o.open/Office_Networks
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' of https://git.oopen.de/o.open/Office_Networks

Browse Source
This commit is contained in:
Christoph 2019-11-09 00:44:36 +01:00
commit 793079fac1
1165 changed files with 41957 additions and 125 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
.gitmodules vendored Normal file
View File

@ -0,0 +1,6 @@
[submodule "Kanzlei-Kiel/src/mailsystem"]
path = Kanzlei-Kiel/src/mailsystem
url = https://git.oopen.de/install/mailsystem
[submodule "Kanzlei-Kiel/src/Kanzlei-Kiel/src/openvpn"]
path = Kanzlei-Kiel/src/Kanzlei-Kiel/src/openvpn
url = https://git.oopen.de/install/openvpn

5
Kanzlei-Kiel/README.txt
View File

@ -1,5 +1,8 @@
-------
Notice: Notice:
-------
You have to change some configuration files becaus the because You have to change some configuration files becaus the because
the configuration of network interfaces must not be equal. the configuration of network interfaces must not be equal.
@ -21,5 +24,5 @@ Notice:
interfaces.Kanzlei-Kiel: see above interfaces.Kanzlei-Kiel: see above
default_isc-dhcp-server.Kanzlei-Kiel default_isc-dhcp-server.Kanzlei-Kiel
ipt-firewall.Kanzlei-Kiel: LAN device (mostly ) = eth1 ipt-firewall.Kanzlei-Kiel: LAN device (mostly ) = eth1
second LAN WLAN or what ever (if present) = eth0 second LAN WLAN or what ever (if present) = eth0

11
Kanzlei-Kiel/aiccu.Kanzlei-Kiel Normal file
View File

@ -0,0 +1,11 @@
# This is a configuration file for /etc/init.d/aiccu; it allows you to
# perform common modifications to the behavior of the aiccu daemon
# startup without editing the init script (and thus getting prompted
# by dpkg on upgrades). We all love dpkg prompts.
# Arguments to pass to aiccu daemon.
DAEMON_ARGS=""
# Run aiccu at startup ?
AICCU_ENABLED=Yes

2
Kanzlei-Kiel/bin/admin-stuff

@ -1 +1 @@
Subproject commit 6c91fc0987a1d4b55910523e167b3755ab1f6718 Subproject commit 33b4a60887e2185bf4de943dcdaed07dc9e229c4

22
Kanzlei-Kiel/bind/db.192.168.100.0
View File

@ -3,7 +3,7 @@
; ;
$TTL 43600 $TTL 43600
@ IN SOA kanzlei-kiel.netz. ckubu.oopen.de. ( @ IN SOA kanzlei-kiel.netz. ckubu.oopen.de. (
2012020701 ; Serial 2018060601 ; Serial
604800 ; Refresh 604800 ; Refresh
86400 ; Retry 86400 ; Retry
2419200 ; Expire 2419200 ; Expire
@ -17,23 +17,28 @@ $TTL 43600
; ========== ; ==========
; Gateway/Firewall ; Gateway/Firewall
254 IN PTR gw-kanzlei-kiel.kanzlei-kiel.netz. 254 IN PTR gw-ah.kanzlei-kiel.netz.
; (Caching ) Nameserver ; (Caching ) Nameserver
1 IN PTR ns.kanzlei-kiel.netz. 1 IN PTR ns.kanzlei-kiel.netz.
; File Server ; File Server
10 IN PTR file-ah.kanzlei-kiel.netz. 12 IN PTR file-ah.kanzlei-kiel.netz.
10 IN PTR file-ah.kanzlei-kiel.netz.
; IPMI - File Server ; IPMI - File Server
11 IN PTR file-ipmi.kanzlei-kiel.netz. 11 IN PTR file-ipmi-alt.kanzlei-kiel.netz.
15 IN PTR file-ipmi.kanzlei-kiel.netz.
; USV ; USV
;15 IN PTR usv-kanzlei-kiel.kanzlei-kiel.netz. ;15 IN PTR usv-kanzlei-kiel.kanzlei-kiel.netz.
; Windows 7 Server ; Windows 7 Server
20 IN PTR file-win7.kanzlei-kiel.netz. 20 IN PTR file-win7.kanzlei-kiel.netz.
25 IN PTR win7-ah.kanzlei-kiel.netz. 25 IN PTR win7-ah.kanzlei-kiel.netz.
; Windows Server 2016 - Domain Controler
30 IN PTR ad-dc.kanzlei-kiel.netz.
; ========== ; ==========
@ -41,7 +46,8 @@ $TTL 43600
; ========== ; ==========
; UniFi AP-AC-LR ; UniFi AP-AC-LR
50 IN PTR unify-ap.kanzlei-kiel.netz. 50 IN PTR unifi-ap-0.kanzlei-kiel.netz.
51 IN PTR unifi-ap-1.kanzlei-kiel.netz.
; ========== ; ==========

63
Kanzlei-Kiel/bind/db.kanzlei-kiel.netz
View File

@ -3,7 +3,7 @@
; ;
$TTL 43600 $TTL 43600
@ IN SOA ns.kanzlei-kiel.netz. ckubu.oopen.de. ( @ IN SOA ns.kanzlei-kiel.netz. ckubu.oopen.de. (
2017013001 ; Serial 2018060601 ; Serial
604800 ; Refresh 604800 ; Refresh
86400 ; Retry 86400 ; Retry
2419200 ; Expire 2419200 ; Expire
@ -11,7 +11,7 @@ $TTL 43600
; ;
IN NS ns.kanzlei-kiel.netz. IN NS ns.kanzlei-kiel.netz.
; ========== ; ==========
@ -19,28 +19,37 @@ $TTL 43600
; ========== ; ==========
; Gateway/Firewall ; Gateway/Firewall
gw-ah IN A 192.168.100.254 gw-ah IN A 192.168.100.254
gate IN CNAME gw-ah gate IN CNAME gw-ah
gw IN CNAME gw-ah gw IN CNAME gw-ah
; (Caching ) Nameserver ; (Caching ) Nameserver
ns IN A 192.168.100.1 ns IN A 192.168.100.1
nscache IN CNAME ns nscache IN CNAME ns
; File Server ; File Server
file-ah IN A 192.168.100.10 file-ah-alt IN A 192.168.100.12
file IN CNAME file-ah file-ah IN A 192.168.100.10
file IN CNAME file-ah
; IPMI - File Server ; IPMI - File Server
file-ipmi IN A 192.168.100.11 file-ipmi-alt IN A 192.168.100.11
file-ipmi IN A 192.168.100.15
; USV - APC Management Card ; USV - APC Management Card
;usv-ah IN A 192.168.100.15 ;usv-ah IN A 192.168.100.15
;usv IN CNAME usv-ah ;usv IN CNAME usv-ah
; Windows 7 Server ; Windows 7 Server
file-win7 IN A 192.168.100.20 file-win7 IN A 192.168.100.20
win7-ah IN A 192.168.100.25 win7-ah IN A 192.168.100.25
; Windows Server 2016 - Domain Controler
ad-dc IN A 192.168.100.30
file-win IN CNAME ad-dc
; cryptpad
pad IN CNAME file-ah
; ========== ; ==========
@ -48,11 +57,11 @@ win7-ah IN A 192.168.100.25
; ========== ; ==========
; Controller for Unifi AP's ; Controller for Unifi AP's
unifi-ctl IN A 192.168.100.254 unifi-ctl IN A 192.168.100.254
; UniFi AP-AC-LR ; UniFi AP-AC-LR
unify-ap IN A 192.168.100.50 unifi-ap-0 IN A 192.168.100.50
accesspoint IN CNAME unify-ap unifi-ap-1 IN A 192.168.100.51
; ========== ; ==========
@ -60,35 +69,35 @@ accesspoint IN CNAME unify-ap
; ========== ; ==========
; Laserdrucker Kyocera FS-2020D ; Laserdrucker Kyocera FS-2020D
kyocera-fs-2020d IN A 192.168.100.29 kyocera-fs-2020d IN A 192.168.100.29
; Multifunktions Drucker Kyocera TASKalfa 3051ci ; Multifunktions Drucker Kyocera TASKalfa 3051ci
kyocera-taskalfa-3051ci IN A 192.168.100.100 kyocera-taskalfa-3051ci IN A 192.168.100.100
kyocera-scanner IN CNAME kyocera-taskalfa-3051ci kyocera-scanner IN CNAME kyocera-taskalfa-3051ci
; Laserdrucker Kyocera FS-2100DN ; Laserdrucker Kyocera FS-2100DN
kyocera-fs-2100dn IN A 192.168.100.189 kyocera-fs-2100dn IN A 192.168.100.189
; ========== ; ==========
; - Buero PC's ; - Buero PC's
; ========== ; ==========
buerozwei IN A 192.168.100.22 buerozwei IN A 192.168.100.22
dokumentenscannerrechner IN A 192.168.100.77 dokumentenscannerrechner IN A 192.168.100.77
buero-doro IN A 192.168.100.81 buero-doro IN A 192.168.100.81
axel IN A 192.168.100.88 axel IN A 192.168.100.88
zk IN A 192.168.100.99 zk IN A 192.168.100.99
shuttle IN A 192.168.100.101 shuttle IN A 192.168.100.101
buerooben IN A 192.168.100.121 buerooben IN A 192.168.100.121
laptop-doro IN A 192.168.100.184 laptop-doro IN A 192.168.100.184
; --- ; ---
; - ckubu ; - ckubu
; --- ; ---
; Laptop (devil) LAN (eth0) ; Laptop (devil) LAN (eth0)
devil IN A 192.168.100.90 devil IN A 192.168.100.90
; Laptop (devil) WLAN (wlan0) ; Laptop (devil) WLAN (wlan0)
devil-wlan IN A 192.168.101.91 devil-wlan IN A 192.168.101.91

10
Kanzlei-Kiel/check_net-logrotate.Kanzlei-Kiel
View File

@ -1,10 +0,0 @@
/var/log/check_net.log
{
rotate 7
daily
missingok
notifempty
copytruncate
delaycompress
compress
}

16
Kanzlei-Kiel/check_net.service.Kanzlei-Kiel
View File

@ -1,16 +0,0 @@
[Unit]
Description=Configure Routing for Internet Connections;
After=network.target
After=rc-local.service
[Service]
ExecStart=/usr/local/sbin/check_net.sh
ExecStartPre=rm -rf /tmp/check_net.sh.LOCK
ExecStopPost=rm -rf /tmp/check_net.sh.LOCK
KillMode=control-group
SendSIGKILL=yes
TimeoutStopSec=2
Restart=on-failure
[Install]
WantedBy=multi-user.target

4
Kanzlei-Kiel/cron_root.Kanzlei-Kiel
View File

@ -1,5 +1,5 @@
# DO NOT EDIT THIS FILE - edit the master and reinstall. # DO NOT EDIT THIS FILE - edit the master and reinstall.
# (/tmp/crontab.7DKfVy/crontab installed on Fri Mar 16 11:09:15 2018) # (/tmp/crontab.pCSfMl/crontab installed on Wed May 29 14:28:54 2019)
# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $) # (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $)
# Edit this file to introduce tasks to be run by cron. # Edit this file to introduce tasks to be run by cron.
# #
@ -49,7 +49,7 @@ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
## - reconnect to internet ## - reconnect to internet
## - ## -
13 6 * * * /root/bin/admin-stuff/reconnect_inet.sh ppp-ah dsl-ah #13 6 * * * /root/bin/admin-stuff/reconnect_inet.sh ppp-ah dsl-ah
## - Copy gateway configuration ## - Copy gateway configuration
## - ## -

3
Kanzlei-Kiel/default_isc-dhcp-server.Kanzlei-Kiel
View File

@ -18,5 +18,4 @@
# On what interfaces should the DHCP server (dhcpd) serve DHCP requests? # On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
# Separate multiple interfaces with spaces, e.g. "eth0 eth1". # Separate multiple interfaces with spaces, e.g. "eth0 eth1".
#INTERFACES="" INTERFACESv4="eth1"
INTERFACESv4="eth0 eth1"

138
Kanzlei-Kiel/hostapd.conf.Kanzlei-Kiel Normal file
View File

@ -0,0 +1,138 @@
# if you want to bridge the onboard eth0 and the
# wireless (USB) adapter's wlan0, this should work
interface=wlan0
bridge=br0
# this is the driver that must be used for ath9k
# and other similar chipset devices
driver=nl80211
# Operation mode (a = IEEE 802.11a, b = IEEE 802.11b, g = IEEE 802.11g,
# Default: IEEE 802.11b
# !! Note:
# the n-speeds get layered on top of 802.11g, so
# use hw_mode=g also for 802.11n
hw_mode=g
#hw_mode=a
# ieee80211n: Whether IEEE 802.11n (HT) is enabled
# 0 = disabled (default)
# 1 = enabled
# !! Note:
# You will also need to enable WMM for full HT functionality.
ieee80211n=1
wmm_enabled=1
# Channel number (IEEE 802.11)
# (default: 0, i.e., not set)
# Please note that some drivers do not use this value from hostapd and the
# channel will need to be configured separately with iwconfig.
## - 2.4 Ghz : hw_mode=g (ht_capab=[HT40+].. channel 1-9)
## - (ht_capab=[HT40-].. channel 5-11(13) )
## - 5 Ghz : hw_mode=a (ht_capab=[HT40+].. channel 36,44 )
## - (ht_capab=[HT40-].. channel 40)
channel=7
#channel=44
# these have to be set in agreement w/ channel and
# some other values... read hostapd.conf docs
#
## - D-LINK DWA-552 (2.4 Ghz)
## - MicroTIK RouterBOARD R52n-M (Dualband: 2.4 / 5 Ghz)
## - MicroTIK RouterBOARD R52Hn (Dualband: 2.4 / 5 Ghz)
## -
ht_capab=[HT40-][SHORT-GI-40][TX-STBC][RX-STBC1][DSSS_CCK-40]
## -
## - SR71-E Hi-Power (802.11a/b/g/n miniPCI-E Module)
## -
## - 5 Ghz -->channel 36
## -
#ht_capab=[HT40+][SHORT-GI-40][TX-STBC][RX-STBC1][DSSS_CCK-40]
#ht_capab=[SHORT-GI-40][TX-STBC][RX-STBC1][DSSS_CCK-40]
## -
## - D-LINK DWA-556 (PCIe) (2,4 / 5 Ghz)
## -
#ht_capab=[HT40+][SHORT-GI-40][DSSS_CCK-40]
## -
## - Linksys WMP600N (Dualband: 2.4 / 5 Ghz)
## -
#ht_capab=[HT40+][SHORT-GI-20][SHORT-GI-40][TX-STBC][RX-STBC12]
# adjust to fit your location
country_code=DE
# SSID to be used in IEEE 802.11 management frames
ssid=WLAN-OOPEN
# makes the SSID visible and broadcasted
ignore_broadcast_ssid=0
# IEEE 802.11 specifies two authentication algorithms. hostapd can be
# configured to allow both of these or only one. Open system authentication
# should be used with IEEE 802.1X.
# Bit fields of allowed authentication algorithms:
# bit 0 = Open System Authentication
# bit 1 = Shared Key Authentication (requires WEP)
#auth_algs=3
auth_algs=1
# bit0 = WPA
# bit1 = IEEE 802.11i/RSN (WPA2) (dot11RSNAEnabled)
wpa=3
# Set of accepted key management algorithms (WPA-PSK, WPA-EAP, or both). The
# entries are separated with a space. WPA-PSK-SHA256 and WPA-EAP-SHA256 can be
# added to enable SHA256-based stronger algorithms.
# (dot11RSNAConfigAuthenticationSuitesTable)
wpa_key_mgmt=WPA-PSK
# WPA pre-shared keys for WPA-PSK.
wpa_passphrase=WoAuchImmer
# Set of accepted cipher suites (encryption algorithms) for pairwise keys
# (unicast packets). This is a space separated list of algorithms:
# CCMP = AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0]
# TKIP = Temporal Key Integrity Protocol [IEEE 802.11i/D7.0]
# Group cipher suite (encryption algorithm for broadcast and multicast frames)
# is automatically selected based on this configuration. If only CCMP is
# allowed as the pairwise cipher, group cipher will also be CCMP. Otherwise,
# TKIP will be used as the group cipher.
# (dot11RSNAConfigPairwiseCiphersTable)
# Pairwise cipher for WPA (v1) (default: TKIP)
wpa_pairwise=TKIP CCMP
# Pairwise cipher for RSN/WPA2 (default: use wpa_pairwise value)
rsn_pairwise=CCMP
# Time interval for rekeying GTK (broadcast/multicast encryption keys) in
# seconds. (dot11RSNAConfigGroupRekeyTime)
wpa_group_rekey=600
# Station MAC address -based authentication
# Please note that this kind of access control requires a driver that uses
# hostapd to take care of management frame processing and as such, this can be
# used with driver=hostap or driver=nl80211, but not with driver=madwifi.
# 0 = accept unless in deny list
# 1 = deny unless in accept list
# 2 = use external RADIUS server (accept/deny lists are searched first)
macaddr_acl=0
# Interface for separate control program. If this is specified, hostapd
# will create this directory and a UNIX domain socket for listening to requests
# from external programs (CLI/GUI, etc.) for status information and
# configuration. The socket file will be named based on the interface name, so
# multiple hostapd processes/interfaces can be run at the same time if more
# than one interface is used.
# /var/run/hostapd is the recommended directory for sockets and by default,
# hostapd_cli will use it when trying to connect with hostapd.
ctrl_interface=/var/run/hostapd
# debugging output - uncomment them to activate; issue hostapd -d /etc/hostapd/hostapd.conf
# to get debugging info in visible/real-time form
#logger_syslog=-1
#logger_syslog_level=2
#logger_stdout=-1
#logger_stdout_level=2

15
Kanzlei-Kiel/hosts.lan.conf.Kanzlei-Kiel
View File

@ -13,9 +13,14 @@ host file-ah {
fixed-address file-ah.kanzlei-kiel.netz; fixed-address file-ah.kanzlei-kiel.netz;
} }
# - IPMI Fileserver -ALT
host file-ipmi-alt {
hardware ethernet 00:25:90:52:c6:37;
fixed-address file-ipmi-alt.kanzlei-kiel.netz;
}
# - IPMI Fileserver # - IPMI Fileserver
host file-ipmi { host file-ipmi {
hardware ethernet 00:25:90:52:c6:37; hardware ethernet ac:1f:6b:89:8c:28;
fixed-address file-ipmi.kanzlei-kiel.netz; fixed-address file-ipmi.kanzlei-kiel.netz;
} }
@ -57,9 +62,13 @@ host kyocera-fs-2100dn {
# --- # ---
# - Accesspoint (UniFi AP-AC-LR) # - Accesspoint (UniFi AP-AC-LR)
host unify-ap { host unif1-ap-0 {
hardware ethernet 44:d9:e7:f6:58:e5 ; hardware ethernet 44:d9:e7:f6:58:e5 ;
fixed-address unify-ap.kanzlei-kiel.netz; fixed-address unifi-ap-0.kanzlei-kiel.netz;
}
host unif1-ap-1 {
hardware ethernet fc:ec:da:1c:81:99 ;
fixed-address unifi-ap-1.kanzlei-kiel.netz;
} }

21
Kanzlei-Kiel/interfaces.Kanzlei-Kiel
View File

@ -24,13 +24,14 @@ iface eth0 inet static
# eth1 - LAN # eth1 - LAN
#----------------------------- #-----------------------------
auto eth1 eth1:0 auto eth1 eth1:ns
iface eth1 inet static iface eth1 inet static
address 192.168.100.254 address 192.168.100.254
network 192.168.100.0 network 192.168.100.0
netmask 255.255.255.0 netmask 255.255.255.0
broadcast 192.168.100.255 broadcast 192.168.100.255
iface eth1:0 inet static
iface eth1:ns inet static
address 192.168.100.1 address 192.168.100.1
network 192.168.100.1 network 192.168.100.1
netmask 255.255.255.255 netmask 255.255.255.255
@ -60,12 +61,12 @@ iface eth2 inet static
network 172.16.100.0 network 172.16.100.0
netmask 255.255.255.0 netmask 255.255.255.0
broadcast 172.16.100.255 broadcast 172.16.100.255
post-up vconfig add eth2 7 gateway 172.16.100.254
post-down vconfig rem eth2.7 #post-up vconfig add eth2 7
#post-down vconfig rem eth2.7
auto dsl-ah
iface dsl-ah inet ppp
pre-up /sbin/ifconfig eth2 up # line maintained by pppoeconf
pre-up /sbin/ifconfig eth2.7 up # line maintained by pppoeconf
provider dsl-ah
#auto dsl-ah
#iface dsl-ah inet ppp
# pre-up /sbin/ifconfig eth2 up # line maintained by pppoeconf
# pre-up /sbin/ifconfig eth2.7 up # line maintained by pppoeconf
# provider dsl-ah

22
Kanzlei-Kiel/ipt-firewall/ban_ipv4.list Normal file
View File

@ -0,0 +1,22 @@
# - IPv4 addresses listet here will be completly banned by the firewall
# -
# - - Line beginning with '#' will be ignored.
# - - Blank lines will be ignored
# - - Only the first entry (until space sign or end of line) of each line will be considered.
# -
# - Valid values are:
# - complete IPv4 adresses like 1.2.3.4 (will be converted to 1.2.3.0/32)
# - partial IPv4 addresses like 1.2.3 (will be converted to 1.2.3.0/24)
# - network/nn CIDR notation like 1.2.3.0/27
# - network/netmask notaions like 1.2.3.0/255.255.255.0
# - network/partial_netmask like 1.2.3.4/255
# -
# - Note:
# - - wrong addresses like 1.2.3.256 or 1.2.3.4/33 will be ignored
# -
# - Example:
# - 79.171.81.0/24
# - 79.171.81.0/255.255.255.0
# - 79.171.81.0/255.255.255
# - 79.171.81

2
Kanzlei-Kiel/ipt-firewall/interfaces_ipv4.conf
View File

@ -6,7 +6,7 @@
# - Extern Interfaces DSL Lines # - Extern Interfaces DSL Lines
# - (blank separated list) # - (blank separated list)
ext_if_dsl_1="ppp-ah" ext_if_dsl_1=""
ext_if_dsl_2="" ext_if_dsl_2=""
ext_if_dsl_3="" ext_if_dsl_3=""
ext_if_dsl_4="" ext_if_dsl_4=""

2
Kanzlei-Kiel/ipt-firewall/load_modules_ipv4.conf
View File

@ -21,7 +21,7 @@ iptable_raw
# - Load base modules for tracking # - Load base modules for tracking
# - # -
nf_conntrack nf_conntrack nf_conntrack_helper=0
nf_nat nf_nat
# - Load module for FTP Connection tracking and NAT # - Load module for FTP Connection tracking and NAT

158
Kanzlei-Kiel/ipt-firewall/main_ipv4.conf
View File

@ -252,6 +252,86 @@ allow_local_if_to_local_ip=""
# =============
# - Allow local ip address from given local interface
# =============
# - allow_local_if_to_local_ip
# -
# - All traffic from the given network interface to the given ip address is allowed
# -
# - Example:
# - allow_local_if_to_local_ip="${local_if_1}:192.168.10.1
# - ${local_if_2}:192.168.10.13"
# -
# - Blank separated list
# -
allow_local_if_to_local_ip=""
# =============
# - Allow extern service from given local interface
# =============
# - allow_local_if_to_ext_service
# -
# - allow_local_if_to_ext_service="<local-interface>:<extern-ip>:<ext-port>:<protocol> [.."
# -
# - All traffic from the given (local) network interface to the given (extern) service is allowed
# -
# - Example:
# - allow_local_if_to_ext_service="${local_if_1}:83.223.86.98:3306:tcp
# - ${local_if_2}:83.223.86.98:3306:tcp"
# -
# - Blank separated list
# -
allow_local_if_to_ext_service="
${local_if_1}:172.16.100.254:80:tcp
"
# =============
# - Allow extern network from given local interface
# =============
# - allow_local_if_to_ext_net
# -
# - allow_local_if_to_ext_net="<local-interface>:ext-network> [<local-interface>:ext-network> [.."
# -
# - All traffic from the given (local) network interface to the given (extern) network is allowed
# -
# - Example:
# - allow_local_if_to_ext_net="${local_if_1}:83.223.86.98/32
# - ${local_if_2}:83.223.86.98/32"
# -
# - Blank separated list
# -
allow_local_if_to_ext_net=""
# =============
# - Allow extern service from given local network
# =============
# - allow_local_net_to_ext_service
# -
# - allow_local_net_to_ext_service="<local-net:ext-ip:port:protocol> [<local-net:ext-ip:port:protocol> [.."
# -
# - All traffic from the given (local) network to the given (extern) service is allowed
# -
# - Example:
# - allow_local_net_to_ext_service="192.168.63.0/24:83.223.86.98:3306:tcp
# - 192.168.64.0/24:83.223.86.98:3306:tcp"
# -
# - Blank separated list
# -
allow_local_net_to_ext_service=""
# ============= # =============
# --- Separate local Networks # --- Separate local Networks
# ============= # =============
@ -298,7 +378,7 @@ SIP_PORT_LOCAL=5067
SIP_LOCAL_IP=192.168.63.240 SIP_LOCAL_IP=192.168.63.240
STUN_PORTS=3478 STUN_PORTS=3478
TC_DEV=$ext_if_dsl_1 TC_DEV=$ext_if_static_1
@ -473,7 +553,7 @@ http_server_only_local_ips="192.168.100.100
# - Multiple settins of this parameter is possible # - Multiple settins of this parameter is possible
# - # -
declare -A http_server_dmz_arr declare -A http_server_dmz_arr
#http_server_dmz_arr[192.168.100.10]=$ext_if_static_1
# - HTTPS Services DMZ only port 443 (reachable also from WAN) # - HTTPS Services DMZ only port 443 (reachable also from WAN)
# - # -
@ -573,7 +653,7 @@ ftp_server_only_local_ips=""
# - ftp_passive_port_range=<first-port:last-port> # - ftp_passive_port_range=<first-port:last-port>
# - # -
declare -A ftp_server_dmz_arr declare -A ftp_server_dmz_arr
#ftp_server_dmz_arr[192.168.63.20]=$ext_if_dsl_1 #ftp_server_dmz_arr[192.168.63.20]=$ext_if_static_1
ftp_passive_port_range="50000:50400" ftp_passive_port_range="50000:50400"
# - FTP Ports # - FTP Ports
@ -830,6 +910,7 @@ remote_console_port=5900
# - same controller machine. # - same controller machine.
# - # -
# - unifi_stun_port=3478 # UDP port used for STUN # - unifi_stun_port=3478 # UDP port used for STUN
# - # Open Port from controller to Unifi APs
# - # -
# - # -
# - Ubiquity Networks uses port 10001/UDP for its AirControl # - Ubiquity Networks uses port 10001/UDP for its AirControl
@ -858,10 +939,20 @@ unify_broadcast_udp_ports="10001,5656:5699"
# - # -
local_unifi_controller_service=true local_unifi_controller_service=true
# - Unifi Accesspoints (AP's) controlled by UniFi controller at Gateway
# -
unifi_ap_local_ips="
192.168.100.50
192.168.100.51
"
# - UniFi Controllers on local network (other than this machine) # - UniFi Controllers on local network (other than this machine)
# - # -
unify_controller_local_net_ips="" unify_controller_local_net_ips=""
# ====== # ======
# - IPMI Tools # - IPMI Tools
# ====== # ======
@ -870,16 +961,26 @@ unify_controller_local_net_ips=""
# - # -
# - Blank seoarated list # - Blank seoarated list
# - # -
ipmi_server_ips="192.168.100.11 172.16.100.15" ipmi_server_ips="192.168.100.11 192.168.100.15 172.16.100.15"
# - IPMI Tools Port # - IPMI Tools Port
# - # -
# - UDP 623: Access IPMI Programms (as IPMIView or FreeIPMI) # - UDP 161: SNMP
# - TCP 623: Virtual Media for Remote Console # - UDP 623: Access IPMI Programms (as IPMIView or FreeIPMI)
# - TCP 3520: "This is TCP Port 3520 which is also needed in addition to TCP port 5900 to be able to use iKVM." # -
# - TCP 80: Webinterface.
# - TCP 161: SNMP
# - TCP 443: Webinterface (SSL)
# - TCP 623: Virtual Media for Remote Console
# - TCP 3520: "This is TCP Port 3520 which is also needed in addition to TCP port 5900 to be able to use iKVM."
# - TCP 5120: CD/USB
# - TCP 5123: Floppy
# - TCP 5900: KVM over IP
# - TCP 5901: Video for remote console
# - TCP 5985: Wsman
# - # -
ipmi_udp_port=623 ipmi_udp_ports="161 623"
ipmi_tcp_ports="623 3520" ipmi_tcp_ports="80 161 443 623 3520 5120 5123 5900 5901 5985"
# ============= # =============
@ -968,6 +1069,28 @@ tv_extern_if="eth2.8"
tv_local_if="$local_if_1" tv_local_if="$local_if_1"
# =====
# --- Allow special TCP Ports (OUT)
# =====
# - TCP Ports
# -
# - Blank separated list of tcp ports
# -
tcp_out_ports=""
# =====
# --- Allow special UDP Ports (OUT)
# =====
# - UDP Ports
# -
# - Blank separated list udp ports
# -
udp_out_ports=""
# ====== # ======
# - Other local Services # - Other local Services
@ -1010,12 +1133,18 @@ nat_networks=""
# - masquerade_tcp_con="192.168.63.0/24:192.168.62.244:80:${local_if_1} # - masquerade_tcp_con="192.168.63.0/24:192.168.62.244:80:${local_if_1}
# - 10.0.0.0/8:192.168.62.244:443:${local_if_1}" # - 10.0.0.0/8:192.168.62.244:443:${local_if_1}"
# - # -
# - 172.16.101.1: Accesspoint TP-Link TL-WA801ND (büro zebra) # - 172.16.100.254: FritzBOX! 7590
# - 172.16.101.1: Accesspoint TP-Link TL-WA801ND (büro zebra)
# - # -
# - Blank separated list # - Blank separated list
# - # -
masquerade_tcp_cons="192.168.63.0/24:172.16.101.1:80:${local_if_1} masquerade_tcp_cons="
10.0.100.0/24:172.16.101.1:80:${local_if_1}" 192.168.100.0/24:172.16.100.254:80:${ext_if_static_1}
10.0.100.0/24:172.16.100.254:80:${ext_if_static_1}
192.168.63.0/24:172.16.100.254:80:${ext_if_static_1}
192.168.63.0/24:172.16.101.1:80:${local_if_1}
10.0.100.0/24:172.16.101.1:80:${local_if_1}
"
# ============= # =============
@ -1049,7 +1178,10 @@ portforward_tcp=""
# - # -
# - Blank separated list # - Blank separated list
# - # -
portforward_udp="$vpn_ifs:49909:192.168.100.101:9" portforward_udp="
$vpn_ifs:49909:192.168.100.101:9
$ext_if_static_1:1198:172.16.102.194:1194
"

50
Kanzlei-Kiel/ipt-firewall/post_decalrations.conf
View File

@ -149,6 +149,38 @@ for _val in $allow_local_if_to_local_ip ; do
allow_local_if_to_local_ip_arr+=("$_val") allow_local_if_to_local_ip_arr+=("$_val")
done done
# ---
# - Allow extern service from given local interface
# ---
declare -a allow_local_if_to_ext_service_arr
for _val in $allow_local_if_to_ext_service ; do
allow_local_if_to_ext_service_arr+=("$_val")
done
# ---
# - Allow extern network from given local interface
# ---
declare -a allow_local_if_to_ext_net_arr
for _val in $allow_local_if_to_ext_net ; do
allow_local_if_to_ext_net_arr+=("$_val")
done
# ---
# - Allow extern service from given local network
# ---
declare -a allow_local_net_to_ext_service_arr
for _val in $allow_local_net_to_ext_service ; do
allow_local_net_to_ext_service_arr+=("$_val")
done
# ---
# - Allow extern network from given local network
# ---
declare -a allow_local_net_to_ext_net_arr
for _val in $allow_local_net_to_ext_net ; do
allow_local_net_to_ext_net_arr+=("$_val")
done
# --- # ---
# - Separate local Networks # - Separate local Networks
# --- # ---
@ -378,6 +410,24 @@ for _ip in $rsync_out_ips ; do
rsync_out_ip_arr+=("$_ip") rsync_out_ip_arr+=("$_ip")
done done
# ---
# - Special TCP Ports OUT
# ---
# local
declare -a tcp_out_port_arr
for _port in $tcp_out_ports ; do
tcp_out_port_arr+=("$_port")
done
# ---
# - Special UDP Ports OUT
# ---
# local
declare -a udp_out_port_arr
for _port in $udp_out_ports ; do
udp_out_port_arr+=("$_port")
done
# --- # ---
# - Other local Services # - Other local Services
# --- # ---

116
Kanzlei-Kiel/isc-dhcp6-server.Kanzlei-Kiel Executable file
View File

@ -0,0 +1,116 @@
#!/bin/sh
#
#
### BEGIN INIT INFO
# Provides: isc-dhcp6-server
# Required-Start: $remote_fs $network $syslog
# Required-Stop: $remote_fs $network $syslog
# Should-Start: $local_fs slapd $named
# Should-Stop: $local_fs slapd
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: DHCPv6 server
# Description: Dynamic Host Configuration Protocol Server
### END INIT INFO
PATH=/sbin:/bin:/usr/sbin:/usr/bin
OPTIONS="-6"
test -f /usr/sbin/dhcpd || exit 0
DHCPD_DEFAULT="${DHCPD_DEFAULT:-/etc/default/isc-dhcp6-server}"
# It is not safe to start if we don't have a default configuration...
if [ ! -f "$DHCPD_DEFAULT" ]; then
echo "$DHCPD_DEFAULT does not exist! - Aborting..."
if [ "$DHCPD_DEFAULT" = "/etc/default/isc-dhcp-server" ]; then
echo "Run 'dpkg-reconfigure isc-dhcp-server' to fix the problem."
fi
exit 0
fi
. /lib/lsb/init-functions
# Read init script configuration
[ -f "$DHCPD_DEFAULT" ] && . "$DHCPD_DEFAULT"
NAME=dhcpd6
DESC="ISC DHCPv6 server"
# fallback to default config file
DHCPD_CONF=${DHCPD_CONF:-/etc/dhcp/dhcpd6.conf}
# try to read pid file name from config file, with fallback to /var/run/dhcpd.pid
if [ -z "$DHCPD_PID" ]; then
DHCPD_PID=$(sed -n -e 's/^[ \t]*pid-file-name[ \t]*"(.*)"[ \t]*;.*$/\1/p' < "$DHCPD_CONF" 2>/dev/null | head -n 1)
fi
DHCPD_PID="${DHCPD_PID:-/var/run/dhcpd6.pid}"
test_config()
{
if ! /usr/sbin/dhcpd -t $OPTIONS -q -cf "$DHCPD_CONF" > /dev/null 2>&1; then
echo "dhcpd self-test failed. Please fix $DHCPD_CONF."
echo "The error was: "
/usr/sbin/dhcpd -t $OPTIONS -cf "$DHCPD_CONF"
exit 1
fi
}
# single arg is -v for messages, -q for none
check_status()
{
if [ ! -r "$DHCPD_PID" ]; then
test "$1" != -v || echo "$NAME is not running."
return 3
fi
if read pid < "$DHCPD_PID" && ps -p "$pid" > /dev/null 2>&1; then
test "$1" != -v || echo "$NAME is running."
return 0
else
test "$1" != -v || echo "$NAME is not running but $DHCPD_PID exists."
return 1
fi
}
case "$1" in
start)
test_config
log_daemon_msg "Starting $DESC" "$NAME"
start-stop-daemon --start --quiet --pidfile "$DHCPD_PID" \
--exec /usr/sbin/dhcpd -- \
-q $OPTIONS -cf "$DHCPD_CONF" -pf "$DHCPD_PID" $INTERFACES
sleep 2
if check_status -q; then
log_end_msg 0
else
log_failure_msg "check syslog for diagnostics."
log_end_msg 1
exit 1
fi
;;
stop)
log_daemon_msg "Stopping $DESC" "$NAME"
start-stop-daemon --stop --quiet --pidfile "$DHCPD_PID"
log_end_msg $?
rm -f "$DHCPD_PID"
;;
restart | force-reload)
test_config
$0 stop
sleep 2
$0 start
if [ "$?" != "0" ]; then
exit 1
fi
;;
status)
echo -n "Status of $DESC: "
check_status -v
exit "$?"
;;
*)
echo "Usage: $0 {start|stop|restart|force-reload|status}"
exit 1
esac
exit 0

2
Kanzlei-Kiel/openvpn/ccd/server-gw-ckubu/VPN-Kanzlei-Kiel-gw-ckubu
View File

@ -2,6 +2,6 @@ ifconfig-push 10.1.100.2 255.255.255.0
push "route 192.168.100.0 255.255.255.0 10.1.100.1" push "route 192.168.100.0 255.255.255.0 10.1.100.1"
push "route 192.168.101.0 255.255.255.0 10.1.100.1" push "route 192.168.101.0 255.255.255.0 10.1.100.1"
push "route 172.16.101.0 255.255.255.0 10.1.100.1" push "route 172.16.101.0 255.255.255.0 10.1.100.1"
push "route 172.16.102.0 255.255.255.0 10.1.100.1" push "route 172.16.100.0 255.255.255.0 10.1.100.1"
iroute 192.168.63.0 255.255.255.0 iroute 192.168.63.0 255.255.255.0
iroute 192.168.64.0 255.255.255.0 iroute 192.168.64.0 255.255.255.0

