o.open/Office_Networks
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Christoph
2018-05-08 03:01:03 +02:00
commit 1c4c595cd6
3256 changed files with 417972 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
WF/openvpn/gw-ckubu/ccd/server-gw-ckubu/VPN-WF-gw-ckubu Normal file
View File

@ -0,0 +1,5 @@
ifconfig-push 10.1.52.2 255.255.255.0
push "route 192.168.52.0 255.255.255.0 10.1.52.1"
push "route 192.168.43.0 255.255.255.0 10.1.52.1"
iroute 192.168.63.0 255.255.255.0
iroute 192.168.64.0 255.255.255.0

270
WF/openvpn/gw-ckubu/client-configs/gw-ckubu.conf Normal file
View File

@ -0,0 +1,270 @@
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote wf.oopen.de 1195
topology subnet
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Try to preserve some state across restarts.
persist-key
persist-tun
# Server CA
<ca>
-----BEGIN CERTIFICATE-----
MIIGxjCCBK6gAwIBAgIJANI5OJTs0bx/MA0GCSqGSIb3DQEBCwUAMIGcMQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEPMA0GA1UEAxMG
VlBOLVdGMQ8wDQYDVQQpEwZWUE4gV0YxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9v
cGVuLmRlMCAXDTE4MDUwNDIyMDQzNVoYDzIwNTAwNTA0MjIwNDM1WjCBnDELMAkG
A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMT
BlZQTi1XRjEPMA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bv
b3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK+Qg+M2wuVE
xG3mDM6abF2wyU7bVeIVgbdU3L+aleso8IyCwyZS3JTWafR2HzHGBIRvmmxNVehs
EAM8AtkxMqKSGTv3HgnaHy6XSNlMqmO78rCUifFs24Uw2vbnbrytxEGGr7aFVaiy
f+nZ6uc+KT4sJzzxc4UV3BxH6aBt/itNCrx/mPrQ6JBsH1U0pJp8O35UNmgPxRTW
A96LMxvupC4K5MWCK/ZMgJ+zaKuHY2Zn09vmxIOEkzGY0MSQynLaIa/W6TLlGXpn
UKRArd098gS6IF3TNLeTHKwwEMdQREguL+C3I4m9a9uCFs9AUGmKx93prRG38RL7
TrdJTG5J2642xBQae/M4NjjPZ8yiNKMiO5CM6RiINtC3NykwlR+74LmDz0wxvxoz
zsNdpYKH9eaqE7xmRhpXPYc41oCT7QOg8kh1k11dx7awx1edD+5MBklyr23yph7I
p4j2aA2Ce4PKgH9p4pPNDuMI7o6AFpQZC/YaKO315PIvkGbI2FPvkD6WAFo6ol4K
P4Qs8l3dek6cqys5tkq5G1vh61P33hnRqIOlDjZ/03gtsZKjndY+WSR+ilcTb+dP
I2dYXqX+Cy6xY4bHVxpHg7MXYDZoXtVnjLcC5EviwiShqDBReH1CFCfDlleWjkob
vlLjvCO19SEzHWK7lAUvSuOk+XFlPwgRAgMBAAGjggEFMIIBATAdBgNVHQ4EFgQU
0PJ0ICpJa0iXvNFbAFu9khFc+mkwgdEGA1UdIwSByTCBxoAU0PJ0ICpJa0iXvNFb
AFu9khFc+mmhgaKkgZ8wgZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4x
DzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3
b3JrIFNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tV0YxDzANBgNVBCkTBlZQTiBXRjEd
MBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDSOTiU7NG8fzAMBgNVHRME
BTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQA1PlBb6rHJnwpZwfY0Uvb1CVbCuVF2
4C54AMdWKTORs8U9fVKTwVxzV+aeHiEztxOoKLhIq8EN3+0HkDdXBKHagHXjzEoe
h91n/5nfc9IqR4WVO9AqFaqiIQmSOFqtryoG8ZgHtAz65YCGruG3BS95IIooeXQW
r1sH3L/2rb0ea11zP3CtBy2pKlHiu6289JiLyObKFaQFu7PCJzWARV4pIJf1XgZl
qk2YundPpKxtxHUhe0UObYFrcgo1ccBnKEsEcMANk7nz27QXML1dSSRMFc/AInpJ
EMrInTaGI5rGusgbGrPSVAnuLMkmDdNE6r6l4L9cd5m867CUfp89m4BCU8Cjv+UP
5bnBU9DgUqMs0jlOqbfy27FOsPXBhsyR4QdddJCAg+yYuYdBgVo8XRZiSPYTi55G
M29n92ma9HVU95WA4cR9d3IlgNk40RhgAVMcGAOgk/sQFfp43DssBtcY5wweva7B
a9M34o0f4HslXDm6xV8y9P+zcScbs9B9WXE+2HvMwVTrXnM/EhpyL0MlZ5NXcHld
cBqNwRu84Rw2iw54sQDb8R0a3NJ3ZxHbQG8crgUD80xgZe1ds9k6YoCr4c4wh7SP
ru1i2v9bdCskC/vsGOR7BNUvVfJFcfk6PcqynHjvGgz8tWWdEkbRA29UZM0paAwZ
Ic3ZiGwAJvoitQ==
-----END CERTIFICATE-----
</ca>
# Client Certificate
<cert>
-----BEGIN CERTIFICATE-----
MIIHKDCCBRCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1XRjEP
MA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTAe
Fw0xODA1MDUwOTQyMzFaFw0zODA1MDUwOTQyMzFaMIGlMQswCQYDVQQGEwJERTEP
MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3Bl
bjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEYMBYGA1UEAxMPVlBOLVdGLWd3
LWNrdWJ1MQ8wDQYDVQQpEwZWUE4gV0YxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9v
cGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAspSsnUm1LQ7b
8RkbTcnOZbkY5nrCxuUS48TTR5xldAqAIE4dcBiOt4bk4Owq+Ga/ahSPRE4bzWGg
sxMPAOwrTQbIzTTSa+hE88yb/Yex+ajFF3l5P8UFDnuhsktYKTO5gmm/s7ylUXkD
229PVWJSZPDkoyCk6X9dePIr1Y5bp9hVsu+kAbgv+hqDKVs2t9SEz9sR1D3bPBSo
Qq922A+uAB8TuMO7+Qa56SN3TNeppDbZ8sMJDACo4n6kuGiiwGKwQisuClWc4Ztk
lyxRyk4nX3tazoZ5/HhnWAVIyDtKJLoGTtuJQPTrg6u73L8dZ/Xdzs44JtcVgFyX
c/tYfpa0qwOaEjY4eIZbR8fnE1aDVKOxpF6+dT687g2ejZnk7xat7nQ1xO0dOpuU
nGcHoj6xS/qelJdREhoSmBcM+s47AcChvLQcnYxoMUttGa1IwMQ+JLKAkoe6SxY5
O/RFc7ikFtxqTjoYhEaeOEdpylddkls2GgY+zhr19Q7fQG4GJAzcaX8kZNW9lCsL
bnVNKs0NPqSzlH1V8fRW8qbGLBYo4psmv9ZSVz4uSvjeiztxDXacrn/mk6QaCsBU
iGL5W10SMVzdoCDhZaXLpbav3TqSdO8McJgOrRw4oj6ub4FeRD1PjLfLUJNT4yQU
xaM4cJrrOREcZrZ/QzFb50A5wPj3XmECAwEAAaOCAWgwggFkMAkGA1UdEwQCMAAw
LQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAd
BgNVHQ4EFgQUC1o/4VMVvM1Vd/5aZ/6VotQG7/IwgdEGA1UdIwSByTCBxoAU0PJ0
ICpJa0iXvNFbAFu9khFc+mmhgaKkgZ8wgZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQI
EwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYD
VQQLExBOZXR3b3JrIFNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tV0YxDzANBgNVBCkT
BlZQTiBXRjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDSOTiU7NG8
fzATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEwYDVR0RBAwwCoII
Z3ctY2t1YnUwDQYJKoZIhvcNAQELBQADggIBAF5Lkr5dmfn07fwGHbjBYQcGapqI
r4GEBG9E52PFBL432FLlaLy9HrpQfIj+6aCpO6/M7u5GSQH9/2Bo1COQDenWVJdD
4oAkCcuBFwY2xIMMF4RkWXKrKEVCc+hZsgHl5/ZFKQdx/XYLrJc4s+ZUFgiESfmX
NpP9d2T5kB/SuxxXIP+1wVe7sbKMsa2VZDTe1KI7c1xgb5Z+azGmED3MyfLf+jS2
jOPhJZAxpiGhBC8SvTzmaysGkakAEBzgIuPz3a6rKn3lPFKNp1zoALGVRMwkRYdu
ufdoBlwGq9Vt6WKlih9XFBcuFbKLH20ZG9oPrElMnkMdDucoQZ6hx6WNdvVs5TNb
+kaDaWu4dQqr4VrY1Xx96VctvvkbLT9BWzFBMlOAXJi4Ndox+P9W0z9oq++bOVpN
7H9qrdIG83tN7El4elemvXeyHfq+4vVgrPvLJ3blhuoZKONauXu/0D3Vt3mB2Gv2
JL2oYFMa7reU+IYBZ6HzR0AOTmy/9emA6h5jf27WSWY9JYzvflzIRg6i9eH/goDs
vAYjExeG8UelahsS2XhVhnYzimigBfPE2CkBXCTX9KnEumF/Tk6kb7u9Pqs7Sw+u
w9dpCWspa9+H75kl/I5k52mJpxg0tbG3GP65DpwnGtIYvTFs0DSywlh/5hnoN5Go
Ww26mZRoHwHAtAHo
-----END CERTIFICATE-----
</cert>
# Client Key
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI59wBCS9KufACAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECMafpEYThPSNBIIJSMfS/Nhh6rKg
wYowIdjqeXtALfdMjYM1VPFesantrtCGxxZgyvGhT8GJylJvyKlHpaGKXnqib9k9
vtmLEwgte4gfKQ4DfBLKSx59tMWOubFkP0UipolhJeksCzyq8Jz+vqITr8ZIHm3F
+Rw6Vmf/tH6+tl4E+K9RsC6y9DV+3LT8nApLJw1jFCOPTYJ4MGMXyacrQ0s6uluB
vL0T47A9OVemH9dAJhxIeYXP6oNM5/bbMe7ipAQDmwzAU4YGn3VR7hRdFjhcsw9G
3MiQQc3/vBKYmIwDKdRhkNr6BWU6kj00aHShchQQB3igc/C0T+OdYjbV395+AoeW
N2elVKmVR+jPmQCngb4adE13PqzAil29SMNGCYUmrr6w9beof1lkNgaPGMlizSrj
dyViCIfyKUZIyHoTM2tkWZnvwvTAiLnq/KLb3xeFEz1P52dXNa+iaaT+2/CMJK8y
/K3tI3LelE4GlJ0pqPeBbgPdJtDjti5eLAzlpVt36FXYIauNHPqdudD2gkU1uyQ+
UczS0aiHp/HyR35OhOtjTq9WjL6rNcQydYxKZkQS6SftqC9B3ulG6miI1qykoQRt
7mCOE4hdRLb4qU7ZbuLh3ysX90FgSaCTRkn/WLLRdXL9rnp18/i1o628449p+sCQ
1Y1BaMSiwBKHu5kvFCUiZ/9gS71rZvz2fWYvZult9hM9++XXwGjmaQFTO/O/YAKA
PMnsS7XZZLF8kvWp7kXU94ws+Bozhbfd3Owpktr7oe5pnUz3JoIuZZN7kq99u8+c
0n9hIBrMKcMWbyDOVwlNJ8GvR8QkEcXwzfNjEqawHpjZ4I3FV+nyVuCOt0Ap7ic3
GqEkpfUQavLyxxYanchf04/obbiW63+r2LbLeouvk44LjOdjP1cD9Q72jdEfYTeS
bnqeqA7LtNJ334SsetLyfPpf5StF59HGAlOLRQ5zCM2UW8HPGK+BRn5FWw6lfp9x
8wCIYs8QDzq8PwRNpi5z1YgXGM0GV15uk4JRPphSD0GdB4bDjIufhG1WzAMgHd3K
99ppEmtguBXQwjt3KnRed+sjbhnPEsdfAKlvGhtHgMlxa9Pt+4HY6BapcVrcpE1U
yx72S3BrWgY1b+4E6DEkAZurGcqNeBf+3kXzQb/bgZ089oSkcULayx3qMv9I8pWk
SQ/KiWz0w7LhPcxOHtyLEjn1z/FMnc/H+HYL7nVLHvPQI1QqN6QVDBXMnzWe/LYm
pRlKnFXL8DSQ+U3Y32CsCGmRFoHnC5IOJ9AyLcH8Cf1mGHtq2AUR6A+5fnDnzs4W
wneYMYE+chjoEBhyrbhaBmzMsZn1EQeRSWnKFUv380OeBTQvA6UEX2NbYe96Sm8/
5vym3c9js8SioBiM5nT1IO5w3ySjnaF3UmUldlk3JUCOey7HiuCXBGNiDq06laPX
Gy3cAy9zasaPdsPaPcOjNyHurSp23qXua446IyBZTdzQewE5AcfQMyJIwzuck/oq
UDZvHZUbiqcaWtEcquyLRSQPSRj8zAN0+VJoO88ptfC423ye3SV/bsIJV/dlys0W
NqkfK4e7sqXlbESlxMfhTqKHD0JgC/mvlfWcQi7zQ3KTjWQGKGgkZgPe5YKa9XNy
r1iA0sVKrvJcFWNb64wXUN5KKP+7j+jnkLdsQKrDDrQcdkFZI3TTjB61We8xG4EK
vEkhpxf3DG6QOYpC5xpKGKIKDvb3PlxDw2zLoRghlLOYcrzrCKCRpykVdPa2/WtY
ImvtspFedb1erVuObp7KJtfhnKsiT6D2QXX1YceYwmC+6tbpdyi1/SsnwOnP1vyD
2Kt+l10ISuDIE50NtEmwWjluSHenQXwgkM57YrYi2cwOB8tPxUiFevpFcQpErVyd
7Ocgd7n+NEM0Wk2+9Ap8+uAqIGnwy1og41/EzpaSybhMHhI4W8o7ocTIU+P4o3+5
Lpq67MLebA0nJ2UFK0/CsJFH0mqL+MyYbON5T7IimS5f+dxBTX80zZeyIcV/uf4d
w5T79/5ltjQ61MYS6nxnuEFVsO+S4iQZPV8lyszucRXhK9czJ7DULvbOcUqFgVU/
wkkmIeGRiqntohas7mLzl/GIExt6e/yK40jTbIq0wGt2fXncVZ9yLn5Piap0kjTn
SrDcvBHR2yOjvt/hSiIhB/8Stxfspc+a0gPMWzaFzw5IFxzihA6FI+wnRmLTAIY3
niq6ORveC/9iZLe0tJ6AAG4vw6oDi9wQPqdqMfwcmiFDqT+lpNd0aWOpTvTnVt07
ibNVRV7H1DRomeUodkwcnvlONBWyt30WOE46C6zRGnIpfKO8NSUG5CTJd3YKUo2b
wqSd2N/jhQ5is+vHIxqhHl53p3DvO/OMSb9vYtBoUlHUhxU+4dJa3T1qibKtHXHa
2gsG64/AFt2OQqq9KS9Zi8Hc2MyI3tPeAy4xMctYM2b1fjE9UHWRfbcVZTOPWbz8
PWfvyNwc4c8pqeojmMaMyUPYMsoM+yhj8tHRpoTNUSZx2I9VrhrAMQQt5HIThY0n
/MSWjaWOH1CPbgIyJaBY8WLL1Kz/QsAPV7PgeG5YJVvuqM0uo+iDhf4fHXR4TYqS
baeXV8sXQg+6WDmBESsPOGpL7jMRg0Ay6HHnAmZHWWC+9J4trVerJct621A26y9V
3Bh2r1zbL8dkC3WHvBu1uVlWam1z4Qj+sS66HCDlPWsgQZzBOX3JPRn7IUjCFzWM
q0wZPSNO1outCFEs/uW8nelWr3EOeYBtpJZU81rXSYHvDa0mWZCroabNcgDiHbcj
DwhtAewmLeJhYUPUkU7SoqZLJy/RRymEO1vaNutQtm61vlbnAatcM6y1v51/vLRl
xe5fpp9/EZGXMfnjgKApAO0WFYPk6FhZydm4KrXTQueLS63GGCuSmaAVP3aLWt06
qn5FfIqupymn8xqNkmToUhE4559j7Z+//tvvdNppsD1YY6x6S0NfWreGhArL0uYu
er9iXtrbb0QCitzXdWh90+CEFvENzeYOqE1T4C7pq1Nhoqu6qCzFk63TPBBhlFm9
R002jRL/UcjqDy7L4L4hE6TCQqlnVuPl1Ru8uCpRAUARPbmWNBVi+yUeGTh3YFOa
yPuYDrvQEjzXl16q+U/5MNQ4S0MZzEDtjMYKqLyGsVh503jKO6XH3UmMAFlrWf7J
1xr8RI04RwGrFDkPkuw1dQ==
-----END ENCRYPTED PRIVATE KEY-----
</key>
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-server
# script in the easy-rsa folder will do this.
#
# Note!
# The option "ns-cert-type" has been deprecated since
# version 2.4 and will be removed from later distributions.
#
# Use the modern equivalent "remote-cert-tls"
#
;ns-cert-type server
remote-cert-tls server
# If a tls-auth key is used on the server
# then every client must also have the key.
#
# Don't forget to set the 'key-direction' Parameter if using
# Inline Key. Usualy , sever has key direction '0', while client
# has ke direction '1'.
#
key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
3e5606d9c9b42920092f825f6a23844f
2f37246d81d815ac43de66f4ecfd7237
5c7a90624fce693c8b98330f067e3fb0
3a7e09895d73d7567f1054b54882d4c6
72b6d4b075c817d6304a2928a03af610
89090caccd14025b83683285228bb280
8255101ec75398ec183f14d3ecb45fe7
e26e6fdb81e7d5ac8a81965acd7094a5
5b99d8b392a9998f7468e553a049c539
876925b61b9fc07ebeefad3f672e6baa
538e516961f37ca0e09666cdd6f67d37
89a39089fed07e8755a410b86ca40061
cdb81e6fa11b17b2b5dd74eca1447aa8
b2611b543751b2d53fc79fddbc26f91f
4d9ded064e9ea85b882475aa965950d0
7ee0cd2ce141eb6678d23a7bfa832536
-----END OpenVPN Static key V1-----
</tls-auth>
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
cipher AES-256-CBC
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
;comp-lzo
# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 1
# Setting 'pull' on the client takes care to get the 'push' durectives
# from the server
pull

18
WF/openvpn/gw-ckubu/crl.pem Normal file
View File

@ -0,0 +1,18 @@
-----BEGIN X509 CRL-----
MIIC5TCBzjANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUxDzANBgNVBAgT
BkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNV
BAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1XRjEPMA0GA1UEKRMG
VlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZRcNMTgwNTA1MDkw
NzQ1WhgPMjA1MDA1MDUwOTA3NDVaMA0GCSqGSIb3DQEBCwUAA4ICAQBGioki44G8
/5osA+UzYF9xl+l7iaebUnFbysFcs45VGlKTPeXuv4+9zvzhSlpL5jb3s/HRJjvB
R83j+o+D26m97dDEXlBOV23uuhvj/Ovra3vft5kgjDYR4PGkDvVt6NeL/wAlCVqY
wAglg6Ul7qwXG5GAgcSk3yZYfgHXeghIWlkZBCu/Id+ctfptQ9ilEENOxIeL6NRw
YPXnmMwtcbfWKYAM0D/o4p/aJDCd3fNN3657B6BoU5LUywyeMrdmeV82DHon5K+a
45RdT5YJ2J+WyWQELBGo0sItbfZsaHbKTLtHFCfepiaZrbu4Oy/vdjHIITlY/GML
Wlfo+H1FY7pMsA5ej7pvT9pKfhYbFx3DFQyguxeP5zRL5NIxRgNR3EPSJ8VOQa4D
w3u/UilluhDg8WuBUWYkUk2BwmiHp/Bhvz4mlK1xZg45AX3jgnoZ/NxOn69v/D3z
v5zckSz+rSNCBAUZdyd9fnhNjHjWXJ6PGyQQYDeu+nlHBN6mnc0f0zwEYQMxrHm1
xww0ak7cDWsh7vgqtXdBFWpGp0CrIkCVZ54ribrAG+6e7VDuiKe0AHC0DVEzV6Be
x83FTFmD3UzrWHTkbWzCsVTaOJfWBnUGkmVZuB/xGmLyRMBikWkCdHFBiwbyOood
aaYs3nOeLPQjWQF7a/FQhye1EJ8YVN0K7g==
-----END X509 CRL-----

1
WF/openvpn/gw-ckubu/easy-rsa/build-ca Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-ca

1
WF/openvpn/gw-ckubu/easy-rsa/build-dh Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-dh

1
WF/openvpn/gw-ckubu/easy-rsa/build-inter Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-inter

1
WF/openvpn/gw-ckubu/easy-rsa/build-key Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-key

1
WF/openvpn/gw-ckubu/easy-rsa/build-key-pass Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-key-pass

1
WF/openvpn/gw-ckubu/easy-rsa/build-key-pkcs12 Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-key-pkcs12

1
WF/openvpn/gw-ckubu/easy-rsa/build-key-server Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-key-server

1
WF/openvpn/gw-ckubu/easy-rsa/build-req Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-req

1
WF/openvpn/gw-ckubu/easy-rsa/build-req-pass Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-req-pass

1
WF/openvpn/gw-ckubu/easy-rsa/clean-all Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/clean-all

1
WF/openvpn/gw-ckubu/easy-rsa/inherit-inter Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/inherit-inter

1
WF/openvpn/gw-ckubu/easy-rsa/list-crl Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/list-crl

268
WF/openvpn/gw-ckubu/easy-rsa/openssl-0.9.6.cnf Normal file
View File

@ -0,0 +1,268 @@
# For use with easy-rsa version 2.0
#
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = $ENV::KEY_DIR # Where everything is kept
certs = $dir # Where the issued certs are kept
crl_dir = $dir # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir # default place for new certs.
certificate = $dir/ca.crt # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/ca.key # The private key
RANDFILE = $dir/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 3650 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = sha256 # which md to use.
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
####################################################################
[ req ]
default_bits = $ENV::KEY_SIZE
default_keyfile = privkey.pem
default_md = sha256
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString.
# utf8only: only UTF8Strings.
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
# so use this option with caution!
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = $ENV::KEY_COUNTRY
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = $ENV::KEY_PROVINCE
localityName = Locality Name (eg, city)
localityName_default = $ENV::KEY_CITY
0.organizationName = Organization Name (eg, company)
0.organizationName_default = $ENV::KEY_ORG
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
emailAddress = Email Address
emailAddress_default = $ENV::KEY_EMAIL
emailAddress_max = 40
# JY -- added for batch mode
organizationalUnitName_default = $ENV::KEY_OU
commonName_default = $ENV::KEY_CN
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "Easy-RSA Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=clientAuth
keyUsage = digitalSignature
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
subjectAltName=$ENV::KEY_ALTNAMES
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ server ]
# JY ADDED -- Make a cert with nsCertType set to "server"
basicConstraints=CA:FALSE
nsCertType = server
nsComment = "Easy-RSA Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=serverAuth
keyUsage = digitalSignature, keyEncipherment
subjectAltName=$ENV::KEY_ALTNAMES
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always

293
WF/openvpn/gw-ckubu/easy-rsa/openssl-0.9.8.cnf Normal file
View File

@ -0,0 +1,293 @@
# For use with easy-rsa version 2.0
#
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
openssl_conf = openssl_init
[ openssl_init ]
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
engines = engine_section
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = $ENV::KEY_DIR # Where everything is kept
certs = $dir # Where the issued certs are kept
crl_dir = $dir # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir # default place for new certs.
certificate = $dir/ca.crt # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/ca.key # The private key
RANDFILE = $dir/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 3650 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = sha256 # which md to use.
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
####################################################################
[ req ]
default_bits = $ENV::KEY_SIZE
default_keyfile = privkey.pem
default_md = sha256
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString.
# utf8only: only UTF8Strings.
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
# so use this option with caution!
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = $ENV::KEY_COUNTRY
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = $ENV::KEY_PROVINCE
localityName = Locality Name (eg, city)
localityName_default = $ENV::KEY_CITY
0.organizationName = Organization Name (eg, company)
0.organizationName_default = $ENV::KEY_ORG
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
name = Name
name_max = 64
emailAddress = Email Address
emailAddress_default = $ENV::KEY_EMAIL
emailAddress_max = 40
# JY -- added for batch mode
organizationalUnitName_default = $ENV::KEY_OU
commonName_default = $ENV::KEY_CN
name_default = $ENV::KEY_NAME
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "Easy-RSA Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=clientAuth
keyUsage = digitalSignature
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
subjectAltName=$ENV::KEY_ALTNAMES
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ server ]
# JY ADDED -- Make a cert with nsCertType set to "server"
basicConstraints=CA:FALSE
nsCertType = server
nsComment = "Easy-RSA Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=serverAuth
keyUsage = digitalSignature, keyEncipherment
subjectAltName=$ENV::KEY_ALTNAMES
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always
[ engine_section ]
#
# If you are using PKCS#11
# Install engine_pkcs11 of opensc (www.opensc.org)
# And uncomment the following
# verify that dynamic_path points to the correct location
#
#pkcs11 = pkcs11_section
[ pkcs11_section ]
engine_id = pkcs11
dynamic_path = /usr/lib/engines/engine_pkcs11.so
MODULE_PATH = $ENV::PKCS11_MODULE_PATH
PIN = $ENV::PKCS11_PIN
init = 0

290
WF/openvpn/gw-ckubu/easy-rsa/openssl-1.0.0.cnf Normal file
View File

@ -0,0 +1,290 @@
# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
openssl_conf = openssl_init
[ openssl_init ]
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
engines = engine_section
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = $ENV::KEY_DIR # Where everything is kept
certs = $dir # Where the issued certs are kept
crl_dir = $dir # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir # default place for new certs.
certificate = $dir/ca.crt # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/ca.key # The private key
RANDFILE = $dir/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
#default_days = 3650 # how long to certify for
default_days = 11688
#default_crl_days= 30 # how long before next CRL
default_crl_days = 11688
default_md = sha256 # use public key default MD
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
####################################################################
[ req ]
default_bits = $ENV::KEY_SIZE
default_keyfile = privkey.pem
default_md = sha256
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString (PKIX recommendation after 2004).
# utf8only: only UTF8Strings (PKIX recommendation after 2004).
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = $ENV::KEY_COUNTRY
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = $ENV::KEY_PROVINCE
localityName = Locality Name (eg, city)
localityName_default = $ENV::KEY_CITY
0.organizationName = Organization Name (eg, company)
0.organizationName_default = $ENV::KEY_ORG
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
name = Name
name_max = 64
emailAddress = Email Address
emailAddress_default = $ENV::KEY_EMAIL
emailAddress_max = 40
# JY -- added for batch mode
organizationalUnitName_default = $ENV::KEY_OU
commonName_default = $ENV::KEY_CN
name_default = $ENV::KEY_NAME
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "Easy-RSA Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=clientAuth
keyUsage = digitalSignature
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
subjectAltName=$ENV::KEY_ALTNAMES
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ server ]
# JY ADDED -- Make a cert with nsCertType set to "server"
basicConstraints=CA:FALSE
nsCertType = server
nsComment = "Easy-RSA Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=serverAuth
keyUsage = digitalSignature, keyEncipherment
subjectAltName=$ENV::KEY_ALTNAMES
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always
[ engine_section ]
#
# If you are using PKCS#11
# Install engine_pkcs11 of opensc (www.opensc.org)
# And uncomment the following
# verify that dynamic_path points to the correct location
#
#pkcs11 = pkcs11_section
[ pkcs11_section ]
engine_id = pkcs11
dynamic_path = /usr/lib/engines/engine_pkcs11.so
MODULE_PATH = $ENV::PKCS11_MODULE_PATH
PIN = $ENV::PKCS11_PIN
init = 0

288
WF/openvpn/gw-ckubu/easy-rsa/openssl-1.0.0.cnf.ORIG Normal file
View File

@ -0,0 +1,288 @@
# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
openssl_conf = openssl_init
[ openssl_init ]
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
engines = engine_section
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = $ENV::KEY_DIR # Where everything is kept
certs = $dir # Where the issued certs are kept
crl_dir = $dir # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir # default place for new certs.
certificate = $dir/ca.crt # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/ca.key # The private key
RANDFILE = $dir/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 3650 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = sha256 # use public key default MD
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
####################################################################
[ req ]
default_bits = $ENV::KEY_SIZE
default_keyfile = privkey.pem
default_md = sha256
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString (PKIX recommendation after 2004).
# utf8only: only UTF8Strings (PKIX recommendation after 2004).
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = $ENV::KEY_COUNTRY
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = $ENV::KEY_PROVINCE
localityName = Locality Name (eg, city)
localityName_default = $ENV::KEY_CITY
0.organizationName = Organization Name (eg, company)
0.organizationName_default = $ENV::KEY_ORG
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
name = Name
name_max = 64
emailAddress = Email Address
emailAddress_default = $ENV::KEY_EMAIL
emailAddress_max = 40
# JY -- added for batch mode
organizationalUnitName_default = $ENV::KEY_OU
commonName_default = $ENV::KEY_CN
name_default = $ENV::KEY_NAME
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "Easy-RSA Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=clientAuth
keyUsage = digitalSignature
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
subjectAltName=$ENV::KEY_ALTNAMES
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ server ]
# JY ADDED -- Make a cert with nsCertType set to "server"
basicConstraints=CA:FALSE
nsCertType = server
nsComment = "Easy-RSA Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=serverAuth
keyUsage = digitalSignature, keyEncipherment
subjectAltName=$ENV::KEY_ALTNAMES
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always
[ engine_section ]
#
# If you are using PKCS#11
# Install engine_pkcs11 of opensc (www.opensc.org)
# And uncomment the following
# verify that dynamic_path points to the correct location
#
#pkcs11 = pkcs11_section
[ pkcs11_section ]
engine_id = pkcs11
dynamic_path = /usr/lib/engines/engine_pkcs11.so
MODULE_PATH = $ENV::PKCS11_MODULE_PATH
PIN = $ENV::PKCS11_PIN
init = 0

1
WF/openvpn/gw-ckubu/easy-rsa/openssl.cnf Symbolic link
View File

@ -0,0 +1 @@
/etc/openvpn/gw-ckubu/easy-rsa/openssl-1.0.0.cnf

1
WF/openvpn/gw-ckubu/easy-rsa/pkitool Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/pkitool

1
WF/openvpn/gw-ckubu/easy-rsa/revoke-full Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/revoke-full

1
WF/openvpn/gw-ckubu/easy-rsa/sign-req Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/sign-req

96
WF/openvpn/gw-ckubu/easy-rsa/vars Normal file
View File

@ -0,0 +1,96 @@
# easy-rsa parameter settings
# NOTE: If you installed from an RPM,
# don't edit this file in place in
# /usr/share/openvpn/easy-rsa --
# instead, you should copy the whole
# easy-rsa directory to another location
# (such as /etc/openvpn) so that your
# edits will not be wiped out by a future
# OpenVPN package upgrade.
# This variable should point to
# the top level of the easy-rsa
# tree.
##export EASY_RSA="`pwd`"
export BASE_DIR="/etc/openvpn/gw-ckubu"
export EASY_RSA="$BASE_DIR/easy-rsa"
#
# This variable should point to
# the requested executables
#
export OPENSSL="openssl"
export PKCS11TOOL="pkcs11-tool"
export GREP="grep"
# This variable should point to
# the openssl.cnf file included
# with easy-rsa.
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
# Edit this variable to point to
# your soon-to-be-created key
# directory.
#
# WARNING: clean-all will do
# a rm -rf on this directory
# so make sure you define
# it correctly!
##export KEY_DIR="$EASY_RSA/keys"
export KEY_DIR="$BASE_DIR/keys"
# Issue rm -rf warning
echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
# PKCS11 fixes
export PKCS11_MODULE_PATH="dummy"
export PKCS11_PIN="dummy"
# Increase this to 2048 if you
# are paranoid. This will slow
# down TLS negotiation performance
# as well as the one-time DH parms
# generation process.
##export KEY_SIZE=2048
export KEY_SIZE=4096
# In how many days should the root CA key expire?
##export CA_EXPIRE=3650
export CA_EXPIRE=11688
# In how many days should certificates expire?
##export KEY_EXPIRE=3650
export KEY_EXPIRE=7305
# These are the default values for fields
# which will be placed in the certificate.
# Don't leave any of these fields blank.
##export KEY_COUNTRY="US"
export KEY_COUNTRY="DE"
##export KEY_PROVINCE="CA"
export KEY_PROVINCE="Berlin"
##export KEY_CITY="SanFrancisco"
export KEY_CITY="Berlin"
##export KEY_ORG="Fort-Funston"
export KEY_ORG="o.open"
##export KEY_EMAIL="me@myhost.mydomain"
export KEY_EMAIL="argus@oopen.de"
##export KEY_OU="MyOrganizationalUnit"
export KEY_OU="Network Services"
# X509 Subject Field
##export KEY_NAME="EasyRSA"
export KEY_NAME="VPN WF"
# PKCS11 Smart Card
# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
# export PKCS11_PIN=1234
# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
## export KEY_CN="CommonName"
export KEY_CN="VPN-WF"
export KEY_ALTNAMES="VPN-WF"

80
WF/openvpn/gw-ckubu/easy-rsa/vars.2018-05-05-0002 Normal file
View File

@ -0,0 +1,80 @@
# easy-rsa parameter settings
# NOTE: If you installed from an RPM,
# don't edit this file in place in
# /usr/share/openvpn/easy-rsa --
# instead, you should copy the whole
# easy-rsa directory to another location
# (such as /etc/openvpn) so that your
# edits will not be wiped out by a future
# OpenVPN package upgrade.
# This variable should point to
# the top level of the easy-rsa
# tree.
export EASY_RSA="`pwd`"
#
# This variable should point to
# the requested executables
#
export OPENSSL="openssl"
export PKCS11TOOL="pkcs11-tool"
export GREP="grep"
# This variable should point to
# the openssl.cnf file included
# with easy-rsa.
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
# Edit this variable to point to
# your soon-to-be-created key
# directory.
#
# WARNING: clean-all will do
# a rm -rf on this directory
# so make sure you define
# it correctly!
export KEY_DIR="$EASY_RSA/keys"
# Issue rm -rf warning
echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
# PKCS11 fixes
export PKCS11_MODULE_PATH="dummy"
export PKCS11_PIN="dummy"
# Increase this to 2048 if you
# are paranoid. This will slow
# down TLS negotiation performance
# as well as the one-time DH parms
# generation process.
export KEY_SIZE=2048
# In how many days should the root CA key expire?
export CA_EXPIRE=3650
# In how many days should certificates expire?
export KEY_EXPIRE=3650
# These are the default values for fields
# which will be placed in the certificate.
# Don't leave any of these fields blank.
export KEY_COUNTRY="US"
export KEY_PROVINCE="CA"
export KEY_CITY="SanFrancisco"
export KEY_ORG="Fort-Funston"
export KEY_EMAIL="me@myhost.mydomain"
export KEY_OU="MyOrganizationalUnit"
# X509 Subject Field
export KEY_NAME="EasyRSA"
# PKCS11 Smart Card
# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
# export PKCS11_PIN=1234
# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
# export KEY_CN="CommonName"

1
WF/openvpn/gw-ckubu/easy-rsa/whichopensslcnf Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/whichopensslcnf

0
WF/openvpn/gw-ckubu/ipp.txt Normal file
View File

4
WF/openvpn/gw-ckubu/keys-created.txt Normal file
View File

@ -0,0 +1,4 @@
key...............: gw-ckubu.key
common name.......: VPN-WF-gw-ckubu
password..........: jeew4rai0bei9noo7Eixoh4aL2Aeveux

141
WF/openvpn/gw-ckubu/keys/01.pem Normal file
View File

@ -0,0 +1,141 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-WF/name=VPN WF/emailAddress=argus@oopen.de
Validity
Not Before: May 5 09:07:33 2018 GMT
Not After : May 5 09:07:33 2038 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-WF-server/name=VPN WF/emailAddress=argus@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:b7:55:76:2f:0a:b9:28:84:08:aa:51:dc:d3:93:
fb:e8:64:f5:7c:c6:4b:90:6d:a8:9f:51:b6:90:69:
81:30:64:6d:32:dc:59:51:f3:cf:68:96:45:11:ae:
2f:17:79:b5:c7:4b:11:ba:27:bb:94:fb:7c:5e:90:
84:c7:89:d3:a7:60:ed:cc:fc:59:b3:38:4f:67:75:
e0:2a:65:2c:54:5a:c0:98:28:f4:b4:65:4c:aa:5d:
3f:6a:a2:e2:33:a2:5e:0c:60:d5:e1:69:4c:35:9e:
aa:03:bb:01:2d:fb:2c:11:b1:43:09:96:27:f6:ca:
18:5e:6d:d1:a7:e0:5d:8d:3e:52:ae:5d:ff:9e:32:
e9:3c:11:da:35:b7:1a:b0:14:79:74:7b:57:51:15:
8c:a9:ca:1a:ba:e4:0d:53:d7:27:ce:7d:24:aa:98:
ae:2a:da:5a:cd:a5:6f:53:6c:22:f4:5a:52:53:6a:
83:52:fe:8f:e3:dc:8b:a9:99:f5:0b:61:a6:05:c2:
ad:f6:6c:cc:c4:7e:13:8c:28:88:09:98:c8:4d:be:
b1:69:6c:5a:4a:85:71:0b:50:22:b4:ee:35:71:82:
31:31:b3:a2:5f:2f:79:d3:75:68:be:37:e8:e0:7b:
77:a0:fe:62:b0:be:a4:7a:1d:a8:8b:30:d1:d4:0e:
2f:08:18:93:2f:32:b7:29:d5:e6:41:a5:e4:92:09:
d3:d4:d7:c3:f9:33:48:e6:be:f5:e0:e3:ae:35:7a:
a4:ee:40:a1:d4:e9:cf:fc:81:7d:31:e6:af:bf:f1:
e6:6d:da:1f:d0:e2:53:35:9d:b8:f4:a7:53:03:8b:
f9:e0:86:71:b9:45:9e:f9:68:2c:d8:a1:9f:04:73:
f9:8c:b2:9a:53:ea:96:63:8d:13:05:a5:fb:72:e6:
9f:92:23:f5:1b:57:ee:44:8d:75:c8:6b:b6:93:ac:
27:43:10:f0:9a:00:12:d5:95:07:22:ec:fe:01:ea:
0c:c6:0a:86:64:2a:20:98:01:b7:8a:d6:de:35:78:
ad:da:6f:93:eb:b8:29:f3:8a:99:5c:58:8f:dd:15:
ee:8e:26:21:e3:9d:df:60:c0:05:cb:83:3c:7e:9c:
f1:b7:68:bf:f0:b2:7d:c5:0f:56:d6:77:e7:5a:1a:
5c:ba:58:dd:fd:da:8b:03:ed:1e:6d:a7:55:e1:42:
3a:82:a6:17:ad:60:7d:98:bc:ae:c7:ed:a2:d7:6f:
82:a2:a3:4c:b7:79:8b:f4:a4:2e:53:51:a3:33:67:
64:ff:10:53:63:a6:ac:4f:7a:ce:22:74:e0:fc:ee:
2c:f1:a7:71:ae:f5:00:fd:52:a6:23:a0:b2:30:f6:
5a:a3:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Server
Netscape Comment:
Easy-RSA Generated Server Certificate
X509v3 Subject Key Identifier:
C0:D2:0C:48:39:41:59:DC:87:C8:23:A2:04:51:EF:F7:BF:98:7E:0C
X509v3 Authority Key Identifier:
keyid:D0:F2:74:20:2A:49:6B:48:97:BC:D1:5B:00:5B:BD:92:11:5C:FA:69
DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-WF/name=VPN WF/emailAddress=argus@oopen.de
serial:D2:39:38:94:EC:D1:BC:7F
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Subject Alternative Name:
DNS:server
Signature Algorithm: sha256WithRSAEncryption
45:6b:87:25:2c:19:e0:ab:c8:6b:8d:bb:e8:3f:98:30:54:9d:
a0:ad:3e:b7:c5:5d:76:a0:ba:2d:1b:16:8a:87:63:9a:23:9a:
b4:94:aa:5c:bd:0f:bf:35:af:60:ef:63:14:cb:00:51:b1:c1:
0c:ef:5a:52:1a:8e:5f:a1:20:bb:42:cd:50:a5:71:87:a7:24:
80:e9:1a:9f:8d:b4:f9:60:42:e1:20:4a:12:f6:a1:a9:6a:17:
94:43:6b:2a:1c:78:02:16:aa:e8:6d:50:b0:95:b8:59:66:ae:
5f:4b:87:5c:e6:64:ef:b7:78:72:57:18:04:b4:cc:9d:4f:35:
73:ec:48:d0:79:6c:20:92:88:32:d3:59:61:57:86:b8:1a:cc:
92:69:f1:9c:82:1d:24:c3:aa:d2:27:0b:ab:c3:3b:0d:44:74:
35:35:c5:b1:ce:95:29:8e:55:9e:00:3e:66:53:61:8a:3d:cd:
99:6b:80:e5:f6:eb:0d:60:54:8a:b5:43:de:02:4c:fd:a2:22:
90:b0:ac:ef:e9:39:9a:3b:f9:0c:cd:49:a5:54:e2:27:74:f6:
d6:f7:5d:2d:ef:20:2f:d7:4c:9d:16:c6:6b:57:fc:46:ed:e0:
44:91:45:c9:d3:1b:c8:be:e6:b5:62:6a:bd:cf:35:2a:66:59:
78:ae:d4:a2:3a:c8:af:79:19:40:73:31:60:3f:5a:df:59:d0:
92:b7:e8:a5:83:c3:50:4c:76:79:f3:21:70:d9:38:de:b9:37:
ee:15:03:82:a0:bc:94:ac:ce:0d:e6:a2:fd:eb:f2:89:96:e9:
9c:e4:f2:f1:09:b7:42:ae:e1:74:fc:87:ee:56:03:c3:46:82:
2d:68:56:fd:ef:9d:ce:41:e5:b1:08:3b:ef:f2:86:16:8c:0a:
21:2f:2b:4a:35:96:dd:34:fd:d3:ef:01:8a:48:ea:4a:7c:22:
af:a8:83:73:c3:2e:0f:de:3a:95:dc:fa:c7:9b:e8:66:77:26:
9f:36:b3:98:59:c7:c4:19:4b:65:28:15:b8:4f:47:70:7c:a2:
5a:33:15:0c:db:9b:2f:c8:73:1a:10:ef:ae:0f:1e:ff:97:1d:
ea:6f:ef:bd:a5:46:3f:d5:cb:d0:7d:2c:1c:00:63:2b:7a:ff:
8b:a2:5f:27:d7:5c:ff:ab:ed:b7:a5:98:98:db:e7:43:e2:18:
97:4d:e1:df:27:d8:57:cd:0e:29:fe:45:84:ee:e4:bf:b9:c5:
dc:4a:63:85:7e:6c:c1:d8:25:c2:fe:13:4d:58:79:ae:98:e7:
4c:ad:a8:36:4d:08:06:8f:fd:5d:1c:29:5e:c3:c6:04:e6:2b:
a8:6a:41:10:cf:fe:22:8b
-----BEGIN CERTIFICATE-----
MIIHPjCCBSagAwIBAgIBATANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1XRjEP
MA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTAe
Fw0xODA1MDUwOTA3MzNaFw0zODA1MDUwOTA3MzNaMIGjMQswCQYDVQQGEwJERTEP
MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3Bl
bjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEWMBQGA1UEAxMNVlBOLVdGLXNl
cnZlcjEPMA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Bl
bi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALdVdi8KuSiECKpR
3NOT++hk9XzGS5BtqJ9RtpBpgTBkbTLcWVHzz2iWRRGuLxd5tcdLEbonu5T7fF6Q
hMeJ06dg7cz8WbM4T2d14CplLFRawJgo9LRlTKpdP2qi4jOiXgxg1eFpTDWeqgO7
AS37LBGxQwmWJ/bKGF5t0afgXY0+Uq5d/54y6TwR2jW3GrAUeXR7V1EVjKnKGrrk
DVPXJ859JKqYriraWs2lb1NsIvRaUlNqg1L+j+Pci6mZ9QthpgXCrfZszMR+E4wo
iAmYyE2+sWlsWkqFcQtQIrTuNXGCMTGzol8vedN1aL436OB7d6D+YrC+pHodqIsw
0dQOLwgYky8ytynV5kGl5JIJ09TXw/kzSOa+9eDjrjV6pO5AodTpz/yBfTHmr7/x
5m3aH9DiUzWduPSnUwOL+eCGcblFnvloLNihnwRz+YyymlPqlmONEwWl+3Lmn5Ij
9RtX7kSNdchrtpOsJ0MQ8JoAEtWVByLs/gHqDMYKhmQqIJgBt4rW3jV4rdpvk+u4
KfOKmVxYj90V7o4mIeOd32DABcuDPH6c8bdov/CyfcUPVtZ351oaXLpY3f3aiwPt
Hm2nVeFCOoKmF61gfZi8rsftotdvgqKjTLd5i/SkLlNRozNnZP8QU2OmrE96ziJ0
4PzuLPGnca71AP1SpiOgsjD2WqNvAgMBAAGjggGAMIIBfDAJBgNVHRMEAjAAMBEG
CWCGSAGG+EIBAQQEAwIGQDA0BglghkgBhvhCAQ0EJxYlRWFzeS1SU0EgR2VuZXJh
dGVkIFNlcnZlciBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUwNIMSDlBWdyHyCOiBFHv
97+YfgwwgdEGA1UdIwSByTCBxoAU0PJ0ICpJa0iXvNFbAFu9khFc+mmhgaKkgZ8w
gZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxp
bjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMQ8w
DQYDVQQDEwZWUE4tV0YxDzANBgNVBCkTBlZQTiBXRjEdMBsGCSqGSIb3DQEJARYO
YXJndXNAb29wZW4uZGWCCQDSOTiU7NG8fzATBgNVHSUEDDAKBggrBgEFBQcDATAL
BgNVHQ8EBAMCBaAwEQYDVR0RBAowCIIGc2VydmVyMA0GCSqGSIb3DQEBCwUAA4IC
AQBFa4clLBngq8hrjbvoP5gwVJ2grT63xV12oLotGxaKh2OaI5q0lKpcvQ+/Na9g
72MUywBRscEM71pSGo5foSC7Qs1QpXGHpySA6RqfjbT5YELhIEoS9qGpaheUQ2sq
HHgCFqrobVCwlbhZZq5fS4dc5mTvt3hyVxgEtMydTzVz7EjQeWwgkogy01lhV4a4
GsySafGcgh0kw6rSJwurwzsNRHQ1NcWxzpUpjlWeAD5mU2GKPc2Za4Dl9usNYFSK
tUPeAkz9oiKQsKzv6TmaO/kMzUmlVOIndPbW910t7yAv10ydFsZrV/xG7eBEkUXJ
0xvIvua1Ymq9zzUqZll4rtSiOsiveRlAczFgP1rfWdCSt+ilg8NQTHZ58yFw2Tje
uTfuFQOCoLyUrM4N5qL96/KJlumc5PLxCbdCruF0/IfuVgPDRoItaFb9753OQeWx
CDvv8oYWjAohLytKNZbdNP3T7wGKSOpKfCKvqINzwy4P3jqV3PrHm+hmdyafNrOY
WcfEGUtlKBW4T0dwfKJaMxUM25svyHMaEO+uDx7/lx3qb++9pUY/1cvQfSwcAGMr
ev+Lol8n11z/q+23pZiY2+dD4hiXTeHfJ9hXzQ4p/kWE7uS/ucXcSmOFfmzB2CXC
/hNNWHmumOdMrag2TQgGj/1dHClew8YE5iuoakEQz/4iiw==
-----END CERTIFICATE-----

