Initial commit

123/README.txt

@@ -0,0 +1,28 @@
+
+-------
+Notice:
+-------
+
+   You have to change some configuration files becaus the because
+   the configuration of network interfaces must not be equal.
+
+   !! Take care, to use the right device names !!
+   Maybe they are called i.e. 'enp0sXX', but you can rename it.
+   See also : README.rename.netdevices
+
+   For the backup gateway host:
+      eth1 --> LAN
+      eth2 --> WAN or ppp0 (DSL device)
+
+      eth0 --> WLAN or second LAN or what ever
+      or
+      br0  --> WLAN or second LAN or what ever
+
+
+   So you have to change the following files
+      dsl-provider.123: ppp0 comes over eth2
+      interfaces.123: see above
+      default_isc-dhcp-server.123
+      ipt-firewall.123: LAN device (mostly ) = eth1
+      second LAN WLAN or what ever (if present) = eth0
+         

123/bin/admin-stuff

@@ -0,0 +1 @@
+Subproject commit 6c91fc0987a1d4b55910523e167b3755ab1f6718

123/bin/clean_log_files.sh

@@ -0,0 +1 @@
+admin-stuff/clean_log_files.sh

123/bin/manage-gw-config

@@ -0,0 +1 @@
+Subproject commit db1c28271bd7e7442aa75b3be3ac8c796162abe9

123/bin/monitoring

@@ -0,0 +1 @@
+Subproject commit 0611d0a2ad1eefa0a9a094887a76bc5bc8532653

123/bin/os-upgrade.sh

@@ -0,0 +1 @@
+admin-stuff/os-upgrade.sh

123/bin/postfix

@@ -0,0 +1 @@
+Subproject commit c1934d5bdeee88e6f5b868c7d0bdb955539d34d4

123/bin/test_email.sh

@@ -0,0 +1 @@
+admin-stuff/test_email.sh

123/bind/bind.keys

@@ -0,0 +1,69 @@
+# The bind.keys file is used to override the built-in DNSSEC trust anchors
+# which are included as part of BIND 9.  As of the current release, the only
+# trust anchors it contains are those for the DNS root zone ("."), and for
+# the ISC DNSSEC Lookaside Validation zone ("dlv.isc.org").  Trust anchors
+# for any other zones MUST be configured elsewhere; if they are configured
+# here, they will not be recognized or used by named.
+#
+# The built-in trust anchors are provided for convenience of configuration.
+# They are not activated within named.conf unless specifically switched on.
+# To use the built-in root key, set "dnssec-validation auto;" in
+# named.conf options.  To use the built-in DLV key, set
+# "dnssec-lookaside auto;".  Without these options being set,
+# the keys in this file are ignored.
+#
+# This file is NOT expected to be user-configured.
+#
+# These keys are current as of Feburary 2017.  If any key fails to
+# initialize correctly, it may have expired.  In that event you should
+# replace this file with a current version.  The latest version of
+# bind.keys can always be obtained from ISC at https://www.isc.org/bind-keys.
+
+managed-keys {
+        # ISC DLV: See https://www.isc.org/solutions/dlv for details.
+        #
+        # NOTE: The ISC DLV zone is being phased out as of February 2017;
+        # the key will remain in place but the zone will be otherwise empty.
+        # Configuring "dnssec-lookaside auto;" to activate this key is
+        # harmless, but is no longer useful and is not recommended.
+        dlv.isc.org. initial-key 257 3 5 "BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2
+                brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+
+                1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5
+                ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk
+                Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM
+                QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt
+                TDN0YUuWrBNh";
+
+        # ROOT KEYS: See https://data.iana.org/root-anchors/root-anchors.xml
+        # for current trust anchor information.
+        #
+        # These keys are activated by setting "dnssec-validation auto;"
+        # in named.conf.
+        #
+        # This key (19036) is to be phased out starting in 2017. It will
+        # remain in the root zone for some time after its successor key
+        # has been added. It will remain this file until it is removed from
+        # the root zone.
+        . initial-key 257 3 8 "AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF
+                FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX
+                bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD
+                X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz
+                W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS
+                Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq
+                QxA+Uk1ihz0=";
+
+        # This key (20326) is to be published in the root zone in 2017.
+        # Servers which were already using the old key (19036) should
+        # roll seamlessly to this new one via RFC 5011 rollover. Servers
+        # being set up for the first time can use the contents of this
+        # file as initializing keys; thereafter, the keys in the
+        # managed key database will be trusted and maintained
+        # automatically.
+        . initial-key 257 3 8 "AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3
+                +/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kv
+                ArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF
+                0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+e
+                oZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfd
+                RUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwN
+                R1AkUTV74bU=";
+};

123/bind/db.0

@@ -0,0 +1,12 @@
+;
+; BIND reverse data file for broadcast zone
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.

123/bind/db.123.netz

@@ -0,0 +1,52 @@
+;
+; BIND data file for local local.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.123.netz. argus.oopen.de. (
+      2017032801     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+
+;
+; NS Records
+;
+                  IN NS    ns.123.netz.
+
+
+; Gateway/Firewall
+gw-123                  IN A     192.168.142.254
+gate                    IN CNAME gw-123
+gw                      IN CNAME gw-123
+
+gw-ipmi                 IN A     172.16.142.15
+
+gw-ext                  IN A     172.16.142.1
+
+; (Caching ) Nameserver
+ns                      IN A     192.168.142.1
+nscache                 IN CNAME ns
+
+; Drucker - Brother MFC-J5910DW
+brother-mfc-j5190dw     IN A     192.168.142.5
+brn001ba9df6ae0         IN CNAME brother-mfc-j5190dw
+mfc-j5190dw             IN CNAME brother-mfc-j5190dw
+brother                 IN CNAME brother-mfc-j5190dw
+drucker                 IN CNAME brother-mfc-j5190dw
+
+; NAS Server
+file-123                IN A     192.168.142.10
+file                    IN CNAME file-123
+nas                     IN CNAME file-123
+
+; TP-Link TL-WR842N/ND v3
+ac-buero                IN A     192.168.143.253
+ac1                     IN CNAME ac-buero
+tl-wr842n               IN CNAME ac-buero
+
+; Telekom Router  Speedport W 723V Typ B
+dsl-router              IN A     172.16.142.254
+fritzbox                IN CNAME dsl-router

123/bind/db.127

@@ -0,0 +1,13 @@
+;
+; BIND reverse data file for local loopback interface
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
+1.0.0	IN	PTR	localhost.

123/bind/db.172.16.142.0

@@ -0,0 +1,27 @@
+;
+; BIND reverse data file for local local.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.123.netz. argus.oopen.de. (
+      2017031001     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+
+;
+; NS Records
+;
+
+@                 IN NS    ns.123.netz.
+
+; Gateway - extern
+1                 IN PTR   gw-ext.123.netz.
+
+; IPMI Gateway
+15                IN PTR   gw-ipmi.123.netz.
+
+; Telekom Router Speedport W 723V Typ B
+254               IN PTR   tk-router.123.netz.

123/bind/db.192.168.142.0

@@ -0,0 +1,30 @@
+;
+; BIND reverse data file for local local.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.123.netz. argus.oopen.de. (
+      2017031001     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+
+;
+; NS Records
+;
+
+@                 IN NS    ns.123.netz.
+
+; Gateway/Firewall
+254               IN PTR   gw-123.123.netz.
+
+5                 IN PTR   brother-mfc-j5190dw.123.netz.
+
+; (Caching ) Nameserver
+1                 IN PTR   ns.123.netz.
+
+; NAS Server
+10                IN PTR   file-123.123.netz.
+

123/bind/db.192.168.143.0

@@ -0,0 +1,22 @@
+;
+; BIND reverse data file for local local.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.123.netz. argus.oopen.de. (
+      2017031001     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+
+;
+; NS Records
+;
+
+@                 IN NS    ns.123.netz.
+
+; TP-Link TL-WR842N/ND v3 (123Comics-Buro)
+;
+253               IN PTR   ac-buero.123.netz.

123/bind/db.192.168.144.0

@@ -0,0 +1,19 @@
+;
+; BIND reverse data file for local local.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.123.netz. argus.oopen.de. (
+      2017031001     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+
+;
+; NS Records
+;
+
+@                 IN NS    ns.123.netz.
+

123/bind/db.255

@@ -0,0 +1,12 @@
+;
+; BIND reverse data file for broadcast zone
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.

123/bind/db.empty

@@ -0,0 +1,14 @@
+; BIND reverse data file for empty rfc1918 zone
+;
+; DO NOT EDIT THIS FILE - it is used for multiple zones.
+; Instead, copy it, edit named.conf, and use that copy.
+;
+$TTL	86400
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			  86400 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.

123/bind/db.local

@@ -0,0 +1,14 @@
+;
+; BIND data file for local loopback interface
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      2		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
+@	IN	A	127.0.0.1
+@	IN	AAAA	::1

123/bind/db.root

@@ -0,0 +1,90 @@
+;       This file holds the information on root name servers needed to
+;       initialize cache of Internet domain name servers
+;       (e.g. reference this file in the "cache  .  <file>"
+;       configuration file of BIND domain name servers).
+;
+;       This file is made available by InterNIC 
+;       under anonymous FTP as
+;           file                /domain/named.cache
+;           on server           FTP.INTERNIC.NET
+;       -OR-                    RS.INTERNIC.NET
+;
+;       last update:    February 17, 2016
+;       related version of root zone:   2016021701
+;
+; formerly NS.INTERNIC.NET
+;
+.                        3600000      NS    A.ROOT-SERVERS.NET.
+A.ROOT-SERVERS.NET.      3600000      A     198.41.0.4
+A.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:ba3e::2:30
+;
+; FORMERLY NS1.ISI.EDU
+;
+.                        3600000      NS    B.ROOT-SERVERS.NET.
+B.ROOT-SERVERS.NET.      3600000      A     192.228.79.201
+B.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:84::b
+;
+; FORMERLY C.PSI.NET
+;
+.                        3600000      NS    C.ROOT-SERVERS.NET.
+C.ROOT-SERVERS.NET.      3600000      A     192.33.4.12
+C.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2::c
+;
+; FORMERLY TERP.UMD.EDU
+;
+.                        3600000      NS    D.ROOT-SERVERS.NET.
+D.ROOT-SERVERS.NET.      3600000      A     199.7.91.13
+D.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2d::d
+;
+; FORMERLY NS.NASA.GOV
+;
+.                        3600000      NS    E.ROOT-SERVERS.NET.
+E.ROOT-SERVERS.NET.      3600000      A     192.203.230.10
+;
+; FORMERLY NS.ISC.ORG
+;
+.                        3600000      NS    F.ROOT-SERVERS.NET.
+F.ROOT-SERVERS.NET.      3600000      A     192.5.5.241
+F.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2f::f
+;
+; FORMERLY NS.NIC.DDN.MIL
+;
+.                        3600000      NS    G.ROOT-SERVERS.NET.
+G.ROOT-SERVERS.NET.      3600000      A     192.112.36.4
+;
+; FORMERLY AOS.ARL.ARMY.MIL
+;
+.                        3600000      NS    H.ROOT-SERVERS.NET.
+H.ROOT-SERVERS.NET.      3600000      A     198.97.190.53
+H.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:1::53
+;
+; FORMERLY NIC.NORDU.NET
+;
+.                        3600000      NS    I.ROOT-SERVERS.NET.
+I.ROOT-SERVERS.NET.      3600000      A     192.36.148.17
+I.ROOT-SERVERS.NET.      3600000      AAAA  2001:7fe::53
+;
+; OPERATED BY VERISIGN, INC.
+;
+.                        3600000      NS    J.ROOT-SERVERS.NET.
+J.ROOT-SERVERS.NET.      3600000      A     192.58.128.30
+J.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:c27::2:30
+;
+; OPERATED BY RIPE NCC
+;
+.                        3600000      NS    K.ROOT-SERVERS.NET.
+K.ROOT-SERVERS.NET.      3600000      A     193.0.14.129
+K.ROOT-SERVERS.NET.      3600000      AAAA  2001:7fd::1
+;
+; OPERATED BY ICANN
+;
+.                        3600000      NS    L.ROOT-SERVERS.NET.
+L.ROOT-SERVERS.NET.      3600000      A     199.7.83.42
+L.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:3::42
+;
+; OPERATED BY WIDE
+;
+.                        3600000      NS    M.ROOT-SERVERS.NET.
+M.ROOT-SERVERS.NET.      3600000      A     202.12.27.33
+M.ROOT-SERVERS.NET.      3600000      AAAA  2001:dc3::35
+; End of file

123/bind/named.conf

@@ -0,0 +1,11 @@
+// This is the primary configuration file for the BIND DNS server named.
+//
+// Please read /usr/share/doc/bind9/README.Debian.gz for information on the 
+// structure of BIND configuration files in Debian, *BEFORE* you customize 
+// this configuration file.
+//
+// If you are just adding zones, please do that in /etc/bind/named.conf.local
+
+include "/etc/bind/named.conf.options";
+include "/etc/bind/named.conf.local";
+include "/etc/bind/named.conf.default-zones";

123/bind/named.conf.default-zones

@@ -0,0 +1,30 @@
+// prime the server with knowledge of the root servers
+zone "." {
+	type hint;
+	file "/etc/bind/db.root";
+};
+
+// be authoritative for the localhost forward and reverse zones, and for
+// broadcast zones as per RFC 1912
+
+zone "localhost" {
+	type master;
+	file "/etc/bind/db.local";
+};
+
+zone "127.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.127";
+};
+
+zone "0.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.0";
+};
+
+zone "255.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.255";
+};
+
+

123/bind/named.conf.local

@@ -0,0 +1,32 @@
+//
+// Do any local configuration here
+//
+
+// Consider adding the 1918 zones here, if they are not used in your
+// organization
+//include "/etc/bind/zones.rfc1918";
+
+zone "123.netz" {
+   type master;
+   file "/etc/bind/db.123.netz";
+};
+
+zone "142.168.192.in-addr.arpa" {
+   type master;
+   file "/etc/bind/db.192.168.142.0";
+};
+
+zone "143.168.192.in-addr.arpa" {
+   type master;
+   file "/etc/bind/db.192.168.143.0";
+};
+
+zone "144.168.192.in-addr.arpa" {
+   type master;
+   file "/etc/bind/db.192.168.144.0";
+};
+
+zone "142.16.172.in-addr.arpa" {
+   type master;
+   file "/etc/bind/db.172.16.142.0";
+};

123/bind/named.conf.local.ORIG

@@ -0,0 +1,8 @@
+//
+// Do any local configuration here
+//
+
+// Consider adding the 1918 zones here, if they are not used in your
+// organization
+//include "/etc/bind/zones.rfc1918";
+

123/bind/named.conf.options

@@ -0,0 +1,93 @@
+options {
+   directory "/var/cache/bind";
+
+   // If there is a firewall between you and nameservers you want
+   // to talk to, you may need to fix the firewall to allow multiple
+   // ports to talk.  See http://www.kb.cert.org/vuls/id/800113
+
+   // If your ISP provided one or more IP addresses for stable
+   // nameservers, you probably want to use them as forwarders.
+   // Uncomment the following block, and insert the addresses replacing
+   // the all-0's placeholder.
+
+   // forwarders {
+   //    0.0.0.0;
+   // };
+
+   //========================================================================
+   // If BIND logs error messages about the root key being expired,
+   // you will need to update your keys.  See https://www.isc.org/bind-keys
+   //========================================================================
+   dnssec-validation auto;
+
+   // Security options
+   listen-on port 53 {
+      127.0.0.1;
+      192.168.142.1;
+   };
+
+   allow-query {
+      127.0.0.1;
+      192.168.0.0/16;
+      172.16.0.0/12;
+      10.0.0.0/8;
+   };
+
+   // caching name services
+   recursion yes;
+   allow-recursion {
+      127.0.0.1;
+      192.168.0.0/16;
+      172.16.0.0/12;
+      10.0.0.0/16;
+   };
+
+   allow-transfer { none; };
+
+   auth-nxdomain no;    # conform to RFC1035
+   listen-on-v6 { any; };
+};
+
+logging {
+   channel simple_log {
+      file "/var/log/named/bind.log" versions 3 size 5m;
+      //severity warning;
+      severity info;
+      print-time yes;
+      print-severity yes;
+      print-category  yes;
+   };
+   channel queries_log {
+      file "/var/log/named/query.log" versions 10 size 5m;
+      severity debug;
+      //severity notice;
+      print-time yes;
+      print-severity yes;
+      print-category no;
+   };
+   channel log_zone_transfers {
+      file "/var/log/named/axfr.log" versions 5 size 2m;
+      severity info;
+      print-time yes;
+      print-severity yes;
+      print-category yes;
+   };
+   category resolver {
+      queries_log;
+   };
+   category queries {
+      queries_log;
+   };
+   category xfer-in {
+      log_zone_transfers;
+   };
+   category xfer-out {
+      log_zone_transfers;
+   };
+   category notify {
+      log_zone_transfers;
+   };
+   category default{
+      simple_log;
+   };
+};

123/bind/named.conf.options.ORIG

@@ -0,0 +1,26 @@
+options {
+	directory "/var/cache/bind";
+
+	// If there is a firewall between you and nameservers you want
+	// to talk to, you may need to fix the firewall to allow multiple
+	// ports to talk.  See http://www.kb.cert.org/vuls/id/800113
+
+	// If your ISP provided one or more IP addresses for stable 
+	// nameservers, you probably want to use them as forwarders.  
+	// Uncomment the following block, and insert the addresses replacing 
+	// the all-0's placeholder.
+
+	// forwarders {
+	// 	0.0.0.0;
+	// };
+
+	//========================================================================
+	// If BIND logs error messages about the root key being expired,
+	// you will need to update your keys.  See https://www.isc.org/bind-keys
+	//========================================================================
+	dnssec-validation auto;
+
+	auth-nxdomain no;    # conform to RFC1035
+	listen-on-v6 { any; };
+};
+

123/bind/rndc.key

@@ -0,0 +1,4 @@
+key "rndc-key" {
+	algorithm hmac-md5;
+	secret "9MykRXgPrxPffmZqSfl0Gw==";
+};

123/bind/zones.rfc1918

@@ -0,0 +1,20 @@
+zone "10.in-addr.arpa"      { type master; file "/etc/bind/db.empty"; };
+ 
+zone "16.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "17.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "18.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "19.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "20.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "21.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "22.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "23.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "24.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "25.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "26.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "27.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "28.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "29.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "30.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "31.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+
+zone "168.192.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };

123/cron_root.123

@@ -0,0 +1,48 @@
+# DO NOT EDIT THIS FILE - edit the master and reinstall.
+# (/tmp/crontab.VjzDUW/crontab installed on Fri Jan 26 01:17:27 2018)
+# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $)
+# Edit this file to introduce tasks to be run by cron.
+# 
+# Each task to run has to be defined through a single line
+# indicating with different fields when the task will be run
+# and what command to run for the task
+# 
+# To define the time you can provide concrete values for
+# minute (m), hour (h), day of month (dom), month (mon),
+# and day of week (dow) or use '*' in these fields (for 'any').# 
+# Notice that tasks will be started based on the cron's system
+# daemon's notion of time and timezones.
+# 
+# Output of the crontab jobs (including errors) is sent through
+# email to the user the crontab file belongs to (unless redirected).
+# 
+# For example, you can run a backup of all your user accounts
+# at 5 a.m every week with:
+# 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/
+# 
+# For more information see the manual pages of crontab(5) and cron(8)
+# 
+# m h  dom mon dow   command
+
+PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+
+# - Check if postfix mailservice is running. Restart service if needed.
+# -
+*/10 * * * * /root/bin/monitoring/check_postfix.sh
+
+# - check if nameservice (bind) is running if not restart the service
+# -
+*/10 * * * * /root/bin/monitoring/check_dyndns.sh 123.homelinux.org
+
+# - check if nameservice (bind) is running if not restart the service
+# -
+*/10 * * * * /root/bin/monitoring/check_dns.sh
+
+# - check if openvpn is running if not restart the service
+# -
+#*/30 * * * * /root/bin/monitoring/check_vpn.sh
+
+# - copy gateway configuration
+# -
+13 4 * * * /root/bin/manage-gw-config/copy_gateway-config.sh 123
+

123/ddclient.conf.123

@@ -0,0 +1,15 @@
+# Configuration file for ddclient generated by debconf
+#
+# /etc/ddclient.conf
+
+protocol=dyndns2
+use=web, web=checkip.dyndns.com, web-skip='IP Address'
+server=members.dyndns.org
+login=ckubu
+password=7213b4e6178a11e6ab1362f831f6741e
+123.homelinux.org
+
+
+ssl=yes
+#mail=argus@oopen.de
+mail-failure=root

123/default_isc-dhcp-server.123

@@ -0,0 +1,21 @@
+# Defaults for isc-dhcp-server initscript
+# sourced by /etc/init.d/isc-dhcp-server
+# installed at /etc/default/isc-dhcp-server by the maintainer scripts
+
+#
+# This is a POSIX shell fragment
+#
+
+# Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf).
+#DHCPD_CONF=/etc/dhcp/dhcpd.conf
+
+# Path to dhcpd's PID file (default: /var/run/dhcpd.pid).
+#DHCPD_PID=/var/run/dhcpd.pid
+
+# Additional options to start dhcpd with.
+#	Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead
+#OPTIONS=""
+
+# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
+#	Separate multiple interfaces with spaces, e.g. "eth0 eth1".
+INTERFACES=""

123/dhcpd.conf.123

@@ -0,0 +1,171 @@
+#
+# Sample configuration file for ISC dhcpd for Debian
+#
+#
+
+# The ddns-updates-style parameter controls whether or not the server will
+# attempt to do a DNS update when a lease is confirmed. We default to the
+# behavior of the version 2 packages ('none', since DHCP v2 didn't
+# have support for DDNS.)
+ddns-update-style none;
+
+# option definitions common to all supported networks...
+
+option subnet-mask 255.255.255.0;
+option broadcast-address 192.168.142.255;
+
+option domain-name "123.netz";
+option domain-name-servers ns.123.netz;
+
+option routers gw.123.netz;
+option ntp-servers 192.168.142.254;
+
+default-lease-time 86400;
+max-lease-time 259200;
+
+# If this DHCP server is the official DHCP server for the local
+# network, the authoritative directive should be uncommented.
+authoritative;
+
+# Use this to send dhcp log messages to a different log file (you also
+# have to hack syslog.conf to complete the redirection).
+log-facility local7;
+
+subnet 192.168.142.0 netmask 255.255.255.0 {
+
+   # --- 192.168.142.160/27 ---
+   # network address....: 192.168.142.160
+   # Broadcast address..: 192.168.142.191
+   # netmask............: 255.255.255.224
+   # network range......: 192.168.142.160 - 192.168.142.191
+   # Usable range.......: 192.168.142.161 - 192.168.142.190
+
+  range 192.168.142.161 192.168.142.190;
+  option domain-name-servers ns.123.netz;
+  option subnet-mask 255.255.255.0;
+  option broadcast-address 192.168.142.255;
+  option routers 192.168.142.254;
+  option ntp-servers 192.168.142.254;
+}
+
+# - Drucker - Brother MFC-JJ5910DW
+# -
+host brother-mfc-j5190dw {
+   hardware ethernet 00:1b:a9:df:6a:e0 ;
+   fixed-address brother-mfc-j5190dw.123.netz ;
+}
+
+subnet 192.168.143.0 netmask 255.255.255.0 {
+
+   # --- 192.168.143.160/27 ---
+   # network address....: 192.168.143.160
+   # Broadcast address..: 192.168.143.191
+   # netmask............: 255.255.255.224
+   # network range......: 192.168.143.160 - 192.168.143.191
+   # Usable range.......: 192.168.143.161 - 192.168.143.190
+
+  range 192.168.143.161 192.168.143.190;
+  option domain-name-servers ns.123.netz;
+  option subnet-mask 255.255.255.0;
+  option broadcast-address 192.168.143.255;
+  option routers 192.168.143.254;
+  option ntp-servers 192.168.142.254;
+}
+
+# No service will be given on this subnet, but declaring it helps the 
+# DHCP server to understand the network topology.
+subnet 192.168.144.0 netmask 255.255.255.0 {
+
+   # --- 192.168.144.160/27 ---
+   # network address....: 192.168.144.160
+   # Broadcast address..: 192.168.144.191
+   # netmask............: 255.255.255.224
+   # network range......: 192.168.144.160 - 192.168.144.191
+   # Usable range.......: 192.168.144.161 - 192.168.144.190
+
+  range 192.168.144.161 192.168.144.190;
+  option domain-name-servers ns.123.netz;
+  option subnet-mask 255.255.255.0;
+  option broadcast-address 192.168.144.255;
+  option routers 192.168.144.254;
+  option ntp-servers 192.168.144.254;
+}
+
+#subnet 10.152.187.0 netmask 255.255.255.0 {
+#}
+
+# This is a very basic subnet declaration.
+
+#subnet 10.254.239.0 netmask 255.255.255.224 {
+#  range 10.254.239.10 10.254.239.20;
+#  option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
+#}
+
+# This declaration allows BOOTP clients to get dynamic addresses,
+# which we don't really recommend.
+
+#subnet 10.254.239.32 netmask 255.255.255.224 {
+#  range dynamic-bootp 10.254.239.40 10.254.239.60;
+#  option broadcast-address 10.254.239.31;
+#  option routers rtr-239-32-1.example.org;
+#}
+
+# A slightly different configuration for an internal subnet.
+#subnet 10.5.5.0 netmask 255.255.255.224 {
+#  range 10.5.5.26 10.5.5.30;
+#  option domain-name-servers ns1.internal.example.org;
+#  option domain-name "internal.example.org";
+#  option routers 10.5.5.1;
+#  option broadcast-address 10.5.5.31;
+#  default-lease-time 600;
+#  max-lease-time 7200;
+#}
+
+# Hosts which require special configuration options can be listed in
+# host statements.   If no address is specified, the address will be
+# allocated dynamically (if possible), but the host-specific information
+# will still come from the host declaration.
+
+#host passacaglia {
+#  hardware ethernet 0:0:c0:5d:bd:95;
+#  filename "vmunix.passacaglia";
+#  server-name "toccata.fugue.com";
+#}
+
+# Fixed IP addresses can also be specified for hosts.   These addresses
+# should not also be listed as being available for dynamic assignment.
+# Hosts for which fixed IP addresses have been specified can boot using
+# BOOTP or DHCP.   Hosts for which no fixed address is specified can only
+# be booted with DHCP, unless there is an address range on the subnet
+# to which a BOOTP client is connected which has the dynamic-bootp flag
+# set.
+#host fantasia {
+#  hardware ethernet 08:00:07:26:c0:a5;
+#  fixed-address fantasia.fugue.com;
+#}
+
+# You can declare a class of clients and then do address allocation
+# based on that.   The example below shows a case where all clients
+# in a certain class get addresses on the 10.17.224/24 subnet, and all
+# other clients get addresses on the 10.0.29/24 subnet.
+
+#class "foo" {
+#  match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
+#}
+
+#shared-network 224-29 {
+#  subnet 10.17.224.0 netmask 255.255.255.0 {
+#    option routers rtr-224.example.org;
+#  }
+#  subnet 10.0.29.0 netmask 255.255.255.0 {
+#    option routers rtr-29.example.org;
+#  }
+#  pool {
+#    allow members of "foo";
+#    range 10.17.224.10 10.17.224.250;
+#  }
+#  pool {
+#    deny members of "foo";
+#    range 10.0.29.10 10.0.29.230;
+#  }
+#}