227
Kanzlei-Kiel/openvpn/client-configs/bjoern.conf Normal file
View File

@ -0,0 +1,227 @@
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote gw-ah.oopen.de 1194
topology subnet
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Try to preserve some state across restarts.
persist-key
persist-tun
# Server CA
<ca>
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIJAP5ZrV6+kAU+MA0GCSqGSIb3DQEBCwUAMIG0MQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEZMBcGA1UEAxMQ
VlBOLUthbnpsZWktS2llbDEZMBcGA1UEKRMQVlBOIEthbnpsZWkgS2llbDEhMB8G
CSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlMB4XDTE3MDYyNzIzMDc1NloX
DTQ5MDYyNzIzMDc1NlowgbQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4x
DzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3
b3JrIFNlcnZpY2VzMRkwFwYDVQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQp
ExBWUE4gS2FuemxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29w
ZW4uZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFxAf/gwUw+PD7
xYRGHHmYzbjP/hl+cx60qwGZYbyitlIGIZ/0EjzSxyvL47EAB0gBHWuSofYD2L1d
k9mYKLbBCAk+VdV+O1rPuE3DSc/T01vEEhlqYGfm6iTgKTLeIWFaPE4k5rNgGM+F
A0LZXdWnH6/xj7Vp55UWl/G7/rzptKY9XTdBuV8pqFl1Cvs0dLlFG8JMyrl0ozEf
w8cI8dyLsTSZWBEOEAaQQmwOE8WEPXwAhgXDzsQfXdMsKJlfMgM1nOlflux0AftE
0Hi+jgTV9uvcjssOetpyf7fmsjvLwsoEIrgZcYK9cUtpO/sAuvDIo/cgbV3SBNIP
68jXrrmvAgMBAAGjggEdMIIBGTAdBgNVHQ4EFgQUToIeFIHrm8hxLLEiaJC/7tnU
/9QwgekGA1UdIwSB4TCB3oAUToIeFIHrm8hxLLEiaJC/7tnU/9ShgbqkgbcwgbQx
CzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEP
MA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRkwFwYD
VQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQpExBWUE4gS2FuemxlaSBLaWVs
MSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGWCCQD+Wa1evpAFPjAM
BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCxLfN8SL5ANfwfU0OKi0MH
cXlk2czIC9pcfrMaVp6gWgUKEqmNAC7NOqv8rN+fHXmfQhQ58s7SDqEJgYlfpwyW
mAIT6D72NN2z8t4iYhu48R1fV+Ml7g9LfCtSOpJXezpzylKvNKAQL7QYOYsfZN1N
SCIDyf9Ub65GLDiWmi3nrOUBlYO0yFddJ3c1MtU3aUAucMZGGGwORtEswqVzMcw1
ZbQppHcWiwJ4nFNmTC6d2nct1ELrv2ckaaPT+HazFHVtiqkQ2yoYQwoZhjZqOAPp
uxIR5f7mS9PtugPSuvf4aftN+7DZq6otfTEmOoIoN0dznV60Jc8xTQkzHuNRjwVi
-----END CERTIFICATE-----
</ca>
# Client Certificate
<cert>
-----BEGIN CERTIFICATE-----
MIIFbDCCBFSgAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xODA2MTkyMTM2MTZaFw0zODA2MTky
MTM2MTZaMIG7MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
aWNlczEgMB4GA1UEAxMXVlBOLUthbnpsZWktS2llbC1iam9lcm4xGTAXBgNVBCkT
EFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Bl
bi5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKwgvWjgVuT6zux9
E5BRLsxUzscf/wMrUiiH0Jd7w9xlLJKt+zsdQstjVo8aONjZ8BJGmhwhKxEm9gKJ
9LkIweMsgebzOC/Zrenu0GcShQUUNqehVGCfAi5FQrcAv2/swQIEyfLhMuLg/TvY
h5p5/KO4oEAvEE96OTROvO74oTvsZbeAYJwid6nLkNiyJpa2mrjGNUSMab9HVtX0
5u8oaQ7m4oGdvY07iyRrjGHHyR9PBIR3TlttDYLiCeVRR6KPECoTqY9dzZcdQp1q
wyisRfSyc02PipjtR8t+oIte9ZMkmfTHtGyKp9K5BrPHIVuWJ2y8ECXGmiwiGXgR
HRUBuHMCAwEAAaOCAX4wggF6MAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVh
c3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUWLKQJXcG6kkB
Wxo98rmvbcPZRLYwgekGA1UdIwSB4TCB3oAUToIeFIHrm8hxLLEiaJC/7tnU/9Sh
gbqkgbcwgbQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcT
BkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZp
Y2VzMRkwFwYDVQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQpExBWUE4gS2Fu
emxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGWCCQD+
Wa1evpAFPjATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEQYDVR0R
BAowCIIGYmpvZXJuMA0GCSqGSIb3DQEBCwUAA4IBAQB0KmURa9QjazV/Kf1VJnGQ
vfzSKYFHYVtmW4Rh/MTHSnqfxgTjgolAyA0t05IEU+Kks9PXoh8D0IYTeri/cICs
P1nyrvUse9rqlOHil1gC2J6ysiYGFPKKzbRhc2lh0WGYT30pfjvQ32UChHu/kxI+
ny4HktXLalYK58rI+o6gTEHMl2/BSHgzxPpObxhONNVCXiS8iJLpw6nwUl2rrB9n
wHXMMIpA96Q3Hk056sNhEWG01MN5GbjTAZXl435XKTQvYSvh30WahXoXY4/F2bA7
OlVGpTeu3H2gid3fEajF+n3U25VFGsQRb/RDBNMsP9eDfYF9N5g2tswl24CFu1qr
-----END CERTIFICATE-----
</cert>
# Client Key
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI6SE0PsXGw/wCAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECG7zORi+kUIQBIIEyOyz5+JUC/+K
Uew57hlL3eIq4Lf1NKQvckgJ6LPkmfEZGPRkPlwpiFqy3KgOv/npjir7zq6nLRff
KJf5FTLBie69FqreaY7dbO6KFfn81PHMvO7zitnT3Iohv0pLAXt35XxbM0ggUnul
Y6aQArJoPRhyhyD/SorGHYDHQ5mSL8fjymzzy2faEq8i7PtbZvlRIvjTCIYHlTta
mQFHfp0w+S2FLdbmodZRsXDZoN2mc6Rbu2PQ2DykDrezurseiKsjgilhvShph25H
Q2kit081C9ldLjbVvbYUM7Rpwx624AqifMSncMq/i2CDa+x5mX8MP0O1ObBEZH9G
yFX7hzS83smJiG3jdwG4IJwar6W2433fSDsQBrRUYonaUT8kebdyxTeUiVqxw6AH
Bl/ru56WQ37w53JYadwWUr4Q1o8ud9XER2PpxkMVtyXMPxTDepX+kU/6W19vo6+I
yC0E4DbWhx2uCgTNS8hxIvHOWWq3d7Gcxpof/NWPMVbLosuosX/3SA2Bu1x+/2cY
IpwA61PAC08GKvkfBRV3wK74mlAJ1jZyrbY5FgmFNEH+aYUXQrRlpNt+H7N5dKlT
Sa8gXtNGLHOoKbFQvjKakKdH72scJ1Gfu+WgojYAb1hLurkUyoAm6Du+AwRt1wK2
Jilq6sbrH9R3Vdo+xRhjAvn8I43awtYqPRYUbCv9sGzVWhYFHU86pzyYJcyWAJTU
0WWcZiOSy/zBOlVtaHidWuE4vtixIOxabvXvtfkG40VWOrX67CePrnCFnQQ5kfyT
LJPMwL6u18037qsSFFi7jvBE4jYbfcpgsFHhK2sq6/oYGnFAUQxZ6W9BzLsdrGlA
9BjQZrG/Dknnqo6+7NaHbaqe2dclSCoKDWr2tGN+hbFWTx71X5+bFMWJ0LinhUM0
m5FjlI8NhA9PmCwBPZhUxHQVwLz6YYlqtAXgOXBKdJfAD/3MFXGWVQgUrPK+3wXS
blAAwc+Gk5Aage0hO9TN++8fIyZRcOuYRjoXuK3Jf73tKZbzYw7kSt8QN4eFtaCO
ExxRmisMJXK3a48ZSPaYb04WHxqP+ZEOaSvFLCgmQy+iw9nmWhn/6yTcPqCMyCkC
PG7RBAiOrOsaDrKdaVYNecNgWKtfmKGx729t7H5NB419wOCbfyBvr5ROfYL3a6Ez
RV/ljTkryXXf9wCBoGGK+2Xp9fmBf0f5MKG+u+QEIjPcCNcMjDMpgq/+7/GvBipi
PYuzkky/CIb1atccWKxa0J+FzqPFhAKXRjHQ/P8VLrDBZFLS9fqOBVwA/FO2zdsa
Wi+KQUF5tTMnNxqNd2QkM0aa7WZEjBtpbRZNvOwBUYuAjcAJ0nwn8X6OgZC3XH7e
W8Te0S/miSsI/oJupN6LW8n8IkAcBm2RCnTOaOi064JSlo8FcDpDtuNg3N7ywMf1
fB8JcgmWnRrH1WG3qscTh4UZyGs5iC5ELNghx5de2hNXTC8RW50EUGxl6Go7d8xf
v/YRcASoi8jURtn9mDDSKOM7BwILC8FDE4w9cg80FkHKNJBPJVRceMPS2sVCe7Bp
eENJA6sw10FC43d8bZc8qahi72fPxmCZNRm+xtJ1K4hSHiRNmluIC+hc22jKzbb1
R14ylejrOfjDD+QqYhR1Zw==
-----END ENCRYPTED PRIVATE KEY-----
</key>
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-server
# script in the easy-rsa folder will do this.
#
# Note!
# The option "ns-cert-type" has been deprecated since
# version 2.4 and will be removed from later distributions.
#
# Use the modern equivalent "remote-cert-tls"
#
;ns-cert-type server
remote-cert-tls server
# If a tls-auth key is used on the server
# then every client must also have the key.
#
# Don't forget to set the 'key-direction' Parameter if using
# Inline Key. Usualy , sever has key direction '0', while client
# has ke direction '1'.
#
key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
36188fa3977457d267ecae99373870f5
ef6e44a8899d4f5ccc831e9d2dbc31ac
e171c7e8e49e0d2edd43c3834a2d0099
236aa4924c80971b0a34310eb69b70e2
fbe85a7395cc10bea13ad09efa46d738
f594c332d26c068b289ba96bbb1f661d
efb873b76137057a62b4e27b522cfce6
aef7ea67ec2540b00b4782780352addf
2f7722d1edd40a8f3de3b0295e2da07e
b46d196a4cbfd85e47739dc320af6584
eb960e2c5ba27bf2f56381f8eb3ceaf7
cc72d829ab05aaca6fbb205b78606ff8
cc58bc336adb644adfb0034f9974b7d9
f2b1308249cd74ecb555a550af6af1ad
b15a3f03ecef5f89fa70d2fada97a1b8
6179b0d487a6e3196209d053597a7416
-----END OpenVPN Static key V1-----
</tls-auth>
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
cipher AES-256-CBC
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
;comp-lzo
comp-lzo
# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 1
# Setting 'pull' on the client takes care to get the 'push' durectives
# from the server
pull

227
Kanzlei-Kiel/openvpn/client-configs/gubitz.conf Normal file
View File

@ -0,0 +1,227 @@
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote gw-ah.oopen.de 1194
topology subnet
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Try to preserve some state across restarts.
persist-key
persist-tun
# Server CA
<ca>
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIJAP5ZrV6+kAU+MA0GCSqGSIb3DQEBCwUAMIG0MQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEZMBcGA1UEAxMQ
VlBOLUthbnpsZWktS2llbDEZMBcGA1UEKRMQVlBOIEthbnpsZWkgS2llbDEhMB8G
CSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlMB4XDTE3MDYyNzIzMDc1NloX
DTQ5MDYyNzIzMDc1NlowgbQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4x
DzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3
b3JrIFNlcnZpY2VzMRkwFwYDVQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQp
ExBWUE4gS2FuemxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29w
ZW4uZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFxAf/gwUw+PD7
xYRGHHmYzbjP/hl+cx60qwGZYbyitlIGIZ/0EjzSxyvL47EAB0gBHWuSofYD2L1d
k9mYKLbBCAk+VdV+O1rPuE3DSc/T01vEEhlqYGfm6iTgKTLeIWFaPE4k5rNgGM+F
A0LZXdWnH6/xj7Vp55UWl/G7/rzptKY9XTdBuV8pqFl1Cvs0dLlFG8JMyrl0ozEf
w8cI8dyLsTSZWBEOEAaQQmwOE8WEPXwAhgXDzsQfXdMsKJlfMgM1nOlflux0AftE
0Hi+jgTV9uvcjssOetpyf7fmsjvLwsoEIrgZcYK9cUtpO/sAuvDIo/cgbV3SBNIP
68jXrrmvAgMBAAGjggEdMIIBGTAdBgNVHQ4EFgQUToIeFIHrm8hxLLEiaJC/7tnU
/9QwgekGA1UdIwSB4TCB3oAUToIeFIHrm8hxLLEiaJC/7tnU/9ShgbqkgbcwgbQx
CzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEP
MA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRkwFwYD
VQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQpExBWUE4gS2FuemxlaSBLaWVs
MSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGWCCQD+Wa1evpAFPjAM
BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCxLfN8SL5ANfwfU0OKi0MH
cXlk2czIC9pcfrMaVp6gWgUKEqmNAC7NOqv8rN+fHXmfQhQ58s7SDqEJgYlfpwyW
mAIT6D72NN2z8t4iYhu48R1fV+Ml7g9LfCtSOpJXezpzylKvNKAQL7QYOYsfZN1N
SCIDyf9Ub65GLDiWmi3nrOUBlYO0yFddJ3c1MtU3aUAucMZGGGwORtEswqVzMcw1
ZbQppHcWiwJ4nFNmTC6d2nct1ELrv2ckaaPT+HazFHVtiqkQ2yoYQwoZhjZqOAPp
uxIR5f7mS9PtugPSuvf4aftN+7DZq6otfTEmOoIoN0dznV60Jc8xTQkzHuNRjwVi
-----END CERTIFICATE-----
</ca>
# Client Certificate
<cert>
-----BEGIN CERTIFICATE-----
MIIFbDCCBFSgAwIBAgIBCDANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xODA2MTkyMTM3NTdaFw0zODA2MTky
MTM3NTdaMIG7MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
aWNlczEgMB4GA1UEAxMXVlBOLUthbnpsZWktS2llbC1ndWJpdHoxGTAXBgNVBCkT
EFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Bl
bi5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMd4TDT1U13n3yZC
HRJE47qjlN/klXgNz27kEPrn24yKOCFEHjt1RfKTLtVUFvRJfQgWG+egDsMwdsV8
d0AQ5+kmZvS8vSoTHrwmPExxEAKw8+5KIUdJIUhArE25t2gfijOmtkXItzuvJRS5
IP+Kk7RrXz8m7/aSLSYq5SAGxiPhnNUMlH6x5xhx9Io7hDSF8K3TclLvmJIzPzx3
tdFMECsa9fYbccHfW1GCn0LEKJVx0EGmAXvoX9E15PG4otXpj0ew6EjJGPGXZMYN
oHqw+9Ry+6+hHbQjOt3IxuYGK5v6vi/a80djuhFyVauB46pJmXOy5FHeiDEc85F1
U+bT6U8CAwEAAaOCAX4wggF6MAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVh
c3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUsbgkl4EafINK
kee8wrGPCfGV/XkwgekGA1UdIwSB4TCB3oAUToIeFIHrm8hxLLEiaJC/7tnU/9Sh
gbqkgbcwgbQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcT
BkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZp
Y2VzMRkwFwYDVQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQpExBWUE4gS2Fu
emxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGWCCQD+
Wa1evpAFPjATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEQYDVR0R
BAowCIIGZ3ViaXR6MA0GCSqGSIb3DQEBCwUAA4IBAQChppu8Flq0u72lwZE/Ao8G
LUu+dvUJP1RZq7DSk+xj+SJir13riqMHjBCS5OqjKHs7nV5TWgnyMckfsMrQA/Lj
SgMz90puQ1c3Ss7KWPnVIsIKGn3GaB5akElmq8iDYMdMUjJbw2Bo4EgoVSkbjE0m
KdKrKm6CrfvW78kCn7icq+4ODbxbUxnHniGFVrHct3C0tC7gWNia00mC9ahGYMhu
VIRyrn4VWYfKIGYul9MD++1cbFTEZ+HtAu/Ss/GLJMOQMlHXquEV6l7KE0jyzmsn
ZPzmGD1/n9sjaSW6hhDvhdpDeHWhlk8/ds0fzVsqa747HbgixY48rF+m1l85dt/P
-----END CERTIFICATE-----
</cert>
# Client Key
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIhxkoBFagQMYCAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECD6h10URNh7VBIIEyNSkokvr0z/k
lwrSlr8SOK2chlZzjbz5j4dM8ChdHJib+eV084/XQDi0AMvz8G7ToKe5z/CT7HBb
TtZu108SB7YeiC6aQUK8bKJcJVgcXi8PvOdy1PgGbSxaVKqyWmFuQofyi1y2CH6e
2x7ct5cXwUh6tUUtFDVMW6r0uBNaIeRzodGY2kyV/dVBKC1fxqko6dgkOpQFgg7C
wANDG6cnXg+acybl4YmqKowsYdnk16KpozV7DeVK85BQaiNJrZeOwehB8gM0zRtB
ZPRr8BgXJCcZMsxOnSTy3rp7/vbu1lrTO1QIlfHZHb8xPifvaxtl3HwYTWl+hjup
iFUqSalbC7tt924KTy7Z9ov90+f9czcKuVkKkVtxQ/Kq1B9EOkpNytKYfLqTw6dE
y3c26lPmO3+eD8qJ/J4+bVfNBgOLZGwHekoZ6JaQtnHNPL7QC9EPDocyjqmmP9Cc
UsbQBczCy3S8L/lm7oo068cADbbnAW+RX+18uheASvk1SO3srraEwpvwtbf5VFBE
tR+o65zBYaxiIESEeNAlxNWC7YwD/fil0Rqwv8N9MwbZAIyfH4y/yDmHs6Qi8DjB
ELeD6JQJfWI/gEIB22VFz6+bNIBqJ3yeJZczG8YQpl9cu0LAh8q68bZ0KD/4SyzW
MeVBFAcBHR0zwXXaIdpD2RUYgkVDPqBecJUxdsIzc4BfrfNafztfHy+RV1/ZnK6g
RkvUB4VRrmlAgMyX6AvAjYjVWrxIC1mJLstkPtwAeecdDNoH7mHQruh+rs/Xc0VU
0dqKorWaEjA84nln+lE/5GIegDgxlmxOxBfIkdUa7IGGXKz1LLc0H6Y77bmRXxi0
BKqyuzrReDBShZr3FccKtwhRHYdeq5qNdyou1N5AJwHpBgIoJb4GOjCShekvxgB1
dFfW2IEdqwnQmYDoK+2bdz0lybr57IA1CdH2cnDpbFWlhGglBf2aEEZEGX1wRpEh
GFH5Qw50LCOycqhcCVK7lrpEUH9DHRGjoyLadNo9yRfq0pdJIhYSZ3lLPzq2Dtpe
Dvl1Py/0/YZyCAEr2zda3xn415ZzaSlPmzl9Ld245G7PveuL84DOqsgKuJs0rBmE
QVbC7/cBZS+y4xEvEn9cKHsq55nIawmI9TpLMfgK1S8I+vHTiSaUdNO1l35XIZDE
NNTfS7ChnhHK9chyBkxsy/dmG2lNKcTXn2HIa1IkRpESduV5CblFn4/T1Lpz3R/Z
EQKR4QIgN0uY+nKRNvnh7agfMnKydjTALGp38v9blgOiJdODhL2j4H0dcxbtrCWb
7TrXGm3ZtwN+7fkVFVkhXTLdteGDnxBjt0kPECkGtQ4kDmOyyROKgiFPpZlSDVic
UqsRnbd7g1eLszuOqCLKEOb1pcJVTFtve24EN1Ezofhg7LMEa+yWkm83LyEVVEKX
dhx1RYKc4Wk/SrZN5jtXLp8ilUu+HqSbN81jX7NGGbSRox9SxKJoIHkbtx4TJlBH
4bnLP302n9GJmDiPG9Vd0+osYLAkEIspOMrbkBZa5bM3YDQUeAxrkRuAwJLQ9kyx
fmZS832L/mKBHe8fjEr3UynKODeRh2ReGxSc0a0xnMFb5wagB4MbYKvAgnsMscyu
lDA5vjV7W9f6bptn8b82zg==
-----END ENCRYPTED PRIVATE KEY-----
</key>
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-server
# script in the easy-rsa folder will do this.
#
# Note!
# The option "ns-cert-type" has been deprecated since
# version 2.4 and will be removed from later distributions.
#
# Use the modern equivalent "remote-cert-tls"
#
;ns-cert-type server
remote-cert-tls server
# If a tls-auth key is used on the server
# then every client must also have the key.
#
# Don't forget to set the 'key-direction' Parameter if using
# Inline Key. Usualy , sever has key direction '0', while client
# has ke direction '1'.
#
key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
36188fa3977457d267ecae99373870f5
ef6e44a8899d4f5ccc831e9d2dbc31ac
e171c7e8e49e0d2edd43c3834a2d0099
236aa4924c80971b0a34310eb69b70e2
fbe85a7395cc10bea13ad09efa46d738
f594c332d26c068b289ba96bbb1f661d
efb873b76137057a62b4e27b522cfce6
aef7ea67ec2540b00b4782780352addf
2f7722d1edd40a8f3de3b0295e2da07e
b46d196a4cbfd85e47739dc320af6584
eb960e2c5ba27bf2f56381f8eb3ceaf7
cc72d829ab05aaca6fbb205b78606ff8
cc58bc336adb644adfb0034f9974b7d9
f2b1308249cd74ecb555a550af6af1ad
b15a3f03ecef5f89fa70d2fada97a1b8
6179b0d487a6e3196209d053597a7416
-----END OpenVPN Static key V1-----
</tls-auth>
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
cipher AES-256-CBC
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
;comp-lzo
comp-lzo
# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 1
# Setting 'pull' on the client takes care to get the 'push' durectives
# from the server
pull

228
Kanzlei-Kiel/openvpn/client-configs/hh-kanzlei.conf Normal file
View File

@ -0,0 +1,228 @@
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote gw-ah.oopen.de 1194
topology subnet
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Try to preserve some state across restarts.
persist-key
persist-tun
# Server CA
<ca>
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIJAP5ZrV6+kAU+MA0GCSqGSIb3DQEBCwUAMIG0MQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEZMBcGA1UEAxMQ
VlBOLUthbnpsZWktS2llbDEZMBcGA1UEKRMQVlBOIEthbnpsZWkgS2llbDEhMB8G
CSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlMB4XDTE3MDYyNzIzMDc1NloX
DTQ5MDYyNzIzMDc1NlowgbQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4x
DzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3
b3JrIFNlcnZpY2VzMRkwFwYDVQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQp
ExBWUE4gS2FuemxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29w
ZW4uZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFxAf/gwUw+PD7
xYRGHHmYzbjP/hl+cx60qwGZYbyitlIGIZ/0EjzSxyvL47EAB0gBHWuSofYD2L1d
k9mYKLbBCAk+VdV+O1rPuE3DSc/T01vEEhlqYGfm6iTgKTLeIWFaPE4k5rNgGM+F
A0LZXdWnH6/xj7Vp55UWl/G7/rzptKY9XTdBuV8pqFl1Cvs0dLlFG8JMyrl0ozEf
w8cI8dyLsTSZWBEOEAaQQmwOE8WEPXwAhgXDzsQfXdMsKJlfMgM1nOlflux0AftE
0Hi+jgTV9uvcjssOetpyf7fmsjvLwsoEIrgZcYK9cUtpO/sAuvDIo/cgbV3SBNIP
68jXrrmvAgMBAAGjggEdMIIBGTAdBgNVHQ4EFgQUToIeFIHrm8hxLLEiaJC/7tnU
/9QwgekGA1UdIwSB4TCB3oAUToIeFIHrm8hxLLEiaJC/7tnU/9ShgbqkgbcwgbQx
CzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEP
MA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRkwFwYD
VQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQpExBWUE4gS2FuemxlaSBLaWVs
MSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGWCCQD+Wa1evpAFPjAM
BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCxLfN8SL5ANfwfU0OKi0MH
cXlk2czIC9pcfrMaVp6gWgUKEqmNAC7NOqv8rN+fHXmfQhQ58s7SDqEJgYlfpwyW
mAIT6D72NN2z8t4iYhu48R1fV+Ml7g9LfCtSOpJXezpzylKvNKAQL7QYOYsfZN1N
SCIDyf9Ub65GLDiWmi3nrOUBlYO0yFddJ3c1MtU3aUAucMZGGGwORtEswqVzMcw1
ZbQppHcWiwJ4nFNmTC6d2nct1ELrv2ckaaPT+HazFHVtiqkQ2yoYQwoZhjZqOAPp
uxIR5f7mS9PtugPSuvf4aftN+7DZq6otfTEmOoIoN0dznV60Jc8xTQkzHuNRjwVi
-----END CERTIFICATE-----
</ca>
# Client Certificate
<cert>
-----BEGIN CERTIFICATE-----
MIIFdDCCBFygAwIBAgIBDDANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xODA2MjAwMTE3MDZaFw0zODA2MjAw
MTE3MDZaMIG/MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
aWNlczEkMCIGA1UEAxMbVlBOLUthbnpsZWktS2llbC1oaC1rYW56bGVpMRkwFwYD
VQQpExBWUE4gS2FuemxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1A
b29wZW4uZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVUuQpDwsH
vxSAvH4nppLzlcXizzUA/Wvn6cIysA3GO5nY9LKt5s2O4SWljMguYC8ta00jmK4G
WfPyzarzZLxEBCosSsemxKUS4pW1hiPJFjgdoXwnWY6DsaeFFPFzKdyH84cM+8gD
6XTLujYJnbG1rjQUqV6yi8EiwxfVxPDQAyNpvI37wxsr7abTNNKjvlZTAZd/DRgF
7vTI4Nw1XWQxtam4kST4hKdd6ugnUyf9FfVaX06P3j316hhgoqXH2UfCPZlI+6CJ
R/vmkB1FYplta3xKhHMRGGbhqTqvpK2ATNpZNGXZbVYd2Ly5FlMtbmDZrutbsbyk
aptkZtZ72hMHAgMBAAGjggGCMIIBfjAJBgNVHRMEAjAAMC0GCWCGSAGG+EIBDQQg
Fh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFEY6Tztq
ocSJTcTYSs/N9DVPHK4/MIHpBgNVHSMEgeEwgd6AFE6CHhSB65vIcSyxImiQv+7Z
1P/UoYG6pIG3MIG0MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYD
VQQHEwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBT
ZXJ2aWNlczEZMBcGA1UEAxMQVlBOLUthbnpsZWktS2llbDEZMBcGA1UEKRMQVlBO
IEthbnpsZWkgS2llbDEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRl
ggkA/lmtXr6QBT4wEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMBUG
A1UdEQQOMAyCCmhoLWthbnpsZWkwDQYJKoZIhvcNAQELBQADggEBAFAUWaRuXrg0
U8ksk3p7T86JrIi4jarr6VPt3DBXiFnplhXhqhUGBh6eWLd3q5DHSrh1Ll47jpAq
O5hyknrbDnf4JWpg6RxTxj5dmvIWvBvInlyxpjnk1vudCDm09yU5hYZht9XVjWAQ
DeRe6F1wqFjRZk33f1Pies/xJVdW+rQG23VuNp0OwIVvri3i1qBuDV/Cb/XQXdlU
YsCG4IS2fLWU3DO4DaKCQh7TGhLJDSlPrwB+7UN419p8IPpQs+3eUTGM4He6153K
iGvBeR4wfB8HVKX+Ro4O33Xa/Hcvvkl9FCgBF6dVJ1nmhBm4GWstMhIw8nnBuzl/
YzBrq2Xgzsw=
-----END CERTIFICATE-----
</cert>
# Client Key
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIz79jvbHv3DACAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECPE3o5ZalTfQBIIEyMw6MfxJ1fA5
+84OUNHDJ/9BvnQu/0EbX6YkZIZgZ37zxvYR8NRMHqRdsR5oTqigbOgkSQTx7JEA
M2p3uEi4nrz9Rle+T6ZALHaTQcQcUe3ZgpksyUXTQjVnKm+riZpK+jmoYpdPUfQo
TyKb3FeuNxOoqyyruxiDyoyxtQvgz0SuibDrOX+GyM2HbXkZPD6JjZuW7U/TFriF
0+R7Eog718e/0bisKlPs//3gktx0QyApc3RMQjKaXBrCS5xlwgsj/OAAitjBhwl3
XP9FgoP/is/8pu7LERuqt3exwYk3QaJrruUkhxscupXCi1doe/Nql4cpZAiAVTQ2
m0QDSj0PSqy7vAZwZ+R3DttZMHcPEtAsrzBFpcVhKnKte7bGk4k0ICRIZMI1wVJI
uRK4ihPj2d38Bff3YuNoCjTlzETtOXMP5+UP3oH8fY7qb7P/QRp8Yp1lapL4NMgv
fJyNyyQAg08K3XHhEZVF9I3N6KCiVPi8K5Uteb7r/kjXuQ+nOzxvzTPqjW+7huT/
kbh5AIcMVUCxHvME9Au7yLpuy1T70TyW5zqmE1feZkVQE76oj8BAkhmhRAuvaCES
ZglwSmTA1bYDPVs8/nnRB2VjcWYjus0oSC0xdiOAYRH0KuW59DgfMttaxXh4/9Mb
uXsu/2HU3nOxrXEzBHUDOEb+ja/kKOrU0TrsdcpPGVqlMFHjEDEr7oEWVoIH7iGw
4McLH9Q6054DczfJrfavhkx+Pk5Fb3nTfPH753ugCrPz733w0ugi2IKEzJXgAXOx
3cTBVr6mOw3ctQ+7D9bOHIEAk4Gfgf+DdTlLRbDTIBB/OWiPjp2x7D+eu1oVMlOU
5gkSadlklwkwe3dGjWsSjK5g+HE8rlBZbYTEe2gko1S5s7+v7jn2rP+2cY8DHASG
UiPghE5+MC9W++5PizQyLaR5FNO6/GzbzalrtGeE7F4s2MnRjUotDKFfZdWeOdFJ
zpv4GzNU36BH9WCbW3jrZMH0uDBt6lVoU+t7uwIvDnrAXY+FwodaffS7xWhNWm5r
h3yGnHQzz17ZDUAnMRSOjejb32PmNq2M5StlnY80MBzKptE0qYuvW+BzpsMyYSFz
2T3jhJmYwPsPoKE/O2xPVg2wGExss4UQyZUoV/rvtE+WTXUsYUzsjwBIV6DD0ux0
PGDbO7yO83izhn3VlWRq6Re0n6CLXmyCg7nVi0Iuw93dHfUQWcuKCKE8uwRA5QE+
3edHSYOtTZ/PLH+Uh+Qp6m11GiYhY3S+vlJ0l1FBfx07KCfOzbxBtB8lHK9q3XaY
bZOBPDMs/Wx31O48L/i19OycBELKwoPUQTjEId6kgYMHxgjXO7XbHrN4Ryxw9ydT
Iij3WOKaeICUmaSG/dx5luKJ6BV2ZJyJF3vKWVUMtpamEeqfFevxAMgTC9zh7D9+
1WhNCPvvgJ5OXsfdUMcUnENnGdcSfznOG/BlKVRG7niGKjvk4DtdjZfHMI0TXqiV
Krn4GcJFZjMVxG16TFxpCVK6M52CV3WoGgg2YLp1bop1bbv4zwE3gk00EILcRKfF
UZrEn+5QF7XsS4Ym85y9DrOc1Oag3AFxwqT/cZuX7cfEDR6JE/ZQ8IGuQnH1sRkk
5Gw1p3AFAgSy7ADVtsF/kA==
-----END ENCRYPTED PRIVATE KEY-----
</key>
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-server
# script in the easy-rsa folder will do this.
#
# Note!
# The option "ns-cert-type" has been deprecated since
# version 2.4 and will be removed from later distributions.
#
# Use the modern equivalent "remote-cert-tls"
#
;ns-cert-type server
remote-cert-tls server
# If a tls-auth key is used on the server
# then every client must also have the key.
#
# Don't forget to set the 'key-direction' Parameter if using
# Inline Key. Usualy , sever has key direction '0', while client
# has ke direction '1'.
#
key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
36188fa3977457d267ecae99373870f5
ef6e44a8899d4f5ccc831e9d2dbc31ac
e171c7e8e49e0d2edd43c3834a2d0099
236aa4924c80971b0a34310eb69b70e2
fbe85a7395cc10bea13ad09efa46d738
f594c332d26c068b289ba96bbb1f661d
efb873b76137057a62b4e27b522cfce6
aef7ea67ec2540b00b4782780352addf
2f7722d1edd40a8f3de3b0295e2da07e
b46d196a4cbfd85e47739dc320af6584
eb960e2c5ba27bf2f56381f8eb3ceaf7
cc72d829ab05aaca6fbb205b78606ff8
cc58bc336adb644adfb0034f9974b7d9
f2b1308249cd74ecb555a550af6af1ad
b15a3f03ecef5f89fa70d2fada97a1b8
6179b0d487a6e3196209d053597a7416
-----END OpenVPN Static key V1-----
</tls-auth>
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
cipher AES-256-CBC
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
;comp-lzo
comp-lzo
# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 1
# Setting 'pull' on the client takes care to get the 'push' durectives
# from the server
pull

228
Kanzlei-Kiel/openvpn/client-configs/hh-lucke.conf Normal file
View File

@ -0,0 +1,228 @@
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote gw-ah.oopen.de 1194
topology subnet
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Try to preserve some state across restarts.
persist-key
persist-tun
# Server CA
<ca>
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIJAP5ZrV6+kAU+MA0GCSqGSIb3DQEBCwUAMIG0MQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEZMBcGA1UEAxMQ
VlBOLUthbnpsZWktS2llbDEZMBcGA1UEKRMQVlBOIEthbnpsZWkgS2llbDEhMB8G
CSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlMB4XDTE3MDYyNzIzMDc1NloX
DTQ5MDYyNzIzMDc1NlowgbQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4x
DzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3
b3JrIFNlcnZpY2VzMRkwFwYDVQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQp
ExBWUE4gS2FuemxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29w
ZW4uZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFxAf/gwUw+PD7
xYRGHHmYzbjP/hl+cx60qwGZYbyitlIGIZ/0EjzSxyvL47EAB0gBHWuSofYD2L1d
k9mYKLbBCAk+VdV+O1rPuE3DSc/T01vEEhlqYGfm6iTgKTLeIWFaPE4k5rNgGM+F
A0LZXdWnH6/xj7Vp55UWl/G7/rzptKY9XTdBuV8pqFl1Cvs0dLlFG8JMyrl0ozEf
w8cI8dyLsTSZWBEOEAaQQmwOE8WEPXwAhgXDzsQfXdMsKJlfMgM1nOlflux0AftE
0Hi+jgTV9uvcjssOetpyf7fmsjvLwsoEIrgZcYK9cUtpO/sAuvDIo/cgbV3SBNIP
68jXrrmvAgMBAAGjggEdMIIBGTAdBgNVHQ4EFgQUToIeFIHrm8hxLLEiaJC/7tnU
/9QwgekGA1UdIwSB4TCB3oAUToIeFIHrm8hxLLEiaJC/7tnU/9ShgbqkgbcwgbQx
CzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEP
MA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRkwFwYD
VQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQpExBWUE4gS2FuemxlaSBLaWVs
MSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGWCCQD+Wa1evpAFPjAM
BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCxLfN8SL5ANfwfU0OKi0MH
cXlk2czIC9pcfrMaVp6gWgUKEqmNAC7NOqv8rN+fHXmfQhQ58s7SDqEJgYlfpwyW
mAIT6D72NN2z8t4iYhu48R1fV+Ml7g9LfCtSOpJXezpzylKvNKAQL7QYOYsfZN1N
SCIDyf9Ub65GLDiWmi3nrOUBlYO0yFddJ3c1MtU3aUAucMZGGGwORtEswqVzMcw1
ZbQppHcWiwJ4nFNmTC6d2nct1ELrv2ckaaPT+HazFHVtiqkQ2yoYQwoZhjZqOAPp
uxIR5f7mS9PtugPSuvf4aftN+7DZq6otfTEmOoIoN0dznV60Jc8xTQkzHuNRjwVi
-----END CERTIFICATE-----
</ca>
# Client Certificate
<cert>
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgIBCzANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xODA2MjAwMTE1NDZaFw0zODA2MjAw
MTE1NDZaMIG9MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
aWNlczEiMCAGA1UEAxMZVlBOLUthbnpsZWktS2llbC1oaC1sdWNrZTEZMBcGA1UE
KRMQVlBOIEthbnpsZWkgS2llbDEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9v
cGVuLmRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApy+f6OZujjGd
OknYsbwjBA5toqsqGXkSdMmo/xxCYc2KFiO5UODuUHR3R0ZSXaorUw5q7zVsA1w/
IxTJiPaAvFB5m2RCFPDp/Kb1N6KdRs45fWKkgqf0qtgubk+PauZUJqIhs7ZMnOGu
E5qCxS+gpeVYci/FiJbU+IQZHs16zwsNgRpyYe225BxovsXBvIJ8F5EggbFZYo8b
Bc8whBTlKydk8CZ5SO9ObIcrHmiBXbfFNY5rmxgsyj40RH0hhln/zXUK59WBgg2k
Ohirf0RpwFieeCg5xCF1NTNvpRKfDhQZqj2h0vyelN9LDZs/L9bGHoNu3xWlOXPi
+bPKIZFivQIDAQABo4IBgDCCAXwwCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYe
RWFzeS1SU0EgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBQSGG+S7wZ0
V4+lpjuJuPnLCrCImjCB6QYDVR0jBIHhMIHegBROgh4UgeubyHEssSJokL/u2dT/
1KGBuqSBtzCBtDELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UE
BxMGQmVybGluMQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2Vy
dmljZXMxGTAXBgNVBAMTEFZQTi1LYW56bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBL
YW56bGVpIEtpZWwxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZYIJ
AP5ZrV6+kAU+MBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDATBgNV
HREEDDAKgghoaC1sdWNrZTANBgkqhkiG9w0BAQsFAAOCAQEAWC+QrydsgsXQCVQ0
LZUd3es1NS6ClTPkY7+f/CZYWpFQP8qW3dB3W+S33qRRcOvyXP1m8k480EFejCXK
qO8cUdKtDD4gFZccp+zWXKaZpmMjGm6WepqfhgDdtKcN2XdKvgwowy96c9JP78b0
igGwfuI8bUF/dVgHMlkT6X+PIhl77OEh2bNUbpfeNlPCjr2+e70mCVcHji060D7T
l4uh4pHJwi2JINLkZfh3m1xPvQU7h+K9D3Z9k/IL7yxFdAY+6tmG8VUjigDC7cN5
NH29yAzC5fSyKO1xdDkc8s+s8Di5ufRBNVgcbflPzh7t7vcGlflOf8Gq1z5ShHIB
ZQ21Jg==
-----END CERTIFICATE-----
</cert>
# Client Key
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIXEjPaNf5KGgCAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECNdZNDlsLt4gBIIEyOzgTgA/V6IO
pWGeNhluCi3s8PPytWN35z5mSE3N1ErEveJ65W865nNJkqnDR9a7RVciE++KhWs5
CYoopoGcUyadyfKIe9HkOplxeZsy1qHoMYDNQqww4cr1BV3erA6OkW4XJ0RMZcyu
aCdU649EmdDPmESmW23Q4getgX8sHC0/Yw3GHpZ8jqh3tH5HYJt2/MAQGAtlIlOn
MW4cE9ZcWuD0DXH0sjakovu4UqxefOmmYEWhS9Rt1hfu7rE0Tb4Yvl3lzR7ke+NF
IAobjcDtGvTr+XxUyhLY57I8qlK0uooyziHhZWusu358mjWaTifqFUN2NRw1rgqp
FoMvkSeyGTPrMO9eY1N+QLw9KZ2/Sd+1KcLhOGHyc5DhL6YmlhxsnMJDUiqrDC/v
j191WT41+yBSqfVY9PgKU3B1e/kEGWM+JZUz5Wpx8wP9NREjX+JUBkiTcvbho61D
3qxHFrqbcic1gKcCQ61c7dV2c/cH9EAYl426qzTclmw0fL1rKjutUJ6USq05gcNU
e8ugKz5xR/EyiUKx1iPRlKd1EJORX5n+XdTNhvJuO2x5CXmT28Snv7ZpQEC3Qpt+
P6f8hm1c2Dmc05wePoc4fbPL4j47fG45EXWeMw2gAPzWuGkVEN2zUSRf43e985/k
E3nzQVwXZ1K3zg80PEv9BcmH3aA0I0Vp4b3EH2gVi5Zxcf8fZoqVKBWppFND29pN
hQ9Vnlu1R/LQ9I4OFO+txmuEADCVh4KNzZBfPwdz5ZiPAtw3jFpYSbbsC+nbha+4
sW3HwDwCqF8tXBNyVFI5Vk5Saagu8Rj4/ng4NuEHVFIJD3Ul5bKb4Li2Ld5HGMmc
WU7XTwBO08onPZp/EpYem8LQ3fPmwKIdyiWDc7gOIeHgLp0/y08aJTcacYBpInfq
o3Ne6z/drZErYRie3r7NCpzCt3xzEcQhfMi3PxxTOMOU3cdEtQhkAq+XruWesIOS
U4/Kgv59K0wpMmg8Ezg9qKrDnwylNhab//sC3IT6/CjHsvHAmMyxwRVaPu4420l1
uK8fZPCHSmHeuR+A2iEiQMBmCWE51BIi3tOH25PhkibpZHD4RcN5b+Ws7lCbFF1s
fCsYoVLEufzEZdsr7LkDpMdfvwJXt2BqvwRuNwoV5VnuVLI+yfnkak4j/pt9Vwvy
hAqSCdzjxp6Sor/5tJBs7mfGQHO3ULgp3bVkuELnzHEOyUq1h3BOpk6VDnk9t2VI
xg1WVr6gztKdvtjnfFoguE+Wdd6N1XGMxlBzzY7BM1TIXQM2k9mM6r5ACoy17/Xr
M8aS8BQJ+M+dUVKTm0fMLPVOCqmIlmVwZRrJybwc0+Qx8yzLNGTbwHUlBZ0xct04
JLrpH4vuzbewKIXCPQn9iCtmSNuHOkdaryKaVF/IrM2QXMl20WG3OMtazDnvYGP9
NTyyDQp1CMug+WSH3aEhs65pHHMjxj/I+4cH8CcggKbencG5QF2ztBcP0RK+Facl
YK4IEMkrCdorkY6MAOhLKhAOGPcYFSDgLwAvrN/xVLTkZg7Y2jR8gD33QZh9TDrl
vn9D5Se2xoGt6F9P3HuGnRSNgSK572ViPoMXqqjEJz4SShPwCWyUn5PDwYhJhBJs
UWrDe94SSE93IuXItNGO1A==
-----END ENCRYPTED PRIVATE KEY-----
</key>
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-server
# script in the easy-rsa folder will do this.
#
# Note!
# The option "ns-cert-type" has been deprecated since
# version 2.4 and will be removed from later distributions.
#
# Use the modern equivalent "remote-cert-tls"
#
;ns-cert-type server
remote-cert-tls server
# If a tls-auth key is used on the server
# then every client must also have the key.
#
# Don't forget to set the 'key-direction' Parameter if using
# Inline Key. Usualy , sever has key direction '0', while client
# has ke direction '1'.
#
key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
36188fa3977457d267ecae99373870f5
ef6e44a8899d4f5ccc831e9d2dbc31ac
e171c7e8e49e0d2edd43c3834a2d0099
236aa4924c80971b0a34310eb69b70e2
fbe85a7395cc10bea13ad09efa46d738
f594c332d26c068b289ba96bbb1f661d
efb873b76137057a62b4e27b522cfce6
aef7ea67ec2540b00b4782780352addf
2f7722d1edd40a8f3de3b0295e2da07e
b46d196a4cbfd85e47739dc320af6584
eb960e2c5ba27bf2f56381f8eb3ceaf7
cc72d829ab05aaca6fbb205b78606ff8
cc58bc336adb644adfb0034f9974b7d9
f2b1308249cd74ecb555a550af6af1ad
b15a3f03ecef5f89fa70d2fada97a1b8
6179b0d487a6e3196209d053597a7416
-----END OpenVPN Static key V1-----
</tls-auth>
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
cipher AES-256-CBC
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
;comp-lzo
comp-lzo
# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 1
# Setting 'pull' on the client takes care to get the 'push' durectives
# from the server
pull