139
WF/openvpn/gw-ckubu/keys/02.pem Normal file
View File

@ -0,0 +1,139 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-WF/name=VPN WF/emailAddress=argus@oopen.de
Validity
Not Before: May 5 09:42:31 2018 GMT
Not After : May 5 09:42:31 2038 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-WF-gw-ckubu/name=VPN WF/emailAddress=argus@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:b2:94:ac:9d:49:b5:2d:0e:db:f1:19:1b:4d:c9:
ce:65:b9:18:e6:7a:c2:c6:e5:12:e3:c4:d3:47:9c:
65:74:0a:80:20:4e:1d:70:18:8e:b7:86:e4:e0:ec:
2a:f8:66:bf:6a:14:8f:44:4e:1b:cd:61:a0:b3:13:
0f:00:ec:2b:4d:06:c8:cd:34:d2:6b:e8:44:f3:cc:
9b:fd:87:b1:f9:a8:c5:17:79:79:3f:c5:05:0e:7b:
a1:b2:4b:58:29:33:b9:82:69:bf:b3:bc:a5:51:79:
03:db:6f:4f:55:62:52:64:f0:e4:a3:20:a4:e9:7f:
5d:78:f2:2b:d5:8e:5b:a7:d8:55:b2:ef:a4:01:b8:
2f:fa:1a:83:29:5b:36:b7:d4:84:cf:db:11:d4:3d:
db:3c:14:a8:42:af:76:d8:0f:ae:00:1f:13:b8:c3:
bb:f9:06:b9:e9:23:77:4c:d7:a9:a4:36:d9:f2:c3:
09:0c:00:a8:e2:7e:a4:b8:68:a2:c0:62:b0:42:2b:
2e:0a:55:9c:e1:9b:64:97:2c:51:ca:4e:27:5f:7b:
5a:ce:86:79:fc:78:67:58:05:48:c8:3b:4a:24:ba:
06:4e:db:89:40:f4:eb:83:ab:bb:dc:bf:1d:67:f5:
dd:ce:ce:38:26:d7:15:80:5c:97:73:fb:58:7e:96:
b4:ab:03:9a:12:36:38:78:86:5b:47:c7:e7:13:56:
83:54:a3:b1:a4:5e:be:75:3e:bc:ee:0d:9e:8d:99:
e4:ef:16:ad:ee:74:35:c4:ed:1d:3a:9b:94:9c:67:
07:a2:3e:b1:4b:fa:9e:94:97:51:12:1a:12:98:17:
0c:fa:ce:3b:01:c0:a1:bc:b4:1c:9d:8c:68:31:4b:
6d:19:ad:48:c0:c4:3e:24:b2:80:92:87:ba:4b:16:
39:3b:f4:45:73:b8:a4:16:dc:6a:4e:3a:18:84:46:
9e:38:47:69:ca:57:5d:92:5b:36:1a:06:3e:ce:1a:
f5:f5:0e:df:40:6e:06:24:0c:dc:69:7f:24:64:d5:
bd:94:2b:0b:6e:75:4d:2a:cd:0d:3e:a4:b3:94:7d:
55:f1:f4:56:f2:a6:c6:2c:16:28:e2:9b:26:bf:d6:
52:57:3e:2e:4a:f8:de:8b:3b:71:0d:76:9c:ae:7f:
e6:93:a4:1a:0a:c0:54:88:62:f9:5b:5d:12:31:5c:
dd:a0:20:e1:65:a5:cb:a5:b6:af:dd:3a:92:74:ef:
0c:70:98:0e:ad:1c:38:a2:3e:ae:6f:81:5e:44:3d:
4f:8c:b7:cb:50:93:53:e3:24:14:c5:a3:38:70:9a:
eb:39:11:1c:66:b6:7f:43:31:5b:e7:40:39:c0:f8:
f7:5e:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
0B:5A:3F:E1:53:15:BC:CD:55:77:FE:5A:67:FE:95:A2:D4:06:EF:F2
X509v3 Authority Key Identifier:
keyid:D0:F2:74:20:2A:49:6B:48:97:BC:D1:5B:00:5B:BD:92:11:5C:FA:69
DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-WF/name=VPN WF/emailAddress=argus@oopen.de
serial:D2:39:38:94:EC:D1:BC:7F
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:gw-ckubu
Signature Algorithm: sha256WithRSAEncryption
5e:4b:92:be:5d:99:f9:f4:ed:fc:06:1d:b8:c1:61:07:06:6a:
9a:88:af:81:84:04:6f:44:e7:63:c5:04:be:37:d8:52:e5:68:
bc:bd:1e:ba:50:7c:88:fe:e9:a0:a9:3b:af:cc:ee:ee:46:49:
01:fd:ff:60:68:d4:23:90:0d:e9:d6:54:97:43:e2:80:24:09:
cb:81:17:06:36:c4:83:0c:17:84:64:59:72:ab:28:45:42:73:
e8:59:b2:01:e5:e7:f6:45:29:07:71:fd:76:0b:ac:97:38:b3:
e6:54:16:08:84:49:f9:97:36:93:fd:77:64:f9:90:1f:d2:bb:
1c:57:20:ff:b5:c1:57:bb:b1:b2:8c:b1:ad:95:64:34:de:d4:
a2:3b:73:5c:60:6f:96:7e:6b:31:a6:10:3d:cc:c9:f2:df:fa:
34:b6:8c:e3:e1:25:90:31:a6:21:a1:04:2f:12:bd:3c:e6:6b:
2b:06:91:a9:00:10:1c:e0:22:e3:f3:dd:ae:ab:2a:7d:e5:3c:
52:8d:a7:5c:e8:00:b1:95:44:cc:24:45:87:6e:b9:f7:68:06:
5c:06:ab:d5:6d:e9:62:a5:8a:1f:57:14:17:2e:15:b2:8b:1f:
6d:19:1b:da:0f:ac:49:4c:9e:43:1d:0e:e7:28:41:9e:a1:c7:
a5:8d:76:f5:6c:e5:33:5b:fa:46:83:69:6b:b8:75:0a:ab:e1:
5a:d8:d5:7c:7d:e9:57:2d:be:f9:1b:2d:3f:41:5b:31:41:32:
53:80:5c:98:b8:35:da:31:f8:ff:56:d3:3f:68:ab:ef:9b:39:
5a:4d:ec:7f:6a:ad:d2:06:f3:7b:4d:ec:49:78:7a:57:a6:bd:
77:b2:1d:fa:be:e2:f5:60:ac:fb:cb:27:76:e5:86:ea:19:28:
e3:5a:b9:7b:bf:d0:3d:d5:b7:79:81:d8:6b:f6:24:bd:a8:60:
53:1a:ee:b7:94:f8:86:01:67:a1:f3:47:40:0e:4e:6c:bf:f5:
e9:80:ea:1e:63:7f:6e:d6:49:66:3d:25:8c:ef:7e:5c:c8:46:
0e:a2:f5:e1:ff:82:80:ec:bc:06:23:13:17:86:f1:47:a5:6a:
1b:12:d9:78:55:86:76:33:8a:68:a0:05:f3:c4:d8:29:01:5c:
24:d7:f4:a9:c4:ba:61:7f:4e:4e:a4:6f:bb:bd:3e:ab:3b:4b:
0f:ae:c3:d7:69:09:6b:29:6b:df:87:ef:99:25:fc:8e:64:e7:
69:89:a7:18:34:b5:b1:b7:18:fe:b9:0e:9c:27:1a:d2:18:bd:
31:6c:d0:34:b2:c2:58:7f:e6:19:e8:37:91:a8:5b:0d:ba:99:
94:68:1f:01:c0:b4:01:e8
-----BEGIN CERTIFICATE-----
MIIHKDCCBRCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1XRjEP
MA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTAe
Fw0xODA1MDUwOTQyMzFaFw0zODA1MDUwOTQyMzFaMIGlMQswCQYDVQQGEwJERTEP
MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3Bl
bjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEYMBYGA1UEAxMPVlBOLVdGLWd3
LWNrdWJ1MQ8wDQYDVQQpEwZWUE4gV0YxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9v
cGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAspSsnUm1LQ7b
8RkbTcnOZbkY5nrCxuUS48TTR5xldAqAIE4dcBiOt4bk4Owq+Ga/ahSPRE4bzWGg
sxMPAOwrTQbIzTTSa+hE88yb/Yex+ajFF3l5P8UFDnuhsktYKTO5gmm/s7ylUXkD
229PVWJSZPDkoyCk6X9dePIr1Y5bp9hVsu+kAbgv+hqDKVs2t9SEz9sR1D3bPBSo
Qq922A+uAB8TuMO7+Qa56SN3TNeppDbZ8sMJDACo4n6kuGiiwGKwQisuClWc4Ztk
lyxRyk4nX3tazoZ5/HhnWAVIyDtKJLoGTtuJQPTrg6u73L8dZ/Xdzs44JtcVgFyX
c/tYfpa0qwOaEjY4eIZbR8fnE1aDVKOxpF6+dT687g2ejZnk7xat7nQ1xO0dOpuU
nGcHoj6xS/qelJdREhoSmBcM+s47AcChvLQcnYxoMUttGa1IwMQ+JLKAkoe6SxY5
O/RFc7ikFtxqTjoYhEaeOEdpylddkls2GgY+zhr19Q7fQG4GJAzcaX8kZNW9lCsL
bnVNKs0NPqSzlH1V8fRW8qbGLBYo4psmv9ZSVz4uSvjeiztxDXacrn/mk6QaCsBU
iGL5W10SMVzdoCDhZaXLpbav3TqSdO8McJgOrRw4oj6ub4FeRD1PjLfLUJNT4yQU
xaM4cJrrOREcZrZ/QzFb50A5wPj3XmECAwEAAaOCAWgwggFkMAkGA1UdEwQCMAAw
LQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAd
BgNVHQ4EFgQUC1o/4VMVvM1Vd/5aZ/6VotQG7/IwgdEGA1UdIwSByTCBxoAU0PJ0
ICpJa0iXvNFbAFu9khFc+mmhgaKkgZ8wgZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQI
EwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYD
VQQLExBOZXR3b3JrIFNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tV0YxDzANBgNVBCkT
BlZQTiBXRjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDSOTiU7NG8
fzATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEwYDVR0RBAwwCoII
Z3ctY2t1YnUwDQYJKoZIhvcNAQELBQADggIBAF5Lkr5dmfn07fwGHbjBYQcGapqI
r4GEBG9E52PFBL432FLlaLy9HrpQfIj+6aCpO6/M7u5GSQH9/2Bo1COQDenWVJdD
4oAkCcuBFwY2xIMMF4RkWXKrKEVCc+hZsgHl5/ZFKQdx/XYLrJc4s+ZUFgiESfmX
NpP9d2T5kB/SuxxXIP+1wVe7sbKMsa2VZDTe1KI7c1xgb5Z+azGmED3MyfLf+jS2
jOPhJZAxpiGhBC8SvTzmaysGkakAEBzgIuPz3a6rKn3lPFKNp1zoALGVRMwkRYdu
ufdoBlwGq9Vt6WKlih9XFBcuFbKLH20ZG9oPrElMnkMdDucoQZ6hx6WNdvVs5TNb
+kaDaWu4dQqr4VrY1Xx96VctvvkbLT9BWzFBMlOAXJi4Ndox+P9W0z9oq++bOVpN
7H9qrdIG83tN7El4elemvXeyHfq+4vVgrPvLJ3blhuoZKONauXu/0D3Vt3mB2Gv2
JL2oYFMa7reU+IYBZ6HzR0AOTmy/9emA6h5jf27WSWY9JYzvflzIRg6i9eH/goDs
vAYjExeG8UelahsS2XhVhnYzimigBfPE2CkBXCTX9KnEumF/Tk6kb7u9Pqs7Sw+u
w9dpCWspa9+H75kl/I5k52mJpxg0tbG3GP65DpwnGtIYvTFs0DSywlh/5hnoN5Go
Ww26mZRoHwHAtAHo
-----END CERTIFICATE-----

39
WF/openvpn/gw-ckubu/keys/ca.crt Normal file
View File

@ -0,0 +1,39 @@
-----BEGIN CERTIFICATE-----
MIIGxjCCBK6gAwIBAgIJANI5OJTs0bx/MA0GCSqGSIb3DQEBCwUAMIGcMQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEPMA0GA1UEAxMG
VlBOLVdGMQ8wDQYDVQQpEwZWUE4gV0YxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9v
cGVuLmRlMCAXDTE4MDUwNDIyMDQzNVoYDzIwNTAwNTA0MjIwNDM1WjCBnDELMAkG
A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMT
BlZQTi1XRjEPMA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bv
b3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK+Qg+M2wuVE
xG3mDM6abF2wyU7bVeIVgbdU3L+aleso8IyCwyZS3JTWafR2HzHGBIRvmmxNVehs
EAM8AtkxMqKSGTv3HgnaHy6XSNlMqmO78rCUifFs24Uw2vbnbrytxEGGr7aFVaiy
f+nZ6uc+KT4sJzzxc4UV3BxH6aBt/itNCrx/mPrQ6JBsH1U0pJp8O35UNmgPxRTW
A96LMxvupC4K5MWCK/ZMgJ+zaKuHY2Zn09vmxIOEkzGY0MSQynLaIa/W6TLlGXpn
UKRArd098gS6IF3TNLeTHKwwEMdQREguL+C3I4m9a9uCFs9AUGmKx93prRG38RL7
TrdJTG5J2642xBQae/M4NjjPZ8yiNKMiO5CM6RiINtC3NykwlR+74LmDz0wxvxoz
zsNdpYKH9eaqE7xmRhpXPYc41oCT7QOg8kh1k11dx7awx1edD+5MBklyr23yph7I
p4j2aA2Ce4PKgH9p4pPNDuMI7o6AFpQZC/YaKO315PIvkGbI2FPvkD6WAFo6ol4K
P4Qs8l3dek6cqys5tkq5G1vh61P33hnRqIOlDjZ/03gtsZKjndY+WSR+ilcTb+dP
I2dYXqX+Cy6xY4bHVxpHg7MXYDZoXtVnjLcC5EviwiShqDBReH1CFCfDlleWjkob
vlLjvCO19SEzHWK7lAUvSuOk+XFlPwgRAgMBAAGjggEFMIIBATAdBgNVHQ4EFgQU
0PJ0ICpJa0iXvNFbAFu9khFc+mkwgdEGA1UdIwSByTCBxoAU0PJ0ICpJa0iXvNFb
AFu9khFc+mmhgaKkgZ8wgZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4x
DzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3
b3JrIFNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tV0YxDzANBgNVBCkTBlZQTiBXRjEd
MBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDSOTiU7NG8fzAMBgNVHRME
BTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQA1PlBb6rHJnwpZwfY0Uvb1CVbCuVF2
4C54AMdWKTORs8U9fVKTwVxzV+aeHiEztxOoKLhIq8EN3+0HkDdXBKHagHXjzEoe
h91n/5nfc9IqR4WVO9AqFaqiIQmSOFqtryoG8ZgHtAz65YCGruG3BS95IIooeXQW
r1sH3L/2rb0ea11zP3CtBy2pKlHiu6289JiLyObKFaQFu7PCJzWARV4pIJf1XgZl
qk2YundPpKxtxHUhe0UObYFrcgo1ccBnKEsEcMANk7nz27QXML1dSSRMFc/AInpJ
EMrInTaGI5rGusgbGrPSVAnuLMkmDdNE6r6l4L9cd5m867CUfp89m4BCU8Cjv+UP
5bnBU9DgUqMs0jlOqbfy27FOsPXBhsyR4QdddJCAg+yYuYdBgVo8XRZiSPYTi55G
M29n92ma9HVU95WA4cR9d3IlgNk40RhgAVMcGAOgk/sQFfp43DssBtcY5wweva7B
a9M34o0f4HslXDm6xV8y9P+zcScbs9B9WXE+2HvMwVTrXnM/EhpyL0MlZ5NXcHld
cBqNwRu84Rw2iw54sQDb8R0a3NJ3ZxHbQG8crgUD80xgZe1ds9k6YoCr4c4wh7SP
ru1i2v9bdCskC/vsGOR7BNUvVfJFcfk6PcqynHjvGgz8tWWdEkbRA29UZM0paAwZ
Ic3ZiGwAJvoitQ==
-----END CERTIFICATE-----

52
WF/openvpn/gw-ckubu/keys/ca.key Normal file
View File

@ -0,0 +1,52 @@
-----BEGIN PRIVATE KEY-----
MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCvkIPjNsLlRMRt
5gzOmmxdsMlO21XiFYG3VNy/mpXrKPCMgsMmUtyU1mn0dh8xxgSEb5psTVXobBAD
PALZMTKikhk79x4J2h8ul0jZTKpju/KwlInxbNuFMNr25268rcRBhq+2hVWosn/p
2ernPik+LCc88XOFFdwcR+mgbf4rTQq8f5j60OiQbB9VNKSafDt+VDZoD8UU1gPe
izMb7qQuCuTFgiv2TICfs2irh2NmZ9Pb5sSDhJMxmNDEkMpy2iGv1uky5Rl6Z1Ck
QK3dPfIEuiBd0zS3kxysMBDHUERILi/gtyOJvWvbghbPQFBpisfd6a0Rt/ES+063
SUxuSduuNsQUGnvzODY4z2fMojSjIjuQjOkYiDbQtzcpMJUfu+C5g89MMb8aM87D
XaWCh/XmqhO8ZkYaVz2HONaAk+0DoPJIdZNdXce2sMdXnQ/uTAZJcq9t8qYeyKeI
9mgNgnuDyoB/aeKTzQ7jCO6OgBaUGQv2Gijt9eTyL5BmyNhT75A+lgBaOqJeCj+E
LPJd3XpOnKsrObZKuRtb4etT994Z0aiDpQ42f9N4LbGSo53WPlkkfopXE2/nTyNn
WF6l/gsusWOGx1caR4OzF2A2aF7VZ4y3AuRL4sIkoagwUXh9QhQnw5ZXlo5KG75S
47wjtfUhMx1iu5QFL0rjpPlxZT8IEQIDAQABAoICABrj8a99lcB0FfoXQGLsuChp
iYvwgGkOjj28W8tlLA1GygFbjfRywKJzbOsqpICFKe/3ABoShlQBKTq1mGIX7P+F
jSPoJ8uugxQpy9isq3R3NybguXgnCkCOSRuEOyvfGa5HqOY16fba0EjLPfWJSdvh
+2iUOvNpc7tJMHmIH2QWesyAZrgUA2sLhIkSdRvMZ3hkAalSsQcN+K2/eGaQ2MjM
llnCJGWnNhQ/8IpFRG5M/OAzqmnShpEULPXOj5Oj4YEDU9idypc699kQpxC6CjW7
JHX6gZqUh9G/0vIUU0ETAfZTVrgkMT7/3+qCmU5xGUfeIMoT+HLF1zqvmWtTGLiH
WqVmOiDw6TOmEnfN0U0YeWUFKpW2uu8Y1FV4Ga/0fCHZNXbGJWH81a+IQ0U2qXeW
Vu42b6jBraVrjmnjX72dIU7NceolztwiqURM8vlafU4VG3y8MoVMGlgxgrQ4eDNd
V+vBHiIcXyxNPOxRZ8xHeqpPBAu3QDpbNU1J91xveRicgzHC1pmQ/CKwP+rxEDt0
ncO/+yQEAMwf0Lmws+E0htXnlHADDrNFin5OjFMFz1K6E0Dfr+NQQLpEv362ztrb
a2LIAwSq0tsluSAVNOqkRiXvBqk5oIQJ24nXWbBLWY1iCdFJ93Y1R4tj3stoiRUv
9eERxGBefsWotZSmZUahAoIBAQDeTVU6Y1a0U8xnL+GwOcyV+7+iFeYrtqDQlKYB
6q/OenPbsXq9cJvVGTRKwBSoDXEcuqVuYhlAyujOlnPvCXGlK1xxuPO7L+Ei0QR7
VFLJ33XWz0IdPgjt8zyZHB3wiAPm2L9aCCqKyu7ZFPmki6CsEeT6J0gxz5ihwqB8
xcAVWQB40kYyJBuaL2ooYeBCmCmqepQ3xdpQWs5k8FvSPY1mBSsmwVT+cGj863Vq
hklfz0OapJdcQVhI/DsAgKjOvfsyBCHEbC/4adTHUUgxak5C6baLgEajPvPvlPT3
LkDdAcIAsmpGeh4kq50NruS4jod8gs2l67Ic+KWhEVYdgsVNAoIBAQDKLXtFGbQn
0I6ZidY6vMqRLzNyaNOO7efi3/eeSe6fTou0ej3nRUITOni8AyDOWDUV08vnRBHI
mh7eck39CX5f+w1Nie9ucGhp3XXPencAbRk4yBmu94cSdpLBtHRPLGAs0Px6TlEe
u37CnU2yEmFcyKW20pnmQkvY/uGAipW35ox4LhI/Q77AGWShSnrTXke1657EWh+9
P6gmGFyKrmyvK1EwWqm3sLu8/vBcrZ8TOBoVX7tBCDo/iK8I0Eg1BnbRlqEPn4/T
+/rCaD9OV27IZbz0i3EeaoMCkttjLVMQ6mPVX/2+B2ptxVEdJk74zDY5gm4f+ZLo
uNzcmaznSNvVAoIBAGYaVNv1hnxaxNZcGqfLVFlLANCciFRplGFY9QqKVWdbvN0a
Hkrmbtyor+jpYlNxoRNV8ufJLNoimF1SozsWNllrmhEtptzB+AD6ybkvmLrZ5RDd
rvspZAaOorWcQXAZuNkNko3ylD+dR6jzRlo6O3js2yO+aR1fwTYC452LYlcrwti7
k7wx82+U+YhEtDFCHFkN5gfb2xLvMj8QWswss0Y5d4FcaQJYdRA9wXdE6GyWEPH1
SQP5i2gyWZM4hNA4WCi31x6Vpk7NpQpLHgJ8VifLmqlmKIuQPZA79WuWlfosdYPG
bqOiMTgcjo0bWDggVsBsf7IGmI9P8RsSkGALkT0CggEBAIwdZx/lh2hMbndUAmck
rdJefu4cXfnhQOKHy0kk/b3kJogGa95arkc7L69FD7hRg0DETrzQ/O4keZ46Y3go
2y9Tgs2o+Yl1V7d+poYK3mwqL9+dNcd/flm6WUzrbevs2h5VG5T7r9Z3pIrlj5II
kPdHiykf3U6pxXz2b3uxD7+qhNFJRJYZshnZv1bUkjjoTxRx3c9AklyKwFLecUwf
Q+1GPPcg7hwC3KlHmXbxUJx2NgV4GgMg25VqebvG9TPibfgkxyxXrcsBB7ExpCX8
DCfP8lscRGIK+Q6QjoC2Saogdt3Kr8TByO2YYPWtte9RP4ctsHpycXDdpRsxWZXU
dZ0CggEBAMD43PH9kGFG7TdyeCZqBOIGu06CnYq9Y205PH4if+I79olujnJs0iA/
tbfkVMvJxXR7TDg9G/X+oW+cBbblbqe4vRpjfaK6EUvrbEqERfUQ2/dFsp7nrD59
P6yFj442lnZkhBeK1CE00ocpxNz2Ml32xVlx/yunoDZuWFSupvyBMY6KiXMfVq1X
FY+WuQO3Wc62LbsTVOMptoKD/uCiD2b1bHrL6pvzhCAdkAU+O8NfNcoYxJjm0hLc
2Udz/kNggj3I3MRsmPlPmhvZaH1dKvlNjs2ksN47/ppbEDbKh2s//kzLMsXF+Doh
jNt0lT6X2XxBnx0HQL70xPUVieu/+GA=
-----END PRIVATE KEY-----

1
WF/openvpn/gw-ckubu/keys/crl.pem Symbolic link
View File

@ -0,0 +1 @@
../crl.pem

13
WF/openvpn/gw-ckubu/keys/dh4096.pem Normal file
View File

@ -0,0 +1,13 @@
-----BEGIN DH PARAMETERS-----
MIICCAKCAgEAzrhrnM4U9xb0xkelwjgDcp+Q9+Fyxj6hWt2pG+X8Xa3XybIFQGWe
Thlu6db1X15hZXEelnmS6TEpBCxSKbiMFOjlCFj52UUSJjs6gidIcmNh0aZoohSn
jgn1atE05qvWSjZu87fZtG3UVZEYysMBmpJB7iID7FyZqXCmwcZRT0HRd6gJX0L9
CUrOflnBAzOGE8Jc7CwIPyqjlkaHiWGYCFKvyuClxrhPHo670wtR0xY8Gn0FcAFx
kygnUmE8g/7UpbfuqhwqxiDQSDW2hz5/hXKcM8CEStRLFH80f9PIvm1lyX+pIxMH
dUGmT1zPW9b6Z6Af5EGbdZp4TvcOGhehA8f2P97tK4GsQDNwWFj63nCWuGMvPTzw
d62aakXx+h0bzUsBQ5df7n3PopLw4Kbh2YmJrxbGVv3FeFl+Pzf0HgKtwmha4qnf
MSVda/EysuGA5uk496zCVPLFbVSWZsn24l4piEXxSQB/EwR7EfqqWnQmEYTxwr54
UtSu7uLU8BwdH1/MeQipZ8o+WA7nqUrAhv8rSnjkv5QMizd0e7bKZnkUKMK59aB+
yTGBbsXsH/JSlY/FBgwb4+Hk1VoYOuZUe8lM9ofXYmk7c5FZnhY5CptMxCkBGoUg
4WQbw+zeC5Ku3A4sU3V7xl1yXk3IlyMYO7FgJlWu7DSlwlDJVdNMOuMCAQI=
-----END DH PARAMETERS-----

139
WF/openvpn/gw-ckubu/keys/gw-ckubu.crt Normal file
View File

@ -0,0 +1,139 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-WF/name=VPN WF/emailAddress=argus@oopen.de
Validity
Not Before: May 5 09:42:31 2018 GMT
Not After : May 5 09:42:31 2038 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-WF-gw-ckubu/name=VPN WF/emailAddress=argus@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:b2:94:ac:9d:49:b5:2d:0e:db:f1:19:1b:4d:c9:
ce:65:b9:18:e6:7a:c2:c6:e5:12:e3:c4:d3:47:9c:
65:74:0a:80:20:4e:1d:70:18:8e:b7:86:e4:e0:ec:
2a:f8:66:bf:6a:14:8f:44:4e:1b:cd:61:a0:b3:13:
0f:00:ec:2b:4d:06:c8:cd:34:d2:6b:e8:44:f3:cc:
9b:fd:87:b1:f9:a8:c5:17:79:79:3f:c5:05:0e:7b:
a1:b2:4b:58:29:33:b9:82:69:bf:b3:bc:a5:51:79:
03:db:6f:4f:55:62:52:64:f0:e4:a3:20:a4:e9:7f:
5d:78:f2:2b:d5:8e:5b:a7:d8:55:b2:ef:a4:01:b8:
2f:fa:1a:83:29:5b:36:b7:d4:84:cf:db:11:d4:3d:
db:3c:14:a8:42:af:76:d8:0f:ae:00:1f:13:b8:c3:
bb:f9:06:b9:e9:23:77:4c:d7:a9:a4:36:d9:f2:c3:
09:0c:00:a8:e2:7e:a4:b8:68:a2:c0:62:b0:42:2b:
2e:0a:55:9c:e1:9b:64:97:2c:51:ca:4e:27:5f:7b:
5a:ce:86:79:fc:78:67:58:05:48:c8:3b:4a:24:ba:
06:4e:db:89:40:f4:eb:83:ab:bb:dc:bf:1d:67:f5:
dd:ce:ce:38:26:d7:15:80:5c:97:73:fb:58:7e:96:
b4:ab:03:9a:12:36:38:78:86:5b:47:c7:e7:13:56:
83:54:a3:b1:a4:5e:be:75:3e:bc:ee:0d:9e:8d:99:
e4:ef:16:ad:ee:74:35:c4:ed:1d:3a:9b:94:9c:67:
07:a2:3e:b1:4b:fa:9e:94:97:51:12:1a:12:98:17:
0c:fa:ce:3b:01:c0:a1:bc:b4:1c:9d:8c:68:31:4b:
6d:19:ad:48:c0:c4:3e:24:b2:80:92:87:ba:4b:16:
39:3b:f4:45:73:b8:a4:16:dc:6a:4e:3a:18:84:46:
9e:38:47:69:ca:57:5d:92:5b:36:1a:06:3e:ce:1a:
f5:f5:0e:df:40:6e:06:24:0c:dc:69:7f:24:64:d5:
bd:94:2b:0b:6e:75:4d:2a:cd:0d:3e:a4:b3:94:7d:
55:f1:f4:56:f2:a6:c6:2c:16:28:e2:9b:26:bf:d6:
52:57:3e:2e:4a:f8:de:8b:3b:71:0d:76:9c:ae:7f:
e6:93:a4:1a:0a:c0:54:88:62:f9:5b:5d:12:31:5c:
dd:a0:20:e1:65:a5:cb:a5:b6:af:dd:3a:92:74:ef:
0c:70:98:0e:ad:1c:38:a2:3e:ae:6f:81:5e:44:3d:
4f:8c:b7:cb:50:93:53:e3:24:14:c5:a3:38:70:9a:
eb:39:11:1c:66:b6:7f:43:31:5b:e7:40:39:c0:f8:
f7:5e:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
0B:5A:3F:E1:53:15:BC:CD:55:77:FE:5A:67:FE:95:A2:D4:06:EF:F2
X509v3 Authority Key Identifier:
keyid:D0:F2:74:20:2A:49:6B:48:97:BC:D1:5B:00:5B:BD:92:11:5C:FA:69
DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-WF/name=VPN WF/emailAddress=argus@oopen.de
serial:D2:39:38:94:EC:D1:BC:7F
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:gw-ckubu
Signature Algorithm: sha256WithRSAEncryption
5e:4b:92:be:5d:99:f9:f4:ed:fc:06:1d:b8:c1:61:07:06:6a:
9a:88:af:81:84:04:6f:44:e7:63:c5:04:be:37:d8:52:e5:68:
bc:bd:1e:ba:50:7c:88:fe:e9:a0:a9:3b:af:cc:ee:ee:46:49:
01:fd:ff:60:68:d4:23:90:0d:e9:d6:54:97:43:e2:80:24:09:
cb:81:17:06:36:c4:83:0c:17:84:64:59:72:ab:28:45:42:73:
e8:59:b2:01:e5:e7:f6:45:29:07:71:fd:76:0b:ac:97:38:b3:
e6:54:16:08:84:49:f9:97:36:93:fd:77:64:f9:90:1f:d2:bb:
1c:57:20:ff:b5:c1:57:bb:b1:b2:8c:b1:ad:95:64:34:de:d4:
a2:3b:73:5c:60:6f:96:7e:6b:31:a6:10:3d:cc:c9:f2:df:fa:
34:b6:8c:e3:e1:25:90:31:a6:21:a1:04:2f:12:bd:3c:e6:6b:
2b:06:91:a9:00:10:1c:e0:22:e3:f3:dd:ae:ab:2a:7d:e5:3c:
52:8d:a7:5c:e8:00:b1:95:44:cc:24:45:87:6e:b9:f7:68:06:
5c:06:ab:d5:6d:e9:62:a5:8a:1f:57:14:17:2e:15:b2:8b:1f:
6d:19:1b:da:0f:ac:49:4c:9e:43:1d:0e:e7:28:41:9e:a1:c7:
a5:8d:76:f5:6c:e5:33:5b:fa:46:83:69:6b:b8:75:0a:ab:e1:
5a:d8:d5:7c:7d:e9:57:2d:be:f9:1b:2d:3f:41:5b:31:41:32:
53:80:5c:98:b8:35:da:31:f8:ff:56:d3:3f:68:ab:ef:9b:39:
5a:4d:ec:7f:6a:ad:d2:06:f3:7b:4d:ec:49:78:7a:57:a6:bd:
77:b2:1d:fa:be:e2:f5:60:ac:fb:cb:27:76:e5:86:ea:19:28:
e3:5a:b9:7b:bf:d0:3d:d5:b7:79:81:d8:6b:f6:24:bd:a8:60:
53:1a:ee:b7:94:f8:86:01:67:a1:f3:47:40:0e:4e:6c:bf:f5:
e9:80:ea:1e:63:7f:6e:d6:49:66:3d:25:8c:ef:7e:5c:c8:46:
0e:a2:f5:e1:ff:82:80:ec:bc:06:23:13:17:86:f1:47:a5:6a:
1b:12:d9:78:55:86:76:33:8a:68:a0:05:f3:c4:d8:29:01:5c:
24:d7:f4:a9:c4:ba:61:7f:4e:4e:a4:6f:bb:bd:3e:ab:3b:4b:
0f:ae:c3:d7:69:09:6b:29:6b:df:87:ef:99:25:fc:8e:64:e7:
69:89:a7:18:34:b5:b1:b7:18:fe:b9:0e:9c:27:1a:d2:18:bd:
31:6c:d0:34:b2:c2:58:7f:e6:19:e8:37:91:a8:5b:0d:ba:99:
94:68:1f:01:c0:b4:01:e8
-----BEGIN CERTIFICATE-----
MIIHKDCCBRCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1XRjEP
MA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTAe
Fw0xODA1MDUwOTQyMzFaFw0zODA1MDUwOTQyMzFaMIGlMQswCQYDVQQGEwJERTEP
MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3Bl
bjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEYMBYGA1UEAxMPVlBOLVdGLWd3
LWNrdWJ1MQ8wDQYDVQQpEwZWUE4gV0YxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9v
cGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAspSsnUm1LQ7b
8RkbTcnOZbkY5nrCxuUS48TTR5xldAqAIE4dcBiOt4bk4Owq+Ga/ahSPRE4bzWGg
sxMPAOwrTQbIzTTSa+hE88yb/Yex+ajFF3l5P8UFDnuhsktYKTO5gmm/s7ylUXkD
229PVWJSZPDkoyCk6X9dePIr1Y5bp9hVsu+kAbgv+hqDKVs2t9SEz9sR1D3bPBSo
Qq922A+uAB8TuMO7+Qa56SN3TNeppDbZ8sMJDACo4n6kuGiiwGKwQisuClWc4Ztk
lyxRyk4nX3tazoZ5/HhnWAVIyDtKJLoGTtuJQPTrg6u73L8dZ/Xdzs44JtcVgFyX
c/tYfpa0qwOaEjY4eIZbR8fnE1aDVKOxpF6+dT687g2ejZnk7xat7nQ1xO0dOpuU
nGcHoj6xS/qelJdREhoSmBcM+s47AcChvLQcnYxoMUttGa1IwMQ+JLKAkoe6SxY5
O/RFc7ikFtxqTjoYhEaeOEdpylddkls2GgY+zhr19Q7fQG4GJAzcaX8kZNW9lCsL
bnVNKs0NPqSzlH1V8fRW8qbGLBYo4psmv9ZSVz4uSvjeiztxDXacrn/mk6QaCsBU
iGL5W10SMVzdoCDhZaXLpbav3TqSdO8McJgOrRw4oj6ub4FeRD1PjLfLUJNT4yQU
xaM4cJrrOREcZrZ/QzFb50A5wPj3XmECAwEAAaOCAWgwggFkMAkGA1UdEwQCMAAw
LQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAd
BgNVHQ4EFgQUC1o/4VMVvM1Vd/5aZ/6VotQG7/IwgdEGA1UdIwSByTCBxoAU0PJ0
ICpJa0iXvNFbAFu9khFc+mmhgaKkgZ8wgZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQI
EwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYD
VQQLExBOZXR3b3JrIFNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tV0YxDzANBgNVBCkT
BlZQTiBXRjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDSOTiU7NG8
fzATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEwYDVR0RBAwwCoII
Z3ctY2t1YnUwDQYJKoZIhvcNAQELBQADggIBAF5Lkr5dmfn07fwGHbjBYQcGapqI
r4GEBG9E52PFBL432FLlaLy9HrpQfIj+6aCpO6/M7u5GSQH9/2Bo1COQDenWVJdD
4oAkCcuBFwY2xIMMF4RkWXKrKEVCc+hZsgHl5/ZFKQdx/XYLrJc4s+ZUFgiESfmX
NpP9d2T5kB/SuxxXIP+1wVe7sbKMsa2VZDTe1KI7c1xgb5Z+azGmED3MyfLf+jS2
jOPhJZAxpiGhBC8SvTzmaysGkakAEBzgIuPz3a6rKn3lPFKNp1zoALGVRMwkRYdu
ufdoBlwGq9Vt6WKlih9XFBcuFbKLH20ZG9oPrElMnkMdDucoQZ6hx6WNdvVs5TNb
+kaDaWu4dQqr4VrY1Xx96VctvvkbLT9BWzFBMlOAXJi4Ndox+P9W0z9oq++bOVpN
7H9qrdIG83tN7El4elemvXeyHfq+4vVgrPvLJ3blhuoZKONauXu/0D3Vt3mB2Gv2
JL2oYFMa7reU+IYBZ6HzR0AOTmy/9emA6h5jf27WSWY9JYzvflzIRg6i9eH/goDs
vAYjExeG8UelahsS2XhVhnYzimigBfPE2CkBXCTX9KnEumF/Tk6kb7u9Pqs7Sw+u
w9dpCWspa9+H75kl/I5k52mJpxg0tbG3GP65DpwnGtIYvTFs0DSywlh/5hnoN5Go
Ww26mZRoHwHAtAHo
-----END CERTIFICATE-----

29
WF/openvpn/gw-ckubu/keys/gw-ckubu.csr Normal file
View File

@ -0,0 +1,29 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIE6zCCAtMCAQAwgaUxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3Jr
IFNlcnZpY2VzMRgwFgYDVQQDEw9WUE4tV0YtZ3ctY2t1YnUxDzANBgNVBCkTBlZQ
TiBXRjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwggIiMA0GCSqGSIb3
DQEBAQUAA4ICDwAwggIKAoICAQCylKydSbUtDtvxGRtNyc5luRjmesLG5RLjxNNH
nGV0CoAgTh1wGI63huTg7Cr4Zr9qFI9EThvNYaCzEw8A7CtNBsjNNNJr6ETzzJv9
h7H5qMUXeXk/xQUOe6GyS1gpM7mCab+zvKVReQPbb09VYlJk8OSjIKTpf1148ivV
jlun2FWy76QBuC/6GoMpWza31ITP2xHUPds8FKhCr3bYD64AHxO4w7v5BrnpI3dM
16mkNtnywwkMAKjifqS4aKLAYrBCKy4KVZzhm2SXLFHKTidfe1rOhnn8eGdYBUjI
O0okugZO24lA9OuDq7vcvx1n9d3Ozjgm1xWAXJdz+1h+lrSrA5oSNjh4hltHx+cT
VoNUo7GkXr51PrzuDZ6NmeTvFq3udDXE7R06m5ScZweiPrFL+p6Ul1ESGhKYFwz6
zjsBwKG8tBydjGgxS20ZrUjAxD4ksoCSh7pLFjk79EVzuKQW3GpOOhiERp44R2nK
V12SWzYaBj7OGvX1Dt9AbgYkDNxpfyRk1b2UKwtudU0qzQ0+pLOUfVXx9FbypsYs
Fijimya/1lJXPi5K+N6LO3ENdpyuf+aTpBoKwFSIYvlbXRIxXN2gIOFlpcultq/d
OpJ07wxwmA6tHDiiPq5vgV5EPU+Mt8tQk1PjJBTFozhwmus5ERxmtn9DMVvnQDnA
+PdeYQIDAQABoAAwDQYJKoZIhvcNAQELBQADggIBAD1G7CZjDtBGdx699GNi9EXW
geui5Y0DSq/4HM3+ixH/23dsukP/YH0yLLqOXjw+FiNLiDy0KXwKUh8Ixxt01GYY
/9vZmXETN+Wo61imvlTnzL5ku67noMJAG5j9A4+TW4oU10eOwCfTgJRqb25E/Bmo
rHo/fpw3LXW7H7rRLFKNmJVDVFbyDmJruUpp6Vrq7snAw88NZOkamcKOKmeZSn/6
HMwaicX6pSOICBohC97N1ycuo07ME50LLiWStujPNWeXaprzmordsRlQ/CIyEbQb
XbxzoH44IEcdSDXdBvFwgW5GGwbONHX2mZiuqk72xcBxDWt5zjvbjiaWydmf+59s
rAb68ls4uN6iz8TKS4qgL9eq7S7F4+MQ4ngmCP6fHsm9uUP+EyA1SQkMEYwnBCzu
Z+ItQB1a4RPaZabGNG+XsJnTCSzSL5kxihS7VJD2h/ZYSXS+ZxbS4MZCyyXkpCQz
KOMM85uUtWs1RJsmVCCwwMUA3MmLxzptAgcLbN/PZ0Vy4uiTY8tDJaBDEg7er/WS
HFACCxAChmSaPnI56vNtSD4giVFuufR9rJzO2+1DL1s/9QYO+5n8B0pbQuAAbrMK
DnEQK6qTYv8REM4x9D2YBfZcmPsE6W8rXDCYhll7G72ywn3g8HSOl0YZbiGVDXTo
aPedA4ow0NkhbFFxjCSQ
-----END CERTIFICATE REQUEST-----

54
WF/openvpn/gw-ckubu/keys/gw-ckubu.key Normal file
View File

@ -0,0 +1,54 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI59wBCS9KufACAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECMafpEYThPSNBIIJSMfS/Nhh6rKg
wYowIdjqeXtALfdMjYM1VPFesantrtCGxxZgyvGhT8GJylJvyKlHpaGKXnqib9k9
vtmLEwgte4gfKQ4DfBLKSx59tMWOubFkP0UipolhJeksCzyq8Jz+vqITr8ZIHm3F
+Rw6Vmf/tH6+tl4E+K9RsC6y9DV+3LT8nApLJw1jFCOPTYJ4MGMXyacrQ0s6uluB
vL0T47A9OVemH9dAJhxIeYXP6oNM5/bbMe7ipAQDmwzAU4YGn3VR7hRdFjhcsw9G
3MiQQc3/vBKYmIwDKdRhkNr6BWU6kj00aHShchQQB3igc/C0T+OdYjbV395+AoeW
N2elVKmVR+jPmQCngb4adE13PqzAil29SMNGCYUmrr6w9beof1lkNgaPGMlizSrj
dyViCIfyKUZIyHoTM2tkWZnvwvTAiLnq/KLb3xeFEz1P52dXNa+iaaT+2/CMJK8y
/K3tI3LelE4GlJ0pqPeBbgPdJtDjti5eLAzlpVt36FXYIauNHPqdudD2gkU1uyQ+
UczS0aiHp/HyR35OhOtjTq9WjL6rNcQydYxKZkQS6SftqC9B3ulG6miI1qykoQRt
7mCOE4hdRLb4qU7ZbuLh3ysX90FgSaCTRkn/WLLRdXL9rnp18/i1o628449p+sCQ
1Y1BaMSiwBKHu5kvFCUiZ/9gS71rZvz2fWYvZult9hM9++XXwGjmaQFTO/O/YAKA
PMnsS7XZZLF8kvWp7kXU94ws+Bozhbfd3Owpktr7oe5pnUz3JoIuZZN7kq99u8+c
0n9hIBrMKcMWbyDOVwlNJ8GvR8QkEcXwzfNjEqawHpjZ4I3FV+nyVuCOt0Ap7ic3
GqEkpfUQavLyxxYanchf04/obbiW63+r2LbLeouvk44LjOdjP1cD9Q72jdEfYTeS
bnqeqA7LtNJ334SsetLyfPpf5StF59HGAlOLRQ5zCM2UW8HPGK+BRn5FWw6lfp9x
8wCIYs8QDzq8PwRNpi5z1YgXGM0GV15uk4JRPphSD0GdB4bDjIufhG1WzAMgHd3K
99ppEmtguBXQwjt3KnRed+sjbhnPEsdfAKlvGhtHgMlxa9Pt+4HY6BapcVrcpE1U
yx72S3BrWgY1b+4E6DEkAZurGcqNeBf+3kXzQb/bgZ089oSkcULayx3qMv9I8pWk
SQ/KiWz0w7LhPcxOHtyLEjn1z/FMnc/H+HYL7nVLHvPQI1QqN6QVDBXMnzWe/LYm
pRlKnFXL8DSQ+U3Y32CsCGmRFoHnC5IOJ9AyLcH8Cf1mGHtq2AUR6A+5fnDnzs4W
wneYMYE+chjoEBhyrbhaBmzMsZn1EQeRSWnKFUv380OeBTQvA6UEX2NbYe96Sm8/
5vym3c9js8SioBiM5nT1IO5w3ySjnaF3UmUldlk3JUCOey7HiuCXBGNiDq06laPX
Gy3cAy9zasaPdsPaPcOjNyHurSp23qXua446IyBZTdzQewE5AcfQMyJIwzuck/oq
UDZvHZUbiqcaWtEcquyLRSQPSRj8zAN0+VJoO88ptfC423ye3SV/bsIJV/dlys0W
NqkfK4e7sqXlbESlxMfhTqKHD0JgC/mvlfWcQi7zQ3KTjWQGKGgkZgPe5YKa9XNy
r1iA0sVKrvJcFWNb64wXUN5KKP+7j+jnkLdsQKrDDrQcdkFZI3TTjB61We8xG4EK
vEkhpxf3DG6QOYpC5xpKGKIKDvb3PlxDw2zLoRghlLOYcrzrCKCRpykVdPa2/WtY
ImvtspFedb1erVuObp7KJtfhnKsiT6D2QXX1YceYwmC+6tbpdyi1/SsnwOnP1vyD
2Kt+l10ISuDIE50NtEmwWjluSHenQXwgkM57YrYi2cwOB8tPxUiFevpFcQpErVyd
7Ocgd7n+NEM0Wk2+9Ap8+uAqIGnwy1og41/EzpaSybhMHhI4W8o7ocTIU+P4o3+5
Lpq67MLebA0nJ2UFK0/CsJFH0mqL+MyYbON5T7IimS5f+dxBTX80zZeyIcV/uf4d
w5T79/5ltjQ61MYS6nxnuEFVsO+S4iQZPV8lyszucRXhK9czJ7DULvbOcUqFgVU/
wkkmIeGRiqntohas7mLzl/GIExt6e/yK40jTbIq0wGt2fXncVZ9yLn5Piap0kjTn
SrDcvBHR2yOjvt/hSiIhB/8Stxfspc+a0gPMWzaFzw5IFxzihA6FI+wnRmLTAIY3
niq6ORveC/9iZLe0tJ6AAG4vw6oDi9wQPqdqMfwcmiFDqT+lpNd0aWOpTvTnVt07
ibNVRV7H1DRomeUodkwcnvlONBWyt30WOE46C6zRGnIpfKO8NSUG5CTJd3YKUo2b
wqSd2N/jhQ5is+vHIxqhHl53p3DvO/OMSb9vYtBoUlHUhxU+4dJa3T1qibKtHXHa
2gsG64/AFt2OQqq9KS9Zi8Hc2MyI3tPeAy4xMctYM2b1fjE9UHWRfbcVZTOPWbz8
PWfvyNwc4c8pqeojmMaMyUPYMsoM+yhj8tHRpoTNUSZx2I9VrhrAMQQt5HIThY0n
/MSWjaWOH1CPbgIyJaBY8WLL1Kz/QsAPV7PgeG5YJVvuqM0uo+iDhf4fHXR4TYqS
baeXV8sXQg+6WDmBESsPOGpL7jMRg0Ay6HHnAmZHWWC+9J4trVerJct621A26y9V
3Bh2r1zbL8dkC3WHvBu1uVlWam1z4Qj+sS66HCDlPWsgQZzBOX3JPRn7IUjCFzWM
q0wZPSNO1outCFEs/uW8nelWr3EOeYBtpJZU81rXSYHvDa0mWZCroabNcgDiHbcj
DwhtAewmLeJhYUPUkU7SoqZLJy/RRymEO1vaNutQtm61vlbnAatcM6y1v51/vLRl
xe5fpp9/EZGXMfnjgKApAO0WFYPk6FhZydm4KrXTQueLS63GGCuSmaAVP3aLWt06
qn5FfIqupymn8xqNkmToUhE4559j7Z+//tvvdNppsD1YY6x6S0NfWreGhArL0uYu
er9iXtrbb0QCitzXdWh90+CEFvENzeYOqE1T4C7pq1Nhoqu6qCzFk63TPBBhlFm9
R002jRL/UcjqDy7L4L4hE6TCQqlnVuPl1Ru8uCpRAUARPbmWNBVi+yUeGTh3YFOa
yPuYDrvQEjzXl16q+U/5MNQ4S0MZzEDtjMYKqLyGsVh503jKO6XH3UmMAFlrWf7J
1xr8RI04RwGrFDkPkuw1dQ==
-----END ENCRYPTED PRIVATE KEY-----