123/dhcpd6.conf.123

@@ -0,0 +1,102 @@
+# Server configuration file example for DHCPv6
+# From the file used for TAHI tests - addresses chosen
+# to match TAHI rather than example block.
+
+# IPv6 address valid lifetime
+#  (at the end the address is no longer usable by the client)
+#  (set to 30 days, the usual IPv6 default)
+default-lease-time 2592000;
+
+# IPv6 address preferred lifetime
+#  (at the end the address is deprecated, i.e., the client should use
+#   other addresses for new connections)
+#  (set to 7 days, the	usual IPv6 default)
+preferred-lifetime 604800;
+
+# T1, the delay before Renew
+#  (default is 1/2 preferred lifetime)
+#  (set to 1 hour)
+option dhcp-renewal-time 3600;
+
+# T2, the delay before Rebind (if Renews failed)
+#  (default is 3/4 preferred lifetime)
+#  (set to 2 hours)
+option dhcp-rebinding-time 7200;
+
+# Enable RFC 5007 support (same than for DHCPv4)
+allow leasequery;
+
+# Global definitions for name server address(es) and domain search list
+option dhcp6.name-servers 3ffe:501:ffff:100:200:ff:fe00:3f3e;
+option dhcp6.domain-search "test.example.com","example.com";
+
+# Set preference to 255 (maximum) in order to avoid waiting for
+# additional servers when there is only one
+##option dhcp6.preference 255;
+
+# Server side command to enable rapid-commit (2 packet exchange)
+##option dhcp6.rapid-commit;
+
+# The delay before information-request refresh
+#  (minimum is 10 minutes, maximum one day, default is to not refresh)
+#  (set to 6 hours)
+option dhcp6.info-refresh-time 21600;
+
+# Static definition (must be global)
+#host myclient {
+#	# The entry is looked up by this
+#	host-identifier option
+#		dhcp6.client-id 00:01:00:01:00:04:93:e0:00:00:00:00:a2:a2;
+#
+#	# A fixed address
+#	fixed-address6 3ffe:501:ffff:100::1234;
+#
+#	# A fixed prefix
+#	fixed-prefix6 3ffe:501:ffff:101::/64;
+#
+#	# Override of the global definitions,
+#	# works only when a resource (address or prefix) is assigned
+#	option dhcp6.name-servers 3ffe:501:ffff:100:200:ff:fe00:4f4e;
+#
+#	# For debug (to see when the entry statements are executed)
+#	#  (log "sol" when a matching Solicitation is received)
+#	##if packet(0,1) = 1 { log(debug,"sol"); }
+#}
+#
+#host otherclient {
+#        # This host entry is hopefully matched if the client supplies a DUID-LL
+#        # or DUID-LLT containing this MAC address.
+#        hardware ethernet 01:00:80:a2:55:67;
+#
+#        fixed-address6 3ffe:501:ffff:100::4321;
+#}
+
+# The subnet where the server is attached
+#  (i.e., the server has an address in this subnet)
+#subnet6 3ffe:501:ffff:100::/64 {
+#	# Two addresses available to clients
+#	#  (the third client should get NoAddrsAvail)
+#	range6 3ffe:501:ffff:100::10 3ffe:501:ffff:100::11;
+#
+#	# Use the whole /64 prefix for temporary addresses
+#	#  (i.e., direct application of RFC 4941)
+#	range6 3ffe:501:ffff:100:: temporary;
+#
+#	# Some /64 prefixes available for Prefix Delegation (RFC 3633)
+#	prefix6 3ffe:501:ffff:100:: 3ffe:501:ffff:111:: /64;
+#}
+
+# A second subnet behind a relay agent
+#subnet6 3ffe:501:ffff:101::/64 {
+#	range6 3ffe:501:ffff:101::10 3ffe:501:ffff:101::11;
+#
+#	# Override of the global definitions,
+#	# works only when a resource (address or prefix) is assigned
+#	option dhcp6.name-servers 3ffe:501:ffff:101:200:ff:fe00:3f3e;
+#
+#}
+
+# A third subnet behind a relay agent chain
+#subnet6 3ffe:501:ffff:102::/64 {
+#	range6 3ffe:501:ffff:102::10 3ffe:501:ffff:102::11;
+#}

123/hostname.123

@@ -0,0 +1 @@
+gw-123

123/hosts.123

@@ -0,0 +1,7 @@
+127.0.0.1	localhost
+172.16.142.1	gw-123.123.netz	gw-123
+
+# The following lines are desirable for IPv6 capable hosts
+::1     localhost ip6-localhost ip6-loopback
+ff02::1 ip6-allnodes
+ff02::2 ip6-allrouters

123/interfaces.123

@@ -0,0 +1,71 @@
+# This file describes the network interfaces available on your system
+# and how to activate them. For more information, see interfaces(5).
+
+source /etc/network/interfaces.d/*
+
+
+#-----------------------------
+# lo - loopback interface
+#-----------------------------
+auto lo
+iface lo inet loopback
+
+
+#-----------------------------
+# eth0 - LAN 1 (WLAN)
+#-----------------------------
+
+auto eth0
+iface eth0 inet static
+   address 192.168.143.254
+   network 192.168.143.0
+   netmask 255.255.255.0
+   broadcast 192.168.143.255
+
+
+#-----------------------------
+# eth1 - LAN 2 (Buero Netzwerk)
+#-----------------------------
+
+auto eth1
+iface eth1 inet static
+   address 192.168.142.254
+   network 192.168.142.0
+   netmask 255.255.255.0
+   broadcast 192.168.142.255
+
+auto eth1:ns
+iface eth1:ns inet static
+   address 192.168.142.1
+   network 192.168.142.1
+   netmask 255.255.255.255
+   broadcast 192.168.142.1
+   pre-up /sbin/ifconfig eth1 up
+
+
+#-----------------------------
+# eth2 - WAN
+#-----------------------------
+
+auto eth2
+iface eth2 inet static
+	address 172.16.142.1
+	netmask 255.255.255.0
+	network 172.16.142.0
+	broadcast 172.16.142.255
+	gateway 172.16.142.254
+	# dns-* options are implemented by the resolvconf package, if installed
+	#dns-nameservers 127.0.0.1
+	#dns-search 123.netz
+
+
+#-----------------------------
+# eth3 - LAN 3 (Gast Netzwerk)
+#-----------------------------
+
+auto eth3
+iface eth3 inet static
+   address 192.168.144.254
+   network 192.168.144.0
+   netmask 255.255.255.0
+   broadcast 192.168.144.255

123/ipt-firewall.service.123

@@ -0,0 +1,14 @@
+[Unit]
+Description=IPv4 Firewall with iptables
+After=network.target
+
+[Service]
+SyslogIdentifier="ipt-gateway"
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/local/sbin/ipt-firewall-gateway start
+ExecStop=/usr/local/sbin/ipt-firewall-gateway stop
+User=root
+
+[Install]
+WantedBy=multi-user.target

123/ipt-firewall/default_ports.conf

@@ -0,0 +1,44 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Define Ports for Services out
+# =============
+
+standard_ident_port=113
+standard_silc_port=706
+standard_irc_port=6667
+standard_jabber_port=5222
+standard_smtp_port=25
+standard_ssh_port=22
+standard_http_port=80
+standard_https_port=443
+standard_ftp_port=21
+standard_tftp_udp_port=69
+standard_ntp_port=123
+standard_snmp_port=161
+standard_snmp_trap_port=162
+standard_timeserver_port=37
+standard_pgp_keyserver_port=11371
+standard_telnet_port=23
+standard_whois_port=43
+standard_cpan_wait_port=1404
+standard_xymon_port=1984
+standard_hbci_port=3000
+standard_mysql_port=3306
+standard_ipp_port=631
+standard_cups_port=$standard_ipp_port
+standard_print_raw_port=515
+standard_print_port=9100
+standard_remote_console_port=5900
+
+# - IPsec - Internet Security Association and
+# -  Key Management Protocol
+standard_isakmp_port=500
+standard_ipsec_nat_t=4500
+
+
+# - Comma separated lists
+# -
+standard_http_ports="80,443"
+standard_mailuser_ports="587,465,110,995,143,993"
+

123/ipt-firewall/include_functions.conf

@@ -0,0 +1,113 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Some functions
+# =============
+
+# - Is this script running on terminal ?
+# -
+if [[ -t 1 ]] ; then
+      terminal=true
+else
+   terminal=false
+fi
+
+echononl(){
+   echo X\\c > /tmp/shprompt$$
+   if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then
+      echo -e -n "$*\\c" 1>&2
+   else
+       echo -e -n "$*" 1>&2
+   fi
+   rm /tmp/shprompt$$
+}
+echo_done() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[32mdone\033[m ]"
+   else
+      echo " [ done ]"
+   fi
+}
+echo_ok() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[32mok\033[m ]"
+   else
+      echo " [ ok ]"
+   fi
+}
+echo_warning() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[33m\033[1mwarn\033[m ]"
+   else
+      echo " [ warning ]"
+   fi
+}
+echo_failed(){
+   if $terminal ; then
+      echo -e "\033[75G[ \033[1;31mfailed\033[m ]"
+   else
+      echo ' [ failed! ]'
+   fi
+}
+echo_skipped() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[37mskipped\033[m ]"
+   else
+      echo " [ skipped ]"
+   fi
+}
+
+
+fatal (){
+   echo ""
+   echo ""
+   if $terminal ; then
+      echo -e "\t[ \033[31m\033[1mFatal\033[m ]: \033[37m\033[1m$*\033[m"
+      echo ""
+      echo -e "\t\033[31m\033[1m           Firewall Script will be interrupted..\033[m\033[m"
+   else
+      echo "fatal: $*"
+      echo "Firewall Script will be interrupted.."
+   fi
+   echo ""
+   exit 1
+}
+
+error(){
+   echo ""
+   if $terminal ; then
+      echo -e "\t[ \033[31m\033[1mFehler\033[m ]: $*"
+   else
+      echo "Error: $*"
+   fi
+   echo ""
+}
+
+warn (){
+   echo ""
+   if $terminal ; then
+      echo -e "\t[ \033[33m\033[1mWarning\033[m ]: $*"
+   else
+      echo "Warning: $*"
+   fi
+   echo ""
+}
+
+info (){
+   echo ""
+   if $terminal ; then
+      echo -e "\t[ \033[32m\033[1mInfo\033[m ]: $*"
+   else
+      echo "Info: $*"
+   fi
+   echo ""
+}
+
+## - Check if a given array (parameter 2) contains a given string (parameter 1)
+## -
+containsElement () {
+   local e
+   for e in "${@:2}"; do [[ "$e" == "$1" ]] && return 0; done
+   return 1
+}
+

123/ipt-firewall/interfaces_ipv4.conf

@@ -0,0 +1,49 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Define Network Interfaces / Ip-Adresses / Ports
+# =============
+
+# - Extern Interfaces DSL Lines
+# -    (blank separated list)
+ext_if_dsl_1=""
+ext_if_dsl_2=""
+ext_if_dsl_3=""
+ext_if_dsl_4=""
+
+ext_ifs_dsl="$ext_if_dsl_1 $ext_if_dsl_2 $ext_if_dsl_3 $ext_if_dsl_4"
+
+# - Extern Interfaces Static Lines
+# -    (blank separated list)
+ext_if_static_1="eth2"
+ext_if_static_2=""
+ext_if_static_3=""
+
+ext_ifs_static="$ext_if_static_1 $ext_if_static_2 $ext_if_static_3"
+
+# - VPN Interfaces
+# -    (blank separated list)
+vpn_ifs="tun+"
+
+# - Local Interfaces
+local_if_1="eth0"
+local_if_2="eth1"
+local_if_3="eth3"
+local_if_4=""
+local_if_5=""
+local_if_6=""
+local_if_7=""
+
+local_ifs="$local_if_1 $local_if_2 $local_if_3 $local_if_4 $local_if_5 $local_if_6 $local_if_7"
+
+# - Devices given in list "nat_devices" will be natted
+# -
+# - Notice: Devices "ext_if_dsl_n" will be natted and must not been given here.
+# -
+# - Blank separated list
+# -
+nat_devices=""
+
+# - Are local alias interfaces like eth0:0 defined"
+# -
+local_alias_interfaces=true

123/ipt-firewall/load_modules_ipv4.conf

@@ -0,0 +1,36 @@
+# =============
+# -  Load Kernel Modules
+# =============
+
+# - Note:! 
+# -    Since Kernel 4.7 the automatic conntrack helper assignment
+# -    is disabled by default (net.netfilter.nf_conntrack_helper = 0).
+# -    Enable it by setting this variable in file /etc/sysctl.conf:
+# -
+# -       net.netfilter.nf_conntrack_helper = 1
+# -
+# -    Reboot or type "sysctl -p"
+
+
+ip_tables
+
+iptable_nat
+iptable_filter
+iptable_mangle
+iptable_raw
+
+# - Load base modules for tracking
+# -
+nf_conntrack
+nf_nat
+
+# - Load module for FTP Connection tracking and NAT
+# -
+nf_conntrack_ftp
+nf_nat_ftp
+
+# - Load modules for SIP VOIP
+# -
+nf_conntrack_sip
+nf_nat_sip
+

123/ipt-firewall/load_modules_ipv6.conf

@@ -0,0 +1,9 @@
+# =============
+# -  Load Kernel Modules
+# =============
+
+ip6_tables
+ip6table_filter
+ip6t_REJECT
+
+ip6table_mangle

123/ipt-firewall/logging_ipv4.conf

@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Logging
+# =============
+
+log_all=false
+
+log_syn_flood=false
+log_fragments=false
+log_new_not_sync=false
+log_invalid_state=false
+log_invalid_flags=false
+log_spoofed=false
+log_spoofed_out=false
+log_to_lo=false
+log_not_wanted=false
+log_blocked=false
+log_unprotected=false
+log_prohibited=false
+log_voip=false
+log_rejected=false
+
+log_ssh=false
+
+# - Log using the specified syslog level. 7 (debug) is a good choice 
+# - unless you specifically need something else. 
+# -
+log_level=debug
+
+# - logging messages
+# -
+log_prefix="IPv4:"
+
+
+# ---
+# - Log all traffic for givven ip address
+# ---
+
+log_ips=""

123/ipt-firewall/logging_ipv6.conf

@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Logging
+# =============
+
+log_all=false
+
+log_syn_flood=false
+log_fragments=false
+log_new_not_sync=false
+log_invalid_state=false
+log_invalid_flags=false
+log_spoofed=false
+log_spoofed_out=false
+log_to_lo=false
+log_not_wanted=false
+log_blocked=false
+log_unprotected=false
+log_prohibited=false
+log_voip=false
+log_rejected=false
+
+log_ssh=false
+
+# - Log using the specified syslog level. 7 (debug) is a good choice 
+# - unless you specifically need something else. 
+# -
+log_level=debug
+
+# - logging messages
+# -
+log_prefix="IPv6:"
+
+
+# ---
+# - Log all traffic for givven ip address
+# ---
+
+log_ips=""

123/ipt-firewall/post_decalrations.conf

@@ -0,0 +1,505 @@
+#!/usr/bin/env bash
+
+
+# -----------
+# --- Define Arrays
+# -----------
+
+# ---
+# - Masquerade TCP Connections
+# ---
+
+declare -a nat_network_arr
+for _net in $nat_networks ; do
+   nat_network_arr+=("$_net")
+done
+
+declare -a masquerade_tcp_con_arr
+for _str in $masquerade_tcp_cons ; do
+   masquerade_tcp_con_arr+=("$_str")
+done
+
+
+# ---
+# - Extern Network interfaces (DSL, Staic Lines, All together)
+# ---
+declare -a nat_device_arr
+declare -a dsl_device_arr
+declare -a ext_if_arr
+for _dev in $ext_ifs_dsl ; do
+   dsl_device_arr+=("$_dev")
+   ext_if_arr+=("$_dev")
+   nat_device_arr+=("$_dev")
+done
+for _dev in $ext_ifs_static ; do
+   ext_if_arr+=("$_dev")
+done
+for _dev in $nat_devices ; do
+   if ! containsElement $_dev "${nat_device_arr[@]}" ; then
+      nat_device_arr+=("$_dev")
+   fi
+done
+
+# ---
+# - VPN Interfaces
+# ---
+declare -a vpn_if_arr
+for _dev in $vpn_ifs ; do
+   vpn_if_arr+=("$_dev")
+done
+
+# ---
+# - Local Network Interfaces
+# ---
+declare -a local_if_arr
+for _dev in $local_ifs ; do
+   local_if_arr+=("$_dev")
+done
+
+# ---
+# - Network Interfaces completly blocked
+# ---
+declare -a blocked_if_arr
+for _dev in $blocked_ifs ; do
+   blocked_if_arr+=("$_dev")
+done
+
+# ---
+# - Network Interfaces not firewalled
+# ---
+declare -a unprotected_if_arr
+for _dev in $unprotected_ifs ; do
+   unprotected_if_arr+=("$_dev")
+done
+
+# ---
+# - Allow these local networks any access to the internet
+# ---
+declare -a any_access_to_inet_network_arr
+for _net in $any_access_to_inet_networks ; do
+   any_access_to_inet_network_arr+=("$_net")
+done
+
+declare -a any_access_from_inet_network_arr
+for _net in $any_access_from_inet_networks ; do
+   any_access_from_inet_network_arr+=("$_net")
+done
+
+# ---
+# - Allow local services from given extern networks
+# ---
+declare -a allow_ext_net_to_local_service_arr 
+for _val in $allow_ext_net_to_local_service ; do
+   allow_ext_net_to_local_service_arr+=("$_val")
+done
+
+# ---
+# - Allow all traffic from extern address/network to local address/network
+# ---
+declare -a allow_ext_net_to_local_net_arr
+for _val in $allow_ext_net_to_local_net ; do
+   allow_ext_net_to_local_net_arr+=("$_val")
+done
+
+# ---
+# - Block all extern traffic to (given) local network
+# ---
+declare -a block_all_ext_to_local_net_arr
+for _net in $block_all_ext_to_local_net ; do
+   block_all_ext_to_local_net_arr+=("$_net")
+done
+
+# ---
+# - Allow local services from given local networks
+# ---
+declare -a allow_local_net_to_local_service_arr 
+for _val in $allow_local_net_to_local_service ; do
+   allow_local_net_to_local_service_arr+=("$_val")
+done
+
+# ---
+# - Allow all traffic from local network to local ip-address
+# ---
+declare -a allow_local_net_to_local_ip_arr
+for _val in $allow_local_net_to_local_ip ; do
+   allow_local_net_to_local_ip_arr+=("$_val")
+done
+
+# ---
+# - Allow all traffic from local ip-address to local network
+# ---
+declare -a allow_local_ip_to_local_net_arr
+for _val in $allow_local_ip_to_local_net ; do
+   allow_local_ip_to_local_net_arr+=("$_val")
+done
+
+# ---
+# - Allow all traffic from (one) local network to (another) local network
+# ---
+declare -a allow_local_net_to_local_net_arr
+for _val in $allow_local_net_to_local_net ; do
+   allow_local_net_to_local_net_arr+=("$_val")
+done
+
+# ---
+# - Allow local ip address from given local interface
+# ---
+declare -a allow_local_if_to_local_ip_arr
+for _val in $allow_local_if_to_local_ip ; do
+   allow_local_if_to_local_ip_arr+=("$_val")
+done
+
+# ---
+# - Separate local Networks
+# ---
+declare -a separate_local_network_arr
+for _net in $separate_local_networks ; do
+   separate_local_network_arr+=("$_net")
+done
+
+# ---
+# - Separate local Interfaces
+# ---
+declare -a separate_local_if_arr
+for _net in $separate_local_ifs ; do
+   separate_local_if_arr+=("$_net")
+done
+
+# ---
+# - Generally block ports on extern interfaces
+# ---
+declare -a block_tcp_port_arr
+for _port in $block_tcp_ports ; do
+   block_tcp_port_arr+=("$_port")
+done
+
+declare -a block_udp_port_arr
+for _port in $block_udp_ports ; do
+   block_udp_port_arr+=("$_port")
+done
+
+# ---
+# - Not wanted on intern interfaces
+# ---
+declare -a not_wanted_on_gw_tcp_port_arr
+for _port in $not_wanted_on_gw_tcp_ports ; do
+   not_wanted_on_gw_tcp_port_arr+=("$_port")
+done
+
+declare -a not_wanted_on_gw_udp_port_arr
+for _port in $not_wanted_on_gw_udp_ports ; do
+   not_wanted_on_gw_udp_port_arr+=("$_port")
+done
+
+# ---
+# - Private IPs / IP-Ranges allowed to forward
+# ---
+declare -a forward_private_ip_arr
+for _ip in $forward_private_ips ; do
+   forward_private_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses to log
+# ---
+declare -a log_ip_arr
+for _ip in $log_ips ; do
+   log_ip_arr+=("$_ip")
+done
+
+# ---
+# - Network Devices local DHCP Client
+# ---
+declare -a dhcp_client_interfaces_arr
+for _dev in $dhcp_client_interfaces ; do
+   dhcp_client_interfaces_arr+=("$_dev")
+done
+
+# ---
+# - IP Addresses DHCP Failover Server
+# ---
+declare -a dhcp_failover_server_ip_arr
+for _ip in $dhcp_failover_server_ips ; do
+   dhcp_failover_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses DNS Server
+# ---
+declare -a dns_server_ip_arr
+for _ip in $dns_server_ips ; do
+   dns_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses SSH Server only at ocal Networks
+# ---
+declare -a ssh_server_only_local_ip_arr
+for _ip in $ssh_server_only_local_ips ; do
+   ssh_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses HTTP Server only local Networks
+# ---
+declare -a http_server_only_local_ip_arr
+for _ip in $http_server_only_local_ips ; do
+   http_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Mail Server only local Networks
+# ---
+declare -a mail_server_only_local_ip_arr
+for _ip in $mail_server_only_local_ips ; do
+   mail_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses FTP Server
+# ---
+declare -a ftp_server_only_local_ip_arr
+for _ip in $ftp_server_only_local_ips ; do
+   ftp_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Samba Server
+# ---
+declare -a samba_server_local_ip_arr
+for _ip in $samba_server_local_ips ; do
+   samba_server_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses LDAP Server
+# ---
+declare -a ldap_server_local_ip_arr
+for _ip in $ldap_server_local_ips ; do
+   ldap_server_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses Telephone Systems
+# ---
+declare -a tele_sys_ip_arr
+for _ip in $tele_sys_ips ; do
+   tele_sys_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses SNMP Server
+# ---
+declare -a snmp_server_ip_arr
+for _ip in $snmp_server_ips ; do
+   snmp_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses Munin Service 
+# ---
+declare -a munin_local_server_ip_arr
+for _ip in $munin_local_server_ips ; do
+   munin_local_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses XyMon
+# ---
+declare -a xymon_server_ip_arr
+for _ip in $xymon_server_ips ; do
+   xymon_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses IPMI interface
+# ---
+declare -a ipmi_server_ip_arr
+for _ip in $ipmi_server_ips ; do
+   ipmi_server_ip_arr+=("$_ip")
+done
+
+# ---
+# -IP Addresses Ubiquiti Unifi Accesspoints
+# ---
+declare -a unifi_ap_local_ip_arr
+for _ip in $unifi_ap_local_ips ; do
+   unifi_ap_local_ip_arr+=("$_ip")
+done
+declare -a unifi_controller_gateway_ip_arr
+for _ip in $unifi_controller_gateway_ips ; do
+   unifi_controller_gateway_ip_arr+=("$_ip")
+done
+declare -a unify_controller_local_net_ip_arr
+for _ip in $unify_controller_local_net_ips ; do
+   unify_controller_local_net_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Printer
+# -
+declare -a printer_ip_arr
+for _ip in $printer_ips ; do
+   printer_ip_arr+=("$_ip")
+done
+
+
+# ---
+# - IP Adresses Brother Scanner (brscan)
+# ---
+declare -a brother_scanner_ip_arr
+for _ip in $brother_scanner_ips ; do
+   brother_scanner_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses PCNS Server
+# ---
+declare -a pcns_server_ip_arr
+for _ip in $pcns_server_ips ; do
+   pcns_server_ip_arr+=("$_ip")
+done
+
+
+# ---
+# - IP Addresses VNC Service
+# ---
+declare -a rm_server_ip_arr
+for _ip in $rm_server_ips ; do
+   rm_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Rsync Out
+# ---
+# local
+declare -a rsync_out_ip_arr
+for _ip in $rsync_out_ips ; do
+   rsync_out_ip_arr+=("$_ip")
+done
+
+# ---
+# - Other local Services
+# ---
+declare -a other_service_arr
+for _val in $other_services ; do
+   other_service_arr+=("$_val")
+done
+
+# ---
+# - SSH Ports
+# ---
+declare -a ssh_port_arr
+for _port in $ssh_ports ; do
+   ssh_port_arr+=("$_port")
+done
+
+# ---
+# - Cisco kompartible VPN Ports
+# ---
+declare -a cisco_vpn_out_port_arr
+for _port in $cisco_vpn_out_ports ; do
+   cisco_vpn_out_port_arr+=("$_port")
+done
+
+# ---
+# - VPN Ports
+# ---
+declare -a vpn_gw_port_arr
+for _port in $vpn_gw_ports ; do
+   vpn_gw_port_arr+=("$_port")
+done
+declare -a vpn_local_net_port_arr
+for _port in $vpn_local_net_ports ; do
+   vpn_local_net_port_arr+=("$_port")
+done
+declare -a vpn_out_port_arr
+for _port in $vpn_out_ports ; do
+   vpn_out_port_arr+=("$_port")
+done
+
+# ---
+# - Rsync Out Ports
+# --
+declare -a rsync_port_arr
+for _port in $rsync_ports ; do
+   rsync_port_arr+=("$_port")
+done
+
+# ---
+# - Samba Ports
+# ---
+
+declare -a samba_udp_port_arr
+for _port in $samba_udp_ports ; do
+   samba_udp_port_arr+=("$_port")
+done
+
+declare -a samba_tcp_port_arr
+for _port in $samba_tcp_ports ; do
+   samba_tcp_port_arr+=("$_port")
+done
+
+# ---
+# - LDAP Ports
+# ---
+
+declare -a ldap_udp_port_arr
+for _port in $ldap_udp_ports ; do
+   ldap_udp_port_arr+=("$_port")
+done
+
+declare -a ldap_tcp_port_arr
+for _port in $ldap_tcp_ports ; do
+   ldap_tcp_port_arr+=("$_port")
+done
+
+# ---
+# - IPMI
+# ---
+
+declare -a ipmi_udp_port_arr
+for _port in $ipmi_udp_ports ; do
+   ipmi_udp_port_arr+=("$_port")
+done
+
+declare -a ipmi_tcp_port_arr
+for _port in $ipmi_tcp_ports ; do
+   ipmi_tcp_port_arr+=("$_port")
+done
+
+
+# ---
+# - Portforwrds TCP
+# ---
+declare -a portforward_tcp_arr
+for _str in $portforward_tcp ; do
+   portforward_tcp_arr+=("$_str")
+done
+
+# ---
+# - Portforwrds UDP
+# ---
+declare -a portforward_udp_arr
+for _str in $portforward_udp ; do
+   portforward_udp_arr+=("$_str")
+done
+
+# ---
+# - MAC Address Filtering
+# ---
+declare -a allow_all_mac_src_address_arr
+for _mac in $allow_all_mac_src_addresses ; do
+   allow_all_mac_src_address_arr+=("$_mac")
+done
+
+declare -a allow_local_mac_src_address_arr
+for _mac in $allow_local_mac_src_addresses ; do
+   allow_local_mac_src_address_arr+=("$_mac")
+done
+
+declare -a allow_remote_mac_src_address_arr
+for _mac in $allow_remote_mac_src_addresses ; do
+   allow_remote_mac_src_address_arr+=("$_mac")
+done
+