228
Kanzlei-Kiel/openvpn/client-configs/hh-suesse.conf Normal file
View File

@ -0,0 +1,228 @@
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote gw-ah.oopen.de 1194
topology subnet
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Try to preserve some state across restarts.
persist-key
persist-tun
# Server CA
<ca>
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIJAP5ZrV6+kAU+MA0GCSqGSIb3DQEBCwUAMIG0MQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEZMBcGA1UEAxMQ
VlBOLUthbnpsZWktS2llbDEZMBcGA1UEKRMQVlBOIEthbnpsZWkgS2llbDEhMB8G
CSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlMB4XDTE3MDYyNzIzMDc1NloX
DTQ5MDYyNzIzMDc1NlowgbQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4x
DzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3
b3JrIFNlcnZpY2VzMRkwFwYDVQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQp
ExBWUE4gS2FuemxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29w
ZW4uZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFxAf/gwUw+PD7
xYRGHHmYzbjP/hl+cx60qwGZYbyitlIGIZ/0EjzSxyvL47EAB0gBHWuSofYD2L1d
k9mYKLbBCAk+VdV+O1rPuE3DSc/T01vEEhlqYGfm6iTgKTLeIWFaPE4k5rNgGM+F
A0LZXdWnH6/xj7Vp55UWl/G7/rzptKY9XTdBuV8pqFl1Cvs0dLlFG8JMyrl0ozEf
w8cI8dyLsTSZWBEOEAaQQmwOE8WEPXwAhgXDzsQfXdMsKJlfMgM1nOlflux0AftE
0Hi+jgTV9uvcjssOetpyf7fmsjvLwsoEIrgZcYK9cUtpO/sAuvDIo/cgbV3SBNIP
68jXrrmvAgMBAAGjggEdMIIBGTAdBgNVHQ4EFgQUToIeFIHrm8hxLLEiaJC/7tnU
/9QwgekGA1UdIwSB4TCB3oAUToIeFIHrm8hxLLEiaJC/7tnU/9ShgbqkgbcwgbQx
CzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEP
MA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRkwFwYD
VQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQpExBWUE4gS2FuemxlaSBLaWVs
MSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGWCCQD+Wa1evpAFPjAM
BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCxLfN8SL5ANfwfU0OKi0MH
cXlk2czIC9pcfrMaVp6gWgUKEqmNAC7NOqv8rN+fHXmfQhQ58s7SDqEJgYlfpwyW
mAIT6D72NN2z8t4iYhu48R1fV+Ml7g9LfCtSOpJXezpzylKvNKAQL7QYOYsfZN1N
SCIDyf9Ub65GLDiWmi3nrOUBlYO0yFddJ3c1MtU3aUAucMZGGGwORtEswqVzMcw1
ZbQppHcWiwJ4nFNmTC6d2nct1ELrv2ckaaPT+HazFHVtiqkQ2yoYQwoZhjZqOAPp
uxIR5f7mS9PtugPSuvf4aftN+7DZq6otfTEmOoIoN0dznV60Jc8xTQkzHuNRjwVi
-----END CERTIFICATE-----
</ca>
# Client Certificate
<cert>
-----BEGIN CERTIFICATE-----
MIIFcjCCBFqgAwIBAgIBDTANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xODA2MjAwMTE4NDBaFw0zODA2MjAw
MTE4NDBaMIG+MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
aWNlczEjMCEGA1UEAxMaVlBOLUthbnpsZWktS2llbC1oaC1zdWVzc2UxGTAXBgNV
BCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBv
b3Blbi5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM5HTV+tr9x4
Gaw3ZnsKnge3QAxyNG3Ta6S3YllKFpZ6q/ZQGqdoX7Hrj2il8FbKmxJ6mCByajvL
LPCwX8toQAES7aea4dAyYXZ3R8tgMHrhwUqk7r8U04AVRRlyBiWiK5XTKBM3mbhl
t/UcDnsRzszsYmEGv09Uz+6dYzlcaHNiNjKJZYfcOZGy53X/q5RRLr7tzt0eO7DD
jF1dkRrnbe/nP5VzShetIJ4EiRkdy48Pg6r18kTi24bhD/TCIx8WLfs5j7AnVgWc
lbhNx07j1mvKUh7qB380ykS0UmFwWrUNCFaTViQDOOnX1DVG/Qd2m1nTQMwb5u8l
2DB7qJ2u/2MCAwEAAaOCAYEwggF9MAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAW
HkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUZfN/lRCx
SA0SjnsTHrjM5RD50IcwgekGA1UdIwSB4TCB3oAUToIeFIHrm8hxLLEiaJC/7tnU
/9ShgbqkgbcwgbQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNV
BAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3JrIFNl
cnZpY2VzMRkwFwYDVQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQpExBWUE4g
S2FuemxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGWC
CQD+Wa1evpAFPjATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwFAYD
VR0RBA0wC4IJaGgtc3Vlc3NlMA0GCSqGSIb3DQEBCwUAA4IBAQApGaMEsj00yDyE
Aqqd2PjodW0wNnonTKpnzpI2DJl+Qapr8vtmMy8h6fzFxTTNf6GeY6iZbYZPdHOH
pdRfWTZh0nFq5roRoYfglyuBqeB6qpWGYs+dIDm1Qbhbb3pXtHKdU/f00XJviyOQ
OFZTl/LO4L12Vv/09H9Y18OU/XyPimMuSYTWhbNtrd5eLps353p3sEVjWY+gbJ8g
GxDLPIi5YWF72rhpl4wHqHVXpbtKH1dTbRtLm+kseFVN6MvnzvhhnuQEYz9srThz
dGEDJffJbNlCwACM75OczQmchP9Drhz+hR3DDOemCT1IYCJqaYxu3ZgwzOIDxfGB
KFTBa2Y4
-----END CERTIFICATE-----
</cert>
# Client Key
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIRrW75zSeh/gCAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECM/ACjLMnFOqBIIEyH3tvetavQ4n
r+z1sBiLqhhfjqR0KVWznMpRWnwClNdu3XqQOYjRYRTcmMX1ILE7ifsyMfYNqmtw
df1zCB0qc4rpg+FGMjEAJpGuU2uxcN85nTvRI7l7y8iIi5Bffjr44eMfitLjXRat
XxZrkHIsbSpEhDeNBC5Pc9TCuqJY7PLac3a3JR0qNib+Ucpp9I8gWEW6FHrobSbG
mSpEZe+w7uoAq5tcaJy8yHAzVQfmh0TJK09mhiXdKEmDipcaWDyCeXX+8Ck9sY/I
Ykm5Fi/HrlAwMRYO834cWdBN1Zle1Prnn2xuOJsIKKTw/XktpOzbvOlykNgzVrvJ
VbGfydf7DpN9Z6QkX+b0DrwYP8B3ZJyFVoFSyS4x7id6SXhsV5QMa7Rpr61g5Eag
C3rcqwupmYqqirAHPMNbsjiV7APhGtXiGkoHZyDWe3NTzm6hMzYIbDcFtjIUEgyH
htqd33oUNkSbrx0BWBQQulrq/kjYTcJpc19txJSvdBJZeNemxxcrr73EXI1GOhJL
wKSP91yp7VPIE7S222eD1Q4hOvFHo/RTcaXXLUCX6MXH0kpLatf4iO26/FffRVxG
+Ds/5IGTCjfLlj/Z3FiFkRbC7Ra7W8qkGdfykVvMkmjgEZBVFRzVZpPkTrvwa3J8
93BlheE6bi6iGkvd6fRgLHl/029k3Rdt25Thfy/yXYWsXRJqc8J3/2ADjVFv0M0G
wW/O2WtIaHeMK3g/KNgGIc+Gui+2UFy26VJOK+xA5pxMtr80+o01D1RKkrriKEXP
qPtw/haSBpGKxn+RusujcNoRlwOC0oVHWvN7NqMaRJR78Zite2tECphCE454bl+g
SpjGei9O0OajCNe+RraWgAL4uhE51RUiLqbrx+Rt6NhZxxTQ4nqOzeI5sHIerIAy
YmMgWzjJljFwKSKysyjda1AVXSVtb82EXBko9ezmcTFtfvZIrx3w6pd0IXAh521j
y6zYiAdp+4wZzuL54wZYk1t8ZG7dcA/iXY+RTS9PVkXveDHF2c6jgmBEjJtoxBMM
WHdU0iE2pr7lSqmznr5wxZ2rcXCuUGYUCqdYAwdD4o8OLouWXhYtMdFcGrx6ouc9
9YFwZR8qpeNHyEzJplxBIgLQ5maDm2pwpCAZXauU5zLZ1L35B6lF79+TUNQjqtSZ
QI75KiukKh34a3a941IjALjXqrp+CzDCjdmww/R291oW3KeJ381E/k8+lZi9M8d9
ZdCchKVpLOrixRCw5r7ItWczeFpVukdWuf2CzqHEzEz6r42IPbITAkrqChsm2UHh
v3xrAk/JySmDL2D+iIapGTxlDto7Sf5D1AxKqvb3xWyReG01mEzYn6sxzng/BpNB
7gkouadIUGsSnzz3gqGuBWUjMVa6Xq0bf9onUrfRk/6e6I3maWOpkTsn2x2nkAwm
kgyA2PEZ1HcKyxQM6C4JOSAcLMZI4cDsA8/V6vwwxY249HhPGDtfDvUTpDipogW7
D5qWyVsNpaeKPmAf5C8Wm5M9ikgQTJ2woCkkpzi9pn4K/j8s94sam2rAxTnTksKS
GYnA1Tq6s6jyVYXqf4wE3Oh5AJoy3uQ0NQZW9QIobK0gIibNk+MUZbsXffKidbU3
qxWilBX7I6N07FjmO1fYTg==
-----END ENCRYPTED PRIVATE KEY-----
</key>
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-server
# script in the easy-rsa folder will do this.
#
# Note!
# The option "ns-cert-type" has been deprecated since
# version 2.4 and will be removed from later distributions.
#
# Use the modern equivalent "remote-cert-tls"
#
;ns-cert-type server
remote-cert-tls server
# If a tls-auth key is used on the server
# then every client must also have the key.
#
# Don't forget to set the 'key-direction' Parameter if using
# Inline Key. Usualy , sever has key direction '0', while client
# has ke direction '1'.
#
key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
36188fa3977457d267ecae99373870f5
ef6e44a8899d4f5ccc831e9d2dbc31ac
e171c7e8e49e0d2edd43c3834a2d0099
236aa4924c80971b0a34310eb69b70e2
fbe85a7395cc10bea13ad09efa46d738
f594c332d26c068b289ba96bbb1f661d
efb873b76137057a62b4e27b522cfce6
aef7ea67ec2540b00b4782780352addf
2f7722d1edd40a8f3de3b0295e2da07e
b46d196a4cbfd85e47739dc320af6584
eb960e2c5ba27bf2f56381f8eb3ceaf7
cc72d829ab05aaca6fbb205b78606ff8
cc58bc336adb644adfb0034f9974b7d9
f2b1308249cd74ecb555a550af6af1ad
b15a3f03ecef5f89fa70d2fada97a1b8
6179b0d487a6e3196209d053597a7416
-----END OpenVPN Static key V1-----
</tls-auth>
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
cipher AES-256-CBC
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
;comp-lzo
comp-lzo
# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 1
# Setting 'pull' on the client takes care to get the 'push' durectives
# from the server
pull

228
Kanzlei-Kiel/openvpn/client-configs/molkentin.conf Normal file
View File

@ -0,0 +1,228 @@
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote gw-ah.oopen.de 1194
topology subnet
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Try to preserve some state across restarts.
persist-key
persist-tun
# Server CA
<ca>
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIJAP5ZrV6+kAU+MA0GCSqGSIb3DQEBCwUAMIG0MQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEZMBcGA1UEAxMQ
VlBOLUthbnpsZWktS2llbDEZMBcGA1UEKRMQVlBOIEthbnpsZWkgS2llbDEhMB8G
CSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlMB4XDTE3MDYyNzIzMDc1NloX
DTQ5MDYyNzIzMDc1NlowgbQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4x
DzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3
b3JrIFNlcnZpY2VzMRkwFwYDVQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQp
ExBWUE4gS2FuemxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29w
ZW4uZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFxAf/gwUw+PD7
xYRGHHmYzbjP/hl+cx60qwGZYbyitlIGIZ/0EjzSxyvL47EAB0gBHWuSofYD2L1d
k9mYKLbBCAk+VdV+O1rPuE3DSc/T01vEEhlqYGfm6iTgKTLeIWFaPE4k5rNgGM+F
A0LZXdWnH6/xj7Vp55UWl/G7/rzptKY9XTdBuV8pqFl1Cvs0dLlFG8JMyrl0ozEf
w8cI8dyLsTSZWBEOEAaQQmwOE8WEPXwAhgXDzsQfXdMsKJlfMgM1nOlflux0AftE
0Hi+jgTV9uvcjssOetpyf7fmsjvLwsoEIrgZcYK9cUtpO/sAuvDIo/cgbV3SBNIP
68jXrrmvAgMBAAGjggEdMIIBGTAdBgNVHQ4EFgQUToIeFIHrm8hxLLEiaJC/7tnU
/9QwgekGA1UdIwSB4TCB3oAUToIeFIHrm8hxLLEiaJC/7tnU/9ShgbqkgbcwgbQx
CzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEP
MA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRkwFwYD
VQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQpExBWUE4gS2FuemxlaSBLaWVs
MSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGWCCQD+Wa1evpAFPjAM
BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCxLfN8SL5ANfwfU0OKi0MH
cXlk2czIC9pcfrMaVp6gWgUKEqmNAC7NOqv8rN+fHXmfQhQ58s7SDqEJgYlfpwyW
mAIT6D72NN2z8t4iYhu48R1fV+Ml7g9LfCtSOpJXezpzylKvNKAQL7QYOYsfZN1N
SCIDyf9Ub65GLDiWmi3nrOUBlYO0yFddJ3c1MtU3aUAucMZGGGwORtEswqVzMcw1
ZbQppHcWiwJ4nFNmTC6d2nct1ELrv2ckaaPT+HazFHVtiqkQ2yoYQwoZhjZqOAPp
uxIR5f7mS9PtugPSuvf4aftN+7DZq6otfTEmOoIoN0dznV60Jc8xTQkzHuNRjwVi
-----END CERTIFICATE-----
</ca>
# Client Certificate
<cert>
-----BEGIN CERTIFICATE-----
MIIFcjCCBFqgAwIBAgIBCjANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xODA2MTkyMTQxNTNaFw0zODA2MTky
MTQxNTNaMIG+MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
aWNlczEjMCEGA1UEAxMaVlBOLUthbnpsZWktS2llbC1tb2xrZW50aW4xGTAXBgNV
BCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBv
b3Blbi5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMZqwJKDtQxG
h45+wyyHtVUZQ+qRhLAgLp/FZFpY6Xz1lSY8NIbEHSPpeH0QfYS4KRT/AMsTOqL7
zAy9nluZG8YLqkcni/NhDDaizPH9xk3Msdrpe5N2U1KZkCddD12OHkwa/igX3M0e
8xl7OCYqtDOA0Dh+gOZu6e5pa4tYIks2tnsXC6CK1PPEdgGkrRyH3WVqQN5py04l
EMZM+d+UEXgS5nQVsSvnQQhQxt0x9JiAb++CF2geq1kM2HJUHWsJLp+IJ5B24ZdP
21vv4a9MED/rUeangriVxj0Zph4W9i/3bYtMne6qMjumc2cOuAGNKESNBSo8nlE/
CdBeRNjcR80CAwEAAaOCAYEwggF9MAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAW
HkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUcl2LsdAN
GDmbssHt2DssMEW38xYwgekGA1UdIwSB4TCB3oAUToIeFIHrm8hxLLEiaJC/7tnU
/9ShgbqkgbcwgbQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNV
BAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3JrIFNl
cnZpY2VzMRkwFwYDVQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQpExBWUE4g
S2FuemxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGWC
CQD+Wa1evpAFPjATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwFAYD
VR0RBA0wC4IJbW9sa2VudGluMA0GCSqGSIb3DQEBCwUAA4IBAQBEUBCWZVQJ0am3
sA9NUEVK7Kfr+xcVRL4OsXAsBddG7upZOpJS8ojlEYbCNFqUkih0tGvjMdHTTci/
KmoaHVHKpMm7pG3DiW+vnGgFcO9pVakLLjAdpOjSpVPhUYKA236rHpCKm8WnbP3N
bYlBeaKu+RsZgymYLobWw5feWLMKNLFzmu0qnhipe/qdDP6ctGju3nwtQEwh4r4Z
7+uR4xEfVZraLw2x+7EwroMwu+8YZF5X3m+3ylgGBkopGiX1cUo5SoNE19hi6jEY
K9HsTz5LsYJBdhB/fOSVKOY+4MOC2IfbVgpNrcwiBdF2CrnZCwg9NTTS5yWpauiq
PePBcAAq
-----END CERTIFICATE-----
</cert>
# Client Key
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIhT82G+86y3QCAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECHY/+Su7BqkgBIIEyIyaJBc3qqTh
pIhFPfRyyn8CKIS4czpHbPOAfO3CGm+Jhkv8x9xpgv22+lg2t8fp5Tbc5lDEdI9n
WQaXiwtlgLTkh8h3HxMnz63nQ3Noh+GIVlowLz+mxGw3rjXyOKgmwdJc2RLijaM8
Ug2E2Umx7PH6w78ILrt6edj6VapzGs8frlRYcB+w4eOnX3aDA+hIH5jkmKTiJF9o
bX3OzscISbak6od/FqMj5SNXMDVQd00wpmOqx/BUPdUWgK+yKjr1OG7QtihsrkwQ
Xwan+8OWUvlxWZbOgALWVKACZxgSQUxg9KUY6xZa/yYo2fgUjeaFd7eimi6cATER
Zc/zW4Dueo5PxnKw3F4VK44QyL2817EdrUvTKFJKE9mPS1szBFdqhbsN7OO91ked
rSzE84CijhuTuMZ58afQp/nueTSlswFl/MwftTJo6lRR6gNzoc3E2HL4fV+tYUdk
oV4vb0HBLxbSX1vIG2pcST4V7VhTqXvGbKNqv0a1zFz1s+tK9cJV1OstTmqyIsSx
MEM8AYNmwC7ww1sbdTYCPtoHlvlK9edgzA4ojbGGLVE84P7BSNrAQiTeanGYROZr
yw4ZRAQOonv091+2sBQTVJkiuTu78yAxoVXWjCwhb3E1YX/h/5wmtViB0uRt9SOB
zPi8qZWWHi8SLBBVQ2YTj6dotZN3Zy9SxbKn/p9AjoNMX4En/bvfZyMHcqKjfJUD
tIXNQUOglMVRoJ4JR6legma9v+QCtptiDUHm+4Kw40zgHrL4UZbvf49a9itbz1Ti
aiOzMBlpZGuv9D5HQrnxY6v4kWPlbvWHVLtPd335rOpNfCR9Mdp8ZDH4QpOkjWKY
07JgaBt60mmzZwO7skUVJyiG8MC9k4BZ9OB08IQPMvKiLzGAYcUl8455tM98KBZ0
oDCRsq+/osDuCusJo+cRkIuhoMkEL1AkrNYZNbZnxJH7O9loFxwyzkAphcKFDsKf
eFl1I/k5aMmWEzMrosoVfaSe1Q71EZOpE4AM97/whTAl1ZyI25yKtvcdmhzTRO6c
geuELG713eEP5F6HuCWwb4EL/7XeTH5fIXvOrrNlArTLf4oVceVC0oHntI6dqtly
BKdkeaRMBmINWTIcSgf18b/+EVZf723IHJsnodyWw1AssXSfyxzw7e5L4H8isQI4
AAUiZjU4O3xRWnuuz86ikcDWsZ4AQoWePOZvqr2kXqArLTG/EBXaR54cVHiQMr/z
11C7lIJ1OuqnP1/aFbSti1tnbiGK24LpJAW0ycvcj4JBLNxd3KlQs6yjtpLExjtn
MbUArEROdJnJmmQ1kuTZII87vnhkmzB6EQslqfXKCpDc9w7WGv7Yuqf2r7vOhuGG
eIvtwX+sqzO29UKJNCxe14TMZpQpe6Oyewk4L5xUCLjNpd9qmm2Oc/At/N2k85Ct
4BcWvNrpBklLgTR2+Hiiw3tS34pZ5VJdUlYHN0ZPbChqYIjeqhBQsYktoLAoVkDv
p+w/DuErEV4S9SxhwMHHlMZXpQIGYs+aGaJiTgYmos6Wxgg3Pnz95pN3w7KUd+Ig
5BL2d0ZfmC8Wm/h4RdGeZZYHmA4dl1n+8D6Pycm02f/LXNoylsbge4kvzOoV2U8J
b0ZWRsYKxyssZP8ZWc6QZw==
-----END ENCRYPTED PRIVATE KEY-----
</key>
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-server
# script in the easy-rsa folder will do this.
#
# Note!
# The option "ns-cert-type" has been deprecated since
# version 2.4 and will be removed from later distributions.
#
# Use the modern equivalent "remote-cert-tls"
#
;ns-cert-type server
remote-cert-tls server
# If a tls-auth key is used on the server
# then every client must also have the key.
#
# Don't forget to set the 'key-direction' Parameter if using
# Inline Key. Usualy , sever has key direction '0', while client
# has ke direction '1'.
#
key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
36188fa3977457d267ecae99373870f5
ef6e44a8899d4f5ccc831e9d2dbc31ac
e171c7e8e49e0d2edd43c3834a2d0099
236aa4924c80971b0a34310eb69b70e2
fbe85a7395cc10bea13ad09efa46d738
f594c332d26c068b289ba96bbb1f661d
efb873b76137057a62b4e27b522cfce6
aef7ea67ec2540b00b4782780352addf
2f7722d1edd40a8f3de3b0295e2da07e
b46d196a4cbfd85e47739dc320af6584
eb960e2c5ba27bf2f56381f8eb3ceaf7
cc72d829ab05aaca6fbb205b78606ff8
cc58bc336adb644adfb0034f9974b7d9
f2b1308249cd74ecb555a550af6af1ad
b15a3f03ecef5f89fa70d2fada97a1b8
6179b0d487a6e3196209d053597a7416
-----END OpenVPN Static key V1-----
</tls-auth>
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
cipher AES-256-CBC
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
;comp-lzo
comp-lzo
# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 1
# Setting 'pull' on the client takes care to get the 'push' durectives
# from the server
pull

227
Kanzlei-Kiel/openvpn/client-configs/schaar.conf Normal file
View File

@ -0,0 +1,227 @@
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote gw-ah.oopen.de 1194
topology subnet
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Try to preserve some state across restarts.
persist-key
persist-tun
# Server CA
<ca>
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIJAP5ZrV6+kAU+MA0GCSqGSIb3DQEBCwUAMIG0MQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEZMBcGA1UEAxMQ
VlBOLUthbnpsZWktS2llbDEZMBcGA1UEKRMQVlBOIEthbnpsZWkgS2llbDEhMB8G
CSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlMB4XDTE3MDYyNzIzMDc1NloX
DTQ5MDYyNzIzMDc1NlowgbQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4x
DzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3
b3JrIFNlcnZpY2VzMRkwFwYDVQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQp
ExBWUE4gS2FuemxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29w
ZW4uZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFxAf/gwUw+PD7
xYRGHHmYzbjP/hl+cx60qwGZYbyitlIGIZ/0EjzSxyvL47EAB0gBHWuSofYD2L1d
k9mYKLbBCAk+VdV+O1rPuE3DSc/T01vEEhlqYGfm6iTgKTLeIWFaPE4k5rNgGM+F
A0LZXdWnH6/xj7Vp55UWl/G7/rzptKY9XTdBuV8pqFl1Cvs0dLlFG8JMyrl0ozEf
w8cI8dyLsTSZWBEOEAaQQmwOE8WEPXwAhgXDzsQfXdMsKJlfMgM1nOlflux0AftE
0Hi+jgTV9uvcjssOetpyf7fmsjvLwsoEIrgZcYK9cUtpO/sAuvDIo/cgbV3SBNIP
68jXrrmvAgMBAAGjggEdMIIBGTAdBgNVHQ4EFgQUToIeFIHrm8hxLLEiaJC/7tnU
/9QwgekGA1UdIwSB4TCB3oAUToIeFIHrm8hxLLEiaJC/7tnU/9ShgbqkgbcwgbQx
CzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEP
MA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRkwFwYD
VQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQpExBWUE4gS2FuemxlaSBLaWVs
MSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGWCCQD+Wa1evpAFPjAM
BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCxLfN8SL5ANfwfU0OKi0MH
cXlk2czIC9pcfrMaVp6gWgUKEqmNAC7NOqv8rN+fHXmfQhQ58s7SDqEJgYlfpwyW
mAIT6D72NN2z8t4iYhu48R1fV+Ml7g9LfCtSOpJXezpzylKvNKAQL7QYOYsfZN1N
SCIDyf9Ub65GLDiWmi3nrOUBlYO0yFddJ3c1MtU3aUAucMZGGGwORtEswqVzMcw1
ZbQppHcWiwJ4nFNmTC6d2nct1ELrv2ckaaPT+HazFHVtiqkQ2yoYQwoZhjZqOAPp
uxIR5f7mS9PtugPSuvf4aftN+7DZq6otfTEmOoIoN0dznV60Jc8xTQkzHuNRjwVi
-----END CERTIFICATE-----
</ca>
# Client Certificate
<cert>
-----BEGIN CERTIFICATE-----
MIIFbDCCBFSgAwIBAgIBCTANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xODA2MTkyMTQwMjFaFw0zODA2MTky
MTQwMjFaMIG7MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
aWNlczEgMB4GA1UEAxMXVlBOLUthbnpsZWktS2llbC1zY2hhYXIxGTAXBgNVBCkT
EFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Bl
bi5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKAl9KwrJEY48kbO
XtG6vxGxp8AnOZe6iFym+KACyXX0rlJckTiFrptKl4CGTdrcz/7T2F51g1ZLHkI9
VQ2aLDB+Ucjou0WZwvJ2UeigYlt8LUSReM7qC5rcoZCHTgKDUGUr/+8Ste7nYYGJ
I/a5VDvdCdB8o8Y/++3qRpLhaMluETAaLj3P8cGBvt7fceP0vqL6UJ916olD2bWT
ZxD7LIuyhCRz47MZzrkUxQmP3HN6PI6Hxpe+4tzt1GWrQnmwGCyVs6rEuZEXe/GP
vfD1WRJ6iFwJdhmpfGeGD2XVXqioYM7Epb5xxZy5TBuBoDvuWZAbfhmgvh7zXCJ9
cKab3JsCAwEAAaOCAX4wggF6MAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVh
c3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUt2SyE3NU4JQt
Kj2PEgqCG9cXpnEwgekGA1UdIwSB4TCB3oAUToIeFIHrm8hxLLEiaJC/7tnU/9Sh
gbqkgbcwgbQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcT
BkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZp
Y2VzMRkwFwYDVQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQpExBWUE4gS2Fu
emxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGWCCQD+
Wa1evpAFPjATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEQYDVR0R
BAowCIIGc2NoYWFyMA0GCSqGSIb3DQEBCwUAA4IBAQCUdZ5sr8Dlw9MXPAH6Fc6u
N9+0MHocHA6gqL39wvnyVvz/K5eoGiUSoXFags4wVj8gXt0ydpq893GR8DhTKH7O
aSg84wvzrTfWIxYH98JCEpMgVXKuZzHLgRgeiwTg5LeRrT5xGwowpBy6wjthCUjE
jSRVB1B3HuE6dYNIJSnRd2Amv+YNoXJUwShYr7zy3WWaR/GkEP/LeMn1EzvkWqQP
pdh4Xg7ni7lh3+Fyt1879d665qlwWGg8QhHyw7Bu1X8mmZ2R05f0YFZkV99ILSEY
Ab55w/w+T/7RzfNxE1926av0GHhAMr6ybXKxABf1t33Sa9RGZizTY/Lw635l/lqq
-----END CERTIFICATE-----
</cert>
# Client Key
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI1Veh57OJg/kCAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECIGb91ZmXtibBIIEyNonyB+eF+2I
NwQeNXzcqL/jiPNiTN6Wk6VD6OUeDejhXXgoVAC3x8fs+HPMdMqAQCR4gXlCJMCd
W0Jse3QvmH+46KkV6vTLaNV59lZonZIod4lp8J4PQqH8+s6o8SJ9sPypx7C9AbZf
Y+Ibrv6lp4BRu8vL8e5PAUoltv/1NlxDyxALxJzO/wAFOQRNGtjWcSBPKDPXURR5
DGhz/Ody/5LilOpC57KmphlCD4Mx4w94NalsBibE0aumT7I9wKeyHKrkq4sJBUHs
/M22S0blCfXhcvf8bQc1+FzsBWp1+UtRTgEJuiwFRKLK4APxvmXsXpaDBOM02F4K
a1ZFiQtrJLCLPfShV9/DL6rzX/bP/p0kwpx7valpW/nFA/iCRuyNA3isaB+NC9Lm
XaOPETsxPMxS/BsFDiMvryeDC8KEuuAa/WEizq9Z0xWYKvOYgan1HKoWvRvzmiC2
7txnrPK/axiwlha1jMZxTaHCGy6b6w08gz6ss+U1vPT4Qb0fK4Ovnbs8zh1/U8AS
z7kDsLRoxfSUynkYSYJjaJRysqe4YcDCcUisyDRYIQrRYgZk3h2pev1aell91F9R
LgHJ9mWECqB5xni80B/MpPiF/gWqTb316iPse1g+Bp/dAGl1tDHppUl5Z9/wqdMM
9ULtJOZm3EYfgOHNFvpDwNlLFEAB07PO4+oMByL890Ym3tcaoCt+d3fx4jmmaJqA
qqD2Wd+f8628gbhsbGq0Mex2DqAiOig96X9awcknZrs7EQIFvR9cK0wl4uEt8FuF
5tBPPY8Tsjm3jphOw0WBe/E4DuFnQsnNcsKmEOTOn8125UkQbPhlPqCOBMlcw5aK
L7b3ikd79zFTdWgSAao9Sf9/xhHNwsK7IBE32gXO6qD61AnOQgihKzi/ZV2Tp90P
w6I3EZ5oP3BNnPp9l6nvGYe0HnkNqUigcuP0w28M3wj+nX+cFVZD++3uTh7xOJM6
+br+TBQ4HDZ324PqiMXF45KCRvUrQ0ubRa9QxaXGVxpA9Rn8L+nqPkGocrrg1tb8
eeVYxLyQeQqsDBjO7w7rDL1ZHra72we78/3BkMS5gv2tQoAqPhAEv/43J2hyp3cR
0crZ8elxduaYXscDob56mYyBaDjWaOeKbGrm76yB10leEmN9MeHI7kQVur8/J/cI
GjK00zp7dY4/WorFxPFuSFQjeDnvI2bLlqdYaX9d35lLr7s4TYlAXM47+j9QzyMp
Maos/5/uUTkoyKiZbdzE0QoLlGqqoFGCWA6TgpPZHW3uXmf4gU9EQzTVHPcI6h9B
2APQiECFvDPTHtlDaU0f8b14k3KV4KBEBiFCa7yBnVCGOt74tz//cPOft1Jf5vph
QRhgNBw3l6rivM1QnMIKFuM9gqC4xcS6By+2+Ia4Ddo+SIEvDLEHtMs/DnheVkNi
e0TAiruK58J5nvdXf9h91WdqPhQAU4BRGzwtVX0yE8D6nSCvUZfaLT4tukr9kt0H
393u4t1/ruz4hpe4vCngnKDfSk/kbMbXF/XaDzytTO5AoA68CgS5pvhGpmRzVptk
aHglm1S5S3yCB0+ye2jDTBnckUIs+XXy8Uej6fJBon25HD4hyiVPIXkwOB78mhjv
AQwv/QUSTX4l1owOvSvW4g==
-----END ENCRYPTED PRIVATE KEY-----
</key>
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-server
# script in the easy-rsa folder will do this.
#
# Note!
# The option "ns-cert-type" has been deprecated since
# version 2.4 and will be removed from later distributions.
#
# Use the modern equivalent "remote-cert-tls"
#
;ns-cert-type server
remote-cert-tls server
# If a tls-auth key is used on the server
# then every client must also have the key.
#
# Don't forget to set the 'key-direction' Parameter if using
# Inline Key. Usualy , sever has key direction '0', while client
# has ke direction '1'.
#
key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
36188fa3977457d267ecae99373870f5
ef6e44a8899d4f5ccc831e9d2dbc31ac
e171c7e8e49e0d2edd43c3834a2d0099
236aa4924c80971b0a34310eb69b70e2
fbe85a7395cc10bea13ad09efa46d738
f594c332d26c068b289ba96bbb1f661d
efb873b76137057a62b4e27b522cfce6
aef7ea67ec2540b00b4782780352addf
2f7722d1edd40a8f3de3b0295e2da07e
b46d196a4cbfd85e47739dc320af6584
eb960e2c5ba27bf2f56381f8eb3ceaf7
cc72d829ab05aaca6fbb205b78606ff8
cc58bc336adb644adfb0034f9974b7d9
f2b1308249cd74ecb555a550af6af1ad
b15a3f03ecef5f89fa70d2fada97a1b8
6179b0d487a6e3196209d053597a7416
-----END OpenVPN Static key V1-----
</tls-auth>
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
cipher AES-256-CBC
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
;comp-lzo
comp-lzo
# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 1
# Setting 'pull' on the client takes care to get the 'push' durectives
# from the server
pull

28
Kanzlei-Kiel/openvpn/keys-created.txt
View File

@ -18,3 +18,31 @@ password..........: CHtq9MsL93LW
key...............: doro.key key...............: doro.key
common name.......: VPN-Kanzlei-Kiel-doro common name.......: VPN-Kanzlei-Kiel-doro
password..........: 20_Doro_16-45 password..........: 20_Doro_16-45
key...............: bjoern.key
common name.......: VPN-Kanzlei-Kiel-bjoern
password..........: 99p3LVTds4c3
key...............: gubitz.key
common name.......: VPN-Kanzlei-Kiel-gubitz
password..........: hKgJTvx39nH4
key...............: schaar.key
common name.......: VPN-Kanzlei-Kiel-schaar
password..........: 7KKXh37wRq9n
key...............: molkentin.key
common name.......: VPN-Kanzlei-Kiel-molkentin
password..........: qdJd9C3tR3Vw
key...............: hh-lucke.key
common name.......: VPN-Kanzlei-Kiel-hh-lucke
password..........: jMX47zpR9p3P
key...............: hh-kanzlei.key
common name.......: VPN-Kanzlei-Kiel-hh-kanzlei
password..........: RcNd7xgFTV9p
key...............: hh-suesse.key
common name.......: VPN-Kanzlei-Kiel-hh-suesse
password..........: d9xzRPpmzX73

98
Kanzlei-Kiel/openvpn/keys/07.pem Normal file
View File

@ -0,0 +1,98 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7 (0x7)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
Validity
Not Before: Jun 19 21:36:16 2018 GMT
Not After : Jun 19 21:36:16 2038 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel-bjoern/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:ac:20:bd:68:e0:56:e4:fa:ce:ec:7d:13:90:51:
2e:cc:54:ce:c7:1f:ff:03:2b:52:28:87:d0:97:7b:
c3:dc:65:2c:92:ad:fb:3b:1d:42:cb:63:56:8f:1a:
38:d8:d9:f0:12:46:9a:1c:21:2b:11:26:f6:02:89:
f4:b9:08:c1:e3:2c:81:e6:f3:38:2f:d9:ad:e9:ee:
d0:67:12:85:05:14:36:a7:a1:54:60:9f:02:2e:45:
42:b7:00:bf:6f:ec:c1:02:04:c9:f2:e1:32:e2:e0:
fd:3b:d8:87:9a:79:fc:a3:b8:a0:40:2f:10:4f:7a:
39:34:4e:bc:ee:f8:a1:3b:ec:65:b7:80:60:9c:22:
77:a9:cb:90:d8:b2:26:96:b6:9a:b8:c6:35:44:8c:
69:bf:47:56:d5:f4:e6:ef:28:69:0e:e6:e2:81:9d:
bd:8d:3b:8b:24:6b:8c:61:c7:c9:1f:4f:04:84:77:
4e:5b:6d:0d:82:e2:09:e5:51:47:a2:8f:10:2a:13:
a9:8f:5d:cd:97:1d:42:9d:6a:c3:28:ac:45:f4:b2:
73:4d:8f:8a:98:ed:47:cb:7e:a0:8b:5e:f5:93:24:
99:f4:c7:b4:6c:8a:a7:d2:b9:06:b3:c7:21:5b:96:
27:6c:bc:10:25:c6:9a:2c:22:19:78:11:1d:15:01:
b8:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
58:B2:90:25:77:06:EA:49:01:5B:1A:3D:F2:B9:AF:6D:C3:D9:44:B6
X509v3 Authority Key Identifier:
keyid:4E:82:1E:14:81:EB:9B:C8:71:2C:B1:22:68:90:BF:EE:D9:D4:FF:D4
DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
serial:FE:59:AD:5E:BE:90:05:3E
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:bjoern
Signature Algorithm: sha256WithRSAEncryption
74:2a:65:11:6b:d4:23:6b:35:7f:29:fd:55:26:71:90:bd:fc:
d2:29:81:47:61:5b:66:5b:84:61:fc:c4:c7:4a:7a:9f:c6:04:
e3:82:89:40:c8:0d:2d:d3:92:04:53:e2:a4:b3:d3:d7:a2:1f:
03:d0:86:13:7a:b8:bf:70:80:ac:3f:59:f2:ae:f5:2c:7b:da:
ea:94:e1:e2:97:58:02:d8:9e:b2:b2:26:06:14:f2:8a:cd:b4:
61:73:69:61:d1:61:98:4f:7d:29:7e:3b:d0:df:65:02:84:7b:
bf:93:12:3e:9f:2e:07:92:d5:cb:6a:56:0a:e7:ca:c8:fa:8e:
a0:4c:41:cc:97:6f:c1:48:78:33:c4:fa:4e:6f:18:4e:34:d5:
42:5e:24:bc:88:92:e9:c3:a9:f0:52:5d:ab:ac:1f:67:c0:75:
cc:30:8a:40:f7:a4:37:1e:4d:39:ea:c3:61:11:61:b4:d4:c3:
79:19:b8:d3:01:95:e5:e3:7e:57:29:34:2f:61:2b:e1:df:45:
9a:85:7a:17:63:8f:c5:d9:b0:3b:3a:55:46:a5:37:ae:dc:7d:
a0:89:dd:df:11:a8:c5:fa:7d:d4:db:95:45:1a:c4:11:6f:f4:
43:04:d3:2c:3f:d7:83:7d:81:7d:37:98:36:b6:cc:25:db:80:
85:bb:5a:ab
-----BEGIN CERTIFICATE-----
MIIFbDCCBFSgAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xODA2MTkyMTM2MTZaFw0zODA2MTky
MTM2MTZaMIG7MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
aWNlczEgMB4GA1UEAxMXVlBOLUthbnpsZWktS2llbC1iam9lcm4xGTAXBgNVBCkT
EFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Bl
bi5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKwgvWjgVuT6zux9
E5BRLsxUzscf/wMrUiiH0Jd7w9xlLJKt+zsdQstjVo8aONjZ8BJGmhwhKxEm9gKJ
9LkIweMsgebzOC/Zrenu0GcShQUUNqehVGCfAi5FQrcAv2/swQIEyfLhMuLg/TvY
h5p5/KO4oEAvEE96OTROvO74oTvsZbeAYJwid6nLkNiyJpa2mrjGNUSMab9HVtX0
5u8oaQ7m4oGdvY07iyRrjGHHyR9PBIR3TlttDYLiCeVRR6KPECoTqY9dzZcdQp1q
wyisRfSyc02PipjtR8t+oIte9ZMkmfTHtGyKp9K5BrPHIVuWJ2y8ECXGmiwiGXgR
HRUBuHMCAwEAAaOCAX4wggF6MAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVh
c3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUWLKQJXcG6kkB
Wxo98rmvbcPZRLYwgekGA1UdIwSB4TCB3oAUToIeFIHrm8hxLLEiaJC/7tnU/9Sh
gbqkgbcwgbQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcT
BkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZp
Y2VzMRkwFwYDVQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQpExBWUE4gS2Fu
emxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGWCCQD+
Wa1evpAFPjATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEQYDVR0R
BAowCIIGYmpvZXJuMA0GCSqGSIb3DQEBCwUAA4IBAQB0KmURa9QjazV/Kf1VJnGQ
vfzSKYFHYVtmW4Rh/MTHSnqfxgTjgolAyA0t05IEU+Kks9PXoh8D0IYTeri/cICs
P1nyrvUse9rqlOHil1gC2J6ysiYGFPKKzbRhc2lh0WGYT30pfjvQ32UChHu/kxI+
ny4HktXLalYK58rI+o6gTEHMl2/BSHgzxPpObxhONNVCXiS8iJLpw6nwUl2rrB9n
wHXMMIpA96Q3Hk056sNhEWG01MN5GbjTAZXl435XKTQvYSvh30WahXoXY4/F2bA7
OlVGpTeu3H2gid3fEajF+n3U25VFGsQRb/RDBNMsP9eDfYF9N5g2tswl24CFu1qr
-----END CERTIFICATE-----

98
Kanzlei-Kiel/openvpn/keys/08.pem Normal file
View File

@ -0,0 +1,98 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8 (0x8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
Validity
Not Before: Jun 19 21:37:57 2018 GMT
Not After : Jun 19 21:37:57 2038 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel-gubitz/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c7:78:4c:34:f5:53:5d:e7:df:26:42:1d:12:44:
e3:ba:a3:94:df:e4:95:78:0d:cf:6e:e4:10:fa:e7:
db:8c:8a:38:21:44:1e:3b:75:45:f2:93:2e:d5:54:
16:f4:49:7d:08:16:1b:e7:a0:0e:c3:30:76:c5:7c:
77:40:10:e7:e9:26:66:f4:bc:bd:2a:13:1e:bc:26:
3c:4c:71:10:02:b0:f3:ee:4a:21:47:49:21:48:40:
ac:4d:b9:b7:68:1f:8a:33:a6:b6:45:c8:b7:3b:af:
25:14:b9:20:ff:8a:93:b4:6b:5f:3f:26:ef:f6:92:
2d:26:2a:e5:20:06:c6:23:e1:9c:d5:0c:94:7e:b1:
e7:18:71:f4:8a:3b:84:34:85:f0:ad:d3:72:52:ef:
98:92:33:3f:3c:77:b5:d1:4c:10:2b:1a:f5:f6:1b:
71:c1:df:5b:51:82:9f:42:c4:28:95:71:d0:41:a6:
01:7b:e8:5f:d1:35:e4:f1:b8:a2:d5:e9:8f:47:b0:
e8:48:c9:18:f1:97:64:c6:0d:a0:7a:b0:fb:d4:72:
fb:af:a1:1d:b4:23:3a:dd:c8:c6:e6:06:2b:9b:fa:
be:2f:da:f3:47:63:ba:11:72:55:ab:81:e3:aa:49:
99:73:b2:e4:51:de:88:31:1c:f3:91:75:53:e6:d3:
e9:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
B1:B8:24:97:81:1A:7C:83:4A:91:E7:BC:C2:B1:8F:09:F1:95:FD:79
X509v3 Authority Key Identifier:
keyid:4E:82:1E:14:81:EB:9B:C8:71:2C:B1:22:68:90:BF:EE:D9:D4:FF:D4
DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
serial:FE:59:AD:5E:BE:90:05:3E
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:gubitz
Signature Algorithm: sha256WithRSAEncryption
a1:a6:9b:bc:16:5a:b4:bb:bd:a5:c1:91:3f:02:8f:06:2d:4b:
be:76:f5:09:3f:54:59:ab:b0:d2:93:ec:63:f9:22:62:af:5d:
eb:8a:a3:07:8c:10:92:e4:ea:a3:28:7b:3b:9d:5e:53:5a:09:
f2:31:c9:1f:b0:ca:d0:03:f2:e3:4a:03:33:f7:4a:6e:43:57:
37:4a:ce:ca:58:f9:d5:22:c2:0a:1a:7d:c6:68:1e:5a:90:49:
66:ab:c8:83:60:c7:4c:52:32:5b:c3:60:68:e0:48:28:55:29:
1b:8c:4d:26:29:d2:ab:2a:6e:82:ad:fb:d6:ef:c9:02:9f:b8:
9c:ab:ee:0e:0d:bc:5b:53:19:c7:9e:21:85:56:b1:dc:b7:70:
b4:b4:2e:e0:58:d8:9a:d3:49:82:f5:a8:46:60:c8:6e:54:84:
72:ae:7e:15:59:87:ca:20:66:2e:97:d3:03:fb:ed:5c:6c:54:
c4:67:e1:ed:02:ef:d2:b3:f1:8b:24:c3:90:32:51:d7:aa:e1:
15:ea:5e:ca:13:48:f2:ce:6b:27:64:fc:e6:18:3d:7f:9f:db:
23:69:25:ba:86:10:ef:85:da:43:78:75:a1:96:4f:3f:76:cd:
1f:cd:5b:2a:6b:be:3b:1d:b8:22:c5:8e:3c:ac:5f:a6:d6:5f:
39:76:df:cf
-----BEGIN CERTIFICATE-----
MIIFbDCCBFSgAwIBAgIBCDANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xODA2MTkyMTM3NTdaFw0zODA2MTky
MTM3NTdaMIG7MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
aWNlczEgMB4GA1UEAxMXVlBOLUthbnpsZWktS2llbC1ndWJpdHoxGTAXBgNVBCkT
EFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Bl
bi5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMd4TDT1U13n3yZC
HRJE47qjlN/klXgNz27kEPrn24yKOCFEHjt1RfKTLtVUFvRJfQgWG+egDsMwdsV8
d0AQ5+kmZvS8vSoTHrwmPExxEAKw8+5KIUdJIUhArE25t2gfijOmtkXItzuvJRS5
IP+Kk7RrXz8m7/aSLSYq5SAGxiPhnNUMlH6x5xhx9Io7hDSF8K3TclLvmJIzPzx3
tdFMECsa9fYbccHfW1GCn0LEKJVx0EGmAXvoX9E15PG4otXpj0ew6EjJGPGXZMYN
oHqw+9Ry+6+hHbQjOt3IxuYGK5v6vi/a80djuhFyVauB46pJmXOy5FHeiDEc85F1
U+bT6U8CAwEAAaOCAX4wggF6MAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVh
c3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUsbgkl4EafINK
kee8wrGPCfGV/XkwgekGA1UdIwSB4TCB3oAUToIeFIHrm8hxLLEiaJC/7tnU/9Sh
gbqkgbcwgbQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcT
BkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZp
Y2VzMRkwFwYDVQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQpExBWUE4gS2Fu
emxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGWCCQD+
Wa1evpAFPjATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEQYDVR0R
BAowCIIGZ3ViaXR6MA0GCSqGSIb3DQEBCwUAA4IBAQChppu8Flq0u72lwZE/Ao8G
LUu+dvUJP1RZq7DSk+xj+SJir13riqMHjBCS5OqjKHs7nV5TWgnyMckfsMrQA/Lj
SgMz90puQ1c3Ss7KWPnVIsIKGn3GaB5akElmq8iDYMdMUjJbw2Bo4EgoVSkbjE0m
KdKrKm6CrfvW78kCn7icq+4ODbxbUxnHniGFVrHct3C0tC7gWNia00mC9ahGYMhu
VIRyrn4VWYfKIGYul9MD++1cbFTEZ+HtAu/Ss/GLJMOQMlHXquEV6l7KE0jyzmsn
ZPzmGD1/n9sjaSW6hhDvhdpDeHWhlk8/ds0fzVsqa747HbgixY48rF+m1l85dt/P
-----END CERTIFICATE-----