2
WF/openvpn/gw-ckubu/keys/index.txt Normal file
View File

@ -0,0 +1,2 @@
V 380505090733Z 01 unknown /C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-WF-server/name=VPN WF/emailAddress=argus@oopen.de
V 380505094231Z 02 unknown /C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-WF-gw-ckubu/name=VPN WF/emailAddress=argus@oopen.de

1
WF/openvpn/gw-ckubu/keys/index.txt.attr Normal file
View File

@ -0,0 +1 @@
unique_subject = yes

1
WF/openvpn/gw-ckubu/keys/index.txt.attr.old Normal file
View File

@ -0,0 +1 @@
unique_subject = yes

1
WF/openvpn/gw-ckubu/keys/index.txt.old Normal file
View File

@ -0,0 +1 @@
V 380505090733Z 01 unknown /C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-WF-server/name=VPN WF/emailAddress=argus@oopen.de

1
WF/openvpn/gw-ckubu/keys/serial Normal file
View File

@ -0,0 +1 @@
03

1
WF/openvpn/gw-ckubu/keys/serial.old Normal file
View File

@ -0,0 +1 @@
02

141
WF/openvpn/gw-ckubu/keys/server.crt Normal file
View File

@ -0,0 +1,141 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-WF/name=VPN WF/emailAddress=argus@oopen.de
Validity
Not Before: May 5 09:07:33 2018 GMT
Not After : May 5 09:07:33 2038 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-WF-server/name=VPN WF/emailAddress=argus@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:b7:55:76:2f:0a:b9:28:84:08:aa:51:dc:d3:93:
fb:e8:64:f5:7c:c6:4b:90:6d:a8:9f:51:b6:90:69:
81:30:64:6d:32:dc:59:51:f3:cf:68:96:45:11:ae:
2f:17:79:b5:c7:4b:11:ba:27:bb:94:fb:7c:5e:90:
84:c7:89:d3:a7:60:ed:cc:fc:59:b3:38:4f:67:75:
e0:2a:65:2c:54:5a:c0:98:28:f4:b4:65:4c:aa:5d:
3f:6a:a2:e2:33:a2:5e:0c:60:d5:e1:69:4c:35:9e:
aa:03:bb:01:2d:fb:2c:11:b1:43:09:96:27:f6:ca:
18:5e:6d:d1:a7:e0:5d:8d:3e:52:ae:5d:ff:9e:32:
e9:3c:11:da:35:b7:1a:b0:14:79:74:7b:57:51:15:
8c:a9:ca:1a:ba:e4:0d:53:d7:27:ce:7d:24:aa:98:
ae:2a:da:5a:cd:a5:6f:53:6c:22:f4:5a:52:53:6a:
83:52:fe:8f:e3:dc:8b:a9:99:f5:0b:61:a6:05:c2:
ad:f6:6c:cc:c4:7e:13:8c:28:88:09:98:c8:4d:be:
b1:69:6c:5a:4a:85:71:0b:50:22:b4:ee:35:71:82:
31:31:b3:a2:5f:2f:79:d3:75:68:be:37:e8:e0:7b:
77:a0:fe:62:b0:be:a4:7a:1d:a8:8b:30:d1:d4:0e:
2f:08:18:93:2f:32:b7:29:d5:e6:41:a5:e4:92:09:
d3:d4:d7:c3:f9:33:48:e6:be:f5:e0:e3:ae:35:7a:
a4:ee:40:a1:d4:e9:cf:fc:81:7d:31:e6:af:bf:f1:
e6:6d:da:1f:d0:e2:53:35:9d:b8:f4:a7:53:03:8b:
f9:e0:86:71:b9:45:9e:f9:68:2c:d8:a1:9f:04:73:
f9:8c:b2:9a:53:ea:96:63:8d:13:05:a5:fb:72:e6:
9f:92:23:f5:1b:57:ee:44:8d:75:c8:6b:b6:93:ac:
27:43:10:f0:9a:00:12:d5:95:07:22:ec:fe:01:ea:
0c:c6:0a:86:64:2a:20:98:01:b7:8a:d6:de:35:78:
ad:da:6f:93:eb:b8:29:f3:8a:99:5c:58:8f:dd:15:
ee:8e:26:21:e3:9d:df:60:c0:05:cb:83:3c:7e:9c:
f1:b7:68:bf:f0:b2:7d:c5:0f:56:d6:77:e7:5a:1a:
5c:ba:58:dd:fd:da:8b:03:ed:1e:6d:a7:55:e1:42:
3a:82:a6:17:ad:60:7d:98:bc:ae:c7:ed:a2:d7:6f:
82:a2:a3:4c:b7:79:8b:f4:a4:2e:53:51:a3:33:67:
64:ff:10:53:63:a6:ac:4f:7a:ce:22:74:e0:fc:ee:
2c:f1:a7:71:ae:f5:00:fd:52:a6:23:a0:b2:30:f6:
5a:a3:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Server
Netscape Comment:
Easy-RSA Generated Server Certificate
X509v3 Subject Key Identifier:
C0:D2:0C:48:39:41:59:DC:87:C8:23:A2:04:51:EF:F7:BF:98:7E:0C
X509v3 Authority Key Identifier:
keyid:D0:F2:74:20:2A:49:6B:48:97:BC:D1:5B:00:5B:BD:92:11:5C:FA:69
DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-WF/name=VPN WF/emailAddress=argus@oopen.de
serial:D2:39:38:94:EC:D1:BC:7F
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Subject Alternative Name:
DNS:server
Signature Algorithm: sha256WithRSAEncryption
45:6b:87:25:2c:19:e0:ab:c8:6b:8d:bb:e8:3f:98:30:54:9d:
a0:ad:3e:b7:c5:5d:76:a0:ba:2d:1b:16:8a:87:63:9a:23:9a:
b4:94:aa:5c:bd:0f:bf:35:af:60:ef:63:14:cb:00:51:b1:c1:
0c:ef:5a:52:1a:8e:5f:a1:20:bb:42:cd:50:a5:71:87:a7:24:
80:e9:1a:9f:8d:b4:f9:60:42:e1:20:4a:12:f6:a1:a9:6a:17:
94:43:6b:2a:1c:78:02:16:aa:e8:6d:50:b0:95:b8:59:66:ae:
5f:4b:87:5c:e6:64:ef:b7:78:72:57:18:04:b4:cc:9d:4f:35:
73:ec:48:d0:79:6c:20:92:88:32:d3:59:61:57:86:b8:1a:cc:
92:69:f1:9c:82:1d:24:c3:aa:d2:27:0b:ab:c3:3b:0d:44:74:
35:35:c5:b1:ce:95:29:8e:55:9e:00:3e:66:53:61:8a:3d:cd:
99:6b:80:e5:f6:eb:0d:60:54:8a:b5:43:de:02:4c:fd:a2:22:
90:b0:ac:ef:e9:39:9a:3b:f9:0c:cd:49:a5:54:e2:27:74:f6:
d6:f7:5d:2d:ef:20:2f:d7:4c:9d:16:c6:6b:57:fc:46:ed:e0:
44:91:45:c9:d3:1b:c8:be:e6:b5:62:6a:bd:cf:35:2a:66:59:
78:ae:d4:a2:3a:c8:af:79:19:40:73:31:60:3f:5a:df:59:d0:
92:b7:e8:a5:83:c3:50:4c:76:79:f3:21:70:d9:38:de:b9:37:
ee:15:03:82:a0:bc:94:ac:ce:0d:e6:a2:fd:eb:f2:89:96:e9:
9c:e4:f2:f1:09:b7:42:ae:e1:74:fc:87:ee:56:03:c3:46:82:
2d:68:56:fd:ef:9d:ce:41:e5:b1:08:3b:ef:f2:86:16:8c:0a:
21:2f:2b:4a:35:96:dd:34:fd:d3:ef:01:8a:48:ea:4a:7c:22:
af:a8:83:73:c3:2e:0f:de:3a:95:dc:fa:c7:9b:e8:66:77:26:
9f:36:b3:98:59:c7:c4:19:4b:65:28:15:b8:4f:47:70:7c:a2:
5a:33:15:0c:db:9b:2f:c8:73:1a:10:ef:ae:0f:1e:ff:97:1d:
ea:6f:ef:bd:a5:46:3f:d5:cb:d0:7d:2c:1c:00:63:2b:7a:ff:
8b:a2:5f:27:d7:5c:ff:ab:ed:b7:a5:98:98:db:e7:43:e2:18:
97:4d:e1:df:27:d8:57:cd:0e:29:fe:45:84:ee:e4:bf:b9:c5:
dc:4a:63:85:7e:6c:c1:d8:25:c2:fe:13:4d:58:79:ae:98:e7:
4c:ad:a8:36:4d:08:06:8f:fd:5d:1c:29:5e:c3:c6:04:e6:2b:
a8:6a:41:10:cf:fe:22:8b
-----BEGIN CERTIFICATE-----
MIIHPjCCBSagAwIBAgIBATANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1XRjEP
MA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTAe
Fw0xODA1MDUwOTA3MzNaFw0zODA1MDUwOTA3MzNaMIGjMQswCQYDVQQGEwJERTEP
MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3Bl
bjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEWMBQGA1UEAxMNVlBOLVdGLXNl
cnZlcjEPMA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Bl
bi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALdVdi8KuSiECKpR
3NOT++hk9XzGS5BtqJ9RtpBpgTBkbTLcWVHzz2iWRRGuLxd5tcdLEbonu5T7fF6Q
hMeJ06dg7cz8WbM4T2d14CplLFRawJgo9LRlTKpdP2qi4jOiXgxg1eFpTDWeqgO7
AS37LBGxQwmWJ/bKGF5t0afgXY0+Uq5d/54y6TwR2jW3GrAUeXR7V1EVjKnKGrrk
DVPXJ859JKqYriraWs2lb1NsIvRaUlNqg1L+j+Pci6mZ9QthpgXCrfZszMR+E4wo
iAmYyE2+sWlsWkqFcQtQIrTuNXGCMTGzol8vedN1aL436OB7d6D+YrC+pHodqIsw
0dQOLwgYky8ytynV5kGl5JIJ09TXw/kzSOa+9eDjrjV6pO5AodTpz/yBfTHmr7/x
5m3aH9DiUzWduPSnUwOL+eCGcblFnvloLNihnwRz+YyymlPqlmONEwWl+3Lmn5Ij
9RtX7kSNdchrtpOsJ0MQ8JoAEtWVByLs/gHqDMYKhmQqIJgBt4rW3jV4rdpvk+u4
KfOKmVxYj90V7o4mIeOd32DABcuDPH6c8bdov/CyfcUPVtZ351oaXLpY3f3aiwPt
Hm2nVeFCOoKmF61gfZi8rsftotdvgqKjTLd5i/SkLlNRozNnZP8QU2OmrE96ziJ0
4PzuLPGnca71AP1SpiOgsjD2WqNvAgMBAAGjggGAMIIBfDAJBgNVHRMEAjAAMBEG
CWCGSAGG+EIBAQQEAwIGQDA0BglghkgBhvhCAQ0EJxYlRWFzeS1SU0EgR2VuZXJh
dGVkIFNlcnZlciBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUwNIMSDlBWdyHyCOiBFHv
97+YfgwwgdEGA1UdIwSByTCBxoAU0PJ0ICpJa0iXvNFbAFu9khFc+mmhgaKkgZ8w
gZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxp
bjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMQ8w
DQYDVQQDEwZWUE4tV0YxDzANBgNVBCkTBlZQTiBXRjEdMBsGCSqGSIb3DQEJARYO
YXJndXNAb29wZW4uZGWCCQDSOTiU7NG8fzATBgNVHSUEDDAKBggrBgEFBQcDATAL
BgNVHQ8EBAMCBaAwEQYDVR0RBAowCIIGc2VydmVyMA0GCSqGSIb3DQEBCwUAA4IC
AQBFa4clLBngq8hrjbvoP5gwVJ2grT63xV12oLotGxaKh2OaI5q0lKpcvQ+/Na9g
72MUywBRscEM71pSGo5foSC7Qs1QpXGHpySA6RqfjbT5YELhIEoS9qGpaheUQ2sq
HHgCFqrobVCwlbhZZq5fS4dc5mTvt3hyVxgEtMydTzVz7EjQeWwgkogy01lhV4a4
GsySafGcgh0kw6rSJwurwzsNRHQ1NcWxzpUpjlWeAD5mU2GKPc2Za4Dl9usNYFSK
tUPeAkz9oiKQsKzv6TmaO/kMzUmlVOIndPbW910t7yAv10ydFsZrV/xG7eBEkUXJ
0xvIvua1Ymq9zzUqZll4rtSiOsiveRlAczFgP1rfWdCSt+ilg8NQTHZ58yFw2Tje
uTfuFQOCoLyUrM4N5qL96/KJlumc5PLxCbdCruF0/IfuVgPDRoItaFb9753OQeWx
CDvv8oYWjAohLytKNZbdNP3T7wGKSOpKfCKvqINzwy4P3jqV3PrHm+hmdyafNrOY
WcfEGUtlKBW4T0dwfKJaMxUM25svyHMaEO+uDx7/lx3qb++9pUY/1cvQfSwcAGMr
ev+Lol8n11z/q+23pZiY2+dD4hiXTeHfJ9hXzQ4p/kWE7uS/ucXcSmOFfmzB2CXC
/hNNWHmumOdMrag2TQgGj/1dHClew8YE5iuoakEQz/4iiw==
-----END CERTIFICATE-----

29
WF/openvpn/gw-ckubu/keys/server.csr Normal file
View File

@ -0,0 +1,29 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIE6TCCAtECAQAwgaMxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3Jr
IFNlcnZpY2VzMRYwFAYDVQQDEw1WUE4tV0Ytc2VydmVyMQ8wDQYDVQQpEwZWUE4g
V0YxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIICIjANBgkqhkiG9w0B
AQEFAAOCAg8AMIICCgKCAgEAt1V2Lwq5KIQIqlHc05P76GT1fMZLkG2on1G2kGmB
MGRtMtxZUfPPaJZFEa4vF3m1x0sRuie7lPt8XpCEx4nTp2DtzPxZszhPZ3XgKmUs
VFrAmCj0tGVMql0/aqLiM6JeDGDV4WlMNZ6qA7sBLfssEbFDCZYn9soYXm3Rp+Bd
jT5Srl3/njLpPBHaNbcasBR5dHtXURWMqcoauuQNU9cnzn0kqpiuKtpazaVvU2wi
9FpSU2qDUv6P49yLqZn1C2GmBcKt9mzMxH4TjCiICZjITb6xaWxaSoVxC1AitO41
cYIxMbOiXy9503Vovjfo4Ht3oP5isL6keh2oizDR1A4vCBiTLzK3KdXmQaXkkgnT
1NfD+TNI5r714OOuNXqk7kCh1OnP/IF9Meavv/Hmbdof0OJTNZ249KdTA4v54IZx
uUWe+Wgs2KGfBHP5jLKaU+qWY40TBaX7cuafkiP1G1fuRI11yGu2k6wnQxDwmgAS
1ZUHIuz+AeoMxgqGZCogmAG3itbeNXit2m+T67gp84qZXFiP3RXujiYh453fYMAF
y4M8fpzxt2i/8LJ9xQ9W1nfnWhpculjd/dqLA+0ebadV4UI6gqYXrWB9mLyux+2i
12+CoqNMt3mL9KQuU1GjM2dk/xBTY6asT3rOInTg/O4s8adxrvUA/VKmI6CyMPZa
o28CAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4ICAQBU5G7QjZgZ23SAUp+V98QvxZzU
sQGV1l8tENGMe6NKEvNwQ3DYS7ix3ixmD2TgMWYfG6arnlJZAAZbcVGxUIxpGUY1
8dz4GTJtq2Gum+24hqZJ51o7+kepBFt8MuF8bUMeIMbx1DaK2OgaITwOn+yHkbC5
8FxLlbJKdDZtWM/By+kP9RFlyfLPCYlAop8bPsff+ePs0V2wpjFLTY6j5wII/qY5
4Fla2ofaP66SKFh94MqRVU7JJ4AbgsMmFl+wIXWtCILOXYmNZZMtjhjTSnboT7g5
i9RNM1kcc8DgbRR6OBf91uMF4gluzDA5eUdQGrKhhf9Ydc1bTIFIe/c54+JYY/MJ
a9OZLiM/hRthTtaBVhyKOWswcavcge55czcqNwid56Fq4YUCEzt2CZwHHRFnK8Pr
NpFRWc3z0oAgungBFKVE/0P3Pt1pXL4ud6ZwwTTxaUuSeS5okdiYiq8UnXJMm+tj
3UgJ4LH5DWiuybQHFiYAcN1ytlcL5bpbERLCwOO8bh/X3lYbtJdKgCh8llQq25Di
pLWpg+YlXxQV2Oc3ScV6lC4jxalD3OjQok2D1DD2k7XF1OgCMkSq+NqlDgRTUHM4
/pdbtkUJMMy4USXol3ENJb1i3wUUjJyqsvpmlehkONXw5G+UkMtUygjZdrfEKAD9
KCTZXfxVfQlZ5cJSpA==
-----END CERTIFICATE REQUEST-----

52
WF/openvpn/gw-ckubu/keys/server.key Normal file
View File

@ -0,0 +1,52 @@
-----BEGIN PRIVATE KEY-----
MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQC3VXYvCrkohAiq
UdzTk/voZPV8xkuQbaifUbaQaYEwZG0y3FlR889olkURri8XebXHSxG6J7uU+3xe
kITHidOnYO3M/FmzOE9ndeAqZSxUWsCYKPS0ZUyqXT9qouIzol4MYNXhaUw1nqoD
uwEt+ywRsUMJlif2yhhebdGn4F2NPlKuXf+eMuk8Edo1txqwFHl0e1dRFYypyhq6
5A1T1yfOfSSqmK4q2lrNpW9TbCL0WlJTaoNS/o/j3IupmfULYaYFwq32bMzEfhOM
KIgJmMhNvrFpbFpKhXELUCK07jVxgjExs6JfL3nTdWi+N+jge3eg/mKwvqR6HaiL
MNHUDi8IGJMvMrcp1eZBpeSSCdPU18P5M0jmvvXg4641eqTuQKHU6c/8gX0x5q+/
8eZt2h/Q4lM1nbj0p1MDi/nghnG5RZ75aCzYoZ8Ec/mMsppT6pZjjRMFpfty5p+S
I/UbV+5EjXXIa7aTrCdDEPCaABLVlQci7P4B6gzGCoZkKiCYAbeK1t41eK3ab5Pr
uCnziplcWI/dFe6OJiHjnd9gwAXLgzx+nPG3aL/wsn3FD1bWd+daGly6WN392osD
7R5tp1XhQjqCphetYH2YvK7H7aLXb4Kio0y3eYv0pC5TUaMzZ2T/EFNjpqxPes4i
dOD87izxp3Gu9QD9UqYjoLIw9lqjbwIDAQABAoICAEJzHXULg/UldiaVqV6ewq2G
+luRXA4rUPT+HxfUxdiObe4DY/SKVGDqJnq0EamGmdZ0ZSZ+BEWJqZh09UuFr0t5
nHex96k3/b/YP7neFeU1R51fKuK/3LvbNIMoKqjgbwo5hww+qDq/GYxkmZba9Sws
fcnZvP58XbzMPTOF5SKutjUxKNdkSJlXNypFBc1Qfn0zv4BKOUPJV0rqIdKDp4/2
V/XlhStPHZ5wGhu4lCrRGgnWD2djkS/b3ltIzEKl0BFCcN9irA2ETP1+K2CfGerj
9VXqygc8uq6JCytdM83CjKYhH/c0NAnrAl3/0c6bsc6OpaK+VstUOKTKuyMLSQwe
ecrXQkcSy8myVi9SWEetl7dxS6J1vIK5BnlInwCSqs5bbY60CS0WBK5rTP7NbkLR
8eBqF6iX1LMUmyOFXeb3CCLhfvN+/J8kCN2nRfHWk44kUZ1C5OSpA+aKFC7K2/yM
Pi1jD/j3eDU65/LDY+Hsr4fXUyaeOnnHxx4lh0mk7P+Sw7MmHNdyBbUZRg+yTy7p
t+iSdChMq1QTyaFv9h3PSNHmohhspQIKbcAldcDbjnm9Ga1du/fr5oOMYHG2sKmI
VdBLW9A827Rn7ra3ZFlxCUSy9RUj/KAUWcXB+JeQEmNpT5bGD4mtAgr45LPL2+HM
0lTRwXZqgSgqNbFKotyBAoIBAQDtRj0xB0CE9SBZJtgPruBtnY2dawLyW09W74tR
lyZrwTIE9IJptJ1LLJUjHXngS6+SkPcBOSZt1FNYkqwGtAOwjMLbZHA3uuoSaeNS
16KTWbUB1Wqhkay213BB63JiGJgxJVJC8tX/oVHtcMgkSNargaYJ1lCeDruF86sK
YXEqPmk5Erw5TQWc52kuyhkIJUNZEcrLmSV9DlIV99ijhaiSbj7DfCupazkxng9i
SXKrngDtjD+I1NIOHR0QUBJ943AYSrvFoqFxmVpIPIqQejndC08yEFBMCmNirBCP
ySMoXlPF26QYmHJXZUTsmu8DKwX9l8Gn/NcymhjIkE8Rts5hAoIBAQDFzXALaumg
v4HA9oaQgt3OO6le3sa1L3XhDVshcS0NzxoFmWPf9ZLeySYyAWyRQec9/ZRgRp1d
184rMEiPgOEtMHRkoQoBskoubzRKMGRX4+Rdw4bWQ4qtIqS9NxvKSWIJ/aHsLrbj
7TNtdfkYLVjEC2CTzZiqwTF8ONI0yizETfPnAD1JHvHY5AAD1VBXvroVukT15dB0
9lU1w6b1uq4qhW0kDvqzZV7xaTK4hS9dKPA12haBZDhSr6Xz+hw7l3hJm10TaQuU
wJRfw34GislE7YLF50jAz3xAY70foXIH3oTiaiADnBFsTya9+AU/RD8oOPatDxi9
hvAEGsZdYqPPAoIBAQCumqh/AsoszUG/uUD30YWfxHgo5k2l0SHCZMaOBP+l/eZ0
FQY/CUVSw3z/+Tntn2SVI45Q3SB1Y/DtVgm3aRLqAbuGvRODP03uvPMmzD371uDH
d6hfOxbw+frG1581psmgKMmvMInf8nOamgr+AIfQb7iito5esZK3UQeFvQ0MvB6s
fCf8trwxqW0SnG/tOZak3d3xE0KuEzK+rcNDGiFhmDUhn6d1pczRwXGqr0fuGHiw
ViuO4qWs8ymnDnV9JDgh+CTTnAjX0rTIQZzqErev/RmLSsv8GQzn2JzbYnU3yKo3
CJlp7A0AWSpuPtkx6KAg7GL63qnxt8oTFXbKH08hAoIBAQCxGc12C5V+fbj5QkEd
Zm6d1kFBVgln9ESA6epsON7z/Df6R2pq/X8wxbzTDP9d1znqAP82bEM94JkRhjuR
cP0r7rRn3OAOwMk2Zg7VVhqhrsOrSAOUGAk0F06Us6DIL4f+Ff9CblkGHjzrhrMu
eHt/nAgujehhCnT6Gg3rghEu+fSlIUu+ClzTquBwji9PQM9v4MUZvVg1QNDuQG1e
mnSSUcB0hozkzqCBWYU2PNk5egwIy2lXFJpxPh9CIO/iUy46CUb+uBDMcNjoHSrb
RKwMcPOjqf8z0xIWvLZ6eZyVeyBTcF2VncjjxsKTWFuqV7qMkuQZ8uhd2VFQ+4Ab
4NN1AoIBAQCF782PzfuPk5kQo5CKRTQr+0O8klb5iU1yWy1siuOfLVl/WxAItkYT
Av5cgVbmcwbsvxFhDxophPppPxdgYT4koVxuPyBn/OtptVQv0MAje8AZEg+1CfMy
3XldbrvMLJWAmy4HNSfEPS+fvGFA8UIrFZ6XDSxFv63S1qGn+gdH+cvScRJs8lRw
IZiYHdXVTy2ySwE26p+CSsxMmPgP0e2/pOwk+dIWXHULXFELmlSTLE2t1xVH1zxT
CEXNzdJnRjIHDVPoHqykSSliM+zxCWgx70kG5OY6dxAMn1lMDlhZtA0ZORNefYuZ
4WNlCrStLLo7j/jAQyD5mX5jWxRlsgyG
-----END PRIVATE KEY-----

21
WF/openvpn/gw-ckubu/keys/ta.key Normal file
View File

@ -0,0 +1,21 @@
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
3e5606d9c9b42920092f825f6a23844f
2f37246d81d815ac43de66f4ecfd7237
5c7a90624fce693c8b98330f067e3fb0
3a7e09895d73d7567f1054b54882d4c6
72b6d4b075c817d6304a2928a03af610
89090caccd14025b83683285228bb280
8255101ec75398ec183f14d3ecb45fe7
e26e6fdb81e7d5ac8a81965acd7094a5
5b99d8b392a9998f7468e553a049c539
876925b61b9fc07ebeefad3f672e6baa
538e516961f37ca0e09666cdd6f67d37
89a39089fed07e8755a410b86ca40061
cdb81e6fa11b17b2b5dd74eca1447aa8
b2611b543751b2d53fc79fddbc26f91f
4d9ded064e9ea85b882475aa965950d0
7ee0cd2ce141eb6678d23a7bfa832536
-----END OpenVPN Static key V1-----

314
WF/openvpn/server-gw-ckubu.conf Normal file
View File

@ -0,0 +1,314 @@
#################################################
# Sample OpenVPN 2.0 config file for #
# multi-client server. #
# #
# This file is for the server side #
# of a many-clients <-> one-server #
# OpenVPN configuration. #
# #
# OpenVPN also supports #
# single-machine <-> single-machine #
# configurations (See the Examples page #
# on the web site for more info). #
# #
# This config should work on Windows #
# or Linux/BSD systems. Remember on #
# Windows to quote pathnames and use #
# double backslashes, e.g.: #
# "C:\\Program Files\\OpenVPN\\config\\foo.key" #
# #
# Comments are preceded with '#' or ';' #
#################################################
# Which local IP address should OpenVPN
# listen on? (optional)
;local a.b.c.d
# Which TCP/UDP port should OpenVPN listen on?
# If you want to run multiple OpenVPN instances
# on the same machine, use a different port
# number for each one. You will need to
# open up this port on your firewall.
port 1195
# TCP or UDP server?
;proto tcp
proto udp
topology subnet
route 192.168.63.0 255.255.255.0 10.1.52.1
route 192.168.0.64 255.255.255.0 10.1.52.1
# "dev tun" will create a routed IP tunnel,
# "dev tap" will create an ethernet tunnel.
# Use "dev tap" if you are ethernet bridging.
# If you want to control access policies
# over the VPN, you must create firewall
# rules for the the TUN/TAP interface.
# On non-Windows systems, you can give
# an explicit unit number, such as tun0.
# On Windows, use "dev-node" for this.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Enable TUN IPv6 module
;tun-ipv6
# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel if you
# have more than one. On XP SP2 or higher,
# you may need to selectively disable the
# Windows firewall for the TAP adapter.
# Non-Windows systems usually don't need this.
;dev-node MyTap
# SSL/TLS root certificate (ca), certificate
# (cert), and private key (key). Each client
# and the server must have their own cert and
# key file. The server and all clients will
# use the same ca file.
#
# See the "easy-rsa" directory for a series
# of scripts for generating RSA certificates
# and private keys. Remember to use
# a unique Common Name for the server
# and each of the client certificates.
#
# Any X509 key management system can be used.
# OpenVPN can also use a PKCS #12 formatted key file
# (see "pkcs12" directive in man page).
ca /etc/openvpn/gw-ckubu/keys/ca.crt
cert /etc/openvpn/gw-ckubu/keys/server.crt
key /etc/openvpn/gw-ckubu/keys/server.key # This file should be kept secret
# Diffie hellman parameters.
# Generate your own with:
# openssl dhparam -out dh1024.pem 1024
# Substitute 2048 for 1024 if you are using
# 2048 bit keys.
dh /etc/openvpn/gw-ckubu/keys/dh4096.pem
# Configure server mode and supply a VPN subnet
# for OpenVPN to draw client addresses from.
# The server will take 10.8.0.1 for itself,
# the rest will be made available to clients.
# Each client will be able to reach the server
# on 10.8.0.1. Comment this line out if you are
# ethernet bridging. See the man page for more info.
;server 10.8.0.0 255.255.255.0
;server-ipv6 2a01:30:1fff:fd00::/64
server 10.1.52.0 255.255.255.0
# Maintain a record of client <-> virtual IP address
# associations in this file. If OpenVPN goes down or
# is restarted, reconnecting clients can be assigned
# the same virtual IP address from the pool that was
# previously assigned.
ifconfig-pool-persist /etc/openvpn/gw-ckubu/ipp.txt
# Configure server mode for ethernet bridging.
# You must first use your OS's bridging capability
# to bridge the TAP interface with the ethernet
# NIC interface. Then you must manually set the
# IP/netmask on the bridge interface, here we
# assume 10.8.0.4/255.255.255.0. Finally we
# must set aside an IP range in this subnet
# (start=10.8.0.50 end=10.8.0.100) to allocate
# to connecting clients. Leave this line commented
# out unless you are ethernet bridging.
;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
# Push routes to the client to allow it
# to reach other private subnets behind
# the server. Remember that these
# private subnets will also need
# to know to route the OpenVPN client
# address pool (10.8.0.0/255.255.255.0)
# back to the OpenVPN server.
;push "route 10.8.0.0 255.255.255.0"
# To assign specific IP addresses to specific
# clients or if a connecting client has a private
# subnet behind it that should also have VPN access,
# use the subdirectory "ccd" for client-specific
# configuration files (see man page for more info).
client-config-dir /etc/openvpn/gw-ckubu/ccd/server-gw-ckubu
# ---
# EXAMPLE: Suppose the client
# having the certificate common name "Thelonious"
# also has a small subnet behind his connecting
# machine, such as 192.168.40.128/255.255.255.248.
# First, uncomment out these lines:
;client-config-dir /etc/openvpn/ccd
;route 192.168.40.128 255.255.255.248
# Then create a file ccd/Thelonious with this line:
# iroute 192.168.40.128 255.255.255.248
# This will allow Thelonious' private subnet to
# access the VPN. This example will only work
# if you are routing, not bridging, i.e. you are
# using "dev tun" and "server" directives.
# ---
# ---
# EXAMPLE: Suppose you want to give
# Thelonious a fixed VPN IP address of 10.9.0.1.
# First uncomment out these lines:
;client-config-dir ccd
;route 10.9.0.0 255.255.255.252
# Then add this line to ccd/Thelonious:
# ifconfig-push 10.9.0.1 10.9.0.2
# ---
# ---
# Suppose that you want to enable different
# firewall access policies for different groups
# of clients. There are two methods:
# (1) Run multiple OpenVPN daemons, one for each
# group, and firewall the TUN/TAP interface
# for each group/daemon appropriately.
# (2) (Advanced) Create a script to dynamically
# modify the firewall in response to access
# from different clients. See man
# page for more info on learn-address script.
;learn-address ./script
# ---
# If enabled, this directive will configure
# all clients to redirect their default
# network gateway through the VPN, causing
# all IP traffic such as web browsing and
# and DNS lookups to go through the VPN
# (The OpenVPN server machine may need to NAT
# the TUN/TAP interface to the internet in
# order for this to work properly).
# CAVEAT: May break client's network config if
# client's local DHCP server packets get routed
# through the tunnel. Solution: make sure
# client's local DHCP server is reachable via
# a more specific route than the default route
# of 0.0.0.0/0.0.0.0.
;push "redirect-gateway"
# Certain Windows-specific network settings
# can be pushed to clients, such as DNS
# or WINS server addresses. CAVEAT:
# http://openvpn.net/faq.html#dhcpcaveats
;push "dhcp-option WINS 10.8.0.1"
# Uncomment this directive to allow different
# clients to be able to "see" each other.
# By default, clients will only see the server.
# To force clients to only see the server, you
# will also need to appropriately firewall the
# server's TUN/TAP interface.
client-to-client
# Uncomment this directive if multiple clients
# might connect with the same certificate/key
# files or common names. This is recommended
# only for testing purposes. For production use,
# each client should have its own certificate/key
# pair.
#
# IF YOU HAVE NOT GENERATED INDIVIDUAL
# CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
# EACH HAVING ITS OWN UNIQUE "COMMON NAME",
# UNCOMMENT THIS LINE OUT.
;duplicate-cn
# The keepalive directive causes ping-like
# messages to be sent back and forth over
# the link so that each side knows when
# the other side has gone down.
# Ping every 10 seconds, assume that remote
# peer is down if no ping received during
# a 120 second time period.
keepalive 10 120
# For extra security beyond that provided
# by SSL/TLS, create an "HMAC firewall"
# to help block DoS attacks and UDP port flooding.
#
# Generate with:
# openvpn --genkey --secret ta.key
#
# The server and each client must have
# a copy of this key.
# The second parameter should be '0'
# on the server and '1' on the clients.
;tls-auth ta.key 0 # This file is secret
tls-auth /etc/openvpn/gw-ckubu/keys/ta.key 0
# Select a cryptographic cipher.
# This config item must be copied to
# the client config file as well.
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
cipher AES-256-CBC
# Enable compression on the VPN link.
# If you enable it here, you must also
# enable it in the client config file.
;comp-lzo
# The maximum number of concurrently connected
# clients we want to allow.
;max-clients 100
# It's a good idea to reduce the OpenVPN
# daemon's privileges after initialization.
#
# You can uncomment this out on
# non-Windows systems.
user nobody
group nogroup
# The persist options will try to avoid
# accessing certain resources on restart
# that may no longer be accessible because
# of the privilege downgrade.
persist-key
persist-tun
persist-local-ip
persist-remote-ip
# Output a short status file showing
# current connections, truncated
# and rewritten every minute.
;status openvpn-status.log
status /var/log/openvpn/status-server-gw-ckubu.log
# By default, log messages will go to the syslog (or
# on Windows, if running as a service, they will go to
# the "\Program Files\OpenVPN\log" directory).
# Use log or log-append to override this default.
# "log" will truncate the log file on OpenVPN startup,
# while "log-append" will append to it. Use one
# or the other (but not both).
;log-append openvpn.log
;log openvpn.log
log /var/log/openvpn/server-gw-ckubu.log
# Set the appropriate level of log
# file verbosity.
#
# 0 is silent, except for fatal errors
# 4 is reasonable for general usage
# 5 and 6 can help to debug connection problems
# 9 is extremely verbose
verb 1
# Silence repeating messages. At most 20
# sequential messages of the same message
# category will be output to the log.
;mute 20
# CRL (certificate revocation list) verification
crl-verify /etc/openvpn/gw-ckubu/crl.pem

317
WF/openvpn/server-wf.conf Normal file
View File

@ -0,0 +1,317 @@
#################################################
# Sample OpenVPN 2.0 config file for #
# multi-client server. #
# #
# This file is for the server side #
# of a many-clients <-> one-server #
# OpenVPN configuration. #
# #
# OpenVPN also supports #
# single-machine <-> single-machine #
# configurations (See the Examples page #
# on the web site for more info). #
# #
# This config should work on Windows #
# or Linux/BSD systems. Remember on #
# Windows to quote pathnames and use #
# double backslashes, e.g.: #
# "C:\\Program Files\\OpenVPN\\config\\foo.key" #
# #
# Comments are preceded with '#' or ';' #
#################################################
# Which local IP address should OpenVPN
# listen on? (optional)
;local a.b.c.d
# Which TCP/UDP port should OpenVPN listen on?
# If you want to run multiple OpenVPN instances
# on the same machine, use a different port
# number for each one. You will need to
# open up this port on your firewall.
port 1194
# TCP or UDP server?
;proto tcp
proto udp
topology subnet
# "dev tun" will create a routed IP tunnel,
# "dev tap" will create an ethernet tunnel.
# Use "dev tap" if you are ethernet bridging.
# If you want to control access policies
# over the VPN, you must create firewall
# rules for the the TUN/TAP interface.
# On non-Windows systems, you can give
# an explicit unit number, such as tun0.
# On Windows, use "dev-node" for this.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Enable TUN IPv6 module
;tun-ipv6
# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel if you
# have more than one. On XP SP2 or higher,
# you may need to selectively disable the
# Windows firewall for the TAP adapter.
# Non-Windows systems usually don't need this.
;dev-node MyTap
# SSL/TLS root certificate (ca), certificate
# (cert), and private key (key). Each client
# and the server must have their own cert and
# key file. The server and all clients will
# use the same ca file.
#
# See the "easy-rsa" directory for a series
# of scripts for generating RSA certificates
# and private keys. Remember to use
# a unique Common Name for the server
# and each of the client certificates.
#
# Any X509 key management system can be used.
# OpenVPN can also use a PKCS #12 formatted key file
# (see "pkcs12" directive in man page).
ca /etc/openvpn/wf/keys/ca.crt
cert /etc/openvpn/wf/keys/server.crt
key /etc/openvpn/wf/keys/server.key # This file should be kept secret
# Diffie hellman parameters.
# Generate your own with:
# openssl dhparam -out dh1024.pem 1024
# Substitute 2048 for 1024 if you are using
# 2048 bit keys.
dh /etc/openvpn/wf/keys/dh4096.pem
# Configure server mode and supply a VPN subnet
# for OpenVPN to draw client addresses from.
# The server will take 10.8.0.1 for itself,
# the rest will be made available to clients.
# Each client will be able to reach the server
# on 10.8.0.1. Comment this line out if you are
# ethernet bridging. See the man page for more info.
;server 10.8.0.0 255.255.255.0
;server-ipv6 2a01:30:1fff:fd00::/64
server 10.0.52.0 255.255.255.0
# Maintain a record of client <-> virtual IP address
# associations in this file. If OpenVPN goes down or
# is restarted, reconnecting clients can be assigned
# the same virtual IP address from the pool that was
# previously assigned.
ifconfig-pool-persist /etc/openvpn/wf/ipp.txt
# Configure server mode for ethernet bridging.
# You must first use your OS's bridging capability
# to bridge the TAP interface with the ethernet
# NIC interface. Then you must manually set the
# IP/netmask on the bridge interface, here we
# assume 10.8.0.4/255.255.255.0. Finally we
# must set aside an IP range in this subnet
# (start=10.8.0.50 end=10.8.0.100) to allocate
# to connecting clients. Leave this line commented
# out unless you are ethernet bridging.
;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
# Push routes to the client to allow it
# to reach other private subnets behind
# the server. Remember that these
# private subnets will also need
# to know to route the OpenVPN client
# address pool (10.8.0.0/255.255.255.0)
# back to the OpenVPN server.
;push "route 10.8.0.0 255.255.255.0"
push "route 192.168.52.0 255.255.255.0"
push "route 192.168.42.0 255.255.255.0"
push "route 192.168.43.0 255.255.255.0"
# To assign specific IP addresses to specific
# clients or if a connecting client has a private
# subnet behind it that should also have VPN access,
# use the subdirectory "ccd" for client-specific
# configuration files (see man page for more info).
client-config-dir /etc/openvpn/wf/ccd/server-wf
# ---
# EXAMPLE: Suppose the client
# having the certificate common name "Thelonious"
# also has a small subnet behind his connecting
# machine, such as 192.168.40.128/255.255.255.248.
# First, uncomment out these lines:
;client-config-dir /etc/openvpn/ccd
;route 192.168.40.128 255.255.255.248
# Then create a file ccd/Thelonious with this line:
# iroute 192.168.40.128 255.255.255.248
# This will allow Thelonious' private subnet to
# access the VPN. This example will only work
# if you are routing, not bridging, i.e. you are
# using "dev tun" and "server" directives.
# ---
# ---
# EXAMPLE: Suppose you want to give
# Thelonious a fixed VPN IP address of 10.9.0.1.
# First uncomment out these lines:
;client-config-dir ccd
;route 10.9.0.0 255.255.255.252
# Then add this line to ccd/Thelonious:
# ifconfig-push 10.9.0.1 10.9.0.2
# ---
# ---
# Suppose that you want to enable different
# firewall access policies for different groups
# of clients. There are two methods:
# (1) Run multiple OpenVPN daemons, one for each
# group, and firewall the TUN/TAP interface
# for each group/daemon appropriately.
# (2) (Advanced) Create a script to dynamically
# modify the firewall in response to access
# from different clients. See man
# page for more info on learn-address script.
;learn-address ./script
# ---
# If enabled, this directive will configure
# all clients to redirect their default
# network gateway through the VPN, causing
# all IP traffic such as web browsing and
# and DNS lookups to go through the VPN
# (The OpenVPN server machine may need to NAT
# the TUN/TAP interface to the internet in
# order for this to work properly).
# CAVEAT: May break client's network config if
# client's local DHCP server packets get routed
# through the tunnel. Solution: make sure
# client's local DHCP server is reachable via
# a more specific route than the default route
# of 0.0.0.0/0.0.0.0.
;push "redirect-gateway"
# Certain Windows-specific network settings
# can be pushed to clients, such as DNS
# or WINS server addresses. CAVEAT:
# http://openvpn.net/faq.html#dhcpcaveats
;push "dhcp-option WINS 10.8.0.1"
push "dhcp-option DNS 192.168.52.53"
push "dhcp-option DOMAIN wf.netz"
# Uncomment this directive to allow different
# clients to be able to "see" each other.
# By default, clients will only see the server.
# To force clients to only see the server, you
# will also need to appropriately firewall the
# server's TUN/TAP interface.
client-to-client
# Uncomment this directive if multiple clients
# might connect with the same certificate/key
# files or common names. This is recommended
# only for testing purposes. For production use,
# each client should have its own certificate/key
# pair.
#
# IF YOU HAVE NOT GENERATED INDIVIDUAL
# CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
# EACH HAVING ITS OWN UNIQUE "COMMON NAME",
# UNCOMMENT THIS LINE OUT.
;duplicate-cn
# The keepalive directive causes ping-like
# messages to be sent back and forth over
# the link so that each side knows when
# the other side has gone down.
# Ping every 10 seconds, assume that remote
# peer is down if no ping received during
# a 120 second time period.
keepalive 10 120
# For extra security beyond that provided
# by SSL/TLS, create an "HMAC firewall"
# to help block DoS attacks and UDP port flooding.
#
# Generate with:
# openvpn --genkey --secret ta.key
#
# The server and each client must have
# a copy of this key.
# The second parameter should be '0'
# on the server and '1' on the clients.
;tls-auth ta.key 0 # This file is secret
tls-auth /etc/openvpn/wf/keys/ta.key 0
# Select a cryptographic cipher.
# This config item must be copied to
# the client config file as well.
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
cipher AES-256-CBC
# Enable compression on the VPN link.
# If you enable it here, you must also
# enable it in the client config file.
;comp-lzo
# The maximum number of concurrently connected
# clients we want to allow.
;max-clients 100
# It's a good idea to reduce the OpenVPN
# daemon's privileges after initialization.
#
# You can uncomment this out on
# non-Windows systems.
user nobody
group nogroup
# The persist options will try to avoid
# accessing certain resources on restart
# that may no longer be accessible because
# of the privilege downgrade.
persist-key
persist-tun
persist-local-ip
persist-remote-ip
# Output a short status file showing
# current connections, truncated
# and rewritten every minute.
;status openvpn-status.log
status /var/log/openvpn/status-server-wf.log
# By default, log messages will go to the syslog (or
# on Windows, if running as a service, they will go to
# the "\Program Files\OpenVPN\log" directory).
# Use log or log-append to override this default.
# "log" will truncate the log file on OpenVPN startup,
# while "log-append" will append to it. Use one
# or the other (but not both).
;log-append openvpn.log
;log openvpn.log
log /var/log/openvpn/server-wf.log
# Set the appropriate level of log
# file verbosity.
#
# 0 is silent, except for fatal errors
# 4 is reasonable for general usage
# 5 and 6 can help to debug connection problems
# 9 is extremely verbose
verb 1
# Silence repeating messages. At most 20
# sequential messages of the same message
# category will be output to the log.
;mute 20
# CRL (certificate revocation list) verification
crl-verify /etc/openvpn/wf/crl.pem

58
WF/openvpn/update-resolv-conf Executable file
View File

@ -0,0 +1,58 @@
#!/bin/bash
#
# Parses DHCP options from openvpn to update resolv.conf
# To use set as 'up' and 'down' script in your openvpn *.conf:
# up /etc/openvpn/update-resolv-conf
# down /etc/openvpn/update-resolv-conf
#
# Used snippets of resolvconf script by Thomas Hood and Chris Hanson.
# Licensed under the GNU GPL. See /usr/share/common-licenses/GPL.
#
# Example envs set from openvpn:
#
# foreign_option_1='dhcp-option DNS 193.43.27.132'
# foreign_option_2='dhcp-option DNS 193.43.27.133'
# foreign_option_3='dhcp-option DOMAIN be.bnc.ch'
#
[ -x /sbin/resolvconf ] || exit 0
[ "$script_type" ] || exit 0
[ "$dev" ] || exit 0
split_into_parts()
{
part1="$1"
part2="$2"
part3="$3"
}
case "$script_type" in
up)
NMSRVRS=""
SRCHS=""
for optionvarname in ${!foreign_option_*} ; do
option="${!optionvarname}"
echo "$option"
split_into_parts $option
if [ "$part1" = "dhcp-option" ] ; then
if [ "$part2" = "DNS" ] ; then
NMSRVRS="${NMSRVRS:+$NMSRVRS }$part3"
elif [ "$part2" = "DOMAIN" ] ; then
SRCHS="${SRCHS:+$SRCHS }$part3"
fi
fi
done
R=""
[ "$SRCHS" ] && R="search $SRCHS
"
for NS in $NMSRVRS ; do
R="${R}nameserver $NS
"
done
echo -n "$R" | /sbin/resolvconf -a "${dev}.openvpn"
;;
down)
/sbin/resolvconf -d "${dev}.openvpn"
;;
esac

2
WF/openvpn/wf/ccd/server-wf/VPN-WF-axel Normal file
View File

@ -0,0 +1,2 @@
ifconfig-push 10.0.52.2 255.255.255.0
#push "route 192.168.52.0 255.255.255.0 10.0.52.1"

2
WF/openvpn/wf/ccd/server-wf/VPN-WF-chris Normal file
View File

@ -0,0 +1,2 @@
ifconfig-push 10.0.52.3 255.255.255.0
#push "route 192.168.52.0 255.255.255.0 10.0.52.1"

2
WF/openvpn/wf/ccd/server-wf/VPN-WF-christian Normal file
View File

@ -0,0 +1,2 @@
ifconfig-push 10.0.52.4 255.255.255.0
#push "route 192.168.52.0 255.255.255.0 10.0.52.1"

2
WF/openvpn/wf/ccd/server-wf/VPN-WF-kaya Normal file
View File

@ -0,0 +1,2 @@
ifconfig-push 10.0.52.7 255.255.255.0
#push "route 192.168.52.0 255.255.255.0 10.0.52.1"

2
WF/openvpn/wf/ccd/server-wf/VPN-WF-lalix Normal file
View File

@ -0,0 +1,2 @@
ifconfig-push 10.0.52.8 255.255.255.0
#push "route 192.168.52.0 255.255.255.0 10.0.52.1"

2
WF/openvpn/wf/ccd/server-wf/VPN-WF-mariette Normal file
View File

@ -0,0 +1,2 @@
ifconfig-push 10.0.52.9 255.255.255.0
#push "route 192.168.52.0 255.255.255.0 10.0.52.1"