123/mailname.123

@@ -0,0 +1 @@
+gw-123.123.netz

123/main.cf.123

@@ -0,0 +1,268 @@
+# ============ Basic settings ============
+
+# Debian specific:  Specifying a file name will cause the first
+# line of that file to be used as the name.  The Debian default
+# is /etc/mailname.
+#myorigin = /etc/mailname
+myorigin = /etc/mailname
+
+smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
+biff = no
+
+# appending .domain is the MUA's job.
+append_dot_mydomain = no
+
+# Uncomment the next line to generate "delayed mail" warnings
+#delay_warning_time = 4h
+
+readme_directory = /usr/share/doc/postfix
+html_directory = /usr/share/doc/postfix/html
+
+## - The Internet protocols Postfix will attempt to use when making 
+## - or accepting connections.
+## - DEFAULT: ipv4
+inet_protocols = ipv4
+
+#inet_interfaces = all
+inet_interfaces =
+   127.0.0.1
+   #192.168.142.254
+
+myhostname = gw-123.123.netz
+
+mydestination = 
+   gw-123.123.netz
+   localhost
+
+## - The list of "trusted" SMTP clients that have more 
+## - privileges than "strangers"
+## -
+mynetworks = 
+   127.0.0.0/8
+   192.168.142.254/32
+
+#smtp_bind_address = 192.168.142.254
+#smtp_bind_address6 = 
+
+
+## - The method to generate the default value for the mynetworks parameter.
+## -
+## -   mynetworks_style = host" when Postfix should "trust" only the local machine
+## -   mynetworks_style = subnet (default value) "when Postfix should "trust" SMTP 
+## -                       clients in the same IP subnetworks as the local machine.
+## -   mynetworks_style = class" when Postfix should "trust" SMTP clients in the same 
+## -                      IP class A/B/C networks as the local machine.
+## -
+#mynetworks_style = host
+
+
+## - The maximal size of any local(8) individual mailbox or maildir file, 
+## - or zero (no limit). In fact, this limits the size of any file that is 
+## - written to upon local delivery, including files written by external 
+## - commands that are executed by the local(8) delivery agent. 
+## -
+mailbox_size_limit = 0
+
+## - The maximal size in bytes of a message, including envelope information.
+## -
+## - we user 50MB
+## -
+message_size_limit = 52480000
+
+## - The system-wide recipient address extension delimiter
+## -
+recipient_delimiter = +
+
+## - The alias databases that are used for local(8) delivery.
+## -
+alias_maps =
+   hash:/etc/aliases
+
+## - The alias databases for local(8) delivery that are updated 
+## - with "newaliases" or with "sendmail -bi". 
+## -
+alias_database =
+   hash:/etc/aliases
+
+
+## - The maximal time a message is queued before it is sent back as 
+## - undeliverable. Defaults to 5d (5 days)
+## - Specify 0 when mail delivery should be tried only once.
+## - 
+maximal_queue_lifetime = 3d
+bounce_queue_lifetime = $maximal_queue_lifetime
+
+## - delay_warning_time (default: 0h)
+## -
+## - The time after which the sender receives a copy of the message 
+## - headers of mail that is still queued. To enable this feature, 
+## - specify a non-zero time value (an integral value plus an optional 
+## - one-letter suffix that specifies the time unit). 
+## - Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 
+## - The default time unit is h (hours). 
+delay_warning_time = 1d
+
+
+
+# ============ Relay parameters ============
+
+#relayhost =
+
+
+# ============ SASL authentication ============
+
+# Enable SASL authentication
+smtp_sasl_auth_enable = yes
+
+# Forwarding to the ip-adress of host b.mx.oopen.de
+relayhost = [b.mx.oopen.de]
+
+# File including login data
+smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
+
+# Force using a (TLS) security connection
+# obsulete - use smtp_tls_security_level instead
+#smtp_use_tls = yes
+#smtp_tls_enforce_peername = no
+smtp_tls_security_level = encrypt
+
+# Disallow methods that allow anonymous authentication.
+smtp_sasl_security_options = noanonymous
+
+
+
+# ============ TLS parameters ============
+
+## - Aktiviert TLS für den Mailempfang
+## -
+## - may:
+## - Opportunistic TLS. Use TLS if this is supported by the remote 
+## - SMTP server, otherwise use plaintext
+## -
+## - This overrides the obsolete parameters smtpd_use_tls and 
+## - smtpd_enforce_tls. This parameter is ignored with 
+## - "smtpd_tls_wrappermode = yes".
+#smtpd_use_tls=yes
+smtp_tls_security_level=encrypt
+
+## - Aktiviert TLS für den Mailversand
+## -
+## - may:
+## - Opportunistic TLS: announce STARTTLS support to SMTP clients, 
+## - but do not require that clients use TLS encryption.
+# smtp_use_tls=yes
+smtpd_tls_security_level=may
+
+## -    0 Disable logging of TLS activity. 
+## -    1 Log TLS handshake and certificate information. 
+## -    2 Log levels during TLS negotiation. 
+## -    3 Log hexadecimal and ASCII dump of TLS negotiation process. 
+## -    4 Also log hexadecimal and ASCII dump of complete transmission after STARTTLS. 
+## -
+smtpd_tls_loglevel = 1
+smtp_tls_loglevel = 1
+
+smtpd_tls_cert_file = /etc/postfix/ssl/mailserver.crt
+smtpd_tls_key_file = /etc/postfix/ssl/mailserver.key
+
+## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers.
+## - 
+## - Dont't forget to create it, e.g with openssl:
+## -    openssl dhparam -out /etc/postfix/ssl/dh_1024.pem -2 1024
+## -
+#smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_1024.pem
+## - also possible to use 2048 key with that parameter
+## -
+smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_2048.pem
+
+## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers. 
+## - 
+## - Dont't forget to create it, e.g with openssl:
+## -    openssl dhparam -out /etc/postfix/ssl/dh_512.pem -2 512
+## -
+smtpd_tls_dh512_param_file = /etc/postfix/ssl/dh_512.pem
+
+
+## - File containing CA certificates of root CAs trusted to sign either remote SMTP 
+## - server certificates or intermediate CA certificates. These are loaded into 
+## - memory !! BEFORE !! the smtp(8) client enters the chroot jail.
+## - 
+smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
+
+## - Directory with PEM format certificate authority certificates that the Postfix SMTP 
+## - client uses to verify a remote SMTP server certificate. Don't forget to create the 
+## - necessary "hash" links with, for example, "
+## - /bin/c_rehash /etc/postfix/certs". 
+## -
+## - !! Note !!
+## - To use this option in chroot mode, this directory (or a copy) must be inside 
+## - the chroot jail. 
+## -
+## - Note that a chrooted daemon resolves all filenames relative to the Postfix 
+## - queue directory (/var/spool/postfix)
+## -
+#smtpd_tls_CApath = /etc/postfix/certs
+
+
+# Disable SSLv2 SSLv3 - Postfix SMTP server 
+# 
+# List of TLS protocols that the Postfix SMTP server will exclude or  
+# include with opportunistic TLS encryption.  
+smtpd_tls_protocols = !SSLv2, !SSLv3
+# 
+# The SSL/TLS protocols accepted by the Postfix SMTP server  
+# with mandatory TLS encryption. 
+smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
+
+
+# Disable SSLv2 SSLv3 - Postfix SMTP client 
+#  
+# List of TLS protocols that the Postfix SMTP client will exclude or  
+# include with opportunistic TLS encryption.  
+smtp_tls_protocols = !SSLv2, !SSLv3
+# 
+# List of SSL/TLS protocols that the Postfix SMTP client will use  
+# with mandatory TLS encryption 
+smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
+
+
+## - Activate des "Ephemeral Elliptic Curve Diffie-Hellman" (EECDH) key exchange 
+## -    openssl > 1.0
+## -
+smtpd_tls_eecdh_grade = strong
+
+# standard list cryptographic algorithm
+tls_preempt_cipherlist = yes
+
+# Disable ciphers which are less than 256-bit:
+#
+#smtpd_tls_mandatory_ciphers = high
+#
+# opportunistic
+smtpd_tls_ciphers = high
+
+
+# Exclude ciphers
+#smtpd_tls_exclude_ciphers =
+#   RC4
+#   aNULL
+#   SEED-SHA
+#   EXP
+#   MD5
+smtpd_tls_exclude_ciphers =
+   aNULL
+   eNULL
+   EXPORT
+   DES
+   RC4
+   MD5
+   PSK
+   aECDH
+   EDH-DSS-DES-CBC3-SHA
+   EDH-RSA-DES-CDC3-SHA
+   KRB5-DE5, CBC3-SHA
+
+
+smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
+smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+

123/openvpn/ccd/server-gw-ckubu/VPN-123Comics-gw-ckubu

@@ -0,0 +1,4 @@
+ifconfig-push 10.1.142.2 255.255.255.0
+push "route 172.16.142.0 255.255.255.0 10.1.142.1"
+iroute 192.168.63.0 255.255.255.0
+iroute 192.168.64.0 255.255.255.0

123/openvpn/ccd/server-home/VPN-123Comics-chris

@@ -0,0 +1 @@
+ifconfig-push 10.0.142.2 255.255.255.0

123/openvpn/crl.pem

@@ -0,0 +1,13 @@
+-----BEGIN X509 CRL-----
+MIIB+DCB4TANBgkqhkiG9w0BAQsFADCBsTELMAkGA1UEBhMCREUxDzANBgNVBAgT
+BkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNV
+BAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi0xMjNDb21pY3MtY2Ex
+FjAUBgNVBCkTDVZQTiAxMjNDb21pY3MxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFk
+bUBvb3Blbi5kZRcNMTgwMTI1MjMwODQwWhcNMjgwMTIzMjMwODQwWjANBgkqhkiG
+9w0BAQsFAAOCAQEACi4ntL7wo7DvF+i3I8I44fI3Gx2tWARiTKzXs3M66ICzy8uG
+CLFEIF0Sz2jNHZDIWqpzmy5wbzdekRJbmwj4LWErKvcPULjoBxpnz4N1HRF0j7fw
+IcAacdfw9lDZFX/ia545xt/mQx4s7gMksc4cwwyZ8EJYcyZaYlLN/edxY5tn32z7
+OgWY4xDXvsXfgucCYT7k+SJ4ElNXroh5TIMrvSPCvLtWylzoOCZg9kSv1a0slkLl
+EmrwTAZLJTkl6Yv/G7ebNUDvjg6N0oA0NdTaDdA9oVaTqDGw3k/AVL5i7mgqdFoB
+6kFHw4oJfFRQ6vNIZsGX0rH60zLmL+Ea7jDT/Q==
+-----END X509 CRL-----

123/openvpn/easy-rsa/build-ca

@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-ca

123/openvpn/easy-rsa/build-dh

@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-dh

123/openvpn/easy-rsa/build-inter

@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-inter

123/openvpn/easy-rsa/build-key

@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key

123/openvpn/easy-rsa/build-key-pass

@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-pass

123/openvpn/easy-rsa/build-key-pkcs12

@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-pkcs12

123/openvpn/easy-rsa/build-key-server

@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-server

123/openvpn/easy-rsa/build-req

@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-req

123/openvpn/easy-rsa/build-req-pass

@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-req-pass

123/openvpn/easy-rsa/clean-all

@@ -0,0 +1 @@
+/usr/share/easy-rsa/clean-all

123/openvpn/easy-rsa/inherit-inter

@@ -0,0 +1 @@
+/usr/share/easy-rsa/inherit-inter

123/openvpn/easy-rsa/list-crl

@@ -0,0 +1 @@
+/usr/share/easy-rsa/list-crl

123/openvpn/easy-rsa/openssl-0.9.6.cnf

@@ -0,0 +1,268 @@
+# For use with easy-rsa version 2.0
+
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		= 
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key	 	# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha256		# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options. 
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType			= server
+nsComment			= "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always

123/openvpn/easy-rsa/openssl-0.9.8.cnf

@@ -0,0 +1,293 @@
+# For use with easy-rsa version 2.0
+
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines                 = engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key	 	# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha256		# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType			= server
+nsComment			= "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0

123/openvpn/easy-rsa/openssl-1.0.0.cnf

@@ -0,0 +1,289 @@
+# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines			= engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key		# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+#default_crl_days= 30			# how long before next CRL
+default_crl_days= 3650			# how long before next CRL
+default_md	= sha256		# use public key default MD
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString (PKIX recommendation after 2004).
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType                     = server
+nsComment                      = "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0

123/openvpn/easy-rsa/openssl-1.1.0.cnf

@@ -0,0 +1,289 @@
+# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines			= engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key		# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+#default_crl_days= 30			# how long before next CRL
+default_crl_days= 3650			# how long before next CRL
+default_md	= sha256		# use public key default MD
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString (PKIX recommendation after 2004).
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType                     = server
+nsComment                      = "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0

123/openvpn/easy-rsa/openssl.cnf

@@ -0,0 +1 @@
+openssl-1.1.0.cnf

123/openvpn/easy-rsa/pkitool

@@ -0,0 +1 @@
+/usr/share/easy-rsa/pkitool

123/openvpn/easy-rsa/revoke-full

@@ -0,0 +1 @@
+/usr/share/easy-rsa/revoke-full

123/openvpn/easy-rsa/sign-req

@@ -0,0 +1 @@
+/usr/share/easy-rsa/sign-req

123/openvpn/easy-rsa/vars

@@ -0,0 +1,95 @@
+# easy-rsa parameter settings
+
+# NOTE: If you installed from an RPM,
+# don't edit this file in place in
+# /usr/share/openvpn/easy-rsa --
+# instead, you should copy the whole
+# easy-rsa directory to another location
+# (such as /etc/openvpn) so that your
+# edits will not be wiped out by a future
+# OpenVPN package upgrade.
+
+# This variable should point to
+# the top level of the easy-rsa
+# tree.
+##export EASY_RSA="`pwd`"
+export BASE_DIR="/etc/openvpn"
+export EASY_RSA="$BASE_DIR/easy-rsa"
+
+#
+# This variable should point to
+# the requested executables
+#
+export OPENSSL="openssl"
+export PKCS11TOOL="pkcs11-tool"
+export GREP="grep"
+
+
+# This variable should point to
+# the openssl.cnf file included
+# with easy-rsa.
+export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
+
+# Edit this variable to point to
+# your soon-to-be-created key
+# directory.
+#
+# WARNING: clean-all will do
+# a rm -rf on this directory
+# so make sure you define
+# it correctly!
+##export KEY_DIR="$EASY_RSA/keys"
+export KEY_DIR="$BASE_DIR/keys"
+
+# Issue rm -rf warning
+echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
+
+# PKCS11 fixes
+export PKCS11_MODULE_PATH="dummy"
+export PKCS11_PIN="dummy"
+
+# Increase this to 2048 if you
+# are paranoid.  This will slow
+# down TLS negotiation performance
+# as well as the one-time DH parms
+# generation process.
+export KEY_SIZE=2048
+
+# In how many days should the root CA key expire?
+##export CA_EXPIRE=3650
+export CA_EXPIRE=11688
+
+# In how many days should certificates expire?
+##export KEY_EXPIRE=3650
+export KEY_EXPIRE=7305
+
+# These are the default values for fields
+# which will be placed in the certificate.
+# Don't leave any of these fields blank.
+##export KEY_COUNTRY="US"
+export KEY_COUNTRY="DE"
+##export KEY_PROVINCE="CA"
+export KEY_PROVINCE="Berlin"
+##export KEY_CITY="SanFrancisco"
+export KEY_CITY="Berlin"
+##export KEY_ORG="Fort-Funston"
+export KEY_ORG="O.OPEN"
+##export KEY_EMAIL="me@myhost.mydomain"
+export KEY_EMAIL="ckubu-adm@oopen.de"
+##export KEY_OU="MyOrganizationalUnit"
+export KEY_OU="Network Services"
+
+# X509 Subject Field
+##export KEY_NAME="EasyRSA"
+export KEY_NAME="VPN 123Comics"
+
+# PKCS11 Smart Card
+# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
+# export PKCS11_PIN=1234
+
+# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
+# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
+## export KEY_CN="CommonName"
+export KEY_CN="VPN-123Comics"
+
+export KEY_ALTNAMES="VPN 123Comics"

123/openvpn/easy-rsa/whichopensslcnf

@@ -0,0 +1 @@
+/usr/share/easy-rsa/whichopensslcnf

123/openvpn/keys/01.pem

@@ -0,0 +1,101 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-123Comics-ca/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+        Validity
+            Not Before: Mar 11 02:18:50 2017 GMT
+            Not After : Mar 11 02:18:50 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-123Comics-server/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:dc:9a:13:40:1a:60:e4:03:90:5a:6c:6e:19:9a:
+                    2d:03:7d:a2:58:70:0b:d1:ac:1c:79:2e:e4:62:2c:
+                    89:62:94:36:0c:8f:81:91:7c:65:ee:52:97:0f:c6:
+                    53:a8:4f:a8:65:a5:15:6d:03:95:92:46:d1:b2:62:
+                    a7:39:eb:f3:cd:b5:65:c8:7c:3d:0c:e9:16:25:f1:
+                    61:f5:76:8f:0c:a8:f7:c0:76:83:11:45:59:d5:f7:
+                    d4:c5:c3:33:66:1d:33:90:66:8f:65:d2:20:f7:8a:
+                    b1:a3:73:58:79:a6:ec:a9:b0:a3:71:90:49:61:d3:
+                    c2:be:72:19:92:38:ac:35:28:99:f6:5b:57:bb:28:
+                    5c:9a:4c:15:05:24:b8:2d:c3:11:82:25:75:a3:59:
+                    81:33:04:03:b7:f6:86:3b:27:48:0c:b9:11:0d:a3:
+                    cb:43:13:bc:60:65:e8:eb:42:2d:e9:c6:2d:6f:ce:
+                    49:59:ae:24:4f:06:29:21:d9:43:5e:8d:15:91:24:
+                    d1:0c:7d:a4:93:93:5e:56:f7:f9:39:b6:2c:ae:c2:
+                    80:7d:1c:6e:13:83:d5:26:b0:db:f4:fd:20:75:f9:
+                    d4:3a:c8:b6:00:8a:96:f8:3b:82:b0:f0:4f:98:49:
+                    3e:1d:49:d6:15:a9:3c:9b:b8:5f:c8:14:85:27:54:
+                    e5:57
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Server
+            Netscape Comment: 
+                Easy-RSA Generated Server Certificate
+            X509v3 Subject Key Identifier: 
+                44:47:4F:F6:97:8F:87:FB:A3:02:61:45:7F:69:1F:2E:CA:32:37:63
+            X509v3 Authority Key Identifier: 
+                keyid:60:72:1E:EA:47:2D:AA:B3:71:18:32:E1:30:1C:77:08:B1:D4:24:11
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-123Comics-ca/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+                serial:E0:A6:33:FF:83:2B:F5:8F
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+            X509v3 Subject Alternative Name: 
+                DNS:server
+    Signature Algorithm: sha256WithRSAEncryption
+         9b:9a:81:35:cb:4f:32:b4:c0:aa:09:b7:e8:9b:ca:d4:7e:c5:
+         e8:4a:21:6b:41:a0:34:e4:a6:bf:07:20:42:6c:e5:a8:50:6b:
+         67:c4:1e:9d:2a:76:e3:ea:7d:68:67:12:ab:54:64:83:dd:7a:
+         d1:13:95:76:5e:57:38:6b:59:4c:47:14:63:a4:4d:25:41:e4:
+         e2:79:35:36:fd:98:c4:47:80:b4:d4:31:7a:db:d1:88:3d:5d:
+         25:20:0b:c4:40:0a:dd:b5:48:21:92:86:18:85:22:f3:6a:80:
+         ad:a1:71:d7:8a:69:a9:78:b1:dd:90:b8:eb:ec:90:0b:68:e1:
+         40:2c:99:02:2b:31:18:2b:e0:d4:22:d1:1e:f3:77:98:9f:bb:
+         68:00:f4:6e:51:45:1b:a8:ad:ee:03:fb:62:1d:fb:57:c6:7d:
+         fe:91:3c:c1:6e:f9:34:0c:cb:a0:ce:7f:9b:ed:41:b6:65:c1:
+         5c:e9:83:de:98:00:bb:7f:4c:b3:7d:bf:f4:e3:0a:6b:e5:ad:
+         71:ae:8b:b9:98:d6:a2:8d:ed:5c:b8:87:fb:35:f5:90:11:9e:
+         89:90:f9:b1:ee:6f:e3:a8:d4:42:6b:c4:43:04:13:24:a2:5c:
+         33:8a:43:f1:95:bf:ab:7a:db:4b:6a:fe:49:f0:de:ef:39:86:
+         90:25:19:54
+-----BEGIN CERTIFICATE-----
+MIIFejCCBGKgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBsTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi0xMjND
+b21pY3MtY2ExFjAUBgNVBCkTDVZQTiAxMjNDb21pY3MxITAfBgkqhkiG9w0BCQEW
+EmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xNzAzMTEwMjE4NTBaFw0zNzAzMTEwMjE4
+NTBaMIG1MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZC
+ZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNl
+czEdMBsGA1UEAxMUVlBOLTEyM0NvbWljcy1zZXJ2ZXIxFjAUBgNVBCkTDVZQTiAx
+MjNDb21pY3MxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANyaE0AaYOQDkFpsbhmaLQN9olhw
+C9GsHHku5GIsiWKUNgyPgZF8Ze5Slw/GU6hPqGWlFW0DlZJG0bJipznr8821Zch8
+PQzpFiXxYfV2jwyo98B2gxFFWdX31MXDM2YdM5Bmj2XSIPeKsaNzWHmm7Kmwo3GQ
+SWHTwr5yGZI4rDUomfZbV7soXJpMFQUkuC3DEYIldaNZgTMEA7f2hjsnSAy5EQ2j
+y0MTvGBl6OtCLenGLW/OSVmuJE8GKSHZQ16NFZEk0Qx9pJOTXlb3+Tm2LK7CgH0c
+bhOD1Saw2/T9IHX51DrItgCKlvg7grDwT5hJPh1J1hWpPJu4X8gUhSdU5VcCAwEA
+AaOCAZUwggGRMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMDQGCWCGSAGG
++EIBDQQnFiVFYXN5LVJTQSBHZW5lcmF0ZWQgU2VydmVyIENlcnRpZmljYXRlMB0G
+A1UdDgQWBBRER0/2l4+H+6MCYUV/aR8uyjI3YzCB5gYDVR0jBIHeMIHbgBRgch7q
+Ry2qs3EYMuEwHHcIsdQkEaGBt6SBtDCBsTELMAkGA1UEBhMCREUxDzANBgNVBAgT
+BkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNV
+BAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi0xMjNDb21pY3MtY2Ex
+FjAUBgNVBCkTDVZQTiAxMjNDb21pY3MxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFk
+bUBvb3Blbi5kZYIJAOCmM/+DK/WPMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGA1Ud
+DwQEAwIFoDARBgNVHREECjAIggZzZXJ2ZXIwDQYJKoZIhvcNAQELBQADggEBAJua
+gTXLTzK0wKoJt+ibytR+xehKIWtBoDTkpr8HIEJs5ahQa2fEHp0qduPqfWhnEqtU
+ZIPdetETlXZeVzhrWUxHFGOkTSVB5OJ5NTb9mMRHgLTUMXrb0Yg9XSUgC8RACt21
+SCGShhiFIvNqgK2hcdeKaal4sd2QuOvskAto4UAsmQIrMRgr4NQi0R7zd5ifu2gA
+9G5RRRuore4D+2Id+1fGff6RPMFu+TQMy6DOf5vtQbZlwVzpg96YALt/TLN9v/Tj
+CmvlrXGui7mY1qKN7Vy4h/s19ZARnomQ+bHub+Oo1EJrxEMEEySiXDOKQ/GVv6t6
+20tq/knw3u85hpAlGVQ=
+-----END CERTIFICATE-----