98
Kanzlei-Kiel/openvpn/keys/09.pem Normal file
View File

@ -0,0 +1,98 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9 (0x9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
Validity
Not Before: Jun 19 21:40:21 2018 GMT
Not After : Jun 19 21:40:21 2038 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel-schaar/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:a0:25:f4:ac:2b:24:46:38:f2:46:ce:5e:d1:ba:
bf:11:b1:a7:c0:27:39:97:ba:88:5c:a6:f8:a0:02:
c9:75:f4:ae:52:5c:91:38:85:ae:9b:4a:97:80:86:
4d:da:dc:cf:fe:d3:d8:5e:75:83:56:4b:1e:42:3d:
55:0d:9a:2c:30:7e:51:c8:e8:bb:45:99:c2:f2:76:
51:e8:a0:62:5b:7c:2d:44:91:78:ce:ea:0b:9a:dc:
a1:90:87:4e:02:83:50:65:2b:ff:ef:12:b5:ee:e7:
61:81:89:23:f6:b9:54:3b:dd:09:d0:7c:a3:c6:3f:
fb:ed:ea:46:92:e1:68:c9:6e:11:30:1a:2e:3d:cf:
f1:c1:81:be:de:df:71:e3:f4:be:a2:fa:50:9f:75:
ea:89:43:d9:b5:93:67:10:fb:2c:8b:b2:84:24:73:
e3:b3:19:ce:b9:14:c5:09:8f:dc:73:7a:3c:8e:87:
c6:97:be:e2:dc:ed:d4:65:ab:42:79:b0:18:2c:95:
b3:aa:c4:b9:91:17:7b:f1:8f:bd:f0:f5:59:12:7a:
88:5c:09:76:19:a9:7c:67:86:0f:65:d5:5e:a8:a8:
60:ce:c4:a5:be:71:c5:9c:b9:4c:1b:81:a0:3b:ee:
59:90:1b:7e:19:a0:be:1e:f3:5c:22:7d:70:a6:9b:
dc:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
B7:64:B2:13:73:54:E0:94:2D:2A:3D:8F:12:0A:82:1B:D7:17:A6:71
X509v3 Authority Key Identifier:
keyid:4E:82:1E:14:81:EB:9B:C8:71:2C:B1:22:68:90:BF:EE:D9:D4:FF:D4
DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
serial:FE:59:AD:5E:BE:90:05:3E
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:schaar
Signature Algorithm: sha256WithRSAEncryption
94:75:9e:6c:af:c0:e5:c3:d3:17:3c:01:fa:15:ce:ae:37:df:
b4:30:7a:1c:1c:0e:a0:a8:bd:fd:c2:f9:f2:56:fc:ff:2b:97:
a8:1a:25:12:a1:71:5a:82:ce:30:56:3f:20:5e:dd:32:76:9a:
bc:f7:71:91:f0:38:53:28:7e:ce:69:28:3c:e3:0b:f3:ad:37:
d6:23:16:07:f7:c2:42:12:93:20:55:72:ae:67:31:cb:81:18:
1e:8b:04:e0:e4:b7:91:ad:3e:71:1b:0a:30:a4:1c:ba:c2:3b:
61:09:48:c4:8d:24:55:07:50:77:1e:e1:3a:75:83:48:25:29:
d1:77:60:26:bf:e6:0d:a1:72:54:c1:28:58:af:bc:f2:dd:65:
9a:47:f1:a4:10:ff:cb:78:c9:f5:13:3b:e4:5a:a4:0f:a5:d8:
78:5e:0e:e7:8b:b9:61:df:e1:72:b7:5f:3b:f5:de:ba:e6:a9:
70:58:68:3c:42:11:f2:c3:b0:6e:d5:7f:26:99:9d:91:d3:97:
f4:60:56:64:57:df:48:2d:21:18:01:be:79:c3:fc:3e:4f:fe:
d1:cd:f3:71:13:5f:76:e9:ab:f4:18:78:40:32:be:b2:6d:72:
b1:00:17:f5:b7:7d:d2:6b:d4:46:66:2c:d3:63:f2:f0:eb:7e:
65:fe:5a:aa
-----BEGIN CERTIFICATE-----
MIIFbDCCBFSgAwIBAgIBCTANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xODA2MTkyMTQwMjFaFw0zODA2MTky
MTQwMjFaMIG7MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
aWNlczEgMB4GA1UEAxMXVlBOLUthbnpsZWktS2llbC1zY2hhYXIxGTAXBgNVBCkT
EFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Bl
bi5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKAl9KwrJEY48kbO
XtG6vxGxp8AnOZe6iFym+KACyXX0rlJckTiFrptKl4CGTdrcz/7T2F51g1ZLHkI9
VQ2aLDB+Ucjou0WZwvJ2UeigYlt8LUSReM7qC5rcoZCHTgKDUGUr/+8Ste7nYYGJ
I/a5VDvdCdB8o8Y/++3qRpLhaMluETAaLj3P8cGBvt7fceP0vqL6UJ916olD2bWT
ZxD7LIuyhCRz47MZzrkUxQmP3HN6PI6Hxpe+4tzt1GWrQnmwGCyVs6rEuZEXe/GP
vfD1WRJ6iFwJdhmpfGeGD2XVXqioYM7Epb5xxZy5TBuBoDvuWZAbfhmgvh7zXCJ9
cKab3JsCAwEAAaOCAX4wggF6MAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVh
c3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUt2SyE3NU4JQt
Kj2PEgqCG9cXpnEwgekGA1UdIwSB4TCB3oAUToIeFIHrm8hxLLEiaJC/7tnU/9Sh
gbqkgbcwgbQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcT
BkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZp
Y2VzMRkwFwYDVQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQpExBWUE4gS2Fu
emxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGWCCQD+
Wa1evpAFPjATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEQYDVR0R
BAowCIIGc2NoYWFyMA0GCSqGSIb3DQEBCwUAA4IBAQCUdZ5sr8Dlw9MXPAH6Fc6u
N9+0MHocHA6gqL39wvnyVvz/K5eoGiUSoXFags4wVj8gXt0ydpq893GR8DhTKH7O
aSg84wvzrTfWIxYH98JCEpMgVXKuZzHLgRgeiwTg5LeRrT5xGwowpBy6wjthCUjE
jSRVB1B3HuE6dYNIJSnRd2Amv+YNoXJUwShYr7zy3WWaR/GkEP/LeMn1EzvkWqQP
pdh4Xg7ni7lh3+Fyt1879d665qlwWGg8QhHyw7Bu1X8mmZ2R05f0YFZkV99ILSEY
Ab55w/w+T/7RzfNxE1926av0GHhAMr6ybXKxABf1t33Sa9RGZizTY/Lw635l/lqq
-----END CERTIFICATE-----

99
Kanzlei-Kiel/openvpn/keys/0A.pem Normal file
View File

@ -0,0 +1,99 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 10 (0xa)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
Validity
Not Before: Jun 19 21:41:53 2018 GMT
Not After : Jun 19 21:41:53 2038 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel-molkentin/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c6:6a:c0:92:83:b5:0c:46:87:8e:7e:c3:2c:87:
b5:55:19:43:ea:91:84:b0:20:2e:9f:c5:64:5a:58:
e9:7c:f5:95:26:3c:34:86:c4:1d:23:e9:78:7d:10:
7d:84:b8:29:14:ff:00:cb:13:3a:a2:fb:cc:0c:bd:
9e:5b:99:1b:c6:0b:aa:47:27:8b:f3:61:0c:36:a2:
cc:f1:fd:c6:4d:cc:b1:da:e9:7b:93:76:53:52:99:
90:27:5d:0f:5d:8e:1e:4c:1a:fe:28:17:dc:cd:1e:
f3:19:7b:38:26:2a:b4:33:80:d0:38:7e:80:e6:6e:
e9:ee:69:6b:8b:58:22:4b:36:b6:7b:17:0b:a0:8a:
d4:f3:c4:76:01:a4:ad:1c:87:dd:65:6a:40:de:69:
cb:4e:25:10:c6:4c:f9:df:94:11:78:12:e6:74:15:
b1:2b:e7:41:08:50:c6:dd:31:f4:98:80:6f:ef:82:
17:68:1e:ab:59:0c:d8:72:54:1d:6b:09:2e:9f:88:
27:90:76:e1:97:4f:db:5b:ef:e1:af:4c:10:3f:eb:
51:e6:a7:82:b8:95:c6:3d:19:a6:1e:16:f6:2f:f7:
6d:8b:4c:9d:ee:aa:32:3b:a6:73:67:0e:b8:01:8d:
28:44:8d:05:2a:3c:9e:51:3f:09:d0:5e:44:d8:dc:
47:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
72:5D:8B:B1:D0:0D:18:39:9B:B2:C1:ED:D8:3B:2C:30:45:B7:F3:16
X509v3 Authority Key Identifier:
keyid:4E:82:1E:14:81:EB:9B:C8:71:2C:B1:22:68:90:BF:EE:D9:D4:FF:D4
DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
serial:FE:59:AD:5E:BE:90:05:3E
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:molkentin
Signature Algorithm: sha256WithRSAEncryption
44:50:10:96:65:54:09:d1:a9:b7:b0:0f:4d:50:45:4a:ec:a7:
eb:fb:17:15:44:be:0e:b1:70:2c:05:d7:46:ee:ea:59:3a:92:
52:f2:88:e5:11:86:c2:34:5a:94:92:28:74:b4:6b:e3:31:d1:
d3:4d:c8:bf:2a:6a:1a:1d:51:ca:a4:c9:bb:a4:6d:c3:89:6f:
af:9c:68:05:70:ef:69:55:a9:0b:2e:30:1d:a4:e8:d2:a5:53:
e1:51:82:80:db:7e:ab:1e:90:8a:9b:c5:a7:6c:fd:cd:6d:89:
41:79:a2:ae:f9:1b:19:83:29:98:2e:86:d6:c3:97:de:58:b3:
0a:34:b1:73:9a:ed:2a:9e:18:a9:7b:fa:9d:0c:fe:9c:b4:68:
ee:de:7c:2d:40:4c:21:e2:be:19:ef:eb:91:e3:11:1f:55:9a:
da:2f:0d:b1:fb:b1:30:ae:83:30:bb:ef:18:64:5e:57:de:6f:
b7:ca:58:06:06:4a:29:1a:25:f5:71:4a:39:4a:83:44:d7:d8:
62:ea:31:18:2b:d1:ec:4f:3e:4b:b1:82:41:76:10:7f:7c:e4:
95:28:e6:3e:e0:c3:82:d8:87:db:56:0a:4d:ad:cc:22:05:d1:
76:0a:b9:d9:0b:08:3d:35:34:d2:e7:25:a9:6a:e8:aa:3d:e3:
c1:70:00:2a
-----BEGIN CERTIFICATE-----
MIIFcjCCBFqgAwIBAgIBCjANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xODA2MTkyMTQxNTNaFw0zODA2MTky
MTQxNTNaMIG+MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
aWNlczEjMCEGA1UEAxMaVlBOLUthbnpsZWktS2llbC1tb2xrZW50aW4xGTAXBgNV
BCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBv
b3Blbi5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMZqwJKDtQxG
h45+wyyHtVUZQ+qRhLAgLp/FZFpY6Xz1lSY8NIbEHSPpeH0QfYS4KRT/AMsTOqL7
zAy9nluZG8YLqkcni/NhDDaizPH9xk3Msdrpe5N2U1KZkCddD12OHkwa/igX3M0e
8xl7OCYqtDOA0Dh+gOZu6e5pa4tYIks2tnsXC6CK1PPEdgGkrRyH3WVqQN5py04l
EMZM+d+UEXgS5nQVsSvnQQhQxt0x9JiAb++CF2geq1kM2HJUHWsJLp+IJ5B24ZdP
21vv4a9MED/rUeangriVxj0Zph4W9i/3bYtMne6qMjumc2cOuAGNKESNBSo8nlE/
CdBeRNjcR80CAwEAAaOCAYEwggF9MAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAW
HkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUcl2LsdAN
GDmbssHt2DssMEW38xYwgekGA1UdIwSB4TCB3oAUToIeFIHrm8hxLLEiaJC/7tnU
/9ShgbqkgbcwgbQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNV
BAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3JrIFNl
cnZpY2VzMRkwFwYDVQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQpExBWUE4g
S2FuemxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGWC
CQD+Wa1evpAFPjATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwFAYD
VR0RBA0wC4IJbW9sa2VudGluMA0GCSqGSIb3DQEBCwUAA4IBAQBEUBCWZVQJ0am3
sA9NUEVK7Kfr+xcVRL4OsXAsBddG7upZOpJS8ojlEYbCNFqUkih0tGvjMdHTTci/
KmoaHVHKpMm7pG3DiW+vnGgFcO9pVakLLjAdpOjSpVPhUYKA236rHpCKm8WnbP3N
bYlBeaKu+RsZgymYLobWw5feWLMKNLFzmu0qnhipe/qdDP6ctGju3nwtQEwh4r4Z
7+uR4xEfVZraLw2x+7EwroMwu+8YZF5X3m+3ylgGBkopGiX1cUo5SoNE19hi6jEY
K9HsTz5LsYJBdhB/fOSVKOY+4MOC2IfbVgpNrcwiBdF2CrnZCwg9NTTS5yWpauiq
PePBcAAq
-----END CERTIFICATE-----

99
Kanzlei-Kiel/openvpn/keys/0B.pem Normal file
View File

@ -0,0 +1,99 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 11 (0xb)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
Validity
Not Before: Jun 20 01:15:46 2018 GMT
Not After : Jun 20 01:15:46 2038 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel-hh-lucke/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:a7:2f:9f:e8:e6:6e:8e:31:9d:3a:49:d8:b1:bc:
23:04:0e:6d:a2:ab:2a:19:79:12:74:c9:a8:ff:1c:
42:61:cd:8a:16:23:b9:50:e0:ee:50:74:77:47:46:
52:5d:aa:2b:53:0e:6a:ef:35:6c:03:5c:3f:23:14:
c9:88:f6:80:bc:50:79:9b:64:42:14:f0:e9:fc:a6:
f5:37:a2:9d:46:ce:39:7d:62:a4:82:a7:f4:aa:d8:
2e:6e:4f:8f:6a:e6:54:26:a2:21:b3:b6:4c:9c:e1:
ae:13:9a:82:c5:2f:a0:a5:e5:58:72:2f:c5:88:96:
d4:f8:84:19:1e:cd:7a:cf:0b:0d:81:1a:72:61:ed:
b6:e4:1c:68:be:c5:c1:bc:82:7c:17:91:20:81:b1:
59:62:8f:1b:05:cf:30:84:14:e5:2b:27:64:f0:26:
79:48:ef:4e:6c:87:2b:1e:68:81:5d:b7:c5:35:8e:
6b:9b:18:2c:ca:3e:34:44:7d:21:86:59:ff:cd:75:
0a:e7:d5:81:82:0d:a4:3a:18:ab:7f:44:69:c0:58:
9e:78:28:39:c4:21:75:35:33:6f:a5:12:9f:0e:14:
19:aa:3d:a1:d2:fc:9e:94:df:4b:0d:9b:3f:2f:d6:
c6:1e:83:6e:df:15:a5:39:73:e2:f9:b3:ca:21:91:
62:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
12:18:6F:92:EF:06:74:57:8F:A5:A6:3B:89:B8:F9:CB:0A:B0:88:9A
X509v3 Authority Key Identifier:
keyid:4E:82:1E:14:81:EB:9B:C8:71:2C:B1:22:68:90:BF:EE:D9:D4:FF:D4
DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
serial:FE:59:AD:5E:BE:90:05:3E
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:hh-lucke
Signature Algorithm: sha256WithRSAEncryption
58:2f:90:af:27:6c:82:c5:d0:09:54:34:2d:95:1d:dd:eb:35:
35:2e:82:95:33:e4:63:bf:9f:fc:26:58:5a:91:50:3f:ca:96:
dd:d0:77:5b:e4:b7:de:a4:51:70:eb:f2:5c:fd:66:f2:4e:3c:
d0:41:5e:8c:25:ca:a8:ef:1c:51:d2:ad:0c:3e:20:15:97:1c:
a7:ec:d6:5c:a6:99:a6:63:23:1a:6e:96:7a:9a:9f:86:00:dd:
b4:a7:0d:d9:77:4a:be:0c:28:c3:2f:7a:73:d2:4f:ef:c6:f4:
8a:01:b0:7e:e2:3c:6d:41:7f:75:58:07:32:59:13:e9:7f:8f:
22:19:7b:ec:e1:21:d9:b3:54:6e:97:de:36:53:c2:8e:bd:be:
7b:bd:26:09:57:07:8e:2d:3a:d0:3e:d3:97:8b:a1:e2:91:c9:
c2:2d:89:20:d2:e4:65:f8:77:9b:5c:4f:bd:05:3b:87:e2:bd:
0f:76:7d:93:f2:0b:ef:2c:45:74:06:3e:ea:d9:86:f1:55:23:
8a:00:c2:ed:c3:79:34:7d:bd:c8:0c:c2:e5:f4:b2:28:ed:71:
74:39:1c:f2:cf:ac:f0:38:b9:b9:f4:41:35:58:1c:6d:f9:4f:
ce:1e:ed:ee:f7:06:95:f9:4e:7f:c1:aa:d7:3e:52:84:72:01:
65:0d:b5:26
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgIBCzANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xODA2MjAwMTE1NDZaFw0zODA2MjAw
MTE1NDZaMIG9MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
aWNlczEiMCAGA1UEAxMZVlBOLUthbnpsZWktS2llbC1oaC1sdWNrZTEZMBcGA1UE
KRMQVlBOIEthbnpsZWkgS2llbDEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9v
cGVuLmRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApy+f6OZujjGd
OknYsbwjBA5toqsqGXkSdMmo/xxCYc2KFiO5UODuUHR3R0ZSXaorUw5q7zVsA1w/
IxTJiPaAvFB5m2RCFPDp/Kb1N6KdRs45fWKkgqf0qtgubk+PauZUJqIhs7ZMnOGu
E5qCxS+gpeVYci/FiJbU+IQZHs16zwsNgRpyYe225BxovsXBvIJ8F5EggbFZYo8b
Bc8whBTlKydk8CZ5SO9ObIcrHmiBXbfFNY5rmxgsyj40RH0hhln/zXUK59WBgg2k
Ohirf0RpwFieeCg5xCF1NTNvpRKfDhQZqj2h0vyelN9LDZs/L9bGHoNu3xWlOXPi
+bPKIZFivQIDAQABo4IBgDCCAXwwCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYe
RWFzeS1SU0EgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBQSGG+S7wZ0
V4+lpjuJuPnLCrCImjCB6QYDVR0jBIHhMIHegBROgh4UgeubyHEssSJokL/u2dT/
1KGBuqSBtzCBtDELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UE
BxMGQmVybGluMQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2Vy
dmljZXMxGTAXBgNVBAMTEFZQTi1LYW56bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBL
YW56bGVpIEtpZWwxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZYIJ
AP5ZrV6+kAU+MBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDATBgNV
HREEDDAKgghoaC1sdWNrZTANBgkqhkiG9w0BAQsFAAOCAQEAWC+QrydsgsXQCVQ0
LZUd3es1NS6ClTPkY7+f/CZYWpFQP8qW3dB3W+S33qRRcOvyXP1m8k480EFejCXK
qO8cUdKtDD4gFZccp+zWXKaZpmMjGm6WepqfhgDdtKcN2XdKvgwowy96c9JP78b0
igGwfuI8bUF/dVgHMlkT6X+PIhl77OEh2bNUbpfeNlPCjr2+e70mCVcHji060D7T
l4uh4pHJwi2JINLkZfh3m1xPvQU7h+K9D3Z9k/IL7yxFdAY+6tmG8VUjigDC7cN5
NH29yAzC5fSyKO1xdDkc8s+s8Di5ufRBNVgcbflPzh7t7vcGlflOf8Gq1z5ShHIB
ZQ21Jg==
-----END CERTIFICATE-----

99
Kanzlei-Kiel/openvpn/keys/0C.pem Normal file
View File

@ -0,0 +1,99 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 12 (0xc)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
Validity
Not Before: Jun 20 01:17:06 2018 GMT
Not After : Jun 20 01:17:06 2038 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel-hh-kanzlei/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:d5:52:e4:29:0f:0b:07:bf:14:80:bc:7e:27:a6:
92:f3:95:c5:e2:cf:35:00:fd:6b:e7:e9:c2:32:b0:
0d:c6:3b:99:d8:f4:b2:ad:e6:cd:8e:e1:25:a5:8c:
c8:2e:60:2f:2d:6b:4d:23:98:ae:06:59:f3:f2:cd:
aa:f3:64:bc:44:04:2a:2c:4a:c7:a6:c4:a5:12:e2:
95:b5:86:23:c9:16:38:1d:a1:7c:27:59:8e:83:b1:
a7:85:14:f1:73:29:dc:87:f3:87:0c:fb:c8:03:e9:
74:cb:ba:36:09:9d:b1:b5:ae:34:14:a9:5e:b2:8b:
c1:22:c3:17:d5:c4:f0:d0:03:23:69:bc:8d:fb:c3:
1b:2b:ed:a6:d3:34:d2:a3:be:56:53:01:97:7f:0d:
18:05:ee:f4:c8:e0:dc:35:5d:64:31:b5:a9:b8:91:
24:f8:84:a7:5d:ea:e8:27:53:27:fd:15:f5:5a:5f:
4e:8f:de:3d:f5:ea:18:60:a2:a5:c7:d9:47:c2:3d:
99:48:fb:a0:89:47:fb:e6:90:1d:45:62:99:6d:6b:
7c:4a:84:73:11:18:66:e1:a9:3a:af:a4:ad:80:4c:
da:59:34:65:d9:6d:56:1d:d8:bc:b9:16:53:2d:6e:
60:d9:ae:eb:5b:b1:bc:a4:6a:9b:64:66:d6:7b:da:
13:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
46:3A:4F:3B:6A:A1:C4:89:4D:C4:D8:4A:CF:CD:F4:35:4F:1C:AE:3F
X509v3 Authority Key Identifier:
keyid:4E:82:1E:14:81:EB:9B:C8:71:2C:B1:22:68:90:BF:EE:D9:D4:FF:D4
DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
serial:FE:59:AD:5E:BE:90:05:3E
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:hh-kanzlei
Signature Algorithm: sha256WithRSAEncryption
50:14:59:a4:6e:5e:b8:34:53:c9:2c:93:7a:7b:4f:ce:89:ac:
88:b8:8d:aa:eb:e9:53:ed:dc:30:57:88:59:e9:96:15:e1:aa:
15:06:06:1e:9e:58:b7:77:ab:90:c7:4a:b8:75:2e:5e:3b:8e:
90:2a:3b:98:72:92:7a:db:0e:77:f8:25:6a:60:e9:1c:53:c6:
3e:5d:9a:f2:16:bc:1b:c8:9e:5c:b1:a6:39:e4:d6:fb:9d:08:
39:b4:f7:25:39:85:86:61:b7:d5:d5:8d:60:10:0d:e4:5e:e8:
5d:70:a8:58:d1:66:4d:f7:7f:53:e2:7a:cf:f1:25:57:56:fa:
b4:06:db:75:6e:36:9d:0e:c0:85:6f:ae:2d:e2:d6:a0:6e:0d:
5f:c2:6f:f5:d0:5d:d9:54:62:c0:86:e0:84:b6:7c:b5:94:dc:
33:b8:0d:a2:82:42:1e:d3:1a:12:c9:0d:29:4f:af:00:7e:ed:
43:78:d7:da:7c:20:fa:50:b3:ed:de:51:31:8c:e0:77:ba:d7:
9d:ca:88:6b:c1:79:1e:30:7c:1f:07:54:a5:fe:46:8e:0e:df:
75:da:fc:77:2f:be:49:7d:14:28:01:17:a7:55:27:59:e6:84:
19:b8:19:6b:2d:32:12:30:f2:79:c1:bb:39:7f:63:30:6b:ab:
65:e0:ce:cc
-----BEGIN CERTIFICATE-----
MIIFdDCCBFygAwIBAgIBDDANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xODA2MjAwMTE3MDZaFw0zODA2MjAw
MTE3MDZaMIG/MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
aWNlczEkMCIGA1UEAxMbVlBOLUthbnpsZWktS2llbC1oaC1rYW56bGVpMRkwFwYD
VQQpExBWUE4gS2FuemxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1A
b29wZW4uZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVUuQpDwsH
vxSAvH4nppLzlcXizzUA/Wvn6cIysA3GO5nY9LKt5s2O4SWljMguYC8ta00jmK4G
WfPyzarzZLxEBCosSsemxKUS4pW1hiPJFjgdoXwnWY6DsaeFFPFzKdyH84cM+8gD
6XTLujYJnbG1rjQUqV6yi8EiwxfVxPDQAyNpvI37wxsr7abTNNKjvlZTAZd/DRgF
7vTI4Nw1XWQxtam4kST4hKdd6ugnUyf9FfVaX06P3j316hhgoqXH2UfCPZlI+6CJ
R/vmkB1FYplta3xKhHMRGGbhqTqvpK2ATNpZNGXZbVYd2Ly5FlMtbmDZrutbsbyk
aptkZtZ72hMHAgMBAAGjggGCMIIBfjAJBgNVHRMEAjAAMC0GCWCGSAGG+EIBDQQg
Fh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFEY6Tztq
ocSJTcTYSs/N9DVPHK4/MIHpBgNVHSMEgeEwgd6AFE6CHhSB65vIcSyxImiQv+7Z
1P/UoYG6pIG3MIG0MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYD
VQQHEwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBT
ZXJ2aWNlczEZMBcGA1UEAxMQVlBOLUthbnpsZWktS2llbDEZMBcGA1UEKRMQVlBO
IEthbnpsZWkgS2llbDEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRl
ggkA/lmtXr6QBT4wEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMBUG
A1UdEQQOMAyCCmhoLWthbnpsZWkwDQYJKoZIhvcNAQELBQADggEBAFAUWaRuXrg0
U8ksk3p7T86JrIi4jarr6VPt3DBXiFnplhXhqhUGBh6eWLd3q5DHSrh1Ll47jpAq
O5hyknrbDnf4JWpg6RxTxj5dmvIWvBvInlyxpjnk1vudCDm09yU5hYZht9XVjWAQ
DeRe6F1wqFjRZk33f1Pies/xJVdW+rQG23VuNp0OwIVvri3i1qBuDV/Cb/XQXdlU
YsCG4IS2fLWU3DO4DaKCQh7TGhLJDSlPrwB+7UN419p8IPpQs+3eUTGM4He6153K
iGvBeR4wfB8HVKX+Ro4O33Xa/Hcvvkl9FCgBF6dVJ1nmhBm4GWstMhIw8nnBuzl/
YzBrq2Xgzsw=
-----END CERTIFICATE-----

99
Kanzlei-Kiel/openvpn/keys/0D.pem Normal file
View File

@ -0,0 +1,99 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13 (0xd)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
Validity
Not Before: Jun 20 01:18:40 2018 GMT
Not After : Jun 20 01:18:40 2038 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel-hh-suesse/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:ce:47:4d:5f:ad:af:dc:78:19:ac:37:66:7b:0a:
9e:07:b7:40:0c:72:34:6d:d3:6b:a4:b7:62:59:4a:
16:96:7a:ab:f6:50:1a:a7:68:5f:b1:eb:8f:68:a5:
f0:56:ca:9b:12:7a:98:20:72:6a:3b:cb:2c:f0:b0:
5f:cb:68:40:01:12:ed:a7:9a:e1:d0:32:61:76:77:
47:cb:60:30:7a:e1:c1:4a:a4:ee:bf:14:d3:80:15:
45:19:72:06:25:a2:2b:95:d3:28:13:37:99:b8:65:
b7:f5:1c:0e:7b:11:ce:cc:ec:62:61:06:bf:4f:54:
cf:ee:9d:63:39:5c:68:73:62:36:32:89:65:87:dc:
39:91:b2:e7:75:ff:ab:94:51:2e:be:ed:ce:dd:1e:
3b:b0:c3:8c:5d:5d:91:1a:e7:6d:ef:e7:3f:95:73:
4a:17:ad:20:9e:04:89:19:1d:cb:8f:0f:83:aa:f5:
f2:44:e2:db:86:e1:0f:f4:c2:23:1f:16:2d:fb:39:
8f:b0:27:56:05:9c:95:b8:4d:c7:4e:e3:d6:6b:ca:
52:1e:ea:07:7f:34:ca:44:b4:52:61:70:5a:b5:0d:
08:56:93:56:24:03:38:e9:d7:d4:35:46:fd:07:76:
9b:59:d3:40:cc:1b:e6:ef:25:d8:30:7b:a8:9d:ae:
ff:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
65:F3:7F:95:10:B1:48:0D:12:8E:7B:13:1E:B8:CC:E5:10:F9:D0:87
X509v3 Authority Key Identifier:
keyid:4E:82:1E:14:81:EB:9B:C8:71:2C:B1:22:68:90:BF:EE:D9:D4:FF:D4
DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
serial:FE:59:AD:5E:BE:90:05:3E
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:hh-suesse
Signature Algorithm: sha256WithRSAEncryption
29:19:a3:04:b2:3d:34:c8:3c:84:02:aa:9d:d8:f8:e8:75:6d:
30:36:7a:27:4c:aa:67:ce:92:36:0c:99:7e:41:aa:6b:f2:fb:
66:33:2f:21:e9:fc:c5:c5:34:cd:7f:a1:9e:63:a8:99:6d:86:
4f:74:73:87:a5:d4:5f:59:36:61:d2:71:6a:e6:ba:11:a1:87:
e0:97:2b:81:a9:e0:7a:aa:95:86:62:cf:9d:20:39:b5:41:b8:
5b:6f:7a:57:b4:72:9d:53:f7:f4:d1:72:6f:8b:23:90:38:56:
53:97:f2:ce:e0:bd:76:56:ff:f4:f4:7f:58:d7:c3:94:fd:7c:
8f:8a:63:2e:49:84:d6:85:b3:6d:ad:de:5e:2e:9b:37:e7:7a:
77:b0:45:63:59:8f:a0:6c:9f:20:1b:10:cb:3c:88:b9:61:61:
7b:da:b8:69:97:8c:07:a8:75:57:a5:bb:4a:1f:57:53:6d:1b:
4b:9b:e9:2c:78:55:4d:e8:cb:e7:ce:f8:61:9e:e4:04:63:3f:
6c:ad:38:73:74:61:03:25:f7:c9:6c:d9:42:c0:00:8c:ef:93:
9c:cd:09:9c:84:ff:43:ae:1c:fe:85:1d:c3:0c:e7:a6:09:3d:
48:60:22:6a:69:8c:6e:dd:98:30:cc:e2:03:c5:f1:81:28:54:
c1:6b:66:38
-----BEGIN CERTIFICATE-----
MIIFcjCCBFqgAwIBAgIBDTANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xODA2MjAwMTE4NDBaFw0zODA2MjAw
MTE4NDBaMIG+MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
aWNlczEjMCEGA1UEAxMaVlBOLUthbnpsZWktS2llbC1oaC1zdWVzc2UxGTAXBgNV
BCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBv
b3Blbi5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM5HTV+tr9x4
Gaw3ZnsKnge3QAxyNG3Ta6S3YllKFpZ6q/ZQGqdoX7Hrj2il8FbKmxJ6mCByajvL
LPCwX8toQAES7aea4dAyYXZ3R8tgMHrhwUqk7r8U04AVRRlyBiWiK5XTKBM3mbhl
t/UcDnsRzszsYmEGv09Uz+6dYzlcaHNiNjKJZYfcOZGy53X/q5RRLr7tzt0eO7DD
jF1dkRrnbe/nP5VzShetIJ4EiRkdy48Pg6r18kTi24bhD/TCIx8WLfs5j7AnVgWc
lbhNx07j1mvKUh7qB380ykS0UmFwWrUNCFaTViQDOOnX1DVG/Qd2m1nTQMwb5u8l
2DB7qJ2u/2MCAwEAAaOCAYEwggF9MAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAW
HkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUZfN/lRCx
SA0SjnsTHrjM5RD50IcwgekGA1UdIwSB4TCB3oAUToIeFIHrm8hxLLEiaJC/7tnU
/9ShgbqkgbcwgbQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNV
BAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3JrIFNl
cnZpY2VzMRkwFwYDVQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQpExBWUE4g
S2FuemxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGWC
CQD+Wa1evpAFPjATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwFAYD
VR0RBA0wC4IJaGgtc3Vlc3NlMA0GCSqGSIb3DQEBCwUAA4IBAQApGaMEsj00yDyE
Aqqd2PjodW0wNnonTKpnzpI2DJl+Qapr8vtmMy8h6fzFxTTNf6GeY6iZbYZPdHOH
pdRfWTZh0nFq5roRoYfglyuBqeB6qpWGYs+dIDm1Qbhbb3pXtHKdU/f00XJviyOQ
OFZTl/LO4L12Vv/09H9Y18OU/XyPimMuSYTWhbNtrd5eLps353p3sEVjWY+gbJ8g
GxDLPIi5YWF72rhpl4wHqHVXpbtKH1dTbRtLm+kseFVN6MvnzvhhnuQEYz9srThz
dGEDJffJbNlCwACM75OczQmchP9Drhz+hR3DDOemCT1IYCJqaYxu3ZgwzOIDxfGB
KFTBa2Y4
-----END CERTIFICATE-----

98
Kanzlei-Kiel/openvpn/keys/bjoern.crt Normal file
View File

@ -0,0 +1,98 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7 (0x7)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
Validity
Not Before: Jun 19 21:36:16 2018 GMT
Not After : Jun 19 21:36:16 2038 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel-bjoern/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:ac:20:bd:68:e0:56:e4:fa:ce:ec:7d:13:90:51:
2e:cc:54:ce:c7:1f:ff:03:2b:52:28:87:d0:97:7b:
c3:dc:65:2c:92:ad:fb:3b:1d:42:cb:63:56:8f:1a:
38:d8:d9:f0:12:46:9a:1c:21:2b:11:26:f6:02:89:
f4:b9:08:c1:e3:2c:81:e6:f3:38:2f:d9:ad:e9:ee:
d0:67:12:85:05:14:36:a7:a1:54:60:9f:02:2e:45:
42:b7:00:bf:6f:ec:c1:02:04:c9:f2:e1:32:e2:e0:
fd:3b:d8:87:9a:79:fc:a3:b8:a0:40:2f:10:4f:7a:
39:34:4e:bc:ee:f8:a1:3b:ec:65:b7:80:60:9c:22:
77:a9:cb:90:d8:b2:26:96:b6:9a:b8:c6:35:44:8c:
69:bf:47:56:d5:f4:e6:ef:28:69:0e:e6:e2:81:9d:
bd:8d:3b:8b:24:6b:8c:61:c7:c9:1f:4f:04:84:77:
4e:5b:6d:0d:82:e2:09:e5:51:47:a2:8f:10:2a:13:
a9:8f:5d:cd:97:1d:42:9d:6a:c3:28:ac:45:f4:b2:
73:4d:8f:8a:98:ed:47:cb:7e:a0:8b:5e:f5:93:24:
99:f4:c7:b4:6c:8a:a7:d2:b9:06:b3:c7:21:5b:96:
27:6c:bc:10:25:c6:9a:2c:22:19:78:11:1d:15:01:
b8:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
58:B2:90:25:77:06:EA:49:01:5B:1A:3D:F2:B9:AF:6D:C3:D9:44:B6
X509v3 Authority Key Identifier:
keyid:4E:82:1E:14:81:EB:9B:C8:71:2C:B1:22:68:90:BF:EE:D9:D4:FF:D4
DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
serial:FE:59:AD:5E:BE:90:05:3E
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:bjoern
Signature Algorithm: sha256WithRSAEncryption
74:2a:65:11:6b:d4:23:6b:35:7f:29:fd:55:26:71:90:bd:fc:
d2:29:81:47:61:5b:66:5b:84:61:fc:c4:c7:4a:7a:9f:c6:04:
e3:82:89:40:c8:0d:2d:d3:92:04:53:e2:a4:b3:d3:d7:a2:1f:
03:d0:86:13:7a:b8:bf:70:80:ac:3f:59:f2:ae:f5:2c:7b:da:
ea:94:e1:e2:97:58:02:d8:9e:b2:b2:26:06:14:f2:8a:cd:b4:
61:73:69:61:d1:61:98:4f:7d:29:7e:3b:d0:df:65:02:84:7b:
bf:93:12:3e:9f:2e:07:92:d5:cb:6a:56:0a:e7:ca:c8:fa:8e:
a0:4c:41:cc:97:6f:c1:48:78:33:c4:fa:4e:6f:18:4e:34:d5:
42:5e:24:bc:88:92:e9:c3:a9:f0:52:5d:ab:ac:1f:67:c0:75:
cc:30:8a:40:f7:a4:37:1e:4d:39:ea:c3:61:11:61:b4:d4:c3:
79:19:b8:d3:01:95:e5:e3:7e:57:29:34:2f:61:2b:e1:df:45:
9a:85:7a:17:63:8f:c5:d9:b0:3b:3a:55:46:a5:37:ae:dc:7d:
a0:89:dd:df:11:a8:c5:fa:7d:d4:db:95:45:1a:c4:11:6f:f4:
43:04:d3:2c:3f:d7:83:7d:81:7d:37:98:36:b6:cc:25:db:80:
85:bb:5a:ab
-----BEGIN CERTIFICATE-----
MIIFbDCCBFSgAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xODA2MTkyMTM2MTZaFw0zODA2MTky
MTM2MTZaMIG7MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
aWNlczEgMB4GA1UEAxMXVlBOLUthbnpsZWktS2llbC1iam9lcm4xGTAXBgNVBCkT
EFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Bl
bi5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKwgvWjgVuT6zux9
E5BRLsxUzscf/wMrUiiH0Jd7w9xlLJKt+zsdQstjVo8aONjZ8BJGmhwhKxEm9gKJ
9LkIweMsgebzOC/Zrenu0GcShQUUNqehVGCfAi5FQrcAv2/swQIEyfLhMuLg/TvY
h5p5/KO4oEAvEE96OTROvO74oTvsZbeAYJwid6nLkNiyJpa2mrjGNUSMab9HVtX0
5u8oaQ7m4oGdvY07iyRrjGHHyR9PBIR3TlttDYLiCeVRR6KPECoTqY9dzZcdQp1q
wyisRfSyc02PipjtR8t+oIte9ZMkmfTHtGyKp9K5BrPHIVuWJ2y8ECXGmiwiGXgR
HRUBuHMCAwEAAaOCAX4wggF6MAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVh
c3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUWLKQJXcG6kkB
Wxo98rmvbcPZRLYwgekGA1UdIwSB4TCB3oAUToIeFIHrm8hxLLEiaJC/7tnU/9Sh
gbqkgbcwgbQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcT
BkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZp
Y2VzMRkwFwYDVQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQpExBWUE4gS2Fu
emxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGWCCQD+
Wa1evpAFPjATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEQYDVR0R
BAowCIIGYmpvZXJuMA0GCSqGSIb3DQEBCwUAA4IBAQB0KmURa9QjazV/Kf1VJnGQ
vfzSKYFHYVtmW4Rh/MTHSnqfxgTjgolAyA0t05IEU+Kks9PXoh8D0IYTeri/cICs
P1nyrvUse9rqlOHil1gC2J6ysiYGFPKKzbRhc2lh0WGYT30pfjvQ32UChHu/kxI+
ny4HktXLalYK58rI+o6gTEHMl2/BSHgzxPpObxhONNVCXiS8iJLpw6nwUl2rrB9n
wHXMMIpA96Q3Hk056sNhEWG01MN5GbjTAZXl435XKTQvYSvh30WahXoXY4/F2bA7
OlVGpTeu3H2gid3fEajF+n3U25VFGsQRb/RDBNMsP9eDfYF9N5g2tswl24CFu1qr
-----END CERTIFICATE-----