270
WF/openvpn/wf/client-configs/axel.conf Normal file
View File

@ -0,0 +1,270 @@
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote wf.oopen.de 1194
topology subnet
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Try to preserve some state across restarts.
persist-key
persist-tun
# Server CA
<ca>
-----BEGIN CERTIFICATE-----
MIIGxjCCBK6gAwIBAgIJANhMyyi1cVS7MA0GCSqGSIb3DQEBCwUAMIGcMQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEPMA0GA1UEAxMG
VlBOLVdGMQ8wDQYDVQQpEwZWUE4gV0YxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9v
cGVuLmRlMCAXDTE4MDUwNDE4MjA0MloYDzIwNTAwNTA0MTgyMDQyWjCBnDELMAkG
A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMT
BlZQTi1XRjEPMA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bv
b3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK+cDn8x2oBG
oH7SDD3d9p+rRE4uzVDp/7YxuvvCXazhPUVc0BGE8hj6jCwB+tbbNlhbm/uwxAX6
96kz2AmoGzEZQy/Icb+UKNkKni15PUEaCcFWkgb9mMb/6XBP4JLUdnxxUn5rYB8A
m4jpKzMz6tBRlNmLbDVbcHriLuJJ3mgFBN/QYV9zurKzMRLv6Y8MVzLXY6MPYaFs
Lw398Iz/lIVLq40FxZ7oktvT3RFQUFjiTqBvdmQw91MYxJHGYZH6XB+tPhGw+9D7
w2ejAvv3MQU246oaEyyH3Pgh8GajSdKmiTH5YHRkp6LVnh7IGEZ1G7dbq8d5KlZP
zBP+Xdsf0gkjl3HI5cu4RJHWFg3dpNJxatxXc8owhaLa3wiVwSXobNsQBUNI5CeE
OItnetBLZzAmDlS5WoOAj5KMApun4xQQJXaazTaM5LhUN1TmXL6dq6rHSZrnrciV
aM0M6F96h0OFYq0RxsztXHiWFxJgbuNQSx1pzqsaFe4MtEEpMlI4SRQjtJPbje80
HCELo3Qfuxm6vLSGH1jXozhDt3/3jB96yBT+wemN3wxiiR/fWfmwH0k3VEFxbsBR
sMcgA3xopoyHU3cUQqWkFaKT0gBa0t2sZqpsaRgaR4YzKVuHu7Wezb3VRAt9VH35
E97yq3vv0J2OFN4trPMZ6TdRcRppe79bAgMBAAGjggEFMIIBATAdBgNVHQ4EFgQU
Tz6IFOGhISjj5ltza9wPl9lg9fEwgdEGA1UdIwSByTCBxoAUTz6IFOGhISjj5ltz
a9wPl9lg9fGhgaKkgZ8wgZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4x
DzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3
b3JrIFNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tV0YxDzANBgNVBCkTBlZQTiBXRjEd
MBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDYTMsotXFUuzAMBgNVHRME
BTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQApiMctoi++fFyKUOzdI5p+mJLxldQD
Jx6V6aY3wZRtKerXFuH+rAZDcBg5pCc+IwVYhR0ilJGvSFrN3nsipSRYkev3W8F7
8NBD0I0A02WmwOZA9GM5LAwc3w7dkGKLTIFM/qfwti4Y6o0Sb10r8QKhggiNBO53
Z10StshS5ciUtw0oH7oTRbsXhLOwwikkBxQgeCU5IJUtC2Xp8uG6Mrkqva/l+PIe
I83YPlE6NGiok2N9Cg7wx7Y65hg6F8lLePIh81pPLVujr91B1Y9Oc/iKwDZ+f0ep
uWnLSZJYbCrv4/QqPi4Km7CqJlPy4Wj861U2SmNkzJC721d2UDVBcFoGw3zIszYl
zGdXF71fcLqThlU/EwNgSOa/hQd6mcCZVBh0qlQHp1nefCUM4O5Qd7swSTV3Bdbx
wkkH/lWRPURL0qMevF5KNYT+dUV7Tplf11cW8D3cIe8+mr7p7FnFjKlbQ+YQQZ+O
d1zX06ADQPLsOat4FNwAkxBLSQ0anK9iu0xZUNy3RMRsLIX/gtl6qvxnWvuy2OJs
3bjs7hauPZLwycL5uaFoKt8twwomLPj4tE0AsWwxIGK7vQajJl755QNEgHfUd8Ng
U9tR185HsyrrKii3tuxGRwJGeN5IQkp/04CL2jVYYzkqe7tsr4SPE++hj/vK4zrw
E+i0hdVFGZBFNQ==
-----END CERTIFICATE-----
</ca>
# Client Certificate
<cert>
-----BEGIN CERTIFICATE-----
MIIHIDCCBQigAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1XRjEP
MA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTAe
Fw0xODA1MDUwOTMwNDZaFw0zODA1MDUwOTMwNDZaMIGhMQswCQYDVQQGEwJERTEP
MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3Bl
bjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEUMBIGA1UEAxMLVlBOLVdGLWF4
ZWwxDzANBgNVBCkTBlZQTiBXRjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4u
ZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDA0eJw8/wfxlpVJeWU
4cY+FVfSuZ8ufh4aY/KWzaRLfxv3kPa/y84Eb2hQUmo3sqSz/TyIx/Cb/kxdri2a
PJY3Aa87rK1EUZMg7tSFmSLRxW16g9DmKeXJbLFzkFhAIX7xvHoIlMdHlrOC3BOx
6OWHTowhLH83XCoK6h2gF7s7++cKEhzuAfPeSkf9ufl37oeEydUz7rlX1xKwTb/6
FvGCGC2yyJZ//ggglmXZd5LnD1/8ojq2rlnWE7y/0aNaFHTt9ONrp8kOa7XHX9i2
717pDmhKfS7iGhO5+eDcs0MZCUJNCeBF0Y82QF3wa8ksJhcXxlsl+qgwH2JX6Q8J
ql+AjnaMwemPWWJHNbMLbcE7VBkjtxFjdO3uqr+guVExY2TpBrEQZRTbQcxSEdm7
rt51cIAT9WzsLS3VtbEL3S9rEsAcLJyS5amIGdWQ8pAI2qC8lUB/EMuJrAPxgJjK
3xB6cqhUgDO69uUj9G3WEXVh3YcO9OHkKrdue2r6czqXIwV4n1MFfl3OlSf26jcZ
stbtg57AhbgWerNXCfSUi4BUmAbRLM0vK8O/iLWizcbztARLvQhqeATYixaEW6U3
DC47HgsUYzVFZyqiJh84QVPog0gMYKAl1n46nmh2ncrwJ0RFbZ+t+xkuvIsrY3Z4
Y9eLCix2uEiM64epHYKvc4AlzwIDAQABo4IBZDCCAWAwCQYDVR0TBAIwADAtBglg
hkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1Ud
DgQWBBTOxbPc2G+P6gmZuUFktyLVvPmmmDCB0QYDVR0jBIHJMIHGgBRPPogU4aEh
KOPmW3Nr3A+X2WD18aGBoqSBnzCBnDELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJl
cmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsT
EE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1XRjEPMA0GA1UEKRMGVlBO
IFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZYIJANhMyyi1cVS7MBMG
A1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAPBgNVHREECDAGggRheGVs
MA0GCSqGSIb3DQEBCwUAA4ICAQBdYgR+uA1hT/tWVz9NqfhvaKWrkhyyBDJfpAIu
Oh3YWSgvjBucM6PDF6hfUt8M0ipSbAhHXxLKUJ7LTbJISmcmn6B5OUG+oS7xUYKB
kL00VJufelZZdOZ0sOnPWlKF39tmdhQDrgr9PG0q5fR2tSwyaRHXlAtABS/avQEE
05060ZO8JgXxF5m521KTELba0CFTe+SGEv1nv4d9z811gC106Z7Idt8jPDfLwJBB
6vc4I9ZfVFWyJzFO01QsUal/FzDHIRk3HR1186Rzy3nRvrRvEtrwvlHG2y9OtEZs
WrXFDcdEAO7MlnmpRe7N3GlxYcClRgUk6YWGzk0+OqW7fO8uClqfsh84S7Bn9Y94
bnGGQ56ncYVu4hm0XBhjSWsK2lQpTRgFgPkIh+bEagGww3rS7s+TuUO8Lwsfi2Hl
ZAjERVxbUr4fUVantBXEiGrP0Dr6NAPou4rlSbtgHbf949O/DHwoFSbe+FsqnIg1
gKZbolWtv2lW+Ol+qEwKmURI1ZCKQT/RysHEGMaW4fByzCw1jmN4GwD2HWuh28/1
tuWUJ+kCvTUqAYGFegEqiCMVTj1bmjH+EGof0SkMRnLtJXNhLIwpiFV+ROlv2TNK
R0ihbhePvRLfR9rWOkp+1UN+xgFeKbxEFJ8MOPqGD0FdWukngxJ/dS/oBtYq+V0K
bP4Pyw==
-----END CERTIFICATE-----
</cert>
# Client Key
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIJpDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIYiFMMREJCT0CAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECLm6bnbYcf1gBIIJUMrfL2VOB/rd
fSk74V0FZkJVsFhVEGZJ0jWM8n75cUO+yOB1wcXv9RczeEtW2e8ZU4LEb4aJZ7T3
RoGG2UxTsrkrN1Tw2sotuNIea2hT1+sTPbc74GJmZjf2BD2BIxpAS6VLkKGLoN11
c+1euUsLcs8Y1Y6T0Ig0aah9tUjp3qeA0pPMvmtWg2BjnmG6oU5FJnxOpuX/ItJi
vm38fMzApjh6vW6vxhD0sPdhanWdKilE+SPpe6sPCfHanVzVmP42NwMofoDrE5bP
CxMTJa2Pi6dA7qt+9HfeDfzOHsfCvlGAnwzumwKQx4O2BO+JQjC1V9WUEvo0zoHR
/+aHWZIF33pJmZJw0kIbC/WdG/SevK22BtcGy/+So1WRywkmtckP5oPcQ/ej+p0V
2bkgRGCfyehuoiBv8W7lCqvJDbdmSLBLrbSWhLHPfxfhW9Yqau3J2oUgQXel3G8F
9pECEQHVm3T54anPqEol96dYhP9inz2/BwFQqGaGrobJ+TOsh1DRAQpM8QMElWaZ
xjX5qcFk6O6Uf61uTOwcQnfxZD6vOhqHSmFJ4AQy6M2SBXM65Q1S3ZnRpWKJxXBg
jspgK2iWDwtoXHGFWpazBaIMd/PRmYmibOAZbCSfRvgfkTXE3+HeZwk7ZCwKBATY
u7oHxdcEaccuLiq0HXutTOjyKUk8ui33FkwI6i2v6bcsSDbj0RiGjPQmdxxZG2bO
yL1JKHMpj5sIS0ZjfSmoOK4u3bEd5TvShPplIVqf79SRUJEEOlqNxXTjkAdG2OXQ
GuNscbIMrvJ7zVyQgWjzfMS0PdSHpeHAqgVLxcjkDTFEHIssmzUSCq9sHVKAQX4h
IDyNJPHWwRnH4pfUGaS62zK2WCFM6GSolPtS5ZwJxgg7TRbKF7Z+ThW7n0MwHhZy
zJXKUL5fJurZYnLRgDzlVR3NsKkYg+Wwxy4k8NDGuYsx7zlQOfjoYe506ObxY9ih
YkQUX/s9AY2VZGWPypis+hZkJCVn7F9NMKOXVjDs4zMGWyhzRVoIwU0p10JqqRPI
k2V/UTYMkWseo1blIitT4ZEZQHVG+ciQsHQA/MBCBELQCl/NKGHjC0I9LRcFp5Sd
x6nTLCRb1i6Xqd1NRN/uF3BgJWJoPu+fBhRPF4ZI1YF+POaegKf80y3vbIMpaBUp
Ok/kS5L22NQvd0moHDKKbIu9H0q3WKokkipmi4cQZWslLO1ZGH3eoN+hyX1qHQOk
kr/bSRfYLdjFumXmw1t7HIu9I8sFnpyoJwVlC3I6zBYPysS3XRzQM4+sLcHR2Stw
9/ucvoLPuYI8Pyyk1WhFMLZtAjsDdRrlNgd3DcBbuR0ldCdMb7DQwj2LJDhaX0md
0E9xpwy415GQDYFkKAuOL5s1oTPbYBVqugErdfZMYU74BDrcxi6Bo2DfnmTF8/SR
0fhhihy5PboH+vsWT1CD4rHaxEFi0JnUQoMgFjUrdcfykz4Y7EPOAKOQ2I6XRhfF
fJfMi4c3iVa1NOd/4Kw6sh+/l1/XZxbdEwNd5CQ9Xa5WDQDglOqkf4Owkg9dYnTS
sfIX9NkQ9yV3n32UqYCDCIIlYnXfHo+cuFMqTwcVOi+acfag39aVSer5M7RUoeVu
JRcS+yOCRkIvm/SRt1XFVB4S1ZEseiSwjwdIvTtXr8bRzIpd3WF+q95qGYZLwISR
zc6WspL6d5Ll48yRntjV7lIgFt1bZB/Vj/U2c/+S5pIIXSPZyIuN8RYiL4IhZmxa
deMIB8Sx5ZriTn52vEUSje1dlolBr5xL+ifpG8IRSwa4GaRctBVrSNguTfx0ZKyQ
Ku+jdBiGFs1TcAec2Zlj2IGL+LkLuCF/ZaHQwkp7egG6tSXmpK6dk1VoUGb4HUXi
lwSJsW1kNj8nVvEvh8m1H7+UyI6y/jFUeuyisM5KV3UFOQNidKsmRBKaC2JlI3Zu
iKJ/jW2O2SwRMm44U2DgNjB05Jr22V/plKhUYFxhVB/1aBeoIywtij0BVY85/KZz
5Q2I3U33nyu5ewTfrT5essBcgKYJne+7s61yaGQeHjJCEbKNKtRtLkQ5vgdleWgg
LM29Oxr+3jjyB+dcIVe9EtYHZ/lF6ywuEeLH3RAdbmhPigt6rM0+MOnsIQOvjN9O
2DpGRvaBeA7acFPzmMJoKk3tQDh7tpJY4cgot9AvBt0US0XUvYSQf2In2S3ifSWU
9uz8otdB2rDf+OFU6L4xg5dTD8nqTHt9z7oUEeJWFz2C4qkZ4+10Czb3QRxj0OlB
isIkMh8k7kYQ4rtrZCbvkVjAJwnUQFI5zFBlo/8GfroOVFdFlx8kG3t0WAXJ9aX3
YnqUoMywxSAz8iBfN/sjv7rkgobozPlqEhGwEJ8hKBAf1HCwVegi5tmlXfXmLbSt
BWhKrJG98NwRApnWzFFvui4qiAGeXAsKx2/3w0An3sUwLJjUcfZNGsn/0wt56Hid
RP5Od59n1+UHWe1eMBhw6lZdvaVHostAj51kdGsuacr3tJN/g5Cko49NyJNI0k+U
/0+Lgxs8rUHHYe4SXeGR4Ri2YgVEJR3dqOPaiIiK4vg3wop8VLN4W+4PLqNFKDd6
RGn3yyS9CkR4Jqu3B5ezLCjwvTV+pcZ9UqlOUOK2O/diE5ro+2sj3zuw5rUUolwx
OQ9ex3m7JrqGadARhtc5ALPY4OmkbddIDL0ewc1PysMB5vATWMH149bmtKJSx5u9
tWnxzpFGpQu2YMyFMkNexbWHLMtZff7mXlwUk5NMgvnHQ+EdCaqj22zhQoRgL+us
SdL20wEBm+eEPgiWMSk1nmrgen1kU3gKRQzw7miqsSPnW+PSfJvxnbib2uuclHZS
8Sz56xwPksT2gNQvA6ir6ndeOAYJpMW3bQrQr8GLfiNDcUJ9cCNWJtfqZcBTxvvf
iHpLlNGBzwk5XDJuCJE1o6pkmF5fQMjBzpntre4df2kIbxuC8Fyu1TLnT9bgLywe
H8azR+2ZYDzSXtPYN+dOgNfH7AoCzLHczvMGLeCttzeUgvMPAesJK6BthIuJpxNV
01oaEQSrU49tiRgC89tgZs267MrIPnkUTlJoz/PW/wZ9f0RqnAfCMZLb7nj+p083
5v+d5g33xex9CZ2XUb051wdir7pamEUV0fpnCBAjRtjjb7PWMuOZjop7L23eMgbp
9obNF+BPYXYzLgSAioucrODoPEV2gYSi
-----END ENCRYPTED PRIVATE KEY-----
</key>
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-server
# script in the easy-rsa folder will do this.
#
# Note!
# The option "ns-cert-type" has been deprecated since
# version 2.4 and will be removed from later distributions.
#
# Use the modern equivalent "remote-cert-tls"
#
;ns-cert-type server
remote-cert-tls server
# If a tls-auth key is used on the server
# then every client must also have the key.
#
# Don't forget to set the 'key-direction' Parameter if using
# Inline Key. Usualy , sever has key direction '0', while client
# has ke direction '1'.
#
key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
055e6b31c205ec1ace25b0ef1f0b3e80
e74c454b9136ba2a73e77af7d1a69e27
961a2792f86003c7e5477606511ab117
86a4c648a987b4aed406d30bcf5c32b4
da5405b247161f9f1cafcb82df78f63e
e2151005472f97c913ab994c2b2fc3b0
2c8e2b7d9b466a1f092f375f2a08f561
b8e0c6bd019a5e9b9bc821715287f279
ca56cdd6fcbb3fde55d44da9be2ec86a
b81e52bc44f7c92174795dc12f95a6c1
beeca15154a9c72872c3f205ccf601ea
c610bd2aa828e052febb747c02cfdf4a
959e9a86a01863bebb30ed8f79d13dae
f58e8dde86d46026a27de24e6db51348
1d395e5736eab696c653d1f68a972dc1
e47de0993b8b5d57ecab103e70c4874a
-----END OpenVPN Static key V1-----
</tls-auth>
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
cipher AES-256-CBC
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
;comp-lzo
# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 1
# Setting 'pull' on the client takes care to get the 'push' durectives
# from the server
pull

270
WF/openvpn/wf/client-configs/chris.conf Normal file
View File

@ -0,0 +1,270 @@
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote wf.oopen.de 1194
topology subnet
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Try to preserve some state across restarts.
persist-key
persist-tun
# Server CA
<ca>
-----BEGIN CERTIFICATE-----
MIIGxjCCBK6gAwIBAgIJANhMyyi1cVS7MA0GCSqGSIb3DQEBCwUAMIGcMQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEPMA0GA1UEAxMG
VlBOLVdGMQ8wDQYDVQQpEwZWUE4gV0YxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9v
cGVuLmRlMCAXDTE4MDUwNDE4MjA0MloYDzIwNTAwNTA0MTgyMDQyWjCBnDELMAkG
A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMT
BlZQTi1XRjEPMA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bv
b3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK+cDn8x2oBG
oH7SDD3d9p+rRE4uzVDp/7YxuvvCXazhPUVc0BGE8hj6jCwB+tbbNlhbm/uwxAX6
96kz2AmoGzEZQy/Icb+UKNkKni15PUEaCcFWkgb9mMb/6XBP4JLUdnxxUn5rYB8A
m4jpKzMz6tBRlNmLbDVbcHriLuJJ3mgFBN/QYV9zurKzMRLv6Y8MVzLXY6MPYaFs
Lw398Iz/lIVLq40FxZ7oktvT3RFQUFjiTqBvdmQw91MYxJHGYZH6XB+tPhGw+9D7
w2ejAvv3MQU246oaEyyH3Pgh8GajSdKmiTH5YHRkp6LVnh7IGEZ1G7dbq8d5KlZP
zBP+Xdsf0gkjl3HI5cu4RJHWFg3dpNJxatxXc8owhaLa3wiVwSXobNsQBUNI5CeE
OItnetBLZzAmDlS5WoOAj5KMApun4xQQJXaazTaM5LhUN1TmXL6dq6rHSZrnrciV
aM0M6F96h0OFYq0RxsztXHiWFxJgbuNQSx1pzqsaFe4MtEEpMlI4SRQjtJPbje80
HCELo3Qfuxm6vLSGH1jXozhDt3/3jB96yBT+wemN3wxiiR/fWfmwH0k3VEFxbsBR
sMcgA3xopoyHU3cUQqWkFaKT0gBa0t2sZqpsaRgaR4YzKVuHu7Wezb3VRAt9VH35
E97yq3vv0J2OFN4trPMZ6TdRcRppe79bAgMBAAGjggEFMIIBATAdBgNVHQ4EFgQU
Tz6IFOGhISjj5ltza9wPl9lg9fEwgdEGA1UdIwSByTCBxoAUTz6IFOGhISjj5ltz
a9wPl9lg9fGhgaKkgZ8wgZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4x
DzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3
b3JrIFNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tV0YxDzANBgNVBCkTBlZQTiBXRjEd
MBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDYTMsotXFUuzAMBgNVHRME
BTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQApiMctoi++fFyKUOzdI5p+mJLxldQD
Jx6V6aY3wZRtKerXFuH+rAZDcBg5pCc+IwVYhR0ilJGvSFrN3nsipSRYkev3W8F7
8NBD0I0A02WmwOZA9GM5LAwc3w7dkGKLTIFM/qfwti4Y6o0Sb10r8QKhggiNBO53
Z10StshS5ciUtw0oH7oTRbsXhLOwwikkBxQgeCU5IJUtC2Xp8uG6Mrkqva/l+PIe
I83YPlE6NGiok2N9Cg7wx7Y65hg6F8lLePIh81pPLVujr91B1Y9Oc/iKwDZ+f0ep
uWnLSZJYbCrv4/QqPi4Km7CqJlPy4Wj861U2SmNkzJC721d2UDVBcFoGw3zIszYl
zGdXF71fcLqThlU/EwNgSOa/hQd6mcCZVBh0qlQHp1nefCUM4O5Qd7swSTV3Bdbx
wkkH/lWRPURL0qMevF5KNYT+dUV7Tplf11cW8D3cIe8+mr7p7FnFjKlbQ+YQQZ+O
d1zX06ADQPLsOat4FNwAkxBLSQ0anK9iu0xZUNy3RMRsLIX/gtl6qvxnWvuy2OJs
3bjs7hauPZLwycL5uaFoKt8twwomLPj4tE0AsWwxIGK7vQajJl755QNEgHfUd8Ng
U9tR185HsyrrKii3tuxGRwJGeN5IQkp/04CL2jVYYzkqe7tsr4SPE++hj/vK4zrw
E+i0hdVFGZBFNQ==
-----END CERTIFICATE-----
</ca>
# Client Certificate
<cert>
-----BEGIN CERTIFICATE-----
MIIHIjCCBQqgAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1XRjEP
MA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTAe
Fw0xODA1MDUwOTMyNTBaFw0zODA1MDUwOTMyNTBaMIGiMQswCQYDVQQGEwJERTEP
MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3Bl
bjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEVMBMGA1UEAxMMVlBOLVdGLWNo
cmlzMQ8wDQYDVQQpEwZWUE4gV0YxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVu
LmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArCi8XLI6OCowQPLf
JMJixpFh687fZPQ9C3LD91gnRbZ7eY6hXBA795Jd19lhAnB8w47xykFgUGhfvaLP
5u+yrYLd87tCJ1obeYcekyoaJuLNOaGmRLtQBfYAuYwREuxkwYxiLCfyIXGrLwGX
DgusermEa01ppZAIxkNyuSd+MbEYQWDIWgYxnI9fBmoWdUetxl9tS8E6nH1ALC0B
5HYTFwsOiq7YVPtpxJuFpL3YTUguyC+5kumMu1xEfjmkK+orHYrA0jkE7nZDoQke
LpWD0YWR/NegEgq5bNQi4vlONqZ5GhJTdVb08neYgtndY8G/l2KZ7W9VNiD61hFB
tvskstUqLFxY0rz91BQzKtfb3nnJJR6SztCOA1iawfipKypvU0dlQjlN8L7z2a8H
QgeL+owX+29IX8oBwt8ZOCX1M+hP2sWeRsO0nLTEdb2H9RH7+9YBZ9NJRWWWHidH
e1aAFH0CiRe8egoqnVofHKXXwO5DGuFBsKpqi8m+X/9jbMOgWmQSoMUEiHoUnBfu
nei7RZ4LMnSNifqVK0IbKpyQ8w91eqRB9HQNKv02M8lJ/AsfRXjhxCVepGyh3syF
d53e+F2wJfX1SyIZSRDyuayaHNtgGMEqN+FeuXwXsyZoj/f0EHXsEaoJvZNA144r
M+IHOU7MX3rmWz52oUcaRZDCje0CAwEAAaOCAWUwggFhMAkGA1UdEwQCMAAwLQYJ
YIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNV
HQ4EFgQURLi5LZhzOnrufjlEXb56hJYcmpkwgdEGA1UdIwSByTCBxoAUTz6IFOGh
ISjj5ltza9wPl9lg9fGhgaKkgZ8wgZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZC
ZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQL
ExBOZXR3b3JrIFNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tV0YxDzANBgNVBCkTBlZQ
TiBXRjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDYTMsotXFUuzAT
BgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEAYDVR0RBAkwB4IFY2hy
aXMwDQYJKoZIhvcNAQELBQADggIBAH83wyx/dT3/7Qyeq8H1BvfmHSMgdfCxWopm
ziGhL2UNOBbXKcf+Vm52i9UlzSCVZ2/w04cDA+dph+pFjZ/qvY7ZrUAkDZQrG7ou
Z4twULERVLVl2vdfQgixbC2DOzx5l7DbVJKYXnb09WsklXAGZl8TyO340YwDz107
RjGFLnrlPCb2fyBV1i68vxNB9jKHryY9q2QCLNK7zP3+bGeHLdYt/1CgQoydc4pn
L/Z7YcnLKcyGViyfIQzrM7ZmdAceLQA2aaAtanJ9eDMfWU+j73ROrfy6p+aAndXE
uai2ESwson7+5Rf8mLIfda30JFj9QE9RS04/yOGSG8W5s3pww+vpxX9A9MpTLiiX
fErYCZT3yAvpRXbvEiNBL5m4TPGVzZPiV4MRfgm6ydxzsJVWR5WYcObPSbbykuMp
ql9BDzWh/YSZqMV543CrPGJfr5DcSpQflMD9f+bha7z1dzk4Hcz+/Kl8XEW8Pc0/
4yIn4K5tIOB0c5IEiQqK5+rDf+I2umzw5CL0odPrek4TPaahqOkJL4L/ZKmqBy8h
G6ieS7qHi6MkTCMVYPREUy0qsS390GmRVwJtrZdV9ugjoyOfzjh4zh1GkCoyngeB
5Q8+nr8GQYFUA0+rVau2E42bXnFDwC+SqGxisZFkj6uyA6QiAnwVqxmDXtgwaJXy
6K9l2Ogr
-----END CERTIFICATE-----
</cert>
# Client Key
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIO8xdzGddC/ICAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECAssHpVt0na2BIIJSHCBMo0JSJOq
YeavxKLQaHgi4cYhkRb5tpe+Rw79lKDOAnWOvf1omRdqapHAQfxworEXp3YbxUXe
aV37UgUR9dXKGf/ctRCHou864NeE3+XRCjKbhEit5jO+IqqvuoI+7jL4HVa6Btv6
KL7bMnVmafymTaA308qg6Z4RG5zDIuktOtozDq3JAMT8DslRlsh0rL91rhSM00/z
KHot9q4Vd4XJ7f5NOR6FBUnDDB3+fHJlvJBWCdE4foWSTHQYJHdh5iIsvPOAj9SS
uwRvtX9QaucoRsjc+YCHTn7BLkyDbfgabjBOA6bDwgG45sJH+lYW8Wj2oZjZDQ6n
rjm9kjYK/7tVCP/6djXI0xl32g6KxUsU8GcOwpKqofOQ8gpJy/8ygiJbHQIv0xY2
kYE509bPQQdVvrEJciX2vkb9L2F6I8Q6q0gwQ1vIO7MdPbZ+FZNjQYtcwyregJzj
DRQnCqLtsfuPg8CfV/6fhLIwpdCgGf1dCxJXG+MqntNS6bIqgcNB8/S/v6FWd5n0
IzdaCpMQq9VVDVyHDH4ZJaiTom62vaOn4fJZBhPv63csg4GpMiy+na9OYaCk+m76
zK3YKitw7Mvj9xaQ4swsGxLdP48dXuxRYweytZkK7wlf4L1qhVbsMK2akeZxq301
OcKAI1lfZykD+4CD5SGPWBDNrTPtZxPqy6SB0F7G9Dv5PtkJDdQ8EZwYTjZNRMKO
Pc4Rhj7RxBXLcUDG299hmUi0LaS/bDJax7xAs3YmmuDkR0Je6S+vTfAMHycof4KP
/4xXiYnP8qB6do4XL+ZpONhTciUSVDbR69ODcfvJr6cRq0QPANy2m3nQE1d+aVhO
kQ/weVpkiH1U+rJEaA6DdhBuMi1p6X+GehV7KUoKhlR8mgBpyGER0NQkAvWdcs4y
2g/tcQ23KC2k3uBgA2OI/JiALPJn1Z2f+7UE5E53g0C0J8IlioxEMYwNz/lMikXs
kcGZbMVApzvoE473S0LZ2vIx+hU+U24iGNRqpZis3fZt8Sry1HPynD6ShFzk64fj
nwLdYrUmhra0l7DkRfJns9SHo3T6lv/MptbemeEog3/L5NEN3nnovAWXJOfi6XOd
Ih9P+x+xXYQlR48V0/hSutN1sk9zcr5ctDrvWJYiw/mPgX2VdvcULTN3dwelwnP7
H9uOYwPiDiSRahoRDceNu3kFWyMkfaFjizK5tdyF6IS7xqkPWegc7akfZNf3V05M
YeOnhUiFvJ6nG9B33SVB/uaOrCPLdfalPfzcqHM8xmfpgabr6EqEYKklniNZhMrz
3l8H+tDtUT1sWUoVD/SM/hry2Gfrb3mYFQcoUCh6Nm4ughNGjdqN3OfHvtlXlgBI
+QekPCU4G9qHeLw82aemnioJIYpp1YEES/C0MEhrbQotcNyWBiOrYX9HlMbN4s+o
uQGpRwdLigp1lHwKCeh2JxcIy+ol9wDeB3GojcFC28Q5pegx9fHeHnARGyqH2zDg
KsCARH2Px+OJ5GdNktW1pDPZNtPL321fEqbJS2RFIH2lTqZ4iiTe7EFnxVWYTGcj
PizsE0drgNEOdHOU6R3YbguM5FjPUuHRQ3xY/5EBxDNVugWAE+eyj2I1UEtl8vle
pwmPOlD4kPI2LpyhaG5us7e3RnjUt1zr+u+OYTnr3NQ2EbHV6okR3f+l8cey6xmR
Q4G7CgddLcdmkKz/cKodzobxzlk7jw4WOKG0GAOcnDp3EnuGISCzFu+nJwBt3nCk
VWTIg4TsD1LbFmeamXwLGJ6QryTQ0oqKc9OPV0M6SGvyhABax+3px9KI0/7sgCg0
4ehcs1WZA6DXTO4ZDGEdVguYUQ7UAvIgq5UswKARowQPWO3MVuivlXtJz6yXAlzl
/s5P7XCETAGB+6qh1+Ofq7zV8Pr6Ply00qNNU2hbBjLYHrip5Wjb2IqRT00k033m
N2Dyyg13Xika3jj6aaDphQ2XjFghL3f08NZ2RPKo2B1vz/XKNDCcTse9mACGlSjp
cd6SmvRnOf24laFvkSKYG/oBmpUPnZVtnIzP8jprxbXzIAeqd2wx0PeSaDNzts+9
UeOfUAM+Gn+ER5teHoStVs5x2EF/EDWQV0RPTEWuQIrtf0xxG+5owWrFN+msk24h
VYi4cg6gVaUDOjp7W2Mvk10AnBnFZkiNf6LnpCQfH28UEZmthPzclQUZGk982Pt/
ZZ5vcScNZXLZtOr4Chpg3nwGfmf+UaIP9O+cGmlL0rLUthQvvPDSCwbZ3USrQufG
Mp4y67fVOBqkiR2jOqlD4jfMZ3K8oEKyKEJ4FTw9VWpWBMF+5PxRTsKZKq+xigSA
BQYAQai52xPquFVKcp+SQuVNDDlzvIwaVkXDVA53TbBxki3EGgP8D5zZSteIyW7e
bPKgX/IJ0v5/iI+9DYBqpBTFVETwjCIXBfq3JwngZHicrHGw7suguafXhF6nQx62
ccZalnd+Rx5l4d5bPbvymw0dzmBH8/Z2tPO+DASsfRoNKOo1lbI/g4Z1HOhW2HV2
qs9UR0F/G0y+vswEaNTAYyupuiRNCSw6L5pFkiKOFgqm83MccNOImvGfS6r7zUIN
p24E+Y8EwQrP74AOqywOLcQpKIrkS4iYkVcCIHmun3pvD/r28Vs5gFd1g2InrfKO
U75RSOrxqX2a3wkbpmRvOUuT0rsHlpnDHm6k5ImHaad6XHVnUptPeIE3STupQlDu
XzWRe2dHIhWrV1yMgxjgj+Ai1GqmA1WBfDF8aXrF6hvPk16cSZp/UDwtjl4XLAZ5
L9e3r0Pj3NVLooNdbOeh/mdNnjtziibSFl4PFutzpFGLvpY4ud4GS+28oBZeSo4A
NMTNKB+Ht+QdBjVtUaKNafMl6lgeMpIdQyNIUg5OAAjepX/g8vRJX+PYBdr+DV+a
hu453n2dQzCkXMaU/rYyN9saGji+eaaeOremDPp7TEqMIzDWEw4OlYPiStciSInQ
LfwzwNdb3Q1C6DZr+QQaGjUYEkmz2Z+Gg40Vb1Ym+0QfKVVYtzy52Rrho8DC9zjk
EIOxlGJ+EIdUbV/eIGUpJmxaW/ttDLTq6yHogjB/S2w+Lch4DPptrDDqN0gwFfw+
Cz+apIU9u2o3GPdrTlaZmHtrEsFgOFma3lWWtafLlHdUSOjL7/QDwXJi/8W+JFAF
Kb6X6klzhdmY/fmoxJ1e1w==
-----END ENCRYPTED PRIVATE KEY-----
</key>
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-server
# script in the easy-rsa folder will do this.
#
# Note!
# The option "ns-cert-type" has been deprecated since
# version 2.4 and will be removed from later distributions.
#
# Use the modern equivalent "remote-cert-tls"
#
;ns-cert-type server
remote-cert-tls server
# If a tls-auth key is used on the server
# then every client must also have the key.
#
# Don't forget to set the 'key-direction' Parameter if using
# Inline Key. Usualy , sever has key direction '0', while client
# has ke direction '1'.
#
key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
055e6b31c205ec1ace25b0ef1f0b3e80
e74c454b9136ba2a73e77af7d1a69e27
961a2792f86003c7e5477606511ab117
86a4c648a987b4aed406d30bcf5c32b4
da5405b247161f9f1cafcb82df78f63e
e2151005472f97c913ab994c2b2fc3b0
2c8e2b7d9b466a1f092f375f2a08f561
b8e0c6bd019a5e9b9bc821715287f279
ca56cdd6fcbb3fde55d44da9be2ec86a
b81e52bc44f7c92174795dc12f95a6c1
beeca15154a9c72872c3f205ccf601ea
c610bd2aa828e052febb747c02cfdf4a
959e9a86a01863bebb30ed8f79d13dae
f58e8dde86d46026a27de24e6db51348
1d395e5736eab696c653d1f68a972dc1
e47de0993b8b5d57ecab103e70c4874a
-----END OpenVPN Static key V1-----
</tls-auth>
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
cipher AES-256-CBC
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
;comp-lzo
# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 1
# Setting 'pull' on the client takes care to get the 'push' durectives
# from the server
pull

270
WF/openvpn/wf/client-configs/christian.conf Normal file
View File

@ -0,0 +1,270 @@
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote wf.oopen.de 1194
topology subnet
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Try to preserve some state across restarts.
persist-key
persist-tun
# Server CA
<ca>
-----BEGIN CERTIFICATE-----
MIIGxjCCBK6gAwIBAgIJANhMyyi1cVS7MA0GCSqGSIb3DQEBCwUAMIGcMQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEPMA0GA1UEAxMG
VlBOLVdGMQ8wDQYDVQQpEwZWUE4gV0YxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9v
cGVuLmRlMCAXDTE4MDUwNDE4MjA0MloYDzIwNTAwNTA0MTgyMDQyWjCBnDELMAkG
A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMT
BlZQTi1XRjEPMA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bv
b3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK+cDn8x2oBG
oH7SDD3d9p+rRE4uzVDp/7YxuvvCXazhPUVc0BGE8hj6jCwB+tbbNlhbm/uwxAX6
96kz2AmoGzEZQy/Icb+UKNkKni15PUEaCcFWkgb9mMb/6XBP4JLUdnxxUn5rYB8A
m4jpKzMz6tBRlNmLbDVbcHriLuJJ3mgFBN/QYV9zurKzMRLv6Y8MVzLXY6MPYaFs
Lw398Iz/lIVLq40FxZ7oktvT3RFQUFjiTqBvdmQw91MYxJHGYZH6XB+tPhGw+9D7
w2ejAvv3MQU246oaEyyH3Pgh8GajSdKmiTH5YHRkp6LVnh7IGEZ1G7dbq8d5KlZP
zBP+Xdsf0gkjl3HI5cu4RJHWFg3dpNJxatxXc8owhaLa3wiVwSXobNsQBUNI5CeE
OItnetBLZzAmDlS5WoOAj5KMApun4xQQJXaazTaM5LhUN1TmXL6dq6rHSZrnrciV
aM0M6F96h0OFYq0RxsztXHiWFxJgbuNQSx1pzqsaFe4MtEEpMlI4SRQjtJPbje80
HCELo3Qfuxm6vLSGH1jXozhDt3/3jB96yBT+wemN3wxiiR/fWfmwH0k3VEFxbsBR
sMcgA3xopoyHU3cUQqWkFaKT0gBa0t2sZqpsaRgaR4YzKVuHu7Wezb3VRAt9VH35
E97yq3vv0J2OFN4trPMZ6TdRcRppe79bAgMBAAGjggEFMIIBATAdBgNVHQ4EFgQU
Tz6IFOGhISjj5ltza9wPl9lg9fEwgdEGA1UdIwSByTCBxoAUTz6IFOGhISjj5ltz
a9wPl9lg9fGhgaKkgZ8wgZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4x
DzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3
b3JrIFNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tV0YxDzANBgNVBCkTBlZQTiBXRjEd
MBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDYTMsotXFUuzAMBgNVHRME
BTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQApiMctoi++fFyKUOzdI5p+mJLxldQD
Jx6V6aY3wZRtKerXFuH+rAZDcBg5pCc+IwVYhR0ilJGvSFrN3nsipSRYkev3W8F7
8NBD0I0A02WmwOZA9GM5LAwc3w7dkGKLTIFM/qfwti4Y6o0Sb10r8QKhggiNBO53
Z10StshS5ciUtw0oH7oTRbsXhLOwwikkBxQgeCU5IJUtC2Xp8uG6Mrkqva/l+PIe
I83YPlE6NGiok2N9Cg7wx7Y65hg6F8lLePIh81pPLVujr91B1Y9Oc/iKwDZ+f0ep
uWnLSZJYbCrv4/QqPi4Km7CqJlPy4Wj861U2SmNkzJC721d2UDVBcFoGw3zIszYl
zGdXF71fcLqThlU/EwNgSOa/hQd6mcCZVBh0qlQHp1nefCUM4O5Qd7swSTV3Bdbx
wkkH/lWRPURL0qMevF5KNYT+dUV7Tplf11cW8D3cIe8+mr7p7FnFjKlbQ+YQQZ+O
d1zX06ADQPLsOat4FNwAkxBLSQ0anK9iu0xZUNy3RMRsLIX/gtl6qvxnWvuy2OJs
3bjs7hauPZLwycL5uaFoKt8twwomLPj4tE0AsWwxIGK7vQajJl755QNEgHfUd8Ng
U9tR185HsyrrKii3tuxGRwJGeN5IQkp/04CL2jVYYzkqe7tsr4SPE++hj/vK4zrw
E+i0hdVFGZBFNQ==
-----END CERTIFICATE-----
</ca>
# Client Certificate
<cert>
-----BEGIN CERTIFICATE-----
MIIHKjCCBRKgAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1XRjEP
MA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTAe
Fw0xODA1MDUwOTM4MDVaFw0zODA1MDUwOTM4MDVaMIGmMQswCQYDVQQGEwJERTEP
MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3Bl
bjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEZMBcGA1UEAxMQVlBOLVdGLWNo
cmlzdGlhbjEPMA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bv
b3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMrjSiWHxe62
Rb+tLgvs4MCHwSg4QayhlcVv6u99TdTjPNKJrfgwD3DtDxPTKyhjShXEebTbd7hJ
TuHmKWCVs37Bj8fCuSx548tz8OU0kzhyWXM93+6HbwwLyCbWO2OmwWYvTKaD9lng
Nq8XdcwUFpTvwtZh/kryL3ssckjKTi7mwHOXEOAFFx+gbNGUZ7AJ8pINymFgkebC
0OMKJCr77YkYOJyO9Kyb0AaJ0n6IpjlxS5tke1Os7hF/MSIFyz1yQC0aZo0b+M6U
IMXAbMVkrCmD5ZkQbqfA1c+pQVLOxt7gSX+gj3wBmScwiiMLpFo0MIxhkUrsdfa/
eR84/9GL1+1zUgfHN5cfzikJDKdL8xTIPxUzhdRl63Hmr/EXcZdQ6xQdlgvIJYIV
6fwuPlNbunoLNezWpaNw3KCvD9wI/0FwlxZ2bxO/7wQSLMCrIq21VjcR/igy2Gqw
0QnvLYsAwra2QbxLYBw+ZJYEnoRe/KqdDo2mpa9uKrg/BxVlCow9Gj0KWDwFy3wz
UN/bYzNqCmFaqA2ZErjHLKhTCHfA1qnekyznUug4k+QuHQa67nFBSbeuj84I128q
Qxxm7ZYWaTR+ZEP0GQ265uVzNRk90egU2Pn2OG1TJ21mH4h982KXogD1hdPUkr1N
FGnO9Wuq0DHTpmTRIVOgpZ6jPeDZRZvhAgMBAAGjggFpMIIBZTAJBgNVHRMEAjAA
MC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUw
HQYDVR0OBBYEFGkNeUkJ9ZXFcSLpt/1Zp1oO9d8cMIHRBgNVHSMEgckwgcaAFE8+
iBThoSEo4+Zbc2vcD5fZYPXxoYGipIGfMIGcMQswCQYDVQQGEwJERTEPMA0GA1UE
CBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcG
A1UECxMQTmV0d29yayBTZXJ2aWNlczEPMA0GA1UEAxMGVlBOLVdGMQ8wDQYDVQQp
EwZWUE4gV0YxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlggkA2EzLKLVx
VLswEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMBQGA1UdEQQNMAuC
CWNocmlzdGlhbjANBgkqhkiG9w0BAQsFAAOCAgEAqy+hcnbioyN3CIVwiZOUG7Ia
+ya+EWo7HDCP0xYUm7MTofFF6uOZrqluOOYuDAFmyNPg+7ZA5e4c7/GHbHsMvQf+
CG1SwMso5/+nmjbbJagCNeHl43BM0kwSLNeZwBWjQ12K1BIu45nMbuBaB3rlQ96j
FwMVFW9HTRobO0ebqDVt+wsa1ivfPCpdYmS0RUExX0/uLtUy/mKcth6Sm7htTf3L
V89i2qi2SbpSWOhPxUeDGLx5ZPOfPGP0mzJICeidnS4ouEB2coVBkqkHGh5CWb++
9qKpotJEjhzyAN+wKdUEu7q34rfCMbyjl45A/64t30lgn8qaXN0DXyYxlL/qfqX9
FJ0/WxYwc47BVUbcu+GkmbhtL3+rQM6VvQVyCxnwejsK48PNutz7hT2eM61jq7uF
eHNVgHTccvnzBUOd5S2VSVSqlq/umLbMsIuzNx3xh3+fmzIgHxwRQVrqJWDGMjF4
/KFZ37GUApW2GtPwy5V6LSZI0y18RPfNaszHJ8UzFo490L6HornpdBL61EHNasAl
PSMAvM5L7/gFN8yAK1j87Hsjtfm8d2O+lJ08uMbWUwki2gmtBaBojZM/XOs9ypVd
lmAo8LZfFifGv/GQHLgxFp1etBfS0mJriGCcFIAmuYpbG02DnJ0XR3B6xbkXIqdy
vcVpwxPH3DQ7oM+3aLo=
-----END CERTIFICATE-----
</cert>
# Client Key
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIJpDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIYxWFm6i77QYCAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECL/vfl9kVMbOBIIJUBZec079+iYr
LJ6lSmyYTPl8sPjJKvOp2aWuAFyOb5TuB/6Z+VMnkl14Iop+zDdWx59LjN75Ec98
YH2YZgz2HwzokK6pPUYXJkCNfVKCxarBIwmd45OZRIbzhUCpTHiMH+oknU3W/7B6
pCjS0cPyYQb886QdisqJtq2kynBk/k4mu9ZRmjl+glQ2Xl39UjtlOAsRKZXDlrbP
8I4pI3K8Rwsh1q9ggGgLLIGFxcWjnFMqtRHGaVG9aIyYZ4FimjM/J31Bpj8tmP5+
hSz/X5wVLV0/olwonPa06fHdntKcIDArgtG+Um8eHxU4qd5AarbhUMJlfthWdi31
GrQtKrCfDirMb7aJAcxzSEc3TF8SqFqQjt/uJStyuhGJq+2EFwcE9kIGvi+v6jw7
EvncFlPHaPW44NWQOvG0iVMjJP+9hE8XAbMMlMKy4aYeQT+Ek2BTXRYo2MK0UmX8
L99Dv4e9oskjd6qtbmLs16OHFvQibMi598eznlEN5+esWFV4GKFIrFislrlcaUeA
JwdSgCqB5VGkN0oD2DY1GMZ7ewRDJh277tUZ93VkbbL0PHKIw4slbU+WC2rRZG9q
CSAfcKj1EePrRRXbBvAoZbdDtSkmWQE+A9NWggz/rQowGFnkQidnQ7mlRmR4IdUd
bWH8uJSqDm3Zeuk/Y56gz/zIbywQs5CJjYHO5EtK3tCuht2UvBcfsP+gyJCr6Kn1
PmPS6jXNnHBw0EulFtNAbYRkbKod/Jt62rBerD4gbiIwj8BMMs5cWd7fFJNUJK+e
wuFme2rkmyxT5rknoEp3eKBY6FGfDfYiMxLtDNiyngZEFxeFH8V5fV+FqdPVshPg
/izOTl/RKXS/m6XKbO5abGXpFN85yzePYLkhBmhyMsGFT6JUfNx0OdhgOrSnWOjW
8D2HQVK9FuNEYGM8OKWYN0LbjcZTxbdjQd8fMY3MMDVY+hYwXvDvc4KxsmjQUzo8
uM8di8ywOtVYUZ2HCE3f69qcekzuHyuqVTEF5Iy3NRodVoeImfmpvWE1RckzUyKR
VcuDWtwcjTq6NSTl8HG/zyil7n1e0UwpYM48xdulJ7HFBi7AEaWmbro/vnxj17xs
hcWHhm5ornwG5U+GM+YywXIpR8pvMbijodvgTeR3krF0JjMFXwq4j6KaIde3sXuW
guAPkaSSbjy6h23LYRxt/iXu7A0g5MH/R8r3SbSkTnaAOLkRfq4U3/+/rBEXhW7r
0YokXJ724EBsIaq2eD6rd2wxnUvxPHDpoBD32++3YnFz5aO4R5jBYs+pOThr43Y6
l8NqRG0uiflvpgPXAadk9dHl2ziaeltsGolNroqZNSHU8eUlWdTHW3iFdKXh9Tta
BAO9FJ/vX4+cbmwWlGGAQVZ+AQusdkVKPqemX8ZdJimpKceyaM1vzwIH6xCVNimP
VOfhik8mnEcaltINmTshKihpm2nfLSfRWi6PyyBe842U2G4czcNmHmD5uD7ng5aJ
wiPzfIbyAGWUfJHkuqRkz1aiZHhALhCadYcmUCJan0kzYBLsYWPMIKI+vcrotKHr
FYbtf4jUhpsefb7ot0U2Fbr4xvtdx3W4OykJs9aDz3jtPv20nhMkCRmTWvBFaCOg
MwhGjn2uIBAwgVBj/8n9T6XLGfB/M1PgXp8tCu53ZqwzspfcxgGqFYU0RcjJMWJq
LXMHwx8WaarEEBaJxGiirQP3gT7qqaiLBczA3x4LFiFawruGptPlOdptQmwD9QO0
wD5SsUfFIAmSjSgWZ9TvJ193eEefKe1TBcII5I30FkGgtayXL0eHXOG/FeYFiomS
/DasmToVlqvV3tUWSxLmOBAH3NA3NeoFbv+KyZVNSjHJQ6V4VurQ1gp2bl1Z0AJ6
Hfx7X/u5iVcGJf1+HgvpAQuLoLdBkYKOrEUoDtaeVGs8OZDZ44McyCeMVD+Tn1VO
b0dg1GOGrvYwbwsZSrupd3B3oXmvkeZEQSd6CYuwxUvpJmmAyX6wpHnlFTGyptYu
m/gfaU76A+Yiic8maDY3RumrkCfe8KBUfXiTWW9Rx+nl0AilKwpjTFh60dBiQ3+V
Yg7wcKPTYCODO24CUlgHy/+M1fbx6YjcUhdPp2rGmbNQyJM21vKeBQoJeBTyOaTO
jJl1sXu/ijevN88obuE/OtKDrivjrR12xicHCXVka60n6LNqrwtJQDuhux88WsqG
95Lo+/g+1AOXSlHAaHpeThf+1X2emBFwdQ7lEpo4lobTVIfwNNUzD6ka96a+bTtQ
H2REYnncM3WJLfy3/tB+oikcGTj8ZWzlWjlHUrsO4elMmHb6zKnpnUCMEL0gmsgy
Andcty/Cb34Gr3TCSFO0yt/JpSaKW9ZNkq3gcuhTT2fS8OvJjYeVkmrkHJFq+rr4
+sHiYnBxCPn3o8wOwBnuiMDCeOGWsRrunFmBhu9v5c7LtX+qhP9cWTU987f3u8Oq
910/vh0rYpKHL5MHV4aepySeheZuIrlL3Pi4SU3TTgT8f7bgojlClriqUfS1+NKh
HZX4EaSMLrJ1tXoKk6iRduun3jW04V/3vsYHldXu86N2a0A0uyKpOB5TANxqbs06
io+iJIQ2jZYOYvu2Ihisnkt3OLpst1VKmZkA50myPMOr9H5w7GGVviQbKUH8SWEu
o498Bj21qr5DKj2490hVwbXC/RVojI8PcdNVdzcp4zSkTmHZmjeapg4txitlnccq
WRMc0ttypr5tKtaoCZQo07TcfURez1ANxKPbT9MlPEXI6aFG+BOxTaJ1qnTv+Mvp
64w5/yt+pqSxr8kP4JnBLmEKlXlfzoRN2VvoUAs6uQoZC8cQd1Auj+5yk9H4/1Hq
c5xnNqOQ2QLqFwSFuKfMhyUjS9W8f0gRD7sh3IDkXJ3DomdgPLrRpkgpA56haTMK
iXVQK4ZWq06u4gg/E5wgHEA20J3UOMYdpBjx9EWZmwvTnPAhkP9UpiavU92+O/jM
G28FNnAEQZWL9yHwunL82PslqnW+BhheYXxY4bYRZsjZVPX1LBzA8X+oYl8dwllj
t3jFShNVoa6CVr7Dg/7dSmU4CP+j9SyAYaijYls4FHUFkt6A4x0HvGO6ehjV4Ofq
liX3D0dtAmHMt9MdO2c+ue0zEMHEd6pFndbn/EWBNFnVSeH2TGJ0qfskRCrTgjBC
59dxcUO8PsODy1S/ME2UMsr8IvKG3o3n
-----END ENCRYPTED PRIVATE KEY-----
</key>
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-server
# script in the easy-rsa folder will do this.
#
# Note!
# The option "ns-cert-type" has been deprecated since
# version 2.4 and will be removed from later distributions.
#
# Use the modern equivalent "remote-cert-tls"
#
;ns-cert-type server
remote-cert-tls server
# If a tls-auth key is used on the server
# then every client must also have the key.
#
# Don't forget to set the 'key-direction' Parameter if using
# Inline Key. Usualy , sever has key direction '0', while client
# has ke direction '1'.
#
key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
055e6b31c205ec1ace25b0ef1f0b3e80
e74c454b9136ba2a73e77af7d1a69e27
961a2792f86003c7e5477606511ab117
86a4c648a987b4aed406d30bcf5c32b4
da5405b247161f9f1cafcb82df78f63e
e2151005472f97c913ab994c2b2fc3b0
2c8e2b7d9b466a1f092f375f2a08f561
b8e0c6bd019a5e9b9bc821715287f279
ca56cdd6fcbb3fde55d44da9be2ec86a
b81e52bc44f7c92174795dc12f95a6c1
beeca15154a9c72872c3f205ccf601ea
c610bd2aa828e052febb747c02cfdf4a
959e9a86a01863bebb30ed8f79d13dae
f58e8dde86d46026a27de24e6db51348
1d395e5736eab696c653d1f68a972dc1
e47de0993b8b5d57ecab103e70c4874a
-----END OpenVPN Static key V1-----
</tls-auth>
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
cipher AES-256-CBC
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
;comp-lzo
# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 1
# Setting 'pull' on the client takes care to get the 'push' durectives
# from the server
pull