123/openvpn/keys/02.pem

@@ -0,0 +1,98 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-123Comics-ca/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+        Validity
+            Not Before: Mar 11 02:24:18 2017 GMT
+            Not After : Mar 11 02:24:18 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-123Comics-chris/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:ac:3d:7f:1e:1e:d7:15:85:96:bf:74:de:56:88:
+                    9c:7c:dd:45:e5:51:6f:db:c5:a6:0e:48:ab:33:0d:
+                    f6:d7:16:6b:5b:9c:63:ab:7b:20:49:aa:f4:6c:31:
+                    02:cc:24:46:01:fe:c2:c3:42:b8:46:3d:6c:09:13:
+                    e7:d3:81:10:e7:09:0b:5d:63:e8:cf:61:01:bf:53:
+                    00:a4:2e:e6:1e:6b:eb:02:ed:4a:e8:5c:c1:0d:e1:
+                    b2:5d:b1:a1:11:92:5e:7b:21:50:a2:e0:1b:77:53:
+                    fd:e2:13:a5:9f:2f:3d:ed:5b:a0:68:6f:b0:75:22:
+                    05:f9:dd:94:cc:e7:87:ee:be:c7:77:a3:cd:c2:78:
+                    b0:d3:f5:40:8b:c8:ba:70:9f:f5:99:b7:49:0f:a4:
+                    c4:b7:70:94:7c:d8:3a:87:bd:58:af:f7:71:45:7b:
+                    b7:2f:a9:09:dc:71:89:85:42:5f:b1:0d:cc:c1:46:
+                    8a:22:fb:44:26:e2:f6:00:10:df:3f:76:43:6b:92:
+                    ed:f9:0e:41:fa:b1:bc:43:29:45:5d:48:05:8c:83:
+                    fd:c4:31:1f:7a:41:a5:97:05:e5:2b:a1:8a:ca:70:
+                    37:09:81:c7:52:80:c2:93:07:1f:81:6c:fd:f3:e0:
+                    46:58:00:6a:ef:7a:eb:37:ca:fb:cf:71:67:87:86:
+                    bb:31
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                8B:AE:40:F9:23:AD:01:8E:59:9A:6E:80:8A:C5:CD:9E:ED:2A:29:A8
+            X509v3 Authority Key Identifier: 
+                keyid:60:72:1E:EA:47:2D:AA:B3:71:18:32:E1:30:1C:77:08:B1:D4:24:11
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-123Comics-ca/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+                serial:E0:A6:33:FF:83:2B:F5:8F
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:chris
+    Signature Algorithm: sha256WithRSAEncryption
+         b8:5e:18:10:4f:91:50:53:78:26:cd:c7:5a:1f:2e:50:e8:79:
+         cc:ae:d4:92:21:fb:08:25:69:44:c5:a0:a6:67:a9:23:f7:40:
+         c7:d8:66:c9:21:50:34:1e:d9:8c:12:9d:ab:de:f6:a3:bc:78:
+         fa:85:cc:d7:1b:84:4a:f1:19:10:9c:39:4d:c5:21:bc:db:32:
+         25:51:d1:44:96:a8:32:0f:57:e5:1a:60:b2:01:7a:6e:d6:c8:
+         00:3b:2f:82:0c:3d:10:bc:81:df:4f:eb:a3:7f:cf:a4:79:21:
+         ba:1e:25:e4:eb:fb:65:5e:dd:ec:27:4a:15:c5:45:70:ae:60:
+         a0:dc:7d:25:37:de:8c:79:a1:49:38:00:8f:9b:7c:94:d6:02:
+         0a:4c:d3:c3:28:86:1d:ec:5d:11:97:7d:7c:07:0d:92:67:dc:
+         0c:29:8c:c8:16:68:a4:df:8a:db:89:ed:dc:e8:88:1a:6d:58:
+         c5:74:3c:f0:25:ad:58:f6:e8:1e:89:78:4d:d7:1c:a3:8d:8a:
+         93:89:9e:7e:19:24:03:7e:c8:1f:7d:48:98:4e:f1:ba:86:e5:
+         ae:d1:45:a8:80:f0:90:ed:b5:23:8c:75:6f:9b:f4:73:04:c0:
+         82:e0:b4:df:7f:33:36:bc:c7:32:de:52:cc:4c:33:0c:e6:e4:
+         b7:23:16:9e
+-----BEGIN CERTIFICATE-----
+MIIFXjCCBEagAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBsTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi0xMjND
+b21pY3MtY2ExFjAUBgNVBCkTDVZQTiAxMjNDb21pY3MxITAfBgkqhkiG9w0BCQEW
+EmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xNzAzMTEwMjI0MThaFw0zNzAzMTEwMjI0
+MThaMIG0MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZC
+ZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNl
+czEcMBoGA1UEAxMTVlBOLTEyM0NvbWljcy1jaHJpczEWMBQGA1UEKRMNVlBOIDEy
+M0NvbWljczEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArD1/Hh7XFYWWv3TeVoicfN1F5VFv
+28WmDkirMw321xZrW5xjq3sgSar0bDECzCRGAf7Cw0K4Rj1sCRPn04EQ5wkLXWPo
+z2EBv1MApC7mHmvrAu1K6FzBDeGyXbGhEZJeeyFQouAbd1P94hOlny897VugaG+w
+dSIF+d2UzOeH7r7Hd6PNwniw0/VAi8i6cJ/1mbdJD6TEt3CUfNg6h71Yr/dxRXu3
+L6kJ3HGJhUJfsQ3MwUaKIvtEJuL2ABDfP3ZDa5Lt+Q5B+rG8QylFXUgFjIP9xDEf
+ekGllwXlK6GKynA3CYHHUoDCkwcfgWz98+BGWABq73rrN8r7z3Fnh4a7MQIDAQAB
+o4IBejCCAXYwCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2Vu
+ZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBSLrkD5I60BjlmaboCKxc2e7Sop
+qDCB5gYDVR0jBIHeMIHbgBRgch7qRy2qs3EYMuEwHHcIsdQkEaGBt6SBtDCBsTEL
+MAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8w
+DQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNV
+BAMTEFZQTi0xMjNDb21pY3MtY2ExFjAUBgNVBCkTDVZQTiAxMjNDb21pY3MxITAf
+BgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZYIJAOCmM/+DK/WPMBMGA1Ud
+JQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAQBgNVHREECTAHggVjaHJpczAN
+BgkqhkiG9w0BAQsFAAOCAQEAuF4YEE+RUFN4Js3HWh8uUOh5zK7UkiH7CCVpRMWg
+pmepI/dAx9hmySFQNB7ZjBKdq972o7x4+oXM1xuESvEZEJw5TcUhvNsyJVHRRJao
+Mg9X5RpgsgF6btbIADsvggw9ELyB30/ro3/PpHkhuh4l5Ov7ZV7d7CdKFcVFcK5g
+oNx9JTfejHmhSTgAj5t8lNYCCkzTwyiGHexdEZd9fAcNkmfcDCmMyBZopN+K24nt
+3OiIGm1YxXQ88CWtWPboHol4Tdcco42Kk4mefhkkA37IH31ImE7xuoblrtFFqIDw
+kO21I4x1b5v0cwTAguC0338zNrzHMt5SzEwzDObktyMWng==
+-----END CERTIFICATE-----

123/openvpn/keys/03.pem

@@ -0,0 +1,98 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 3 (0x3)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-123Comics-ca/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+        Validity
+            Not Before: Mar 27 01:22:52 2017 GMT
+            Not After : Mar 27 01:22:52 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-123Comics-gw-ckubu/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:d6:4a:11:c9:92:5d:41:10:43:41:f9:d0:31:82:
+                    47:6f:9c:10:dd:f2:2d:c1:14:0a:56:6a:82:54:01:
+                    7c:7c:aa:ec:13:c9:26:c1:38:cb:f5:ae:3c:c2:1f:
+                    f0:88:ba:7b:84:e1:ce:bf:40:54:a2:87:40:49:e7:
+                    4e:e0:5c:1a:e5:cb:a5:37:73:99:5f:f2:ed:38:c1:
+                    a5:10:72:8a:10:3d:d6:41:dc:a5:e3:28:f1:2b:b0:
+                    6b:0a:f2:4a:9a:be:15:07:e1:0d:40:69:e2:53:b4:
+                    1e:1e:32:fe:1c:65:4f:38:d5:e8:a1:38:eb:fa:8a:
+                    46:2e:e3:2d:ed:be:1e:e9:5a:c9:62:e3:59:f2:28:
+                    fc:28:c0:9e:ee:8a:12:73:d2:a2:be:6d:41:eb:f1:
+                    85:29:2e:3e:cd:73:ba:37:a0:eb:cf:a3:04:29:db:
+                    79:5f:9b:a8:80:e9:ec:80:94:6a:8e:83:5f:bd:9d:
+                    02:20:27:0b:00:1d:17:3d:50:71:a2:b8:fd:92:c8:
+                    f8:db:a1:1d:98:43:3a:d9:b0:66:0d:ce:62:26:a6:
+                    e2:cb:92:04:de:9d:1c:ea:5a:3b:53:10:a8:36:4c:
+                    b7:07:37:da:aa:01:9a:a9:98:37:b1:23:b2:19:a7:
+                    e7:40:20:09:0b:e8:b1:5c:87:66:05:27:90:a8:a1:
+                    fd:3d
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                88:EE:C2:37:75:7A:6F:00:9C:EF:11:64:CD:08:96:0A:45:18:63:1B
+            X509v3 Authority Key Identifier: 
+                keyid:60:72:1E:EA:47:2D:AA:B3:71:18:32:E1:30:1C:77:08:B1:D4:24:11
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-123Comics-ca/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+                serial:E0:A6:33:FF:83:2B:F5:8F
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:gw-ckubu
+    Signature Algorithm: sha256WithRSAEncryption
+         66:20:ee:15:bf:c7:8e:47:40:4c:1b:6e:b6:c9:82:53:a9:67:
+         52:51:f1:38:c0:b8:19:90:c2:40:49:2e:b4:27:d3:b8:0f:4a:
+         a2:cc:0b:5b:5a:34:07:aa:32:3e:7f:bf:1d:75:5a:69:19:7f:
+         37:a7:89:dd:6d:c5:8c:6a:68:c7:c7:e3:96:83:cc:26:b1:86:
+         a9:02:07:6c:f1:52:9a:0a:00:b2:39:9b:b2:6b:3b:01:97:9e:
+         02:53:28:07:0f:3d:77:24:3e:69:98:aa:28:99:ac:fa:18:06:
+         a2:ae:c5:ca:b5:3f:4b:ab:30:db:65:99:95:55:52:1e:a4:b4:
+         c6:94:eb:b5:66:ef:2c:7e:5d:cd:0c:0d:be:9d:8e:79:46:90:
+         50:5e:29:99:36:c8:9d:83:5f:d9:da:3d:e9:56:17:2e:0c:8c:
+         57:84:2c:75:92:5f:ac:69:58:59:db:2d:d8:e6:c8:e8:b4:74:
+         c7:b5:33:a5:95:cc:8f:0f:f6:c1:73:4e:40:4b:a3:a1:60:40:
+         d8:2a:2d:87:84:d5:77:35:37:d0:b7:8e:e7:31:01:8e:cf:03:
+         9e:80:3c:25:0e:83:63:34:e7:5e:4e:1f:c6:d6:6f:da:96:b8:
+         c0:9d:fd:d5:57:84:98:9d:28:f7:ca:9d:c5:1b:87:03:4a:46:
+         60:94:02:18
+-----BEGIN CERTIFICATE-----
+MIIFZDCCBEygAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBsTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi0xMjND
+b21pY3MtY2ExFjAUBgNVBCkTDVZQTiAxMjNDb21pY3MxITAfBgkqhkiG9w0BCQEW
+EmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xNzAzMjcwMTIyNTJaFw0zNzAzMjcwMTIy
+NTJaMIG3MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZC
+ZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNl
+czEfMB0GA1UEAxMWVlBOLTEyM0NvbWljcy1ndy1ja3VidTEWMBQGA1UEKRMNVlBO
+IDEyM0NvbWljczEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1koRyZJdQRBDQfnQMYJHb5wQ
+3fItwRQKVmqCVAF8fKrsE8kmwTjL9a48wh/wiLp7hOHOv0BUoodASedO4Fwa5cul
+N3OZX/LtOMGlEHKKED3WQdyl4yjxK7BrCvJKmr4VB+ENQGniU7QeHjL+HGVPONXo
+oTjr+opGLuMt7b4e6VrJYuNZ8ij8KMCe7ooSc9Kivm1B6/GFKS4+zXO6N6Drz6ME
+Kdt5X5uogOnsgJRqjoNfvZ0CICcLAB0XPVBxorj9ksj426EdmEM62bBmDc5iJqbi
+y5IE3p0c6lo7UxCoNky3BzfaqgGaqZg3sSOyGafnQCAJC+ixXIdmBSeQqKH9PQID
+AQABo4IBfTCCAXkwCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0Eg
+R2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBSI7sI3dXpvAJzvEWTNCJYK
+RRhjGzCB5gYDVR0jBIHeMIHbgBRgch7qRy2qs3EYMuEwHHcIsdQkEaGBt6SBtDCB
+sTELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGlu
+MQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAX
+BgNVBAMTEFZQTi0xMjNDb21pY3MtY2ExFjAUBgNVBCkTDVZQTiAxMjNDb21pY3Mx
+ITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZYIJAOCmM/+DK/WPMBMG
+A1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDATBgNVHREEDDAKgghndy1j
+a3VidTANBgkqhkiG9w0BAQsFAAOCAQEAZiDuFb/HjkdATBtutsmCU6lnUlHxOMC4
+GZDCQEkutCfTuA9KoswLW1o0B6oyPn+/HXVaaRl/N6eJ3W3FjGpox8fjloPMJrGG
+qQIHbPFSmgoAsjmbsms7AZeeAlMoBw89dyQ+aZiqKJms+hgGoq7FyrU/S6sw22WZ
+lVVSHqS0xpTrtWbvLH5dzQwNvp2OeUaQUF4pmTbInYNf2do96VYXLgyMV4QsdZJf
+rGlYWdst2ObI6LR0x7UzpZXMjw/2wXNOQEujoWBA2Coth4TVdzU30LeO5zEBjs8D
+noA8JQ6DYzTnXk4fxtZv2pa4wJ391VeEmJ0o98qdxRuHA0pGYJQCGA==
+-----END CERTIFICATE-----

123/openvpn/keys/04.pem

@@ -0,0 +1,98 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 4 (0x4)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-123Comics-ca/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+        Validity
+            Not Before: Mar 31 19:38:42 2017 GMT
+            Not After : Mar 31 19:38:42 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-123Comics-ellen/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:ec:72:92:5c:45:07:06:c3:ef:8b:49:fb:53:2b:
+                    64:9f:07:47:e4:2f:84:64:35:a9:6a:93:77:a9:3e:
+                    8a:47:fe:52:fc:1f:e9:9c:05:13:74:a6:d5:5e:12:
+                    ab:c9:55:1d:d7:83:a7:9e:e4:76:f9:c3:ee:b4:b5:
+                    c6:d7:ae:fb:05:e1:5f:3e:d5:c5:08:31:cc:40:bf:
+                    9e:17:ea:b5:69:c1:e3:f5:8a:55:b7:39:10:4c:39:
+                    d4:a5:1a:6c:da:1c:df:08:60:41:43:cc:78:cc:9b:
+                    3f:f0:64:35:a6:bd:7d:0c:86:55:20:66:e8:7f:d9:
+                    0d:06:03:d5:42:d2:b0:43:54:92:69:5e:97:20:d6:
+                    d9:0d:5a:95:86:5b:82:59:f0:d4:6a:5c:4c:01:ca:
+                    ae:17:da:7c:04:27:d5:55:1b:22:88:0f:82:ea:0d:
+                    3b:3e:0a:92:6c:7f:5c:a4:4f:4d:b3:ea:b1:fd:e9:
+                    25:20:87:af:52:36:ad:3c:d5:1a:f1:45:9a:8d:a8:
+                    33:8c:0c:0c:97:24:7b:5d:32:fe:ad:f9:b7:15:5d:
+                    a4:16:c5:a9:52:89:d3:4d:26:08:10:6f:3b:5a:3b:
+                    0a:32:c0:8a:fb:a0:23:8c:bf:bd:d8:b1:8e:b4:a7:
+                    05:86:1f:99:6f:7c:c0:57:7d:ba:19:f0:5f:3b:d2:
+                    91:53
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                CB:73:DC:89:31:5E:B7:F6:7A:2D:B1:39:A7:E3:03:5C:38:75:B6:FC
+            X509v3 Authority Key Identifier: 
+                keyid:60:72:1E:EA:47:2D:AA:B3:71:18:32:E1:30:1C:77:08:B1:D4:24:11
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-123Comics-ca/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+                serial:E0:A6:33:FF:83:2B:F5:8F
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:ellen
+    Signature Algorithm: sha256WithRSAEncryption
+         41:78:fd:3e:cc:67:5a:80:3e:7a:e2:1f:21:fe:de:be:54:29:
+         f4:96:b3:22:ec:8e:55:8e:da:af:97:9f:d7:71:97:c6:83:9a:
+         26:da:9d:47:f1:a2:3f:75:a0:26:09:e4:e9:cd:cc:d2:c0:3b:
+         fc:76:1e:08:1a:23:23:b0:e2:c6:52:63:57:c3:ca:55:d5:32:
+         c8:d2:ac:d3:5c:c2:16:e6:03:72:b3:cf:67:74:f4:ae:64:a4:
+         bf:10:0d:ba:ed:f4:89:df:7d:c3:61:e1:76:9a:81:8d:f7:ec:
+         a9:b0:20:25:7f:57:4d:36:87:dc:bb:34:8f:e2:95:0f:41:85:
+         fc:10:e0:ff:31:9d:c4:fd:79:81:ee:34:33:24:72:a8:19:77:
+         49:66:ea:9b:28:90:14:29:fb:3d:e6:81:98:55:4f:d5:be:95:
+         7a:8c:46:d8:78:e7:5d:16:2a:de:6c:fe:a8:46:d0:e1:04:c7:
+         f7:25:64:7a:fd:ed:ef:ef:98:44:96:3a:15:f7:c6:e9:16:09:
+         ea:8c:fc:c6:34:4e:83:fe:88:46:71:25:fb:3e:62:76:92:15:
+         05:44:43:12:75:b7:f8:8f:5c:64:be:36:83:ba:8b:be:b1:46:
+         3f:d0:c7:01:81:1d:49:00:f3:fa:42:74:3c:c9:b1:37:78:30:
+         2e:4f:c3:61
+-----BEGIN CERTIFICATE-----
+MIIFXjCCBEagAwIBAgIBBDANBgkqhkiG9w0BAQsFADCBsTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi0xMjND
+b21pY3MtY2ExFjAUBgNVBCkTDVZQTiAxMjNDb21pY3MxITAfBgkqhkiG9w0BCQEW
+EmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xNzAzMzExOTM4NDJaFw0zNzAzMzExOTM4
+NDJaMIG0MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZC
+ZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNl
+czEcMBoGA1UEAxMTVlBOLTEyM0NvbWljcy1lbGxlbjEWMBQGA1UEKRMNVlBOIDEy
+M0NvbWljczEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7HKSXEUHBsPvi0n7UytknwdH5C+E
+ZDWpapN3qT6KR/5S/B/pnAUTdKbVXhKryVUd14OnnuR2+cPutLXG1677BeFfPtXF
+CDHMQL+eF+q1acHj9YpVtzkQTDnUpRps2hzfCGBBQ8x4zJs/8GQ1pr19DIZVIGbo
+f9kNBgPVQtKwQ1SSaV6XINbZDVqVhluCWfDUalxMAcquF9p8BCfVVRsiiA+C6g07
+PgqSbH9cpE9Ns+qx/eklIIevUjatPNUa8UWajagzjAwMlyR7XTL+rfm3FV2kFsWp
+UonTTSYIEG87WjsKMsCK+6AjjL+92LGOtKcFhh+Zb3zAV326GfBfO9KRUwIDAQAB
+o4IBejCCAXYwCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2Vu
+ZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBTLc9yJMV639notsTmn4wNcOHW2
+/DCB5gYDVR0jBIHeMIHbgBRgch7qRy2qs3EYMuEwHHcIsdQkEaGBt6SBtDCBsTEL
+MAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8w
+DQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNV
+BAMTEFZQTi0xMjNDb21pY3MtY2ExFjAUBgNVBCkTDVZQTiAxMjNDb21pY3MxITAf
+BgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZYIJAOCmM/+DK/WPMBMGA1Ud
+JQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAQBgNVHREECTAHggVlbGxlbjAN
+BgkqhkiG9w0BAQsFAAOCAQEAQXj9PsxnWoA+euIfIf7evlQp9JazIuyOVY7ar5ef
+13GXxoOaJtqdR/GiP3WgJgnk6c3M0sA7/HYeCBojI7DixlJjV8PKVdUyyNKs01zC
+FuYDcrPPZ3T0rmSkvxANuu30id99w2HhdpqBjffsqbAgJX9XTTaH3Ls0j+KVD0GF
+/BDg/zGdxP15ge40MyRyqBl3SWbqmyiQFCn7PeaBmFVP1b6VeoxG2HjnXRYq3mz+
+qEbQ4QTH9yVkev3t7++YRJY6FffG6RYJ6oz8xjROg/6IRnEl+z5idpIVBURDEnW3
++I9cZL42g7qLvrFGP9DHAYEdSQDz+kJ0PMmxN3gwLk/DYQ==
+-----END CERTIFICATE-----