19
Kanzlei-Kiel/openvpn/keys/bjoern.csr Normal file
View File

@ -0,0 +1,19 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIDATCCAekCAQAwgbsxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3Jr
IFNlcnZpY2VzMSAwHgYDVQQDExdWUE4tS2FuemxlaS1LaWVsLWJqb2VybjEZMBcG
A1UEKRMQVlBOIEthbnpsZWkgS2llbDEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRt
QG9vcGVuLmRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArCC9aOBW
5PrO7H0TkFEuzFTOxx//AytSKIfQl3vD3GUskq37Ox1Cy2NWjxo42NnwEkaaHCEr
ESb2Aon0uQjB4yyB5vM4L9mt6e7QZxKFBRQ2p6FUYJ8CLkVCtwC/b+zBAgTJ8uEy
4uD9O9iHmnn8o7igQC8QT3o5NE687vihO+xlt4BgnCJ3qcuQ2LImlraauMY1RIxp
v0dW1fTm7yhpDubigZ29jTuLJGuMYcfJH08EhHdOW20NguIJ5VFHoo8QKhOpj13N
lx1CnWrDKKxF9LJzTY+KmO1Hy36gi171kySZ9Me0bIqn0rkGs8chW5YnbLwQJcaa
LCIZeBEdFQG4cwIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBACIeYLlXVUZXG1RW
WXgXjLSQPOpJa0B+VHvyqnGtICHtd2vX9hyPDJZZOnkndqmmBhZc6i9JPO6paVnY
B7LJnc4PrNiHh9qfjRUTmZ3irsea5GxBp6U7XmPoIReQeGYVJvaFwch2LyvEJwSB
cmKrBhOmtqny/wAJvPA6OsJgC1GqToP/r9b0c8E7HkJWier3TFInUeDlfN9rIUM9
t4gqYY1Q7CON7bi2cEIqLlZhCdOLtkce5FqUgD9YF3lpJ0NxdPZSilyx4qR/WN1Q
IFSL3q9UNFrmonw8bkcjoerSFWOYvPXavG8ZzQ9gvZGZylxz2gstgJbHsHlmjS5n
5smJVLY=
-----END CERTIFICATE REQUEST-----

30
Kanzlei-Kiel/openvpn/keys/bjoern.key Normal file
View File

@ -0,0 +1,30 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI6SE0PsXGw/wCAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECG7zORi+kUIQBIIEyOyz5+JUC/+K
Uew57hlL3eIq4Lf1NKQvckgJ6LPkmfEZGPRkPlwpiFqy3KgOv/npjir7zq6nLRff
KJf5FTLBie69FqreaY7dbO6KFfn81PHMvO7zitnT3Iohv0pLAXt35XxbM0ggUnul
Y6aQArJoPRhyhyD/SorGHYDHQ5mSL8fjymzzy2faEq8i7PtbZvlRIvjTCIYHlTta
mQFHfp0w+S2FLdbmodZRsXDZoN2mc6Rbu2PQ2DykDrezurseiKsjgilhvShph25H
Q2kit081C9ldLjbVvbYUM7Rpwx624AqifMSncMq/i2CDa+x5mX8MP0O1ObBEZH9G
yFX7hzS83smJiG3jdwG4IJwar6W2433fSDsQBrRUYonaUT8kebdyxTeUiVqxw6AH
Bl/ru56WQ37w53JYadwWUr4Q1o8ud9XER2PpxkMVtyXMPxTDepX+kU/6W19vo6+I
yC0E4DbWhx2uCgTNS8hxIvHOWWq3d7Gcxpof/NWPMVbLosuosX/3SA2Bu1x+/2cY
IpwA61PAC08GKvkfBRV3wK74mlAJ1jZyrbY5FgmFNEH+aYUXQrRlpNt+H7N5dKlT
Sa8gXtNGLHOoKbFQvjKakKdH72scJ1Gfu+WgojYAb1hLurkUyoAm6Du+AwRt1wK2
Jilq6sbrH9R3Vdo+xRhjAvn8I43awtYqPRYUbCv9sGzVWhYFHU86pzyYJcyWAJTU
0WWcZiOSy/zBOlVtaHidWuE4vtixIOxabvXvtfkG40VWOrX67CePrnCFnQQ5kfyT
LJPMwL6u18037qsSFFi7jvBE4jYbfcpgsFHhK2sq6/oYGnFAUQxZ6W9BzLsdrGlA
9BjQZrG/Dknnqo6+7NaHbaqe2dclSCoKDWr2tGN+hbFWTx71X5+bFMWJ0LinhUM0
m5FjlI8NhA9PmCwBPZhUxHQVwLz6YYlqtAXgOXBKdJfAD/3MFXGWVQgUrPK+3wXS
blAAwc+Gk5Aage0hO9TN++8fIyZRcOuYRjoXuK3Jf73tKZbzYw7kSt8QN4eFtaCO
ExxRmisMJXK3a48ZSPaYb04WHxqP+ZEOaSvFLCgmQy+iw9nmWhn/6yTcPqCMyCkC
PG7RBAiOrOsaDrKdaVYNecNgWKtfmKGx729t7H5NB419wOCbfyBvr5ROfYL3a6Ez
RV/ljTkryXXf9wCBoGGK+2Xp9fmBf0f5MKG+u+QEIjPcCNcMjDMpgq/+7/GvBipi
PYuzkky/CIb1atccWKxa0J+FzqPFhAKXRjHQ/P8VLrDBZFLS9fqOBVwA/FO2zdsa
Wi+KQUF5tTMnNxqNd2QkM0aa7WZEjBtpbRZNvOwBUYuAjcAJ0nwn8X6OgZC3XH7e
W8Te0S/miSsI/oJupN6LW8n8IkAcBm2RCnTOaOi064JSlo8FcDpDtuNg3N7ywMf1
fB8JcgmWnRrH1WG3qscTh4UZyGs5iC5ELNghx5de2hNXTC8RW50EUGxl6Go7d8xf
v/YRcASoi8jURtn9mDDSKOM7BwILC8FDE4w9cg80FkHKNJBPJVRceMPS2sVCe7Bp
eENJA6sw10FC43d8bZc8qahi72fPxmCZNRm+xtJ1K4hSHiRNmluIC+hc22jKzbb1
R14ylejrOfjDD+QqYhR1Zw==
-----END ENCRYPTED PRIVATE KEY-----

98
Kanzlei-Kiel/openvpn/keys/gubitz.crt Normal file
View File

@ -0,0 +1,98 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8 (0x8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
Validity
Not Before: Jun 19 21:37:57 2018 GMT
Not After : Jun 19 21:37:57 2038 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel-gubitz/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c7:78:4c:34:f5:53:5d:e7:df:26:42:1d:12:44:
e3:ba:a3:94:df:e4:95:78:0d:cf:6e:e4:10:fa:e7:
db:8c:8a:38:21:44:1e:3b:75:45:f2:93:2e:d5:54:
16:f4:49:7d:08:16:1b:e7:a0:0e:c3:30:76:c5:7c:
77:40:10:e7:e9:26:66:f4:bc:bd:2a:13:1e:bc:26:
3c:4c:71:10:02:b0:f3:ee:4a:21:47:49:21:48:40:
ac:4d:b9:b7:68:1f:8a:33:a6:b6:45:c8:b7:3b:af:
25:14:b9:20:ff:8a:93:b4:6b:5f:3f:26:ef:f6:92:
2d:26:2a:e5:20:06:c6:23:e1:9c:d5:0c:94:7e:b1:
e7:18:71:f4:8a:3b:84:34:85:f0:ad:d3:72:52:ef:
98:92:33:3f:3c:77:b5:d1:4c:10:2b:1a:f5:f6:1b:
71:c1:df:5b:51:82:9f:42:c4:28:95:71:d0:41:a6:
01:7b:e8:5f:d1:35:e4:f1:b8:a2:d5:e9:8f:47:b0:
e8:48:c9:18:f1:97:64:c6:0d:a0:7a:b0:fb:d4:72:
fb:af:a1:1d:b4:23:3a:dd:c8:c6:e6:06:2b:9b:fa:
be:2f:da:f3:47:63:ba:11:72:55:ab:81:e3:aa:49:
99:73:b2:e4:51:de:88:31:1c:f3:91:75:53:e6:d3:
e9:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
B1:B8:24:97:81:1A:7C:83:4A:91:E7:BC:C2:B1:8F:09:F1:95:FD:79
X509v3 Authority Key Identifier:
keyid:4E:82:1E:14:81:EB:9B:C8:71:2C:B1:22:68:90:BF:EE:D9:D4:FF:D4
DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
serial:FE:59:AD:5E:BE:90:05:3E
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:gubitz
Signature Algorithm: sha256WithRSAEncryption
a1:a6:9b:bc:16:5a:b4:bb:bd:a5:c1:91:3f:02:8f:06:2d:4b:
be:76:f5:09:3f:54:59:ab:b0:d2:93:ec:63:f9:22:62:af:5d:
eb:8a:a3:07:8c:10:92:e4:ea:a3:28:7b:3b:9d:5e:53:5a:09:
f2:31:c9:1f:b0:ca:d0:03:f2:e3:4a:03:33:f7:4a:6e:43:57:
37:4a:ce:ca:58:f9:d5:22:c2:0a:1a:7d:c6:68:1e:5a:90:49:
66:ab:c8:83:60:c7:4c:52:32:5b:c3:60:68:e0:48:28:55:29:
1b:8c:4d:26:29:d2:ab:2a:6e:82:ad:fb:d6:ef:c9:02:9f:b8:
9c:ab:ee:0e:0d:bc:5b:53:19:c7:9e:21:85:56:b1:dc:b7:70:
b4:b4:2e:e0:58:d8:9a:d3:49:82:f5:a8:46:60:c8:6e:54:84:
72:ae:7e:15:59:87:ca:20:66:2e:97:d3:03:fb:ed:5c:6c:54:
c4:67:e1:ed:02:ef:d2:b3:f1:8b:24:c3:90:32:51:d7:aa:e1:
15:ea:5e:ca:13:48:f2:ce:6b:27:64:fc:e6:18:3d:7f:9f:db:
23:69:25:ba:86:10:ef:85:da:43:78:75:a1:96:4f:3f:76:cd:
1f:cd:5b:2a:6b:be:3b:1d:b8:22:c5:8e:3c:ac:5f:a6:d6:5f:
39:76:df:cf
-----BEGIN CERTIFICATE-----
MIIFbDCCBFSgAwIBAgIBCDANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xODA2MTkyMTM3NTdaFw0zODA2MTky
MTM3NTdaMIG7MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
aWNlczEgMB4GA1UEAxMXVlBOLUthbnpsZWktS2llbC1ndWJpdHoxGTAXBgNVBCkT
EFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Bl
bi5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMd4TDT1U13n3yZC
HRJE47qjlN/klXgNz27kEPrn24yKOCFEHjt1RfKTLtVUFvRJfQgWG+egDsMwdsV8
d0AQ5+kmZvS8vSoTHrwmPExxEAKw8+5KIUdJIUhArE25t2gfijOmtkXItzuvJRS5
IP+Kk7RrXz8m7/aSLSYq5SAGxiPhnNUMlH6x5xhx9Io7hDSF8K3TclLvmJIzPzx3
tdFMECsa9fYbccHfW1GCn0LEKJVx0EGmAXvoX9E15PG4otXpj0ew6EjJGPGXZMYN
oHqw+9Ry+6+hHbQjOt3IxuYGK5v6vi/a80djuhFyVauB46pJmXOy5FHeiDEc85F1
U+bT6U8CAwEAAaOCAX4wggF6MAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVh
c3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUsbgkl4EafINK
kee8wrGPCfGV/XkwgekGA1UdIwSB4TCB3oAUToIeFIHrm8hxLLEiaJC/7tnU/9Sh
gbqkgbcwgbQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcT
BkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZp
Y2VzMRkwFwYDVQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQpExBWUE4gS2Fu
emxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGWCCQD+
Wa1evpAFPjATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEQYDVR0R
BAowCIIGZ3ViaXR6MA0GCSqGSIb3DQEBCwUAA4IBAQChppu8Flq0u72lwZE/Ao8G
LUu+dvUJP1RZq7DSk+xj+SJir13riqMHjBCS5OqjKHs7nV5TWgnyMckfsMrQA/Lj
SgMz90puQ1c3Ss7KWPnVIsIKGn3GaB5akElmq8iDYMdMUjJbw2Bo4EgoVSkbjE0m
KdKrKm6CrfvW78kCn7icq+4ODbxbUxnHniGFVrHct3C0tC7gWNia00mC9ahGYMhu
VIRyrn4VWYfKIGYul9MD++1cbFTEZ+HtAu/Ss/GLJMOQMlHXquEV6l7KE0jyzmsn
ZPzmGD1/n9sjaSW6hhDvhdpDeHWhlk8/ds0fzVsqa747HbgixY48rF+m1l85dt/P
-----END CERTIFICATE-----

19
Kanzlei-Kiel/openvpn/keys/gubitz.csr Normal file
View File

@ -0,0 +1,19 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIDATCCAekCAQAwgbsxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3Jr
IFNlcnZpY2VzMSAwHgYDVQQDExdWUE4tS2FuemxlaS1LaWVsLWd1Yml0ejEZMBcG
A1UEKRMQVlBOIEthbnpsZWkgS2llbDEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRt
QG9vcGVuLmRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx3hMNPVT
XeffJkIdEkTjuqOU3+SVeA3PbuQQ+ufbjIo4IUQeO3VF8pMu1VQW9El9CBYb56AO
wzB2xXx3QBDn6SZm9Ly9KhMevCY8THEQArDz7kohR0khSECsTbm3aB+KM6a2Rci3
O68lFLkg/4qTtGtfPybv9pItJirlIAbGI+Gc1QyUfrHnGHH0ijuENIXwrdNyUu+Y
kjM/PHe10UwQKxr19htxwd9bUYKfQsQolXHQQaYBe+hf0TXk8bii1emPR7DoSMkY
8Zdkxg2gerD71HL7r6EdtCM63cjG5gYrm/q+L9rzR2O6EXJVq4HjqkmZc7LkUd6I
MRzzkXVT5tPpTwIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBAF8uteL4SYN9zXvc
5/qq4Wvwvv149SWgH2hEyntik1aEeXavLZ6iiboPJMOKDGm1QCnb+BDzJQNvGRCJ
mmuK6Kf7oMSLc+Y38CdUZjbAvvTZrlbMkbsiB8/R2knLbRRWj8NJqRrZXDldBeqD
mxCgAUY8WyCdAdRQExbyZg51EW9+zZJNKi9Aslmv4b4glSoUJejPVF+xrgSGLdjp
JBA773Jm/ESDeiE4/6bENWl/LYa//WTmGVKHYwOrZ1JdNYI3WHNun+WgzIZ0GzCh
5A1/Am3kujouXINmNzm0B/7mKoVr4Mw6q5zEtqAY65q/Nu+O4/aePgeG95exsNJ/
R1RkVW4=
-----END CERTIFICATE REQUEST-----

30
Kanzlei-Kiel/openvpn/keys/gubitz.key Normal file
View File

@ -0,0 +1,30 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIhxkoBFagQMYCAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECD6h10URNh7VBIIEyNSkokvr0z/k
lwrSlr8SOK2chlZzjbz5j4dM8ChdHJib+eV084/XQDi0AMvz8G7ToKe5z/CT7HBb
TtZu108SB7YeiC6aQUK8bKJcJVgcXi8PvOdy1PgGbSxaVKqyWmFuQofyi1y2CH6e
2x7ct5cXwUh6tUUtFDVMW6r0uBNaIeRzodGY2kyV/dVBKC1fxqko6dgkOpQFgg7C
wANDG6cnXg+acybl4YmqKowsYdnk16KpozV7DeVK85BQaiNJrZeOwehB8gM0zRtB
ZPRr8BgXJCcZMsxOnSTy3rp7/vbu1lrTO1QIlfHZHb8xPifvaxtl3HwYTWl+hjup
iFUqSalbC7tt924KTy7Z9ov90+f9czcKuVkKkVtxQ/Kq1B9EOkpNytKYfLqTw6dE
y3c26lPmO3+eD8qJ/J4+bVfNBgOLZGwHekoZ6JaQtnHNPL7QC9EPDocyjqmmP9Cc
UsbQBczCy3S8L/lm7oo068cADbbnAW+RX+18uheASvk1SO3srraEwpvwtbf5VFBE
tR+o65zBYaxiIESEeNAlxNWC7YwD/fil0Rqwv8N9MwbZAIyfH4y/yDmHs6Qi8DjB
ELeD6JQJfWI/gEIB22VFz6+bNIBqJ3yeJZczG8YQpl9cu0LAh8q68bZ0KD/4SyzW
MeVBFAcBHR0zwXXaIdpD2RUYgkVDPqBecJUxdsIzc4BfrfNafztfHy+RV1/ZnK6g
RkvUB4VRrmlAgMyX6AvAjYjVWrxIC1mJLstkPtwAeecdDNoH7mHQruh+rs/Xc0VU
0dqKorWaEjA84nln+lE/5GIegDgxlmxOxBfIkdUa7IGGXKz1LLc0H6Y77bmRXxi0
BKqyuzrReDBShZr3FccKtwhRHYdeq5qNdyou1N5AJwHpBgIoJb4GOjCShekvxgB1
dFfW2IEdqwnQmYDoK+2bdz0lybr57IA1CdH2cnDpbFWlhGglBf2aEEZEGX1wRpEh
GFH5Qw50LCOycqhcCVK7lrpEUH9DHRGjoyLadNo9yRfq0pdJIhYSZ3lLPzq2Dtpe
Dvl1Py/0/YZyCAEr2zda3xn415ZzaSlPmzl9Ld245G7PveuL84DOqsgKuJs0rBmE
QVbC7/cBZS+y4xEvEn9cKHsq55nIawmI9TpLMfgK1S8I+vHTiSaUdNO1l35XIZDE
NNTfS7ChnhHK9chyBkxsy/dmG2lNKcTXn2HIa1IkRpESduV5CblFn4/T1Lpz3R/Z
EQKR4QIgN0uY+nKRNvnh7agfMnKydjTALGp38v9blgOiJdODhL2j4H0dcxbtrCWb
7TrXGm3ZtwN+7fkVFVkhXTLdteGDnxBjt0kPECkGtQ4kDmOyyROKgiFPpZlSDVic
UqsRnbd7g1eLszuOqCLKEOb1pcJVTFtve24EN1Ezofhg7LMEa+yWkm83LyEVVEKX
dhx1RYKc4Wk/SrZN5jtXLp8ilUu+HqSbN81jX7NGGbSRox9SxKJoIHkbtx4TJlBH
4bnLP302n9GJmDiPG9Vd0+osYLAkEIspOMrbkBZa5bM3YDQUeAxrkRuAwJLQ9kyx
fmZS832L/mKBHe8fjEr3UynKODeRh2ReGxSc0a0xnMFb5wagB4MbYKvAgnsMscyu
lDA5vjV7W9f6bptn8b82zg==
-----END ENCRYPTED PRIVATE KEY-----

99
Kanzlei-Kiel/openvpn/keys/hh-kanzlei.crt Normal file
View File

@ -0,0 +1,99 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 12 (0xc)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
Validity
Not Before: Jun 20 01:17:06 2018 GMT
Not After : Jun 20 01:17:06 2038 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel-hh-kanzlei/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:d5:52:e4:29:0f:0b:07:bf:14:80:bc:7e:27:a6:
92:f3:95:c5:e2:cf:35:00:fd:6b:e7:e9:c2:32:b0:
0d:c6:3b:99:d8:f4:b2:ad:e6:cd:8e:e1:25:a5:8c:
c8:2e:60:2f:2d:6b:4d:23:98:ae:06:59:f3:f2:cd:
aa:f3:64:bc:44:04:2a:2c:4a:c7:a6:c4:a5:12:e2:
95:b5:86:23:c9:16:38:1d:a1:7c:27:59:8e:83:b1:
a7:85:14:f1:73:29:dc:87:f3:87:0c:fb:c8:03:e9:
74:cb:ba:36:09:9d:b1:b5:ae:34:14:a9:5e:b2:8b:
c1:22:c3:17:d5:c4:f0:d0:03:23:69:bc:8d:fb:c3:
1b:2b:ed:a6:d3:34:d2:a3:be:56:53:01:97:7f:0d:
18:05:ee:f4:c8:e0:dc:35:5d:64:31:b5:a9:b8:91:
24:f8:84:a7:5d:ea:e8:27:53:27:fd:15:f5:5a:5f:
4e:8f:de:3d:f5:ea:18:60:a2:a5:c7:d9:47:c2:3d:
99:48:fb:a0:89:47:fb:e6:90:1d:45:62:99:6d:6b:
7c:4a:84:73:11:18:66:e1:a9:3a:af:a4:ad:80:4c:
da:59:34:65:d9:6d:56:1d:d8:bc:b9:16:53:2d:6e:
60:d9:ae:eb:5b:b1:bc:a4:6a:9b:64:66:d6:7b:da:
13:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
46:3A:4F:3B:6A:A1:C4:89:4D:C4:D8:4A:CF:CD:F4:35:4F:1C:AE:3F
X509v3 Authority Key Identifier:
keyid:4E:82:1E:14:81:EB:9B:C8:71:2C:B1:22:68:90:BF:EE:D9:D4:FF:D4
DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
serial:FE:59:AD:5E:BE:90:05:3E
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:hh-kanzlei
Signature Algorithm: sha256WithRSAEncryption
50:14:59:a4:6e:5e:b8:34:53:c9:2c:93:7a:7b:4f:ce:89:ac:
88:b8:8d:aa:eb:e9:53:ed:dc:30:57:88:59:e9:96:15:e1:aa:
15:06:06:1e:9e:58:b7:77:ab:90:c7:4a:b8:75:2e:5e:3b:8e:
90:2a:3b:98:72:92:7a:db:0e:77:f8:25:6a:60:e9:1c:53:c6:
3e:5d:9a:f2:16:bc:1b:c8:9e:5c:b1:a6:39:e4:d6:fb:9d:08:
39:b4:f7:25:39:85:86:61:b7:d5:d5:8d:60:10:0d:e4:5e:e8:
5d:70:a8:58:d1:66:4d:f7:7f:53:e2:7a:cf:f1:25:57:56:fa:
b4:06:db:75:6e:36:9d:0e:c0:85:6f:ae:2d:e2:d6:a0:6e:0d:
5f:c2:6f:f5:d0:5d:d9:54:62:c0:86:e0:84:b6:7c:b5:94:dc:
33:b8:0d:a2:82:42:1e:d3:1a:12:c9:0d:29:4f:af:00:7e:ed:
43:78:d7:da:7c:20:fa:50:b3:ed:de:51:31:8c:e0:77:ba:d7:
9d:ca:88:6b:c1:79:1e:30:7c:1f:07:54:a5:fe:46:8e:0e:df:
75:da:fc:77:2f:be:49:7d:14:28:01:17:a7:55:27:59:e6:84:
19:b8:19:6b:2d:32:12:30:f2:79:c1:bb:39:7f:63:30:6b:ab:
65:e0:ce:cc
-----BEGIN CERTIFICATE-----
MIIFdDCCBFygAwIBAgIBDDANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xODA2MjAwMTE3MDZaFw0zODA2MjAw
MTE3MDZaMIG/MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
aWNlczEkMCIGA1UEAxMbVlBOLUthbnpsZWktS2llbC1oaC1rYW56bGVpMRkwFwYD
VQQpExBWUE4gS2FuemxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1A
b29wZW4uZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVUuQpDwsH
vxSAvH4nppLzlcXizzUA/Wvn6cIysA3GO5nY9LKt5s2O4SWljMguYC8ta00jmK4G
WfPyzarzZLxEBCosSsemxKUS4pW1hiPJFjgdoXwnWY6DsaeFFPFzKdyH84cM+8gD
6XTLujYJnbG1rjQUqV6yi8EiwxfVxPDQAyNpvI37wxsr7abTNNKjvlZTAZd/DRgF
7vTI4Nw1XWQxtam4kST4hKdd6ugnUyf9FfVaX06P3j316hhgoqXH2UfCPZlI+6CJ
R/vmkB1FYplta3xKhHMRGGbhqTqvpK2ATNpZNGXZbVYd2Ly5FlMtbmDZrutbsbyk
aptkZtZ72hMHAgMBAAGjggGCMIIBfjAJBgNVHRMEAjAAMC0GCWCGSAGG+EIBDQQg
Fh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFEY6Tztq
ocSJTcTYSs/N9DVPHK4/MIHpBgNVHSMEgeEwgd6AFE6CHhSB65vIcSyxImiQv+7Z
1P/UoYG6pIG3MIG0MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYD
VQQHEwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBT
ZXJ2aWNlczEZMBcGA1UEAxMQVlBOLUthbnpsZWktS2llbDEZMBcGA1UEKRMQVlBO
IEthbnpsZWkgS2llbDEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRl
ggkA/lmtXr6QBT4wEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMBUG
A1UdEQQOMAyCCmhoLWthbnpsZWkwDQYJKoZIhvcNAQELBQADggEBAFAUWaRuXrg0
U8ksk3p7T86JrIi4jarr6VPt3DBXiFnplhXhqhUGBh6eWLd3q5DHSrh1Ll47jpAq
O5hyknrbDnf4JWpg6RxTxj5dmvIWvBvInlyxpjnk1vudCDm09yU5hYZht9XVjWAQ
DeRe6F1wqFjRZk33f1Pies/xJVdW+rQG23VuNp0OwIVvri3i1qBuDV/Cb/XQXdlU
YsCG4IS2fLWU3DO4DaKCQh7TGhLJDSlPrwB+7UN419p8IPpQs+3eUTGM4He6153K
iGvBeR4wfB8HVKX+Ro4O33Xa/Hcvvkl9FCgBF6dVJ1nmhBm4GWstMhIw8nnBuzl/
YzBrq2Xgzsw=
-----END CERTIFICATE-----

19
Kanzlei-Kiel/openvpn/keys/hh-kanzlei.csr Normal file
View File

@ -0,0 +1,19 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIDBTCCAe0CAQAwgb8xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3Jr
IFNlcnZpY2VzMSQwIgYDVQQDExtWUE4tS2FuemxlaS1LaWVsLWhoLWthbnpsZWkx
GTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0BCQEWEmNrdWJ1
LWFkbUBvb3Blbi5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANVS
5CkPCwe/FIC8fiemkvOVxeLPNQD9a+fpwjKwDcY7mdj0sq3mzY7hJaWMyC5gLy1r
TSOYrgZZ8/LNqvNkvEQEKixKx6bEpRLilbWGI8kWOB2hfCdZjoOxp4UU8XMp3Ifz
hwz7yAPpdMu6NgmdsbWuNBSpXrKLwSLDF9XE8NADI2m8jfvDGyvtptM00qO+VlMB
l38NGAXu9Mjg3DVdZDG1qbiRJPiEp13q6CdTJ/0V9VpfTo/ePfXqGGCipcfZR8I9
mUj7oIlH++aQHUVimW1rfEqEcxEYZuGpOq+krYBM2lk0ZdltVh3YvLkWUy1uYNmu
61uxvKRqm2Rm1nvaEwcCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQAyk/SNslBi
QIVKUrYkdwh7wq1XphPTUsobDf0PBP6WfBoe0DboCK5rGeF8P35C/ho7oMETMJr6
LshaW0JZoskPNO8PTWHCAq+FCQNJV0l5apGCSmOY54Jgtb6yy4kna3lX8on8YBWN
HFzv4Uvsr9Bu4JB3VjYDnkN4rL12oPjwhvkr05PeErh7w5YPai50cxml/Ee2GDUA
IzB8AdNQDlT/LC+JzSF5sOxMn01aK8fiiygLjbnJt4HN8MDwbaWj2pWB52kFp9Xd
g1lWbOIPvkOSjFzsugyFGhz9W/Hoc2ghSIwXiFKVcFY7JtXNCiuUmUz2hrpmjLd2
u8F2f9Tpnk/+
-----END CERTIFICATE REQUEST-----

30
Kanzlei-Kiel/openvpn/keys/hh-kanzlei.key Normal file
View File

@ -0,0 +1,30 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIz79jvbHv3DACAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECPE3o5ZalTfQBIIEyMw6MfxJ1fA5
+84OUNHDJ/9BvnQu/0EbX6YkZIZgZ37zxvYR8NRMHqRdsR5oTqigbOgkSQTx7JEA
M2p3uEi4nrz9Rle+T6ZALHaTQcQcUe3ZgpksyUXTQjVnKm+riZpK+jmoYpdPUfQo
TyKb3FeuNxOoqyyruxiDyoyxtQvgz0SuibDrOX+GyM2HbXkZPD6JjZuW7U/TFriF
0+R7Eog718e/0bisKlPs//3gktx0QyApc3RMQjKaXBrCS5xlwgsj/OAAitjBhwl3
XP9FgoP/is/8pu7LERuqt3exwYk3QaJrruUkhxscupXCi1doe/Nql4cpZAiAVTQ2
m0QDSj0PSqy7vAZwZ+R3DttZMHcPEtAsrzBFpcVhKnKte7bGk4k0ICRIZMI1wVJI
uRK4ihPj2d38Bff3YuNoCjTlzETtOXMP5+UP3oH8fY7qb7P/QRp8Yp1lapL4NMgv
fJyNyyQAg08K3XHhEZVF9I3N6KCiVPi8K5Uteb7r/kjXuQ+nOzxvzTPqjW+7huT/
kbh5AIcMVUCxHvME9Au7yLpuy1T70TyW5zqmE1feZkVQE76oj8BAkhmhRAuvaCES
ZglwSmTA1bYDPVs8/nnRB2VjcWYjus0oSC0xdiOAYRH0KuW59DgfMttaxXh4/9Mb
uXsu/2HU3nOxrXEzBHUDOEb+ja/kKOrU0TrsdcpPGVqlMFHjEDEr7oEWVoIH7iGw
4McLH9Q6054DczfJrfavhkx+Pk5Fb3nTfPH753ugCrPz733w0ugi2IKEzJXgAXOx
3cTBVr6mOw3ctQ+7D9bOHIEAk4Gfgf+DdTlLRbDTIBB/OWiPjp2x7D+eu1oVMlOU
5gkSadlklwkwe3dGjWsSjK5g+HE8rlBZbYTEe2gko1S5s7+v7jn2rP+2cY8DHASG
UiPghE5+MC9W++5PizQyLaR5FNO6/GzbzalrtGeE7F4s2MnRjUotDKFfZdWeOdFJ
zpv4GzNU36BH9WCbW3jrZMH0uDBt6lVoU+t7uwIvDnrAXY+FwodaffS7xWhNWm5r
h3yGnHQzz17ZDUAnMRSOjejb32PmNq2M5StlnY80MBzKptE0qYuvW+BzpsMyYSFz
2T3jhJmYwPsPoKE/O2xPVg2wGExss4UQyZUoV/rvtE+WTXUsYUzsjwBIV6DD0ux0
PGDbO7yO83izhn3VlWRq6Re0n6CLXmyCg7nVi0Iuw93dHfUQWcuKCKE8uwRA5QE+
3edHSYOtTZ/PLH+Uh+Qp6m11GiYhY3S+vlJ0l1FBfx07KCfOzbxBtB8lHK9q3XaY
bZOBPDMs/Wx31O48L/i19OycBELKwoPUQTjEId6kgYMHxgjXO7XbHrN4Ryxw9ydT
Iij3WOKaeICUmaSG/dx5luKJ6BV2ZJyJF3vKWVUMtpamEeqfFevxAMgTC9zh7D9+
1WhNCPvvgJ5OXsfdUMcUnENnGdcSfznOG/BlKVRG7niGKjvk4DtdjZfHMI0TXqiV
Krn4GcJFZjMVxG16TFxpCVK6M52CV3WoGgg2YLp1bop1bbv4zwE3gk00EILcRKfF
UZrEn+5QF7XsS4Ym85y9DrOc1Oag3AFxwqT/cZuX7cfEDR6JE/ZQ8IGuQnH1sRkk
5Gw1p3AFAgSy7ADVtsF/kA==
-----END ENCRYPTED PRIVATE KEY-----

99
Kanzlei-Kiel/openvpn/keys/hh-lucke.crt Normal file
View File

@ -0,0 +1,99 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 11 (0xb)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
Validity
Not Before: Jun 20 01:15:46 2018 GMT
Not After : Jun 20 01:15:46 2038 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel-hh-lucke/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:a7:2f:9f:e8:e6:6e:8e:31:9d:3a:49:d8:b1:bc:
23:04:0e:6d:a2:ab:2a:19:79:12:74:c9:a8:ff:1c:
42:61:cd:8a:16:23:b9:50:e0:ee:50:74:77:47:46:
52:5d:aa:2b:53:0e:6a:ef:35:6c:03:5c:3f:23:14:
c9:88:f6:80:bc:50:79:9b:64:42:14:f0:e9:fc:a6:
f5:37:a2:9d:46:ce:39:7d:62:a4:82:a7:f4:aa:d8:
2e:6e:4f:8f:6a:e6:54:26:a2:21:b3:b6:4c:9c:e1:
ae:13:9a:82:c5:2f:a0:a5:e5:58:72:2f:c5:88:96:
d4:f8:84:19:1e:cd:7a:cf:0b:0d:81:1a:72:61:ed:
b6:e4:1c:68:be:c5:c1:bc:82:7c:17:91:20:81:b1:
59:62:8f:1b:05:cf:30:84:14:e5:2b:27:64:f0:26:
79:48:ef:4e:6c:87:2b:1e:68:81:5d:b7:c5:35:8e:
6b:9b:18:2c:ca:3e:34:44:7d:21:86:59:ff:cd:75:
0a:e7:d5:81:82:0d:a4:3a:18:ab:7f:44:69:c0:58:
9e:78:28:39:c4:21:75:35:33:6f:a5:12:9f:0e:14:
19:aa:3d:a1:d2:fc:9e:94:df:4b:0d:9b:3f:2f:d6:
c6:1e:83:6e:df:15:a5:39:73:e2:f9:b3:ca:21:91:
62:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
12:18:6F:92:EF:06:74:57:8F:A5:A6:3B:89:B8:F9:CB:0A:B0:88:9A
X509v3 Authority Key Identifier:
keyid:4E:82:1E:14:81:EB:9B:C8:71:2C:B1:22:68:90:BF:EE:D9:D4:FF:D4
DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
serial:FE:59:AD:5E:BE:90:05:3E
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:hh-lucke
Signature Algorithm: sha256WithRSAEncryption
58:2f:90:af:27:6c:82:c5:d0:09:54:34:2d:95:1d:dd:eb:35:
35:2e:82:95:33:e4:63:bf:9f:fc:26:58:5a:91:50:3f:ca:96:
dd:d0:77:5b:e4:b7:de:a4:51:70:eb:f2:5c:fd:66:f2:4e:3c:
d0:41:5e:8c:25:ca:a8:ef:1c:51:d2:ad:0c:3e:20:15:97:1c:
a7:ec:d6:5c:a6:99:a6:63:23:1a:6e:96:7a:9a:9f:86:00:dd:
b4:a7:0d:d9:77:4a:be:0c:28:c3:2f:7a:73:d2:4f:ef:c6:f4:
8a:01:b0:7e:e2:3c:6d:41:7f:75:58:07:32:59:13:e9:7f:8f:
22:19:7b:ec:e1:21:d9:b3:54:6e:97:de:36:53:c2:8e:bd:be:
7b:bd:26:09:57:07:8e:2d:3a:d0:3e:d3:97:8b:a1:e2:91:c9:
c2:2d:89:20:d2:e4:65:f8:77:9b:5c:4f:bd:05:3b:87:e2:bd:
0f:76:7d:93:f2:0b:ef:2c:45:74:06:3e:ea:d9:86:f1:55:23:
8a:00:c2:ed:c3:79:34:7d:bd:c8:0c:c2:e5:f4:b2:28:ed:71:
74:39:1c:f2:cf:ac:f0:38:b9:b9:f4:41:35:58:1c:6d:f9:4f:
ce:1e:ed:ee:f7:06:95:f9:4e:7f:c1:aa:d7:3e:52:84:72:01:
65:0d:b5:26
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgIBCzANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xODA2MjAwMTE1NDZaFw0zODA2MjAw
MTE1NDZaMIG9MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
aWNlczEiMCAGA1UEAxMZVlBOLUthbnpsZWktS2llbC1oaC1sdWNrZTEZMBcGA1UE
KRMQVlBOIEthbnpsZWkgS2llbDEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9v
cGVuLmRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApy+f6OZujjGd
OknYsbwjBA5toqsqGXkSdMmo/xxCYc2KFiO5UODuUHR3R0ZSXaorUw5q7zVsA1w/
IxTJiPaAvFB5m2RCFPDp/Kb1N6KdRs45fWKkgqf0qtgubk+PauZUJqIhs7ZMnOGu
E5qCxS+gpeVYci/FiJbU+IQZHs16zwsNgRpyYe225BxovsXBvIJ8F5EggbFZYo8b
Bc8whBTlKydk8CZ5SO9ObIcrHmiBXbfFNY5rmxgsyj40RH0hhln/zXUK59WBgg2k
Ohirf0RpwFieeCg5xCF1NTNvpRKfDhQZqj2h0vyelN9LDZs/L9bGHoNu3xWlOXPi
+bPKIZFivQIDAQABo4IBgDCCAXwwCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYe
RWFzeS1SU0EgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBQSGG+S7wZ0
V4+lpjuJuPnLCrCImjCB6QYDVR0jBIHhMIHegBROgh4UgeubyHEssSJokL/u2dT/
1KGBuqSBtzCBtDELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UE
BxMGQmVybGluMQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2Vy
dmljZXMxGTAXBgNVBAMTEFZQTi1LYW56bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBL
YW56bGVpIEtpZWwxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZYIJ
AP5ZrV6+kAU+MBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDATBgNV
HREEDDAKgghoaC1sdWNrZTANBgkqhkiG9w0BAQsFAAOCAQEAWC+QrydsgsXQCVQ0
LZUd3es1NS6ClTPkY7+f/CZYWpFQP8qW3dB3W+S33qRRcOvyXP1m8k480EFejCXK
qO8cUdKtDD4gFZccp+zWXKaZpmMjGm6WepqfhgDdtKcN2XdKvgwowy96c9JP78b0
igGwfuI8bUF/dVgHMlkT6X+PIhl77OEh2bNUbpfeNlPCjr2+e70mCVcHji060D7T
l4uh4pHJwi2JINLkZfh3m1xPvQU7h+K9D3Z9k/IL7yxFdAY+6tmG8VUjigDC7cN5
NH29yAzC5fSyKO1xdDkc8s+s8Di5ufRBNVgcbflPzh7t7vcGlflOf8Gq1z5ShHIB
ZQ21Jg==
-----END CERTIFICATE-----

19
Kanzlei-Kiel/openvpn/keys/hh-lucke.csr Normal file
View File

@ -0,0 +1,19 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIDAzCCAesCAQAwgb0xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3Jr
IFNlcnZpY2VzMSIwIAYDVQQDExlWUE4tS2FuemxlaS1LaWVsLWhoLWx1Y2tlMRkw
FwYDVQQpExBWUE4gS2FuemxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1h
ZG1Ab29wZW4uZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnL5/o
5m6OMZ06SdixvCMEDm2iqyoZeRJ0yaj/HEJhzYoWI7lQ4O5QdHdHRlJdqitTDmrv
NWwDXD8jFMmI9oC8UHmbZEIU8On8pvU3op1Gzjl9YqSCp/Sq2C5uT49q5lQmoiGz
tkyc4a4TmoLFL6Cl5VhyL8WIltT4hBkezXrPCw2BGnJh7bbkHGi+xcG8gnwXkSCB
sVlijxsFzzCEFOUrJ2TwJnlI705shyseaIFdt8U1jmubGCzKPjREfSGGWf/NdQrn
1YGCDaQ6GKt/RGnAWJ54KDnEIXU1M2+lEp8OFBmqPaHS/J6U30sNmz8v1sYeg27f
FaU5c+L5s8ohkWK9AgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEAZR/wHHvXr0l8
BohIS0bp1T0EIQEqUgzRqfUq5NyZAv8zyYHd+4QW8mblkAibTRGw/PE/CwZuuKWc
F69RnQv86MxFC9eZbwSqmcncSTtSqATbeRiXMf+KA5tWetdA9a788OJXX3MH94jg
h4x9qX1He8EZFg+bmM2j+JeOfvxBYj3M/ptx9sOn54tj/Fmebel+6yGSGmLnND63
i6OPgM3PKWAV40IBUtqlgF8uTheEEsiZHZJeyaW1jJqDpHZ7gfXUQH1ucXzBQYLh
5EG3Vw2ffT34cnBJN0ujl3vom+QCZyXxzJ59l6U/Z8aq0Wt/9Sz0DLr2uEu02V0O
lyJoeqxl1w==
-----END CERTIFICATE REQUEST-----