270
WF/openvpn/wf/client-configs/kaya.conf Normal file
View File

@ -0,0 +1,270 @@
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote wf.oopen.de 1194
topology subnet
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Try to preserve some state across restarts.
persist-key
persist-tun
# Server CA
<ca>
-----BEGIN CERTIFICATE-----
MIIGxjCCBK6gAwIBAgIJANhMyyi1cVS7MA0GCSqGSIb3DQEBCwUAMIGcMQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEPMA0GA1UEAxMG
VlBOLVdGMQ8wDQYDVQQpEwZWUE4gV0YxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9v
cGVuLmRlMCAXDTE4MDUwNDE4MjA0MloYDzIwNTAwNTA0MTgyMDQyWjCBnDELMAkG
A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMT
BlZQTi1XRjEPMA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bv
b3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK+cDn8x2oBG
oH7SDD3d9p+rRE4uzVDp/7YxuvvCXazhPUVc0BGE8hj6jCwB+tbbNlhbm/uwxAX6
96kz2AmoGzEZQy/Icb+UKNkKni15PUEaCcFWkgb9mMb/6XBP4JLUdnxxUn5rYB8A
m4jpKzMz6tBRlNmLbDVbcHriLuJJ3mgFBN/QYV9zurKzMRLv6Y8MVzLXY6MPYaFs
Lw398Iz/lIVLq40FxZ7oktvT3RFQUFjiTqBvdmQw91MYxJHGYZH6XB+tPhGw+9D7
w2ejAvv3MQU246oaEyyH3Pgh8GajSdKmiTH5YHRkp6LVnh7IGEZ1G7dbq8d5KlZP
zBP+Xdsf0gkjl3HI5cu4RJHWFg3dpNJxatxXc8owhaLa3wiVwSXobNsQBUNI5CeE
OItnetBLZzAmDlS5WoOAj5KMApun4xQQJXaazTaM5LhUN1TmXL6dq6rHSZrnrciV
aM0M6F96h0OFYq0RxsztXHiWFxJgbuNQSx1pzqsaFe4MtEEpMlI4SRQjtJPbje80
HCELo3Qfuxm6vLSGH1jXozhDt3/3jB96yBT+wemN3wxiiR/fWfmwH0k3VEFxbsBR
sMcgA3xopoyHU3cUQqWkFaKT0gBa0t2sZqpsaRgaR4YzKVuHu7Wezb3VRAt9VH35
E97yq3vv0J2OFN4trPMZ6TdRcRppe79bAgMBAAGjggEFMIIBATAdBgNVHQ4EFgQU
Tz6IFOGhISjj5ltza9wPl9lg9fEwgdEGA1UdIwSByTCBxoAUTz6IFOGhISjj5ltz
a9wPl9lg9fGhgaKkgZ8wgZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4x
DzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3
b3JrIFNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tV0YxDzANBgNVBCkTBlZQTiBXRjEd
MBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDYTMsotXFUuzAMBgNVHRME
BTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQApiMctoi++fFyKUOzdI5p+mJLxldQD
Jx6V6aY3wZRtKerXFuH+rAZDcBg5pCc+IwVYhR0ilJGvSFrN3nsipSRYkev3W8F7
8NBD0I0A02WmwOZA9GM5LAwc3w7dkGKLTIFM/qfwti4Y6o0Sb10r8QKhggiNBO53
Z10StshS5ciUtw0oH7oTRbsXhLOwwikkBxQgeCU5IJUtC2Xp8uG6Mrkqva/l+PIe
I83YPlE6NGiok2N9Cg7wx7Y65hg6F8lLePIh81pPLVujr91B1Y9Oc/iKwDZ+f0ep
uWnLSZJYbCrv4/QqPi4Km7CqJlPy4Wj861U2SmNkzJC721d2UDVBcFoGw3zIszYl
zGdXF71fcLqThlU/EwNgSOa/hQd6mcCZVBh0qlQHp1nefCUM4O5Qd7swSTV3Bdbx
wkkH/lWRPURL0qMevF5KNYT+dUV7Tplf11cW8D3cIe8+mr7p7FnFjKlbQ+YQQZ+O
d1zX06ADQPLsOat4FNwAkxBLSQ0anK9iu0xZUNy3RMRsLIX/gtl6qvxnWvuy2OJs
3bjs7hauPZLwycL5uaFoKt8twwomLPj4tE0AsWwxIGK7vQajJl755QNEgHfUd8Ng
U9tR185HsyrrKii3tuxGRwJGeN5IQkp/04CL2jVYYzkqe7tsr4SPE++hj/vK4zrw
E+i0hdVFGZBFNQ==
-----END CERTIFICATE-----
</ca>
# Client Certificate
<cert>
-----BEGIN CERTIFICATE-----
MIIHHjCCBQagAwIBAgIBBDANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1XRjEP
MA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTAe
Fw0xODA1MDUwOTM0MTVaFw0zODA1MDUwOTM0MTVaMIGfMQswCQYDVQQGEwJERTEP
MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3Bl
bjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczENMAsGA1UEAxMEa2F5YTEUMBIG
A1UEKRMLVlBOLVdGLWtheWExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRl
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1aAgdbOeOnnqCekdB7T8
cipBFMG8skSc03yBbvtcjwqvVnVDbCe7NGr2mzl2//OphxqwqJSfGD6PtVPH+P/F
AhT1CqVyfYwd+/iJtPk3mwSJZYbCuuZYkVnsjXG8qvNYYPRiBosm3EejlPt4whNO
httS6x2d3KkHjg1AVg6+J7KW+gV7do+QHFY++iM7xgzImGQsu8xJ9MMqZmzH4ktR
XR3r1xCwvxeQo/pZ7gf1SAsDKIeOCDS3OLnakl10LsjvUFMY4vsFpKgwo2THDkoj
NUSGHmVE+392V9KIogA2tLyDevQmVqi+zt6Wbz+OPJPSEcvATPEwU5oxcjXpE3lh
1kTnWAlZlIsjGBRfiEJkP7/1x7BeUgd/gJ3pv0dfwQ8SkPqo137X28aZlcWoPxiW
mkaCPeiCSkCpE6ss8oI3OQkFiVLEt6IlOfatTCFsYo5Dexa6kaDwICeYSF/c5LQm
xNCSsAwXsLxq++QfiF6PHoMVF1aq22I3iqlYE89QkfA6/Bl9WSWKwblZJiLYQlQl
K6SfUSubAWk20e+xMpS9hak6ACyzyUXVKfob298cgvJJU4jwkfwoEvwv74JF0L0F
sIsqFo/9XG93ev3sETzwW7YHbvHi7042TRUnvt7NVoU4mjOI9TkOg2JvhkIsKXD3
sR4dKXoy2ufvmFIRtqr+HC0CAwEAAaOCAWQwggFgMAkGA1UdEwQCMAAwLQYJYIZI
AYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E
FgQU1ISGq3nbuc6XEQy36N7oCw4bqx0wgdEGA1UdIwSByTCBxoAUTz6IFOGhISjj
5ltza9wPl9lg9fGhgaKkgZ8wgZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBO
ZXR3b3JrIFNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tV0YxDzANBgNVBCkTBlZQTiBX
RjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDYTMsotXFUuzATBgNV
HSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwDwYDVR0RBAgwBoIEa2F5YTAN
BgkqhkiG9w0BAQsFAAOCAgEAW7vB0wTa1UAGhMP4Tml78fpCrqw9O90ywX88EQPz
iB0O45sXmTsiSRuN4iBcLtK37GiUnKNIH821xlhWocZUJt65cl5zuqUB33x6utr0
wWYLvErQ6LOCPkfSf0kL3PN/FkoeAHGZ3sGN6sDbg3FWaMV/k5XycJwOQe0WAISh
R8SoO2GiQU74HXyiqrxxUpSAxnvzxclf0QFYitmcOHj7/gqMLeodTampUwYu4GkJ
rv6Yc8aaHTqlQLF1YCyByO22k2tf/QDn/cU95wLO4z1GwsUXd1E8r+zFeM+yiGOY
ge23AAbYW6fod3P/pe5GWWSx/h4oQY2Co982mPsZFMgu+EtjsOESH6M9CzxK/w8T
7V21KUvK87u8tT2FH+7Oq20KIH8zJvdweUQtTc/WcjfEhlG4z3C+iByaHncTlBko
b5wQ24e9eLR+qj1sa9JAhOYStJtfvm8GyNXL0nuwgpdR5y9xRAnxo/9RVOFOGcwZ
Kn2HnSKB8gRZpN1dQnVTotB+uP5FwOVAX5LRaXcZQiEHiXfULE0zKfht8phX6uRE
2xYTY29Zo6rpZY2dZ0zQCIso1dhSqAlACBByZNeKD4045SjdjE5xaNx8YWPLPssf
MQ4SGToeLuZN0Zxc5eLmYumYHf5tDdIuRcYT/PzMriJxmoGSRrIxQ0VQ6CeNjvYw
EI0=
-----END CERTIFICATE-----
</cert>
# Client Key
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQICoSzZdpB2sACAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECEI2/CbJk/nkBIIJSDW5JZnrijlX
X1FMYKNVB/TXBjad1xNhs6UiG+cnz0ug4v8gMkE3ZZogEaHu2+uPtrz3ud/jtjc5
KeLnUuCpPksKDj6peCHxT6s88vcq9gJ25PWH3gDhonToPRI+tkFbmpFrQrR30ZjZ
SOxjN2Zm61Eo9i3JJLdbzlqrjTroTIAoMQixW1mxHzpl8qeIE5xSAFjLBwYcoUEW
EOCRoRlutZAUfn9mzk2REaXLbrMcaebat3l9TIHst4WGA9ihHYn7taLaT+gO2DNW
7JiaSuyzJnUNGz1jRMkaayrS84jiAvxhLZsTI1yPH3iqUr7sHTaGSIkNZgV/xHKf
lrZXvIcQbdIVemfQETmGJfAA175GdCkLXibvxgWrJRSr1z+f75t9kbN/i7F/JgGd
MRo/1Ge2qIkj8PxTvNyn2fk2tWF2Pi4IzBnzWZNDdH+WvaoCMq/zIOZRXlWI3XPo
OZBi3VGgDOvNz1C6XLEBKsLG4MwGVqD/q4dQK9ROEnzGj88gOEAc9x5x1a6BCsmp
LDRK2agWch8I2KTpSWwlNw8QtcSCMCiEbNicy8BgQtZWvvkhmbPWIlpZ9hV993lD
GWdOQSi5NqJC6I/yOTH++STVahiCqs1TWOexqtFGqAm+vWZgFCeipMykCMeIyEjV
1rlDME75y8WOa+YB27MYgUA9qaLeuvWdGedyGCwUO/i/FEkhBeYRz+vdefSDuady
pNLY/cmEKa3HwD7SKSpdtcMG0EzYKj5ysxiQQ3xHUhQEAsJ1cUbt/cZPemK5+eNu
yULc/QtF8QEkTXurdaCLAOEykUccb6wiIJcCN6AFSerWBIh8HJxGS7QgqkHV2y2y
MJX0OJ2qII9s+LNhpXR1zvmdBwAkAAmxsI0vwGAH/1iJ9Pldc0a8o+gWT+m8pmJf
khcpURrkRu4VSWA3t0yEkixR868IAYYGHTLII/CXOqrBdBuanZUHVLvoMdw/4k2x
H6YQtPGbqlsPg+nQ5b5QoWkzjLqVCyuVob5xwSjaIu19qIz8EmXsOXTJRfWbn0Yq
jB267xCwB2BtaK2/IC/TohbWKUowFYr5mcHwjkCaJq8zX9txeJACNktpQm9orXgL
UaSTPFyFOaSUr7ImG92hzCU2nMGwaIwfRvzABIXXNo6pR1O5sS7tPfp08nvRgDwq
ybA+6XKmBPQKrI9GjhcJmoe237RkZlJz3UgjzQqfXRDnq+0E7ApIoWEs90clSZdE
j8I6DMMk1skFuVIsaK75gRaSYbGGyoW7xogzFZdmaqlLOJDbjECZhMnZs2m4nSGf
LqZI/5TNRR1j9a2Xy350V+XZb9vOgxTOzfw8QeIa1iOXX8w9xf6c5BX0e1tworwo
k4yXkgmUivSUtJdPfr5PssHt2m2QBY53LCiku9rseIWO++uu63pUMXhu5tJTJ7mP
q7Q4OOjs9xurd9kSgiqF0VUHATqr1xPOCgbKHIJuScbo7fKsv8UMFH7WFh2i1+W9
dbYxGrdOR233sHYIE0VskFKCDWZEEARm02mxgAXA7nmOY0BBH4t5BQxvKtmx/sSb
O0LUC2LhalTuaSdoqxzj6PkVhvXB4tFOvTRuE4k5P3GcUbeIDcNocZ9mqdMFp/nX
2x1tcdSIxUqw54VQAe7ccRz2CeIHRGnW0IkgE1rS2yrQvykqd54PQPvMJE+CcIMY
9qipwMNuMYAdBK4FzNYTXDZtopyBtBPNWbuieFBf5xOtr65NnA2UHlyYlxq8zG4z
7vGePSzLbSVQjqDFmRY13LxeFtQA+lnlAkb84FvzzIXb3DyPnvfPbXF+i4WPLfiT
Q6avCVDUecoo7zFDEwuHj+ZKi0ObnGLlOvqUtoae7L4rPUYUykgbO5IKfxbbiB6o
KWW5befhyg4X1JOpxkqBMf7tXWAGOTIwGSZk7ZMHjL7i14WYPgd11dqENCAufv26
QRdMdT2g8BLAqCoqX/sdSyow/aS3T88BkWTudXXrPwL0jMxsxg1yJ0mCD9lSZWDe
LPASBVqnmtGQqk/8EBzENMKWebX5iCIZdMgWV+sZMF3CNevcItKKFEib5yosF9Th
cmi6SIy/8dAjnyDDrK0+QB/rSQcp9g0nrjXwHZZv3OvGg6g+WvN2w4b9hHuHVeXP
FLyTJA32RD1xrfmUSTC5ZEWbfcM6erzBPB4I6TIH/TFEG89EoIbg4wOkapilSp4p
68lOuFJGX/dTmHpRvNPqBLG02gz4gSvFu8zl0lVcuARlcTH1FtxB4JaLosWhRySv
q9kj4PDLdWHFWCWQuaZfR3qocVBycpkBDozrBsnag+FADQn3P5GqV7JyXybcIWWN
4/8dNJTwHQhKWyXBMKVAF9DwPUcIFfFoWLTC9dl7JawMiCySxOulILB2LSnqzRhT
I6BDuTcCkYxGsdBxAogO/aGUCNsLdg6q9ZQ4w3LeCYBsvAarUhU/+47CoCEJRNBx
7Ee33WFm7ry8zRik0PaBXifLNt0SByf5xzPn+fKMSXuXapjY7F5Np29O0HeasD0E
F3Me7fJPe0/aVvkvL/dzwjZiWBYlSiz6Q/FvzPa50mrpkXBXDb2jqpviFhW3MA1p
d24q7BxWiO5WpeSQyqMXEucT0hhorfDZ0647g9dwtnuO1iovU3GVc0xbmmDMesTq
ZGlIdZZqxurr6ORjAHkm4hbVOHWdy2yLbFttpiOOZExWQ7zVVcRIApE8pSfcbcdz
7uCQngU/ndbDkpcHdK4TkaOutRRVYu/z1uASiFf6iHIcwFw/Z/R864aQJQszF9WO
XjhEEi4Hgx93+pxNw3pn1oWa+NUf0FM+YdGLPBGrMhrvrM58BcwwEcv5oHOYnra3
es18t57BfzVLpF3qv/0XKRpqodyrRqhSEsVytVPHpkJ0Cia9y448DDNaM8L4S8wG
ILtR8kdk7J2/4V3Uzxyvl8uVWxvxMJ+eVH3zKWTVhhqWm8WUgOd8HCN+tdVLimIW
JsUYq4q7B+1cFWxfsRDRKRonNzEQz6lOviJcKCK531wp6A2Mthi85M92ffkLu7yR
1o6tEOvAVqnFEuJhIjs5dB3TVRLrg5pj877ABc3zKLj+PonDAHzAdl4+IoXeShS2
ag+VfsFS/gaQD/V9iAUuE232dSHTSpP8oKn6Gsw/LHeYkCLBP/O7zwB2dF62bn87
BKvlb18cQk3sw75FG843BA==
-----END ENCRYPTED PRIVATE KEY-----
</key>
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-server
# script in the easy-rsa folder will do this.
#
# Note!
# The option "ns-cert-type" has been deprecated since
# version 2.4 and will be removed from later distributions.
#
# Use the modern equivalent "remote-cert-tls"
#
;ns-cert-type server
remote-cert-tls server
# If a tls-auth key is used on the server
# then every client must also have the key.
#
# Don't forget to set the 'key-direction' Parameter if using
# Inline Key. Usualy , sever has key direction '0', while client
# has ke direction '1'.
#
key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
055e6b31c205ec1ace25b0ef1f0b3e80
e74c454b9136ba2a73e77af7d1a69e27
961a2792f86003c7e5477606511ab117
86a4c648a987b4aed406d30bcf5c32b4
da5405b247161f9f1cafcb82df78f63e
e2151005472f97c913ab994c2b2fc3b0
2c8e2b7d9b466a1f092f375f2a08f561
b8e0c6bd019a5e9b9bc821715287f279
ca56cdd6fcbb3fde55d44da9be2ec86a
b81e52bc44f7c92174795dc12f95a6c1
beeca15154a9c72872c3f205ccf601ea
c610bd2aa828e052febb747c02cfdf4a
959e9a86a01863bebb30ed8f79d13dae
f58e8dde86d46026a27de24e6db51348
1d395e5736eab696c653d1f68a972dc1
e47de0993b8b5d57ecab103e70c4874a
-----END OpenVPN Static key V1-----
</tls-auth>
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
cipher AES-256-CBC
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
;comp-lzo
# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 1
# Setting 'pull' on the client takes care to get the 'push' durectives
# from the server
pull

270
WF/openvpn/wf/client-configs/lalix.conf Normal file
View File

@ -0,0 +1,270 @@
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote wf.oopen.de 1194
topology subnet
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Try to preserve some state across restarts.
persist-key
persist-tun
# Server CA
<ca>
-----BEGIN CERTIFICATE-----
MIIGxjCCBK6gAwIBAgIJANhMyyi1cVS7MA0GCSqGSIb3DQEBCwUAMIGcMQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEPMA0GA1UEAxMG
VlBOLVdGMQ8wDQYDVQQpEwZWUE4gV0YxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9v
cGVuLmRlMCAXDTE4MDUwNDE4MjA0MloYDzIwNTAwNTA0MTgyMDQyWjCBnDELMAkG
A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMT
BlZQTi1XRjEPMA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bv
b3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK+cDn8x2oBG
oH7SDD3d9p+rRE4uzVDp/7YxuvvCXazhPUVc0BGE8hj6jCwB+tbbNlhbm/uwxAX6
96kz2AmoGzEZQy/Icb+UKNkKni15PUEaCcFWkgb9mMb/6XBP4JLUdnxxUn5rYB8A
m4jpKzMz6tBRlNmLbDVbcHriLuJJ3mgFBN/QYV9zurKzMRLv6Y8MVzLXY6MPYaFs
Lw398Iz/lIVLq40FxZ7oktvT3RFQUFjiTqBvdmQw91MYxJHGYZH6XB+tPhGw+9D7
w2ejAvv3MQU246oaEyyH3Pgh8GajSdKmiTH5YHRkp6LVnh7IGEZ1G7dbq8d5KlZP
zBP+Xdsf0gkjl3HI5cu4RJHWFg3dpNJxatxXc8owhaLa3wiVwSXobNsQBUNI5CeE
OItnetBLZzAmDlS5WoOAj5KMApun4xQQJXaazTaM5LhUN1TmXL6dq6rHSZrnrciV
aM0M6F96h0OFYq0RxsztXHiWFxJgbuNQSx1pzqsaFe4MtEEpMlI4SRQjtJPbje80
HCELo3Qfuxm6vLSGH1jXozhDt3/3jB96yBT+wemN3wxiiR/fWfmwH0k3VEFxbsBR
sMcgA3xopoyHU3cUQqWkFaKT0gBa0t2sZqpsaRgaR4YzKVuHu7Wezb3VRAt9VH35
E97yq3vv0J2OFN4trPMZ6TdRcRppe79bAgMBAAGjggEFMIIBATAdBgNVHQ4EFgQU
Tz6IFOGhISjj5ltza9wPl9lg9fEwgdEGA1UdIwSByTCBxoAUTz6IFOGhISjj5ltz
a9wPl9lg9fGhgaKkgZ8wgZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4x
DzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3
b3JrIFNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tV0YxDzANBgNVBCkTBlZQTiBXRjEd
MBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDYTMsotXFUuzAMBgNVHRME
BTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQApiMctoi++fFyKUOzdI5p+mJLxldQD
Jx6V6aY3wZRtKerXFuH+rAZDcBg5pCc+IwVYhR0ilJGvSFrN3nsipSRYkev3W8F7
8NBD0I0A02WmwOZA9GM5LAwc3w7dkGKLTIFM/qfwti4Y6o0Sb10r8QKhggiNBO53
Z10StshS5ciUtw0oH7oTRbsXhLOwwikkBxQgeCU5IJUtC2Xp8uG6Mrkqva/l+PIe
I83YPlE6NGiok2N9Cg7wx7Y65hg6F8lLePIh81pPLVujr91B1Y9Oc/iKwDZ+f0ep
uWnLSZJYbCrv4/QqPi4Km7CqJlPy4Wj861U2SmNkzJC721d2UDVBcFoGw3zIszYl
zGdXF71fcLqThlU/EwNgSOa/hQd6mcCZVBh0qlQHp1nefCUM4O5Qd7swSTV3Bdbx
wkkH/lWRPURL0qMevF5KNYT+dUV7Tplf11cW8D3cIe8+mr7p7FnFjKlbQ+YQQZ+O
d1zX06ADQPLsOat4FNwAkxBLSQ0anK9iu0xZUNy3RMRsLIX/gtl6qvxnWvuy2OJs
3bjs7hauPZLwycL5uaFoKt8twwomLPj4tE0AsWwxIGK7vQajJl755QNEgHfUd8Ng
U9tR185HsyrrKii3tuxGRwJGeN5IQkp/04CL2jVYYzkqe7tsr4SPE++hj/vK4zrw
E+i0hdVFGZBFNQ==
-----END CERTIFICATE-----
</ca>
# Client Certificate
<cert>
-----BEGIN CERTIFICATE-----
MIIHIjCCBQqgAwIBAgIBBjANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1XRjEP
MA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTAe
Fw0xODA1MDUwOTM2NThaFw0zODA1MDUwOTM2NThaMIGiMQswCQYDVQQGEwJERTEP
MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3Bl
bjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEVMBMGA1UEAxMMVlBOLVdGLWxh
bGl4MQ8wDQYDVQQpEwZWUE4gV0YxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVu
LmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0sJTpgaiu8z6Z7wS
k41zXZoYxqJeTIJdhXVhh8R+i+e84nps/GdE1W2olLwtqWp2sYrm9L/VzkNn/UbY
UR12jkRGSMCy6CwLvdSJhtXBrmX0GSXUlSQ0O470UArgbpPkK7sWXDwkLkd7Zlql
LTzFr10LWlKeCk6HIbqxfKyxsgyyjFvMX5eKSGYBaloziZwyk6O2u+LX+C7FkxYP
1IeRmA0ntOiqZoyV7y+Z24lsuDOPpK2zUon7sR0gWgrawl24aJHgPJYI12l0qT2q
RJHrpG0VioaujUe2p47Pa+ulCy4Mz6udKqooUyLSkRvnVHJtbeWFBtgF7t4zvkme
HVm8rnqgC0whpzoVcnSgX7VrGhWcD3lImT0wOQK94ZUgXB9nSgsvW9bRpAEyW2cY
sgH6Q17q1Ln6UJ31jRZXVefyzXD1yO5HRVm7yUhbXE8CLJlIYfVz6W3yBpS0m1I4
Abq8UKSQDEhuYB0eK9NHnb6npKuvfoiW/sMtKXbNfcDr/ww6rXbI0sLlYW2CDNzR
UZJGwNO5WzJKdInQBIs/1Y4waIE1fM8reTAsqFeh/dgJhHBDskrt1YoWWt5xw4Ga
yFi0WgH9kIhQ7C1W0jmJb/0kAK7h9Ga0c9k3FrgN/61ZEkQo2eIWvYaMr3kG2rDd
wukTVTOCo7E0Ifhuj/0AcIvzxTMCAwEAAaOCAWUwggFhMAkGA1UdEwQCMAAwLQYJ
YIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNV
HQ4EFgQU19HWCnWFb52ojGp9mAwkEcdRkRkwgdEGA1UdIwSByTCBxoAUTz6IFOGh
ISjj5ltza9wPl9lg9fGhgaKkgZ8wgZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZC
ZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQL
ExBOZXR3b3JrIFNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tV0YxDzANBgNVBCkTBlZQ
TiBXRjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDYTMsotXFUuzAT
BgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEAYDVR0RBAkwB4IFbGFs
aXgwDQYJKoZIhvcNAQELBQADggIBABTVZ7d2QbzUsakRHJzBHiAo250sIWdet+D0
okeKbNq9pdT78IS7CwWVCLpkdvDYrJVehUUVuMAKoedfITb3mEP23O/UkV4ZyjPp
vBJ3eHYn0PGVAmwJLIauXQ1QGHFUMd81a8M8gV495lVBP4nOnCb6uh6waG7W2FH2
7rI9LqsNDehEN0XYD6tCK5h5Ynm7NPFq/RxW1nfybwAEw125TIlVlz3C8mhPslZF
UisdDTjSuhTmBmgNwrKJyVyHB9OHofoSqykkf/KlARfAHNF9hLgHB1YYwj6bO/AX
WNokIzoSa9ejEr44NhtwlDYhaGhTZ6zJr/cUQmzt5+g70eo0z2L2GZaDj3DofPih
rPLY1Q1Z+vTnuTUoMJOe6uGKS8WtS57J/OtgEcubMywgG1mV5evh/xfSGyiCW6hO
RxS4ekg+hGD93cIcEcFITKV0gX7iH+wg8zihzaGyOsBai5DMu0dVrLFODx7wlMYo
hubWBknTR7zcdM9F1xsSfbXiCJci0nVxyfz87Bh2YL7Z0oj8iT4Npw6t5jro8xEa
e6+lYxwHkX/cVb+NuOA878M6e92XyioPr//l+MvqpP0Oe66SZ3z9TODNLPQxezVd
QpI27YqioI9hx6uInu6onoaRxFqb4juU6w2EXov/qihIxOwnGK+00g80ULBEt8+j
5zzgFMsW
-----END CERTIFICATE-----
</cert>
# Client Key
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIJpDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI0HCBSTPa7qICAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECD/KDImZws4GBIIJUDtf1PZIZQzO
iN5RuMQGPsHBGxRhxfRemCG8p2QHM/oAoI+NnEZN8nTf1nnc5PO6bgV7LWIrjVHw
/6oZ7PLh2cq5e1i1gq3aimt5zZQMaD6e4GE/KlzL+jErJU8iPxG1HwgN1W2nWqyQ
/GR55niq81E8PZAk1JwBJYswXJVEr6ybjAtKHwbtB63UJWSmZnIWMgt28zTr2Xpu
B1/CpHBTtaL10klNg8CTYn+t7F0E8e8OUsy5RV6WboMBu/O+2i58sR8K51DC4AH9
OfcvhncBHv8HQHWddzfAbrMUNiw+vzc8yMsYTZt0jhcAuXBuVieALI3+zfkh9SYO
3vcAumLip/s2jkuEta6y19zb7hoC7gKXQiEa9/ikyAfGjhqI0Rz5M5/lWe0p7obG
YEaqI5yWKaI6cKHSVl9K4ItUnq+KZHxJaGdYSutRdYdaMQ2uhe+gvImn6Zyc5JwA
WA11vYTGVlKBDRaoAbSyhKd+saKAoMgboKEGww3zbfMg6bfzqc8maiqZ6kQmj1FF
HGSDEF9gvpenCOYP0txGp9KpfcA/TgNRtzNmQi6M9CbjWKL1yZbb4EvrGPlzPJ6K
YNMmU9mPjESaM32Tq79LZsb47L4eBm4ET+qjUZ/1JaDAFGxxIrLfqDxgONa+BwGV
YZIKtOLxLPM5pSzR77o01IA7IcYXAy0G8v6eaJ5YKj2NVKF6r/a5bgVksbB7NJFp
mHqgq/Ch4pnPCqtDuId595Gzylyva6BtsN7KOOT845K7TZY1mLtiAtkAuXm/zO1G
uD5vMJ7gvtVueKdzszeDn8sJpa3idCFJNdnmv84v4LXkHdibwBnWRb1SFSNr4ige
ONBueXHvAyoBDKgGQeXwhW/U0t/kpkDl3rYCJ446YnJVUL0rulaRGTmnQPR12URG
aYXBFZkgm+4fzCxXOJCxNcw3ZtnzRMtwh7ZFZ7BsrGVWbEFa4X+aV7VZ01TfgEjA
fK0I4zbEzxxwZz/5OvINleTCQ3sTfgLYpEOtGldsVIilKY5lVAigXKI+9eSssT/W
MHasNk2Uim+s3bzNeRfJF+l6N9vHC4Kxk2DdX03jK+05Uf4WYXCd/rgkq2J/Cep1
Go+2NXfQADUWzCauzhNubaYFZQgQjZl5CXNeJj0/MxwwLUAaPcvcuG8H5K1Egiy8
vmgafktTg1P+k+La3dx8a371lqeTP0zB1JMGor1SwlcuMSt063FQdrUHth9BlTFE
A+OghYIntkQcheWutIv1Nb+DDeFVEgf7oYcsT7E4IcV2yjQ2kabI7veJzKgN1F76
7lG7xIJgB5XPhLuGPN52XghiP9ie6dtBJCFeR90TQ4wRMAII2cJXksPCnI1zSGfY
1beGSyq7mQsIWqJRuDeGuZYS4V+p2WNO7y1OKVastR0pqCkvl4VPqQwdMDIDYaqq
VPcicG3td1dd0o45aMDACxHiLhjR6FnKGzaAYbjGfUy00VqStKcuAf83WCuGPo9H
tr01jzEB2VQdO85B0kJubl+I1ns7WXxMMNTvz8l9n4HzJ6fX418EL3UxolhfBiYZ
xiGgQjA+X3CBXAiK8GTu/WzHXeRi/RooeNY91js65lXzxdzc47maG0Rx1j5QyAid
w3NxCQ0+uDAmVbBUo4noPDXhNlpbRPF2Za+WD5e225Vrui6nCy8qwl9b8gxkZ1wb
tP+Uc6+sIWBueFVAOOzO8vURumvT6FsxVcs8zZurZjuiuWqXF/sM2JJmF3Jm24RO
BpZo3G1o6wcbSdQbPfH3fTJ6aFLibRCMv0Kzb2tL7Y3wXT90tofWC5ZFQN0Yx6C9
mBRXFEeAWw//IWroo6ypY3q9zcEQ8QAGC++rpRNVDYRLwpB19m/QK2oeOiWCKkSM
mf7jnDH6I8sqTU2CZ/zEtCVg0pBgdBiwaCw0d+j9CDHdPmUZ3LP/9qXv/4MzycKU
DGX9rEzzFydGwgyKC1GZ5B5366Tvaqzcd8jCahxickWBB81g6nw2zGCVipiaOAbA
n3K8Y2n66+K7H64u2wDGj5sXK1pBR0hsxNoxm60IlClWS8o/q3H5Oji4sE5l9eGC
SbjFDzrdWOYAlEIY5b+PzRpm6RlscGsQ6Q/6x7TbUjztK6qtNlQnhADKB4gog7et
12N7K2p0qOqyz8kaHyjEz8bV/AIE6v6bGBL8KGDQIkv1h2rctMf8CP9GtE7h6DXk
OahqtazAAqXnjPj54g5Odf2A61jh9lSkG6EOU6GBA1CAz99sVrmR5AWPrGDbgO0V
aW9lf5w9HF5ItranrY4NKwkuEHVca+WGdaov5JbwuglOlBf0pHYDhr6FjNecqgGL
HJ4EqAdCnKmWYdLJe7nzkHG0CrQ0JfLtT8MRnNRFbEmno8NmNcD6zYQyEf5i5CXA
0ZUcGzv3RcEBMzRNjSbmAG78I5jvmcmuGLKOj0e2R9IU+HW7A1xmK9mwLVWjl+Sy
XbVGLePpfwBHBauQ5B8w25G+bACnixXsGpINXgHaU52aTblyyXl14yt1hRgcHv/4
ot9r+YBZ1nz71+RDIP2wV87Mt8n0wFKiKju7a6QU5TZ6bPhm8vtRqoV9G88UWvCk
aX6kkw9H3fIEoegy3Nqm8Li++cgyOXHMXtU99xaUYcnXPYb8xF9pC/Ip1o6GxJx8
o7N1FkXkG9Pu7urc18TBTy/G2c6NUTAu74vycS4bmVgxXep0PtjE7tIoun3oQY7F
VedR6p7LGxVziq1OAw6MUBmfHMcPl5hZ7GDCCd99QJ2D6Gw5XrJpkbcOMVoL3DXc
znYC67DVSRY8GXZJ2ZmjXrosjQlvDMhiV31ZuZiFk5/T0+m4SpgnmgvBEJPk69Ut
UvsPrHrZGniP6BkUjq6yRHwGcBGotoLl6m9+g3jDcLMrIcGs9Ig812kUuxldvM+I
9OUeGVANnXosTkSmCPEQvZVlerHPjWEy0ZJEhhnlNHOfTC9noEZOyyo5xhNBEK5Q
JLJ6XyGFcxdqZ5Ksp2Kz69bdht3Svg+i5C3ZzzGlnTgExh+KaGbbyez4JQEA5yPG
hd0H8k5a+CsJGiNrIdiAw7HXUDBhvZDuo2yCjj/Ft1jx29+G+yYZe9kDr2wk0zYQ
RRfLH1wi9IYQThw3bXhiNklrBlWiJEXU0RJfmV5kxYVdqg0LJdIEGdw4Swb9wZdN
p8STDgChsK/ZzgX7EyItgHFCKIWYf+gs
-----END ENCRYPTED PRIVATE KEY-----
</key>
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-server
# script in the easy-rsa folder will do this.
#
# Note!
# The option "ns-cert-type" has been deprecated since
# version 2.4 and will be removed from later distributions.
#
# Use the modern equivalent "remote-cert-tls"
#
;ns-cert-type server
remote-cert-tls server
# If a tls-auth key is used on the server
# then every client must also have the key.
#
# Don't forget to set the 'key-direction' Parameter if using
# Inline Key. Usualy , sever has key direction '0', while client
# has ke direction '1'.
#
key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
055e6b31c205ec1ace25b0ef1f0b3e80
e74c454b9136ba2a73e77af7d1a69e27
961a2792f86003c7e5477606511ab117
86a4c648a987b4aed406d30bcf5c32b4
da5405b247161f9f1cafcb82df78f63e
e2151005472f97c913ab994c2b2fc3b0
2c8e2b7d9b466a1f092f375f2a08f561
b8e0c6bd019a5e9b9bc821715287f279
ca56cdd6fcbb3fde55d44da9be2ec86a
b81e52bc44f7c92174795dc12f95a6c1
beeca15154a9c72872c3f205ccf601ea
c610bd2aa828e052febb747c02cfdf4a
959e9a86a01863bebb30ed8f79d13dae
f58e8dde86d46026a27de24e6db51348
1d395e5736eab696c653d1f68a972dc1
e47de0993b8b5d57ecab103e70c4874a
-----END OpenVPN Static key V1-----
</tls-auth>
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
cipher AES-256-CBC
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
;comp-lzo
# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 1
# Setting 'pull' on the client takes care to get the 'push' durectives
# from the server
pull