123/openvpn/keys/05.pem

@@ -0,0 +1,98 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 5 (0x5)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-123Comics-ca/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+        Validity
+            Not Before: Mar 31 19:39:19 2017 GMT
+            Not After : Mar 31 19:39:19 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-123Comics-henny/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:df:b0:f5:e3:00:76:72:1f:19:3d:f1:1b:cb:bc:
+                    52:1c:ec:3c:65:14:bd:ac:c7:cd:f3:5a:4e:16:c5:
+                    af:a9:f6:60:0e:c8:de:62:51:1c:9c:d0:0c:64:d6:
+                    5d:16:51:53:22:3a:f1:f0:1b:92:9c:a9:ae:39:82:
+                    87:82:23:62:5c:68:7d:0c:fc:61:ec:f8:02:c8:57:
+                    bd:27:da:1c:65:0d:69:25:2a:25:13:af:91:79:4c:
+                    55:be:7e:ae:80:e7:d3:69:e1:79:cd:94:a7:98:25:
+                    9a:bc:9c:de:9a:62:42:5c:06:b8:de:1e:82:d5:a8:
+                    06:0e:c2:d0:11:96:a4:4c:76:f8:17:40:20:4f:f1:
+                    d4:d9:94:8a:fc:06:04:e5:5c:cd:a1:70:51:4c:41:
+                    13:00:ed:6d:f3:73:f0:3a:b3:c1:94:45:57:6b:d2:
+                    19:f3:b0:43:d6:8c:bd:89:5f:e3:ad:93:7d:3d:f5:
+                    61:e7:96:89:a1:08:5c:2d:74:32:03:77:8f:74:e7:
+                    f2:36:49:c6:e8:20:ec:e4:67:e0:0b:d0:38:2a:c0:
+                    84:d9:fa:da:db:75:0d:c0:86:d5:89:ef:33:9d:bf:
+                    dd:6b:a1:78:83:fe:78:1e:32:56:38:84:d3:fb:4f:
+                    28:41:ee:9f:9e:1d:51:c1:2e:f6:67:87:bb:c6:83:
+                    d0:f5
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                37:06:33:52:9E:7C:42:62:7C:AA:37:82:9F:97:4D:89:25:8B:1B:03
+            X509v3 Authority Key Identifier: 
+                keyid:60:72:1E:EA:47:2D:AA:B3:71:18:32:E1:30:1C:77:08:B1:D4:24:11
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-123Comics-ca/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+                serial:E0:A6:33:FF:83:2B:F5:8F
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:henny
+    Signature Algorithm: sha256WithRSAEncryption
+         b3:7a:5c:64:cd:53:5a:23:ec:35:79:4b:ac:ca:c3:0c:39:c7:
+         e9:2b:89:d6:a2:51:1c:a1:ce:48:a9:8b:f7:5f:dd:fb:43:70:
+         2a:17:bc:04:90:31:ea:e6:85:cb:df:41:a4:f0:63:fb:d9:bf:
+         33:6b:6e:80:b5:62:d9:83:6d:4e:01:f7:e0:ae:b6:20:6b:eb:
+         d0:76:7d:e0:1e:f9:de:d6:e3:c2:cf:91:2c:59:f2:01:1e:63:
+         46:7b:a8:7a:8e:af:e4:45:43:4b:f9:c8:5c:b9:e2:26:d8:a8:
+         b1:74:91:d0:ff:ae:fe:c4:73:f4:06:07:40:00:72:16:5c:44:
+         29:af:37:31:4b:3f:3e:09:64:a0:e3:d5:fe:6c:f7:e6:2e:c5:
+         4b:61:41:df:0b:66:b4:7b:3e:21:7e:24:7d:27:b2:2a:cd:ef:
+         9d:a1:f7:bf:57:c1:f6:a8:24:52:ba:0c:31:fd:6e:24:e1:11:
+         b9:a8:62:27:54:3c:59:3f:3a:d2:45:9d:81:77:d8:2e:b1:4e:
+         6e:41:a6:e8:89:e3:44:f0:be:da:58:02:67:d8:c8:51:fb:2c:
+         57:01:10:19:d8:10:7e:d6:9c:70:f7:32:91:ed:26:53:66:39:
+         19:99:f8:63:cd:c6:a8:c2:35:1d:f4:0c:b7:02:a8:4d:3b:ac:
+         68:ec:f9:de
+-----BEGIN CERTIFICATE-----
+MIIFXjCCBEagAwIBAgIBBTANBgkqhkiG9w0BAQsFADCBsTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi0xMjND
+b21pY3MtY2ExFjAUBgNVBCkTDVZQTiAxMjNDb21pY3MxITAfBgkqhkiG9w0BCQEW
+EmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xNzAzMzExOTM5MTlaFw0zNzAzMzExOTM5
+MTlaMIG0MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZC
+ZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNl
+czEcMBoGA1UEAxMTVlBOLTEyM0NvbWljcy1oZW5ueTEWMBQGA1UEKRMNVlBOIDEy
+M0NvbWljczEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA37D14wB2ch8ZPfEby7xSHOw8ZRS9
+rMfN81pOFsWvqfZgDsjeYlEcnNAMZNZdFlFTIjrx8BuSnKmuOYKHgiNiXGh9DPxh
+7PgCyFe9J9ocZQ1pJSolE6+ReUxVvn6ugOfTaeF5zZSnmCWavJzemmJCXAa43h6C
+1agGDsLQEZakTHb4F0AgT/HU2ZSK/AYE5VzNoXBRTEETAO1t83PwOrPBlEVXa9IZ
+87BD1oy9iV/jrZN9PfVh55aJoQhcLXQyA3ePdOfyNknG6CDs5GfgC9A4KsCE2fra
+23UNwIbVie8znb/da6F4g/54HjJWOITT+08oQe6fnh1RwS72Z4e7xoPQ9QIDAQAB
+o4IBejCCAXYwCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2Vu
+ZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBQ3BjNSnnxCYnyqN4Kfl02JJYsb
+AzCB5gYDVR0jBIHeMIHbgBRgch7qRy2qs3EYMuEwHHcIsdQkEaGBt6SBtDCBsTEL
+MAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8w
+DQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNV
+BAMTEFZQTi0xMjNDb21pY3MtY2ExFjAUBgNVBCkTDVZQTiAxMjNDb21pY3MxITAf
+BgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZYIJAOCmM/+DK/WPMBMGA1Ud
+JQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAQBgNVHREECTAHggVoZW5ueTAN
+BgkqhkiG9w0BAQsFAAOCAQEAs3pcZM1TWiPsNXlLrMrDDDnH6SuJ1qJRHKHOSKmL
+91/d+0NwKhe8BJAx6uaFy99BpPBj+9m/M2tugLVi2YNtTgH34K62IGvr0HZ94B75
+3tbjws+RLFnyAR5jRnuoeo6v5EVDS/nIXLniJtiosXSR0P+u/sRz9AYHQAByFlxE
+Ka83MUs/PglkoOPV/mz35i7FS2FB3wtmtHs+IX4kfSeyKs3vnaH3v1fB9qgkUroM
+Mf1uJOERuahiJ1Q8WT860kWdgXfYLrFObkGm6InjRPC+2lgCZ9jIUfssVwEQGdgQ
+ftaccPcyke0mU2Y5GZn4Y83GqMI1HfQMtwKoTTusaOz53g==
+-----END CERTIFICATE-----

123/openvpn/keys/06.pem

@@ -0,0 +1,98 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 6 (0x6)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-123Comics-ca/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+        Validity
+            Not Before: Mar 31 19:39:47 2017 GMT
+            Not After : Mar 31 19:39:47 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-123Comics-kaya/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:b6:4c:3e:b1:90:01:7e:74:fe:03:c4:de:9c:5d:
+                    37:23:f6:93:fd:c0:08:bc:49:ea:df:4b:ff:39:22:
+                    1b:42:a6:fd:86:6c:52:2a:69:ae:9f:5a:d7:1c:e3:
+                    fa:c9:c1:15:e8:64:ee:01:90:28:ad:9b:42:8d:09:
+                    e7:42:ef:b3:db:0d:4f:52:05:bc:22:05:ac:e5:78:
+                    ce:64:9e:96:ed:dc:45:04:bb:99:b7:1b:f6:31:3e:
+                    3f:b7:04:cb:9d:8e:44:f0:9d:c5:9e:08:3d:fe:46:
+                    7a:fd:9d:56:8b:49:1d:b7:f1:b6:7c:e1:da:e8:4a:
+                    fe:ae:28:70:10:88:c2:04:cc:83:14:8e:65:da:6e:
+                    c3:1b:83:81:67:9f:df:d4:39:ce:48:71:37:7b:49:
+                    fa:3c:19:dd:75:33:bc:cc:82:75:af:6f:dd:06:eb:
+                    3a:cd:a0:d5:c3:10:e2:0b:58:3f:95:35:35:0e:ce:
+                    34:ed:03:13:a5:24:7a:24:8f:32:7c:c8:09:a9:6b:
+                    23:54:19:13:23:af:b0:54:e5:0f:27:9a:e6:33:dc:
+                    0f:2a:2c:d2:3e:60:ee:b3:8c:7d:c2:a5:43:d9:07:
+                    0a:84:76:10:8a:6f:f1:db:6e:22:1e:b9:71:aa:c4:
+                    52:e3:56:a1:26:6f:c6:17:0f:f2:4f:8d:88:e9:a0:
+                    3b:b5
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                E2:E0:31:7D:AC:4D:8F:1B:67:83:67:66:52:39:CA:43:4C:FF:99:B0
+            X509v3 Authority Key Identifier: 
+                keyid:60:72:1E:EA:47:2D:AA:B3:71:18:32:E1:30:1C:77:08:B1:D4:24:11
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-123Comics-ca/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+                serial:E0:A6:33:FF:83:2B:F5:8F
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:kaya
+    Signature Algorithm: sha256WithRSAEncryption
+         8f:ef:78:2e:54:f1:b4:a3:92:89:25:cc:85:b9:28:2d:aa:2e:
+         28:9a:53:f1:09:99:95:34:6c:f3:58:d8:4c:6d:a1:cc:f5:93:
+         07:53:8c:53:4b:0f:80:29:33:83:a2:f5:13:64:ae:23:d4:c8:
+         6f:75:48:41:42:81:40:a8:b7:7f:70:fb:7f:97:55:5d:82:b8:
+         1d:7e:96:50:5e:2d:a9:eb:66:cd:c0:89:5f:ca:ec:c2:bc:7f:
+         33:db:e2:fa:28:54:00:6a:3e:72:2e:71:fe:d8:d2:d3:4d:fe:
+         6e:1b:e2:71:e2:e5:cf:7d:aa:4e:92:9f:d4:b7:20:fe:2b:98:
+         2f:a1:a2:f8:87:07:a1:a9:7b:5f:b9:d6:f9:b2:b5:23:17:98:
+         99:c7:00:d0:29:cb:59:2e:9e:c6:b0:f3:54:a4:c7:3d:82:d1:
+         aa:f8:f2:e1:23:cf:74:ed:25:f3:b8:24:c9:c6:0a:d9:41:6d:
+         d6:a8:c1:a7:96:85:51:13:f3:cc:36:fa:5e:e1:32:aa:f6:e8:
+         93:a2:43:ce:40:33:33:5e:6a:b4:65:c2:32:e3:0c:62:a6:f6:
+         48:c5:0e:2e:02:cd:92:45:9e:dc:2f:a5:66:57:b4:ca:35:0f:
+         5d:ed:10:42:d9:0d:7b:0b:0a:75:62:5f:12:ac:9b:29:bd:14:
+         9e:e4:5a:9f
+-----BEGIN CERTIFICATE-----
+MIIFXDCCBESgAwIBAgIBBjANBgkqhkiG9w0BAQsFADCBsTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi0xMjND
+b21pY3MtY2ExFjAUBgNVBCkTDVZQTiAxMjNDb21pY3MxITAfBgkqhkiG9w0BCQEW
+EmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xNzAzMzExOTM5NDdaFw0zNzAzMzExOTM5
+NDdaMIGzMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZC
+ZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNl
+czEbMBkGA1UEAxMSVlBOLTEyM0NvbWljcy1rYXlhMRYwFAYDVQQpEw1WUE4gMTIz
+Q29taWNzMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGUwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2TD6xkAF+dP4DxN6cXTcj9pP9wAi8
+SerfS/85IhtCpv2GbFIqaa6fWtcc4/rJwRXoZO4BkCitm0KNCedC77PbDU9SBbwi
+BazleM5knpbt3EUEu5m3G/YxPj+3BMudjkTwncWeCD3+Rnr9nVaLSR238bZ84dro
+Sv6uKHAQiMIEzIMUjmXabsMbg4Fnn9/UOc5IcTd7Sfo8Gd11M7zMgnWvb90G6zrN
+oNXDEOILWD+VNTUOzjTtAxOlJHokjzJ8yAmpayNUGRMjr7BU5Q8nmuYz3A8qLNI+
+YO6zjH3CpUPZBwqEdhCKb/HbbiIeuXGqxFLjVqEmb8YXD/JPjYjpoDu1AgMBAAGj
+ggF5MIIBdTAJBgNVHRMEAjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5l
+cmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFOLgMX2sTY8bZ4NnZlI5ykNM/5mw
+MIHmBgNVHSMEgd4wgduAFGByHupHLaqzcRgy4TAcdwix1CQRoYG3pIG0MIGxMQsw
+CQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzAN
+BgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEZMBcGA1UE
+AxMQVlBOLTEyM0NvbWljcy1jYTEWMBQGA1UEKRMNVlBOIDEyM0NvbWljczEhMB8G
+CSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlggkA4KYz/4Mr9Y8wEwYDVR0l
+BAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMA8GA1UdEQQIMAaCBGtheWEwDQYJ
+KoZIhvcNAQELBQADggEBAI/veC5U8bSjkoklzIW5KC2qLiiaU/EJmZU0bPNY2Ext
+ocz1kwdTjFNLD4ApM4Oi9RNkriPUyG91SEFCgUCot39w+3+XVV2CuB1+llBeLanr
+Zs3AiV/K7MK8fzPb4vooVABqPnIucf7Y0tNN/m4b4nHi5c99qk6Sn9S3IP4rmC+h
+oviHB6Gpe1+51vmytSMXmJnHANApy1kunsaw81Skxz2C0ar48uEjz3TtJfO4JMnG
+CtlBbdaowaeWhVET88w2+l7hMqr26JOiQ85AMzNearRlwjLjDGKm9kjFDi4CzZJF
+ntwvpWZXtMo1D13tEELZDXsLCnViXxKsmym9FJ7kWp8=
+-----END CERTIFICATE-----

123/openvpn/keys/07.pem

@@ -0,0 +1,98 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 7 (0x7)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-123Comics-ca/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+        Validity
+            Not Before: Mar 31 19:40:21 2017 GMT
+            Not After : Mar 31 19:40:21 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-123Comics-imke/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:a8:e8:10:ee:4a:85:18:13:fe:a5:da:ff:1f:22:
+                    95:6f:f3:49:52:31:30:0d:0e:fd:c4:22:06:39:c7:
+                    36:d9:39:2f:61:f1:c7:e4:2e:fa:8e:45:e2:37:74:
+                    fb:74:07:4a:9f:14:02:f6:76:b4:bc:f2:23:0f:18:
+                    e2:37:d0:db:32:3f:a7:48:45:0f:87:f7:d1:43:fa:
+                    64:3b:9d:b0:05:b3:95:9a:77:53:43:05:61:26:54:
+                    4e:c9:9e:a5:f7:ff:3b:e2:da:45:3e:2c:ca:f0:d7:
+                    84:99:be:57:2a:d3:f1:ac:f1:4a:33:82:d8:ba:8a:
+                    49:35:e5:7c:cf:87:ad:ec:12:b2:15:34:8e:6b:ae:
+                    e9:2e:12:8e:3f:cf:5d:51:bc:30:fc:76:8d:ea:c7:
+                    a8:dd:25:8b:c0:b4:6f:f1:15:60:55:81:28:8f:80:
+                    eb:38:77:44:f8:0e:e4:53:ed:fb:18:32:cf:23:21:
+                    7f:ab:23:d6:5d:10:44:11:c3:c3:3e:6a:8d:38:cd:
+                    c2:a2:9c:de:34:54:3b:88:0d:a8:ab:7b:a5:b7:fc:
+                    9c:0e:8c:62:36:cc:71:1e:f0:1f:7e:f4:ab:81:03:
+                    27:ca:5d:0b:13:0a:06:1a:ca:a3:4d:72:7c:3a:f4:
+                    79:9b:3a:04:8b:6d:12:90:8d:ad:16:78:3a:8d:b4:
+                    b4:57
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                FB:3D:B0:64:04:E9:11:FC:C6:DC:25:61:27:3E:BE:35:30:38:FD:20
+            X509v3 Authority Key Identifier: 
+                keyid:60:72:1E:EA:47:2D:AA:B3:71:18:32:E1:30:1C:77:08:B1:D4:24:11
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-123Comics-ca/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+                serial:E0:A6:33:FF:83:2B:F5:8F
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:imke
+    Signature Algorithm: sha256WithRSAEncryption
+         a7:0a:bf:f1:a9:64:1a:a6:a5:98:1d:de:3a:11:01:1d:1f:17:
+         bf:e2:ae:d6:46:08:f0:6f:fe:63:32:5f:00:60:24:ad:a4:0e:
+         04:8b:40:01:a7:cb:64:bb:48:a6:c0:21:d0:33:dd:89:c0:68:
+         aa:b2:50:c9:73:2a:32:e3:ac:93:0c:d4:cd:73:92:21:5f:df:
+         0c:a9:c4:d4:57:33:c4:b2:88:a9:c9:0f:73:06:98:d4:d9:ca:
+         81:3d:17:45:8b:55:8f:5c:f1:f7:55:dd:42:0d:d2:bc:96:fa:
+         5d:cd:7f:45:08:61:88:5f:22:9c:e5:26:62:c1:ef:f5:0a:51:
+         a8:a1:83:e9:36:ea:7a:3f:7e:d4:c7:70:73:ca:c3:ec:44:ca:
+         47:c9:f1:7e:fa:46:e4:e0:c2:9b:75:cc:02:cc:e8:e5:50:18:
+         76:0c:88:28:4a:db:90:f5:60:f1:55:88:fa:e6:27:54:3f:b1:
+         50:7c:30:8d:9e:9b:b0:0f:f2:e1:3e:d2:99:f7:b2:8b:25:04:
+         0b:dc:76:4a:6f:29:8e:9a:e3:9c:17:c6:a9:a0:2d:b3:d8:2a:
+         f5:d8:e1:b7:73:32:ef:b0:39:48:ca:f8:5a:c2:d0:69:0b:37:
+         0f:50:ef:1f:53:0a:1c:6a:1f:7f:9c:a1:47:f3:9c:8f:10:27:
+         52:bc:d9:5a
+-----BEGIN CERTIFICATE-----
+MIIFXDCCBESgAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBsTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi0xMjND
+b21pY3MtY2ExFjAUBgNVBCkTDVZQTiAxMjNDb21pY3MxITAfBgkqhkiG9w0BCQEW
+EmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xNzAzMzExOTQwMjFaFw0zNzAzMzExOTQw
+MjFaMIGzMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZC
+ZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNl
+czEbMBkGA1UEAxMSVlBOLTEyM0NvbWljcy1pbWtlMRYwFAYDVQQpEw1WUE4gMTIz
+Q29taWNzMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGUwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo6BDuSoUYE/6l2v8fIpVv80lSMTAN
+Dv3EIgY5xzbZOS9h8cfkLvqOReI3dPt0B0qfFAL2drS88iMPGOI30NsyP6dIRQ+H
+99FD+mQ7nbAFs5Wad1NDBWEmVE7JnqX3/zvi2kU+LMrw14SZvlcq0/Gs8Uozgti6
+ikk15XzPh63sErIVNI5rrukuEo4/z11RvDD8do3qx6jdJYvAtG/xFWBVgSiPgOs4
+d0T4DuRT7fsYMs8jIX+rI9ZdEEQRw8M+ao04zcKinN40VDuIDaire6W3/JwOjGI2
+zHEe8B9+9KuBAyfKXQsTCgYayqNNcnw69HmbOgSLbRKQja0WeDqNtLRXAgMBAAGj
+ggF5MIIBdTAJBgNVHRMEAjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5l
+cmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFPs9sGQE6RH8xtwlYSc+vjUwOP0g
+MIHmBgNVHSMEgd4wgduAFGByHupHLaqzcRgy4TAcdwix1CQRoYG3pIG0MIGxMQsw
+CQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzAN
+BgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEZMBcGA1UE
+AxMQVlBOLTEyM0NvbWljcy1jYTEWMBQGA1UEKRMNVlBOIDEyM0NvbWljczEhMB8G
+CSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlggkA4KYz/4Mr9Y8wEwYDVR0l
+BAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMA8GA1UdEQQIMAaCBGlta2UwDQYJ
+KoZIhvcNAQELBQADggEBAKcKv/GpZBqmpZgd3joRAR0fF7/irtZGCPBv/mMyXwBg
+JK2kDgSLQAGny2S7SKbAIdAz3YnAaKqyUMlzKjLjrJMM1M1zkiFf3wypxNRXM8Sy
+iKnJD3MGmNTZyoE9F0WLVY9c8fdV3UIN0ryW+l3Nf0UIYYhfIpzlJmLB7/UKUaih
+g+k26no/ftTHcHPKw+xEykfJ8X76RuTgwpt1zALM6OVQGHYMiChK25D1YPFViPrm
+J1Q/sVB8MI2em7AP8uE+0pn3soslBAvcdkpvKY6a45wXxqmgLbPYKvXY4bdzMu+w
+OUjK+FrC0GkLNw9Q7x9TChxqH3+coUfznI8QJ1K82Vo=
+-----END CERTIFICATE-----

123/openvpn/keys/08.pem

@@ -0,0 +1,98 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 8 (0x8)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-123Comics-ca/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+        Validity
+            Not Before: Mar 31 19:41:04 2017 GMT
+            Not After : Mar 31 19:41:04 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-123Comics-jonas/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:d5:bf:31:fd:f5:63:4a:66:e5:7a:36:e9:07:ab:
+                    db:50:b4:92:9c:9e:ad:28:4e:86:ac:b0:6d:c2:b9:
+                    e7:dd:fb:8d:01:21:82:33:ed:cf:dc:ee:2b:84:96:
+                    37:c7:fa:e7:12:42:af:b1:4d:70:37:9a:7b:de:27:
+                    6b:8f:dd:67:20:90:2c:29:ed:b0:fa:05:01:5c:9d:
+                    74:13:19:41:a7:da:7d:b5:f2:f4:3b:97:71:28:97:
+                    b0:62:eb:5a:93:75:70:6d:45:53:57:14:a2:c4:73:
+                    2f:3a:d6:f0:84:74:25:ae:50:db:6b:44:4b:e0:8f:
+                    70:87:49:49:be:b8:f8:58:df:89:ab:dd:66:6f:46:
+                    39:90:00:26:d4:fd:3d:94:31:bb:45:0b:60:54:9a:
+                    5c:53:2e:52:bd:6b:c3:1a:ec:7a:a3:d7:b6:20:52:
+                    3f:7c:25:e6:2d:e8:68:ca:fb:76:a0:fa:fb:65:71:
+                    77:46:44:ee:9f:fc:b6:7d:d3:28:11:ee:35:5e:08:
+                    ff:d5:6c:5e:a9:21:44:12:79:98:3b:3a:87:df:d7:
+                    df:a0:12:dd:58:fb:9a:be:b8:4d:b4:92:28:d8:22:
+                    24:ed:0c:e5:04:c0:b3:42:7e:c6:61:1b:4b:b6:9d:
+                    5f:31:de:34:3e:f7:5a:51:cc:70:83:11:3d:0d:01:
+                    56:bb
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                4C:7D:CA:9A:DA:5B:60:31:54:FD:35:1D:60:7E:04:4C:0D:30:76:44
+            X509v3 Authority Key Identifier: 
+                keyid:60:72:1E:EA:47:2D:AA:B3:71:18:32:E1:30:1C:77:08:B1:D4:24:11
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-123Comics-ca/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+                serial:E0:A6:33:FF:83:2B:F5:8F
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:jonas
+    Signature Algorithm: sha256WithRSAEncryption
+         b0:7c:4a:7b:47:83:33:f3:76:c5:33:32:14:17:ed:3b:44:e2:
+         d0:4c:f6:66:90:76:be:16:1c:62:95:25:f3:78:cb:6d:c1:ef:
+         6c:ba:66:ed:10:16:07:26:83:89:78:49:58:fc:46:d8:c6:8e:
+         26:c6:51:12:37:20:ca:30:c8:35:5a:68:69:70:95:a9:7f:20:
+         3e:af:8d:73:c5:f2:1f:28:50:0d:48:18:cb:9f:46:45:16:b1:
+         f2:ac:e7:1c:54:dd:af:c8:06:ec:bb:4c:dd:71:d0:e9:c8:54:
+         8f:8c:12:e1:d7:1e:53:f9:42:61:98:0e:3a:b6:35:d8:e8:c7:
+         2a:d6:e2:78:74:8e:f5:4e:1e:1b:98:aa:e3:84:fd:d4:d7:27:
+         95:a5:fd:b5:db:f5:42:e1:9a:9a:2e:b7:f7:0d:e5:49:10:50:
+         c4:01:e3:95:6e:53:b3:6b:7f:34:38:7c:49:1e:84:85:6a:8e:
+         63:01:49:b9:b1:e5:71:09:31:0a:7c:2c:ce:ea:d7:33:4b:11:
+         fa:e2:69:ed:30:96:a5:08:2b:fd:b9:1e:13:30:3f:bf:4d:7c:
+         2a:56:8a:7a:ef:a1:76:2c:fa:12:5a:46:ed:bf:4c:90:54:24:
+         7d:91:a7:b3:ef:2b:09:dc:f8:06:56:ac:e7:f5:52:43:80:5c:
+         73:93:f4:01
+-----BEGIN CERTIFICATE-----
+MIIFXjCCBEagAwIBAgIBCDANBgkqhkiG9w0BAQsFADCBsTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi0xMjND
+b21pY3MtY2ExFjAUBgNVBCkTDVZQTiAxMjNDb21pY3MxITAfBgkqhkiG9w0BCQEW
+EmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xNzAzMzExOTQxMDRaFw0zNzAzMzExOTQx
+MDRaMIG0MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZC
+ZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNl
+czEcMBoGA1UEAxMTVlBOLTEyM0NvbWljcy1qb25hczEWMBQGA1UEKRMNVlBOIDEy
+M0NvbWljczEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1b8x/fVjSmblejbpB6vbULSSnJ6t
+KE6GrLBtwrnn3fuNASGCM+3P3O4rhJY3x/rnEkKvsU1wN5p73idrj91nIJAsKe2w
++gUBXJ10ExlBp9p9tfL0O5dxKJewYutak3VwbUVTVxSixHMvOtbwhHQlrlDba0RL
+4I9wh0lJvrj4WN+Jq91mb0Y5kAAm1P09lDG7RQtgVJpcUy5SvWvDGux6o9e2IFI/
+fCXmLehoyvt2oPr7ZXF3RkTun/y2fdMoEe41Xgj/1WxeqSFEEnmYOzqH39ffoBLd
+WPuavrhNtJIo2CIk7QzlBMCzQn7GYRtLtp1fMd40PvdaUcxwgxE9DQFWuwIDAQAB
+o4IBejCCAXYwCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2Vu
+ZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBRMfcqa2ltgMVT9NR1gfgRMDTB2
+RDCB5gYDVR0jBIHeMIHbgBRgch7qRy2qs3EYMuEwHHcIsdQkEaGBt6SBtDCBsTEL
+MAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8w
+DQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNV
+BAMTEFZQTi0xMjNDb21pY3MtY2ExFjAUBgNVBCkTDVZQTiAxMjNDb21pY3MxITAf
+BgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZYIJAOCmM/+DK/WPMBMGA1Ud
+JQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAQBgNVHREECTAHggVqb25hczAN
+BgkqhkiG9w0BAQsFAAOCAQEAsHxKe0eDM/N2xTMyFBftO0Ti0Ez2ZpB2vhYcYpUl
+83jLbcHvbLpm7RAWByaDiXhJWPxG2MaOJsZREjcgyjDINVpoaXCVqX8gPq+Nc8Xy
+HyhQDUgYy59GRRax8qznHFTdr8gG7LtM3XHQ6chUj4wS4dceU/lCYZgOOrY12OjH
+KtbieHSO9U4eG5iq44T91NcnlaX9tdv1QuGami639w3lSRBQxAHjlW5Ts2t/NDh8
+SR6EhWqOYwFJubHlcQkxCnwszurXM0sR+uJp7TCWpQgr/bkeEzA/v018KlaKeu+h
+diz6ElpG7b9MkFQkfZGns+8rCdz4Blas5/VSQ4Bcc5P0AQ==
+-----END CERTIFICATE-----