30
Kanzlei-Kiel/openvpn/keys/hh-lucke.key Normal file
View File

@ -0,0 +1,30 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIXEjPaNf5KGgCAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECNdZNDlsLt4gBIIEyOzgTgA/V6IO
pWGeNhluCi3s8PPytWN35z5mSE3N1ErEveJ65W865nNJkqnDR9a7RVciE++KhWs5
CYoopoGcUyadyfKIe9HkOplxeZsy1qHoMYDNQqww4cr1BV3erA6OkW4XJ0RMZcyu
aCdU649EmdDPmESmW23Q4getgX8sHC0/Yw3GHpZ8jqh3tH5HYJt2/MAQGAtlIlOn
MW4cE9ZcWuD0DXH0sjakovu4UqxefOmmYEWhS9Rt1hfu7rE0Tb4Yvl3lzR7ke+NF
IAobjcDtGvTr+XxUyhLY57I8qlK0uooyziHhZWusu358mjWaTifqFUN2NRw1rgqp
FoMvkSeyGTPrMO9eY1N+QLw9KZ2/Sd+1KcLhOGHyc5DhL6YmlhxsnMJDUiqrDC/v
j191WT41+yBSqfVY9PgKU3B1e/kEGWM+JZUz5Wpx8wP9NREjX+JUBkiTcvbho61D
3qxHFrqbcic1gKcCQ61c7dV2c/cH9EAYl426qzTclmw0fL1rKjutUJ6USq05gcNU
e8ugKz5xR/EyiUKx1iPRlKd1EJORX5n+XdTNhvJuO2x5CXmT28Snv7ZpQEC3Qpt+
P6f8hm1c2Dmc05wePoc4fbPL4j47fG45EXWeMw2gAPzWuGkVEN2zUSRf43e985/k
E3nzQVwXZ1K3zg80PEv9BcmH3aA0I0Vp4b3EH2gVi5Zxcf8fZoqVKBWppFND29pN
hQ9Vnlu1R/LQ9I4OFO+txmuEADCVh4KNzZBfPwdz5ZiPAtw3jFpYSbbsC+nbha+4
sW3HwDwCqF8tXBNyVFI5Vk5Saagu8Rj4/ng4NuEHVFIJD3Ul5bKb4Li2Ld5HGMmc
WU7XTwBO08onPZp/EpYem8LQ3fPmwKIdyiWDc7gOIeHgLp0/y08aJTcacYBpInfq
o3Ne6z/drZErYRie3r7NCpzCt3xzEcQhfMi3PxxTOMOU3cdEtQhkAq+XruWesIOS
U4/Kgv59K0wpMmg8Ezg9qKrDnwylNhab//sC3IT6/CjHsvHAmMyxwRVaPu4420l1
uK8fZPCHSmHeuR+A2iEiQMBmCWE51BIi3tOH25PhkibpZHD4RcN5b+Ws7lCbFF1s
fCsYoVLEufzEZdsr7LkDpMdfvwJXt2BqvwRuNwoV5VnuVLI+yfnkak4j/pt9Vwvy
hAqSCdzjxp6Sor/5tJBs7mfGQHO3ULgp3bVkuELnzHEOyUq1h3BOpk6VDnk9t2VI
xg1WVr6gztKdvtjnfFoguE+Wdd6N1XGMxlBzzY7BM1TIXQM2k9mM6r5ACoy17/Xr
M8aS8BQJ+M+dUVKTm0fMLPVOCqmIlmVwZRrJybwc0+Qx8yzLNGTbwHUlBZ0xct04
JLrpH4vuzbewKIXCPQn9iCtmSNuHOkdaryKaVF/IrM2QXMl20WG3OMtazDnvYGP9
NTyyDQp1CMug+WSH3aEhs65pHHMjxj/I+4cH8CcggKbencG5QF2ztBcP0RK+Facl
YK4IEMkrCdorkY6MAOhLKhAOGPcYFSDgLwAvrN/xVLTkZg7Y2jR8gD33QZh9TDrl
vn9D5Se2xoGt6F9P3HuGnRSNgSK572ViPoMXqqjEJz4SShPwCWyUn5PDwYhJhBJs
UWrDe94SSE93IuXItNGO1A==
-----END ENCRYPTED PRIVATE KEY-----

99
Kanzlei-Kiel/openvpn/keys/hh-suesse.crt Normal file
View File

@ -0,0 +1,99 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13 (0xd)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
Validity
Not Before: Jun 20 01:18:40 2018 GMT
Not After : Jun 20 01:18:40 2038 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel-hh-suesse/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:ce:47:4d:5f:ad:af:dc:78:19:ac:37:66:7b:0a:
9e:07:b7:40:0c:72:34:6d:d3:6b:a4:b7:62:59:4a:
16:96:7a:ab:f6:50:1a:a7:68:5f:b1:eb:8f:68:a5:
f0:56:ca:9b:12:7a:98:20:72:6a:3b:cb:2c:f0:b0:
5f:cb:68:40:01:12:ed:a7:9a:e1:d0:32:61:76:77:
47:cb:60:30:7a:e1:c1:4a:a4:ee:bf:14:d3:80:15:
45:19:72:06:25:a2:2b:95:d3:28:13:37:99:b8:65:
b7:f5:1c:0e:7b:11:ce:cc:ec:62:61:06:bf:4f:54:
cf:ee:9d:63:39:5c:68:73:62:36:32:89:65:87:dc:
39:91:b2:e7:75:ff:ab:94:51:2e:be:ed:ce:dd:1e:
3b:b0:c3:8c:5d:5d:91:1a:e7:6d:ef:e7:3f:95:73:
4a:17:ad:20:9e:04:89:19:1d:cb:8f:0f:83:aa:f5:
f2:44:e2:db:86:e1:0f:f4:c2:23:1f:16:2d:fb:39:
8f:b0:27:56:05:9c:95:b8:4d:c7:4e:e3:d6:6b:ca:
52:1e:ea:07:7f:34:ca:44:b4:52:61:70:5a:b5:0d:
08:56:93:56:24:03:38:e9:d7:d4:35:46:fd:07:76:
9b:59:d3:40:cc:1b:e6:ef:25:d8:30:7b:a8:9d:ae:
ff:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
65:F3:7F:95:10:B1:48:0D:12:8E:7B:13:1E:B8:CC:E5:10:F9:D0:87
X509v3 Authority Key Identifier:
keyid:4E:82:1E:14:81:EB:9B:C8:71:2C:B1:22:68:90:BF:EE:D9:D4:FF:D4
DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
serial:FE:59:AD:5E:BE:90:05:3E
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:hh-suesse
Signature Algorithm: sha256WithRSAEncryption
29:19:a3:04:b2:3d:34:c8:3c:84:02:aa:9d:d8:f8:e8:75:6d:
30:36:7a:27:4c:aa:67:ce:92:36:0c:99:7e:41:aa:6b:f2:fb:
66:33:2f:21:e9:fc:c5:c5:34:cd:7f:a1:9e:63:a8:99:6d:86:
4f:74:73:87:a5:d4:5f:59:36:61:d2:71:6a:e6:ba:11:a1:87:
e0:97:2b:81:a9:e0:7a:aa:95:86:62:cf:9d:20:39:b5:41:b8:
5b:6f:7a:57:b4:72:9d:53:f7:f4:d1:72:6f:8b:23:90:38:56:
53:97:f2:ce:e0:bd:76:56:ff:f4:f4:7f:58:d7:c3:94:fd:7c:
8f:8a:63:2e:49:84:d6:85:b3:6d:ad:de:5e:2e:9b:37:e7:7a:
77:b0:45:63:59:8f:a0:6c:9f:20:1b:10:cb:3c:88:b9:61:61:
7b:da:b8:69:97:8c:07:a8:75:57:a5:bb:4a:1f:57:53:6d:1b:
4b:9b:e9:2c:78:55:4d:e8:cb:e7:ce:f8:61:9e:e4:04:63:3f:
6c:ad:38:73:74:61:03:25:f7:c9:6c:d9:42:c0:00:8c:ef:93:
9c:cd:09:9c:84:ff:43:ae:1c:fe:85:1d:c3:0c:e7:a6:09:3d:
48:60:22:6a:69:8c:6e:dd:98:30:cc:e2:03:c5:f1:81:28:54:
c1:6b:66:38
-----BEGIN CERTIFICATE-----
MIIFcjCCBFqgAwIBAgIBDTANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xODA2MjAwMTE4NDBaFw0zODA2MjAw
MTE4NDBaMIG+MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
aWNlczEjMCEGA1UEAxMaVlBOLUthbnpsZWktS2llbC1oaC1zdWVzc2UxGTAXBgNV
BCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBv
b3Blbi5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM5HTV+tr9x4
Gaw3ZnsKnge3QAxyNG3Ta6S3YllKFpZ6q/ZQGqdoX7Hrj2il8FbKmxJ6mCByajvL
LPCwX8toQAES7aea4dAyYXZ3R8tgMHrhwUqk7r8U04AVRRlyBiWiK5XTKBM3mbhl
t/UcDnsRzszsYmEGv09Uz+6dYzlcaHNiNjKJZYfcOZGy53X/q5RRLr7tzt0eO7DD
jF1dkRrnbe/nP5VzShetIJ4EiRkdy48Pg6r18kTi24bhD/TCIx8WLfs5j7AnVgWc
lbhNx07j1mvKUh7qB380ykS0UmFwWrUNCFaTViQDOOnX1DVG/Qd2m1nTQMwb5u8l
2DB7qJ2u/2MCAwEAAaOCAYEwggF9MAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAW
HkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUZfN/lRCx
SA0SjnsTHrjM5RD50IcwgekGA1UdIwSB4TCB3oAUToIeFIHrm8hxLLEiaJC/7tnU
/9ShgbqkgbcwgbQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNV
BAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3JrIFNl
cnZpY2VzMRkwFwYDVQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQpExBWUE4g
S2FuemxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGWC
CQD+Wa1evpAFPjATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwFAYD
VR0RBA0wC4IJaGgtc3Vlc3NlMA0GCSqGSIb3DQEBCwUAA4IBAQApGaMEsj00yDyE
Aqqd2PjodW0wNnonTKpnzpI2DJl+Qapr8vtmMy8h6fzFxTTNf6GeY6iZbYZPdHOH
pdRfWTZh0nFq5roRoYfglyuBqeB6qpWGYs+dIDm1Qbhbb3pXtHKdU/f00XJviyOQ
OFZTl/LO4L12Vv/09H9Y18OU/XyPimMuSYTWhbNtrd5eLps353p3sEVjWY+gbJ8g
GxDLPIi5YWF72rhpl4wHqHVXpbtKH1dTbRtLm+kseFVN6MvnzvhhnuQEYz9srThz
dGEDJffJbNlCwACM75OczQmchP9Drhz+hR3DDOemCT1IYCJqaYxu3ZgwzOIDxfGB
KFTBa2Y4
-----END CERTIFICATE-----

19
Kanzlei-Kiel/openvpn/keys/hh-suesse.csr Normal file
View File

@ -0,0 +1,19 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIDBDCCAewCAQAwgb4xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3Jr
IFNlcnZpY2VzMSMwIQYDVQQDExpWUE4tS2FuemxlaS1LaWVsLWhoLXN1ZXNzZTEZ
MBcGA1UEKRMQVlBOIEthbnpsZWkgS2llbDEhMB8GCSqGSIb3DQEJARYSY2t1YnUt
YWRtQG9vcGVuLmRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzkdN
X62v3HgZrDdmewqeB7dADHI0bdNrpLdiWUoWlnqr9lAap2hfseuPaKXwVsqbEnqY
IHJqO8ss8LBfy2hAARLtp5rh0DJhdndHy2AweuHBSqTuvxTTgBVFGXIGJaIrldMo
EzeZuGW39RwOexHOzOxiYQa/T1TP7p1jOVxoc2I2Mollh9w5kbLndf+rlFEuvu3O
3R47sMOMXV2RGudt7+c/lXNKF60gngSJGR3Ljw+DqvXyROLbhuEP9MIjHxYt+zmP
sCdWBZyVuE3HTuPWa8pSHuoHfzTKRLRSYXBatQ0IVpNWJAM46dfUNUb9B3abWdNA
zBvm7yXYMHuona7/YwIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBADV3CuVZBtIY
DjQ5qvdhmQ70hjPcPYjb28ECdMqDyaWtKy083x1bMSuYkDcXMkjRbXaiRJW+aswa
VWYS29wrSYBmz6QuIJWAyBWOZjgaY+kQ1aUzVkvS975kbKToxG5GcqBihDBQnEo8
GiN1n/errFGDhkz/uC0MgM1TgY29/VckncL95FnVrFa/gm8fCgbyinR4XQkegPsG
Qz26eXqgLxpS0SToD6uXfXvfa/9dBKex+bQnK3DCsiz69B2MnPwpwZrts7yBs/FX
BjUV8I3RWBosopwZZb3NS4qXMhM7yU4rspihu2ueGCCzapKovp9OilDhRjpcpUoW
YLvp92ZRLW0=
-----END CERTIFICATE REQUEST-----

30
Kanzlei-Kiel/openvpn/keys/hh-suesse.key Normal file
View File

@ -0,0 +1,30 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIRrW75zSeh/gCAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECM/ACjLMnFOqBIIEyH3tvetavQ4n
r+z1sBiLqhhfjqR0KVWznMpRWnwClNdu3XqQOYjRYRTcmMX1ILE7ifsyMfYNqmtw
df1zCB0qc4rpg+FGMjEAJpGuU2uxcN85nTvRI7l7y8iIi5Bffjr44eMfitLjXRat
XxZrkHIsbSpEhDeNBC5Pc9TCuqJY7PLac3a3JR0qNib+Ucpp9I8gWEW6FHrobSbG
mSpEZe+w7uoAq5tcaJy8yHAzVQfmh0TJK09mhiXdKEmDipcaWDyCeXX+8Ck9sY/I
Ykm5Fi/HrlAwMRYO834cWdBN1Zle1Prnn2xuOJsIKKTw/XktpOzbvOlykNgzVrvJ
VbGfydf7DpN9Z6QkX+b0DrwYP8B3ZJyFVoFSyS4x7id6SXhsV5QMa7Rpr61g5Eag
C3rcqwupmYqqirAHPMNbsjiV7APhGtXiGkoHZyDWe3NTzm6hMzYIbDcFtjIUEgyH
htqd33oUNkSbrx0BWBQQulrq/kjYTcJpc19txJSvdBJZeNemxxcrr73EXI1GOhJL
wKSP91yp7VPIE7S222eD1Q4hOvFHo/RTcaXXLUCX6MXH0kpLatf4iO26/FffRVxG
+Ds/5IGTCjfLlj/Z3FiFkRbC7Ra7W8qkGdfykVvMkmjgEZBVFRzVZpPkTrvwa3J8
93BlheE6bi6iGkvd6fRgLHl/029k3Rdt25Thfy/yXYWsXRJqc8J3/2ADjVFv0M0G
wW/O2WtIaHeMK3g/KNgGIc+Gui+2UFy26VJOK+xA5pxMtr80+o01D1RKkrriKEXP
qPtw/haSBpGKxn+RusujcNoRlwOC0oVHWvN7NqMaRJR78Zite2tECphCE454bl+g
SpjGei9O0OajCNe+RraWgAL4uhE51RUiLqbrx+Rt6NhZxxTQ4nqOzeI5sHIerIAy
YmMgWzjJljFwKSKysyjda1AVXSVtb82EXBko9ezmcTFtfvZIrx3w6pd0IXAh521j
y6zYiAdp+4wZzuL54wZYk1t8ZG7dcA/iXY+RTS9PVkXveDHF2c6jgmBEjJtoxBMM
WHdU0iE2pr7lSqmznr5wxZ2rcXCuUGYUCqdYAwdD4o8OLouWXhYtMdFcGrx6ouc9
9YFwZR8qpeNHyEzJplxBIgLQ5maDm2pwpCAZXauU5zLZ1L35B6lF79+TUNQjqtSZ
QI75KiukKh34a3a941IjALjXqrp+CzDCjdmww/R291oW3KeJ381E/k8+lZi9M8d9
ZdCchKVpLOrixRCw5r7ItWczeFpVukdWuf2CzqHEzEz6r42IPbITAkrqChsm2UHh
v3xrAk/JySmDL2D+iIapGTxlDto7Sf5D1AxKqvb3xWyReG01mEzYn6sxzng/BpNB
7gkouadIUGsSnzz3gqGuBWUjMVa6Xq0bf9onUrfRk/6e6I3maWOpkTsn2x2nkAwm
kgyA2PEZ1HcKyxQM6C4JOSAcLMZI4cDsA8/V6vwwxY249HhPGDtfDvUTpDipogW7
D5qWyVsNpaeKPmAf5C8Wm5M9ikgQTJ2woCkkpzi9pn4K/j8s94sam2rAxTnTksKS
GYnA1Tq6s6jyVYXqf4wE3Oh5AJoy3uQ0NQZW9QIobK0gIibNk+MUZbsXffKidbU3
qxWilBX7I6N07FjmO1fYTg==
-----END ENCRYPTED PRIVATE KEY-----

7
Kanzlei-Kiel/openvpn/keys/index.txt
View File

@ -4,3 +4,10 @@ V 370627232459Z 03 unknown /C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Service
V 370627232640Z 04 unknown /C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel-axel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de V 370627232640Z 04 unknown /C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel-axel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
V 370627233437Z 05 unknown /C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel-pc-hh/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de V 370627233437Z 05 unknown /C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel-pc-hh/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
V 370627234232Z 06 unknown /C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel-doro/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de V 370627234232Z 06 unknown /C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel-doro/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
V 380619213616Z 07 unknown /C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel-bjoern/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
V 380619213757Z 08 unknown /C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel-gubitz/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
V 380619214021Z 09 unknown /C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel-schaar/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
V 380619214153Z 0A unknown /C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel-molkentin/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
V 380620011546Z 0B unknown /C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel-hh-lucke/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
V 380620011706Z 0C unknown /C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel-hh-kanzlei/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
V 380620011840Z 0D unknown /C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel-hh-suesse/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de

7
Kanzlei-Kiel/openvpn/keys/index.txt.old
View File

@ -3,3 +3,10 @@ V 370627232059Z 02 unknown /C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Service
V 370627232459Z 03 unknown /C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel-gw-ckubu/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de V 370627232459Z 03 unknown /C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel-gw-ckubu/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
V 370627232640Z 04 unknown /C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel-axel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de V 370627232640Z 04 unknown /C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel-axel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
V 370627233437Z 05 unknown /C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel-pc-hh/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de V 370627233437Z 05 unknown /C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel-pc-hh/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
V 370627234232Z 06 unknown /C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel-doro/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
V 380619213616Z 07 unknown /C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel-bjoern/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
V 380619213757Z 08 unknown /C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel-gubitz/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
V 380619214021Z 09 unknown /C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel-schaar/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
V 380619214153Z 0A unknown /C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel-molkentin/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
V 380620011546Z 0B unknown /C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel-hh-lucke/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
V 380620011706Z 0C unknown /C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel-hh-kanzlei/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de

99
Kanzlei-Kiel/openvpn/keys/molkentin.crt Normal file
View File

@ -0,0 +1,99 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 10 (0xa)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
Validity
Not Before: Jun 19 21:41:53 2018 GMT
Not After : Jun 19 21:41:53 2038 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel-molkentin/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c6:6a:c0:92:83:b5:0c:46:87:8e:7e:c3:2c:87:
b5:55:19:43:ea:91:84:b0:20:2e:9f:c5:64:5a:58:
e9:7c:f5:95:26:3c:34:86:c4:1d:23:e9:78:7d:10:
7d:84:b8:29:14:ff:00:cb:13:3a:a2:fb:cc:0c:bd:
9e:5b:99:1b:c6:0b:aa:47:27:8b:f3:61:0c:36:a2:
cc:f1:fd:c6:4d:cc:b1:da:e9:7b:93:76:53:52:99:
90:27:5d:0f:5d:8e:1e:4c:1a:fe:28:17:dc:cd:1e:
f3:19:7b:38:26:2a:b4:33:80:d0:38:7e:80:e6:6e:
e9:ee:69:6b:8b:58:22:4b:36:b6:7b:17:0b:a0:8a:
d4:f3:c4:76:01:a4:ad:1c:87:dd:65:6a:40:de:69:
cb:4e:25:10:c6:4c:f9:df:94:11:78:12:e6:74:15:
b1:2b:e7:41:08:50:c6:dd:31:f4:98:80:6f:ef:82:
17:68:1e:ab:59:0c:d8:72:54:1d:6b:09:2e:9f:88:
27:90:76:e1:97:4f:db:5b:ef:e1:af:4c:10:3f:eb:
51:e6:a7:82:b8:95:c6:3d:19:a6:1e:16:f6:2f:f7:
6d:8b:4c:9d:ee:aa:32:3b:a6:73:67:0e:b8:01:8d:
28:44:8d:05:2a:3c:9e:51:3f:09:d0:5e:44:d8:dc:
47:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
72:5D:8B:B1:D0:0D:18:39:9B:B2:C1:ED:D8:3B:2C:30:45:B7:F3:16
X509v3 Authority Key Identifier:
keyid:4E:82:1E:14:81:EB:9B:C8:71:2C:B1:22:68:90:BF:EE:D9:D4:FF:D4
DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
serial:FE:59:AD:5E:BE:90:05:3E
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:molkentin
Signature Algorithm: sha256WithRSAEncryption
44:50:10:96:65:54:09:d1:a9:b7:b0:0f:4d:50:45:4a:ec:a7:
eb:fb:17:15:44:be:0e:b1:70:2c:05:d7:46:ee:ea:59:3a:92:
52:f2:88:e5:11:86:c2:34:5a:94:92:28:74:b4:6b:e3:31:d1:
d3:4d:c8:bf:2a:6a:1a:1d:51:ca:a4:c9:bb:a4:6d:c3:89:6f:
af:9c:68:05:70:ef:69:55:a9:0b:2e:30:1d:a4:e8:d2:a5:53:
e1:51:82:80:db:7e:ab:1e:90:8a:9b:c5:a7:6c:fd:cd:6d:89:
41:79:a2:ae:f9:1b:19:83:29:98:2e:86:d6:c3:97:de:58:b3:
0a:34:b1:73:9a:ed:2a:9e:18:a9:7b:fa:9d:0c:fe:9c:b4:68:
ee:de:7c:2d:40:4c:21:e2:be:19:ef:eb:91:e3:11:1f:55:9a:
da:2f:0d:b1:fb:b1:30:ae:83:30:bb:ef:18:64:5e:57:de:6f:
b7:ca:58:06:06:4a:29:1a:25:f5:71:4a:39:4a:83:44:d7:d8:
62:ea:31:18:2b:d1:ec:4f:3e:4b:b1:82:41:76:10:7f:7c:e4:
95:28:e6:3e:e0:c3:82:d8:87:db:56:0a:4d:ad:cc:22:05:d1:
76:0a:b9:d9:0b:08:3d:35:34:d2:e7:25:a9:6a:e8:aa:3d:e3:
c1:70:00:2a
-----BEGIN CERTIFICATE-----
MIIFcjCCBFqgAwIBAgIBCjANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xODA2MTkyMTQxNTNaFw0zODA2MTky
MTQxNTNaMIG+MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
aWNlczEjMCEGA1UEAxMaVlBOLUthbnpsZWktS2llbC1tb2xrZW50aW4xGTAXBgNV
BCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBv
b3Blbi5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMZqwJKDtQxG
h45+wyyHtVUZQ+qRhLAgLp/FZFpY6Xz1lSY8NIbEHSPpeH0QfYS4KRT/AMsTOqL7
zAy9nluZG8YLqkcni/NhDDaizPH9xk3Msdrpe5N2U1KZkCddD12OHkwa/igX3M0e
8xl7OCYqtDOA0Dh+gOZu6e5pa4tYIks2tnsXC6CK1PPEdgGkrRyH3WVqQN5py04l
EMZM+d+UEXgS5nQVsSvnQQhQxt0x9JiAb++CF2geq1kM2HJUHWsJLp+IJ5B24ZdP
21vv4a9MED/rUeangriVxj0Zph4W9i/3bYtMne6qMjumc2cOuAGNKESNBSo8nlE/
CdBeRNjcR80CAwEAAaOCAYEwggF9MAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAW
HkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUcl2LsdAN
GDmbssHt2DssMEW38xYwgekGA1UdIwSB4TCB3oAUToIeFIHrm8hxLLEiaJC/7tnU
/9ShgbqkgbcwgbQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNV
BAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3JrIFNl
cnZpY2VzMRkwFwYDVQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQpExBWUE4g
S2FuemxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGWC
CQD+Wa1evpAFPjATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwFAYD
VR0RBA0wC4IJbW9sa2VudGluMA0GCSqGSIb3DQEBCwUAA4IBAQBEUBCWZVQJ0am3
sA9NUEVK7Kfr+xcVRL4OsXAsBddG7upZOpJS8ojlEYbCNFqUkih0tGvjMdHTTci/
KmoaHVHKpMm7pG3DiW+vnGgFcO9pVakLLjAdpOjSpVPhUYKA236rHpCKm8WnbP3N
bYlBeaKu+RsZgymYLobWw5feWLMKNLFzmu0qnhipe/qdDP6ctGju3nwtQEwh4r4Z
7+uR4xEfVZraLw2x+7EwroMwu+8YZF5X3m+3ylgGBkopGiX1cUo5SoNE19hi6jEY
K9HsTz5LsYJBdhB/fOSVKOY+4MOC2IfbVgpNrcwiBdF2CrnZCwg9NTTS5yWpauiq
PePBcAAq
-----END CERTIFICATE-----

19
Kanzlei-Kiel/openvpn/keys/molkentin.csr Normal file
View File

@ -0,0 +1,19 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIDBDCCAewCAQAwgb4xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3Jr
IFNlcnZpY2VzMSMwIQYDVQQDExpWUE4tS2FuemxlaS1LaWVsLW1vbGtlbnRpbjEZ
MBcGA1UEKRMQVlBOIEthbnpsZWkgS2llbDEhMB8GCSqGSIb3DQEJARYSY2t1YnUt
YWRtQG9vcGVuLmRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxmrA
koO1DEaHjn7DLIe1VRlD6pGEsCAun8VkWljpfPWVJjw0hsQdI+l4fRB9hLgpFP8A
yxM6ovvMDL2eW5kbxguqRyeL82EMNqLM8f3GTcyx2ul7k3ZTUpmQJ10PXY4eTBr+
KBfczR7zGXs4Jiq0M4DQOH6A5m7p7mlri1giSza2excLoIrU88R2AaStHIfdZWpA
3mnLTiUQxkz535QReBLmdBWxK+dBCFDG3TH0mIBv74IXaB6rWQzYclQdawkun4gn
kHbhl0/bW+/hr0wQP+tR5qeCuJXGPRmmHhb2L/dti0yd7qoyO6ZzZw64AY0oRI0F
KjyeUT8J0F5E2NxHzQIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBAGdE063Q3RRl
v2YM1ZJGtTeDZT+TMSI0KrjMt2XcDrG+TDh9c3aJvwPE4dOGN88uqx1WMLGiuZcA
G+0E4IzuZB+h8ANev4/xPnSORPouvs9JPhVzx0eAEDed87xOickvgi0qW04PArRv
I0o8POvR0yeOQy4Ey91UN8iggn2nlatWGnW1VifEft8HyQzJAk5xJ6lErk+od/b5
T1T5djwWYyCLg3Vu03sBhm3+DlB2VywzrfQbX+Lfco9rkFWKKAxqt6b70hI6NY2a
0XtOJLg3fUXN0ubulP3kx0BwYJihjGnH2nTdwJqcyg0/GYWR2Fh5vojl441SjhXC
ieMNBDXDUPs=
-----END CERTIFICATE REQUEST-----

30
Kanzlei-Kiel/openvpn/keys/molkentin.key Normal file
View File

@ -0,0 +1,30 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIhT82G+86y3QCAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECHY/+Su7BqkgBIIEyIyaJBc3qqTh
pIhFPfRyyn8CKIS4czpHbPOAfO3CGm+Jhkv8x9xpgv22+lg2t8fp5Tbc5lDEdI9n
WQaXiwtlgLTkh8h3HxMnz63nQ3Noh+GIVlowLz+mxGw3rjXyOKgmwdJc2RLijaM8
Ug2E2Umx7PH6w78ILrt6edj6VapzGs8frlRYcB+w4eOnX3aDA+hIH5jkmKTiJF9o
bX3OzscISbak6od/FqMj5SNXMDVQd00wpmOqx/BUPdUWgK+yKjr1OG7QtihsrkwQ
Xwan+8OWUvlxWZbOgALWVKACZxgSQUxg9KUY6xZa/yYo2fgUjeaFd7eimi6cATER
Zc/zW4Dueo5PxnKw3F4VK44QyL2817EdrUvTKFJKE9mPS1szBFdqhbsN7OO91ked
rSzE84CijhuTuMZ58afQp/nueTSlswFl/MwftTJo6lRR6gNzoc3E2HL4fV+tYUdk
oV4vb0HBLxbSX1vIG2pcST4V7VhTqXvGbKNqv0a1zFz1s+tK9cJV1OstTmqyIsSx
MEM8AYNmwC7ww1sbdTYCPtoHlvlK9edgzA4ojbGGLVE84P7BSNrAQiTeanGYROZr
yw4ZRAQOonv091+2sBQTVJkiuTu78yAxoVXWjCwhb3E1YX/h/5wmtViB0uRt9SOB
zPi8qZWWHi8SLBBVQ2YTj6dotZN3Zy9SxbKn/p9AjoNMX4En/bvfZyMHcqKjfJUD
tIXNQUOglMVRoJ4JR6legma9v+QCtptiDUHm+4Kw40zgHrL4UZbvf49a9itbz1Ti
aiOzMBlpZGuv9D5HQrnxY6v4kWPlbvWHVLtPd335rOpNfCR9Mdp8ZDH4QpOkjWKY
07JgaBt60mmzZwO7skUVJyiG8MC9k4BZ9OB08IQPMvKiLzGAYcUl8455tM98KBZ0
oDCRsq+/osDuCusJo+cRkIuhoMkEL1AkrNYZNbZnxJH7O9loFxwyzkAphcKFDsKf
eFl1I/k5aMmWEzMrosoVfaSe1Q71EZOpE4AM97/whTAl1ZyI25yKtvcdmhzTRO6c
geuELG713eEP5F6HuCWwb4EL/7XeTH5fIXvOrrNlArTLf4oVceVC0oHntI6dqtly
BKdkeaRMBmINWTIcSgf18b/+EVZf723IHJsnodyWw1AssXSfyxzw7e5L4H8isQI4
AAUiZjU4O3xRWnuuz86ikcDWsZ4AQoWePOZvqr2kXqArLTG/EBXaR54cVHiQMr/z
11C7lIJ1OuqnP1/aFbSti1tnbiGK24LpJAW0ycvcj4JBLNxd3KlQs6yjtpLExjtn
MbUArEROdJnJmmQ1kuTZII87vnhkmzB6EQslqfXKCpDc9w7WGv7Yuqf2r7vOhuGG
eIvtwX+sqzO29UKJNCxe14TMZpQpe6Oyewk4L5xUCLjNpd9qmm2Oc/At/N2k85Ct
4BcWvNrpBklLgTR2+Hiiw3tS34pZ5VJdUlYHN0ZPbChqYIjeqhBQsYktoLAoVkDv
p+w/DuErEV4S9SxhwMHHlMZXpQIGYs+aGaJiTgYmos6Wxgg3Pnz95pN3w7KUd+Ig
5BL2d0ZfmC8Wm/h4RdGeZZYHmA4dl1n+8D6Pycm02f/LXNoylsbge4kvzOoV2U8J
b0ZWRsYKxyssZP8ZWc6QZw==
-----END ENCRYPTED PRIVATE KEY-----

98
Kanzlei-Kiel/openvpn/keys/schaar.crt Normal file
View File

@ -0,0 +1,98 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9 (0x9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
Validity
Not Before: Jun 19 21:40:21 2018 GMT
Not After : Jun 19 21:40:21 2038 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel-schaar/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:a0:25:f4:ac:2b:24:46:38:f2:46:ce:5e:d1:ba:
bf:11:b1:a7:c0:27:39:97:ba:88:5c:a6:f8:a0:02:
c9:75:f4:ae:52:5c:91:38:85:ae:9b:4a:97:80:86:
4d:da:dc:cf:fe:d3:d8:5e:75:83:56:4b:1e:42:3d:
55:0d:9a:2c:30:7e:51:c8:e8:bb:45:99:c2:f2:76:
51:e8:a0:62:5b:7c:2d:44:91:78:ce:ea:0b:9a:dc:
a1:90:87:4e:02:83:50:65:2b:ff:ef:12:b5:ee:e7:
61:81:89:23:f6:b9:54:3b:dd:09:d0:7c:a3:c6:3f:
fb:ed:ea:46:92:e1:68:c9:6e:11:30:1a:2e:3d:cf:
f1:c1:81:be:de:df:71:e3:f4:be:a2:fa:50:9f:75:
ea:89:43:d9:b5:93:67:10:fb:2c:8b:b2:84:24:73:
e3:b3:19:ce:b9:14:c5:09:8f:dc:73:7a:3c:8e:87:
c6:97:be:e2:dc:ed:d4:65:ab:42:79:b0:18:2c:95:
b3:aa:c4:b9:91:17:7b:f1:8f:bd:f0:f5:59:12:7a:
88:5c:09:76:19:a9:7c:67:86:0f:65:d5:5e:a8:a8:
60:ce:c4:a5:be:71:c5:9c:b9:4c:1b:81:a0:3b:ee:
59:90:1b:7e:19:a0:be:1e:f3:5c:22:7d:70:a6:9b:
dc:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
B7:64:B2:13:73:54:E0:94:2D:2A:3D:8F:12:0A:82:1B:D7:17:A6:71
X509v3 Authority Key Identifier:
keyid:4E:82:1E:14:81:EB:9B:C8:71:2C:B1:22:68:90:BF:EE:D9:D4:FF:D4
DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
serial:FE:59:AD:5E:BE:90:05:3E
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:schaar
Signature Algorithm: sha256WithRSAEncryption
94:75:9e:6c:af:c0:e5:c3:d3:17:3c:01:fa:15:ce:ae:37:df:
b4:30:7a:1c:1c:0e:a0:a8:bd:fd:c2:f9:f2:56:fc:ff:2b:97:
a8:1a:25:12:a1:71:5a:82:ce:30:56:3f:20:5e:dd:32:76:9a:
bc:f7:71:91:f0:38:53:28:7e:ce:69:28:3c:e3:0b:f3:ad:37:
d6:23:16:07:f7:c2:42:12:93:20:55:72:ae:67:31:cb:81:18:
1e:8b:04:e0:e4:b7:91:ad:3e:71:1b:0a:30:a4:1c:ba:c2:3b:
61:09:48:c4:8d:24:55:07:50:77:1e:e1:3a:75:83:48:25:29:
d1:77:60:26:bf:e6:0d:a1:72:54:c1:28:58:af:bc:f2:dd:65:
9a:47:f1:a4:10:ff:cb:78:c9:f5:13:3b:e4:5a:a4:0f:a5:d8:
78:5e:0e:e7:8b:b9:61:df:e1:72:b7:5f:3b:f5:de:ba:e6:a9:
70:58:68:3c:42:11:f2:c3:b0:6e:d5:7f:26:99:9d:91:d3:97:
f4:60:56:64:57:df:48:2d:21:18:01:be:79:c3:fc:3e:4f:fe:
d1:cd:f3:71:13:5f:76:e9:ab:f4:18:78:40:32:be:b2:6d:72:
b1:00:17:f5:b7:7d:d2:6b:d4:46:66:2c:d3:63:f2:f0:eb:7e:
65:fe:5a:aa
-----BEGIN CERTIFICATE-----
MIIFbDCCBFSgAwIBAgIBCTANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xODA2MTkyMTQwMjFaFw0zODA2MTky
MTQwMjFaMIG7MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
aWNlczEgMB4GA1UEAxMXVlBOLUthbnpsZWktS2llbC1zY2hhYXIxGTAXBgNVBCkT
EFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Bl
bi5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKAl9KwrJEY48kbO
XtG6vxGxp8AnOZe6iFym+KACyXX0rlJckTiFrptKl4CGTdrcz/7T2F51g1ZLHkI9
VQ2aLDB+Ucjou0WZwvJ2UeigYlt8LUSReM7qC5rcoZCHTgKDUGUr/+8Ste7nYYGJ
I/a5VDvdCdB8o8Y/++3qRpLhaMluETAaLj3P8cGBvt7fceP0vqL6UJ916olD2bWT
ZxD7LIuyhCRz47MZzrkUxQmP3HN6PI6Hxpe+4tzt1GWrQnmwGCyVs6rEuZEXe/GP
vfD1WRJ6iFwJdhmpfGeGD2XVXqioYM7Epb5xxZy5TBuBoDvuWZAbfhmgvh7zXCJ9
cKab3JsCAwEAAaOCAX4wggF6MAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVh
c3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUt2SyE3NU4JQt
Kj2PEgqCG9cXpnEwgekGA1UdIwSB4TCB3oAUToIeFIHrm8hxLLEiaJC/7tnU/9Sh
gbqkgbcwgbQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcT
BkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZp
Y2VzMRkwFwYDVQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQpExBWUE4gS2Fu
emxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGWCCQD+
Wa1evpAFPjATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEQYDVR0R
BAowCIIGc2NoYWFyMA0GCSqGSIb3DQEBCwUAA4IBAQCUdZ5sr8Dlw9MXPAH6Fc6u
N9+0MHocHA6gqL39wvnyVvz/K5eoGiUSoXFags4wVj8gXt0ydpq893GR8DhTKH7O
aSg84wvzrTfWIxYH98JCEpMgVXKuZzHLgRgeiwTg5LeRrT5xGwowpBy6wjthCUjE
jSRVB1B3HuE6dYNIJSnRd2Amv+YNoXJUwShYr7zy3WWaR/GkEP/LeMn1EzvkWqQP
pdh4Xg7ni7lh3+Fyt1879d665qlwWGg8QhHyw7Bu1X8mmZ2R05f0YFZkV99ILSEY
Ab55w/w+T/7RzfNxE1926av0GHhAMr6ybXKxABf1t33Sa9RGZizTY/Lw635l/lqq
-----END CERTIFICATE-----

19
Kanzlei-Kiel/openvpn/keys/schaar.csr Normal file
View File

@ -0,0 +1,19 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIDATCCAekCAQAwgbsxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3Jr
IFNlcnZpY2VzMSAwHgYDVQQDExdWUE4tS2FuemxlaS1LaWVsLXNjaGFhcjEZMBcG
A1UEKRMQVlBOIEthbnpsZWkgS2llbDEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRt
QG9vcGVuLmRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoCX0rCsk
RjjyRs5e0bq/EbGnwCc5l7qIXKb4oALJdfSuUlyROIWum0qXgIZN2tzP/tPYXnWD
VkseQj1VDZosMH5RyOi7RZnC8nZR6KBiW3wtRJF4zuoLmtyhkIdOAoNQZSv/7xK1
7udhgYkj9rlUO90J0Hyjxj/77epGkuFoyW4RMBouPc/xwYG+3t9x4/S+ovpQn3Xq
iUPZtZNnEPssi7KEJHPjsxnOuRTFCY/cc3o8jofGl77i3O3UZatCebAYLJWzqsS5
kRd78Y+98PVZEnqIXAl2Gal8Z4YPZdVeqKhgzsSlvnHFnLlMG4GgO+5ZkBt+GaC+
HvNcIn1wppvcmwIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBAHtKBTO1yq8N332X
SCe8aekcXwjtqhZAZt8bRxaMq4+K/ewVwn4cOo2e4FSTS5EIKlFcLvb166tOIeNN
jf8drOKLWCVVOHHs3KVwMDMUJuebXC3Jp6eslOtfC9KK0wBlhwCJFBBlLjEHN7bX
Vj81CJWrYvmZ0m03D39KHBgRBoPpY1oAT7OqgkSXgK/tEpRMsFmTwDbpyp+TAvF9
5cgmcLV5PxUgGfdO2F/7Lu2BrXWk0S/ldecYLNrSIGklFBt1nVOgqZu6C/rvD/5+
0rNhM+o7QMwqW2ZHBZf1pEt/58sTEPLlrlKsYDmggNokH4ZEz3KfHKyH3+fuhg3f
LXXxSNk=
-----END CERTIFICATE REQUEST-----

30
Kanzlei-Kiel/openvpn/keys/schaar.key Normal file
View File

@ -0,0 +1,30 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI1Veh57OJg/kCAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECIGb91ZmXtibBIIEyNonyB+eF+2I
NwQeNXzcqL/jiPNiTN6Wk6VD6OUeDejhXXgoVAC3x8fs+HPMdMqAQCR4gXlCJMCd
W0Jse3QvmH+46KkV6vTLaNV59lZonZIod4lp8J4PQqH8+s6o8SJ9sPypx7C9AbZf
Y+Ibrv6lp4BRu8vL8e5PAUoltv/1NlxDyxALxJzO/wAFOQRNGtjWcSBPKDPXURR5
DGhz/Ody/5LilOpC57KmphlCD4Mx4w94NalsBibE0aumT7I9wKeyHKrkq4sJBUHs
/M22S0blCfXhcvf8bQc1+FzsBWp1+UtRTgEJuiwFRKLK4APxvmXsXpaDBOM02F4K
a1ZFiQtrJLCLPfShV9/DL6rzX/bP/p0kwpx7valpW/nFA/iCRuyNA3isaB+NC9Lm
XaOPETsxPMxS/BsFDiMvryeDC8KEuuAa/WEizq9Z0xWYKvOYgan1HKoWvRvzmiC2
7txnrPK/axiwlha1jMZxTaHCGy6b6w08gz6ss+U1vPT4Qb0fK4Ovnbs8zh1/U8AS
z7kDsLRoxfSUynkYSYJjaJRysqe4YcDCcUisyDRYIQrRYgZk3h2pev1aell91F9R
LgHJ9mWECqB5xni80B/MpPiF/gWqTb316iPse1g+Bp/dAGl1tDHppUl5Z9/wqdMM
9ULtJOZm3EYfgOHNFvpDwNlLFEAB07PO4+oMByL890Ym3tcaoCt+d3fx4jmmaJqA
qqD2Wd+f8628gbhsbGq0Mex2DqAiOig96X9awcknZrs7EQIFvR9cK0wl4uEt8FuF
5tBPPY8Tsjm3jphOw0WBe/E4DuFnQsnNcsKmEOTOn8125UkQbPhlPqCOBMlcw5aK
L7b3ikd79zFTdWgSAao9Sf9/xhHNwsK7IBE32gXO6qD61AnOQgihKzi/ZV2Tp90P
w6I3EZ5oP3BNnPp9l6nvGYe0HnkNqUigcuP0w28M3wj+nX+cFVZD++3uTh7xOJM6
+br+TBQ4HDZ324PqiMXF45KCRvUrQ0ubRa9QxaXGVxpA9Rn8L+nqPkGocrrg1tb8
eeVYxLyQeQqsDBjO7w7rDL1ZHra72we78/3BkMS5gv2tQoAqPhAEv/43J2hyp3cR
0crZ8elxduaYXscDob56mYyBaDjWaOeKbGrm76yB10leEmN9MeHI7kQVur8/J/cI
GjK00zp7dY4/WorFxPFuSFQjeDnvI2bLlqdYaX9d35lLr7s4TYlAXM47+j9QzyMp
Maos/5/uUTkoyKiZbdzE0QoLlGqqoFGCWA6TgpPZHW3uXmf4gU9EQzTVHPcI6h9B
2APQiECFvDPTHtlDaU0f8b14k3KV4KBEBiFCa7yBnVCGOt74tz//cPOft1Jf5vph
QRhgNBw3l6rivM1QnMIKFuM9gqC4xcS6By+2+Ia4Ddo+SIEvDLEHtMs/DnheVkNi
e0TAiruK58J5nvdXf9h91WdqPhQAU4BRGzwtVX0yE8D6nSCvUZfaLT4tukr9kt0H
393u4t1/ruz4hpe4vCngnKDfSk/kbMbXF/XaDzytTO5AoA68CgS5pvhGpmRzVptk
aHglm1S5S3yCB0+ye2jDTBnckUIs+XXy8Uej6fJBon25HD4hyiVPIXkwOB78mhjv
AQwv/QUSTX4l1owOvSvW4g==
-----END ENCRYPTED PRIVATE KEY-----

2
Kanzlei-Kiel/openvpn/keys/serial
View File

@ -1 +1 @@
07 0E

2
Kanzlei-Kiel/openvpn/keys/serial.old
View File

@ -1 +1 @@
06 0D

2
Kanzlei-Kiel/openvpn/server-gw-ckubu.conf
View File

@ -261,7 +261,7 @@ cipher AES-256-CBC
# Enable compression on the VPN link. # Enable compression on the VPN link.
# If you enable it here, you must also # If you enable it here, you must also
# enable it in the client config file. # enable it in the client config file.
comp-lzo ;comp-lzo
# The maximum number of concurrently connected # The maximum number of concurrently connected
# clients we want to allow. # clients we want to allow.