270
WF/openvpn/wf/client-configs/mariette.conf Normal file
View File

@ -0,0 +1,270 @@
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote wf.oopen.de 1194
topology subnet
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Try to preserve some state across restarts.
persist-key
persist-tun
# Server CA
<ca>
-----BEGIN CERTIFICATE-----
MIIGxjCCBK6gAwIBAgIJANhMyyi1cVS7MA0GCSqGSIb3DQEBCwUAMIGcMQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEPMA0GA1UEAxMG
VlBOLVdGMQ8wDQYDVQQpEwZWUE4gV0YxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9v
cGVuLmRlMCAXDTE4MDUwNDE4MjA0MloYDzIwNTAwNTA0MTgyMDQyWjCBnDELMAkG
A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMT
BlZQTi1XRjEPMA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bv
b3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK+cDn8x2oBG
oH7SDD3d9p+rRE4uzVDp/7YxuvvCXazhPUVc0BGE8hj6jCwB+tbbNlhbm/uwxAX6
96kz2AmoGzEZQy/Icb+UKNkKni15PUEaCcFWkgb9mMb/6XBP4JLUdnxxUn5rYB8A
m4jpKzMz6tBRlNmLbDVbcHriLuJJ3mgFBN/QYV9zurKzMRLv6Y8MVzLXY6MPYaFs
Lw398Iz/lIVLq40FxZ7oktvT3RFQUFjiTqBvdmQw91MYxJHGYZH6XB+tPhGw+9D7
w2ejAvv3MQU246oaEyyH3Pgh8GajSdKmiTH5YHRkp6LVnh7IGEZ1G7dbq8d5KlZP
zBP+Xdsf0gkjl3HI5cu4RJHWFg3dpNJxatxXc8owhaLa3wiVwSXobNsQBUNI5CeE
OItnetBLZzAmDlS5WoOAj5KMApun4xQQJXaazTaM5LhUN1TmXL6dq6rHSZrnrciV
aM0M6F96h0OFYq0RxsztXHiWFxJgbuNQSx1pzqsaFe4MtEEpMlI4SRQjtJPbje80
HCELo3Qfuxm6vLSGH1jXozhDt3/3jB96yBT+wemN3wxiiR/fWfmwH0k3VEFxbsBR
sMcgA3xopoyHU3cUQqWkFaKT0gBa0t2sZqpsaRgaR4YzKVuHu7Wezb3VRAt9VH35
E97yq3vv0J2OFN4trPMZ6TdRcRppe79bAgMBAAGjggEFMIIBATAdBgNVHQ4EFgQU
Tz6IFOGhISjj5ltza9wPl9lg9fEwgdEGA1UdIwSByTCBxoAUTz6IFOGhISjj5ltz
a9wPl9lg9fGhgaKkgZ8wgZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4x
DzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3
b3JrIFNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tV0YxDzANBgNVBCkTBlZQTiBXRjEd
MBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDYTMsotXFUuzAMBgNVHRME
BTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQApiMctoi++fFyKUOzdI5p+mJLxldQD
Jx6V6aY3wZRtKerXFuH+rAZDcBg5pCc+IwVYhR0ilJGvSFrN3nsipSRYkev3W8F7
8NBD0I0A02WmwOZA9GM5LAwc3w7dkGKLTIFM/qfwti4Y6o0Sb10r8QKhggiNBO53
Z10StshS5ciUtw0oH7oTRbsXhLOwwikkBxQgeCU5IJUtC2Xp8uG6Mrkqva/l+PIe
I83YPlE6NGiok2N9Cg7wx7Y65hg6F8lLePIh81pPLVujr91B1Y9Oc/iKwDZ+f0ep
uWnLSZJYbCrv4/QqPi4Km7CqJlPy4Wj861U2SmNkzJC721d2UDVBcFoGw3zIszYl
zGdXF71fcLqThlU/EwNgSOa/hQd6mcCZVBh0qlQHp1nefCUM4O5Qd7swSTV3Bdbx
wkkH/lWRPURL0qMevF5KNYT+dUV7Tplf11cW8D3cIe8+mr7p7FnFjKlbQ+YQQZ+O
d1zX06ADQPLsOat4FNwAkxBLSQ0anK9iu0xZUNy3RMRsLIX/gtl6qvxnWvuy2OJs
3bjs7hauPZLwycL5uaFoKt8twwomLPj4tE0AsWwxIGK7vQajJl755QNEgHfUd8Ng
U9tR185HsyrrKii3tuxGRwJGeN5IQkp/04CL2jVYYzkqe7tsr4SPE++hj/vK4zrw
E+i0hdVFGZBFNQ==
-----END CERTIFICATE-----
</ca>
# Client Certificate
<cert>
-----BEGIN CERTIFICATE-----
MIIHKDCCBRCgAwIBAgIBBTANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1XRjEP
MA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTAe
Fw0xODA1MDUwOTM1NDlaFw0zODA1MDUwOTM1NDlaMIGlMQswCQYDVQQGEwJERTEP
MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3Bl
bjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEYMBYGA1UEAxMPVlBOLVdGLW1h
cmlldHRlMQ8wDQYDVQQpEwZWUE4gV0YxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9v
cGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4q7SbkKiN98b
zF6jTg14NbVjbsTbhmF1DmzhDfyvcCR3TpppWhGF8ao6aKjU5Oghn2anB3uqSY5/
4H+D4crrDh4LeKPWKaJV2ZK7kgAI6mMAhVWdO7oVkU70iQcRZW5hMZ6aZm1qRC1T
xcFRsayHIkDnoXjPLZseYYYAXSmWcRnzSeeQz+EPSeZGeMMB9vsS4qFbQtTpJFFa
HAzegHTmJTVkxYVE0yEF/jTBaF3qLTd4WhHwyzJkxZk2u9pI248mRXLKj63Uo1dC
2Sh4UKi7z5ulz8nqCarWhnHIS7hZr+Br8NhqAN6uhWlKLwtUAogCMH40iUY3ZjbL
387yVD1xCWHWCj92CXTWt2vtnVU5pE+81IvqRUFy1g+UfH5Wc9VqY+k1Va2y1FbR
G2dXJ462aXBJRGZuayFo+mXAaowJMMDwYFC2+7u+KFeCJQOGXlC9zeOpU1bSPqrm
LUkZI4VK+sbaLuCLi57twyHAsHskeJ75dE5wLXII3+tXUHoici2uXVAfrHRxX0M1
nF+GRT3ZxduwapWsmpT9Q8APEI0cbNyKJV3Uu1hDk8z4olPj8lZ9qyofKRIy2b8R
lmLjYS8xqnGYcTACIvI3m5nf+V/R3qQS1S1EaC+pJs5ufkG0VKW3B+twRWOZI5n0
AHB26mll5+OjTZn20kUNPmxVkHscxFUCAwEAAaOCAWgwggFkMAkGA1UdEwQCMAAw
LQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAd
BgNVHQ4EFgQUxrj5/616MhsuFBDedHA0UwJQc4kwgdEGA1UdIwSByTCBxoAUTz6I
FOGhISjj5ltza9wPl9lg9fGhgaKkgZ8wgZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQI
EwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYD
VQQLExBOZXR3b3JrIFNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tV0YxDzANBgNVBCkT
BlZQTiBXRjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDYTMsotXFU
uzATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEwYDVR0RBAwwCoII
bWFyaWV0dGUwDQYJKoZIhvcNAQELBQADggIBAHit7TZviuYMqNNBJ7ftvJVtIIPd
GrGmyJPe9zeKlvXBtHxdkueN1B0xbiCZh4lBXG6X5dTHfWn4uG4OdOsG0qy0rZqF
+uxKRXAhRw7uSGRWl2StOoeV4B0KUz5KRdCL+hGkHawEZzpTjByHc+qqhW2g/RGq
y5WXjDmcnrUMVCsId8vfLyhUg9CttTzbaWIENarq3q12FRCYfoy07ErekO8qhBqm
X/v5IXIQxQpPAd72vljKzfM2X9eDLwurWOL++AkI6PGs7haDQ4b2vBRnNmO4pg5R
Jh50O4PzvbRexKNjzT64Y33xQe4TOLmP8Mul9a3xOYikdrkITptj+vKrR2rXUT0J
L9kJ7iTAkxQgVRGPxj8yq4eHtvimhrcLlp6Xd3WmkUBn76uNkSsLvrPgO/FUv0Sg
Eo+QVeLNnC5TjmhPAH801B6m1VxoPMCegQhn8buecUztxz8yKB8ZxnLBctrx8t0F
csk03x0nbBz4KH+vkZ1zD26/rqFIqIhhP6d9n5JuVcx3IToVc9I3NjdHPkSAujbo
YT2UINm/0GQoufigqS6I4AAjmiGwlrcaOYJ8OAfxRi8wfHJMikkmWK97/0bNpI0Z
V/1J5aIVZYGnJz4AWBHcGRKp3Sbontv0sGkx7J3srRNMbJZnD/GQXKv/Lb+79E4y
jsrzmdsWZwukEqTo
-----END CERTIFICATE-----
</cert>
# Client Key
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIJpDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQItmmGXbThBbsCAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECGzVTuYqI+5SBIIJUAZiu3vVN58v
ZxkslP58bx8N2vvk4wmhkeozlIDCeMmsd9nrRVBN53IFlqqEL+irgCiZAqQsNlJF
CAkh4ZhhOE5BhXTEFrkFtMDf2nzfAEZUVDPGwvC038gEC0kCeBk6cEm3gqIaWVov
OCmQmDLXgYXHoY/a+Bu7BVBwFFfDl82M1EkAuVLhjh8PHVRjF0QbfLenCZEE7k0h
q7XWpcoonQB51nbBVZn3LvCdcG8YAHymCjahE7V5SsjYR/boxQMRduyFApXbKik2
9cachDg85gnqRVDNMhHbCZv3ZwmDXFkstjPmq+IF4zTKXdDD3Vm6Rk52P4hSiLvM
1BR8ECsxk3W2u3ughXIv13FD/jt8Hy22LKkso0S6SL4hhgdvdZLqa9A8F+g50rQ7
vYvN366cd8xP9GODUPK9nMMou0IpA1460ZUI54n2u06rWJ/ABtcjgG1hlOecywHY
l0IFnm5HrE+WzkIrD4iNQa5dbDlS9dw1t0J9OY58H5SjHM0+GoKhz8wH6mBE9THU
dRL/z3QHauEu5nTqsrWIPKQdxAUblVu4uLgEUwt6neC15d9U0NOp3flf4GoK+ONF
BkQCFUh0UqfzY+30hD1cIU1kXYV4dMxF8hu5IRbFt+cp89KDPM5s4TBdYPYLGLnh
mnTZQjFtWrfrZdY/Is4m8qY5qkIKu2LZQF50KFOuHsOPiTX6heBk9A8YQJk7WTBJ
mfz4lzejZ2tHhZNT7hIcK4EnaxKkWOiEIHx03xk6/dKcnNdusv0VUEGDfK4MXX9f
Arc0jOf+URgRAdO5m0etkyLp6u3/5DTfq7sM+Vns4f42jdUrB1FW0Ho60EZgsZef
T3bPlXXGw/qc38HDZB0o+tBAgYYpOLvFzIg3ckY7ds3H6KMrxr2suQ6CLZwzju78
xf6BYQYCbh2QuGMhSlG+t3FX4HHhzurmH0ZVTOlBJpK9dyWCPQzGNL2nF37HMRpa
YKT8wxcPfi2DRpmN1ESIAzuWIg5JBuxKSrQhNiz/8jJ2YISTpj/N+sjvb51yvfrJ
I7QOKqePnKjfEy567pKmRNMTr0InGEbcmhIJKWzmsdGTgxZK4oAuA59FZEcxwzIA
rh91L/gcS+rDMCcFdTtIcQK1BIfRvWHo3s/ab7Szow2MNyrgTAPTCjfDKvSEGYvi
latAZFIxlpZkd+W9BETiwk84uUYap9c1gAxg9K3Vm0dXX/O9YDM5iYm6wZ50oCk/
5jzF9JfcivzpFtxumWW4zDTA2xnCTEURXFpIwMdLR/oUfj1uVE5SrKLUjqKxiI4H
0Zk+wfXU39nSusNMB+v5dGU/KMsMXt7KrAh+nMra22TKlUjfpv7yX2se7UfsdiYz
l+SRRHWIucbPgseghsHLjUdQRKiIrqGXZMfHmqNB/Sl7kWD+ifSKSKznS4Z7tDRu
f3LOOSh466nW+kVJnjaFU0RDglLI2SGrRMwDihUU5x31aJs0q+IdS/aJu8suRpCN
AJjnUiDVQ++kHWfCr1DyMijf46wIDpDc9Kff43RnZR0ImEWu5w2DCbPXTJttCKPZ
t17gINkLovFIx5Zz6MlJ6xu+lPfHG8W8b3LfryWatbFVTODMxft0cPGoMip3MCEw
G7ZCD0W08WSHKHQjVzSeKdDyJ49q71tpiSuvKNOSgZUkssP8fSRR0xaZoPAZd17w
99TJi9pI+CJwpcnXb1L98PyCpyMt7U5/ULgsrGey8gEMSVuC3/K8zG5kb6MnkVNi
dweXBReyfw+VYLSkHe/Sbyr9g3Z1w+i7MHsULIxyRE0ItP+nTynE1PKUNW8T38x8
pjb/ugEv4yOWG09D8ZXa3QpJy2ReQAHR7S346R/BiPtJspnOQLaegGM4mTjNLXHO
AZ702X85sNJxDiqz/od9osStbAEmlTSvOnTdKgnjC0gnDeV5M0ZWEYPOX7s93Gbq
n8QxzdgLiM2AplLDnDYYhqAhGLklchL37ftFNBfVx1xv9tfc1zgVjmWh8GrSZriB
C8BpdyhBrxAkomUNi8Lr/f2oSFekOCs9WK1+XDs23f4dsvVbi8FdEYP6UBytEJdQ
lY+SguBg6VQXx3ilswHJOFZ6hlRcO+iP3u6ZHc9nFyGDPt0EBwrRyLb7mwNU8U2s
vI7BFp/LK4p7t49AR0bywI6Y6OI6yTnsr+5zGx9nOggzHdNttQ+YSeTDEMdhTV6w
70jJXnXfyHcqO0WrDXUX9WtHxD8VVN1wx61HuvOnx/m0623FnKaCSHR0X0SroCR8
5DFd0GR9oR8lhmPM/W44acRL0PphCHPoUud39XJodKVgqZoesURYGekD678cUlsv
/1xLVY0CHnlcreR6jPjVYRrJbMgkaHtkCw79QkfzFJLAdv7MbzbiH1eOqOc+rw1K
UytjgJozQSosgvznseV9eYGaM6prPVyNpHBVDz7RuXNu60izDDWIG6y5lMoPmX/C
/h3hY15r5DwUgQ5awgNHk2TmW5qQQJT8Ef3hvkuISKY/vyMcOoBtN8P4KDRV8MGJ
0dDl58ReeND9KYwj5y9IgruSqqfw/9n6ujbgdmPwIW/EQkxd7cBj93rz8AkZwHyq
2PYMIAu7K9UHP9z+WQsdt4rv3LCQlj/tKYy9MhwRnSFDKNl0Aaa5vXi17pnf5aAw
o0MrDyDRgLITGiYHqBdCAaOpnlno62F9QTwnnbTq+a26nMe29t8e7Woy4P+SMDwW
W3hbK98etSgjyHw/0i41iqi1w4SQZP7tKYUR9KcbH8GpGOOZdwv8e5AZ3j9qnd4k
1iUVXQOhwL3kP0F2FBVHc/RDpBQDstkdlNYRh4+2wRz24bbjbILMEfx/+KMb/53m
MLdVhmN2b6roqwWppp9OnYADLzdZ4uGI+dLenLEYP+y0Ah5kp3jCbwMLTabLSG7s
u1615I/mHq4c9cqeK3XJ+RjGG5VWSIFraHmdeXXLqWnafFPx84NI0sVOL0rrmDh4
sW5S5WhMdtj59vJGdB19gyi7nTY6uVMsTVLQtU7InHyGHxWPzlUJNJnGkpLlwqJ4
Mx6RG7OR5zyzwDvlFFK7Thk3BpA6RirKIySv4kNZUVswsNwEAMJ0P2Yl/nd92Fpw
1Z4Um5FwwQjopdKXIWqcJgKUv0YIUvTWnHVAEB75/zZ+DdVei8eavS6exRJPbDVy
BJuNlwVX9zwlecirUQdF01OBIVs+atz9
-----END ENCRYPTED PRIVATE KEY-----
</key>
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-server
# script in the easy-rsa folder will do this.
#
# Note!
# The option "ns-cert-type" has been deprecated since
# version 2.4 and will be removed from later distributions.
#
# Use the modern equivalent "remote-cert-tls"
#
;ns-cert-type server
remote-cert-tls server
# If a tls-auth key is used on the server
# then every client must also have the key.
#
# Don't forget to set the 'key-direction' Parameter if using
# Inline Key. Usualy , sever has key direction '0', while client
# has ke direction '1'.
#
key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
055e6b31c205ec1ace25b0ef1f0b3e80
e74c454b9136ba2a73e77af7d1a69e27
961a2792f86003c7e5477606511ab117
86a4c648a987b4aed406d30bcf5c32b4
da5405b247161f9f1cafcb82df78f63e
e2151005472f97c913ab994c2b2fc3b0
2c8e2b7d9b466a1f092f375f2a08f561
b8e0c6bd019a5e9b9bc821715287f279
ca56cdd6fcbb3fde55d44da9be2ec86a
b81e52bc44f7c92174795dc12f95a6c1
beeca15154a9c72872c3f205ccf601ea
c610bd2aa828e052febb747c02cfdf4a
959e9a86a01863bebb30ed8f79d13dae
f58e8dde86d46026a27de24e6db51348
1d395e5736eab696c653d1f68a972dc1
e47de0993b8b5d57ecab103e70c4874a
-----END OpenVPN Static key V1-----
</tls-auth>
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
cipher AES-256-CBC
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
;comp-lzo
# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 1
# Setting 'pull' on the client takes care to get the 'push' durectives
# from the server
pull

18
WF/openvpn/wf/crl.pem Normal file
View File

@ -0,0 +1,18 @@
-----BEGIN X509 CRL-----
MIIC5TCBzjANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUxDzANBgNVBAgT
BkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNV
BAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1XRjEPMA0GA1UEKRMG
VlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZRcNMTgwNTA0MTgz
OTQzWhgPMjA1MDA1MDQxODM5NDNaMA0GCSqGSIb3DQEBCwUAA4ICAQClEKxg1LCG
R6IHYZaVNO4HiLAOePi+bMs+gd2ym8258UBFApMHnD0zfYGeyCSB0NtdWcddOKHH
ecjAT6kuHxAfKkEBgAdpqPov9RNI7ECQvy3QXdZMM+1AxXjsYRxg3GE9AW1/gRpU
WvnMtK4MrkXoXtYVey/X6uOD3qoApM3M6CEuS8ZyTjh5bKiLHI3Alu09fPm2apvs
jZfOxfkDVrG29coLfnMDRW91CSznBR4cKq0ePfg0W6DMgtY9cx3PYFtCov1yrCLN
OTFGJsMg/D/VbBFr6lMyDJMmwlpA7UAItGeI/px2mId+W7yGijaqt2GBrBgu4zwF
R+ib+L6VKaQs1lkq+m+6Qhd2ZTG2fL3BX8CkpM04cOJIyI5cCtjhOjg7OZYj42r7
jA2L9bZmbJjrimVt7mV7gBGR3ZPJqcdWUYAEiNJDC9pEs7S6BFZI5LRObBNp7wF0
+sGSf709MNyAizPgAm4wEgpJhsqywhsMim2zNa5etr74kGQgeq+fAcCwkicmAp5F
BRvUnU47GwaRBeEtranRy4pbKWqV9/GJ01ncV8K4SPb0FlT9cfoc42zWNOccp16e
/tZ49Bgi7COj3DSE2SUpKKKjWenvw+7cjLt1rw/aFLxHQCCNnYd1upweRFPZQtf+
3a4aTnwu1sUBcreS4WfrBk69GbNbClAF+A==
-----END X509 CRL-----

1
WF/openvpn/wf/easy-rsa/build-ca Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-ca

1
WF/openvpn/wf/easy-rsa/build-dh Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-dh

1
WF/openvpn/wf/easy-rsa/build-inter Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-inter

1
WF/openvpn/wf/easy-rsa/build-key Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-key

1
WF/openvpn/wf/easy-rsa/build-key-pass Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-key-pass

1
WF/openvpn/wf/easy-rsa/build-key-pkcs12 Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-key-pkcs12

1
WF/openvpn/wf/easy-rsa/build-key-server Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-key-server

1
WF/openvpn/wf/easy-rsa/build-req Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-req

1
WF/openvpn/wf/easy-rsa/build-req-pass Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-req-pass

1
WF/openvpn/wf/easy-rsa/clean-all Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/clean-all

1
WF/openvpn/wf/easy-rsa/inherit-inter Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/inherit-inter

1
WF/openvpn/wf/easy-rsa/list-crl Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/list-crl

268
WF/openvpn/wf/easy-rsa/openssl-0.9.6.cnf Normal file
View File

@ -0,0 +1,268 @@
# For use with easy-rsa version 2.0
#
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = $ENV::KEY_DIR # Where everything is kept
certs = $dir # Where the issued certs are kept
crl_dir = $dir # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir # default place for new certs.
certificate = $dir/ca.crt # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/ca.key # The private key
RANDFILE = $dir/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 3650 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = sha256 # which md to use.
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
####################################################################
[ req ]
default_bits = $ENV::KEY_SIZE
default_keyfile = privkey.pem
default_md = sha256
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString.
# utf8only: only UTF8Strings.
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
# so use this option with caution!
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = $ENV::KEY_COUNTRY
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = $ENV::KEY_PROVINCE
localityName = Locality Name (eg, city)
localityName_default = $ENV::KEY_CITY
0.organizationName = Organization Name (eg, company)
0.organizationName_default = $ENV::KEY_ORG
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
emailAddress = Email Address
emailAddress_default = $ENV::KEY_EMAIL
emailAddress_max = 40
# JY -- added for batch mode
organizationalUnitName_default = $ENV::KEY_OU
commonName_default = $ENV::KEY_CN
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "Easy-RSA Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=clientAuth
keyUsage = digitalSignature
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
subjectAltName=$ENV::KEY_ALTNAMES
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ server ]
# JY ADDED -- Make a cert with nsCertType set to "server"
basicConstraints=CA:FALSE
nsCertType = server
nsComment = "Easy-RSA Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=serverAuth
keyUsage = digitalSignature, keyEncipherment
subjectAltName=$ENV::KEY_ALTNAMES
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always

293
WF/openvpn/wf/easy-rsa/openssl-0.9.8.cnf Normal file
View File

@ -0,0 +1,293 @@
# For use with easy-rsa version 2.0
#
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
openssl_conf = openssl_init
[ openssl_init ]
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
engines = engine_section
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = $ENV::KEY_DIR # Where everything is kept
certs = $dir # Where the issued certs are kept
crl_dir = $dir # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir # default place for new certs.
certificate = $dir/ca.crt # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/ca.key # The private key
RANDFILE = $dir/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 3650 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = sha256 # which md to use.
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
####################################################################
[ req ]
default_bits = $ENV::KEY_SIZE
default_keyfile = privkey.pem
default_md = sha256
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString.
# utf8only: only UTF8Strings.
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
# so use this option with caution!
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = $ENV::KEY_COUNTRY
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = $ENV::KEY_PROVINCE
localityName = Locality Name (eg, city)
localityName_default = $ENV::KEY_CITY
0.organizationName = Organization Name (eg, company)
0.organizationName_default = $ENV::KEY_ORG
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
name = Name
name_max = 64
emailAddress = Email Address
emailAddress_default = $ENV::KEY_EMAIL
emailAddress_max = 40
# JY -- added for batch mode
organizationalUnitName_default = $ENV::KEY_OU
commonName_default = $ENV::KEY_CN
name_default = $ENV::KEY_NAME
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "Easy-RSA Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=clientAuth
keyUsage = digitalSignature
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
subjectAltName=$ENV::KEY_ALTNAMES
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ server ]
# JY ADDED -- Make a cert with nsCertType set to "server"
basicConstraints=CA:FALSE
nsCertType = server
nsComment = "Easy-RSA Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=serverAuth
keyUsage = digitalSignature, keyEncipherment
subjectAltName=$ENV::KEY_ALTNAMES
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always
[ engine_section ]
#
# If you are using PKCS#11
# Install engine_pkcs11 of opensc (www.opensc.org)
# And uncomment the following
# verify that dynamic_path points to the correct location
#
#pkcs11 = pkcs11_section
[ pkcs11_section ]
engine_id = pkcs11
dynamic_path = /usr/lib/engines/engine_pkcs11.so
MODULE_PATH = $ENV::PKCS11_MODULE_PATH
PIN = $ENV::PKCS11_PIN
init = 0

290
WF/openvpn/wf/easy-rsa/openssl-1.0.0.cnf Normal file
View File

@ -0,0 +1,290 @@
# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
openssl_conf = openssl_init
[ openssl_init ]
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
engines = engine_section
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = $ENV::KEY_DIR # Where everything is kept
certs = $dir # Where the issued certs are kept
crl_dir = $dir # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir # default place for new certs.
certificate = $dir/ca.crt # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/ca.key # The private key
RANDFILE = $dir/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
#default_days = 3650 # how long to certify for
default_days = 11688
#default_crl_days= 30 # how long before next CRL
default_crl_days = 11688
default_md = sha256 # use public key default MD
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
####################################################################
[ req ]
default_bits = $ENV::KEY_SIZE
default_keyfile = privkey.pem
default_md = sha256
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString (PKIX recommendation after 2004).
# utf8only: only UTF8Strings (PKIX recommendation after 2004).
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = $ENV::KEY_COUNTRY
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = $ENV::KEY_PROVINCE
localityName = Locality Name (eg, city)
localityName_default = $ENV::KEY_CITY
0.organizationName = Organization Name (eg, company)
0.organizationName_default = $ENV::KEY_ORG
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
name = Name
name_max = 64
emailAddress = Email Address
emailAddress_default = $ENV::KEY_EMAIL
emailAddress_max = 40
# JY -- added for batch mode
organizationalUnitName_default = $ENV::KEY_OU
commonName_default = $ENV::KEY_CN
name_default = $ENV::KEY_NAME
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "Easy-RSA Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=clientAuth
keyUsage = digitalSignature
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
subjectAltName=$ENV::KEY_ALTNAMES
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ server ]
# JY ADDED -- Make a cert with nsCertType set to "server"
basicConstraints=CA:FALSE
nsCertType = server
nsComment = "Easy-RSA Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=serverAuth
keyUsage = digitalSignature, keyEncipherment
subjectAltName=$ENV::KEY_ALTNAMES
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always
[ engine_section ]
#
# If you are using PKCS#11
# Install engine_pkcs11 of opensc (www.opensc.org)
# And uncomment the following
# verify that dynamic_path points to the correct location
#
#pkcs11 = pkcs11_section
[ pkcs11_section ]
engine_id = pkcs11
dynamic_path = /usr/lib/engines/engine_pkcs11.so
MODULE_PATH = $ENV::PKCS11_MODULE_PATH
PIN = $ENV::PKCS11_PIN
init = 0

288
WF/openvpn/wf/easy-rsa/openssl-1.0.0.cnf.ORIG Normal file
View File

@ -0,0 +1,288 @@
# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
openssl_conf = openssl_init
[ openssl_init ]
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
engines = engine_section
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = $ENV::KEY_DIR # Where everything is kept
certs = $dir # Where the issued certs are kept
crl_dir = $dir # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir # default place for new certs.
certificate = $dir/ca.crt # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/ca.key # The private key
RANDFILE = $dir/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 3650 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = sha256 # use public key default MD
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
####################################################################
[ req ]
default_bits = $ENV::KEY_SIZE
default_keyfile = privkey.pem
default_md = sha256
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString (PKIX recommendation after 2004).
# utf8only: only UTF8Strings (PKIX recommendation after 2004).
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = $ENV::KEY_COUNTRY
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = $ENV::KEY_PROVINCE
localityName = Locality Name (eg, city)
localityName_default = $ENV::KEY_CITY
0.organizationName = Organization Name (eg, company)
0.organizationName_default = $ENV::KEY_ORG
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
name = Name
name_max = 64
emailAddress = Email Address
emailAddress_default = $ENV::KEY_EMAIL
emailAddress_max = 40
# JY -- added for batch mode
organizationalUnitName_default = $ENV::KEY_OU
commonName_default = $ENV::KEY_CN
name_default = $ENV::KEY_NAME
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "Easy-RSA Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=clientAuth
keyUsage = digitalSignature
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
subjectAltName=$ENV::KEY_ALTNAMES
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ server ]
# JY ADDED -- Make a cert with nsCertType set to "server"
basicConstraints=CA:FALSE
nsCertType = server
nsComment = "Easy-RSA Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=serverAuth
keyUsage = digitalSignature, keyEncipherment
subjectAltName=$ENV::KEY_ALTNAMES
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always
[ engine_section ]
#
# If you are using PKCS#11
# Install engine_pkcs11 of opensc (www.opensc.org)
# And uncomment the following
# verify that dynamic_path points to the correct location
#
#pkcs11 = pkcs11_section
[ pkcs11_section ]
engine_id = pkcs11
dynamic_path = /usr/lib/engines/engine_pkcs11.so
MODULE_PATH = $ENV::PKCS11_MODULE_PATH
PIN = $ENV::PKCS11_PIN
init = 0

1
WF/openvpn/wf/easy-rsa/openssl.cnf Symbolic link
View File

@ -0,0 +1 @@
/etc/openvpn/wf/easy-rsa/openssl-1.0.0.cnf

1
WF/openvpn/wf/easy-rsa/pkitool Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/pkitool

1
WF/openvpn/wf/easy-rsa/revoke-full Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/revoke-full

1
WF/openvpn/wf/easy-rsa/sign-req Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/sign-req

96
WF/openvpn/wf/easy-rsa/vars Normal file
View File

@ -0,0 +1,96 @@
# easy-rsa parameter settings
# NOTE: If you installed from an RPM,
# don't edit this file in place in
# /usr/share/openvpn/easy-rsa --
# instead, you should copy the whole
# easy-rsa directory to another location
# (such as /etc/openvpn) so that your
# edits will not be wiped out by a future
# OpenVPN package upgrade.
# This variable should point to
# the top level of the easy-rsa
# tree.
##export EASY_RSA="`pwd`"
export BASE_DIR="/etc/openvpn/wf"
export EASY_RSA="$BASE_DIR/easy-rsa"
#
# This variable should point to
# the requested executables
#
export OPENSSL="openssl"
export PKCS11TOOL="pkcs11-tool"
export GREP="grep"
# This variable should point to
# the openssl.cnf file included
# with easy-rsa.
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
# Edit this variable to point to
# your soon-to-be-created key
# directory.
#
# WARNING: clean-all will do
# a rm -rf on this directory
# so make sure you define
# it correctly!
##export KEY_DIR="$EASY_RSA/keys"
export KEY_DIR="$BASE_DIR/keys"
# Issue rm -rf warning
echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
# PKCS11 fixes
export PKCS11_MODULE_PATH="dummy"
export PKCS11_PIN="dummy"
# Increase this to 2048 if you
# are paranoid. This will slow
# down TLS negotiation performance
# as well as the one-time DH parms
# generation process.
##export KEY_SIZE=2048
export KEY_SIZE=4096
# In how many days should the root CA key expire?
##export CA_EXPIRE=3650
export CA_EXPIRE=11688
# In how many days should certificates expire?
##export KEY_EXPIRE=3650
export KEY_EXPIRE=7305
# These are the default values for fields
# which will be placed in the certificate.
# Don't leave any of these fields blank.
##export KEY_COUNTRY="US"
export KEY_COUNTRY="DE"
##export KEY_PROVINCE="CA"
export KEY_PROVINCE="Berlin"
##export KEY_CITY="SanFrancisco"
export KEY_CITY="Berlin"
##export KEY_ORG="Fort-Funston"
export KEY_ORG="o.open"
##export KEY_EMAIL="me@myhost.mydomain"
export KEY_EMAIL="argus@oopen.de"
##export KEY_OU="MyOrganizationalUnit"
export KEY_OU="Network Services"
# X509 Subject Field
##export KEY_NAME="EasyRSA"
export KEY_NAME="VPN WF"
# PKCS11 Smart Card
# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
# export PKCS11_PIN=1234
# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
## export KEY_CN="CommonName"
export KEY_CN="VPN-WF"
export KEY_ALTNAMES="VPN-WF"

80
WF/openvpn/wf/easy-rsa/vars.2018-05-04-2014 Normal file
View File

@ -0,0 +1,80 @@
# easy-rsa parameter settings
# NOTE: If you installed from an RPM,
# don't edit this file in place in
# /usr/share/openvpn/easy-rsa --
# instead, you should copy the whole
# easy-rsa directory to another location
# (such as /etc/openvpn) so that your
# edits will not be wiped out by a future
# OpenVPN package upgrade.
# This variable should point to
# the top level of the easy-rsa
# tree.
export EASY_RSA="`pwd`"
#
# This variable should point to
# the requested executables
#
export OPENSSL="openssl"
export PKCS11TOOL="pkcs11-tool"
export GREP="grep"
# This variable should point to
# the openssl.cnf file included
# with easy-rsa.
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
# Edit this variable to point to
# your soon-to-be-created key
# directory.
#
# WARNING: clean-all will do
# a rm -rf on this directory
# so make sure you define
# it correctly!
export KEY_DIR="$EASY_RSA/keys"
# Issue rm -rf warning
echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
# PKCS11 fixes
export PKCS11_MODULE_PATH="dummy"
export PKCS11_PIN="dummy"
# Increase this to 2048 if you
# are paranoid. This will slow
# down TLS negotiation performance
# as well as the one-time DH parms
# generation process.
export KEY_SIZE=2048
# In how many days should the root CA key expire?
export CA_EXPIRE=3650
# In how many days should certificates expire?
export KEY_EXPIRE=3650
# These are the default values for fields
# which will be placed in the certificate.
# Don't leave any of these fields blank.
export KEY_COUNTRY="US"
export KEY_PROVINCE="CA"
export KEY_CITY="SanFrancisco"
export KEY_ORG="Fort-Funston"
export KEY_EMAIL="me@myhost.mydomain"
export KEY_OU="MyOrganizationalUnit"
# X509 Subject Field
export KEY_NAME="EasyRSA"
# PKCS11 Smart Card
# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
# export PKCS11_PIN=1234
# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
# export KEY_CN="CommonName"

1
WF/openvpn/wf/easy-rsa/whichopensslcnf Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/whichopensslcnf

1
WF/openvpn/wf/ipp.txt Normal file
View File

@ -0,0 +1 @@
kaya,10.0.52.2

24
WF/openvpn/wf/keys-created.txt Normal file
View File

@ -0,0 +1,24 @@
key...............: axel.key
common name.......: VPN-WF-axel
password..........: q9LdCJL9WtHm
key...............: chris.key
common name.......: VPN-WF-chris
password..........: dbddhkpuka.&EadGl15E.
key...............: kaya.key
common name.......: VPN-WF-kaya
password..........: T4gJW4b3v333
key...............: mariette.key
common name.......: VPN-WF-mariette
password..........: fFdxvj4zvFqx
key...............: lalix.key
common name.......: VPN-WF-lalix
password..........: xwF3JVtH7vRd
key...............: christian.key
common name.......: VPN-WF-christian
password..........: wt4chFxH7pFp

141
WF/openvpn/wf/keys/01.pem Normal file
View File

@ -0,0 +1,141 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-WF/name=VPN WF/emailAddress=argus@oopen.de
Validity
Not Before: May 4 18:39:28 2018 GMT
Not After : May 4 18:39:28 2038 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-WF-server/name=VPN WF/emailAddress=argus@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:aa:1f:6d:98:84:46:ad:d4:b9:bf:08:13:8c:b6:
6b:21:91:0d:7f:69:e0:a0:9e:79:61:d8:1c:43:07:
0e:e8:a3:96:e5:83:22:41:32:87:94:1a:dd:56:05:
7e:aa:40:a4:bb:23:fd:31:9c:57:c8:eb:06:be:02:
22:15:e7:3d:25:57:4e:48:46:4b:ec:e1:f5:b2:1b:
fc:2d:f7:38:4c:71:1b:11:26:a0:2a:bc:01:19:78:
df:e2:03:73:5e:3a:45:bc:1e:d4:f9:25:0d:56:ea:
06:ec:58:cb:4b:11:a1:a7:7b:c1:06:f9:a6:44:30:
03:68:71:05:7e:f8:12:a4:53:b4:83:21:bb:3d:52:
5e:0b:f2:d7:99:7a:e8:e7:4a:99:42:85:8b:f0:b3:
3d:16:b8:30:44:0f:12:2e:e1:d0:ab:74:ac:27:50:
ad:30:2d:08:eb:b0:ff:1e:13:8a:d7:c4:09:a1:93:
c8:a8:08:25:ce:f9:c2:6d:47:b3:f8:f9:70:7f:dc:
6d:03:ba:66:6b:27:cf:69:b9:b1:84:24:1d:e4:da:
4a:d0:c5:8e:93:33:8f:ef:da:00:f1:dd:55:8f:86:
ef:8b:9a:0f:c6:75:9d:42:d5:e4:69:20:fd:86:54:
19:18:c5:e0:ee:ec:9a:a1:2b:19:82:aa:d9:c4:23:
23:00:06:ba:b1:45:c2:80:7e:d4:62:9a:9e:36:02:
7e:9c:3f:0f:66:f1:ee:17:4c:11:e0:ca:4c:ab:62:
0e:0c:2d:e9:89:86:66:e1:d6:9c:8e:13:22:eb:a8:
1d:11:57:4b:4a:c9:ac:f2:a9:38:60:0e:3a:d9:02:
21:35:c0:25:9a:6a:57:46:e6:87:e0:10:58:ac:5a:
cc:35:df:18:5e:de:65:93:09:37:4f:42:62:43:e2:
18:a9:60:cd:26:0f:c1:1c:48:97:ac:35:0a:e5:f4:
55:42:15:53:d4:b7:7a:23:a6:4e:f0:8d:9c:1d:cc:
b4:a3:47:bf:ae:25:9e:47:48:c3:43:76:f2:af:f1:
a9:7b:e2:62:3c:e1:09:19:22:43:44:36:1f:4b:cd:
71:82:04:50:be:18:56:8c:7d:d7:53:7d:ae:06:a4:
cf:cc:dd:18:1e:88:35:13:54:0f:af:20:dd:6c:3c:
6a:40:95:5d:26:af:bb:93:fa:19:23:f7:c4:a9:2a:
a1:2e:3d:9d:50:cd:e8:8f:04:2b:c5:bc:84:f5:50:
1b:b2:ab:bf:90:1b:fc:28:ce:a9:fe:ed:dc:df:7a:
13:7d:49:90:31:c8:96:31:2b:84:5f:83:c6:6d:60:
c7:2a:67:5e:e2:dc:a6:8e:6a:b4:77:30:d4:18:9a:
d9:7b:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Server
Netscape Comment:
Easy-RSA Generated Server Certificate
X509v3 Subject Key Identifier:
2D:CE:7B:8E:D1:5B:3D:27:B4:94:77:91:2A:7F:6C:5D:30:48:19:6D
X509v3 Authority Key Identifier:
keyid:4F:3E:88:14:E1:A1:21:28:E3:E6:5B:73:6B:DC:0F:97:D9:60:F5:F1
DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-WF/name=VPN WF/emailAddress=argus@oopen.de
serial:D8:4C:CB:28:B5:71:54:BB
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Subject Alternative Name:
DNS:server
Signature Algorithm: sha256WithRSAEncryption
0b:8a:78:db:46:df:b5:60:cd:88:b9:9c:52:be:7b:e6:60:5b:
ef:a7:9c:24:ab:9c:04:87:b5:59:fc:11:16:2b:d8:64:7e:0c:
c5:01:2b:3d:29:97:5a:b0:1e:77:5d:39:f1:f5:dc:31:55:56:
d5:f7:10:1b:8f:9e:8e:f2:47:36:d1:fe:fb:a5:5b:69:58:16:
82:49:2c:5c:54:82:4c:0a:71:f7:e0:c8:f8:a2:1f:85:7d:fa:
f2:9b:6e:6e:78:04:88:49:65:cc:02:59:c8:73:66:75:3f:81:
6e:ac:83:b4:ed:54:2d:5e:0e:9e:d3:40:88:6e:91:e4:9c:6e:
4b:06:77:ec:74:cd:f9:f9:7f:5d:1b:72:5e:a0:14:7a:82:63:
ea:55:88:e3:23:59:36:e5:69:37:a0:7b:ae:b5:63:25:6a:e2:
b6:b3:35:b7:06:f9:17:6e:ed:b5:3d:1b:2f:5f:ea:96:b5:a2:
a8:d0:45:14:7a:b6:96:a8:ee:3d:2f:5e:7f:40:1a:69:81:c6:
2a:fa:10:a7:5d:8c:a1:c2:ed:00:f0:72:71:6e:6d:f1:0c:91:
ee:2d:0e:c5:4c:d1:e1:99:8c:4a:92:3a:f9:42:5b:cc:12:3f:
9e:17:31:5f:b0:6f:2e:e8:24:8f:1f:a1:82:bd:06:6e:e9:6d:
32:06:1c:58:d4:61:7e:05:8d:9b:57:8d:29:6a:d5:c6:c8:21:
d2:8a:26:c4:1e:40:7c:c8:f3:9b:99:8f:43:57:93:b7:dc:7f:
80:19:e7:cf:b3:25:35:46:00:38:e7:ec:1f:1a:4f:eb:4c:fd:
f5:fd:cc:14:96:58:51:ae:7e:7a:2a:78:2c:85:9d:c3:ae:a0:
6d:9d:45:ac:e1:67:36:e9:f1:b3:8c:e2:ac:55:9e:8c:7a:8d:
05:61:11:40:36:ae:cb:f5:13:0f:a0:27:16:96:01:3a:d3:13:
a6:ed:6f:77:20:36:2c:8b:86:60:5c:74:28:5d:2c:37:66:8b:
ae:a1:ae:0b:e9:87:05:8f:37:6a:96:1e:8f:bc:67:18:cb:e2:
77:56:42:4c:97:a4:2e:0c:f6:d9:0e:eb:80:41:de:a3:01:dd:
e3:62:05:af:e4:48:a4:93:a1:c2:0e:3a:13:27:86:b8:1d:fe:
7b:78:18:f0:41:83:8d:7a:ec:40:9b:c9:80:29:78:dd:da:a2:
64:6b:74:89:ed:23:bd:08:3f:fe:51:95:ff:33:bc:0e:6c:b5:
6d:02:da:2e:48:a7:04:4f:b6:ff:b4:a5:04:c4:95:3e:2a:94:
2a:73:b9:e0:99:21:b5:d1:dd:c7:0f:76:ae:e5:f1:98:5c:01:
d2:9c:23:69:0b:12:10:ef
-----BEGIN CERTIFICATE-----
MIIHPjCCBSagAwIBAgIBATANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1XRjEP
MA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTAe
Fw0xODA1MDQxODM5MjhaFw0zODA1MDQxODM5MjhaMIGjMQswCQYDVQQGEwJERTEP
MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3Bl
bjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEWMBQGA1UEAxMNVlBOLVdGLXNl
cnZlcjEPMA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Bl
bi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKofbZiERq3Uub8I
E4y2ayGRDX9p4KCeeWHYHEMHDuijluWDIkEyh5Qa3VYFfqpApLsj/TGcV8jrBr4C
IhXnPSVXTkhGS+zh9bIb/C33OExxGxEmoCq8ARl43+IDc146Rbwe1PklDVbqBuxY
y0sRoad7wQb5pkQwA2hxBX74EqRTtIMhuz1SXgvy15l66OdKmUKFi/CzPRa4MEQP
Ei7h0Kt0rCdQrTAtCOuw/x4TitfECaGTyKgIJc75wm1Hs/j5cH/cbQO6Zmsnz2m5
sYQkHeTaStDFjpMzj+/aAPHdVY+G74uaD8Z1nULV5Gkg/YZUGRjF4O7smqErGYKq
2cQjIwAGurFFwoB+1GKanjYCfpw/D2bx7hdMEeDKTKtiDgwt6YmGZuHWnI4TIuuo
HRFXS0rJrPKpOGAOOtkCITXAJZpqV0bmh+AQWKxazDXfGF7eZZMJN09CYkPiGKlg
zSYPwRxIl6w1CuX0VUIVU9S3eiOmTvCNnB3MtKNHv64lnkdIw0N28q/xqXviYjzh
CRkiQ0Q2H0vNcYIEUL4YVox911N9rgakz8zdGB6INRNUD68g3Ww8akCVXSavu5P6
GSP3xKkqoS49nVDN6I8EK8W8hPVQG7Krv5Ab/CjOqf7t3N96E31JkDHIljErhF+D
xm1gxypnXuLcpo5qtHcw1Bia2XsrAgMBAAGjggGAMIIBfDAJBgNVHRMEAjAAMBEG
CWCGSAGG+EIBAQQEAwIGQDA0BglghkgBhvhCAQ0EJxYlRWFzeS1SU0EgR2VuZXJh
dGVkIFNlcnZlciBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQULc57jtFbPSe0lHeRKn9s
XTBIGW0wgdEGA1UdIwSByTCBxoAUTz6IFOGhISjj5ltza9wPl9lg9fGhgaKkgZ8w
gZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxp
bjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMQ8w
DQYDVQQDEwZWUE4tV0YxDzANBgNVBCkTBlZQTiBXRjEdMBsGCSqGSIb3DQEJARYO
YXJndXNAb29wZW4uZGWCCQDYTMsotXFUuzATBgNVHSUEDDAKBggrBgEFBQcDATAL
BgNVHQ8EBAMCBaAwEQYDVR0RBAowCIIGc2VydmVyMA0GCSqGSIb3DQEBCwUAA4IC
AQALinjbRt+1YM2IuZxSvnvmYFvvp5wkq5wEh7VZ/BEWK9hkfgzFASs9KZdasB53
XTnx9dwxVVbV9xAbj56O8kc20f77pVtpWBaCSSxcVIJMCnH34Mj4oh+Fffrym25u
eASISWXMAlnIc2Z1P4FurIO07VQtXg6e00CIbpHknG5LBnfsdM35+X9dG3JeoBR6
gmPqVYjjI1k25Wk3oHuutWMlauK2szW3BvkXbu21PRsvX+qWtaKo0EUUeraWqO49
L15/QBppgcYq+hCnXYyhwu0A8HJxbm3xDJHuLQ7FTNHhmYxKkjr5QlvMEj+eFzFf
sG8u6CSPH6GCvQZu6W0yBhxY1GF+BY2bV40patXGyCHSiibEHkB8yPObmY9DV5O3
3H+AGefPsyU1RgA45+wfGk/rTP31/cwUllhRrn56KngshZ3DrqBtnUWs4Wc26fGz
jOKsVZ6Meo0FYRFANq7L9RMPoCcWlgE60xOm7W93IDYsi4ZgXHQoXSw3Zouuoa4L
6YcFjzdqlh6PvGcYy+J3VkJMl6QuDPbZDuuAQd6jAd3jYgWv5Eikk6HCDjoTJ4a4
Hf57eBjwQYONeuxAm8mAKXjd2qJka3SJ7SO9CD/+UZX/M7wObLVtAtouSKcET7b/
tKUExJU+KpQqc7ngmSG10d3HD3au5fGYXAHSnCNpCxIQ7w==
-----END CERTIFICATE-----

139
WF/openvpn/wf/keys/02.pem Normal file
View File

@ -0,0 +1,139 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-WF/name=VPN WF/emailAddress=argus@oopen.de
Validity
Not Before: May 5 09:30:46 2018 GMT
Not After : May 5 09:30:46 2038 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-WF-axel/name=VPN WF/emailAddress=argus@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:c0:d1:e2:70:f3:fc:1f:c6:5a:55:25:e5:94:e1:
c6:3e:15:57:d2:b9:9f:2e:7e:1e:1a:63:f2:96:cd:
a4:4b:7f:1b:f7:90:f6:bf:cb:ce:04:6f:68:50:52:
6a:37:b2:a4:b3:fd:3c:88:c7:f0:9b:fe:4c:5d:ae:
2d:9a:3c:96:37:01:af:3b:ac:ad:44:51:93:20:ee:
d4:85:99:22:d1:c5:6d:7a:83:d0:e6:29:e5:c9:6c:
b1:73:90:58:40:21:7e:f1:bc:7a:08:94:c7:47:96:
b3:82:dc:13:b1:e8:e5:87:4e:8c:21:2c:7f:37:5c:
2a:0a:ea:1d:a0:17:bb:3b:fb:e7:0a:12:1c:ee:01:
f3:de:4a:47:fd:b9:f9:77:ee:87:84:c9:d5:33:ee:
b9:57:d7:12:b0:4d:bf:fa:16:f1:82:18:2d:b2:c8:
96:7f:fe:08:20:96:65:d9:77:92:e7:0f:5f:fc:a2:
3a:b6:ae:59:d6:13:bc:bf:d1:a3:5a:14:74:ed:f4:
e3:6b:a7:c9:0e:6b:b5:c7:5f:d8:b6:ef:5e:e9:0e:
68:4a:7d:2e:e2:1a:13:b9:f9:e0:dc:b3:43:19:09:
42:4d:09:e0:45:d1:8f:36:40:5d:f0:6b:c9:2c:26:
17:17:c6:5b:25:fa:a8:30:1f:62:57:e9:0f:09:aa:
5f:80:8e:76:8c:c1:e9:8f:59:62:47:35:b3:0b:6d:
c1:3b:54:19:23:b7:11:63:74:ed:ee:aa:bf:a0:b9:
51:31:63:64:e9:06:b1:10:65:14:db:41:cc:52:11:
d9:bb:ae:de:75:70:80:13:f5:6c:ec:2d:2d:d5:b5:
b1:0b:dd:2f:6b:12:c0:1c:2c:9c:92:e5:a9:88:19:
d5:90:f2:90:08:da:a0:bc:95:40:7f:10:cb:89:ac:
03:f1:80:98:ca:df:10:7a:72:a8:54:80:33:ba:f6:
e5:23:f4:6d:d6:11:75:61:dd:87:0e:f4:e1:e4:2a:
b7:6e:7b:6a:fa:73:3a:97:23:05:78:9f:53:05:7e:
5d:ce:95:27:f6:ea:37:19:b2:d6:ed:83:9e:c0:85:
b8:16:7a:b3:57:09:f4:94:8b:80:54:98:06:d1:2c:
cd:2f:2b:c3:bf:88:b5:a2:cd:c6:f3:b4:04:4b:bd:
08:6a:78:04:d8:8b:16:84:5b:a5:37:0c:2e:3b:1e:
0b:14:63:35:45:67:2a:a2:26:1f:38:41:53:e8:83:
48:0c:60:a0:25:d6:7e:3a:9e:68:76:9d:ca:f0:27:
44:45:6d:9f:ad:fb:19:2e:bc:8b:2b:63:76:78:63:
d7:8b:0a:2c:76:b8:48:8c:eb:87:a9:1d:82:af:73:
80:25:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
CE:C5:B3:DC:D8:6F:8F:EA:09:99:B9:41:64:B7:22:D5:BC:F9:A6:98
X509v3 Authority Key Identifier:
keyid:4F:3E:88:14:E1:A1:21:28:E3:E6:5B:73:6B:DC:0F:97:D9:60:F5:F1
DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-WF/name=VPN WF/emailAddress=argus@oopen.de
serial:D8:4C:CB:28:B5:71:54:BB
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:axel
Signature Algorithm: sha256WithRSAEncryption
5d:62:04:7e:b8:0d:61:4f:fb:56:57:3f:4d:a9:f8:6f:68:a5:
ab:92:1c:b2:04:32:5f:a4:02:2e:3a:1d:d8:59:28:2f:8c:1b:
9c:33:a3:c3:17:a8:5f:52:df:0c:d2:2a:52:6c:08:47:5f:12:
ca:50:9e:cb:4d:b2:48:4a:67:26:9f:a0:79:39:41:be:a1:2e:
f1:51:82:81:90:bd:34:54:9b:9f:7a:56:59:74:e6:74:b0:e9:
cf:5a:52:85:df:db:66:76:14:03:ae:0a:fd:3c:6d:2a:e5:f4:
76:b5:2c:32:69:11:d7:94:0b:40:05:2f:da:bd:01:04:d3:9d:
3a:d1:93:bc:26:05:f1:17:99:b9:db:52:93:10:b6:da:d0:21:
53:7b:e4:86:12:fd:67:bf:87:7d:cf:cd:75:80:2d:74:e9:9e:
c8:76:df:23:3c:37:cb:c0:90:41:ea:f7:38:23:d6:5f:54:55:
b2:27:31:4e:d3:54:2c:51:a9:7f:17:30:c7:21:19:37:1d:1d:
75:f3:a4:73:cb:79:d1:be:b4:6f:12:da:f0:be:51:c6:db:2f:
4e:b4:46:6c:5a:b5:c5:0d:c7:44:00:ee:cc:96:79:a9:45:ee:
cd:dc:69:71:61:c0:a5:46:05:24:e9:85:86:ce:4d:3e:3a:a5:
bb:7c:ef:2e:0a:5a:9f:b2:1f:38:4b:b0:67:f5:8f:78:6e:71:
86:43:9e:a7:71:85:6e:e2:19:b4:5c:18:63:49:6b:0a:da:54:
29:4d:18:05:80:f9:08:87:e6:c4:6a:01:b0:c3:7a:d2:ee:cf:
93:b9:43:bc:2f:0b:1f:8b:61:e5:64:08:c4:45:5c:5b:52:be:
1f:51:56:a7:b4:15:c4:88:6a:cf:d0:3a:fa:34:03:e8:bb:8a:
e5:49:bb:60:1d:b7:fd:e3:d3:bf:0c:7c:28:15:26:de:f8:5b:
2a:9c:88:35:80:a6:5b:a2:55:ad:bf:69:56:f8:e9:7e:a8:4c:
0a:99:44:48:d5:90:8a:41:3f:d1:ca:c1:c4:18:c6:96:e1:f0:
72:cc:2c:35:8e:63:78:1b:00:f6:1d:6b:a1:db:cf:f5:b6:e5:
94:27:e9:02:bd:35:2a:01:81:85:7a:01:2a:88:23:15:4e:3d:
5b:9a:31:fe:10:6a:1f:d1:29:0c:46:72:ed:25:73:61:2c:8c:
29:88:55:7e:44:e9:6f:d9:33:4a:47:48:a1:6e:17:8f:bd:12:
df:47:da:d6:3a:4a:7e:d5:43:7e:c6:01:5e:29:bc:44:14:9f:
0c:38:fa:86:0f:41:5d:5a:e9:27:83:12:7f:75:2f:e8:06:d6:
2a:f9:5d:0a:6c:fe:0f:cb
-----BEGIN CERTIFICATE-----
MIIHIDCCBQigAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1XRjEP
MA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTAe
Fw0xODA1MDUwOTMwNDZaFw0zODA1MDUwOTMwNDZaMIGhMQswCQYDVQQGEwJERTEP
MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3Bl
bjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEUMBIGA1UEAxMLVlBOLVdGLWF4
ZWwxDzANBgNVBCkTBlZQTiBXRjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4u
ZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDA0eJw8/wfxlpVJeWU
4cY+FVfSuZ8ufh4aY/KWzaRLfxv3kPa/y84Eb2hQUmo3sqSz/TyIx/Cb/kxdri2a
PJY3Aa87rK1EUZMg7tSFmSLRxW16g9DmKeXJbLFzkFhAIX7xvHoIlMdHlrOC3BOx
6OWHTowhLH83XCoK6h2gF7s7++cKEhzuAfPeSkf9ufl37oeEydUz7rlX1xKwTb/6
FvGCGC2yyJZ//ggglmXZd5LnD1/8ojq2rlnWE7y/0aNaFHTt9ONrp8kOa7XHX9i2
717pDmhKfS7iGhO5+eDcs0MZCUJNCeBF0Y82QF3wa8ksJhcXxlsl+qgwH2JX6Q8J
ql+AjnaMwemPWWJHNbMLbcE7VBkjtxFjdO3uqr+guVExY2TpBrEQZRTbQcxSEdm7
rt51cIAT9WzsLS3VtbEL3S9rEsAcLJyS5amIGdWQ8pAI2qC8lUB/EMuJrAPxgJjK
3xB6cqhUgDO69uUj9G3WEXVh3YcO9OHkKrdue2r6czqXIwV4n1MFfl3OlSf26jcZ
stbtg57AhbgWerNXCfSUi4BUmAbRLM0vK8O/iLWizcbztARLvQhqeATYixaEW6U3
DC47HgsUYzVFZyqiJh84QVPog0gMYKAl1n46nmh2ncrwJ0RFbZ+t+xkuvIsrY3Z4
Y9eLCix2uEiM64epHYKvc4AlzwIDAQABo4IBZDCCAWAwCQYDVR0TBAIwADAtBglg
hkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1Ud
DgQWBBTOxbPc2G+P6gmZuUFktyLVvPmmmDCB0QYDVR0jBIHJMIHGgBRPPogU4aEh
KOPmW3Nr3A+X2WD18aGBoqSBnzCBnDELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJl
cmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsT
EE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1XRjEPMA0GA1UEKRMGVlBO
IFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZYIJANhMyyi1cVS7MBMG
A1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAPBgNVHREECDAGggRheGVs
MA0GCSqGSIb3DQEBCwUAA4ICAQBdYgR+uA1hT/tWVz9NqfhvaKWrkhyyBDJfpAIu
Oh3YWSgvjBucM6PDF6hfUt8M0ipSbAhHXxLKUJ7LTbJISmcmn6B5OUG+oS7xUYKB
kL00VJufelZZdOZ0sOnPWlKF39tmdhQDrgr9PG0q5fR2tSwyaRHXlAtABS/avQEE
05060ZO8JgXxF5m521KTELba0CFTe+SGEv1nv4d9z811gC106Z7Idt8jPDfLwJBB
6vc4I9ZfVFWyJzFO01QsUal/FzDHIRk3HR1186Rzy3nRvrRvEtrwvlHG2y9OtEZs
WrXFDcdEAO7MlnmpRe7N3GlxYcClRgUk6YWGzk0+OqW7fO8uClqfsh84S7Bn9Y94
bnGGQ56ncYVu4hm0XBhjSWsK2lQpTRgFgPkIh+bEagGww3rS7s+TuUO8Lwsfi2Hl
ZAjERVxbUr4fUVantBXEiGrP0Dr6NAPou4rlSbtgHbf949O/DHwoFSbe+FsqnIg1
gKZbolWtv2lW+Ol+qEwKmURI1ZCKQT/RysHEGMaW4fByzCw1jmN4GwD2HWuh28/1
tuWUJ+kCvTUqAYGFegEqiCMVTj1bmjH+EGof0SkMRnLtJXNhLIwpiFV+ROlv2TNK
R0ihbhePvRLfR9rWOkp+1UN+xgFeKbxEFJ8MOPqGD0FdWukngxJ/dS/oBtYq+V0K
bP4Pyw==
-----END CERTIFICATE-----