123/openvpn/keys/09.pem

@@ -0,0 +1,98 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 9 (0x9)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-123Comics-ca/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+        Validity
+            Not Before: Mar 31 19:41:44 2017 GMT
+            Not After : Mar 31 19:41:44 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-123Comics-julia/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:c4:08:b1:f5:86:9b:8a:90:97:32:4e:a7:55:cc:
+                    65:85:5a:f5:10:2e:5b:ef:8d:61:60:66:3a:53:5d:
+                    fc:90:82:ec:0c:ba:b3:ab:7d:b8:56:9b:4c:6e:73:
+                    d6:72:61:bc:74:17:2f:a3:6b:f5:66:c6:72:b7:11:
+                    f5:bb:8c:47:5b:04:d8:4c:74:6e:22:d3:21:8a:32:
+                    41:9e:1d:8a:8b:e0:b4:ec:b8:15:40:26:08:3d:97:
+                    7c:a7:20:1e:ca:60:8d:0e:7e:58:cd:a6:0b:f7:c2:
+                    7b:7e:9f:c7:55:87:01:3d:ce:37:7c:32:b8:36:bd:
+                    1b:90:24:43:e1:c3:5c:5f:bd:f3:5c:32:0f:5d:7c:
+                    0f:87:ef:8d:03:0a:e9:23:eb:8d:7b:89:f2:4b:cc:
+                    83:d8:32:58:26:75:ff:81:74:83:d7:ea:2f:11:07:
+                    59:97:08:e1:38:e4:be:14:d1:2c:8b:1c:f5:b8:53:
+                    65:b7:25:8f:5f:e6:5d:f1:d8:76:ab:64:df:b3:e5:
+                    09:3b:84:f1:9c:34:f0:7e:bb:e7:e0:3c:da:0f:87:
+                    77:44:95:c2:e5:bd:29:3f:43:0b:d8:8d:d5:07:cf:
+                    26:54:b3:50:dc:64:1c:a7:67:3d:c1:3c:fa:9e:0f:
+                    db:3d:97:fa:28:7f:bb:6f:92:b6:e3:44:a2:47:1a:
+                    18:51
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                8D:D2:9E:D6:B2:D3:DA:D0:60:7D:69:D6:5C:EA:40:5A:E4:39:01:34
+            X509v3 Authority Key Identifier: 
+                keyid:60:72:1E:EA:47:2D:AA:B3:71:18:32:E1:30:1C:77:08:B1:D4:24:11
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-123Comics-ca/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+                serial:E0:A6:33:FF:83:2B:F5:8F
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:julia
+    Signature Algorithm: sha256WithRSAEncryption
+         10:0f:b3:1e:bd:29:70:ac:a3:20:8d:77:b2:5c:6d:bf:25:9f:
+         07:b3:c2:0c:ec:41:8e:98:cc:3f:d2:0c:84:17:55:97:1b:e6:
+         4e:76:c5:12:a3:7c:32:a3:81:e4:53:06:4e:c6:67:e4:ad:14:
+         70:4e:1f:ca:e8:5f:dd:b1:d9:e4:ac:4c:b5:d2:51:25:89:27:
+         48:05:a5:2f:c0:de:ed:7a:8b:84:59:73:19:ee:6d:6d:e0:be:
+         5d:36:d4:ea:c3:40:0f:60:94:f3:e8:3d:5d:86:88:75:c1:38:
+         f4:91:6e:4f:5c:ff:11:d8:56:d3:9f:89:58:89:c6:24:32:d3:
+         ad:d2:5b:f1:cd:62:ed:95:12:d7:79:5c:ec:86:45:39:4d:97:
+         02:9e:f5:06:d7:4f:12:2c:f7:b2:ce:59:6b:3d:3f:88:b6:e3:
+         03:24:1e:cf:9c:6f:d6:3c:6f:6c:ed:5b:50:ef:0a:cf:96:f5:
+         98:f8:a5:fa:ce:e3:2c:f8:8f:0f:84:0e:0b:27:c4:07:87:6f:
+         e2:a5:ef:73:db:e5:c9:20:a1:81:e0:a3:16:ec:de:d0:47:a6:
+         ac:ad:c3:a5:16:c2:7d:de:27:67:58:59:4b:20:c6:08:01:55:
+         62:ce:14:f3:5a:5e:23:9b:c5:d6:ba:4c:e4:d6:40:12:09:b1:
+         58:8f:b8:05
+-----BEGIN CERTIFICATE-----
+MIIFXjCCBEagAwIBAgIBCTANBgkqhkiG9w0BAQsFADCBsTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi0xMjND
+b21pY3MtY2ExFjAUBgNVBCkTDVZQTiAxMjNDb21pY3MxITAfBgkqhkiG9w0BCQEW
+EmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xNzAzMzExOTQxNDRaFw0zNzAzMzExOTQx
+NDRaMIG0MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZC
+ZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNl
+czEcMBoGA1UEAxMTVlBOLTEyM0NvbWljcy1qdWxpYTEWMBQGA1UEKRMNVlBOIDEy
+M0NvbWljczEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxAix9YabipCXMk6nVcxlhVr1EC5b
+741hYGY6U138kILsDLqzq324VptMbnPWcmG8dBcvo2v1ZsZytxH1u4xHWwTYTHRu
+ItMhijJBnh2Ki+C07LgVQCYIPZd8pyAeymCNDn5YzaYL98J7fp/HVYcBPc43fDK4
+Nr0bkCRD4cNcX73zXDIPXXwPh++NAwrpI+uNe4nyS8yD2DJYJnX/gXSD1+ovEQdZ
+lwjhOOS+FNEsixz1uFNltyWPX+Zd8dh2q2Tfs+UJO4TxnDTwfrvn4DzaD4d3RJXC
+5b0pP0ML2I3VB88mVLNQ3GQcp2c9wTz6ng/bPZf6KH+7b5K240SiRxoYUQIDAQAB
+o4IBejCCAXYwCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2Vu
+ZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBSN0p7WstPa0GB9adZc6kBa5DkB
+NDCB5gYDVR0jBIHeMIHbgBRgch7qRy2qs3EYMuEwHHcIsdQkEaGBt6SBtDCBsTEL
+MAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8w
+DQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNV
+BAMTEFZQTi0xMjNDb21pY3MtY2ExFjAUBgNVBCkTDVZQTiAxMjNDb21pY3MxITAf
+BgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZYIJAOCmM/+DK/WPMBMGA1Ud
+JQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAQBgNVHREECTAHggVqdWxpYTAN
+BgkqhkiG9w0BAQsFAAOCAQEAEA+zHr0pcKyjII13slxtvyWfB7PCDOxBjpjMP9IM
+hBdVlxvmTnbFEqN8MqOB5FMGTsZn5K0UcE4fyuhf3bHZ5KxMtdJRJYknSAWlL8De
+7XqLhFlzGe5tbeC+XTbU6sNAD2CU8+g9XYaIdcE49JFuT1z/EdhW05+JWInGJDLT
+rdJb8c1i7ZUS13lc7IZFOU2XAp71BtdPEiz3ss5Zaz0/iLbjAyQez5xv1jxvbO1b
+UO8Kz5b1mPil+s7jLPiPD4QOCyfEB4dv4qXvc9vlySChgeCjFuze0EemrK3DpRbC
+fd4nZ1hZSyDGCAFVYs4U81peI5vF1rpM5NZAEgmxWI+4BQ==
+-----END CERTIFICATE-----

123/openvpn/keys/ca.crt

@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIFAzCCA+ugAwIBAgIJAOCmM/+DK/WPMA0GCSqGSIb3DQEBCwUAMIGxMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEZMBcGA1UEAxMQ
+VlBOLTEyM0NvbWljcy1jYTEWMBQGA1UEKRMNVlBOIDEyM0NvbWljczEhMB8GCSqG
+SIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlMB4XDTE3MDMxMTAyMTYyOFoXDTQ5
+MDMxMTAyMTYyOFowgbExCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMRkwFwYDVQQDExBWUE4tMTIzQ29taWNzLWNhMRYwFAYDVQQpEw1W
+UE4gMTIzQ29taWNzMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGUw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDI6ZDkXY0diPbLB91BnCq6
+yzxnCn/zp6jHE1D/pHWSRFcitbne4z4n7uHg9rVo+ytwS32KOSqDKUw7nV1SdoGT
+29R6Hoy6RV5aub7UD6CeF7ksZ2xd7359PIYedeyBKB/R3TlLo/2w+sW1womyEdpl
+USvG3nVYGBL/KFKxIaKUXxzTAPagzBUfzgI0AfVCzOJlRmw7Oin/xmrf7Bp0FQnx
+labMu0FVWuKrwvNL0IeQkRvm4zVICFsajjzaWribwKxVZe88iDVCCkizgv9HI7yk
+G+YrnZJbYxYvWisv5Gf6yDBfixgRES1itkGHEco4qBjTNfXxc1TvxBQZdHVkes3L
+AgMBAAGjggEaMIIBFjAdBgNVHQ4EFgQUYHIe6kctqrNxGDLhMBx3CLHUJBEwgeYG
+A1UdIwSB3jCB24AUYHIe6kctqrNxGDLhMBx3CLHUJBGhgbekgbQwgbExCzAJBgNV
+BAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UE
+ChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRkwFwYDVQQDExBW
+UE4tMTIzQ29taWNzLWNhMRYwFAYDVQQpEw1WUE4gMTIzQ29taWNzMSEwHwYJKoZI
+hvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGWCCQDgpjP/gyv1jzAMBgNVHRMEBTAD
+AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBqSNHim3BDVX4ptcnhYaw1RNEHq2sWkL6O
+m6MLJpwk1BW0ZhKG45/lA8x+FB1npsL9ck/GcTG41UOwCJU3jIKyS5rug7hHAz7t
+GShvWEOLnk0Y9veMOM0Iwsqs4d4qeDQZH2RZCnQqjVt5bXRFDGE0X0Lqa04nVXVU
+8JThZvjNq19jzEulZwg/x356J/VbNX/gtqddqRHw1j5uvsiAnTjQeDZTLjP3SDOS
+vYVjJGF35QyarN0iJpH8TQGeA89EOJyLaQjfd+MG05cDYHo44brJgc26rJRp5QCa
+cp2h9ajosKcIhk1lrY+kLf/XiwYDZ3TyhYhqoM998XggUuinF1r9
+-----END CERTIFICATE-----

123/openvpn/keys/ca.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDI6ZDkXY0diPbL
+B91BnCq6yzxnCn/zp6jHE1D/pHWSRFcitbne4z4n7uHg9rVo+ytwS32KOSqDKUw7
+nV1SdoGT29R6Hoy6RV5aub7UD6CeF7ksZ2xd7359PIYedeyBKB/R3TlLo/2w+sW1
+womyEdplUSvG3nVYGBL/KFKxIaKUXxzTAPagzBUfzgI0AfVCzOJlRmw7Oin/xmrf
+7Bp0FQnxlabMu0FVWuKrwvNL0IeQkRvm4zVICFsajjzaWribwKxVZe88iDVCCkiz
+gv9HI7ykG+YrnZJbYxYvWisv5Gf6yDBfixgRES1itkGHEco4qBjTNfXxc1TvxBQZ
+dHVkes3LAgMBAAECggEAOUvy2E2dquieiTRK8yUYQoEnTrN93fzYcz2dAeri5L28
+o9dzlI718Ol9XWy+O5w1vSaqPLsk1pb2eKHeNWA6f/JXXCROOekCiZkjRNLYGX3m
+fzVXgEqGpiyWiyVSN1s8B9uxNVMlTE2YCMfcAP56bB6D/4j9qgvjjwTu4DkZZnpf
+iGswdUf2KJZ2Wr08wVjvmKBnJYazXDjMbhXQ+hCSK6yr8zaJIrchdkgJc1lC9Z49
+8HEpc2SwSJrrOUpyQNQ/dNbtYeK1cqqgADguXuxwDRmV/BYycpJ8Yg4hynsWqDR/
+nUOiy/UqisYaEVCW2nLKOsj29YGguGhMXPwPL7oxQQKBgQD5pRuoDmQNOPMcnjfQ
+uVCh1f+VoeKHMuguDmJBEl62hbamAesOdOL0ghmcTAb1JQCtwbdPlvuUuGsvukky
+yCLa4sz7UU6ZSSW6XYD/9oEq/Usp1sdX8MP3Dd8nOXVPxdGzEc8syKDMULkVh/2C
+y8qENGgg9sA5X4RJKIzaFnCFkQKBgQDOBuBWJ1f1RB/O29eutL7Hs68MpiM37B90
+XLLDAIz8DrgGrwBaasdfFxhRZEmU2KHG5LmVCPvZg6au8NFYFoixdqyJZghWBAOO
+pzO8wk939kqSHwgpJcRPXWKG7TCltVEcxO/iocW7qgTGpTeBfK1NbaRqTKDHGzTo
+GTIr8yd/mwKBgQCJjgdaJ2vLuViDqU5Z7PJX6gFlYojeNBeo4PYUotmbOrw0ZpQt
+KAyx60nPTDj9NMFV/IpUCX5gKOmup7eTiqFh+Fw4Ekn7vklSkhj1cM8lb+HNkPHQ
+K/Lemz8dbtSL+xUb1TFRnM61JbmF+qOeQUo6ZGIH3851DoNmiDhsJrcjcQKBgQCW
+/zMr8WnluCgX08gfoxiwBGEnRBxLwCLNhaL+iEjL832saFY57khwyNxpyrajAKKQ
+wtHBCPSMVpCzZowHo3xLlE6f5Mf3QrnYs3KXxVG4+iltLpEslyFpiWfMu8oLqPfp
+veySjT3+bH1TmYM0w8vAE7uMrNypEKeV8+FxlKQ+QQKBgDmUIEgJVMjrD26GJeuB
+bgeAHoC1XDNZCpp3g99n/za373MnJPahxo6Pz2rHv5WGE1lm8AE2CTtQjtzIE0KB
+VsiFP4srSvNtYRuH3gAuEL28ETc5ZAYYrPRlsErNi+KbM3TNNzV9FuvAaRAMb9l0
+Nuvd4s7RiQllg5o+aM+I3V8f
+-----END PRIVATE KEY-----

123/openvpn/keys/chris.crt

@@ -0,0 +1,98 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-123Comics-ca/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+        Validity
+            Not Before: Mar 11 02:24:18 2017 GMT
+            Not After : Mar 11 02:24:18 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-123Comics-chris/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:ac:3d:7f:1e:1e:d7:15:85:96:bf:74:de:56:88:
+                    9c:7c:dd:45:e5:51:6f:db:c5:a6:0e:48:ab:33:0d:
+                    f6:d7:16:6b:5b:9c:63:ab:7b:20:49:aa:f4:6c:31:
+                    02:cc:24:46:01:fe:c2:c3:42:b8:46:3d:6c:09:13:
+                    e7:d3:81:10:e7:09:0b:5d:63:e8:cf:61:01:bf:53:
+                    00:a4:2e:e6:1e:6b:eb:02:ed:4a:e8:5c:c1:0d:e1:
+                    b2:5d:b1:a1:11:92:5e:7b:21:50:a2:e0:1b:77:53:
+                    fd:e2:13:a5:9f:2f:3d:ed:5b:a0:68:6f:b0:75:22:
+                    05:f9:dd:94:cc:e7:87:ee:be:c7:77:a3:cd:c2:78:
+                    b0:d3:f5:40:8b:c8:ba:70:9f:f5:99:b7:49:0f:a4:
+                    c4:b7:70:94:7c:d8:3a:87:bd:58:af:f7:71:45:7b:
+                    b7:2f:a9:09:dc:71:89:85:42:5f:b1:0d:cc:c1:46:
+                    8a:22:fb:44:26:e2:f6:00:10:df:3f:76:43:6b:92:
+                    ed:f9:0e:41:fa:b1:bc:43:29:45:5d:48:05:8c:83:
+                    fd:c4:31:1f:7a:41:a5:97:05:e5:2b:a1:8a:ca:70:
+                    37:09:81:c7:52:80:c2:93:07:1f:81:6c:fd:f3:e0:
+                    46:58:00:6a:ef:7a:eb:37:ca:fb:cf:71:67:87:86:
+                    bb:31
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                8B:AE:40:F9:23:AD:01:8E:59:9A:6E:80:8A:C5:CD:9E:ED:2A:29:A8
+            X509v3 Authority Key Identifier: 
+                keyid:60:72:1E:EA:47:2D:AA:B3:71:18:32:E1:30:1C:77:08:B1:D4:24:11
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-123Comics-ca/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+                serial:E0:A6:33:FF:83:2B:F5:8F
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:chris
+    Signature Algorithm: sha256WithRSAEncryption
+         b8:5e:18:10:4f:91:50:53:78:26:cd:c7:5a:1f:2e:50:e8:79:
+         cc:ae:d4:92:21:fb:08:25:69:44:c5:a0:a6:67:a9:23:f7:40:
+         c7:d8:66:c9:21:50:34:1e:d9:8c:12:9d:ab:de:f6:a3:bc:78:
+         fa:85:cc:d7:1b:84:4a:f1:19:10:9c:39:4d:c5:21:bc:db:32:
+         25:51:d1:44:96:a8:32:0f:57:e5:1a:60:b2:01:7a:6e:d6:c8:
+         00:3b:2f:82:0c:3d:10:bc:81:df:4f:eb:a3:7f:cf:a4:79:21:
+         ba:1e:25:e4:eb:fb:65:5e:dd:ec:27:4a:15:c5:45:70:ae:60:
+         a0:dc:7d:25:37:de:8c:79:a1:49:38:00:8f:9b:7c:94:d6:02:
+         0a:4c:d3:c3:28:86:1d:ec:5d:11:97:7d:7c:07:0d:92:67:dc:
+         0c:29:8c:c8:16:68:a4:df:8a:db:89:ed:dc:e8:88:1a:6d:58:
+         c5:74:3c:f0:25:ad:58:f6:e8:1e:89:78:4d:d7:1c:a3:8d:8a:
+         93:89:9e:7e:19:24:03:7e:c8:1f:7d:48:98:4e:f1:ba:86:e5:
+         ae:d1:45:a8:80:f0:90:ed:b5:23:8c:75:6f:9b:f4:73:04:c0:
+         82:e0:b4:df:7f:33:36:bc:c7:32:de:52:cc:4c:33:0c:e6:e4:
+         b7:23:16:9e
+-----BEGIN CERTIFICATE-----
+MIIFXjCCBEagAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBsTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi0xMjND
+b21pY3MtY2ExFjAUBgNVBCkTDVZQTiAxMjNDb21pY3MxITAfBgkqhkiG9w0BCQEW
+EmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xNzAzMTEwMjI0MThaFw0zNzAzMTEwMjI0
+MThaMIG0MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZC
+ZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNl
+czEcMBoGA1UEAxMTVlBOLTEyM0NvbWljcy1jaHJpczEWMBQGA1UEKRMNVlBOIDEy
+M0NvbWljczEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArD1/Hh7XFYWWv3TeVoicfN1F5VFv
+28WmDkirMw321xZrW5xjq3sgSar0bDECzCRGAf7Cw0K4Rj1sCRPn04EQ5wkLXWPo
+z2EBv1MApC7mHmvrAu1K6FzBDeGyXbGhEZJeeyFQouAbd1P94hOlny897VugaG+w
+dSIF+d2UzOeH7r7Hd6PNwniw0/VAi8i6cJ/1mbdJD6TEt3CUfNg6h71Yr/dxRXu3
+L6kJ3HGJhUJfsQ3MwUaKIvtEJuL2ABDfP3ZDa5Lt+Q5B+rG8QylFXUgFjIP9xDEf
+ekGllwXlK6GKynA3CYHHUoDCkwcfgWz98+BGWABq73rrN8r7z3Fnh4a7MQIDAQAB
+o4IBejCCAXYwCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2Vu
+ZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBSLrkD5I60BjlmaboCKxc2e7Sop
+qDCB5gYDVR0jBIHeMIHbgBRgch7qRy2qs3EYMuEwHHcIsdQkEaGBt6SBtDCBsTEL
+MAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8w
+DQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNV
+BAMTEFZQTi0xMjNDb21pY3MtY2ExFjAUBgNVBCkTDVZQTiAxMjNDb21pY3MxITAf
+BgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZYIJAOCmM/+DK/WPMBMGA1Ud
+JQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAQBgNVHREECTAHggVjaHJpczAN
+BgkqhkiG9w0BAQsFAAOCAQEAuF4YEE+RUFN4Js3HWh8uUOh5zK7UkiH7CCVpRMWg
+pmepI/dAx9hmySFQNB7ZjBKdq972o7x4+oXM1xuESvEZEJw5TcUhvNsyJVHRRJao
+Mg9X5RpgsgF6btbIADsvggw9ELyB30/ro3/PpHkhuh4l5Ov7ZV7d7CdKFcVFcK5g
+oNx9JTfejHmhSTgAj5t8lNYCCkzTwyiGHexdEZd9fAcNkmfcDCmMyBZopN+K24nt
+3OiIGm1YxXQ88CWtWPboHol4Tdcco42Kk4mefhkkA37IH31ImE7xuoblrtFFqIDw
+kO21I4x1b5v0cwTAguC0338zNrzHMt5SzEwzDObktyMWng==
+-----END CERTIFICATE-----

123/openvpn/keys/chris.csr

@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIC+jCCAeICAQAwgbQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMRwwGgYDVQQDExNWUE4tMTIzQ29taWNzLWNocmlzMRYwFAYDVQQp
+Ew1WUE4gMTIzQ29taWNzMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4u
+ZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsPX8eHtcVhZa/dN5W
+iJx83UXlUW/bxaYOSKszDfbXFmtbnGOreyBJqvRsMQLMJEYB/sLDQrhGPWwJE+fT
+gRDnCQtdY+jPYQG/UwCkLuYea+sC7UroXMEN4bJdsaERkl57IVCi4Bt3U/3iE6Wf
+Lz3tW6Bob7B1IgX53ZTM54fuvsd3o83CeLDT9UCLyLpwn/WZt0kPpMS3cJR82DqH
+vViv93FFe7cvqQnccYmFQl+xDczBRooi+0Qm4vYAEN8/dkNrku35DkH6sbxDKUVd
+SAWMg/3EMR96QaWXBeUroYrKcDcJgcdSgMKTBx+BbP3z4EZYAGrveus3yvvPcWeH
+hrsxAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEASmlVisLd3+jGo6+VsSaSGU6f
+18zt8X6ZPjJghwdEUcoHecUTFLUgob9yVW5VJkMvO6OZf76kv84Wy/TuqaHjzlr9
+YmEYdiRASTUsKs4EdUHqbgk5tkB82+TOHsSUeqdU/IzjhvYo2/+S/S35w6coMJ2v
+rje585Qt0uRBZFjre0dPufpwCi68ss0WR9pOUsnFczM+t2WjU9eRgrHlkD5oFhvI
+Jfr9yRKRcKKneDycRbMEQr8hWBU18OSuM2bPfzjin0n/K9LI2kWYyb2lxJw4wjwv
+bovWlHsrRa4ejn7XPKoQraqavtknw1oTJTfSaaBrUY4HB99zvMUpn2+tILymmA==
+-----END CERTIFICATE REQUEST-----