84
Kanzlei-Kiel/peers/dsl-provider.DSL Normal file
View File

@ -0,0 +1,84 @@
# Configuration file for PPP, using PPP over Ethernet
# to connect to a DSL provider.
#
# See the manual page pppd(8) for information on all the options.
##
# Section 1
#
# Stuff to configure...
# MUST CHANGE: Uncomment the following line, replacing the user@provider.net
# by the DSL user name given to your by your DSL provider.
# (There should be a matching entry in /etc/ppp/pap-secrets with the password.)
#user myusername@myprovider.net
# Use the pppoe program to send the ppp packets over the Ethernet link
# This line should work fine if this computer is the only one accessing
# the Internet through this DSL connection. This is the right line to use
# for most people.
#pty "/usr/sbin/pppoe -I eth0 -T 80 -m 1452"
# An even more conservative version of the previous line, if things
# don't work using -m 1452...
#pty "/usr/sbin/pppoe -I eth0 -T 80 -m 1412"
# If the computer connected to the Internet using pppoe is not being used
# by other computers as a gateway to the Internet, you can try the following
# line instead, for a small gain in speed:
#pty "/usr/sbin/pppoe -I eth0 -T 80"
# The following two options should work fine for most DSL users.
# Assumes that your IP address is allocated dynamically
# by your DSL provider...
noipdefault
# Try to get the name server addresses from the ISP.
#usepeerdns
# Use this connection as the default route.
# Comment out if you already have the correct default route installed.
defaultroute
##
# Section 2
#
# Uncomment if your DSL provider charges by minute connected
# and you want to use demand-dialing.
#
# Disconnect after 300 seconds (5 minutes) of idle time.
#demand
#idle 300
##
# Section 3
#
# You shouldn't need to change these options...
hide-password
lcp-echo-interval 20
lcp-echo-failure 3
# Override any connect script that may have been set in /etc/ppp/options.
connect /bin/true
noauth
persist
## mtu 1492
## - notwendig bei vergabe einer festen ip
## - von t-online:
## - mtu 1456
## -
#mtu 1492
mtu 1456
# RFC 2516, paragraph 7 mandates that the following options MUST NOT be
# requested and MUST be rejected if requested by the peer:
# Address-and-Control-Field-Compression (ACFC)
noaccomp
# Asynchronous-Control-Character-Map (ACCM)
default-asyncmap
plugin rp-pppoe.so eth1
#user "feste-ip7/9TB3EGVM46Z6@t-online-com.de"
user "0021920376975502683262730001@t-online.de"

84
Kanzlei-Kiel/peers/dsl-provider.VDSL Normal file
View File

@ -0,0 +1,84 @@
# Configuration file for PPP, using PPP over Ethernet
# to connect to a DSL provider.
#
# See the manual page pppd(8) for information on all the options.
##
# Section 1
#
# Stuff to configure...
# MUST CHANGE: Uncomment the following line, replacing the user@provider.net
# by the DSL user name given to your by your DSL provider.
# (There should be a matching entry in /etc/ppp/pap-secrets with the password.)
#user myusername@myprovider.net
# Use the pppoe program to send the ppp packets over the Ethernet link
# This line should work fine if this computer is the only one accessing
# the Internet through this DSL connection. This is the right line to use
# for most people.
#pty "/usr/sbin/pppoe -I eth0 -T 80 -m 1452"
# An even more conservative version of the previous line, if things
# don't work using -m 1452...
#pty "/usr/sbin/pppoe -I eth0 -T 80 -m 1412"
# If the computer connected to the Internet using pppoe is not being used
# by other computers as a gateway to the Internet, you can try the following
# line instead, for a small gain in speed:
#pty "/usr/sbin/pppoe -I eth0 -T 80"
# The following two options should work fine for most DSL users.
# Assumes that your IP address is allocated dynamically
# by your DSL provider...
noipdefault
# Try to get the name server addresses from the ISP.
#usepeerdns
# Use this connection as the default route.
# Comment out if you already have the correct default route installed.
defaultroute
##
# Section 2
#
# Uncomment if your DSL provider charges by minute connected
# and you want to use demand-dialing.
#
# Disconnect after 300 seconds (5 minutes) of idle time.
#demand
#idle 300
##
# Section 3
#
# You shouldn't need to change these options...
hide-password
lcp-echo-interval 20
lcp-echo-failure 3
# Override any connect script that may have been set in /etc/ppp/options.
connect /bin/true
noauth
persist
## mtu 1492
## - notwendig bei vergabe einer festen ip
## - von t-online:
## - mtu 1456
## -
#mtu 1492
mtu 1456
# RFC 2516, paragraph 7 mandates that the following options MUST NOT be
# requested and MUST be rejected if requested by the peer:
# Address-and-Control-Field-Compression (ACFC)
noaccomp
# Asynchronous-Control-Character-Map (ACCM)
default-asyncmap
plugin rp-pppoe.so eth1.7
#user "feste-ip7/9TB3EGVM46Z6@t-online-com.de"
user "0021920376975502683262730001@t-online.de"

55
Kanzlei-Kiel/sbin/disk-action Executable file
View File

@ -0,0 +1,55 @@
#!/bin/bash
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
BASENAME="${0##*/}"
ACTION="$1"
MOUNT_POINT="$2"
transmission_try_start() {
. /etc/default/transmission-daemon
if [ $(expr "${BASE_DIR}/" : "${MOUNT_POINT}/") -gt 0 ]; then
sed -r 's/^ENABLE_DAEMON=.*$/ENABLE_DAEMON=1/' < /etc/default/transmission-daemon > /tmp/.transmission-daemon.$$
cat /tmp/.transmission-daemon.$$ > /etc/default/transmission-daemon
rm /tmp/.transmission-daemon.$$
if [ "$(pidof transmission-daemon)" != "" ]; then
killall -9 transmission-daemon 2>&1 >/dev/null
sleep 1
fi
xMASK=$(umask); umask 0000
[ ! -d "${BASE_DIR}" ] && mkdir -p "${BASE_DIR}"
[ ! -d "${CONFIG_DIR}" ] && mkdir -p "${CONFIG_DIR}"
[ ! -d "${DOWNLOAD_DIR}" ] && mkdir -p "${DOWNLOAD_DIR}"
[ ! -d "${WATCH_DIR}" ] && mkdir -p "${WATCH_DIR}"
[ ! -f "${CONFIG_DIR}/settings.json" ] && cp "/var/lib/transmission/settings.json.template" "${CONFIG_DIR}/settings.json"
umask ${xMASK}
/etc/init.d/transmission-daemon start 2>&1 >/dev/null
fi
}
transmission_try_stop() {
. /etc/default/transmission-daemon
if [ $(expr "${BASE_DIR}/" : "${MOUNT_POINT}/") -gt 0 ]; then
sed -r 's/^ENABLE_DAEMON=.*$/ENABLE_DAEMON=0/' < /etc/default/transmission-daemon > /tmp/.transmission-daemon.$$
cat /tmp/.transmission-daemon.$$ > /etc/default/transmission-daemon
rm /tmp/.transmission-daemon.$$
if [ "$(pidof transmission-daemon)" != "" ]; then
killall -9 transmission-daemon 2>&1 >/dev/null
fi
fi
}
logger -t $BASENAME "$@ --> BEGIN"
case "$1" in
add)
transmission_try_start
;;
remove)
transmission_try_stop
;;
*)
echo "Use: $0 (add|remove) /mount/point"
esac
logger -t $BASENAME "$@ --> END"

3869
Kanzlei-Kiel/sbin/ip6t-firewall-gateway Executable file
View File

File diff suppressed because it is too large Load Diff

687
Kanzlei-Kiel/sbin/ipt-firewall-gateway
View File

@ -258,7 +258,10 @@ if [[ ${#nat_network_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
continue continue
fi fi
# - ?? - Don't know which rule is the right one , maybe both..
# -
$ipt -t nat -A POSTROUTING -o ${_val_arr[1]} -d ${_val_arr[0]} -j MASQUERADE $ipt -t nat -A POSTROUTING -o ${_val_arr[1]} -d ${_val_arr[0]} -j MASQUERADE
$ipt -t nat -A POSTROUTING -o ${_val_arr[1]} -s ${_val_arr[0]} -j MASQUERADE
done done
fi fi
@ -607,6 +610,188 @@ done
echo_done # Block IPs / Networks / Interfaces.. echo_done # Block IPs / Networks / Interfaces..
# ---
# - Block IPs/Netwoks reading from file 'ban_ipv4.list'"
# ---
echononl "\tBlock IPs/Netwoks reading from file 'ban_ipv4.list' .."
if [[ -f "${ipt_conf_dir}/ban_ipv4.list" ]] ; then
declare -a octets
declare -i index
while IFS='' read -r _line || [[ -n $_line ]] ; do
is_valid_ipv4=true
is_valid_mask=true
ipv4=""
mask=""
# Ignore comment lines
#
[[ $_line =~ ^[[:space:]]{0,}# ]] && continue
# Ignore blank lines
#
[[ $_line =~ ^[[:space:]]*$ ]] && continue
# Remove leading whitespace characters
#
_line="${_line#"${_line%%[![:space:]]*}"}"
# Catch IPv4 Address
#
given_ipv4="$(echo $_line | cut -d ' ' -f1)"
# Splitt Ipv4 address from possible given CIDR number
#
IFS='/' read -ra _addr <<< "$given_ipv4"
_ipv4="${_addr[0]}"
if [[ -n "${_addr[1]}" ]] ; then
_mask="${_addr[1]}"
test_netmask=false
# Is 'mask' a valid CIDR number? If not, test agains a valid netmask
#
if $(test -z "${_mask##*[!0-9]*}" > /dev/null 2>&1) ; then
# Its not a vaild mask number, but naybe a valit netmask.
#
test_netmask=true
else
if [[ $_mask -gt 32 ]]; then
# Its not a vaild cidr number, but naybe a valit netmask.
#
test_netmask=true
else
# OK, we have a vaild cidr number between '0' and '32'
#
mask=$_mask
fi
fi
# Test if given '_mask' is a valid netmask.
#
if $test_netmask ; then
octets=( ${_mask//\./ } )
# Complete netmask if necessary
#
while [[ ${#octets[@]} -lt 4 ]]; do
octets+=(0)
done
[[ ${#octets[@]} -gt 4 ]] && is_valid_mask=false
index=0
for octet in ${octets[@]} ; do
if [[ ${octet} =~ ^[0-9]{1,3}$ ]] ; then
if [[ $octet -gt 255 ]] ; then
is_valid_mask=false
fi
if [[ $index -gt 0 ]] ; then
mask="${mask}.${octet}"
else
mask="${octet}"
fi
else
is_valid_mask=false
fi
((index++))
done
fi
adjust_mask=false
else
mask=32
adjust_mask=true
fi
# Splitt given address into their octets
#
octets=( ${_ipv4//\./ } )
# Complete IPv4 address if necessary
#
while [[ ${#octets[@]} -lt 4 ]]; do
octets+=(0)
# Only adjust CIDR number if not given
#
if $adjust_mask ; then
mask="$(expr $mask - 8)"
fi
done
# Pre-check if given IPv4 Address seems to be a valid address
#
[[ ${#octets[@]} -gt 4 ]] && is_valid_ipv4=false
# Check if given IPv4 Address is a valid address
#
if $is_valid_ipv4 ; then
index=0
for octet in ${octets[@]} ; do
if [[ ${octet} =~ ^[0-9]{1,3}$ ]] ; then
if [[ $octet -gt 255 ]] ; then
is_valid_ipv4=false
fi
if [[ $index -gt 0 ]] ; then
ipv4="${ipv4}.${octet}"
else
ipv4="${octet}"
fi
else
is_valid_ipv4=false
fi
((index++))
done
fi
if $is_valid_ipv4 && $is_valid_mask; then
_ip="${ipv4}/${mask}"
for _dev in ${ext_if_arr[@]} ; do
if $log_blocked_ip || $log_all ; then
$ipt -A INPUT -i $_dev -s $_ip -j LOG --log-prefix "$log_prefix Blocked ${_ip}: " --log-level $log_level
if $kernel_activate_forwarding ; then
$ipt -A FORWARD -i $_dev -s $_ip -j LOG --log-prefix "$log_prefix Blocked ${_ip}: " --log-level $log_level
fi
fi
$ipt -A INPUT -i $_dev -s $_ip -j DROP
if $kernel_activate_forwarding ; then
$ipt -A FORWARD -i $_dev -s $_ip -j DROP
fi
done
else
msg="$msg '${given_ipv4}'"
fi
done < "${ipt_conf_dir}/ban_ipv4.list"
echo_done
if [[ -n "$msg" ]]; then
warn "Ignored:$msg"
fi
else
echo_skipped
fi
# --- # ---
# - Allow Forwarding certain private Addresses # - Allow Forwarding certain private Addresses
# --- # ---
@ -876,6 +1061,23 @@ esac
echo echo
# -------------
# - suricata IPS (Inline Mode)
# -------------
# - HACK for integrating suricata IPS (Inline Mode) at 'gw-ckubu'
# -
echononl "\tForward to suricata IPS (inline Mode)"
if [[ -n "$(ps ax | grep "/usr/bin/suricata" 2>/dev/null | grep -v grep 2> /dev/null | awk '{print$1}')" ]] ; then
$ipt -A FORWARD -m mark ! --mark 0x1/0x1 -j NFQUEUE --queue-balance 0:3
echo_done
else
echo_skipped
fi
echo
# ------------- # -------------
# --- iPerf # --- iPerf
# ------------- # -------------
@ -1459,6 +1661,7 @@ fi
# --- # ---
# - Allow local ip address from given local interface # - Allow local ip address from given local interface
# --- # ---
@ -1491,6 +1694,126 @@ fi
# ---
# - Allow extern service from given local interface
# ---
echononl "\tAllow extern service from given local interface"
if [[ ${#allow_local_if_to_ext_service_arr[@]} -gt 0 ]] \
&& $kernel_activate_forwarding ; then
for _val in "${allow_local_if_to_ext_service_arr[@]}" ; do
IFS=':' read -a _val_arr <<< "${_val}"
$ipt -A FORWARD -p ${_val_arr[3]} -i ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
# - Note:
# - If (local) alias interfaces like eth1:0 in use, youe need a further
# - special rule.
# -
if $local_alias_interfaces ; then
if [[ "${_val_arr[3]}" = "tcp" ]]; then
$ipt -A FORWARD -p tcp -i ${_val_arr[0]} -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
$ipt -A FORWARD -p tcp -o ${_val_arr[0]} -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
fi
fi
done
echo_done
else
echo_skipped
fi
# ---
# - Allow extern network from given local interface
# ---
echononl "\tAllow extern network from given local interface"
if [[ ${#allow_local_if_to_ext_net_arr[@]} -gt 0 ]] \
&& $kernel_activate_forwarding ; then
for _val in ${allow_local_if_to_ext_net_arr[@]} ; do
IFS=':' read -a _val_arr <<< "${_val}"
$ipt -A FORWARD -p ALL -i ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
# - Note:
# - If (local) alias interfaces like eth1:0 in use, youe need a further
# - special rule.
# -
if $local_alias_interfaces ; then
$ipt -A FORWARD -p tcp -i ${_val_arr[0]} -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
$ipt -A FORWARD -p tcp -o ${_val_arr[0]} -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
fi
done
echo_done
else
echo_skipped
fi
# ---
# - Allow extern service from given local network
# ---
echononl "\tAllow extern service from given local network"
if [[ ${#allow_local_net_to_ext_service_arr[@]} -gt 0 ]] \
&& $kernel_activate_forwarding ; then
for _val in "${allow_local_net_to_ext_service_arr[@]}" ; do
IFS=':' read -a _val_arr <<< "${_val}"
$ipt -A FORWARD -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
# - Note:
# - If (local) alias interfaces like eth1:0 in use, youe need a further
# - special rule.
# -
if $local_alias_interfaces ; then
if [[ "${_val_arr[3]}" = "tcp" ]]; then
$ipt -A FORWARD -p tcp -d ${_val_arr[1]} --dport ${_val_arr[2]} --tcp-flag ACK ACK -j ACCEPT
$ipt -A FORWARD -p tcp -s ${_val_arr[1]} --sport ${_val_arr[2]} --tcp-flag ACK ACK -j ACCEPT
fi
fi
done
echo_done
else
echo_skipped
fi
# ---
# - Allow extern network from given local network
# ---
echononl "\tAllow extern network from given local network"
if [[ ${#allow_local_net_to_ext_net_arr[@]} -gt 0 ]] \
&& $kernel_activate_forwarding ; then
for _val in ${allow_local_net_to_ext_net_arr[@]} ; do
IFS=':' read -a _val_arr <<< "${_val}"
$ipt -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
# - Note:
# - If (local) alias interfaces like eth1:0 in use, youe need a further
# - special rule.
# -
if $local_alias_interfaces ; then
$ipt -A FORWARD -p tcp -d ${_val_arr[1]} -s ${_val_arr[0]} --tcp-flag ACK ACK -j ACCEPT
$ipt -A FORWARD -p tcp -d ${_val_arr[0]} -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
fi
done
echo_done
else
echo_skipped
fi
# --- # ---
# - Separate local networks # - Separate local networks
# --- # ---
@ -1622,8 +1945,8 @@ echononl "\t\tLocal DHCP Client"
if [[ ${#dhcp_client_interfaces_arr[@]} -gt 0 ]] ; then if [[ ${#dhcp_client_interfaces_arr[@]} -gt 0 ]] ; then
for _dev in ${dhcp_client_interfaces_arr[@]} ; do for _dev in ${dhcp_client_interfaces_arr[@]} ; do
$ip6t -A OUTPUT -o $_dev -p udp -m udp -d 255.255.255.255 --dport 67 -j ACCEPT $ipt -A OUTPUT -o $_dev -p udp -m udp -d 255.255.255.255 --dport 67 -j ACCEPT
$ip6t -A INPUT -i $_dev -p udp -m udp --dport 68 -j ACCEPT $ipt -A INPUT -i $_dev -p udp -m udp --dport 68 -j ACCEPT
done done
echo_done echo_done
@ -2455,6 +2778,12 @@ else
fi fi
# ---
# - FTP common
# ---
ftp_helper_output_defined=false
ftp_helper_prerouting_defined=false
# --- # ---
# - FTP out only # - FTP out only
# --- # ---
@ -2462,20 +2791,116 @@ fi
echononl "\t\tFTP out only" echononl "\t\tFTP out only"
if $allow_ftp_request_out ; then if $allow_ftp_request_out ; then
# - Used for different ftpdata recent lists 'ftpdata_$i'
# -
declare -i i=1
if ! $ftp_helper_output_defined ; then
$ipt -A OUTPUT -t raw -p tcp --dport 21 -j CT --helper ftp
ftp_helper_output_defined=true
fi
if $kernel_activate_forwarding && ! $ftp_helper_prerouting_defined ; then
$ipt -A PREROUTING -t raw -p tcp --dport 21 -j CT --helper ftp
ftp_helper_prerouting_defined=true
fi
for _dev in ${ext_if_arr[@]} ; do for _dev in ${ext_if_arr[@]} ; do
$ipt -A OUTPUT -o $_dev -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT
$ipt -A OUTPUT -o $_dev -p tcp --sport $unprivports --dport $unprivports -m conntrack --ctstate NEW -j ACCEPT # - Open FTP connection and add the destination ip (--rdest) to ftpdata recent list 'ftpdata_$i'.
# -
$ipt -A OUTPUT -o $_dev -p tcp --dport 21 -m state --state NEW -m recent --name ftpdata_$i --rdest --set -j ACCEPT
# - (2)
# - - Accept packets if the destination ip-address (--rdest) is in the 'ftpdata_$i' list (--update)
# - and the destination ip-address was seen within the last 1800 seconds (--seconds 1800).
# -
# - - If matched, the "last seen" timestamp of the destination address will be updated (--update).
# -
# - - Entries in the ftpdata list not seen in the last 1800 will be removed (--reap).
# -
$ipt -A OUTPUT -o $_dev -p tcp -m state --state NEW --dport 1024: \
-m recent --name ftpdata_$i --rdest --update --seconds 1800 --reap -j ACCEPT
((i++))
# - Accept (helper ftp) related connections
# -
$ipt -A OUTPUT -m conntrack --ctstate RELATED -m helper --helper ftp -o $_dev -p tcp --dport 1024: -j ACCEPT
$ipt -A INPUT -m conntrack --ctstate RELATED -m helper --helper ftp -i $_dev -p tcp --dport 1024: -j ACCEPT
if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
$ipt -A FORWARD -o $_dev -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT
$ipt -A FORWARD -o $_dev -p tcp --sport $unprivports --dport $unprivports -m conntrack --ctstate NEW -j ACCEPT # =====
# -
# - ip_conntrack_ftp cannot see the TLS-encrypted traffic
# - ======================================================
# -
# - Workaround:
# - (1) add (!) desitnatin ip to a 'recent list' named 'ftpdata_$i! if ftp control connections appear
# - (2) accept packets of the formaly created recent list 'ftpdata_$i!
# -
# - Note:
# - Use flag '--rdest' to match destination address
# -
# =====
# - (1)
# -
# - Open FTP connection and add the destination ip (--rdest) to ftpdata recent list 'ftpdata_$i'.
# -
$ipt -A FORWARD -o $_dev -p tcp --dport 21 -m state --state NEW \
-m recent --name ftpdata_$i --rdest --set -j ACCEPT
# - (2)
# - - Accept packets if the destination ip-address (--rdest) is in the 'ftpdata_$i' list (--update)
# - and the destination ip-address was seen within the last 1800 seconds (--seconds 1800).
# -
# - - If matched, the "last seen" timestamp of the destination address will be updated (--update).
# -
# - - Entries in the ftpdata list not seen in the last 1800 will be removed (--reap).
# -
$ipt -A FORWARD -o $_dev -p tcp -m state --state NEW --dport 1024: \
-m recent --name ftpdata_$i --rdest --update --seconds 1800 --reap -j ACCEPT
((i++))
# - Accept (helper ftp) related connections
# -
$ipt -A FORWARD -m conntrack --ctstate RELATED -m helper --helper ftp -o $_dev -p tcp --dport 1024: -j ACCEPT
$ipt -A FORWARD -m conntrack --ctstate RELATED -m helper --helper ftp -i $_dev -p tcp --dport 1024: -j ACCEPT
fi fi
done done
echo_done echo_done
else else
echo_done echo_skipped
fi fi
#if $allow_ftp_request_out ; then
# for _dev in ${ext_if_arr[@]} ; do
# $ipt -A OUTPUT -o $_dev -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT
# $ipt -A OUTPUT -o $_dev -p tcp --sport $unprivports --dport $unprivports -m conntrack --ctstate NEW -j ACCEPT
# # - Allow active FTP connections from local network
# # -
# $ipt -A INPUT -i $_dev -p tcp --sport 20 -m conntrack --ctstate NEW -j ACCEPT
# if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
# $ipt -A FORWARD -o $_dev -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT
# $ipt -A FORWARD -o $_dev -p tcp --sport $unprivports --dport $unprivports -m conntrack --ctstate NEW -j ACCEPT
# fi
# # - Allow active FTP connections from local network
# # -
# $ipt -A FORWARD -i $_dev -p tcp --sport 20 -m conntrack --ctstate NEW -j ACCEPT
# done
#
# echo_done
#else
# echo_done
#fi
# --- # ---
# - FTP Service Gateway # - FTP Service Gateway
@ -2484,7 +2909,50 @@ fi
echononl "\t\tFTP Service Gateway" echononl "\t\tFTP Service Gateway"
if $local_ftp_service ; then if $local_ftp_service ; then
$ipt -A INPUT -p tcp --dport $standard_ftp_port --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
# =====
# -
# - ip_conntrack_ftp cannot see the TLS-encrypted traffic
# - ======================================================
# -
# - Workaround:
# - (1) add source ip to a 'recent list' named 'ftpservice! if ftp control connections appear
# - (2) accept packets of the formaly created recent list 'ftpservice!
# -
# =====
# - (Re)define helper
# -
# - !! Note: !!
# - for both, local FTP server (ftp_server_ip_arr)
# - and forward to (extern) FTP server (forward_ftp_server_ip_arr)
# -
if ! $ftp_helper_prerouting_defined ; then
$ipt -A PREROUTING -t raw -p tcp --dport 21 -j CT --helper ftp
ftp_helper_prerouting_defined=true
fi
# - (1)
# -
# - Accept initial FTP connection and add the source ip to ftpdata recent list 'ftpservice'.
# -
$ipt -A INPUT -p tcp -m state --state NEW --dport 21 -m recent --name ftpservice --set -j ACCEPT
# - (2)
# - - Accept packets if the source ip-address is in the 'ftpservice' list (--update) and the
# - source ip-address was seen within the last 1800 seconds (--seconds 1800).
# -
# - - If matched, the "last seen" timestamp of the source address will be updated (--update).
# -
# - - Entries in the ftpdata list not seen in the last 1800 will be removed (--reap).
# -
$ipt -A INPUT -p tcp -m state --state NEW --sport 1024: --dport $ftp_passive_port_range \
-m recent --name ftpservice --update --seconds 1800 --reap -j ACCEPT
# - Accept (helper ftp) related connections
# -
$ipt -A INPUT -m conntrack --ctstate RELATED -m helper --helper ftp -p tcp --dport 1024: -j ACCEPT
echo_done echo_done
else else
echo_skipped echo_skipped
@ -2496,32 +2964,100 @@ fi
# --- # ---
echononl "\t\tFTP Service local Networks" echononl "\t\tFTP Service local Networks"
if [[ ${#ftp_server_only_local_ip_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then if [[ ${#ftp_server_only_local_ip_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
# - Used for different ftpdata recent lists 'ftpdata_local_$k'
# -
declare -i k=1
# - (Re)define helper
# -
if ! $ftp_helper_output_defined ; then
$ipt -A OUTPUT -t raw -p tcp --dport 21 -j CT --helper ftp
ftp_helper_output_defined=true
fi
if $kernel_activate_forwarding && ! $permit_between_local_networks && ! $ftp_helper_prerouting_defined ; then
$ipt -A PREROUTING -t raw -p tcp --dport 21 -j CT --helper ftp
ftp_helper_prerouting_defined=true
fi
for _ip in ${ftp_server_only_local_ip_arr[@]} ; do for _ip in ${ftp_server_only_local_ip_arr[@]} ; do
$ipt -A OUTPUT -p tcp -d $_ip --dport 21 --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
if ! $permit_between_local_networks ; then # - (1)
$ipt -A FORWARD -p tcp -d $_ip --dport 21 --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT # -
# - Open FTP connection and add the destination ip (--rdest) to ftpdata recent list 'ftpdata_$i'.
# -
$ipt -A OUTPUT -p tcp -d $_ip --dport 21 --sport 1024: -m state --state NEW \
-m recent --name ftpdata_local_$k --rdest --set -j ACCEPT
$ipt -A FORWARD -d $_ip -p tcp --dport 21 -m state --state NEW \
-m recent --name ftpdata_local_$k --rdest --set -j ACCEPT
# - (2)
# - - Accept packets if the destination ip-address (--rdest) is in the 'ftpdata_$i' list (--update)
# - and the destination ip-address was seen within the last 1800 seconds (--seconds 1800).
# -
# - - If matched, the "last seen" timestamp of the destination address will be updated (--update).
# -
# - - Entries in the ftpdata list not seen in the last 1800 will be removed (--reap).
# -
$ipt -A OUTPUT -d $_ip -p tcp -m state --state NEW --dport 1024: \
-m recent --name ftpdata_local_$k --rdest --update --seconds 1800 --reap -j ACCEPT
if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
$ipt -A FORWARD -d $_ip -p tcp -m state --state NEW --dport 1024: \
-m recent --name ftpdata_local_$k --rdest --update --seconds 1800 --reap -j ACCEPT
fi fi
if $local_alias_interfaces ; then ((k++))
# - Control Port
$ipt -A FORWARD -p tcp -d $_ip --dport 21 --tcp-flag ACK ACK -j ACCEPT # - Accept (helper ftp) related connections
$ipt -A FORWARD -p tcp -s $_ip --sport 21 --tcp-flag ACK ACK -j ACCEPT # -
# - Data Port activ $ipt -A OUTPUT -m conntrack --ctstate RELATED -m helper --helper ftp -o $_dev -p tcp --dport 1024: -j ACCEPT
$ipt -A FORWARD -p tcp -d $_ip --dport 20 --tcp-flag ACK ACK -j ACCEPT $ipt -A INPUT -m conntrack --ctstate RELATED -m helper --helper ftp -i $_dev -p tcp --dport 1024: -j ACCEPT
$ipt -A FORWARD -p tcp -s $_ip --sport 20 --tcp-flag ACK ACK -j ACCEPT
# - Data Port passiv if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
$ipt -A FORWARD -p tcp -d $_ip --sport $unprivports --dport $unprivports --tcp-flag ACK ACK -j ACCEPT $ipt -A FORWARD -m conntrack --ctstate RELATED -m helper --helper ftp -p tcp -d $_ip --dport 1024: -j ACCEPT
$ipt -A FORWARD -m conntrack --ctstate RELATED -m helper --helper ftp -p tcp -s $_ip --dport 1024: -j ACCEPT
fi fi
done done
echo_done echo_done
else else
echo_skipped echo_skipped
fi fi
#echononl "\t\tFTP Service local Networks"
#if [[ ${#ftp_server_only_local_ip_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
# for _ip in ${ftp_server_only_local_ip_arr[@]} ; do
# $ipt -A OUTPUT -p tcp -d $_ip --dport 21 --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
#
# if ! $permit_between_local_networks ; then
# $ipt -A FORWARD -p tcp -d $_ip --dport 21 --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
# fi
#
# if $local_alias_interfaces ; then
# # - Control Port
# $ipt -A FORWARD -p tcp -d $_ip --dport 21 --tcp-flag ACK ACK -j ACCEPT
# $ipt -A FORWARD -p tcp -s $_ip --sport 21 --tcp-flag ACK ACK -j ACCEPT
# # - Data Port activ
# $ipt -A FORWARD -p tcp -d $_ip --dport 20 --tcp-flag ACK ACK -j ACCEPT
# $ipt -A FORWARD -p tcp -s $_ip --sport 20 --tcp-flag ACK ACK -j ACCEPT
# # - Data Port passiv
# $ipt -A FORWARD -p tcp -d $_ip --sport $unprivports --dport $unprivports --tcp-flag ACK ACK -j ACCEPT
# fi
# done
#
# echo_done
#else
# echo_skipped
#fi
# --- # ---
# - FTP Services DMZ # - FTP Services DMZ
# --- # ---
@ -2627,6 +3163,38 @@ else
fi fi
# ---
# - Samba Service only out
# ---
echononl "\t\tSamba Service only out"
if $allow_samba_requests_out && ! $permit_local_net_to_inet ; then
for _dev in ${ext_if_arr[@]} ; do
for _port in ${samba_udp_ports[@]} ; do
$ipt -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
done
for _port in ${samba_tcp_ports[@]} ; do
$ipt -A OUTPUT -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
done
if $kernel_activate_forwarding ; then
for _port in ${samba_udp_ports[@]} ; do
$ipt -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
done
for _port in ${samba_tcp_ports[@]} ; do
$ipt -A FORWARD -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
done
fi
done
echo_done
else
echo_skipped
fi
# --- # ---
# - Samba Service Gateway (only for local Networks) # - Samba Service Gateway (only for local Networks)
@ -3233,6 +3801,52 @@ else
fi fi
# ---
# - Special TCP Ports OUT
# ---
echononl "\t\tSpecial TCP Ports OUT"
if [[ ${#tcp_out_port_arr[@]} -gt 0 ]] ; then
for _dev in ${ext_if_arr[@]} ; do
for _port in ${tcp_out_port_arr[@]} ; do
$ipt -A OUTPUT -o $_dev -p tcp --dport $_port -m state --state NEW -j ACCEPT
if $kernel_activate_forwarding ; then
$ipt -A FORWARD -o $_dev -p tcp --dport $_port -m state --state NEW -j ACCEPT
fi
done
done
echo_done
else
echo_skipped
fi
# ---
# - Special UDP Ports OUT
# ---
echononl "\t\tSpecial UDP Ports OUT"
if [[ ${#udp_out_port_arr[@]} -gt 0 ]] ; then
for _dev in ${ext_if_arr[@]} ; do
for _port in ${udp_out_port_arr[@]} ; do
$ipt -A OUTPUT -o $_dev -p udp --dport $_port -m state --state NEW -j ACCEPT
if $kernel_activate_forwarding ; then
$ipt -A FORWARD -o $_dev -p udp --dport $_port -m state --state NEW -j ACCEPT
fi
done
done
echo_done
else
echo_skipped
fi
# --- # ---
# - Other local Services # - Other local Services
# --- # ---
@ -3363,12 +3977,14 @@ if [[ ${#pcns_server_ip_arr[@]} -gt 0 ]] && [[ -n "$usv_ip" ]] ; then
for _ip in ${pcns_server_ip_arr[@]} ; do for _ip in ${pcns_server_ip_arr[@]} ; do
if containsElement "$_ip" "${gateway_ipv4_address_arr[@]}" ; then if containsElement "$_ip" "${gateway_ipv4_address_arr[@]}" ; then
$ipt -A OUTPUT -p tcp -s $_ip -d $usv_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
$ipt -A INPUT -p tcp -s $usv_ip --dport $pcns_tcp_port -m conntrack --ctstate NEW -j ACCEPT $ipt -A INPUT -p tcp -s $usv_ip --dport $pcns_tcp_port -m conntrack --ctstate NEW -j ACCEPT
$ipt -A INPUT -p udp -s $usv_ip --dport $pcns_udp_port -m conntrack --ctstate NEW -j ACCEPT $ipt -A INPUT -p udp -s $usv_ip --dport $pcns_udp_port -m conntrack --ctstate NEW -j ACCEPT
$ipt -A INPUT -p tcp --dport $pcns_web_port -m conntrack --ctstate NEW -j ACCEPT $ipt -A INPUT -p tcp --dport $pcns_web_port -m conntrack --ctstate NEW -j ACCEPT
fi fi
if $kernel_activate_forwarding && ! $permit_between_local_networks ; then if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
$ipt -A FORWARD -p tcp -s $_ip -d $usv_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
$ipt -A FORWARD -p tcp -s $usv_ip -d $_ip --dport $pcns_tcp_port -m conntrack --ctstate NEW -j ACCEPT $ipt -A FORWARD -p tcp -s $usv_ip -d $_ip --dport $pcns_tcp_port -m conntrack --ctstate NEW -j ACCEPT
$ipt -A FORWARD -p udp -s $usv_ip -d $_ip --dport $pcns_udp_port -m conntrack --ctstate NEW -j ACCEPT $ipt -A FORWARD -p udp -s $usv_ip -d $_ip --dport $pcns_udp_port -m conntrack --ctstate NEW -j ACCEPT
$ipt -A FORWARD -p tcp -d $_ip --dport $pcns_web_port -m conntrack --ctstate NEW -j ACCEPT $ipt -A FORWARD -p tcp -d $_ip --dport $pcns_web_port -m conntrack --ctstate NEW -j ACCEPT
@ -3388,11 +4004,11 @@ fi
# --- # ---
# - Ubiquiti Unifi Controler (Accesspoints) Gateway # - Ubiquiti Unifi Controller Gateway
# --- # ---
echononl "\t\tUbiquiti Unifi Controler (Accesspoints) Gateway" echononl "\t\tUbiquiti Unifi Controller Gateway"
if $local_unifi_controller_service ; then if $local_unifi_controller_service ; then
for _dev in ${local_if_arr[@]} ; do for _dev in ${local_if_arr[@]} ; do
$ipt -A INPUT -p udp -i $_dev -m multiport --dports $unify_broadcast_udp_ports -m conntrack --ctstate NEW -j ACCEPT $ipt -A INPUT -p udp -i $_dev -m multiport --dports $unify_broadcast_udp_ports -m conntrack --ctstate NEW -j ACCEPT
@ -3407,11 +4023,32 @@ else
fi fi
echononl "\t\tUbiquiti Unifi Controller Gateway - STUN to Unifi APs"
if $local_unifi_controller_service ; then
if [[ ${#unifi_ap_local_ip_arr[@]} -gt 0 ]] ; then
for _ip_ap in ${unifi_ap_local_ip_arr[@]} ; do
$ipt -A OUTPUT -p udp -d $_ip_ap -m multiport --sports $unify_udp_ports -m conntrack --ctstate NEW -j ACCEPT
done
echo_done
else
echo_skipped
warn "Local Unifi Controller is defined, but no Unifi APs!"
fi
else
echo_skipped
fi
# --- # ---
# - Ubiquiti Unifi Controler (Accesspoints) local Network # - Ubiquiti Unifi Controller local Network
# --- # ---
echononl "\t\tUbiquiti Unifi Controler (Accesspoints) local Network" echononl "\t\tUbiquiti Unifi Controller local Network"
if [[ ${#unify_controller_local_net_ip_arr[@]} -gt 0 ]] \ if [[ ${#unify_controller_local_net_ip_arr[@]} -gt 0 ]] \
&& $kernel_activate_forwarding \ && $kernel_activate_forwarding \
&& ! $permit_between_local_networks ; then && ! $permit_between_local_networks ; then

23
Kanzlei-Kiel/sbin/synctime Executable file
View File

@ -0,0 +1,23 @@
#!/bin/bash
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
NOW=$(date +%s)
INTERVAL=$[ 8 * 60 * 60 ] # 8 hs
CONTROL=/tmp/.lastSyncTime
sync_time() {
ntpdate-debian -s || exit 1
hwclock --systohc || exit 1
touch ${CONTROL}
}
[ ! -f ${CONTROL} ] && sync_time && exit 0
SYNCRONIZED=$(stat -c %Y ${CONTROL})
SECONDS=$[ ${NOW} - ${SYNCRONIZED} ]
[ ${SECONDS} -gt ${INTERVAL} ] && sync_time && exit 0
[ ${SECONDS} -lt 0 ] && sync_time && exit 0
exit 0

8
Kanzlei-Kiel/sbin/tmpsize Executable file
View File

@ -0,0 +1,8 @@
#!/bin/bash
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
mount -t tmpfs | cut -d' ' -f3 | \
while read MOUNT_POINT; do
mount -o remount,size=30M ${MOUNT_POINT}
done

5
Kanzlei-Kiel/sbin/usb-leds-on-off Executable file
View File

@ -0,0 +1,5 @@
#!/bin/bash
[ -e "/sys/class/leds/alix:${2}/brightness" ] && {
/bin/echo ${1} > "/sys/class/leds/alix:${2}/brightness"
}