139
WF/openvpn/wf/keys/03.pem Normal file
View File

@ -0,0 +1,139 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3 (0x3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-WF/name=VPN WF/emailAddress=argus@oopen.de
Validity
Not Before: May 5 09:32:50 2018 GMT
Not After : May 5 09:32:50 2038 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-WF-chris/name=VPN WF/emailAddress=argus@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:ac:28:bc:5c:b2:3a:38:2a:30:40:f2:df:24:c2:
62:c6:91:61:eb:ce:df:64:f4:3d:0b:72:c3:f7:58:
27:45:b6:7b:79:8e:a1:5c:10:3b:f7:92:5d:d7:d9:
61:02:70:7c:c3:8e:f1:ca:41:60:50:68:5f:bd:a2:
cf:e6:ef:b2:ad:82:dd:f3:bb:42:27:5a:1b:79:87:
1e:93:2a:1a:26:e2:cd:39:a1:a6:44:bb:50:05:f6:
00:b9:8c:11:12:ec:64:c1:8c:62:2c:27:f2:21:71:
ab:2f:01:97:0e:0b:ac:7a:b9:84:6b:4d:69:a5:90:
08:c6:43:72:b9:27:7e:31:b1:18:41:60:c8:5a:06:
31:9c:8f:5f:06:6a:16:75:47:ad:c6:5f:6d:4b:c1:
3a:9c:7d:40:2c:2d:01:e4:76:13:17:0b:0e:8a:ae:
d8:54:fb:69:c4:9b:85:a4:bd:d8:4d:48:2e:c8:2f:
b9:92:e9:8c:bb:5c:44:7e:39:a4:2b:ea:2b:1d:8a:
c0:d2:39:04:ee:76:43:a1:09:1e:2e:95:83:d1:85:
91:fc:d7:a0:12:0a:b9:6c:d4:22:e2:f9:4e:36:a6:
79:1a:12:53:75:56:f4:f2:77:98:82:d9:dd:63:c1:
bf:97:62:99:ed:6f:55:36:20:fa:d6:11:41:b6:fb:
24:b2:d5:2a:2c:5c:58:d2:bc:fd:d4:14:33:2a:d7:
db:de:79:c9:25:1e:92:ce:d0:8e:03:58:9a:c1:f8:
a9:2b:2a:6f:53:47:65:42:39:4d:f0:be:f3:d9:af:
07:42:07:8b:fa:8c:17:fb:6f:48:5f:ca:01:c2:df:
19:38:25:f5:33:e8:4f:da:c5:9e:46:c3:b4:9c:b4:
c4:75:bd:87:f5:11:fb:fb:d6:01:67:d3:49:45:65:
96:1e:27:47:7b:56:80:14:7d:02:89:17:bc:7a:0a:
2a:9d:5a:1f:1c:a5:d7:c0:ee:43:1a:e1:41:b0:aa:
6a:8b:c9:be:5f:ff:63:6c:c3:a0:5a:64:12:a0:c5:
04:88:7a:14:9c:17:ee:9d:e8:bb:45:9e:0b:32:74:
8d:89:fa:95:2b:42:1b:2a:9c:90:f3:0f:75:7a:a4:
41:f4:74:0d:2a:fd:36:33:c9:49:fc:0b:1f:45:78:
e1:c4:25:5e:a4:6c:a1:de:cc:85:77:9d:de:f8:5d:
b0:25:f5:f5:4b:22:19:49:10:f2:b9:ac:9a:1c:db:
60:18:c1:2a:37:e1:5e:b9:7c:17:b3:26:68:8f:f7:
f4:10:75:ec:11:aa:09:bd:93:40:d7:8e:2b:33:e2:
07:39:4e:cc:5f:7a:e6:5b:3e:76:a1:47:1a:45:90:
c2:8d:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
44:B8:B9:2D:98:73:3A:7A:EE:7E:39:44:5D:BE:7A:84:96:1C:9A:99
X509v3 Authority Key Identifier:
keyid:4F:3E:88:14:E1:A1:21:28:E3:E6:5B:73:6B:DC:0F:97:D9:60:F5:F1
DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-WF/name=VPN WF/emailAddress=argus@oopen.de
serial:D8:4C:CB:28:B5:71:54:BB
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:chris
Signature Algorithm: sha256WithRSAEncryption
7f:37:c3:2c:7f:75:3d:ff:ed:0c:9e:ab:c1:f5:06:f7:e6:1d:
23:20:75:f0:b1:5a:8a:66:ce:21:a1:2f:65:0d:38:16:d7:29:
c7:fe:56:6e:76:8b:d5:25:cd:20:95:67:6f:f0:d3:87:03:03:
e7:69:87:ea:45:8d:9f:ea:bd:8e:d9:ad:40:24:0d:94:2b:1b:
ba:2e:67:8b:70:50:b1:11:54:b5:65:da:f7:5f:42:08:b1:6c:
2d:83:3b:3c:79:97:b0:db:54:92:98:5e:76:f4:f5:6b:24:95:
70:06:66:5f:13:c8:ed:f8:d1:8c:03:cf:5d:3b:46:31:85:2e:
7a:e5:3c:26:f6:7f:20:55:d6:2e:bc:bf:13:41:f6:32:87:af:
26:3d:ab:64:02:2c:d2:bb:cc:fd:fe:6c:67:87:2d:d6:2d:ff:
50:a0:42:8c:9d:73:8a:67:2f:f6:7b:61:c9:cb:29:cc:86:56:
2c:9f:21:0c:eb:33:b6:66:74:07:1e:2d:00:36:69:a0:2d:6a:
72:7d:78:33:1f:59:4f:a3:ef:74:4e:ad:fc:ba:a7:e6:80:9d:
d5:c4:b9:a8:b6:11:2c:2c:a2:7e:fe:e5:17:fc:98:b2:1f:75:
ad:f4:24:58:fd:40:4f:51:4b:4e:3f:c8:e1:92:1b:c5:b9:b3:
7a:70:c3:eb:e9:c5:7f:40:f4:ca:53:2e:28:97:7c:4a:d8:09:
94:f7:c8:0b:e9:45:76:ef:12:23:41:2f:99:b8:4c:f1:95:cd:
93:e2:57:83:11:7e:09:ba:c9:dc:73:b0:95:56:47:95:98:70:
e6:cf:49:b6:f2:92:e3:29:aa:5f:41:0f:35:a1:fd:84:99:a8:
c5:79:e3:70:ab:3c:62:5f:af:90:dc:4a:94:1f:94:c0:fd:7f:
e6:e1:6b:bc:f5:77:39:38:1d:cc:fe:fc:a9:7c:5c:45:bc:3d:
cd:3f:e3:22:27:e0:ae:6d:20:e0:74:73:92:04:89:0a:8a:e7:
ea:c3:7f:e2:36:ba:6c:f0:e4:22:f4:a1:d3:eb:7a:4e:13:3d:
a6:a1:a8:e9:09:2f:82:ff:64:a9:aa:07:2f:21:1b:a8:9e:4b:
ba:87:8b:a3:24:4c:23:15:60:f4:44:53:2d:2a:b1:2d:fd:d0:
69:91:57:02:6d:ad:97:55:f6:e8:23:a3:23:9f:ce:38:78:ce:
1d:46:90:2a:32:9e:07:81:e5:0f:3e:9e:bf:06:41:81:54:03:
4f:ab:55:ab:b6:13:8d:9b:5e:71:43:c0:2f:92:a8:6c:62:b1:
91:64:8f:ab:b2:03:a4:22:02:7c:15:ab:19:83:5e:d8:30:68:
95:f2:e8:af:65:d8:e8:2b
-----BEGIN CERTIFICATE-----
MIIHIjCCBQqgAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1XRjEP
MA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTAe
Fw0xODA1MDUwOTMyNTBaFw0zODA1MDUwOTMyNTBaMIGiMQswCQYDVQQGEwJERTEP
MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3Bl
bjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEVMBMGA1UEAxMMVlBOLVdGLWNo
cmlzMQ8wDQYDVQQpEwZWUE4gV0YxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVu
LmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArCi8XLI6OCowQPLf
JMJixpFh687fZPQ9C3LD91gnRbZ7eY6hXBA795Jd19lhAnB8w47xykFgUGhfvaLP
5u+yrYLd87tCJ1obeYcekyoaJuLNOaGmRLtQBfYAuYwREuxkwYxiLCfyIXGrLwGX
DgusermEa01ppZAIxkNyuSd+MbEYQWDIWgYxnI9fBmoWdUetxl9tS8E6nH1ALC0B
5HYTFwsOiq7YVPtpxJuFpL3YTUguyC+5kumMu1xEfjmkK+orHYrA0jkE7nZDoQke
LpWD0YWR/NegEgq5bNQi4vlONqZ5GhJTdVb08neYgtndY8G/l2KZ7W9VNiD61hFB
tvskstUqLFxY0rz91BQzKtfb3nnJJR6SztCOA1iawfipKypvU0dlQjlN8L7z2a8H
QgeL+owX+29IX8oBwt8ZOCX1M+hP2sWeRsO0nLTEdb2H9RH7+9YBZ9NJRWWWHidH
e1aAFH0CiRe8egoqnVofHKXXwO5DGuFBsKpqi8m+X/9jbMOgWmQSoMUEiHoUnBfu
nei7RZ4LMnSNifqVK0IbKpyQ8w91eqRB9HQNKv02M8lJ/AsfRXjhxCVepGyh3syF
d53e+F2wJfX1SyIZSRDyuayaHNtgGMEqN+FeuXwXsyZoj/f0EHXsEaoJvZNA144r
M+IHOU7MX3rmWz52oUcaRZDCje0CAwEAAaOCAWUwggFhMAkGA1UdEwQCMAAwLQYJ
YIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNV
HQ4EFgQURLi5LZhzOnrufjlEXb56hJYcmpkwgdEGA1UdIwSByTCBxoAUTz6IFOGh
ISjj5ltza9wPl9lg9fGhgaKkgZ8wgZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZC
ZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQL
ExBOZXR3b3JrIFNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tV0YxDzANBgNVBCkTBlZQ
TiBXRjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDYTMsotXFUuzAT
BgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEAYDVR0RBAkwB4IFY2hy
aXMwDQYJKoZIhvcNAQELBQADggIBAH83wyx/dT3/7Qyeq8H1BvfmHSMgdfCxWopm
ziGhL2UNOBbXKcf+Vm52i9UlzSCVZ2/w04cDA+dph+pFjZ/qvY7ZrUAkDZQrG7ou
Z4twULERVLVl2vdfQgixbC2DOzx5l7DbVJKYXnb09WsklXAGZl8TyO340YwDz107
RjGFLnrlPCb2fyBV1i68vxNB9jKHryY9q2QCLNK7zP3+bGeHLdYt/1CgQoydc4pn
L/Z7YcnLKcyGViyfIQzrM7ZmdAceLQA2aaAtanJ9eDMfWU+j73ROrfy6p+aAndXE
uai2ESwson7+5Rf8mLIfda30JFj9QE9RS04/yOGSG8W5s3pww+vpxX9A9MpTLiiX
fErYCZT3yAvpRXbvEiNBL5m4TPGVzZPiV4MRfgm6ydxzsJVWR5WYcObPSbbykuMp
ql9BDzWh/YSZqMV543CrPGJfr5DcSpQflMD9f+bha7z1dzk4Hcz+/Kl8XEW8Pc0/
4yIn4K5tIOB0c5IEiQqK5+rDf+I2umzw5CL0odPrek4TPaahqOkJL4L/ZKmqBy8h
G6ieS7qHi6MkTCMVYPREUy0qsS390GmRVwJtrZdV9ugjoyOfzjh4zh1GkCoyngeB
5Q8+nr8GQYFUA0+rVau2E42bXnFDwC+SqGxisZFkj6uyA6QiAnwVqxmDXtgwaJXy
6K9l2Ogr
-----END CERTIFICATE-----

139
WF/openvpn/wf/keys/04.pem Normal file
View File

@ -0,0 +1,139 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4 (0x4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-WF/name=VPN WF/emailAddress=argus@oopen.de
Validity
Not Before: May 5 09:34:15 2018 GMT
Not After : May 5 09:34:15 2038 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=kaya/name=VPN-WF-kaya/emailAddress=argus@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:d5:a0:20:75:b3:9e:3a:79:ea:09:e9:1d:07:b4:
fc:72:2a:41:14:c1:bc:b2:44:9c:d3:7c:81:6e:fb:
5c:8f:0a:af:56:75:43:6c:27:bb:34:6a:f6:9b:39:
76:ff:f3:a9:87:1a:b0:a8:94:9f:18:3e:8f:b5:53:
c7:f8:ff:c5:02:14:f5:0a:a5:72:7d:8c:1d:fb:f8:
89:b4:f9:37:9b:04:89:65:86:c2:ba:e6:58:91:59:
ec:8d:71:bc:aa:f3:58:60:f4:62:06:8b:26:dc:47:
a3:94:fb:78:c2:13:4e:86:db:52:eb:1d:9d:dc:a9:
07:8e:0d:40:56:0e:be:27:b2:96:fa:05:7b:76:8f:
90:1c:56:3e:fa:23:3b:c6:0c:c8:98:64:2c:bb:cc:
49:f4:c3:2a:66:6c:c7:e2:4b:51:5d:1d:eb:d7:10:
b0:bf:17:90:a3:fa:59:ee:07:f5:48:0b:03:28:87:
8e:08:34:b7:38:b9:da:92:5d:74:2e:c8:ef:50:53:
18:e2:fb:05:a4:a8:30:a3:64:c7:0e:4a:23:35:44:
86:1e:65:44:fb:7f:76:57:d2:88:a2:00:36:b4:bc:
83:7a:f4:26:56:a8:be:ce:de:96:6f:3f:8e:3c:93:
d2:11:cb:c0:4c:f1:30:53:9a:31:72:35:e9:13:79:
61:d6:44:e7:58:09:59:94:8b:23:18:14:5f:88:42:
64:3f:bf:f5:c7:b0:5e:52:07:7f:80:9d:e9:bf:47:
5f:c1:0f:12:90:fa:a8:d7:7e:d7:db:c6:99:95:c5:
a8:3f:18:96:9a:46:82:3d:e8:82:4a:40:a9:13:ab:
2c:f2:82:37:39:09:05:89:52:c4:b7:a2:25:39:f6:
ad:4c:21:6c:62:8e:43:7b:16:ba:91:a0:f0:20:27:
98:48:5f:dc:e4:b4:26:c4:d0:92:b0:0c:17:b0:bc:
6a:fb:e4:1f:88:5e:8f:1e:83:15:17:56:aa:db:62:
37:8a:a9:58:13:cf:50:91:f0:3a:fc:19:7d:59:25:
8a:c1:b9:59:26:22:d8:42:54:25:2b:a4:9f:51:2b:
9b:01:69:36:d1:ef:b1:32:94:bd:85:a9:3a:00:2c:
b3:c9:45:d5:29:fa:1b:db:df:1c:82:f2:49:53:88:
f0:91:fc:28:12:fc:2f:ef:82:45:d0:bd:05:b0:8b:
2a:16:8f:fd:5c:6f:77:7a:fd:ec:11:3c:f0:5b:b6:
07:6e:f1:e2:ef:4e:36:4d:15:27:be:de:cd:56:85:
38:9a:33:88:f5:39:0e:83:62:6f:86:42:2c:29:70:
f7:b1:1e:1d:29:7a:32:da:e7:ef:98:52:11:b6:aa:
fe:1c:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
D4:84:86:AB:79:DB:B9:CE:97:11:0C:B7:E8:DE:E8:0B:0E:1B:AB:1D
X509v3 Authority Key Identifier:
keyid:4F:3E:88:14:E1:A1:21:28:E3:E6:5B:73:6B:DC:0F:97:D9:60:F5:F1
DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-WF/name=VPN WF/emailAddress=argus@oopen.de
serial:D8:4C:CB:28:B5:71:54:BB
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:kaya
Signature Algorithm: sha256WithRSAEncryption
5b:bb:c1:d3:04:da:d5:40:06:84:c3:f8:4e:69:7b:f1:fa:42:
ae:ac:3d:3b:dd:32:c1:7f:3c:11:03:f3:88:1d:0e:e3:9b:17:
99:3b:22:49:1b:8d:e2:20:5c:2e:d2:b7:ec:68:94:9c:a3:48:
1f:cd:b5:c6:58:56:a1:c6:54:26:de:b9:72:5e:73:ba:a5:01:
df:7c:7a:ba:da:f4:c1:66:0b:bc:4a:d0:e8:b3:82:3e:47:d2:
7f:49:0b:dc:f3:7f:16:4a:1e:00:71:99:de:c1:8d:ea:c0:db:
83:71:56:68:c5:7f:93:95:f2:70:9c:0e:41:ed:16:00:84:a1:
47:c4:a8:3b:61:a2:41:4e:f8:1d:7c:a2:aa:bc:71:52:94:80:
c6:7b:f3:c5:c9:5f:d1:01:58:8a:d9:9c:38:78:fb:fe:0a:8c:
2d:ea:1d:4d:a9:a9:53:06:2e:e0:69:09:ae:fe:98:73:c6:9a:
1d:3a:a5:40:b1:75:60:2c:81:c8:ed:b6:93:6b:5f:fd:00:e7:
fd:c5:3d:e7:02:ce:e3:3d:46:c2:c5:17:77:51:3c:af:ec:c5:
78:cf:b2:88:63:98:81:ed:b7:00:06:d8:5b:a7:e8:77:73:ff:
a5:ee:46:59:64:b1:fe:1e:28:41:8d:82:a3:df:36:98:fb:19:
14:c8:2e:f8:4b:63:b0:e1:12:1f:a3:3d:0b:3c:4a:ff:0f:13:
ed:5d:b5:29:4b:ca:f3:bb:bc:b5:3d:85:1f:ee:ce:ab:6d:0a:
20:7f:33:26:f7:70:79:44:2d:4d:cf:d6:72:37:c4:86:51:b8:
cf:70:be:88:1c:9a:1e:77:13:94:19:28:6f:9c:10:db:87:bd:
78:b4:7e:aa:3d:6c:6b:d2:40:84:e6:12:b4:9b:5f:be:6f:06:
c8:d5:cb:d2:7b:b0:82:97:51:e7:2f:71:44:09:f1:a3:ff:51:
54:e1:4e:19:cc:19:2a:7d:87:9d:22:81:f2:04:59:a4:dd:5d:
42:75:53:a2:d0:7e:b8:fe:45:c0:e5:40:5f:92:d1:69:77:19:
42:21:07:89:77:d4:2c:4d:33:29:f8:6d:f2:98:57:ea:e4:44:
db:16:13:63:6f:59:a3:aa:e9:65:8d:9d:67:4c:d0:08:8b:28:
d5:d8:52:a8:09:40:08:10:72:64:d7:8a:0f:8d:38:e5:28:dd:
8c:4e:71:68:dc:7c:61:63:cb:3e:cb:1f:31:0e:12:19:3a:1e:
2e:e6:4d:d1:9c:5c:e5:e2:e6:62:e9:98:1d:fe:6d:0d:d2:2e:
45:c6:13:fc:fc:cc:ae:22:71:9a:81:92:46:b2:31:43:45:50:
e8:27:8d:8e:f6:30:10:8d
-----BEGIN CERTIFICATE-----
MIIHHjCCBQagAwIBAgIBBDANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1XRjEP
MA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTAe
Fw0xODA1MDUwOTM0MTVaFw0zODA1MDUwOTM0MTVaMIGfMQswCQYDVQQGEwJERTEP
MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3Bl
bjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczENMAsGA1UEAxMEa2F5YTEUMBIG
A1UEKRMLVlBOLVdGLWtheWExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRl
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1aAgdbOeOnnqCekdB7T8
cipBFMG8skSc03yBbvtcjwqvVnVDbCe7NGr2mzl2//OphxqwqJSfGD6PtVPH+P/F
AhT1CqVyfYwd+/iJtPk3mwSJZYbCuuZYkVnsjXG8qvNYYPRiBosm3EejlPt4whNO
httS6x2d3KkHjg1AVg6+J7KW+gV7do+QHFY++iM7xgzImGQsu8xJ9MMqZmzH4ktR
XR3r1xCwvxeQo/pZ7gf1SAsDKIeOCDS3OLnakl10LsjvUFMY4vsFpKgwo2THDkoj
NUSGHmVE+392V9KIogA2tLyDevQmVqi+zt6Wbz+OPJPSEcvATPEwU5oxcjXpE3lh
1kTnWAlZlIsjGBRfiEJkP7/1x7BeUgd/gJ3pv0dfwQ8SkPqo137X28aZlcWoPxiW
mkaCPeiCSkCpE6ss8oI3OQkFiVLEt6IlOfatTCFsYo5Dexa6kaDwICeYSF/c5LQm
xNCSsAwXsLxq++QfiF6PHoMVF1aq22I3iqlYE89QkfA6/Bl9WSWKwblZJiLYQlQl
K6SfUSubAWk20e+xMpS9hak6ACyzyUXVKfob298cgvJJU4jwkfwoEvwv74JF0L0F
sIsqFo/9XG93ev3sETzwW7YHbvHi7042TRUnvt7NVoU4mjOI9TkOg2JvhkIsKXD3
sR4dKXoy2ufvmFIRtqr+HC0CAwEAAaOCAWQwggFgMAkGA1UdEwQCMAAwLQYJYIZI
AYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E
FgQU1ISGq3nbuc6XEQy36N7oCw4bqx0wgdEGA1UdIwSByTCBxoAUTz6IFOGhISjj
5ltza9wPl9lg9fGhgaKkgZ8wgZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBO
ZXR3b3JrIFNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tV0YxDzANBgNVBCkTBlZQTiBX
RjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDYTMsotXFUuzATBgNV
HSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwDwYDVR0RBAgwBoIEa2F5YTAN
BgkqhkiG9w0BAQsFAAOCAgEAW7vB0wTa1UAGhMP4Tml78fpCrqw9O90ywX88EQPz
iB0O45sXmTsiSRuN4iBcLtK37GiUnKNIH821xlhWocZUJt65cl5zuqUB33x6utr0
wWYLvErQ6LOCPkfSf0kL3PN/FkoeAHGZ3sGN6sDbg3FWaMV/k5XycJwOQe0WAISh
R8SoO2GiQU74HXyiqrxxUpSAxnvzxclf0QFYitmcOHj7/gqMLeodTampUwYu4GkJ
rv6Yc8aaHTqlQLF1YCyByO22k2tf/QDn/cU95wLO4z1GwsUXd1E8r+zFeM+yiGOY
ge23AAbYW6fod3P/pe5GWWSx/h4oQY2Co982mPsZFMgu+EtjsOESH6M9CzxK/w8T
7V21KUvK87u8tT2FH+7Oq20KIH8zJvdweUQtTc/WcjfEhlG4z3C+iByaHncTlBko
b5wQ24e9eLR+qj1sa9JAhOYStJtfvm8GyNXL0nuwgpdR5y9xRAnxo/9RVOFOGcwZ
Kn2HnSKB8gRZpN1dQnVTotB+uP5FwOVAX5LRaXcZQiEHiXfULE0zKfht8phX6uRE
2xYTY29Zo6rpZY2dZ0zQCIso1dhSqAlACBByZNeKD4045SjdjE5xaNx8YWPLPssf
MQ4SGToeLuZN0Zxc5eLmYumYHf5tDdIuRcYT/PzMriJxmoGSRrIxQ0VQ6CeNjvYw
EI0=
-----END CERTIFICATE-----

139
WF/openvpn/wf/keys/05.pem Normal file
View File

@ -0,0 +1,139 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5 (0x5)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-WF/name=VPN WF/emailAddress=argus@oopen.de
Validity
Not Before: May 5 09:35:49 2018 GMT
Not After : May 5 09:35:49 2038 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-WF-mariette/name=VPN WF/emailAddress=argus@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:e2:ae:d2:6e:42:a2:37:df:1b:cc:5e:a3:4e:0d:
78:35:b5:63:6e:c4:db:86:61:75:0e:6c:e1:0d:fc:
af:70:24:77:4e:9a:69:5a:11:85:f1:aa:3a:68:a8:
d4:e4:e8:21:9f:66:a7:07:7b:aa:49:8e:7f:e0:7f:
83:e1:ca:eb:0e:1e:0b:78:a3:d6:29:a2:55:d9:92:
bb:92:00:08:ea:63:00:85:55:9d:3b:ba:15:91:4e:
f4:89:07:11:65:6e:61:31:9e:9a:66:6d:6a:44:2d:
53:c5:c1:51:b1:ac:87:22:40:e7:a1:78:cf:2d:9b:
1e:61:86:00:5d:29:96:71:19:f3:49:e7:90:cf:e1:
0f:49:e6:46:78:c3:01:f6:fb:12:e2:a1:5b:42:d4:
e9:24:51:5a:1c:0c:de:80:74:e6:25:35:64:c5:85:
44:d3:21:05:fe:34:c1:68:5d:ea:2d:37:78:5a:11:
f0:cb:32:64:c5:99:36:bb:da:48:db:8f:26:45:72:
ca:8f:ad:d4:a3:57:42:d9:28:78:50:a8:bb:cf:9b:
a5:cf:c9:ea:09:aa:d6:86:71:c8:4b:b8:59:af:e0:
6b:f0:d8:6a:00:de:ae:85:69:4a:2f:0b:54:02:88:
02:30:7e:34:89:46:37:66:36:cb:df:ce:f2:54:3d:
71:09:61:d6:0a:3f:76:09:74:d6:b7:6b:ed:9d:55:
39:a4:4f:bc:d4:8b:ea:45:41:72:d6:0f:94:7c:7e:
56:73:d5:6a:63:e9:35:55:ad:b2:d4:56:d1:1b:67:
57:27:8e:b6:69:70:49:44:66:6e:6b:21:68:fa:65:
c0:6a:8c:09:30:c0:f0:60:50:b6:fb:bb:be:28:57:
82:25:03:86:5e:50:bd:cd:e3:a9:53:56:d2:3e:aa:
e6:2d:49:19:23:85:4a:fa:c6:da:2e:e0:8b:8b:9e:
ed:c3:21:c0:b0:7b:24:78:9e:f9:74:4e:70:2d:72:
08:df:eb:57:50:7a:22:72:2d:ae:5d:50:1f:ac:74:
71:5f:43:35:9c:5f:86:45:3d:d9:c5:db:b0:6a:95:
ac:9a:94:fd:43:c0:0f:10:8d:1c:6c:dc:8a:25:5d:
d4:bb:58:43:93:cc:f8:a2:53:e3:f2:56:7d:ab:2a:
1f:29:12:32:d9:bf:11:96:62:e3:61:2f:31:aa:71:
98:71:30:02:22:f2:37:9b:99:df:f9:5f:d1:de:a4:
12:d5:2d:44:68:2f:a9:26:ce:6e:7e:41:b4:54:a5:
b7:07:eb:70:45:63:99:23:99:f4:00:70:76:ea:69:
65:e7:e3:a3:4d:99:f6:d2:45:0d:3e:6c:55:90:7b:
1c:c4:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
C6:B8:F9:FF:AD:7A:32:1B:2E:14:10:DE:74:70:34:53:02:50:73:89
X509v3 Authority Key Identifier:
keyid:4F:3E:88:14:E1:A1:21:28:E3:E6:5B:73:6B:DC:0F:97:D9:60:F5:F1
DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-WF/name=VPN WF/emailAddress=argus@oopen.de
serial:D8:4C:CB:28:B5:71:54:BB
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:mariette
Signature Algorithm: sha256WithRSAEncryption
78:ad:ed:36:6f:8a:e6:0c:a8:d3:41:27:b7:ed:bc:95:6d:20:
83:dd:1a:b1:a6:c8:93:de:f7:37:8a:96:f5:c1:b4:7c:5d:92:
e7:8d:d4:1d:31:6e:20:99:87:89:41:5c:6e:97:e5:d4:c7:7d:
69:f8:b8:6e:0e:74:eb:06:d2:ac:b4:ad:9a:85:fa:ec:4a:45:
70:21:47:0e:ee:48:64:56:97:64:ad:3a:87:95:e0:1d:0a:53:
3e:4a:45:d0:8b:fa:11:a4:1d:ac:04:67:3a:53:8c:1c:87:73:
ea:aa:85:6d:a0:fd:11:aa:cb:95:97:8c:39:9c:9e:b5:0c:54:
2b:08:77:cb:df:2f:28:54:83:d0:ad:b5:3c:db:69:62:04:35:
aa:ea:de:ad:76:15:10:98:7e:8c:b4:ec:4a:de:90:ef:2a:84:
1a:a6:5f:fb:f9:21:72:10:c5:0a:4f:01:de:f6:be:58:ca:cd:
f3:36:5f:d7:83:2f:0b:ab:58:e2:fe:f8:09:08:e8:f1:ac:ee:
16:83:43:86:f6:bc:14:67:36:63:b8:a6:0e:51:26:1e:74:3b:
83:f3:bd:b4:5e:c4:a3:63:cd:3e:b8:63:7d:f1:41:ee:13:38:
b9:8f:f0:cb:a5:f5:ad:f1:39:88:a4:76:b9:08:4e:9b:63:fa:
f2:ab:47:6a:d7:51:3d:09:2f:d9:09:ee:24:c0:93:14:20:55:
11:8f:c6:3f:32:ab:87:87:b6:f8:a6:86:b7:0b:96:9e:97:77:
75:a6:91:40:67:ef:ab:8d:91:2b:0b:be:b3:e0:3b:f1:54:bf:
44:a0:12:8f:90:55:e2:cd:9c:2e:53:8e:68:4f:00:7f:34:d4:
1e:a6:d5:5c:68:3c:c0:9e:81:08:67:f1:bb:9e:71:4c:ed:c7:
3f:32:28:1f:19:c6:72:c1:72:da:f1:f2:dd:05:72:c9:34:df:
1d:27:6c:1c:f8:28:7f:af:91:9d:73:0f:6e:bf:ae:a1:48:a8:
88:61:3f:a7:7d:9f:92:6e:55:cc:77:21:3a:15:73:d2:37:36:
37:47:3e:44:80:ba:36:e8:61:3d:94:20:d9:bf:d0:64:28:b9:
f8:a0:a9:2e:88:e0:00:23:9a:21:b0:96:b7:1a:39:82:7c:38:
07:f1:46:2f:30:7c:72:4c:8a:49:26:58:af:7b:ff:46:cd:a4:
8d:19:57:fd:49:e5:a2:15:65:81:a7:27:3e:00:58:11:dc:19:
12:a9:dd:26:e8:9e:db:f4:b0:69:31:ec:9d:ec:ad:13:4c:6c:
96:67:0f:f1:90:5c:ab:ff:2d:bf:bb:f4:4e:32:8e:ca:f3:99:
db:16:67:0b:a4:12:a4:e8
-----BEGIN CERTIFICATE-----
MIIHKDCCBRCgAwIBAgIBBTANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1XRjEP
MA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTAe
Fw0xODA1MDUwOTM1NDlaFw0zODA1MDUwOTM1NDlaMIGlMQswCQYDVQQGEwJERTEP
MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3Bl
bjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEYMBYGA1UEAxMPVlBOLVdGLW1h
cmlldHRlMQ8wDQYDVQQpEwZWUE4gV0YxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9v
cGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4q7SbkKiN98b
zF6jTg14NbVjbsTbhmF1DmzhDfyvcCR3TpppWhGF8ao6aKjU5Oghn2anB3uqSY5/
4H+D4crrDh4LeKPWKaJV2ZK7kgAI6mMAhVWdO7oVkU70iQcRZW5hMZ6aZm1qRC1T
xcFRsayHIkDnoXjPLZseYYYAXSmWcRnzSeeQz+EPSeZGeMMB9vsS4qFbQtTpJFFa
HAzegHTmJTVkxYVE0yEF/jTBaF3qLTd4WhHwyzJkxZk2u9pI248mRXLKj63Uo1dC
2Sh4UKi7z5ulz8nqCarWhnHIS7hZr+Br8NhqAN6uhWlKLwtUAogCMH40iUY3ZjbL
387yVD1xCWHWCj92CXTWt2vtnVU5pE+81IvqRUFy1g+UfH5Wc9VqY+k1Va2y1FbR
G2dXJ462aXBJRGZuayFo+mXAaowJMMDwYFC2+7u+KFeCJQOGXlC9zeOpU1bSPqrm
LUkZI4VK+sbaLuCLi57twyHAsHskeJ75dE5wLXII3+tXUHoici2uXVAfrHRxX0M1
nF+GRT3ZxduwapWsmpT9Q8APEI0cbNyKJV3Uu1hDk8z4olPj8lZ9qyofKRIy2b8R
lmLjYS8xqnGYcTACIvI3m5nf+V/R3qQS1S1EaC+pJs5ufkG0VKW3B+twRWOZI5n0
AHB26mll5+OjTZn20kUNPmxVkHscxFUCAwEAAaOCAWgwggFkMAkGA1UdEwQCMAAw
LQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAd
BgNVHQ4EFgQUxrj5/616MhsuFBDedHA0UwJQc4kwgdEGA1UdIwSByTCBxoAUTz6I
FOGhISjj5ltza9wPl9lg9fGhgaKkgZ8wgZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQI
EwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYD
VQQLExBOZXR3b3JrIFNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tV0YxDzANBgNVBCkT
BlZQTiBXRjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDYTMsotXFU
uzATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEwYDVR0RBAwwCoII
bWFyaWV0dGUwDQYJKoZIhvcNAQELBQADggIBAHit7TZviuYMqNNBJ7ftvJVtIIPd
GrGmyJPe9zeKlvXBtHxdkueN1B0xbiCZh4lBXG6X5dTHfWn4uG4OdOsG0qy0rZqF
+uxKRXAhRw7uSGRWl2StOoeV4B0KUz5KRdCL+hGkHawEZzpTjByHc+qqhW2g/RGq
y5WXjDmcnrUMVCsId8vfLyhUg9CttTzbaWIENarq3q12FRCYfoy07ErekO8qhBqm
X/v5IXIQxQpPAd72vljKzfM2X9eDLwurWOL++AkI6PGs7haDQ4b2vBRnNmO4pg5R
Jh50O4PzvbRexKNjzT64Y33xQe4TOLmP8Mul9a3xOYikdrkITptj+vKrR2rXUT0J
L9kJ7iTAkxQgVRGPxj8yq4eHtvimhrcLlp6Xd3WmkUBn76uNkSsLvrPgO/FUv0Sg
Eo+QVeLNnC5TjmhPAH801B6m1VxoPMCegQhn8buecUztxz8yKB8ZxnLBctrx8t0F
csk03x0nbBz4KH+vkZ1zD26/rqFIqIhhP6d9n5JuVcx3IToVc9I3NjdHPkSAujbo
YT2UINm/0GQoufigqS6I4AAjmiGwlrcaOYJ8OAfxRi8wfHJMikkmWK97/0bNpI0Z
V/1J5aIVZYGnJz4AWBHcGRKp3Sbontv0sGkx7J3srRNMbJZnD/GQXKv/Lb+79E4y
jsrzmdsWZwukEqTo
-----END CERTIFICATE-----

139
WF/openvpn/wf/keys/06.pem Normal file
View File

@ -0,0 +1,139 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6 (0x6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-WF/name=VPN WF/emailAddress=argus@oopen.de
Validity
Not Before: May 5 09:36:58 2018 GMT
Not After : May 5 09:36:58 2038 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-WF-lalix/name=VPN WF/emailAddress=argus@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:d2:c2:53:a6:06:a2:bb:cc:fa:67:bc:12:93:8d:
73:5d:9a:18:c6:a2:5e:4c:82:5d:85:75:61:87:c4:
7e:8b:e7:bc:e2:7a:6c:fc:67:44:d5:6d:a8:94:bc:
2d:a9:6a:76:b1:8a:e6:f4:bf:d5:ce:43:67:fd:46:
d8:51:1d:76:8e:44:46:48:c0:b2:e8:2c:0b:bd:d4:
89:86:d5:c1:ae:65:f4:19:25:d4:95:24:34:3b:8e:
f4:50:0a:e0:6e:93:e4:2b:bb:16:5c:3c:24:2e:47:
7b:66:5a:a5:2d:3c:c5:af:5d:0b:5a:52:9e:0a:4e:
87:21:ba:b1:7c:ac:b1:b2:0c:b2:8c:5b:cc:5f:97:
8a:48:66:01:6a:5a:33:89:9c:32:93:a3:b6:bb:e2:
d7:f8:2e:c5:93:16:0f:d4:87:91:98:0d:27:b4:e8:
aa:66:8c:95:ef:2f:99:db:89:6c:b8:33:8f:a4:ad:
b3:52:89:fb:b1:1d:20:5a:0a:da:c2:5d:b8:68:91:
e0:3c:96:08:d7:69:74:a9:3d:aa:44:91:eb:a4:6d:
15:8a:86:ae:8d:47:b6:a7:8e:cf:6b:eb:a5:0b:2e:
0c:cf:ab:9d:2a:aa:28:53:22:d2:91:1b:e7:54:72:
6d:6d:e5:85:06:d8:05:ee:de:33:be:49:9e:1d:59:
bc:ae:7a:a0:0b:4c:21:a7:3a:15:72:74:a0:5f:b5:
6b:1a:15:9c:0f:79:48:99:3d:30:39:02:bd:e1:95:
20:5c:1f:67:4a:0b:2f:5b:d6:d1:a4:01:32:5b:67:
18:b2:01:fa:43:5e:ea:d4:b9:fa:50:9d:f5:8d:16:
57:55:e7:f2:cd:70:f5:c8:ee:47:45:59:bb:c9:48:
5b:5c:4f:02:2c:99:48:61:f5:73:e9:6d:f2:06:94:
b4:9b:52:38:01:ba:bc:50:a4:90:0c:48:6e:60:1d:
1e:2b:d3:47:9d:be:a7:a4:ab:af:7e:88:96:fe:c3:
2d:29:76:cd:7d:c0:eb:ff:0c:3a:ad:76:c8:d2:c2:
e5:61:6d:82:0c:dc:d1:51:92:46:c0:d3:b9:5b:32:
4a:74:89:d0:04:8b:3f:d5:8e:30:68:81:35:7c:cf:
2b:79:30:2c:a8:57:a1:fd:d8:09:84:70:43:b2:4a:
ed:d5:8a:16:5a:de:71:c3:81:9a:c8:58:b4:5a:01:
fd:90:88:50:ec:2d:56:d2:39:89:6f:fd:24:00:ae:
e1:f4:66:b4:73:d9:37:16:b8:0d:ff:ad:59:12:44:
28:d9:e2:16:bd:86:8c:af:79:06:da:b0:dd:c2:e9:
13:55:33:82:a3:b1:34:21:f8:6e:8f:fd:00:70:8b:
f3:c5:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
D7:D1:D6:0A:75:85:6F:9D:A8:8C:6A:7D:98:0C:24:11:C7:51:91:19
X509v3 Authority Key Identifier:
keyid:4F:3E:88:14:E1:A1:21:28:E3:E6:5B:73:6B:DC:0F:97:D9:60:F5:F1
DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-WF/name=VPN WF/emailAddress=argus@oopen.de
serial:D8:4C:CB:28:B5:71:54:BB
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:lalix
Signature Algorithm: sha256WithRSAEncryption
14:d5:67:b7:76:41:bc:d4:b1:a9:11:1c:9c:c1:1e:20:28:db:
9d:2c:21:67:5e:b7:e0:f4:a2:47:8a:6c:da:bd:a5:d4:fb:f0:
84:bb:0b:05:95:08:ba:64:76:f0:d8:ac:95:5e:85:45:15:b8:
c0:0a:a1:e7:5f:21:36:f7:98:43:f6:dc:ef:d4:91:5e:19:ca:
33:e9:bc:12:77:78:76:27:d0:f1:95:02:6c:09:2c:86:ae:5d:
0d:50:18:71:54:31:df:35:6b:c3:3c:81:5e:3d:e6:55:41:3f:
89:ce:9c:26:fa:ba:1e:b0:68:6e:d6:d8:51:f6:ee:b2:3d:2e:
ab:0d:0d:e8:44:37:45:d8:0f:ab:42:2b:98:79:62:79:bb:34:
f1:6a:fd:1c:56:d6:77:f2:6f:00:04:c3:5d:b9:4c:89:55:97:
3d:c2:f2:68:4f:b2:56:45:52:2b:1d:0d:38:d2:ba:14:e6:06:
68:0d:c2:b2:89:c9:5c:87:07:d3:87:a1:fa:12:ab:29:24:7f:
f2:a5:01:17:c0:1c:d1:7d:84:b8:07:07:56:18:c2:3e:9b:3b:
f0:17:58:da:24:23:3a:12:6b:d7:a3:12:be:38:36:1b:70:94:
36:21:68:68:53:67:ac:c9:af:f7:14:42:6c:ed:e7:e8:3b:d1:
ea:34:cf:62:f6:19:96:83:8f:70:e8:7c:f8:a1:ac:f2:d8:d5:
0d:59:fa:f4:e7:b9:35:28:30:93:9e:ea:e1:8a:4b:c5:ad:4b:
9e:c9:fc:eb:60:11:cb:9b:33:2c:20:1b:59:95:e5:eb:e1:ff:
17:d2:1b:28:82:5b:a8:4e:47:14:b8:7a:48:3e:84:60:fd:dd:
c2:1c:11:c1:48:4c:a5:74:81:7e:e2:1f:ec:20:f3:38:a1:cd:
a1:b2:3a:c0:5a:8b:90:cc:bb:47:55:ac:b1:4e:0f:1e:f0:94:
c6:28:86:e6:d6:06:49:d3:47:bc:dc:74:cf:45:d7:1b:12:7d:
b5:e2:08:97:22:d2:75:71:c9:fc:fc:ec:18:76:60:be:d9:d2:
88:fc:89:3e:0d:a7:0e:ad:e6:3a:e8:f3:11:1a:7b:af:a5:63:
1c:07:91:7f:dc:55:bf:8d:b8:e0:3c:ef:c3:3a:7b:dd:97:ca:
2a:0f:af:ff:e5:f8:cb:ea:a4:fd:0e:7b:ae:92:67:7c:fd:4c:
e0:cd:2c:f4:31:7b:35:5d:42:92:36:ed:8a:a2:a0:8f:61:c7:
ab:88:9e:ee:a8:9e:86:91:c4:5a:9b:e2:3b:94:eb:0d:84:5e:
8b:ff:aa:28:48:c4:ec:27:18:af:b4:d2:0f:34:50:b0:44:b7:
cf:a3:e7:3c:e0:14:cb:16
-----BEGIN CERTIFICATE-----
MIIHIjCCBQqgAwIBAgIBBjANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1XRjEP
MA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTAe
Fw0xODA1MDUwOTM2NThaFw0zODA1MDUwOTM2NThaMIGiMQswCQYDVQQGEwJERTEP
MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3Bl
bjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEVMBMGA1UEAxMMVlBOLVdGLWxh
bGl4MQ8wDQYDVQQpEwZWUE4gV0YxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVu
LmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0sJTpgaiu8z6Z7wS
k41zXZoYxqJeTIJdhXVhh8R+i+e84nps/GdE1W2olLwtqWp2sYrm9L/VzkNn/UbY
UR12jkRGSMCy6CwLvdSJhtXBrmX0GSXUlSQ0O470UArgbpPkK7sWXDwkLkd7Zlql
LTzFr10LWlKeCk6HIbqxfKyxsgyyjFvMX5eKSGYBaloziZwyk6O2u+LX+C7FkxYP
1IeRmA0ntOiqZoyV7y+Z24lsuDOPpK2zUon7sR0gWgrawl24aJHgPJYI12l0qT2q
RJHrpG0VioaujUe2p47Pa+ulCy4Mz6udKqooUyLSkRvnVHJtbeWFBtgF7t4zvkme
HVm8rnqgC0whpzoVcnSgX7VrGhWcD3lImT0wOQK94ZUgXB9nSgsvW9bRpAEyW2cY
sgH6Q17q1Ln6UJ31jRZXVefyzXD1yO5HRVm7yUhbXE8CLJlIYfVz6W3yBpS0m1I4
Abq8UKSQDEhuYB0eK9NHnb6npKuvfoiW/sMtKXbNfcDr/ww6rXbI0sLlYW2CDNzR
UZJGwNO5WzJKdInQBIs/1Y4waIE1fM8reTAsqFeh/dgJhHBDskrt1YoWWt5xw4Ga
yFi0WgH9kIhQ7C1W0jmJb/0kAK7h9Ga0c9k3FrgN/61ZEkQo2eIWvYaMr3kG2rDd
wukTVTOCo7E0Ifhuj/0AcIvzxTMCAwEAAaOCAWUwggFhMAkGA1UdEwQCMAAwLQYJ
YIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNV
HQ4EFgQU19HWCnWFb52ojGp9mAwkEcdRkRkwgdEGA1UdIwSByTCBxoAUTz6IFOGh
ISjj5ltza9wPl9lg9fGhgaKkgZ8wgZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZC
ZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQL
ExBOZXR3b3JrIFNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tV0YxDzANBgNVBCkTBlZQ
TiBXRjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDYTMsotXFUuzAT
BgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEAYDVR0RBAkwB4IFbGFs
aXgwDQYJKoZIhvcNAQELBQADggIBABTVZ7d2QbzUsakRHJzBHiAo250sIWdet+D0
okeKbNq9pdT78IS7CwWVCLpkdvDYrJVehUUVuMAKoedfITb3mEP23O/UkV4ZyjPp
vBJ3eHYn0PGVAmwJLIauXQ1QGHFUMd81a8M8gV495lVBP4nOnCb6uh6waG7W2FH2
7rI9LqsNDehEN0XYD6tCK5h5Ynm7NPFq/RxW1nfybwAEw125TIlVlz3C8mhPslZF
UisdDTjSuhTmBmgNwrKJyVyHB9OHofoSqykkf/KlARfAHNF9hLgHB1YYwj6bO/AX
WNokIzoSa9ejEr44NhtwlDYhaGhTZ6zJr/cUQmzt5+g70eo0z2L2GZaDj3DofPih
rPLY1Q1Z+vTnuTUoMJOe6uGKS8WtS57J/OtgEcubMywgG1mV5evh/xfSGyiCW6hO
RxS4ekg+hGD93cIcEcFITKV0gX7iH+wg8zihzaGyOsBai5DMu0dVrLFODx7wlMYo
hubWBknTR7zcdM9F1xsSfbXiCJci0nVxyfz87Bh2YL7Z0oj8iT4Npw6t5jro8xEa
e6+lYxwHkX/cVb+NuOA878M6e92XyioPr//l+MvqpP0Oe66SZ3z9TODNLPQxezVd
QpI27YqioI9hx6uInu6onoaRxFqb4juU6w2EXov/qihIxOwnGK+00g80ULBEt8+j
5zzgFMsW
-----END CERTIFICATE-----