123/openvpn/keys/chris.key

@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIF9LLzSpsCMUCAggA
+MBQGCCqGSIb3DQMHBAifugS728VxeASCBMiRBT6FcoCVZiCBpRqbL8jwWTvOpwMQ
+bHbKobUVCNK2WJddIA0bvnhj2xlNHx0Ka9B182f0h1AE/5fRyONc+IrwazswOJ0D
+hKWnYNwSmhTZdUy6r0zQWBEr4tzJKNxSNqMrXVBnZPVQYfNWHuxNTcaOR8qu5DW1
+bAhJ9WVBLgKA/D8tssoqcyxEBKPmhQiPj1m1TewkaxaOCHe9fF+cQUZ8AdTkd0po
+FehYPSqkPJ6MYJwX+yNXFct47LioQWkl+v/GtURgkszKRY9AT3c3YqWZ4QJwQZG9
+mGEMqQq9vDzAclLaeol4C5yHZ3cpP5xdRyg3D6xb1H51zj0hQvDuVqSBanNbM1zo
+rYR2s9gNpeWS7KbJuFZ0CLlRFFJK074r6HLuBp5Xwtcj0TPj0xKpAGHFAZ8vplCm
+YqOUZiDOUlSVuEylXxeXR71G9CKqyu+ZPGqjd/kkGuCUzS3m7OKayuy4MAmPyU6O
+zQ1Ggn1/LgAhgpH5n4QVkWnGciUx+17ePgQNuYiT2gyLDaFS+AMeF+myl8fW39UK
+CrwaqzSZxewKj+NJNIoofFPXDP8HC3lU1nRdxRjke7zLNhWvtmfmeLmJOx8kGE4o
+zV+1ifL171JT0I1k+xc7lX/fgVV/JNWqj47ncgbCDaUV14t8P2L9EfBDdueghm9i
+phniM9DrqZncGeBsVUTMqVwjF2R4CAPQjxR6ZALzYBTLVVjiEl9IDQFuxeLTAS72
+o03yZQCMBud0YKXrVb6rPLQKrMENXSEMBUfJ7KQ/twSG2RMZ/fohcPu86wNWStPe
+ZlcPB8QvVbNrOgt51+tLMmsFGNYo1JEiZ8WTbuu5O6dsiapb9v3e4+5scW/f65Gh
+NNFC9cTv9kdfwXUZMqF6cQP/3A/DcG6otycXXui5AES3dyzeL+FDYn+TPMlFS79c
+deWCZ/lvjZl/VapyrFfO4xZYNTd+um5zovfCuWYb88SVz203iuw6dqvI4mcIoXoa
+SW+vSjpm3DXpHxYJ3dK3FfclRMg931d9VxTjwCUmBjuxxcm4YHa13PI2VJG8gCF2
+UyO9gBzbuIl5coMRsee0TWbeTatsjVHRhl2Vr1n/5ZVw/Jghj4WhejnsjKGDItGU
+YLWaQJ1oHSW3XK1f/l/QGrETiO0sTOqDHs7AKZMoeKoKG+wZrv+CU4gskmSHkw3T
+rBaJL5MeQwJYG4Y9sT7q8G74SlRBOfyu1dKYB827Ev/JB75KDbuct6ClX4RS84Nk
+8kaJ8xeCBDKVagNQV/uQJ1BJtyNp8paAEmiEIn+uAyosmFBhOL1op1UfydA4GQO2
+x8VcNkIz+gnESL2g1/w0/WfCaR5RsuSI9KwdzvWFl2bfpAh1A3hU7WRjJytzh5Nk
+9nPj1f5OqP9rl/9Lgl3JlY1zSS+g2ZDlIZAVF6gHrApFh2FrCVaT82o5maiJNIKm
+DMwus2EAUAlL8Yc9XK/5Cgh9mh5Sjd/qrTdiSr/bVvVl28gDeyKPGrQdlB0X6F7E
+Pb77QGdyt+0FRlwu3mEKsfPvOTAVPF3TIz0eMUPsP7+f4Nf+Vk/5WUDd2ViAzWWg
+YCJTlvkeORhU79ClFKc12bQdF6UBfRFQYqQXQfdD8326XWH89c5wFIsrPfA1s5pj
+Uwo=
+-----END ENCRYPTED PRIVATE KEY-----

123/openvpn/keys/crl.pem

@@ -0,0 +1 @@
+../crl.pem

123/openvpn/keys/dh2048.pem

@@ -0,0 +1,8 @@
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEA75kjXi5DAAimhQ0GKJ/22y2OWcZAkNqVc2bfStyQUlYnm2E2NFxN
+nakpLWICxxWB7FpxKA/H7qM3i5lY6MIumrw8Fk/NKxtKwxYf3guNW12lVU3qFY5M
+h1vvMovyiZYxvftWIA2xxAlZLDS9UpO1dTzZspTIWJkRjOpOdq+4VHG216EWkH/b
+dP+epeDPLAksZ46iiQs80d9PSOSeHg5uVDtRK+1S5Xf9dAvTzWBRSDiS5r/PLskJ
+KasyUM+4dLG+Ex/M/ertR/nAQ9JhVfsKjIJaH9BRc+6Wq7NX1yLRwYWYHuRyBG1q
+1o7fcpMvteFXJe7CB8xifSAoNdEg1UeUcwIBAg==
+-----END DH PARAMETERS-----

123/openvpn/keys/ellen.crt

@@ -0,0 +1,98 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 4 (0x4)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-123Comics-ca/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+        Validity
+            Not Before: Mar 31 19:38:42 2017 GMT
+            Not After : Mar 31 19:38:42 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-123Comics-ellen/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:ec:72:92:5c:45:07:06:c3:ef:8b:49:fb:53:2b:
+                    64:9f:07:47:e4:2f:84:64:35:a9:6a:93:77:a9:3e:
+                    8a:47:fe:52:fc:1f:e9:9c:05:13:74:a6:d5:5e:12:
+                    ab:c9:55:1d:d7:83:a7:9e:e4:76:f9:c3:ee:b4:b5:
+                    c6:d7:ae:fb:05:e1:5f:3e:d5:c5:08:31:cc:40:bf:
+                    9e:17:ea:b5:69:c1:e3:f5:8a:55:b7:39:10:4c:39:
+                    d4:a5:1a:6c:da:1c:df:08:60:41:43:cc:78:cc:9b:
+                    3f:f0:64:35:a6:bd:7d:0c:86:55:20:66:e8:7f:d9:
+                    0d:06:03:d5:42:d2:b0:43:54:92:69:5e:97:20:d6:
+                    d9:0d:5a:95:86:5b:82:59:f0:d4:6a:5c:4c:01:ca:
+                    ae:17:da:7c:04:27:d5:55:1b:22:88:0f:82:ea:0d:
+                    3b:3e:0a:92:6c:7f:5c:a4:4f:4d:b3:ea:b1:fd:e9:
+                    25:20:87:af:52:36:ad:3c:d5:1a:f1:45:9a:8d:a8:
+                    33:8c:0c:0c:97:24:7b:5d:32:fe:ad:f9:b7:15:5d:
+                    a4:16:c5:a9:52:89:d3:4d:26:08:10:6f:3b:5a:3b:
+                    0a:32:c0:8a:fb:a0:23:8c:bf:bd:d8:b1:8e:b4:a7:
+                    05:86:1f:99:6f:7c:c0:57:7d:ba:19:f0:5f:3b:d2:
+                    91:53
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                CB:73:DC:89:31:5E:B7:F6:7A:2D:B1:39:A7:E3:03:5C:38:75:B6:FC
+            X509v3 Authority Key Identifier: 
+                keyid:60:72:1E:EA:47:2D:AA:B3:71:18:32:E1:30:1C:77:08:B1:D4:24:11
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-123Comics-ca/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+                serial:E0:A6:33:FF:83:2B:F5:8F
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:ellen
+    Signature Algorithm: sha256WithRSAEncryption
+         41:78:fd:3e:cc:67:5a:80:3e:7a:e2:1f:21:fe:de:be:54:29:
+         f4:96:b3:22:ec:8e:55:8e:da:af:97:9f:d7:71:97:c6:83:9a:
+         26:da:9d:47:f1:a2:3f:75:a0:26:09:e4:e9:cd:cc:d2:c0:3b:
+         fc:76:1e:08:1a:23:23:b0:e2:c6:52:63:57:c3:ca:55:d5:32:
+         c8:d2:ac:d3:5c:c2:16:e6:03:72:b3:cf:67:74:f4:ae:64:a4:
+         bf:10:0d:ba:ed:f4:89:df:7d:c3:61:e1:76:9a:81:8d:f7:ec:
+         a9:b0:20:25:7f:57:4d:36:87:dc:bb:34:8f:e2:95:0f:41:85:
+         fc:10:e0:ff:31:9d:c4:fd:79:81:ee:34:33:24:72:a8:19:77:
+         49:66:ea:9b:28:90:14:29:fb:3d:e6:81:98:55:4f:d5:be:95:
+         7a:8c:46:d8:78:e7:5d:16:2a:de:6c:fe:a8:46:d0:e1:04:c7:
+         f7:25:64:7a:fd:ed:ef:ef:98:44:96:3a:15:f7:c6:e9:16:09:
+         ea:8c:fc:c6:34:4e:83:fe:88:46:71:25:fb:3e:62:76:92:15:
+         05:44:43:12:75:b7:f8:8f:5c:64:be:36:83:ba:8b:be:b1:46:
+         3f:d0:c7:01:81:1d:49:00:f3:fa:42:74:3c:c9:b1:37:78:30:
+         2e:4f:c3:61
+-----BEGIN CERTIFICATE-----
+MIIFXjCCBEagAwIBAgIBBDANBgkqhkiG9w0BAQsFADCBsTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi0xMjND
+b21pY3MtY2ExFjAUBgNVBCkTDVZQTiAxMjNDb21pY3MxITAfBgkqhkiG9w0BCQEW
+EmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xNzAzMzExOTM4NDJaFw0zNzAzMzExOTM4
+NDJaMIG0MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZC
+ZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNl
+czEcMBoGA1UEAxMTVlBOLTEyM0NvbWljcy1lbGxlbjEWMBQGA1UEKRMNVlBOIDEy
+M0NvbWljczEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7HKSXEUHBsPvi0n7UytknwdH5C+E
+ZDWpapN3qT6KR/5S/B/pnAUTdKbVXhKryVUd14OnnuR2+cPutLXG1677BeFfPtXF
+CDHMQL+eF+q1acHj9YpVtzkQTDnUpRps2hzfCGBBQ8x4zJs/8GQ1pr19DIZVIGbo
+f9kNBgPVQtKwQ1SSaV6XINbZDVqVhluCWfDUalxMAcquF9p8BCfVVRsiiA+C6g07
+PgqSbH9cpE9Ns+qx/eklIIevUjatPNUa8UWajagzjAwMlyR7XTL+rfm3FV2kFsWp
+UonTTSYIEG87WjsKMsCK+6AjjL+92LGOtKcFhh+Zb3zAV326GfBfO9KRUwIDAQAB
+o4IBejCCAXYwCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2Vu
+ZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBTLc9yJMV639notsTmn4wNcOHW2
+/DCB5gYDVR0jBIHeMIHbgBRgch7qRy2qs3EYMuEwHHcIsdQkEaGBt6SBtDCBsTEL
+MAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8w
+DQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNV
+BAMTEFZQTi0xMjNDb21pY3MtY2ExFjAUBgNVBCkTDVZQTiAxMjNDb21pY3MxITAf
+BgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZYIJAOCmM/+DK/WPMBMGA1Ud
+JQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAQBgNVHREECTAHggVlbGxlbjAN
+BgkqhkiG9w0BAQsFAAOCAQEAQXj9PsxnWoA+euIfIf7evlQp9JazIuyOVY7ar5ef
+13GXxoOaJtqdR/GiP3WgJgnk6c3M0sA7/HYeCBojI7DixlJjV8PKVdUyyNKs01zC
+FuYDcrPPZ3T0rmSkvxANuu30id99w2HhdpqBjffsqbAgJX9XTTaH3Ls0j+KVD0GF
+/BDg/zGdxP15ge40MyRyqBl3SWbqmyiQFCn7PeaBmFVP1b6VeoxG2HjnXRYq3mz+
+qEbQ4QTH9yVkev3t7++YRJY6FffG6RYJ6oz8xjROg/6IRnEl+z5idpIVBURDEnW3
++I9cZL42g7qLvrFGP9DHAYEdSQDz+kJ0PMmxN3gwLk/DYQ==
+-----END CERTIFICATE-----

123/openvpn/keys/ellen.csr

@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIC+jCCAeICAQAwgbQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMRwwGgYDVQQDExNWUE4tMTIzQ29taWNzLWVsbGVuMRYwFAYDVQQp
+Ew1WUE4gMTIzQ29taWNzMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4u
+ZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDscpJcRQcGw++LSftT
+K2SfB0fkL4RkNalqk3epPopH/lL8H+mcBRN0ptVeEqvJVR3Xg6ee5Hb5w+60tcbX
+rvsF4V8+1cUIMcxAv54X6rVpweP1ilW3ORBMOdSlGmzaHN8IYEFDzHjMmz/wZDWm
+vX0MhlUgZuh/2Q0GA9VC0rBDVJJpXpcg1tkNWpWGW4JZ8NRqXEwByq4X2nwEJ9VV
+GyKID4LqDTs+CpJsf1ykT02z6rH96SUgh69SNq081RrxRZqNqDOMDAyXJHtdMv6t
++bcVXaQWxalSidNNJggQbztaOwoywIr7oCOMv73YsY60pwWGH5lvfMBXfboZ8F87
+0pFTAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEAqG7Pm86xMI259YHJgwVxEex7
+DLKabh2Xe/JHCBRyc6ZrzthjexIQocIg8XbjHuU0ReciUbk2GvBHt89/s0Mrpo+C
+1iqKrgFXMM5W8igCZaTWMRxJ5f8EDj99W8cps29/NojakzyO2UMA7iYRv54qDCJb
+tR7tqadpgzn/x6DbyjzJOPTTb2FK/PWYxP8t3SVvXSOrwgmHSTqsh4KWocTdfokk
+VHSl9R/Larcl/XieShOzsGBXjmupJL2G9xk286bahaLaSob865IhwTKJ1sMwLPOn
+4f0003qE5ptK6V5cAhsBtyIjZvnoni/gRHSSnwsgoqmC5wOKVtraScHEmAxk6Q==
+-----END CERTIFICATE REQUEST-----

123/openvpn/keys/ellen.key

@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIqYNbs1KjCD4CAggA
+MBQGCCqGSIb3DQMHBAjQbwXPEJZtUgSCBMhTxI7dblWQWEPoEqmxGV2qWiQrw3y3
+ZboekVfEP57rNyKS+xgJuo/gYTncgeTYe0c9aoqO4tZneIa5KavsrKyKCTGQLnOM
+qq2rlZDJ2uPi1u4qo8GDaILQ19rNMy1HSL0NrLuxG7zyRPnhhacnoEDr1z2ypv9k
+U6Tz3oKyIA9617xxSQ7KPV7FzJMmTuxDEO/tX0TDeoAOxfVMU463S4XDEiCFXUUN
+ETSXed626B7FE4Q3RI7vVRnWOOPTcAoEJoj6TZxaqfwOZGSofluKYyu9LS9CNX91
+EteAGRWAzTj0MGWtfUwChCo9z0ZAwNAlHltXJyFmPnyuTZ0WRZ+iFtbXUeuHfis+
+CF07SrNqlDLGu2TctuQR0CvvpFzs+pAJBX//x4A+R03aJZ+30M/VkgHhQUIGMFeI
+daxWDSpPqLBkQDmTgJaO9F4PFyNylYIC0VZhvmGlX+obTbLfuaDVW4HvR1dwglQs
+9PQoJAHg9HJIb1CW30vJMc892C6e/SEOK3VNzsT0Pr1EIo6GqiTg/GRpvxjRHsLW
+HzuCm/X6MOLlLy7lQkV9I6ewNCIjeY045B8UpKUmd/bEC6LRU8qTTx+N+3eub4/C
+e9amZyvBk334dB0IfSMO/eYEbuoVkqjmYWQUokLtK7+JwXFPUkjJ9InqaDTIqbtn
+pxOlShzH2A5guPsclkNrKXVmv6VWGke0JQ/tMgaXBpVaTl/SeFEKs56zJ8SVN6Ep
+3I1r1nWkUZbGypdu/CNVZmmdRII4PFtxsqQjag7+YNJlp/e58m7FBinDS4q4vT4f
+UjNNSP9T9tD5f/PaK+j9q5ZynBguHS3SbFA3zO8Wfed8YB+1qsLJ93coaBJNfTaY
+S/DCLVLXnP8LcGvcFHkHOfrUKQuSnW0or+rtifbXwdQSEX2xiTNG0CjXZnRlS1oq
+70ZOG97/QYyssEGdVN+OHPQ1aywnkf5qhruafG1Ue8W45CIGHQ7bmSlLzMzVo0Py
+5o6b93bVIiN7LCS6vojM+s2Sa5s0VWC+JsdJHX8IGF/Evf4gn1e+yLO1g8qNuGO4
+7GhUxFmM0OlhRo9CW5/t8x862p6kvOcTYeddDlRzgAwOJ8sfwpwHUmnloigb4jb6
+McCR/MJvq3KGGf5K8bcAwPkQFZBtBHl9jdjPpBxpjobQp9GitfjwXYZ41HepCtNU
+XIEnJWcpj77okAuz9PSmS4NtK9OdBK0IBm+vsSPxJUvDy7QYekqSaab9MUCk20Vy
+lDPwZfLuFuHrhyRqrx3n1vjGc7T3amANo0BEG+yFZruMwqkC15bGKnPmy95kCvGB
+uFpymGJBZJOQe9hUML5jJNIEReQHIoPO5CFzTzoCDGP3NzgP6nXUOY0SsCG17k46
+rWpFTVMM8TJWVEhhn7RrTk/QM0pCfCFUcpe591jgS/XewuzFKeOGyvBcQL2azhY/
+OLhh/byqX2XPDT/dISUM7uyxbMn0/o9MXx86kKbCP9mLWir6GYqOrw+SvNKIYDPg
+rABZ4Lm2YhHur0WU4aICloUO1/qm9iPiVqBcGmOneh5TuSO02u8HAdR/Bh62s7k9
+xdXGaYtqHW2jgM90gYTRGbP8CQL5QGu8/MXJdslaEuAZvlEcVgd0I5kI1TvgjTRg
+eNI=
+-----END ENCRYPTED PRIVATE KEY-----

123/openvpn/keys/gw-ckubu.crt

@@ -0,0 +1,98 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 3 (0x3)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-123Comics-ca/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+        Validity
+            Not Before: Mar 27 01:22:52 2017 GMT
+            Not After : Mar 27 01:22:52 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-123Comics-gw-ckubu/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:d6:4a:11:c9:92:5d:41:10:43:41:f9:d0:31:82:
+                    47:6f:9c:10:dd:f2:2d:c1:14:0a:56:6a:82:54:01:
+                    7c:7c:aa:ec:13:c9:26:c1:38:cb:f5:ae:3c:c2:1f:
+                    f0:88:ba:7b:84:e1:ce:bf:40:54:a2:87:40:49:e7:
+                    4e:e0:5c:1a:e5:cb:a5:37:73:99:5f:f2:ed:38:c1:
+                    a5:10:72:8a:10:3d:d6:41:dc:a5:e3:28:f1:2b:b0:
+                    6b:0a:f2:4a:9a:be:15:07:e1:0d:40:69:e2:53:b4:
+                    1e:1e:32:fe:1c:65:4f:38:d5:e8:a1:38:eb:fa:8a:
+                    46:2e:e3:2d:ed:be:1e:e9:5a:c9:62:e3:59:f2:28:
+                    fc:28:c0:9e:ee:8a:12:73:d2:a2:be:6d:41:eb:f1:
+                    85:29:2e:3e:cd:73:ba:37:a0:eb:cf:a3:04:29:db:
+                    79:5f:9b:a8:80:e9:ec:80:94:6a:8e:83:5f:bd:9d:
+                    02:20:27:0b:00:1d:17:3d:50:71:a2:b8:fd:92:c8:
+                    f8:db:a1:1d:98:43:3a:d9:b0:66:0d:ce:62:26:a6:
+                    e2:cb:92:04:de:9d:1c:ea:5a:3b:53:10:a8:36:4c:
+                    b7:07:37:da:aa:01:9a:a9:98:37:b1:23:b2:19:a7:
+                    e7:40:20:09:0b:e8:b1:5c:87:66:05:27:90:a8:a1:
+                    fd:3d
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                88:EE:C2:37:75:7A:6F:00:9C:EF:11:64:CD:08:96:0A:45:18:63:1B
+            X509v3 Authority Key Identifier: 
+                keyid:60:72:1E:EA:47:2D:AA:B3:71:18:32:E1:30:1C:77:08:B1:D4:24:11
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-123Comics-ca/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+                serial:E0:A6:33:FF:83:2B:F5:8F
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:gw-ckubu
+    Signature Algorithm: sha256WithRSAEncryption
+         66:20:ee:15:bf:c7:8e:47:40:4c:1b:6e:b6:c9:82:53:a9:67:
+         52:51:f1:38:c0:b8:19:90:c2:40:49:2e:b4:27:d3:b8:0f:4a:
+         a2:cc:0b:5b:5a:34:07:aa:32:3e:7f:bf:1d:75:5a:69:19:7f:
+         37:a7:89:dd:6d:c5:8c:6a:68:c7:c7:e3:96:83:cc:26:b1:86:
+         a9:02:07:6c:f1:52:9a:0a:00:b2:39:9b:b2:6b:3b:01:97:9e:
+         02:53:28:07:0f:3d:77:24:3e:69:98:aa:28:99:ac:fa:18:06:
+         a2:ae:c5:ca:b5:3f:4b:ab:30:db:65:99:95:55:52:1e:a4:b4:
+         c6:94:eb:b5:66:ef:2c:7e:5d:cd:0c:0d:be:9d:8e:79:46:90:
+         50:5e:29:99:36:c8:9d:83:5f:d9:da:3d:e9:56:17:2e:0c:8c:
+         57:84:2c:75:92:5f:ac:69:58:59:db:2d:d8:e6:c8:e8:b4:74:
+         c7:b5:33:a5:95:cc:8f:0f:f6:c1:73:4e:40:4b:a3:a1:60:40:
+         d8:2a:2d:87:84:d5:77:35:37:d0:b7:8e:e7:31:01:8e:cf:03:
+         9e:80:3c:25:0e:83:63:34:e7:5e:4e:1f:c6:d6:6f:da:96:b8:
+         c0:9d:fd:d5:57:84:98:9d:28:f7:ca:9d:c5:1b:87:03:4a:46:
+         60:94:02:18
+-----BEGIN CERTIFICATE-----
+MIIFZDCCBEygAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBsTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi0xMjND
+b21pY3MtY2ExFjAUBgNVBCkTDVZQTiAxMjNDb21pY3MxITAfBgkqhkiG9w0BCQEW
+EmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xNzAzMjcwMTIyNTJaFw0zNzAzMjcwMTIy
+NTJaMIG3MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZC
+ZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNl
+czEfMB0GA1UEAxMWVlBOLTEyM0NvbWljcy1ndy1ja3VidTEWMBQGA1UEKRMNVlBO
+IDEyM0NvbWljczEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1koRyZJdQRBDQfnQMYJHb5wQ
+3fItwRQKVmqCVAF8fKrsE8kmwTjL9a48wh/wiLp7hOHOv0BUoodASedO4Fwa5cul
+N3OZX/LtOMGlEHKKED3WQdyl4yjxK7BrCvJKmr4VB+ENQGniU7QeHjL+HGVPONXo
+oTjr+opGLuMt7b4e6VrJYuNZ8ij8KMCe7ooSc9Kivm1B6/GFKS4+zXO6N6Drz6ME
+Kdt5X5uogOnsgJRqjoNfvZ0CICcLAB0XPVBxorj9ksj426EdmEM62bBmDc5iJqbi
+y5IE3p0c6lo7UxCoNky3BzfaqgGaqZg3sSOyGafnQCAJC+ixXIdmBSeQqKH9PQID
+AQABo4IBfTCCAXkwCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0Eg
+R2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBSI7sI3dXpvAJzvEWTNCJYK
+RRhjGzCB5gYDVR0jBIHeMIHbgBRgch7qRy2qs3EYMuEwHHcIsdQkEaGBt6SBtDCB
+sTELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGlu
+MQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAX
+BgNVBAMTEFZQTi0xMjNDb21pY3MtY2ExFjAUBgNVBCkTDVZQTiAxMjNDb21pY3Mx
+ITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZYIJAOCmM/+DK/WPMBMG
+A1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDATBgNVHREEDDAKgghndy1j
+a3VidTANBgkqhkiG9w0BAQsFAAOCAQEAZiDuFb/HjkdATBtutsmCU6lnUlHxOMC4
+GZDCQEkutCfTuA9KoswLW1o0B6oyPn+/HXVaaRl/N6eJ3W3FjGpox8fjloPMJrGG
+qQIHbPFSmgoAsjmbsms7AZeeAlMoBw89dyQ+aZiqKJms+hgGoq7FyrU/S6sw22WZ
+lVVSHqS0xpTrtWbvLH5dzQwNvp2OeUaQUF4pmTbInYNf2do96VYXLgyMV4QsdZJf
+rGlYWdst2ObI6LR0x7UzpZXMjw/2wXNOQEujoWBA2Coth4TVdzU30LeO5zEBjs8D
+noA8JQ6DYzTnXk4fxtZv2pa4wJ391VeEmJ0o98qdxRuHA0pGYJQCGA==
+-----END CERTIFICATE-----

