+7REuwWPGeAa6JWVvuzu618IjIPB4/g5DiYhzKnGbkE6/RpPrsQKCAQEA9XYS/758
+W1W6CdZbo59lfYlKzXJarVJr6PPJxuDEUR3zarKiVdVzcAj8geiQqVTdt5OYFyd0
+Ny4CrnQKqM2EtjUK7m+DJbiMv54jSWItiIvA+3vuoCYE6m0APPfImU3YwxSCOWWF
+f9gNmkk54xON/x/gj5WMmaYezfPPjdCtnXsXq/Eyq0hM2bZwgAfAkmWBRlrVopDr
+9Q61mYm0+lAz6ZSGADldsXIou5zTM5z5kDNk6rbEEpkP5IKeGaNNRvuM4WvfzlUZ
+u7sFCR9GDuvF4C5hNTlH6fRVvoBImcjgAZScgyIqQiDB/7HA1MzSobQOOVWu7pXC
+7+Coygi0s1+tnwKCAQEAkT4SbsLYm0v9ClWKaRIMzyJYKkqc45o9PyfhJ+x1wYQz
+odKspCGlaMftzUr56egfFjSnEB3AqHELSUytyaO/JjLhbCpT+G5MbG+ktECKgU30
+8e+M333KVZ2D2P6URP/QYYdez+ss7REcg1c9eMIlOVshWaQD0pHVq1HNGW4PXKrU
++9jXjhPIjCQOsuXiIHbnv+70hcRgiWa0sNhXBKlv2J7pjKIr6wIOJHiICULWDVvz
+aW7nxHJaWWSyb5S9+trQKFoOL5xUCZIENqkuR7PF2YOfqJo8niNl9uB1LFmRkcMi
+OKWQ6oNe3gg0sh6IND1sYMIWAi7LOK+OX2bj2ptCsQKCAQEApcgshsw5o1pf/xrm
+47jZTBM5EU8lzR/4v+o/onHWRc8Lw0mI+J3kjIuVN4xCgAtQgBdQRnsgM9CAgSDg
+vieodYOXsXhhRE3Dyftda8fCZxG0smV+wm1LLqWV3pefxWLdfsxQM8HMi475iPXi
+AesIIYJ/IZrozjFzZrg/u1FwoQcs8rVB+osnVHeyvdX+iyHBUSoyVcy5gNaBcoSe
+Vd1rYlwssOQN0rX+qs/9mUNxDqKXiysLfGAiaryJWVmA7OsiuHEqRGoXqkJi4Uld
+AODe0U2h29enKW0bqEFuR2dzW73qg2rEzcrgG/kK+u6naA16+eBT+NHvSiIa/fEp
+UmjRkwKCAQAg9Viy5Rm5aBV37X0TDZH0Iftk53N8J/CQtH3jbzUd8H49M92akBdY
+M+X7LZP16iVrIXdvFdSeIGgHNKnHGwDq/Lpnjm3CUpHRSwCXsNKlB1kY8VncSnEe
+zErz7FElHGXWZRJCRfpvMuSxjl3f9QiZrYq9B9VcSrsD5pMIdibXTZngbWyMM7kz
+KW0fasBni5evMASFnWrOsk7RaxAAnj3L+kHF7ijDh1n8X7QzpOv81LPPO+ziwmVm
+bVSoZQKSA6qdODQ6J+5bJjrnWng8JjzJw1554oBZsqj4TB613R80x9UcdoJh2eIN
+39lbdV2Gx8i/VYUZylpD0R8oBgxq4Kkr
+-----END PRIVATE KEY-----

SPR-BE/openvpn/spr/keys/ta.key

@@ -0,0 +1,21 @@
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+0f871c0affde12bf4aa4c3683db554ab
+5b289badc22171c46f4fcf749b94c3b3
+fc8da02a98f067a6b624e3755ff08e28
+6c74f622bcb49a31b94bf9e9e9619fd7
+2949dddce9997bdd6b8c08bf7785baba
+54267e89eabf34f4e729d09dad95fbb4
+f254ed52de9287436f718c138f29e927
+36a77a01b8801be92da98eec772e1d9f
+eb568dc508531ca7dbb92af3098f812f
+4b7bcff4c0badbd34b6e168fc7312da1
+030559d8278ea9d2ac200da87d4b9283
+8994c85e9ef639c82214107f12d67f9a
+d71ca5d6a991bf778222f8a87eb99009
+1e1de4379406d4008daf98437ffe0e98
+0dd90d7d41239a14489e6d077740e97a
+90b30b8b8f445e78073ae1f365601bb1
+-----END OpenVPN Static key V1-----