139
WF/openvpn/wf/keys/07.pem Normal file
View File

@ -0,0 +1,139 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7 (0x7)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-WF/name=VPN WF/emailAddress=argus@oopen.de
Validity
Not Before: May 5 09:38:05 2018 GMT
Not After : May 5 09:38:05 2038 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-WF-christian/name=VPN WF/emailAddress=argus@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:ca:e3:4a:25:87:c5:ee:b6:45:bf:ad:2e:0b:ec:
e0:c0:87:c1:28:38:41:ac:a1:95:c5:6f:ea:ef:7d:
4d:d4:e3:3c:d2:89:ad:f8:30:0f:70:ed:0f:13:d3:
2b:28:63:4a:15:c4:79:b4:db:77:b8:49:4e:e1:e6:
29:60:95:b3:7e:c1:8f:c7:c2:b9:2c:79:e3:cb:73:
f0:e5:34:93:38:72:59:73:3d:df:ee:87:6f:0c:0b:
c8:26:d6:3b:63:a6:c1:66:2f:4c:a6:83:f6:59:e0:
36:af:17:75:cc:14:16:94:ef:c2:d6:61:fe:4a:f2:
2f:7b:2c:72:48:ca:4e:2e:e6:c0:73:97:10:e0:05:
17:1f:a0:6c:d1:94:67:b0:09:f2:92:0d:ca:61:60:
91:e6:c2:d0:e3:0a:24:2a:fb:ed:89:18:38:9c:8e:
f4:ac:9b:d0:06:89:d2:7e:88:a6:39:71:4b:9b:64:
7b:53:ac:ee:11:7f:31:22:05:cb:3d:72:40:2d:1a:
66:8d:1b:f8:ce:94:20:c5:c0:6c:c5:64:ac:29:83:
e5:99:10:6e:a7:c0:d5:cf:a9:41:52:ce:c6:de:e0:
49:7f:a0:8f:7c:01:99:27:30:8a:23:0b:a4:5a:34:
30:8c:61:91:4a:ec:75:f6:bf:79:1f:38:ff:d1:8b:
d7:ed:73:52:07:c7:37:97:1f:ce:29:09:0c:a7:4b:
f3:14:c8:3f:15:33:85:d4:65:eb:71:e6:af:f1:17:
71:97:50:eb:14:1d:96:0b:c8:25:82:15:e9:fc:2e:
3e:53:5b:ba:7a:0b:35:ec:d6:a5:a3:70:dc:a0:af:
0f:dc:08:ff:41:70:97:16:76:6f:13:bf:ef:04:12:
2c:c0:ab:22:ad:b5:56:37:11:fe:28:32:d8:6a:b0:
d1:09:ef:2d:8b:00:c2:b6:b6:41:bc:4b:60:1c:3e:
64:96:04:9e:84:5e:fc:aa:9d:0e:8d:a6:a5:af:6e:
2a:b8:3f:07:15:65:0a:8c:3d:1a:3d:0a:58:3c:05:
cb:7c:33:50:df:db:63:33:6a:0a:61:5a:a8:0d:99:
12:b8:c7:2c:a8:53:08:77:c0:d6:a9:de:93:2c:e7:
52:e8:38:93:e4:2e:1d:06:ba:ee:71:41:49:b7:ae:
8f:ce:08:d7:6f:2a:43:1c:66:ed:96:16:69:34:7e:
64:43:f4:19:0d:ba:e6:e5:73:35:19:3d:d1:e8:14:
d8:f9:f6:38:6d:53:27:6d:66:1f:88:7d:f3:62:97:
a2:00:f5:85:d3:d4:92:bd:4d:14:69:ce:f5:6b:aa:
d0:31:d3:a6:64:d1:21:53:a0:a5:9e:a3:3d:e0:d9:
45:9b:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
69:0D:79:49:09:F5:95:C5:71:22:E9:B7:FD:59:A7:5A:0E:F5:DF:1C
X509v3 Authority Key Identifier:
keyid:4F:3E:88:14:E1:A1:21:28:E3:E6:5B:73:6B:DC:0F:97:D9:60:F5:F1
DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-WF/name=VPN WF/emailAddress=argus@oopen.de
serial:D8:4C:CB:28:B5:71:54:BB
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:christian
Signature Algorithm: sha256WithRSAEncryption
ab:2f:a1:72:76:e2:a3:23:77:08:85:70:89:93:94:1b:b2:1a:
fb:26:be:11:6a:3b:1c:30:8f:d3:16:14:9b:b3:13:a1:f1:45:
ea:e3:99:ae:a9:6e:38:e6:2e:0c:01:66:c8:d3:e0:fb:b6:40:
e5:ee:1c:ef:f1:87:6c:7b:0c:bd:07:fe:08:6d:52:c0:cb:28:
e7:ff:a7:9a:36:db:25:a8:02:35:e1:e5:e3:70:4c:d2:4c:12:
2c:d7:99:c0:15:a3:43:5d:8a:d4:12:2e:e3:99:cc:6e:e0:5a:
07:7a:e5:43:de:a3:17:03:15:15:6f:47:4d:1a:1b:3b:47:9b:
a8:35:6d:fb:0b:1a:d6:2b:df:3c:2a:5d:62:64:b4:45:41:31:
5f:4f:ee:2e:d5:32:fe:62:9c:b6:1e:92:9b:b8:6d:4d:fd:cb:
57:cf:62:da:a8:b6:49:ba:52:58:e8:4f:c5:47:83:18:bc:79:
64:f3:9f:3c:63:f4:9b:32:48:09:e8:9d:9d:2e:28:b8:40:76:
72:85:41:92:a9:07:1a:1e:42:59:bf:be:f6:a2:a9:a2:d2:44:
8e:1c:f2:00:df:b0:29:d5:04:bb:ba:b7:e2:b7:c2:31:bc:a3:
97:8e:40:ff:ae:2d:df:49:60:9f:ca:9a:5c:dd:03:5f:26:31:
94:bf:ea:7e:a5:fd:14:9d:3f:5b:16:30:73:8e:c1:55:46:dc:
bb:e1:a4:99:b8:6d:2f:7f:ab:40:ce:95:bd:05:72:0b:19:f0:
7a:3b:0a:e3:c3:cd:ba:dc:fb:85:3d:9e:33:ad:63:ab:bb:85:
78:73:55:80:74:dc:72:f9:f3:05:43:9d:e5:2d:95:49:54:aa:
96:af:ee:98:b6:cc:b0:8b:b3:37:1d:f1:87:7f:9f:9b:32:20:
1f:1c:11:41:5a:ea:25:60:c6:32:31:78:fc:a1:59:df:b1:94:
02:95:b6:1a:d3:f0:cb:95:7a:2d:26:48:d3:2d:7c:44:f7:cd:
6a:cc:c7:27:c5:33:16:8e:3d:d0:be:87:a2:b9:e9:74:12:fa:
d4:41:cd:6a:c0:25:3d:23:00:bc:ce:4b:ef:f8:05:37:cc:80:
2b:58:fc:ec:7b:23:b5:f9:bc:77:63:be:94:9d:3c:b8:c6:d6:
53:09:22:da:09:ad:05:a0:68:8d:93:3f:5c:eb:3d:ca:95:5d:
96:60:28:f0:b6:5f:16:27:c6:bf:f1:90:1c:b8:31:16:9d:5e:
b4:17:d2:d2:62:6b:88:60:9c:14:80:26:b9:8a:5b:1b:4d:83:
9c:9d:17:47:70:7a:c5:b9:17:22:a7:72:bd:c5:69:c3:13:c7:
dc:34:3b:a0:cf:b7:68:ba
-----BEGIN CERTIFICATE-----
MIIHKjCCBRKgAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1XRjEP
MA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTAe
Fw0xODA1MDUwOTM4MDVaFw0zODA1MDUwOTM4MDVaMIGmMQswCQYDVQQGEwJERTEP
MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3Bl
bjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEZMBcGA1UEAxMQVlBOLVdGLWNo
cmlzdGlhbjEPMA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bv
b3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMrjSiWHxe62
Rb+tLgvs4MCHwSg4QayhlcVv6u99TdTjPNKJrfgwD3DtDxPTKyhjShXEebTbd7hJ
TuHmKWCVs37Bj8fCuSx548tz8OU0kzhyWXM93+6HbwwLyCbWO2OmwWYvTKaD9lng
Nq8XdcwUFpTvwtZh/kryL3ssckjKTi7mwHOXEOAFFx+gbNGUZ7AJ8pINymFgkebC
0OMKJCr77YkYOJyO9Kyb0AaJ0n6IpjlxS5tke1Os7hF/MSIFyz1yQC0aZo0b+M6U
IMXAbMVkrCmD5ZkQbqfA1c+pQVLOxt7gSX+gj3wBmScwiiMLpFo0MIxhkUrsdfa/
eR84/9GL1+1zUgfHN5cfzikJDKdL8xTIPxUzhdRl63Hmr/EXcZdQ6xQdlgvIJYIV
6fwuPlNbunoLNezWpaNw3KCvD9wI/0FwlxZ2bxO/7wQSLMCrIq21VjcR/igy2Gqw
0QnvLYsAwra2QbxLYBw+ZJYEnoRe/KqdDo2mpa9uKrg/BxVlCow9Gj0KWDwFy3wz
UN/bYzNqCmFaqA2ZErjHLKhTCHfA1qnekyznUug4k+QuHQa67nFBSbeuj84I128q
Qxxm7ZYWaTR+ZEP0GQ265uVzNRk90egU2Pn2OG1TJ21mH4h982KXogD1hdPUkr1N
FGnO9Wuq0DHTpmTRIVOgpZ6jPeDZRZvhAgMBAAGjggFpMIIBZTAJBgNVHRMEAjAA
MC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUw
HQYDVR0OBBYEFGkNeUkJ9ZXFcSLpt/1Zp1oO9d8cMIHRBgNVHSMEgckwgcaAFE8+
iBThoSEo4+Zbc2vcD5fZYPXxoYGipIGfMIGcMQswCQYDVQQGEwJERTEPMA0GA1UE
CBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcG
A1UECxMQTmV0d29yayBTZXJ2aWNlczEPMA0GA1UEAxMGVlBOLVdGMQ8wDQYDVQQp
EwZWUE4gV0YxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlggkA2EzLKLVx
VLswEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMBQGA1UdEQQNMAuC
CWNocmlzdGlhbjANBgkqhkiG9w0BAQsFAAOCAgEAqy+hcnbioyN3CIVwiZOUG7Ia
+ya+EWo7HDCP0xYUm7MTofFF6uOZrqluOOYuDAFmyNPg+7ZA5e4c7/GHbHsMvQf+
CG1SwMso5/+nmjbbJagCNeHl43BM0kwSLNeZwBWjQ12K1BIu45nMbuBaB3rlQ96j
FwMVFW9HTRobO0ebqDVt+wsa1ivfPCpdYmS0RUExX0/uLtUy/mKcth6Sm7htTf3L
V89i2qi2SbpSWOhPxUeDGLx5ZPOfPGP0mzJICeidnS4ouEB2coVBkqkHGh5CWb++
9qKpotJEjhzyAN+wKdUEu7q34rfCMbyjl45A/64t30lgn8qaXN0DXyYxlL/qfqX9
FJ0/WxYwc47BVUbcu+GkmbhtL3+rQM6VvQVyCxnwejsK48PNutz7hT2eM61jq7uF
eHNVgHTccvnzBUOd5S2VSVSqlq/umLbMsIuzNx3xh3+fmzIgHxwRQVrqJWDGMjF4
/KFZ37GUApW2GtPwy5V6LSZI0y18RPfNaszHJ8UzFo490L6HornpdBL61EHNasAl
PSMAvM5L7/gFN8yAK1j87Hsjtfm8d2O+lJ08uMbWUwki2gmtBaBojZM/XOs9ypVd
lmAo8LZfFifGv/GQHLgxFp1etBfS0mJriGCcFIAmuYpbG02DnJ0XR3B6xbkXIqdy
vcVpwxPH3DQ7oM+3aLo=
-----END CERTIFICATE-----

139
WF/openvpn/wf/keys/axel.crt Normal file
View File

@ -0,0 +1,139 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-WF/name=VPN WF/emailAddress=argus@oopen.de
Validity
Not Before: May 5 09:30:46 2018 GMT
Not After : May 5 09:30:46 2038 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-WF-axel/name=VPN WF/emailAddress=argus@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:c0:d1:e2:70:f3:fc:1f:c6:5a:55:25:e5:94:e1:
c6:3e:15:57:d2:b9:9f:2e:7e:1e:1a:63:f2:96:cd:
a4:4b:7f:1b:f7:90:f6:bf:cb:ce:04:6f:68:50:52:
6a:37:b2:a4:b3:fd:3c:88:c7:f0:9b:fe:4c:5d:ae:
2d:9a:3c:96:37:01:af:3b:ac:ad:44:51:93:20:ee:
d4:85:99:22:d1:c5:6d:7a:83:d0:e6:29:e5:c9:6c:
b1:73:90:58:40:21:7e:f1:bc:7a:08:94:c7:47:96:
b3:82:dc:13:b1:e8:e5:87:4e:8c:21:2c:7f:37:5c:
2a:0a:ea:1d:a0:17:bb:3b:fb:e7:0a:12:1c:ee:01:
f3:de:4a:47:fd:b9:f9:77:ee:87:84:c9:d5:33:ee:
b9:57:d7:12:b0:4d:bf:fa:16:f1:82:18:2d:b2:c8:
96:7f:fe:08:20:96:65:d9:77:92:e7:0f:5f:fc:a2:
3a:b6:ae:59:d6:13:bc:bf:d1:a3:5a:14:74:ed:f4:
e3:6b:a7:c9:0e:6b:b5:c7:5f:d8:b6:ef:5e:e9:0e:
68:4a:7d:2e:e2:1a:13:b9:f9:e0:dc:b3:43:19:09:
42:4d:09:e0:45:d1:8f:36:40:5d:f0:6b:c9:2c:26:
17:17:c6:5b:25:fa:a8:30:1f:62:57:e9:0f:09:aa:
5f:80:8e:76:8c:c1:e9:8f:59:62:47:35:b3:0b:6d:
c1:3b:54:19:23:b7:11:63:74:ed:ee:aa:bf:a0:b9:
51:31:63:64:e9:06:b1:10:65:14:db:41:cc:52:11:
d9:bb:ae:de:75:70:80:13:f5:6c:ec:2d:2d:d5:b5:
b1:0b:dd:2f:6b:12:c0:1c:2c:9c:92:e5:a9:88:19:
d5:90:f2:90:08:da:a0:bc:95:40:7f:10:cb:89:ac:
03:f1:80:98:ca:df:10:7a:72:a8:54:80:33:ba:f6:
e5:23:f4:6d:d6:11:75:61:dd:87:0e:f4:e1:e4:2a:
b7:6e:7b:6a:fa:73:3a:97:23:05:78:9f:53:05:7e:
5d:ce:95:27:f6:ea:37:19:b2:d6:ed:83:9e:c0:85:
b8:16:7a:b3:57:09:f4:94:8b:80:54:98:06:d1:2c:
cd:2f:2b:c3:bf:88:b5:a2:cd:c6:f3:b4:04:4b:bd:
08:6a:78:04:d8:8b:16:84:5b:a5:37:0c:2e:3b:1e:
0b:14:63:35:45:67:2a:a2:26:1f:38:41:53:e8:83:
48:0c:60:a0:25:d6:7e:3a:9e:68:76:9d:ca:f0:27:
44:45:6d:9f:ad:fb:19:2e:bc:8b:2b:63:76:78:63:
d7:8b:0a:2c:76:b8:48:8c:eb:87:a9:1d:82:af:73:
80:25:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
CE:C5:B3:DC:D8:6F:8F:EA:09:99:B9:41:64:B7:22:D5:BC:F9:A6:98
X509v3 Authority Key Identifier:
keyid:4F:3E:88:14:E1:A1:21:28:E3:E6:5B:73:6B:DC:0F:97:D9:60:F5:F1
DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-WF/name=VPN WF/emailAddress=argus@oopen.de
serial:D8:4C:CB:28:B5:71:54:BB
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:axel
Signature Algorithm: sha256WithRSAEncryption
5d:62:04:7e:b8:0d:61:4f:fb:56:57:3f:4d:a9:f8:6f:68:a5:
ab:92:1c:b2:04:32:5f:a4:02:2e:3a:1d:d8:59:28:2f:8c:1b:
9c:33:a3:c3:17:a8:5f:52:df:0c:d2:2a:52:6c:08:47:5f:12:
ca:50:9e:cb:4d:b2:48:4a:67:26:9f:a0:79:39:41:be:a1:2e:
f1:51:82:81:90:bd:34:54:9b:9f:7a:56:59:74:e6:74:b0:e9:
cf:5a:52:85:df:db:66:76:14:03:ae:0a:fd:3c:6d:2a:e5:f4:
76:b5:2c:32:69:11:d7:94:0b:40:05:2f:da:bd:01:04:d3:9d:
3a:d1:93:bc:26:05:f1:17:99:b9:db:52:93:10:b6:da:d0:21:
53:7b:e4:86:12:fd:67:bf:87:7d:cf:cd:75:80:2d:74:e9:9e:
c8:76:df:23:3c:37:cb:c0:90:41:ea:f7:38:23:d6:5f:54:55:
b2:27:31:4e:d3:54:2c:51:a9:7f:17:30:c7:21:19:37:1d:1d:
75:f3:a4:73:cb:79:d1:be:b4:6f:12:da:f0:be:51:c6:db:2f:
4e:b4:46:6c:5a:b5:c5:0d:c7:44:00:ee:cc:96:79:a9:45:ee:
cd:dc:69:71:61:c0:a5:46:05:24:e9:85:86:ce:4d:3e:3a:a5:
bb:7c:ef:2e:0a:5a:9f:b2:1f:38:4b:b0:67:f5:8f:78:6e:71:
86:43:9e:a7:71:85:6e:e2:19:b4:5c:18:63:49:6b:0a:da:54:
29:4d:18:05:80:f9:08:87:e6:c4:6a:01:b0:c3:7a:d2:ee:cf:
93:b9:43:bc:2f:0b:1f:8b:61:e5:64:08:c4:45:5c:5b:52:be:
1f:51:56:a7:b4:15:c4:88:6a:cf:d0:3a:fa:34:03:e8:bb:8a:
e5:49:bb:60:1d:b7:fd:e3:d3:bf:0c:7c:28:15:26:de:f8:5b:
2a:9c:88:35:80:a6:5b:a2:55:ad:bf:69:56:f8:e9:7e:a8:4c:
0a:99:44:48:d5:90:8a:41:3f:d1:ca:c1:c4:18:c6:96:e1:f0:
72:cc:2c:35:8e:63:78:1b:00:f6:1d:6b:a1:db:cf:f5:b6:e5:
94:27:e9:02:bd:35:2a:01:81:85:7a:01:2a:88:23:15:4e:3d:
5b:9a:31:fe:10:6a:1f:d1:29:0c:46:72:ed:25:73:61:2c:8c:
29:88:55:7e:44:e9:6f:d9:33:4a:47:48:a1:6e:17:8f:bd:12:
df:47:da:d6:3a:4a:7e:d5:43:7e:c6:01:5e:29:bc:44:14:9f:
0c:38:fa:86:0f:41:5d:5a:e9:27:83:12:7f:75:2f:e8:06:d6:
2a:f9:5d:0a:6c:fe:0f:cb
-----BEGIN CERTIFICATE-----
MIIHIDCCBQigAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1XRjEP
MA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTAe
Fw0xODA1MDUwOTMwNDZaFw0zODA1MDUwOTMwNDZaMIGhMQswCQYDVQQGEwJERTEP
MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3Bl
bjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEUMBIGA1UEAxMLVlBOLVdGLWF4
ZWwxDzANBgNVBCkTBlZQTiBXRjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4u
ZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDA0eJw8/wfxlpVJeWU
4cY+FVfSuZ8ufh4aY/KWzaRLfxv3kPa/y84Eb2hQUmo3sqSz/TyIx/Cb/kxdri2a
PJY3Aa87rK1EUZMg7tSFmSLRxW16g9DmKeXJbLFzkFhAIX7xvHoIlMdHlrOC3BOx
6OWHTowhLH83XCoK6h2gF7s7++cKEhzuAfPeSkf9ufl37oeEydUz7rlX1xKwTb/6
FvGCGC2yyJZ//ggglmXZd5LnD1/8ojq2rlnWE7y/0aNaFHTt9ONrp8kOa7XHX9i2
717pDmhKfS7iGhO5+eDcs0MZCUJNCeBF0Y82QF3wa8ksJhcXxlsl+qgwH2JX6Q8J
ql+AjnaMwemPWWJHNbMLbcE7VBkjtxFjdO3uqr+guVExY2TpBrEQZRTbQcxSEdm7
rt51cIAT9WzsLS3VtbEL3S9rEsAcLJyS5amIGdWQ8pAI2qC8lUB/EMuJrAPxgJjK
3xB6cqhUgDO69uUj9G3WEXVh3YcO9OHkKrdue2r6czqXIwV4n1MFfl3OlSf26jcZ
stbtg57AhbgWerNXCfSUi4BUmAbRLM0vK8O/iLWizcbztARLvQhqeATYixaEW6U3
DC47HgsUYzVFZyqiJh84QVPog0gMYKAl1n46nmh2ncrwJ0RFbZ+t+xkuvIsrY3Z4
Y9eLCix2uEiM64epHYKvc4AlzwIDAQABo4IBZDCCAWAwCQYDVR0TBAIwADAtBglg
hkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1Ud
DgQWBBTOxbPc2G+P6gmZuUFktyLVvPmmmDCB0QYDVR0jBIHJMIHGgBRPPogU4aEh
KOPmW3Nr3A+X2WD18aGBoqSBnzCBnDELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJl
cmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsT
EE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1XRjEPMA0GA1UEKRMGVlBO
IFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZYIJANhMyyi1cVS7MBMG
A1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAPBgNVHREECDAGggRheGVs
MA0GCSqGSIb3DQEBCwUAA4ICAQBdYgR+uA1hT/tWVz9NqfhvaKWrkhyyBDJfpAIu
Oh3YWSgvjBucM6PDF6hfUt8M0ipSbAhHXxLKUJ7LTbJISmcmn6B5OUG+oS7xUYKB
kL00VJufelZZdOZ0sOnPWlKF39tmdhQDrgr9PG0q5fR2tSwyaRHXlAtABS/avQEE
05060ZO8JgXxF5m521KTELba0CFTe+SGEv1nv4d9z811gC106Z7Idt8jPDfLwJBB
6vc4I9ZfVFWyJzFO01QsUal/FzDHIRk3HR1186Rzy3nRvrRvEtrwvlHG2y9OtEZs
WrXFDcdEAO7MlnmpRe7N3GlxYcClRgUk6YWGzk0+OqW7fO8uClqfsh84S7Bn9Y94
bnGGQ56ncYVu4hm0XBhjSWsK2lQpTRgFgPkIh+bEagGww3rS7s+TuUO8Lwsfi2Hl
ZAjERVxbUr4fUVantBXEiGrP0Dr6NAPou4rlSbtgHbf949O/DHwoFSbe+FsqnIg1
gKZbolWtv2lW+Ol+qEwKmURI1ZCKQT/RysHEGMaW4fByzCw1jmN4GwD2HWuh28/1
tuWUJ+kCvTUqAYGFegEqiCMVTj1bmjH+EGof0SkMRnLtJXNhLIwpiFV+ROlv2TNK
R0ihbhePvRLfR9rWOkp+1UN+xgFeKbxEFJ8MOPqGD0FdWukngxJ/dS/oBtYq+V0K
bP4Pyw==
-----END CERTIFICATE-----

29
WF/openvpn/wf/keys/axel.csr Normal file
View File

@ -0,0 +1,29 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIE5zCCAs8CAQAwgaExCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3Jr
IFNlcnZpY2VzMRQwEgYDVQQDEwtWUE4tV0YtYXhlbDEPMA0GA1UEKRMGVlBOIFdG
MR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEB
BQADggIPADCCAgoCggIBAMDR4nDz/B/GWlUl5ZThxj4VV9K5ny5+Hhpj8pbNpEt/
G/eQ9r/LzgRvaFBSajeypLP9PIjH8Jv+TF2uLZo8ljcBrzusrURRkyDu1IWZItHF
bXqD0OYp5clssXOQWEAhfvG8egiUx0eWs4LcE7Ho5YdOjCEsfzdcKgrqHaAXuzv7
5woSHO4B895KR/25+Xfuh4TJ1TPuuVfXErBNv/oW8YIYLbLIln/+CCCWZdl3kucP
X/yiOrauWdYTvL/Ro1oUdO3042unyQ5rtcdf2LbvXukOaEp9LuIaE7n54NyzQxkJ
Qk0J4EXRjzZAXfBrySwmFxfGWyX6qDAfYlfpDwmqX4COdozB6Y9ZYkc1swttwTtU
GSO3EWN07e6qv6C5UTFjZOkGsRBlFNtBzFIR2buu3nVwgBP1bOwtLdW1sQvdL2sS
wBwsnJLlqYgZ1ZDykAjaoLyVQH8Qy4msA/GAmMrfEHpyqFSAM7r25SP0bdYRdWHd
hw704eQqt257avpzOpcjBXifUwV+Xc6VJ/bqNxmy1u2DnsCFuBZ6s1cJ9JSLgFSY
BtEszS8rw7+ItaLNxvO0BEu9CGp4BNiLFoRbpTcMLjseCxRjNUVnKqImHzhBU+iD
SAxgoCXWfjqeaHadyvAnREVtn637GS68iytjdnhj14sKLHa4SIzrh6kdgq9zgCXP
AgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAgEALOHNZO9R9IChEHhCzr5pkglnRjz2
szfuv8D/kkZVQBSrEccgD0osp7eDzOpTCASP7sJJidlzeRfudUQ2Z7wrc8lIiaAt
48g9PnGSb++G6b/63OtAtw2l42GaLU00Nxk4VCcjDEtyAqXN4ijLNiPA8XNJkGjF
NA0+qMvC1LEqjqLs+DESO8b4BTXqxZHRc7Z22Nh1IcKBDFR/RnfhWgSsW3WQ5evD
9pKOW/Pv0FjrjZqi1o5nKXW9wW0ff8NwG77yGD6dT9mNYKu5e9nwn8zc9MAkIU2X
cBiR/jmm9qFaZWWRl0MghSMFqMjH6CQsRBgWmdI90Hg8DBA8NsAD1oS+65WBMSXv
I2wqXkwAxscy+kwVaH7oFNJ0jSOadmww5OtHMOswrTFsyPl8bDX3IA/dXPfpHSyt
DdvkCxRfarV55nfUZbx5QWYfmyrC37Wk/ccI3rLB2ezGC+ymeaRk+ZbClKcxtTiK
YPdv5J8qkk+SINe5gDCQpTdvxFBOeaM1rWmMd5nLHvmzHOZHq9ntFmOPVs3PPSW9
XeoguiLzZaUb7Du/k8wef6w+dN8J+RmbLdfDIPtsHYugxiLQmG0R2wumi8QENTcf
TWMV0UKu4B/KntaTV2lhL+bMXXmzhBYMQQRW13XvYBlPggRYmHQfofy2/OYfX6Df
nfS+T45TdmNzkKg=
-----END CERTIFICATE REQUEST-----

54
WF/openvpn/wf/keys/axel.key Normal file
View File

@ -0,0 +1,54 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIJpDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIYiFMMREJCT0CAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECLm6bnbYcf1gBIIJUMrfL2VOB/rd
fSk74V0FZkJVsFhVEGZJ0jWM8n75cUO+yOB1wcXv9RczeEtW2e8ZU4LEb4aJZ7T3
RoGG2UxTsrkrN1Tw2sotuNIea2hT1+sTPbc74GJmZjf2BD2BIxpAS6VLkKGLoN11
c+1euUsLcs8Y1Y6T0Ig0aah9tUjp3qeA0pPMvmtWg2BjnmG6oU5FJnxOpuX/ItJi
vm38fMzApjh6vW6vxhD0sPdhanWdKilE+SPpe6sPCfHanVzVmP42NwMofoDrE5bP
CxMTJa2Pi6dA7qt+9HfeDfzOHsfCvlGAnwzumwKQx4O2BO+JQjC1V9WUEvo0zoHR
/+aHWZIF33pJmZJw0kIbC/WdG/SevK22BtcGy/+So1WRywkmtckP5oPcQ/ej+p0V
2bkgRGCfyehuoiBv8W7lCqvJDbdmSLBLrbSWhLHPfxfhW9Yqau3J2oUgQXel3G8F
9pECEQHVm3T54anPqEol96dYhP9inz2/BwFQqGaGrobJ+TOsh1DRAQpM8QMElWaZ
xjX5qcFk6O6Uf61uTOwcQnfxZD6vOhqHSmFJ4AQy6M2SBXM65Q1S3ZnRpWKJxXBg
jspgK2iWDwtoXHGFWpazBaIMd/PRmYmibOAZbCSfRvgfkTXE3+HeZwk7ZCwKBATY
u7oHxdcEaccuLiq0HXutTOjyKUk8ui33FkwI6i2v6bcsSDbj0RiGjPQmdxxZG2bO
yL1JKHMpj5sIS0ZjfSmoOK4u3bEd5TvShPplIVqf79SRUJEEOlqNxXTjkAdG2OXQ
GuNscbIMrvJ7zVyQgWjzfMS0PdSHpeHAqgVLxcjkDTFEHIssmzUSCq9sHVKAQX4h
IDyNJPHWwRnH4pfUGaS62zK2WCFM6GSolPtS5ZwJxgg7TRbKF7Z+ThW7n0MwHhZy
zJXKUL5fJurZYnLRgDzlVR3NsKkYg+Wwxy4k8NDGuYsx7zlQOfjoYe506ObxY9ih
YkQUX/s9AY2VZGWPypis+hZkJCVn7F9NMKOXVjDs4zMGWyhzRVoIwU0p10JqqRPI
k2V/UTYMkWseo1blIitT4ZEZQHVG+ciQsHQA/MBCBELQCl/NKGHjC0I9LRcFp5Sd
x6nTLCRb1i6Xqd1NRN/uF3BgJWJoPu+fBhRPF4ZI1YF+POaegKf80y3vbIMpaBUp
Ok/kS5L22NQvd0moHDKKbIu9H0q3WKokkipmi4cQZWslLO1ZGH3eoN+hyX1qHQOk
kr/bSRfYLdjFumXmw1t7HIu9I8sFnpyoJwVlC3I6zBYPysS3XRzQM4+sLcHR2Stw
9/ucvoLPuYI8Pyyk1WhFMLZtAjsDdRrlNgd3DcBbuR0ldCdMb7DQwj2LJDhaX0md
0E9xpwy415GQDYFkKAuOL5s1oTPbYBVqugErdfZMYU74BDrcxi6Bo2DfnmTF8/SR
0fhhihy5PboH+vsWT1CD4rHaxEFi0JnUQoMgFjUrdcfykz4Y7EPOAKOQ2I6XRhfF
fJfMi4c3iVa1NOd/4Kw6sh+/l1/XZxbdEwNd5CQ9Xa5WDQDglOqkf4Owkg9dYnTS
sfIX9NkQ9yV3n32UqYCDCIIlYnXfHo+cuFMqTwcVOi+acfag39aVSer5M7RUoeVu
JRcS+yOCRkIvm/SRt1XFVB4S1ZEseiSwjwdIvTtXr8bRzIpd3WF+q95qGYZLwISR
zc6WspL6d5Ll48yRntjV7lIgFt1bZB/Vj/U2c/+S5pIIXSPZyIuN8RYiL4IhZmxa
deMIB8Sx5ZriTn52vEUSje1dlolBr5xL+ifpG8IRSwa4GaRctBVrSNguTfx0ZKyQ
Ku+jdBiGFs1TcAec2Zlj2IGL+LkLuCF/ZaHQwkp7egG6tSXmpK6dk1VoUGb4HUXi
lwSJsW1kNj8nVvEvh8m1H7+UyI6y/jFUeuyisM5KV3UFOQNidKsmRBKaC2JlI3Zu
iKJ/jW2O2SwRMm44U2DgNjB05Jr22V/plKhUYFxhVB/1aBeoIywtij0BVY85/KZz
5Q2I3U33nyu5ewTfrT5essBcgKYJne+7s61yaGQeHjJCEbKNKtRtLkQ5vgdleWgg
LM29Oxr+3jjyB+dcIVe9EtYHZ/lF6ywuEeLH3RAdbmhPigt6rM0+MOnsIQOvjN9O
2DpGRvaBeA7acFPzmMJoKk3tQDh7tpJY4cgot9AvBt0US0XUvYSQf2In2S3ifSWU
9uz8otdB2rDf+OFU6L4xg5dTD8nqTHt9z7oUEeJWFz2C4qkZ4+10Czb3QRxj0OlB
isIkMh8k7kYQ4rtrZCbvkVjAJwnUQFI5zFBlo/8GfroOVFdFlx8kG3t0WAXJ9aX3
YnqUoMywxSAz8iBfN/sjv7rkgobozPlqEhGwEJ8hKBAf1HCwVegi5tmlXfXmLbSt
BWhKrJG98NwRApnWzFFvui4qiAGeXAsKx2/3w0An3sUwLJjUcfZNGsn/0wt56Hid
RP5Od59n1+UHWe1eMBhw6lZdvaVHostAj51kdGsuacr3tJN/g5Cko49NyJNI0k+U
/0+Lgxs8rUHHYe4SXeGR4Ri2YgVEJR3dqOPaiIiK4vg3wop8VLN4W+4PLqNFKDd6
RGn3yyS9CkR4Jqu3B5ezLCjwvTV+pcZ9UqlOUOK2O/diE5ro+2sj3zuw5rUUolwx
OQ9ex3m7JrqGadARhtc5ALPY4OmkbddIDL0ewc1PysMB5vATWMH149bmtKJSx5u9
tWnxzpFGpQu2YMyFMkNexbWHLMtZff7mXlwUk5NMgvnHQ+EdCaqj22zhQoRgL+us
SdL20wEBm+eEPgiWMSk1nmrgen1kU3gKRQzw7miqsSPnW+PSfJvxnbib2uuclHZS
8Sz56xwPksT2gNQvA6ir6ndeOAYJpMW3bQrQr8GLfiNDcUJ9cCNWJtfqZcBTxvvf
iHpLlNGBzwk5XDJuCJE1o6pkmF5fQMjBzpntre4df2kIbxuC8Fyu1TLnT9bgLywe
H8azR+2ZYDzSXtPYN+dOgNfH7AoCzLHczvMGLeCttzeUgvMPAesJK6BthIuJpxNV
01oaEQSrU49tiRgC89tgZs267MrIPnkUTlJoz/PW/wZ9f0RqnAfCMZLb7nj+p083
5v+d5g33xex9CZ2XUb051wdir7pamEUV0fpnCBAjRtjjb7PWMuOZjop7L23eMgbp
9obNF+BPYXYzLgSAioucrODoPEV2gYSi
-----END ENCRYPTED PRIVATE KEY-----

39
WF/openvpn/wf/keys/ca.crt Normal file
View File

@ -0,0 +1,39 @@
-----BEGIN CERTIFICATE-----
MIIGxjCCBK6gAwIBAgIJANhMyyi1cVS7MA0GCSqGSIb3DQEBCwUAMIGcMQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEPMA0GA1UEAxMG
VlBOLVdGMQ8wDQYDVQQpEwZWUE4gV0YxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9v
cGVuLmRlMCAXDTE4MDUwNDE4MjA0MloYDzIwNTAwNTA0MTgyMDQyWjCBnDELMAkG
A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMT
BlZQTi1XRjEPMA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bv
b3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK+cDn8x2oBG
oH7SDD3d9p+rRE4uzVDp/7YxuvvCXazhPUVc0BGE8hj6jCwB+tbbNlhbm/uwxAX6
96kz2AmoGzEZQy/Icb+UKNkKni15PUEaCcFWkgb9mMb/6XBP4JLUdnxxUn5rYB8A
m4jpKzMz6tBRlNmLbDVbcHriLuJJ3mgFBN/QYV9zurKzMRLv6Y8MVzLXY6MPYaFs
Lw398Iz/lIVLq40FxZ7oktvT3RFQUFjiTqBvdmQw91MYxJHGYZH6XB+tPhGw+9D7
w2ejAvv3MQU246oaEyyH3Pgh8GajSdKmiTH5YHRkp6LVnh7IGEZ1G7dbq8d5KlZP
zBP+Xdsf0gkjl3HI5cu4RJHWFg3dpNJxatxXc8owhaLa3wiVwSXobNsQBUNI5CeE
OItnetBLZzAmDlS5WoOAj5KMApun4xQQJXaazTaM5LhUN1TmXL6dq6rHSZrnrciV
aM0M6F96h0OFYq0RxsztXHiWFxJgbuNQSx1pzqsaFe4MtEEpMlI4SRQjtJPbje80
HCELo3Qfuxm6vLSGH1jXozhDt3/3jB96yBT+wemN3wxiiR/fWfmwH0k3VEFxbsBR
sMcgA3xopoyHU3cUQqWkFaKT0gBa0t2sZqpsaRgaR4YzKVuHu7Wezb3VRAt9VH35
E97yq3vv0J2OFN4trPMZ6TdRcRppe79bAgMBAAGjggEFMIIBATAdBgNVHQ4EFgQU
Tz6IFOGhISjj5ltza9wPl9lg9fEwgdEGA1UdIwSByTCBxoAUTz6IFOGhISjj5ltz
a9wPl9lg9fGhgaKkgZ8wgZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4x
DzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3
b3JrIFNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tV0YxDzANBgNVBCkTBlZQTiBXRjEd
MBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDYTMsotXFUuzAMBgNVHRME
BTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQApiMctoi++fFyKUOzdI5p+mJLxldQD
Jx6V6aY3wZRtKerXFuH+rAZDcBg5pCc+IwVYhR0ilJGvSFrN3nsipSRYkev3W8F7
8NBD0I0A02WmwOZA9GM5LAwc3w7dkGKLTIFM/qfwti4Y6o0Sb10r8QKhggiNBO53
Z10StshS5ciUtw0oH7oTRbsXhLOwwikkBxQgeCU5IJUtC2Xp8uG6Mrkqva/l+PIe
I83YPlE6NGiok2N9Cg7wx7Y65hg6F8lLePIh81pPLVujr91B1Y9Oc/iKwDZ+f0ep
uWnLSZJYbCrv4/QqPi4Km7CqJlPy4Wj861U2SmNkzJC721d2UDVBcFoGw3zIszYl
zGdXF71fcLqThlU/EwNgSOa/hQd6mcCZVBh0qlQHp1nefCUM4O5Qd7swSTV3Bdbx
wkkH/lWRPURL0qMevF5KNYT+dUV7Tplf11cW8D3cIe8+mr7p7FnFjKlbQ+YQQZ+O
d1zX06ADQPLsOat4FNwAkxBLSQ0anK9iu0xZUNy3RMRsLIX/gtl6qvxnWvuy2OJs
3bjs7hauPZLwycL5uaFoKt8twwomLPj4tE0AsWwxIGK7vQajJl755QNEgHfUd8Ng
U9tR185HsyrrKii3tuxGRwJGeN5IQkp/04CL2jVYYzkqe7tsr4SPE++hj/vK4zrw
E+i0hdVFGZBFNQ==
-----END CERTIFICATE-----

52
WF/openvpn/wf/keys/ca.key Normal file
View File

@ -0,0 +1,52 @@
-----BEGIN PRIVATE KEY-----
MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCvnA5/MdqARqB+
0gw93fafq0ROLs1Q6f+2Mbr7wl2s4T1FXNARhPIY+owsAfrW2zZYW5v7sMQF+vep
M9gJqBsxGUMvyHG/lCjZCp4teT1BGgnBVpIG/ZjG/+lwT+CS1HZ8cVJ+a2AfAJuI
6SszM+rQUZTZi2w1W3B64i7iSd5oBQTf0GFfc7qyszES7+mPDFcy12OjD2GhbC8N
/fCM/5SFS6uNBcWe6JLb090RUFBY4k6gb3ZkMPdTGMSRxmGR+lwfrT4RsPvQ+8Nn
owL79zEFNuOqGhMsh9z4IfBmo0nSpokx+WB0ZKei1Z4eyBhGdRu3W6vHeSpWT8wT
/l3bH9IJI5dxyOXLuESR1hYN3aTScWrcV3PKMIWi2t8IlcEl6GzbEAVDSOQnhDiL
Z3rQS2cwJg5UuVqDgI+SjAKbp+MUECV2ms02jOS4VDdU5ly+nauqx0ma563IlWjN
DOhfeodDhWKtEcbM7Vx4lhcSYG7jUEsdac6rGhXuDLRBKTJSOEkUI7ST243vNBwh
C6N0H7sZury0hh9Y16M4Q7d/94wfesgU/sHpjd8MYokf31n5sB9JN1RBcW7AUbDH
IAN8aKaMh1N3FEKlpBWik9IAWtLdrGaqbGkYGkeGMylbh7u1ns291UQLfVR9+RPe
8qt779CdjhTeLazzGek3UXEaaXu/WwIDAQABAoICAAwenhWDMExIE42NG5Etf3bX
kBhBPKRH8gD1/6yeZm6nAN6HoEiFP1wf9oqW/GPVrzN75xEAyxaKkosX6+IGuxGx
Z6SllcweAo+wHuiOhH64uFGikuNunxukz8yThrE7fo3qGEJnULPzC8jwJq4a+Cq2
Zqp459fq3qFseMXfST0uk36K2B2JVCo/GbTv39Oii2YT3WmEhz1nxPuXOgHRJcPp
TAaojlIARRpszcYDH/hybfC+oJIbmwYeIHrbESLM/4ykHTOFXmu25G6DnpIbJkPw
3NeBgy9AlSx+0yOSQ2cJXVCYoGKIC9W+HnKLZrl+HZKS/hD/OL/KNBBxLrMPyCQC
CyZhfs0WEvtjAZ5f31EqACEnCR13ZjSycMtTi/NzSEwenUriYF486rdAFDIQ5fXd
f5IhLhqVbjDWUNve56n0C2rKJhVYgQIjYTTzSnLAvvqfwRNp98s/98DHMxwSbQBz
Gwq+witmhqj3cv1xfddkv1bJbf7EWwgwvFzBwxu5lfZrl6Ws9Tq0C7TuNE6znhEs
SZSptUydRrfdY8OfFT9d9eEHqjR0QROcBkbjOOGxegYgw3Jc4QfpqMms01KLxmDe
w5P0N/iQX48g7OUrpSN1VHngwJARio6JZMrEuW3lTwxO6WifgoApUdEdJFVK0eIe
CvoXBPVbAwmi5PdvI7wBAoIBAQDbdnrbN/2wEPxEvIFYXbg7pvIoWWtEm+q7ZFWb
iAbGcHRkmCRQUNXPSrLWiSje2OI8y0l5ypz8Ix4YEw0Ww2YOoLTnVC8OcruoVWCR
ggAgZPfxoR/jYWnaYEBH1T0AY1LI3OX6ZYKGVmAIVTtldDi4cmkLDO25jBkFzqqc
Hg5/ZwRQeyrGcKSehBSK+meeP0ZPR04RaVkkmTKLJt0+GP2GBoG9qV47iDCAA3w9
+05r9gah0KPEaVQK6MGYF8+fiIlSGlCjZzHu+CTj94tsIswU5J7Hlc9ABr0d6HL1
e2Zt9u32gQKpzC+TeSw8cSrdk89es8GbkG0+MJC1RShPcsIBAoIBAQDM2Iy2B/3d
on5OVeesvsB7T0EclG1+wDntBXAdL5zwwjGkC4PZqGVjJTDfiRs4tYqPW2cfoHDf
gVMzQnb6bOO8Rruc5Y8vwHRNDwutznWiei7qgPbpLONp3pE+bj6iJvJ8JBhhMNUW
tJ8HOO5xJJz51eakyGhJvXoHJgbzazsF7svfyRoJAeqTa4GcuGSFveOzTCRUyng5
VMhN5U7aOnNynqdfegCDcA2v0LH6eHuzyqXfLJ181SfAfMgkayw+Dmk/ubQtgglz
VulBXpyFghqfChlidzUJa/dw3qRz5xLB2bhiM8AoMs2HnzOXaY2Czd+ttE41dIOY
kmjOn9fVXslbAoIBAQCARJ9JwU/kuAi5o/N1UlF7i/e83YZ0cyyemeXvIXHUSaW9
pa6Twqs0nNQpz8Czfs+7+JTZOjLGqz/Lklb0FwBvTD5vdiSKrURA/qWSZgjs5haE
g0e//g+AMwFe+qLMt0CLZZCE6Q+AtLssI6Szh1ofc78xVj0bVWbKnh/ZXzfZ/rvm
zhYSJYQRoeDf2br2IsVVULewNYKEgYWpDu4AfVqwGt15nKQW52Jxb5gOIfOT5he6
O9d71JPqTF/aJRCUjZi1A+xdlNL6eM4W73ftm+jrzTOAM28OXOHruRB3qcgUPV6X
1I9Z7p1f9FKGgR4so1dwYl+mLKOs1XW+fM0yokABAoIBAQCrtGDOPIipfQlOdGeL
vyDsu5QidrAJbOuhJ8vASybMEJs3nIdarPK/Vm9PEEgHEvUgEUexlPTIBElPUEkW
xKtoKAofC7UoG7Pg29m4SLUGClDFNHDDJ2NAXNV2dUZ++RKMyFy/KwWS0Lf0f94u
bLhAGvIH8gyosvBUiaWN6LZC1NWDsbfnEPoltBmi2lU4XeE9a3eQs15vAAgeczXT
audWjnJRb5x6kDSIyPBGuTNHk3fSSD2CY9G8YVwKWuNs6PuD9Q94jeWKDrHan4mn
x1S1NuvsQ2vrh9qTe6xxkqGAaBVMC4DosRzir6m5IzsBB7yUh+x+ljmwbBj6CbYL
Hja9AoIBAAOS3cIms52b6efa3yhFNjOceUrC+4S2Suj7dBX0AYZFALAnK6bmgdMk
a8+zcmqxW5dDaS55xHZ2D1Tfh01wQYC7AmdSXog3RBCVkgij0jVoJOkMMcoHBiIc
BHa/6sAcvZJZeHXzkT7zTVlPtvboMHJt2QU6rA2eBJAiOpQhFh9/jbph3LoZiCt2
0mTxhnmQU+EZZ8sp1cPitj0r2mMaRgxnIKOcvaavKrmqwo9MKV5n4hi43M8/nLG5
scdvaRcpkP809tdN0ewIqzLwgSymM3TRP2AcbrNCe0Y3dqgi+D3dfDmZPLO/psoz
5+fG19pe9kCo7mTnxNlgfWElZiONWHw=
-----END PRIVATE KEY-----

Some files were not shown because too many files have changed in this diff Show More