123/openvpn/keys/gw-ckubu.csr

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIC/TCCAeUCAQAwgbcxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMR8wHQYDVQQDExZWUE4tMTIzQ29taWNzLWd3LWNrdWJ1MRYwFAYD
+VQQpEw1WUE4gMTIzQ29taWNzMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29w
+ZW4uZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWShHJkl1BEENB
++dAxgkdvnBDd8i3BFApWaoJUAXx8quwTySbBOMv1rjzCH/CIunuE4c6/QFSih0BJ
+507gXBrly6U3c5lf8u04waUQcooQPdZB3KXjKPErsGsK8kqavhUH4Q1AaeJTtB4e
+Mv4cZU841eihOOv6ikYu4y3tvh7pWsli41nyKPwowJ7uihJz0qK+bUHr8YUpLj7N
+c7o3oOvPowQp23lfm6iA6eyAlGqOg1+9nQIgJwsAHRc9UHGiuP2SyPjboR2YQzrZ
+sGYNzmImpuLLkgTenRzqWjtTEKg2TLcHN9qqAZqpmDexI7IZp+dAIAkL6LFch2YF
+J5Coof09AgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEAFpE/mx+rBsU1MCbDfpBi
+cvggKoOMmjBy8+jhdhK95waWF+V2VykOi4/+WLZZRM9BEIblpWqT5jcbap74ScQ5
+dfbXLcFO6tKumqppbw099C6wI2tXpwinDsd6dze1P7s+Sng5lcwUmwRcjD9xlNrs
+C5ia/RXPeKqj/BGbQpN5Prc7Etxx6ip3YNM2khaSSdsHQ13l7f4IYW3H1sUzUqMI
+hgvsk+Tkva5CusmxE3qI37BKaAwi9Jm0r5feinBwRNy4/8ogvXFerbJyOOe0PQH3
+pi97H1Ia33NYmYNKTYiTDR3/AF6rw4Flv99pxuBAargxaf8g+o0cup1e3uFsUEto
+Kg==
+-----END CERTIFICATE REQUEST-----

123/openvpn/keys/gw-ckubu.key

@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIUPPvb55y11ACAggA
+MBQGCCqGSIb3DQMHBAjjOqpaPsnUowSCBMiALIvfB2vXtETRZxybvvubeJLEp5eA
+qkQ7cdy331ti8XJ6fkHcU3mBQwbBDD5KSDBLRnRU8LegMWvRTKGjQ8lRGCULTvxI
+sr3HuR5omwXUMVwRLWTht++I1IIYoIwwnVU9/7vMy3nJPixP3OKRGwkmv5IedCvc
+5a/KqJuc+ezRVjQ8/Dl8fs+VRefd5Tmh3TYROu1vuV0pQaT33ceXDVJqZ2B+dmoT
+AHFE3FUex60YlXt5iUhdGWzItdeXnI5tDMnoFcAtCPbBAB7DhynqfEn7dlaxrCrH
+4POq5KvMUu5/sXlQoZR+SvkOx7Z3JNTYj/PL0OpM8tXJFvc5nT733iVcNjyauLhf
+rcXqnih6MUrWYaBAfL4od6/ne27vqriKwtFUfASTqlW8pN4uESbngXx2Ww5CqM7+
+K7Hz3XDF04Y92YBndBr1ZTUiFbypO5PjygZz8Jeia6RYXLUU+6kO/VQ4WsnbGep1
+ftQGc5tNhwEwJC+tacFzPdd6hRnosGSs9jhHk7v8CY58V2wBcgXxBDgVZeHbp2bL
+9lJmyohvZ/nzxmb99TxD6j154OqC+4cJLze5AG2AO5QmrNhMcFt+mEIxL1uiBU77
+SHe+konUZuAH67UPR5oJm1x7KmGjYOmdeke3wgkFKUIRCQ04OikOvUkIJB5mO2D0
+uoG6caj/KQQdweqhOMELoOj/GDQhxNCtD4Zx8LhKDz4VL/c5+s23oJX/pALuDlNs
+JpxI/v6gkxVLIZwyxhNVxKFNYEMERmxN6GePdPki0iEDGRRuSjat3xnMh0N+Yp2f
+N3lNDNoBfZRuBcgugF70O7P38tQXgEZF8tECwRHogmCDDSSOw4DbvbBSVdMhlMIF
+oUmNKqSyGKIONwsvCYHSKJ37DDIyvi/nEbSLHy+HRQ7/foM0nwnmxrgUk17VVknK
+RUqob0PeSFBMsjVV6kDrTHj2uiRYq5qD5bRh9hCKOWCdk0WgRspjUlBm4Yw1sTan
+/Zakk8MAyIl3dOrwnaTuiiYVFi2mIWwRSrjV0wYriGypez5LdVew01ISx/tqudzC
+6XvwMcNFeM0bzIT8PJI0g9b8JZrDGk8UbMIw0AfV1jakzZoDUNcv9BQHNGxcdcLN
+TFNY6BiTgAAsZvaapUU+oRqPB6UHubbfmRAfX2AzrctucYtVNZTNExytM85qslPF
+ZE4dx+yJ/irUzenP5ABVobpbvriX78d6hiuRHiAqbO90Co9nBffwDQnZptSdXRGT
++aubzGluIA0piOyW3r2s4KGRH+2s5TqHeW3WoTJTJuFlGB2lqn/Ieg0xl9Xy6rNp
+31oh/n8K6XjqIl1k7NWjLq++gzkoRyidZjvjzkKGkCEqfbZvE31m9LQ3ntxAsMgs
+WWXfWz+O9INtN2YzcVEDPNvbNA31FdtUs5nLVO5KPut2Rl/po2d8m+5WTdgQkpmm
+8x2IA7ZEUyYXKmFa0nFEZ7H2XhRizk4jfr0eQyx43nfXab7s7L2wy5IAxpksO54P
+H0VNIaaADeV/4PdbHODB4zOrrYEigUeMBVJaiZAyjvC1u1mLEtFkajWwBMaqgWA0
+0A31VtMvPn8b8lEhQhirgcJzHK/550hkEAgm5kmiWe8ZoLCw0Ej8Dofr5HA/GuZg
+mNs=
+-----END ENCRYPTED PRIVATE KEY-----

123/openvpn/keys/henny.crt

@@ -0,0 +1,98 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 5 (0x5)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-123Comics-ca/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+        Validity
+            Not Before: Mar 31 19:39:19 2017 GMT
+            Not After : Mar 31 19:39:19 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-123Comics-henny/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:df:b0:f5:e3:00:76:72:1f:19:3d:f1:1b:cb:bc:
+                    52:1c:ec:3c:65:14:bd:ac:c7:cd:f3:5a:4e:16:c5:
+                    af:a9:f6:60:0e:c8:de:62:51:1c:9c:d0:0c:64:d6:
+                    5d:16:51:53:22:3a:f1:f0:1b:92:9c:a9:ae:39:82:
+                    87:82:23:62:5c:68:7d:0c:fc:61:ec:f8:02:c8:57:
+                    bd:27:da:1c:65:0d:69:25:2a:25:13:af:91:79:4c:
+                    55:be:7e:ae:80:e7:d3:69:e1:79:cd:94:a7:98:25:
+                    9a:bc:9c:de:9a:62:42:5c:06:b8:de:1e:82:d5:a8:
+                    06:0e:c2:d0:11:96:a4:4c:76:f8:17:40:20:4f:f1:
+                    d4:d9:94:8a:fc:06:04:e5:5c:cd:a1:70:51:4c:41:
+                    13:00:ed:6d:f3:73:f0:3a:b3:c1:94:45:57:6b:d2:
+                    19:f3:b0:43:d6:8c:bd:89:5f:e3:ad:93:7d:3d:f5:
+                    61:e7:96:89:a1:08:5c:2d:74:32:03:77:8f:74:e7:
+                    f2:36:49:c6:e8:20:ec:e4:67:e0:0b:d0:38:2a:c0:
+                    84:d9:fa:da:db:75:0d:c0:86:d5:89:ef:33:9d:bf:
+                    dd:6b:a1:78:83:fe:78:1e:32:56:38:84:d3:fb:4f:
+                    28:41:ee:9f:9e:1d:51:c1:2e:f6:67:87:bb:c6:83:
+                    d0:f5
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                37:06:33:52:9E:7C:42:62:7C:AA:37:82:9F:97:4D:89:25:8B:1B:03
+            X509v3 Authority Key Identifier: 
+                keyid:60:72:1E:EA:47:2D:AA:B3:71:18:32:E1:30:1C:77:08:B1:D4:24:11
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-123Comics-ca/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+                serial:E0:A6:33:FF:83:2B:F5:8F
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:henny
+    Signature Algorithm: sha256WithRSAEncryption
+         b3:7a:5c:64:cd:53:5a:23:ec:35:79:4b:ac:ca:c3:0c:39:c7:
+         e9:2b:89:d6:a2:51:1c:a1:ce:48:a9:8b:f7:5f:dd:fb:43:70:
+         2a:17:bc:04:90:31:ea:e6:85:cb:df:41:a4:f0:63:fb:d9:bf:
+         33:6b:6e:80:b5:62:d9:83:6d:4e:01:f7:e0:ae:b6:20:6b:eb:
+         d0:76:7d:e0:1e:f9:de:d6:e3:c2:cf:91:2c:59:f2:01:1e:63:
+         46:7b:a8:7a:8e:af:e4:45:43:4b:f9:c8:5c:b9:e2:26:d8:a8:
+         b1:74:91:d0:ff:ae:fe:c4:73:f4:06:07:40:00:72:16:5c:44:
+         29:af:37:31:4b:3f:3e:09:64:a0:e3:d5:fe:6c:f7:e6:2e:c5:
+         4b:61:41:df:0b:66:b4:7b:3e:21:7e:24:7d:27:b2:2a:cd:ef:
+         9d:a1:f7:bf:57:c1:f6:a8:24:52:ba:0c:31:fd:6e:24:e1:11:
+         b9:a8:62:27:54:3c:59:3f:3a:d2:45:9d:81:77:d8:2e:b1:4e:
+         6e:41:a6:e8:89:e3:44:f0:be:da:58:02:67:d8:c8:51:fb:2c:
+         57:01:10:19:d8:10:7e:d6:9c:70:f7:32:91:ed:26:53:66:39:
+         19:99:f8:63:cd:c6:a8:c2:35:1d:f4:0c:b7:02:a8:4d:3b:ac:
+         68:ec:f9:de
+-----BEGIN CERTIFICATE-----
+MIIFXjCCBEagAwIBAgIBBTANBgkqhkiG9w0BAQsFADCBsTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi0xMjND
+b21pY3MtY2ExFjAUBgNVBCkTDVZQTiAxMjNDb21pY3MxITAfBgkqhkiG9w0BCQEW
+EmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xNzAzMzExOTM5MTlaFw0zNzAzMzExOTM5
+MTlaMIG0MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZC
+ZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNl
+czEcMBoGA1UEAxMTVlBOLTEyM0NvbWljcy1oZW5ueTEWMBQGA1UEKRMNVlBOIDEy
+M0NvbWljczEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA37D14wB2ch8ZPfEby7xSHOw8ZRS9
+rMfN81pOFsWvqfZgDsjeYlEcnNAMZNZdFlFTIjrx8BuSnKmuOYKHgiNiXGh9DPxh
+7PgCyFe9J9ocZQ1pJSolE6+ReUxVvn6ugOfTaeF5zZSnmCWavJzemmJCXAa43h6C
+1agGDsLQEZakTHb4F0AgT/HU2ZSK/AYE5VzNoXBRTEETAO1t83PwOrPBlEVXa9IZ
+87BD1oy9iV/jrZN9PfVh55aJoQhcLXQyA3ePdOfyNknG6CDs5GfgC9A4KsCE2fra
+23UNwIbVie8znb/da6F4g/54HjJWOITT+08oQe6fnh1RwS72Z4e7xoPQ9QIDAQAB
+o4IBejCCAXYwCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2Vu
+ZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBQ3BjNSnnxCYnyqN4Kfl02JJYsb
+AzCB5gYDVR0jBIHeMIHbgBRgch7qRy2qs3EYMuEwHHcIsdQkEaGBt6SBtDCBsTEL
+MAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8w
+DQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNV
+BAMTEFZQTi0xMjNDb21pY3MtY2ExFjAUBgNVBCkTDVZQTiAxMjNDb21pY3MxITAf
+BgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZYIJAOCmM/+DK/WPMBMGA1Ud
+JQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAQBgNVHREECTAHggVoZW5ueTAN
+BgkqhkiG9w0BAQsFAAOCAQEAs3pcZM1TWiPsNXlLrMrDDDnH6SuJ1qJRHKHOSKmL
+91/d+0NwKhe8BJAx6uaFy99BpPBj+9m/M2tugLVi2YNtTgH34K62IGvr0HZ94B75
+3tbjws+RLFnyAR5jRnuoeo6v5EVDS/nIXLniJtiosXSR0P+u/sRz9AYHQAByFlxE
+Ka83MUs/PglkoOPV/mz35i7FS2FB3wtmtHs+IX4kfSeyKs3vnaH3v1fB9qgkUroM
+Mf1uJOERuahiJ1Q8WT860kWdgXfYLrFObkGm6InjRPC+2lgCZ9jIUfssVwEQGdgQ
+ftaccPcyke0mU2Y5GZn4Y83GqMI1HfQMtwKoTTusaOz53g==
+-----END CERTIFICATE-----

123/openvpn/keys/henny.csr

@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIC+jCCAeICAQAwgbQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMRwwGgYDVQQDExNWUE4tMTIzQ29taWNzLWhlbm55MRYwFAYDVQQp
+Ew1WUE4gMTIzQ29taWNzMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4u
+ZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDfsPXjAHZyHxk98RvL
+vFIc7DxlFL2sx83zWk4Wxa+p9mAOyN5iURyc0Axk1l0WUVMiOvHwG5Kcqa45goeC
+I2JcaH0M/GHs+ALIV70n2hxlDWklKiUTr5F5TFW+fq6A59Np4XnNlKeYJZq8nN6a
+YkJcBrjeHoLVqAYOwtARlqRMdvgXQCBP8dTZlIr8BgTlXM2hcFFMQRMA7W3zc/A6
+s8GURVdr0hnzsEPWjL2JX+Otk3099WHnlomhCFwtdDIDd4905/I2ScboIOzkZ+AL
+0DgqwITZ+trbdQ3AhtWJ7zOdv91roXiD/ngeMlY4hNP7TyhB7p+eHVHBLvZnh7vG
+g9D1AgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEAlOXGdx6QKaFjIIuk84NOYSU/
+cE0RPVt9JT3sQjSVdNgLK0zk0R77VTSgdeBj95DymXw4ddPUHVZn14WUgjJ+wgv4
+HFsjJgDeeHfubNa0I8W0CJVP9Odh+C70luwODL7yMqf5dPVxy9JDQ9VsQvxQvd2T
++m8rqlzufMs06gyOy+N0mWT9Yhkqc/8nP34Cj/AQ7ZvzCi40xj9Iu50gu5tkZ7mn
+Kl7ioLrduYnuS627m+HdQawooSuCiy5Z7WPZUFht8sAI+xYIZlp9UrjO2HfkadDa
+8+6XMsUxdbrqpWQ3M3fPZAS3f03TOUtFNYbPQyzaKM7jK5yYIM86vb0gZMGVrA==
+-----END CERTIFICATE REQUEST-----

123/openvpn/keys/henny.key

@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQILw41jEbgddACAggA
+MBQGCCqGSIb3DQMHBAge9xlKHjSx/gSCBMhCXhTMBoLct77t+mgoYWhvHhJh2TEC
+7XsQ6ucs3SvcbQXqRDT7rQ/OZwepuw2pepCoLdsI48BVhMqehqsCEK35wrSDP81I
+dt513F0KjAIuZn8BrUUnNB5PnzjCnf9S45GFtX22uVwZvfXSOm6qGPe/5RyEn+p1
+5HJyrmBYZD4SdT50dOTbOrxqSWNthW34hB7YwJIdcXLA4xUKtSSY5JfEkWnuCZnJ
+DDOWoKLXOLHASX4D9OvhOZmmDH/QGYLzNVbgewl1Na0nQofL1RQoQxbvkVD8Mtng
+TJ8XT9svTZVayBVfjlgvxdHll4XFcDQOmQO9OipxsZW03JCG78jJMv2YoiZhdv2l
+cmFMpMKV1RnGVeW1VNAi5bYujreihCMRnfiJ0Brp+tiDJAKQvowCeeEiMDFPh/M7
+qLee7V73u1kAzf0wt4JLIcJ51PGh585tr/zWt9Hgp5ajAS8TiIG/53WzWmXeU5L1
+2CcFQEydZCDt4L2lFoVBPqQLr9mykVqnsGjGuznKjv8CaMji4Ko/jv/huR3mVYlq
+EjA75DH8SHcKHrOJMTVzLUt23LntIPjwt2So0WNtey1q5MFO91DHw7+Bi3he95uy
+GEfnrGlMZuinMoXdCIX3AnCU2dArSw7l5ugd3CSnZOz6ggpnSaeq5+hUGCKpfDx3
+nqUNjlycN213QQF/9u73kotOkEDvy0SdYY8Uab/0x7LavH5fRvES7icdh0zMYcFA
+qQipRFWEbXh7EQ1cUMO1Gv5KE/QIu8z34lPKPiYbReAdkazkEaiEC4LxiMA12o5e
++s7QeXR3oSqo+zOcwtxuHVLLwbQzCrxJzNIndH7VjEqa1A8iGdo6AQxNoyRd1uyA
+bq8YZLavwVho89NCFv1bZaMGUi6XaA7WiYDUtcE07I9yjwFIdh+Ymd3KRYL0g0YP
+ec/1xPgqpdKiX2exuwiP347zHBwI5w1VF/oHD89iBnC2Y2ZV2nShlCZRzT12Mkqs
+JffCOGj3iY15qxytayLXE/Kfl+qScyxf925L8sVCVNOm2D9eH1jkUDfk6vg9lFZ5
+NxDaej+hjODr6FQgUE98obZwLucpWQKSSw8UC87yQUnS1cNvK9mUD2zHnTuFZg2Q
+EW+GTxhkl3OdajHNSTpkJjn+XLR0ctvFa8pPG9lcrTm3h4T45RpmNVty0zCbR/9I
+INmWQt/3s8Fse393ZKg65356eCH5JJqDbQIptfy6fpgSWlsS+EjiQib2ZvDD0jOC
+JsBvE0kMGOC4seOn8xDhajiXTO09U/rcHXAIPdyEqRAQRUrNe+hA3ZdgFi4CYhWb
+72N34OAYFXmO1qnJsAxjADNeaLa3LSNd5kZALs1S9TWshBxXpfBpWxERzUanyW4y
+joLmdC/uq6xj/FSvJ8vWb81gc/68dQobY1T4fI5Jbsr2l2dtf9/qfA4RF069CRXN
+r3Xe46hRzVVbQBS6dBlPDnYn+Rcy0mAYh+OL3FW1DMnTsKR7CRlPSG9FP5YbDiq1
+s0/heClAF15O4bzotHSKMMrOoJOB02a6QlyxgWy8n8mndIXO9tYrxPA6TYeAWMng
+U4cwP1EEeBK0CaLb+KfPGlrf9VqW46LvkShCmr4vTgBnX2x658lbDRA2Ynk1gbp8
+eBw=
+-----END ENCRYPTED PRIVATE KEY-----

123/openvpn/keys/imke.crt

@@ -0,0 +1,98 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 7 (0x7)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-123Comics-ca/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+        Validity
+            Not Before: Mar 31 19:40:21 2017 GMT
+            Not After : Mar 31 19:40:21 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-123Comics-imke/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:a8:e8:10:ee:4a:85:18:13:fe:a5:da:ff:1f:22:
+                    95:6f:f3:49:52:31:30:0d:0e:fd:c4:22:06:39:c7:
+                    36:d9:39:2f:61:f1:c7:e4:2e:fa:8e:45:e2:37:74:
+                    fb:74:07:4a:9f:14:02:f6:76:b4:bc:f2:23:0f:18:
+                    e2:37:d0:db:32:3f:a7:48:45:0f:87:f7:d1:43:fa:
+                    64:3b:9d:b0:05:b3:95:9a:77:53:43:05:61:26:54:
+                    4e:c9:9e:a5:f7:ff:3b:e2:da:45:3e:2c:ca:f0:d7:
+                    84:99:be:57:2a:d3:f1:ac:f1:4a:33:82:d8:ba:8a:
+                    49:35:e5:7c:cf:87:ad:ec:12:b2:15:34:8e:6b:ae:
+                    e9:2e:12:8e:3f:cf:5d:51:bc:30:fc:76:8d:ea:c7:
+                    a8:dd:25:8b:c0:b4:6f:f1:15:60:55:81:28:8f:80:
+                    eb:38:77:44:f8:0e:e4:53:ed:fb:18:32:cf:23:21:
+                    7f:ab:23:d6:5d:10:44:11:c3:c3:3e:6a:8d:38:cd:
+                    c2:a2:9c:de:34:54:3b:88:0d:a8:ab:7b:a5:b7:fc:
+                    9c:0e:8c:62:36:cc:71:1e:f0:1f:7e:f4:ab:81:03:
+                    27:ca:5d:0b:13:0a:06:1a:ca:a3:4d:72:7c:3a:f4:
+                    79:9b:3a:04:8b:6d:12:90:8d:ad:16:78:3a:8d:b4:
+                    b4:57
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                FB:3D:B0:64:04:E9:11:FC:C6:DC:25:61:27:3E:BE:35:30:38:FD:20
+            X509v3 Authority Key Identifier: 
+                keyid:60:72:1E:EA:47:2D:AA:B3:71:18:32:E1:30:1C:77:08:B1:D4:24:11
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-123Comics-ca/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+                serial:E0:A6:33:FF:83:2B:F5:8F
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:imke
+    Signature Algorithm: sha256WithRSAEncryption
+         a7:0a:bf:f1:a9:64:1a:a6:a5:98:1d:de:3a:11:01:1d:1f:17:
+         bf:e2:ae:d6:46:08:f0:6f:fe:63:32:5f:00:60:24:ad:a4:0e:
+         04:8b:40:01:a7:cb:64:bb:48:a6:c0:21:d0:33:dd:89:c0:68:
+         aa:b2:50:c9:73:2a:32:e3:ac:93:0c:d4:cd:73:92:21:5f:df:
+         0c:a9:c4:d4:57:33:c4:b2:88:a9:c9:0f:73:06:98:d4:d9:ca:
+         81:3d:17:45:8b:55:8f:5c:f1:f7:55:dd:42:0d:d2:bc:96:fa:
+         5d:cd:7f:45:08:61:88:5f:22:9c:e5:26:62:c1:ef:f5:0a:51:
+         a8:a1:83:e9:36:ea:7a:3f:7e:d4:c7:70:73:ca:c3:ec:44:ca:
+         47:c9:f1:7e:fa:46:e4:e0:c2:9b:75:cc:02:cc:e8:e5:50:18:
+         76:0c:88:28:4a:db:90:f5:60:f1:55:88:fa:e6:27:54:3f:b1:
+         50:7c:30:8d:9e:9b:b0:0f:f2:e1:3e:d2:99:f7:b2:8b:25:04:
+         0b:dc:76:4a:6f:29:8e:9a:e3:9c:17:c6:a9:a0:2d:b3:d8:2a:
+         f5:d8:e1:b7:73:32:ef:b0:39:48:ca:f8:5a:c2:d0:69:0b:37:
+         0f:50:ef:1f:53:0a:1c:6a:1f:7f:9c:a1:47:f3:9c:8f:10:27:
+         52:bc:d9:5a
+-----BEGIN CERTIFICATE-----
+MIIFXDCCBESgAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBsTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi0xMjND
+b21pY3MtY2ExFjAUBgNVBCkTDVZQTiAxMjNDb21pY3MxITAfBgkqhkiG9w0BCQEW
+EmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xNzAzMzExOTQwMjFaFw0zNzAzMzExOTQw
+MjFaMIGzMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZC
+ZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNl
+czEbMBkGA1UEAxMSVlBOLTEyM0NvbWljcy1pbWtlMRYwFAYDVQQpEw1WUE4gMTIz
+Q29taWNzMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGUwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo6BDuSoUYE/6l2v8fIpVv80lSMTAN
+Dv3EIgY5xzbZOS9h8cfkLvqOReI3dPt0B0qfFAL2drS88iMPGOI30NsyP6dIRQ+H
+99FD+mQ7nbAFs5Wad1NDBWEmVE7JnqX3/zvi2kU+LMrw14SZvlcq0/Gs8Uozgti6
+ikk15XzPh63sErIVNI5rrukuEo4/z11RvDD8do3qx6jdJYvAtG/xFWBVgSiPgOs4
+d0T4DuRT7fsYMs8jIX+rI9ZdEEQRw8M+ao04zcKinN40VDuIDaire6W3/JwOjGI2
+zHEe8B9+9KuBAyfKXQsTCgYayqNNcnw69HmbOgSLbRKQja0WeDqNtLRXAgMBAAGj
+ggF5MIIBdTAJBgNVHRMEAjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5l
+cmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFPs9sGQE6RH8xtwlYSc+vjUwOP0g
+MIHmBgNVHSMEgd4wgduAFGByHupHLaqzcRgy4TAcdwix1CQRoYG3pIG0MIGxMQsw
+CQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzAN
+BgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEZMBcGA1UE
+AxMQVlBOLTEyM0NvbWljcy1jYTEWMBQGA1UEKRMNVlBOIDEyM0NvbWljczEhMB8G
+CSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlggkA4KYz/4Mr9Y8wEwYDVR0l
+BAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMA8GA1UdEQQIMAaCBGlta2UwDQYJ
+KoZIhvcNAQELBQADggEBAKcKv/GpZBqmpZgd3joRAR0fF7/irtZGCPBv/mMyXwBg
+JK2kDgSLQAGny2S7SKbAIdAz3YnAaKqyUMlzKjLjrJMM1M1zkiFf3wypxNRXM8Sy
+iKnJD3MGmNTZyoE9F0WLVY9c8fdV3UIN0ryW+l3Nf0UIYYhfIpzlJmLB7/UKUaih
+g+k26no/ftTHcHPKw+xEykfJ8X76RuTgwpt1zALM6OVQGHYMiChK25D1YPFViPrm
+J1Q/sVB8MI2em7AP8uE+0pn3soslBAvcdkpvKY6a45wXxqmgLbPYKvXY4bdzMu+w
+OUjK+FrC0GkLNw9Q7x9TChxqH3+coUfznI8QJ1K82Vo=
+-----END CERTIFICATE-----