1
Kanzlei-Kiel/src/Kanzlei-Kiel/src/openvpn Submodule

@ -0,0 +1 @@
Subproject commit 800d7e25a3e9bb0f76133148495a670a201ac905

376
Kanzlei-Kiel/src/djbdns/djbdns-1.05/CHANGES Normal file
View File

@ -0,0 +1,376 @@
19991129
version: dnscache 0.50, alpha. not released yet.
19991223
version: dnscache 0.60, alpha.
19991224
internal: dns_sortip() takes length argument.
api: dns_ip4() sorts output. currently this means just random.
api: added socket_bind4_reuse(). removed reuse from bind4().
ui: used bind4_reuse() for port 53, bind4() otherwise.
internal: eliminated some unused variables.
internal: prototypes in cdb.h, cdbmake.h, cdbmss.h.
internal: prototypes in case.h, env.h, fmt.h, scan.h, str.h.
internal: prototypes in stralloc.h.
internal: prototypes in error.h, strerr.h.
internal: prototypes in ndelay.h, open.h, seek.h.
internal: prototypes in sgetopt.h, subgetopt.h.
internal: prototypes in tai.h, taia.h.
internal: added some missing declarations.
bug: query.c checked void response_finishanswer() return code.
impact: cached responses were dropped on systems that
didn't follow the traditional C return behavior. fix:
obvious. tnx Giles Lean.
internal: switched from taia_addsec() to taia_uint().
api: switched to uint16 for socket_* port numbers.
internal: integrated uint16_pack() and friends.
ui: dnscache allows (recursive) queries from port 53.
ui: dnscache has 10-second idle timer on TCP read/write.
ui: dnscache limits itself to 20 concurrent TCP connections.
internal: moved dns_domain_fromdot() to separate file.
ui: supported \X, \1, \12, \123 in dns_domain_fromdot().
ui: supported \123 in dns_domain_todot_append().
version: dnscache 0.61, alpha.
19991230
api: added dns_ip4_qualify().
api: added dns_resolvconfrewrite().
ui: added dnsipq.
api: dns_ip4() checks for (strings of) IP addresses.
20000106
port: Solaris needs /dev/udp, not just /dev/tcp. impact:
dnscache and tinydns would stop immediately under
Solaris. fix: create /dev/udp in configure; and have
tinydns create socket before chroot. tnx Louis Theran.
internal: moved dns_name4_domain() to dns_nd.c.
ui: tinydns no longer excludes screwy queries from its log.
internal: moved respond() to tdlookup.c under new name.
ui: added tinydns-get.
ui: rewrote tinydns-data for new data format.
internal: expanded rts to cover tinydns-data using tinydns-get.
20000107
ui: tinydns-data allows arbitrary case in domain names.
ui: dnscache supports preconfigured servers for non-root
domains.
ui: dnscache uses textual addresses for preconfigured servers.
20000108
ui: tinydns-data excludes the additional and authority sections
if doing so helps meet the 512-byte UDP limit.
version: dnscache 0.70, beta.
20000114
internal: in log.c, ulong() now prints a uint64.
internal: added cache_motion, query_count, log_stats.
ui: dnscache now prints queries/motion stats after typical
response packets.
20000115
internal: added droproot.c. used in tinydns and dnscache.
internal: moved tinydns log() to qlog.c under new name.
ui: added walldns, configure-wd.
ui: configure-td now creates an empty root/data.
ui: added tinydns-edit.
ui: configure-td now sets up root/add-{ns,childns,host,mx}.
20000116
ui: renamed configure* as *-conf.
ui: added axfrdns, axfrdns-conf.
ui: added axfr-get.
ui: dnscache-conf 10.* or 192.168.* now sets IPSEND=0.0.0.0.
20000117
ui: added pickdns, pickdns-conf, pickdns-data.
version: dnscache 0.75, beta.
20000118
internal: address* -> address_* in pickdns-data.c.
internal: start writing cdb earlier in pickdns-data.c.
internal: keep track of namelen in pickdns-data.c.
ui: added client-location variability to pickdns, pickdns-data.
ui: qlog logs short packets.
ui: qlog logs header if RD or other unusual bits are set.
ui: qlog logs non-Internet classes.
api: dns_domain_todot_append() -> dns_domain_todot_cat().
ui: axfr-get prints A records more nicely. tnx Russ Nelson.
ui: tinydns, pickdns, and walldns respond REFUSED to multiple
queries, strange classes, and strange header bits.
pickdns and walldns also respond REFUSED to unrecognized
domain names.
20000120
ui: dns_resolvconfip() and dns_resolvconfrewrite() reread after
10 minutes or 10000 uses.
ui: dns_resolvconfrewrite() treats "domain" like "search".
ui: dns_resolvconfrewrite() supports $LOCALDOMAIN.
ui: dns_resolvconfrewrite() supports gethostname().
api: dns_ip4_qualify() -> dns_ip4_qualify_rules(). new function
under the old name uses dns_resolvconfrewrite().
internal: cleaned up log.h.
20000121
port: the gcc 2.95.2 -O2 optimizer can destroy parameters in a
function that calls another function with a long long
argument. impact: gcc 2.95.2 kills dnscache in
log_query(). fix: pass log_stats() inputs by reference,
and pass uint64's through a variable inside log.c.
internal: introduced x_* in axfr-get.
internal: more format verification in axfr-get.
ui: minimal Z support in tinydns-data.
ui: axfr-get prints Z lines.
ui: juggled axfr-get to support BIND 8's many-answers option.
ui: axfr-get prints common characters readably rather than in
octal. tnx Karsten Thygesen.
ui: install copies VERSION into .../etc.
20000122
ui: dns_domain_todot_cat() now lowercases everything.
internal: split printrecord.c out of tinydns-get.
ui: added dnstrace.
20000123
version: dnscache 0.76, beta.
20000124
port: Solaris needs socket libraries for dnstrace. impact:
couldn't compile under Solaris. fix: use socket.lib.
tnx Karsten Thygesen.
20000126
ui: dns_resolvconfip() supports $DNSCACHEIP.
ui: changed tinydns-get arg order.
internal: split printpacket.c out of tinydns-get.
ui: added dnsquery.
internal: merged case.a, fs.a, str.a, uint.a, ip4.a into byte.a.
internal: merged strerr.a into buffer.a.
internal: merged stralloc.a, getln.a into alloc.a.
internal: merged error.a, open.a, seek.a, ndelay.a, socket.a
into unix.a.
internal: used catulong in axfr-get.c.
ui: packet-parsing errors produce error_proto.
ui: axfr-get goes out of its way to reject wildcards.
internal: introduced generic-conf.c.
internal: upgraded timeoutread and timeoutwrite to iopause.
20000127
ui: revamped details of the log formats.
ui: full Z support in tinydns-data.
ui: axfr-get accepts authority records and additional records.
ui: axfrdns tries to imitate BIND's handling of glue.
internal: expanded rts to try out the servers and *-conf.
ui: added rbldns.
20000128
ui: increased MAXNS to 16 in query.h.
20000129
version: DNScache 0.80, beta.
20000205
ui: tinydns-data supports ^, for the benefit of people stuck
behind reverse CNAMEs. tnx Petr Novotny.
20000206
ui: rbldns supports $.
ui: tinydns-data supports C. CNAME is overridden by NS; CNAME
overrides other records; no multiple CNAMEs.
ui: axfr-get supports C.
ui: axfr-get no longer rejects wildcards, except for NS.
internal: eliminated flagempty from tinydns-data.
internal: cleaned up delegation/NXDOMAIN loops in tinydns-data.
internal: reorganized packet_start interface in tinydns-data.
ui: tinydns-data supports BIND-style wildcards, except for NS.
version: DNScache 0.81, beta.
20000207
ui: renamed dnsquery as dnsq, to eliminate name conflict with
Beecher dnsquery program. tnx Anand Buddhdev.
20000208
ui: tinydns-edit supports add alias.
ui: tinydns-conf sets up root/add-alias.
20000209
ui: dnscache-conf now sets IPSEND=0.0.0.0 in all cases.
ui: dnsq and dnstrace allow server names.
ui: dnsq and dnstrace allow type names.
20000210
internal: response_tc() reduces len, simplifying udprespond().
ui: response_tc() now truncates immediately after query. this
should work around the Squid parsing bug reported by
Stuart Henderson.
20000211
ui: tinydns-get allows type names.
ui: tinydns-data prints query name for >512 error. tnx Uwe Ohse.
version: DNScache 0.82, beta.
20000212
ui: dns_transmit starts with loop 1 for recursive queries.
ui: dnscache tries to allocate 128K of incoming UDP buffer
space. tnx Jeremy Hansen.
20000213
ui: tinydns tries to allocate 64K of incoming UDP buffer space.
internal: renamed response_*answer as response_r*.
internal: expanded response_rfinish to allow au and ar.
internal: expanded response_rstart to allow any ttl.
internal: rewrote tinydns-data, tinydns, tinydns-get, axfrdns
for compact new data.cdb format. a few ui effects: empty
nodes produce NXDOMAIN; wildcards affect empty nodes.
ui: response_addname() tries more extensive compression.
20000215
ui: tinydns-edit takes fn arguments. tnx Jason R. Mastaler.
20000218
internal: upgraded to new cdb library.
internal: added globalip().
ui: dnscache assigns IP addresses to dotted-decimal domain
names in canonical form.
internal: merged handling of C and ^ in tinydns-data.
port: FreeBSD 3.4-RELEASE poll() doesn't think that regular
files are readable. impact: under FreeBSD 3.4-RELEASE,
dnsfilter hangs waiting to read from regular files. tnx
Kenji Rikitake. fix: check for this bug in trypoll.c.
20000219
ui: tinydns-data supports time-to-die.
ui: changed home directory from /usr/local/dnscache to
/usr/local; moved @ from home/etc to home/etc/dnscache.
internal: reorganized response.c.
20000220
ui: tinydns-data allows omitted numeric fields in Z lines. tnx
Timothy L. Mayo.
version: DNScache 0.85, beta.
20000222
ui: dns_transmit_get() pauses after server failure, if udploop
is 2.
internal: sped up name handling in response.c.
20000223
ui: dnscache ignores some garbage in queries: AA, !RD, RA, Z,
RCODE, AN, AU, AR. (note that responses still say RD.)
this allows bogus queries from Ultrix versions of BIND.
internal: split dd.c out of query.c.
internal: split server.c out of tinydns.
internal: rewrote walldns, pickdns, rbldns to use server.c.
ui: server.c allows some garbage in queries: RA, Z, RCODE, AN,
AU, AR.
ui: axfrdns logs packets.
ui: walldns supports dotted-decimal IP addresses.
20000224
ui: revamped qlog, again.
ui: better error message in dnscache-conf.c. tnx Chris Johnson.
20000225
version: DNScache 0.90, gamma.
20000226
internal: dnscache-conf sets up dnscache/run to avoid env. tnx
Chris Cappuccio.
20000227
ui: tinydns-data uses server name instead of a.ns.domain for
automatic primary in SOA. tnx Frank Tegtmeyer.
20000228
bug: axfrdns doesn't set aa bit in responses. impact: named-xfer
refuses to do zone transfers from axfrdns. fix: set aa
bit. tnx Peter Hunter.
ui: server.c now accepts packets from low ports. sigh.
20000229
version: DNScache 0.91, gamma.
20000307
internal: switched from slurp to openreadclose.
20000308
ui: dns_transmit_get() pauses after recv() failure (such as
connection-refused), if udploop is 2.
ui: tinydns-data uses refresh 16384, retry 2048, expire 1048576.
tnx Frank Tegtmeyer.
version: DNScache 0.92, gamma.
20000314
portability problem: the poll() emulation in RedHat 5.1 doesn't
clear revents when select() returns 0. tnx Petr Novotny.
impact: dns_transmit_get() never times out;
dns_resolve() busy-loops. fix: clear revents before
poll().
20000315
ui: axfr-get grabs zones when serials drop. tnx Frank Tegtmeyer.
version: DNScache 0.93, gamma.
20000323
ui: dns_rcip() accepts 0.0.0.0 in /etc/resolv.conf as 127.0.0.1.
tnx Chris Saia.
20000325
version: DNScache 1.00.
20000914
ui: axfr-get decodes PTR. tnx to various people.
ui: added dnsqr.
20000915
portability problem: on some buggy kernels, accept() fails to
copy O_NONBLOCK. tnx Pavel Kankovsky. impact: with these
kernels, dnscache hangs if a TCP connection times out.
fix: ndelay_on() after accept().
ui: dnscache discards non-recursive queries.
ui: *-conf use envdir in */run.
internal: reorganized seed_addtime() calls in dnscache-conf.
ui: tinydns-data prohibits PTR in generic records.
20000917
ui: dns_transmit_get() does not pause after most recv() errors.
still pauses after connection-refused when udploop is 2.
version: djbdns 1.01.
20000922
portability problem: Linux distributions use bash as /bin/sh;
bash destroys $UID. dorks. impact: dnscache and axfrdns
run as root. fix: envdir, then sh, then envuidgid. but
/bin/sh really has to stop polluting the environment.
20000923
ui: install /etc/dnsroots.global. dnscache-conf tries
dnsroots.local, then dnsroots.global.
ui: no longer install home/etc/dnscache.
version: djbdns 1.02.
20001224
ui: new dnstrace output format.
ui: dnstrace shows all servers providing each ns/a line.
ui: added dnstracesort.
20001225
internal: response_rstart() and response_cname() use uint32 ttl.
internal: added response_hidettl().
internal: cache_get() returns ttl.
internal: dnscache keeps track of ttls for aliases.
ui: dnscache returns ttl unless $HIDETTL is set.
ui: dnscache returns ttl 655360 for localhost et al.
20001226
ui: dnscache supports $FORWARDONLY. tnx to several people for
the suggestion. tnx Dan Peterson for sample code.
ui: dnscache now logs sequential query numbers, not indices.
internal: revamped dnscache to separate udp from tcp.
ui: dnscache reports uactive, tactive separately.
ui: dnscache reports tcpopen/tcpclose by port and ip.
ui: dnscache artificially times out oldest UDP query if UDP
table is full, and oldest TCP connection if TCP table is
full.
ui: dnscache reports broken pipe when a TCP client sends FIN.
20001228
ui: dnstrace supports dd.
ui: dnscache logs stats when it handles 1.0.0.127.in-addr.arpa.
ui: pickdns actively refuses queries for unknown types.
ui: pickdns responds to MX queries. tnx Mike Batchelor.
internal: added const at various places.
internal: removed some unused variables.
internal: used time_t in tai_now.c.
internal: used stdlib.h in alloc.c.
api: split dns_domain_suffix() into suffix(), suffixpos().
internal: switched to buffer_unix*.
internal: included unistd.h for various declarations.
20010103
ui: increased maximum data size from 512 bytes to 32767 bytes in
tinydns, tinydns-get, axfrdns. allows big TXT records.
ui: dnsmx reformats name when it prints an artificial 0 MX.
20010105
ui: increased MAXLEVEL to 5. the Internet is becoming more
glueless every day.
20010106
version: djbdns 1.03.
20010113
ui: increased MAXALIAS to 16.
ui: dnscache no longer caches SERVFAIL. per-ip is obviously the
way to go.
ui: tinydns et al. now respond FORMERR to non-Internet-class
queries.
ui: tdlookup now returns A records in a random order in the
answer section, and truncates the list after 8 records.
ui: tinydns-data skips lines starting -.
20010114
internal: documented the tinydns data.cdb format.
ui: tinydns-data, tinydns, tinydns-get, axfrdns support client
differentiation.
ui: dnsqr aborts if it is given an extra argument.
20010117
ui: dnstracesort removes duplicate lines.
ui: dnstracesort prints glue.
ui: dnstrace uses a ``start'' IP address for the root glue.
20010121
version: djbdns 1.04.
20010206
internal: response_query() takes a class argument.
internal: query_start() takes a class argument.
internal: packetquery() takes a class argument.
ui: tinydns et al., axfrdns, and dnscache repeat qclass * in
response to bogus * queries. tnx Mike Batchelor.
ui: axfrdns rejects queries for weird classes.
ui: axfrdns uses query ID instead of ID 0 in the series of AXFR
response messages between the SOAs, to support the AXFR
client in BIND 9.
ui: axfrdns sets AA in the series of AXFR response messages.
20010211
ui: servers print starting message.
internal: some respond() declarations.
version: djbdns 1.05.

254
Kanzlei-Kiel/src/djbdns/djbdns-1.05/FILES Normal file
View File

@ -0,0 +1,254 @@
README
TODO
CHANGES
VERSION
FILES
SYSDEPS
TARGETS
Makefile
dnsroots.global
TINYDNS
conf-cc
conf-ld
conf-home
rts.sh
rts.tests
rts.exp
dnscache-conf.c
hasdevtcp.h1
hasdevtcp.h2
dnscache.c
server.c
walldns-conf.c
walldns.c
rbldns-conf.c
rbldns.c
rbldns-data.c
pickdns-conf.c
pickdns.c
pickdns-data.c
dnsipq.c
tinydns-conf.c
tinydns.c
tdlookup.c
tinydns-get.c
tinydns-data.c
tinydns-edit.c
axfrdns-conf.c
axfrdns.c
axfr-get.c
dnsip.c
dnsname.c
dnstxt.c
dnsmx.c
dnsfilter.c
random-ip.c
dnsqr.c
dnsq.c
dnstrace.c
dnstracesort.sh
utime.c
cachetest.c
generic-conf.h
generic-conf.c
dd.h
dd.c
droproot.h
droproot.c
response.h
response.c
query.h
query.c
cache.h
cache.c
log.h
log.c
okclient.h
okclient.c
roots.h
roots.c
qlog.h
qlog.c
printrecord.h
printrecord.c
printpacket.h
printpacket.c
parsetype.h
parsetype.c
dns.h
dns_dfd.c
dns_domain.c
dns_dtda.c
dns_ip.c
dns_ipq.c
dns_mx.c
dns_name.c
dns_nd.c
dns_packet.c
dns_random.c
dns_rcip.c
dns_rcrw.c
dns_resolve.c
dns_sortip.c
dns_transmit.c
dns_txt.c
choose.sh
warn-auto.sh
find-systype.sh
trycpp.c
x86cpuid.c
alloc.c
alloc.h
alloc_re.c
auto-str.c
auto_home.h
buffer.c
buffer.h
buffer_1.c
buffer_2.c
buffer_copy.c
buffer_get.c
buffer_put.c
byte.h
byte_chr.c
byte_copy.c
byte_cr.c
byte_diff.c
byte_zero.c
case.h
case_diffb.c
case_diffs.c
case_lowerb.c
cdb.c
cdb.h
cdb_hash.c
cdb_make.c
cdb_make.h
chkshsgr.c
direntry.h1
direntry.h2
env.c
env.h
error.c
error.h
error_str.c
exit.h
fmt.h
fmt_ulong.c
fmt_xlong.c
gen_alloc.h
gen_allocdefs.h
getln.c
getln.h
getln2.c
hasshsgr.h1
hasshsgr.h2
hier.c
install.c
instcheck.c
iopause.c
iopause.h1
iopause.h2
ip4.h
ip4_fmt.c
ip4_scan.c
ip6.h
ip6_fmt.c
ip6_scan.c
ndelay.h
ndelay_off.c
ndelay_on.c
open.h
open_read.c
open_trunc.c
openreadclose.c
openreadclose.h
prot.c
prot.h
readclose.c
readclose.h
scan.h
scan_0x.c
scan_ulong.c
seek.h
seek_set.c
select.h1
select.h2
sgetopt.c
sgetopt.h
socket.h
socket_accept.c
socket_bind.c
socket_conn.c
socket_listen.c
socket_recv.c
socket_send.c
socket_tcp.c
socket_udp.c
str.h
str_chr.c
str_diff.c
str_len.c
str_rchr.c
str_start.c
stralloc.h
stralloc_cat.c
stralloc_catb.c
stralloc_cats.c
stralloc_copy.c
stralloc_eady.c
stralloc_num.c
stralloc_opyb.c
stralloc_opys.c
stralloc_pend.c
strerr.h
strerr_die.c
strerr_sys.c
subgetopt.c
subgetopt.h
tai.h
tai_add.c
tai_now.c
tai_pack.c
tai_sub.c
tai_uint.c
tai_unpack.c
taia.h
taia_add.c
taia_approx.c
taia_frac.c
taia_less.c
taia_now.c
taia_pack.c
taia_sub.c
taia_tai.c
taia_uint.c
timeoutread.c
timeoutread.h
timeoutwrite.c
timeoutwrite.h
trydrent.c
trylsock.c
trypoll.c
tryshsgr.c
trysysel.c
tryulong32.c
tryulong64.c
uint16.h
uint16_pack.c
uint16_unpack.c
uint32.h1
uint32.h2
uint32_pack.c
uint32_unpack.c
uint64.h1
uint64.h2
warn-shsgr
buffer_read.c
buffer_write.c
dns_nd6.c
socket_udp6.c
socket_getifidx.c
tryn2i.c
haven2i.h1
haven2i.h2

1226
Kanzlei-Kiel/src/djbdns/djbdns-1.05/Makefile Normal file
View File

File diff suppressed because it is too large Load Diff

7
Kanzlei-Kiel/src/djbdns/djbdns-1.05/README Normal file
View File

@ -0,0 +1,7 @@
djbdns 1.05
20010211
Copyright 2001
D. J. Bernstein
djbdns home page: http://cr.yp.to/djbdns.html
Installation instructions: http://cr.yp.to/djbdns/install.html

10
Kanzlei-Kiel/src/djbdns/djbdns-1.05/SYSDEPS Normal file
View File

@ -0,0 +1,10 @@
VERSION
systype
uint32.h
uint64.h
select.h
iopause.h
direntry.h
hasshsgr.h
hasdevtcp.h
socket.lib

241
Kanzlei-Kiel/src/djbdns/djbdns-1.05/TARGETS Normal file
View File

@ -0,0 +1,241 @@
load
compile
systype
hasdevtcp.h
uint32.h
choose
uint64.h
dnscache-conf.o
generic-conf.o
auto-str.o
makelib
buffer.o
buffer_1.o
buffer_2.o
buffer_copy.o
buffer_get.o
buffer_put.o
strerr_die.o
strerr_sys.o
buffer.a
buffer_read.o
buffer_write.o
error.o
error_str.o
ndelay_off.o
ndelay_on.o
open_read.o
open_trunc.o
openreadclose.o
readclose.o
seek_set.o
socket_accept.o
socket_bind.o
socket_conn.o
socket_listen.o
socket_recv.o
socket_send.o
socket_tcp.o
socket_udp.o
unix.a
byte_chr.o
byte_copy.o
byte_cr.o
byte_diff.o
byte_zero.o
case_diffb.o
case_diffs.o
case_lowerb.o
fmt_ulong.o
ip4_fmt.o
ip4_scan.o
scan_ulong.o
str_chr.o
str_diff.o
str_len.o
str_rchr.o
str_start.o
uint16_pack.o
uint16_unpack.o
uint32_pack.o
uint32_unpack.o
byte.a
auto-str
auto_home.c
auto_home.o
tai_add.o
tai_now.o
tai_pack.o
tai_sub.o
tai_uint.o
tai_unpack.o
taia_add.o
taia_approx.o
taia_frac.o
taia_less.o
taia_now.o
taia_pack.o
taia_sub.o
taia_tai.o
taia_uint.o
libtai.a
dnscache-conf
iopause.h
dnscache.o
droproot.o
okclient.o
log.o
cache.o
query.o
response.o
dd.o
direntry.h
roots.o
select.h
iopause.o
chkshsgr.o
chkshsgr
hasshsgr.h
prot.o
dns_dfd.o
dns_domain.o
dns_dtda.o
dns_ip.o
dns_ipq.o
dns_ipq6.o
dns_mx.o
dns_name.o
dns_nd.o
dns_packet.o
dns_random.o
dns_rcip.o
dns_rcrw.o
dns_resolve.o
dns_sortip.o
dns_transmit.o
dns_txt.o
dns.a
env.o
env.a
alloc.o
alloc_re.o
getln.o
getln2.o
stralloc_cat.o
stralloc_catb.o
stralloc_cats.o
stralloc_copy.o
stralloc_eady.o
stralloc_num.o
stralloc_opyb.o
stralloc_opys.o
stralloc_pend.o
alloc.a
socket.lib
dnscache
walldns-conf.o
walldns-conf
walldns.o
server.o
qlog.o
cdb.o
cdb_hash.o
cdb_make.o
cdb.a
walldns
rbldns-conf.o
rbldns-conf
rbldns.o
rbldns
rbldns-data.o
rbldns-data
pickdns-conf.o
pickdns-conf
pickdns.o
pickdns
pickdns-data.o
pickdns-data
tinydns-conf.o
tinydns-conf
tinydns.o
tdlookup.o
tinydns
tinydns-data.o
tinydns-data
tinydns-get.o
printpacket.o
printrecord.o
parsetype.o
tinydns-get
tinydns-edit.o
tinydns-edit
axfr-get.o
timeoutread.o
timeoutwrite.o
axfr-get
axfrdns-conf.o
axfrdns-conf
axfrdns.o
axfrdns
dnsip.o
dnsip
dnsipq.o
dnsipq
dnsip6q.o
dnsip6q
dnsname.o
dnsname
dnstxt.o
dnstxt
dnsmx.o
dnsmx
dnsfilter.o
sgetopt.o
subgetopt.o
getopt.a
dnsfilter
random-ip.o
random-ip
dnsqr.o
dnsqr
dnsq.o
dnsq
dnstrace.o
dnstrace
dnstracesort
cachetest.o
cachetest
utime.o
utime
rts
prog
install.o
hier.o
install
instcheck.o
instcheck
it
setup
check
scan_0x.o
fmt_xlong.o
ip6_scan.o
ip6_fmt.o
dnsip6.o
dns_ip6.o
dns_sortip6.o
dnsip6
dns_nd6.o
socket_udp6.o
socket_getifidx.o
socket_bind6.o
socket_noipv6.o
socket_recv6.o
socket_send6.o
haveip6.h
haven2i.h
sockaddr_in6.h
scan_xlong.o
socket_accept6.o
socket_connect6.o
socket_tcp6.o

25
Kanzlei-Kiel/src/djbdns/djbdns-1.05/TINYDNS Normal file
View File

@ -0,0 +1,25 @@
The tinydns data.cdb format is subject to change. If you want to write
code that relies on something here, let me know.
Keys starting with the two bytes \000\045 are locations. The rest of the
key is an IP prefix, normally between 0 and 4 bytes long. The data is a
2-byte location.
Other keys are owner names for DNS records. The data begins with a
header in the following format:
* a 2-byte type;
* either \075, or \076 with a 2-byte location;
* a 4-byte TTL;
* an 8-byte timestamp.
(Exception: Wildcard records replace \075 with \052 and \076 with \053;
also, the owner name omits the wildcard.) The data continues in a
type-specific format:
* SOA: first domain name, second domain name, 20-byte miscellany.
* NS or PTR or CNAME: domain name.
* MX: 2-byte preference, domain name.
* Other types: no special structure.
Domain names, types, and numbers are in DNS packet format.

12
Kanzlei-Kiel/src/djbdns/djbdns-1.05/TODO Normal file
View File

@ -0,0 +1,12 @@
end-to-end nym-based security
link-level security
try to get the root authorities to set up a secure, usable NS-list system
have dnscache-conf keep track of copies of dnsroots.global
incorporate automatic NS-list upgrades
consider dead-server table in dnscache or in kernel
IPv6 lookups
maybe reverse IPv6 lookups; what a mess
DNS over IPv6

1
Kanzlei-Kiel/src/djbdns/djbdns-1.05/VERSION Normal file
View File

@ -0,0 +1 @@
djbdns 1.05

BIN
Kanzlei-Kiel/src/djbdns/djbdns-1.05/alloc.a Normal file
View File

Binary file not shown.

31
Kanzlei-Kiel/src/djbdns/djbdns-1.05/alloc.c Normal file
View File

@ -0,0 +1,31 @@
#include <stdlib.h>
#include "alloc.h"
#include "error.h"
#define ALIGNMENT 16 /* XXX: assuming that this alignment is enough */
#define SPACE 2048 /* must be multiple of ALIGNMENT */
typedef union { char irrelevant[ALIGNMENT]; double d; } aligned;
static aligned realspace[SPACE / ALIGNMENT];
#define space ((char *) realspace)
static unsigned int avail = SPACE; /* multiple of ALIGNMENT; 0<=avail<=SPACE */
/*@null@*//*@out@*/char *alloc(n)
unsigned int n;
{
char *x;
n = ALIGNMENT + n - (n & (ALIGNMENT - 1)); /* XXX: could overflow */
if (n <= avail) { avail -= n; return space + avail; }
x = malloc(n);
if (!x) errno = error_nomem;
return x;
}
void alloc_free(x)
char *x;
{
if (x >= space)
if (x < space + SPACE)
return; /* XXX: assuming that pointers are flat */
free(x);
}

8
Kanzlei-Kiel/src/djbdns/djbdns-1.05/alloc.h Normal file
View File

@ -0,0 +1,8 @@
#ifndef ALLOC_H
#define ALLOC_H
extern /*@null@*//*@out@*/char *alloc();
extern void alloc_free();
extern int alloc_re();
#endif

BIN
Kanzlei-Kiel/src/djbdns/djbdns-1.05/alloc.o Normal file
View File

Binary file not shown.

17
Kanzlei-Kiel/src/djbdns/djbdns-1.05/alloc_re.c Normal file
View File

@ -0,0 +1,17 @@
#include "alloc.h"
#include "byte.h"
int alloc_re(x,m,n)
char **x;
unsigned int m;
unsigned int n;
{
char *y;
y = alloc(n);
if (!y) return 0;
byte_copy(y,m,*x);
alloc_free(*x);
*x = y;
return 1;
}

BIN
Kanzlei-Kiel/src/djbdns/djbdns-1.05/alloc_re.o Normal file
View File

Binary file not shown.

BIN
Kanzlei-Kiel/src/djbdns/djbdns-1.05/auto-str Executable file
View File

Binary file not shown.

40
Kanzlei-Kiel/src/djbdns/djbdns-1.05/auto-str.c Normal file
View File

@ -0,0 +1,40 @@
#include "buffer.h"
#include "exit.h"
char bspace[256];
buffer b = BUFFER_INIT(buffer_unixwrite,1,bspace,sizeof bspace);
void puts(const char *s)
{
if (buffer_puts(&b,s) == -1) _exit(111);
}
int main(int argc,char **argv)
{
char *name;
char *value;
unsigned char ch;
char octal[4];
name = argv[1];
if (!name) _exit(100);
value = argv[2];
if (!value) _exit(100);
puts("const char ");
puts(name);
puts("[] = \"\\\n");
while (ch = *value++) {
puts("\\");
octal[3] = 0;
octal[2] = '0' + (ch & 7); ch >>= 3;
octal[1] = '0' + (ch & 7); ch >>= 3;
octal[0] = '0' + (ch & 7);
puts(octal);
}
puts("\\\n\";\n");
if (buffer_flush(&b) == -1) _exit(111);
_exit(0);
}

BIN
Kanzlei-Kiel/src/djbdns/djbdns-1.05/auto-str.o Normal file
View File

Binary file not shown.

3
Kanzlei-Kiel/src/djbdns/djbdns-1.05/auto_home.c Normal file
View File

@ -0,0 +1,3 @@
const char auto_home[] = "\
\057\165\163\162\057\154\157\143\141\154\
";

6
Kanzlei-Kiel/src/djbdns/djbdns-1.05/auto_home.h Normal file
View File

@ -0,0 +1,6 @@
#ifndef AUTO_HOME_H
#define AUTO_HOME_H
extern const char auto_home[];
#endif

BIN
Kanzlei-Kiel/src/djbdns/djbdns-1.05/auto_home.o Normal file
View File

Binary file not shown.

BIN
Kanzlei-Kiel/src/djbdns/djbdns-1.05/axfr-get Executable file
View File

Binary file not shown.

382
Kanzlei-Kiel/src/djbdns/djbdns-1.05/axfr-get.c Normal file
View File

@ -0,0 +1,382 @@
#include <stdio.h>
#include <unistd.h>
#include "uint32.h"
#include "uint16.h"
#include "stralloc.h"
#include "error.h"
#include "strerr.h"
#include "getln.h"
#include "buffer.h"
#include "exit.h"
#include "open.h"
#include "scan.h"
#include "byte.h"
#include "str.h"
#include "ip4.h"
#include "ip6.h"
#include "timeoutread.h"
#include "timeoutwrite.h"
#include "dns.h"
#define FATAL "axfr-get: fatal: "
void die_usage(void)
{
strerr_die1x(100,"axfr-get: usage: axfr-get zone fn fn.tmp");
}
void die_generate(void)
{
strerr_die2sys(111,FATAL,"unable to generate AXFR query: ");
}
void die_parse(void)
{
strerr_die2sys(111,FATAL,"unable to parse AXFR results: ");
}
unsigned int x_copy(char *buf,unsigned int len,unsigned int pos,char *out,unsigned int outlen)
{
pos = dns_packet_copy(buf,len,pos,out,outlen);
if (!pos) die_parse();
return pos;
}
unsigned int x_getname(char *buf,unsigned int len,unsigned int pos,char **out)
{
pos = dns_packet_getname(buf,len,pos,out);
if (!pos) die_parse();
return pos;
}
unsigned int x_skipname(char *buf,unsigned int len,unsigned int pos)
{
pos = dns_packet_skipname(buf,len,pos);
if (!pos) die_parse();
return pos;
}
static char *zone;
unsigned int zonelen;
char *fn;
char *fntmp;
void die_netread(void)
{
strerr_die2sys(111,FATAL,"unable to read from network: ");
}
void die_netwrite(void)
{
strerr_die2sys(111,FATAL,"unable to write to network: ");
}
void die_read(void)
{
strerr_die4sys(111,FATAL,"unable to read ",fn,": ");
}
void die_write(void)
{
strerr_die4sys(111,FATAL,"unable to write ",fntmp,": ");
}
int saferead(int fd,char *buf,unsigned int len)
{
int r;
r = timeoutread(60,fd,buf,len);
if (r == 0) { errno = error_proto; die_parse(); }
if (r <= 0) die_netread();
return r;
}
int safewrite(int fd,char *buf,unsigned int len)
{
int r;
r = timeoutwrite(60,fd,buf,len);
if (r <= 0) die_netwrite();
return r;
}
char netreadspace[1024];
buffer netread = BUFFER_INIT(saferead,6,netreadspace,sizeof netreadspace);
char netwritespace[1024];
buffer netwrite = BUFFER_INIT(safewrite,7,netwritespace,sizeof netwritespace);
void netget(char *buf,unsigned int len)
{
int r;
while (len > 0) {
r = buffer_get(&netread,buf,len);
buf += r; len -= r;
}
}
int fd;
buffer b;
char bspace[1024];
void put(char *buf,unsigned int len)
{
if (buffer_put(&b,buf,len) == -1) die_write();
}
int printable(char ch)
{
if (ch == '.') return 1;
if ((ch >= 'a') && (ch <= 'z')) return 1;
if ((ch >= '0') && (ch <= '9')) return 1;
if ((ch >= 'A') && (ch <= 'Z')) return 1;
if (ch == '-') return 1;
return 0;
}
static char *d1;
static char *d2;
static char *d3;
stralloc line;
int match;
int numsoa;
unsigned int doit(char *buf,unsigned int len,unsigned int pos)
{
char data[20];
uint32 ttl;
uint16 dlen;
uint16 typenum;
uint32 u32;
int i;
pos = x_getname(buf,len,pos,&d1);
pos = x_copy(buf,len,pos,data,10);
uint16_unpack_big(data,&typenum);
uint32_unpack_big(data + 4,&ttl);
uint16_unpack_big(data + 8,&dlen);
if (len - pos < dlen) { errno = error_proto; return 0; }
len = pos + dlen;
if (!dns_domain_suffix(d1,zone)) return len;
if (byte_diff(data + 2,2,DNS_C_IN)) return len;
if (byte_equal(data,2,DNS_T_SOA)) {
if (++numsoa >= 2) return len;
pos = x_getname(buf,len,pos,&d2);
pos = x_getname(buf,len,pos,&d3);
x_copy(buf,len,pos,data,20);
uint32_unpack_big(data,&u32);
if (!stralloc_copys(&line,"#")) return 0;
if (!stralloc_catulong0(&line,u32,0)) return 0;
if (!stralloc_cats(&line," auto axfr-get\n")) return 0;
if (!stralloc_cats(&line,"Z")) return 0;
if (!dns_domain_todot_cat(&line,d1)) return 0;
if (!stralloc_cats(&line,":")) return 0;
if (!dns_domain_todot_cat(&line,d2)) return 0;
if (!stralloc_cats(&line,".:")) return 0;
if (!dns_domain_todot_cat(&line,d3)) return 0;
if (!stralloc_cats(&line,".")) return 0;
for (i = 0;i < 5;++i) {
uint32_unpack_big(data + 4 * i,&u32);
if (!stralloc_cats(&line,":")) return 0;
if (!stralloc_catulong0(&line,u32,0)) return 0;
}
}
else if (byte_equal(data,2,DNS_T_NS)) {
if (!stralloc_copys(&line,"&")) return 0;
if (byte_equal(d1,2,"\1*")) { errno = error_proto; return 0; }
if (!dns_domain_todot_cat(&line,d1)) return 0;
if (!stralloc_cats(&line,"::")) return 0;
x_getname(buf,len,pos,&d1);
if (!dns_domain_todot_cat(&line,d1)) return 0;
if (!stralloc_cats(&line,".")) return 0;
}
else if (byte_equal(data,2,DNS_T_CNAME)) {
if (!stralloc_copys(&line,"C")) return 0;
if (!dns_domain_todot_cat(&line,d1)) return 0;
if (!stralloc_cats(&line,":")) return 0;
x_getname(buf,len,pos,&d1);
if (!dns_domain_todot_cat(&line,d1)) return 0;
if (!stralloc_cats(&line,".")) return 0;
}
else if (byte_equal(data,2,DNS_T_PTR)) {
if (!stralloc_copys(&line,"^")) return 0;
if (!dns_domain_todot_cat(&line,d1)) return 0;
if (!stralloc_cats(&line,":")) return 0;
x_getname(buf,len,pos,&d1);
if (!dns_domain_todot_cat(&line,d1)) return 0;
if (!stralloc_cats(&line,".")) return 0;
}
else if (byte_equal(data,2,DNS_T_MX)) {
uint16 dist;
if (!stralloc_copys(&line,"@")) return 0;
if (!dns_domain_todot_cat(&line,d1)) return 0;
if (!stralloc_cats(&line,"::")) return 0;
pos = x_copy(buf,len,pos,data,2);
uint16_unpack_big(data,&dist);
x_getname(buf,len,pos,&d1);
if (!dns_domain_todot_cat(&line,d1)) return 0;
if (!stralloc_cats(&line,".:")) return 0;
if (!stralloc_catulong0(&line,dist,0)) return 0;
}
else if (byte_equal(data,2,DNS_T_A) && (dlen == 4)) {
char ipstr[IP4_FMT];
if (!stralloc_copys(&line,"+")) return 0;
if (!dns_domain_todot_cat(&line,d1)) return 0;
if (!stralloc_cats(&line,":")) return 0;
x_copy(buf,len,pos,data,4);
if (!stralloc_catb(&line,ipstr,ip4_fmt(ipstr,data))) return 0;
}
else if (byte_equal(data,2,DNS_T_AAAA)) {
char ipstr[IP6_FMT];
if (!stralloc_copys(&line,"3")) return 0;
if (!dns_domain_todot_cat(&line,d1)) return 0;
if (!stralloc_cats(&line,":")) return 0;
x_copy(buf,len,pos,data,16);
if (!stralloc_catb(&line,ipstr,ip6_fmt_flat(ipstr,data))) return 0;
}
else {
unsigned char ch;
unsigned char ch2;
if (!stralloc_copys(&line,":")) return 0;
if (!dns_domain_todot_cat(&line,d1)) return 0;
if (!stralloc_cats(&line,":")) return 0;
if (!stralloc_catulong0(&line,typenum,0)) return 0;
if (!stralloc_cats(&line,":")) return 0;
for (i = 0;i < dlen;++i) {
pos = x_copy(buf,len,pos,data,1);
ch = data[0];
if (printable(ch)) {
if (!stralloc_catb(&line,&ch,1)) return 0;
}
else {
if (!stralloc_cats(&line,"\\")) return 0;
ch2 = '0' + ((ch >> 6) & 7);
if (!stralloc_catb(&line,&ch2,1)) return 0;
ch2 = '0' + ((ch >> 3) & 7);
if (!stralloc_catb(&line,&ch2,1)) return 0;
ch2 = '0' + (ch & 7);
if (!stralloc_catb(&line,&ch2,1)) return 0;
}
}
}
if (!stralloc_cats(&line,":")) return 0;
if (!stralloc_catulong0(&line,ttl,0)) return 0;
if (!stralloc_cats(&line,"\n")) return 0;
put(line.s,line.len);
return len;
}
stralloc packet;
int main(int argc,char **argv)
{
char out[20];
unsigned long u;
uint16 dlen;
unsigned int pos;
uint32 oldserial = 0;
uint32 newserial = 0;
uint16 numqueries;
uint16 numanswers;
if (!*argv) die_usage();
if (!*++argv) die_usage();
if (!dns_domain_fromdot(&zone,*argv,str_len(*argv))) die_generate();
zonelen = dns_domain_length(zone);
if (!*++argv) die_usage();
fn = *argv;
if (!*++argv) die_usage();
fntmp = *argv;
fd = open_read(fn);
if (fd == -1) {
if (errno != error_noent) die_read();
}
else {
buffer_init(&b,buffer_unixread,fd,bspace,sizeof bspace);
if (getln(&b,&line,&match,'\n') == -1) die_read();
if (!stralloc_0(&line)) die_read();
if (line.s[0] == '#') {
scan_ulong(line.s + 1,&u);
oldserial = u;
}
close(fd);
}
if (!stralloc_copyb(&packet,"\0\0\0\0\0\1\0\0\0\0\0\0",12)) die_generate();
if (!stralloc_catb(&packet,zone,zonelen)) die_generate();
if (!stralloc_catb(&packet,DNS_T_SOA DNS_C_IN,4)) die_generate();
uint16_pack_big(out,packet.len);
buffer_put(&netwrite,out,2);
buffer_put(&netwrite,packet.s,packet.len);
buffer_flush(&netwrite);
netget(out,2);
uint16_unpack_big(out,&dlen);
if (!stralloc_ready(&packet,dlen)) die_parse();
netget(packet.s,dlen);
packet.len = dlen;
pos = x_copy(packet.s,packet.len,0,out,12);
uint16_unpack_big(out + 4,&numqueries);
uint16_unpack_big(out + 6,&numanswers);
while (numqueries) {
--numqueries;
pos = x_skipname(packet.s,packet.len,pos);
pos += 4;
}
if (!numanswers) { errno = error_proto; die_parse(); }
pos = x_getname(packet.s,packet.len,pos,&d1);
if (!dns_domain_equal(zone,d1)) { errno = error_proto; die_parse(); }
pos = x_copy(packet.s,packet.len,pos,out,10);
if (byte_diff(out,4,DNS_T_SOA DNS_C_IN)) { errno = error_proto; die_parse(); }
pos = x_skipname(packet.s,packet.len,pos);
pos = x_skipname(packet.s,packet.len,pos);
pos = x_copy(packet.s,packet.len,pos,out,4);
uint32_unpack_big(out,&newserial);
if (oldserial && newserial) /* allow 0 for very recently modified zones */
if (oldserial == newserial) /* allow serial numbers to move backwards */
_exit(0);
fd = open_trunc(fntmp);
if (fd == -1) die_write();
buffer_init(&b,buffer_unixwrite,fd,bspace,sizeof bspace);
if (!stralloc_copyb(&packet,"\0\0\0\0\0\1\0\0\0\0\0\0",12)) die_generate();
if (!stralloc_catb(&packet,zone,zonelen)) die_generate();
if (!stralloc_catb(&packet,DNS_T_AXFR DNS_C_IN,4)) die_generate();
uint16_pack_big(out,packet.len);
buffer_put(&netwrite,out,2);
buffer_put(&netwrite,packet.s,packet.len);
buffer_flush(&netwrite);
numsoa = 0;
while (numsoa < 2) {
netget(out,2);
uint16_unpack_big(out,&dlen);
if (!stralloc_ready(&packet,dlen)) die_parse();
netget(packet.s,dlen);
packet.len = dlen;
pos = x_copy(packet.s,packet.len,0,out,12);
uint16_unpack_big(out + 4,&numqueries);
while (numqueries) {
--numqueries;
pos = x_skipname(packet.s,packet.len,pos);
pos += 4;
}
while (pos < packet.len) {
pos = doit(packet.s,packet.len,pos);
if (!pos) die_parse();
}
}
if (buffer_flush(&b) == -1) die_write();
if (fsync(fd) == -1) die_write();
if (close(fd) == -1) die_write(); /* NFS dorks */
if (rename(fntmp,fn) == -1)
strerr_die6sys(111,FATAL,"unable to move ",fntmp," to ",fn,": ");
_exit(0);
}

BIN
Kanzlei-Kiel/src/djbdns/djbdns-1.05/axfr-get.o Normal file
View File

Binary file not shown.

BIN
Kanzlei-Kiel/src/djbdns/djbdns-1.05/axfrdns Executable file
View File

Binary file not shown.

BIN
Kanzlei-Kiel/src/djbdns/djbdns-1.05/axfrdns-conf Executable file
View File

Binary file not shown.

71
Kanzlei-Kiel/src/djbdns/djbdns-1.05/axfrdns-conf.c Normal file
View File

@ -0,0 +1,71 @@
#include <unistd.h>
#include <pwd.h>
#include "strerr.h"
#include "exit.h"
#include "auto_home.h"
#include "generic-conf.h"
#define FATAL "axfrdns-conf: fatal: "
void usage(void)
{
strerr_die1x(100,"axfrdns-conf: usage: axfrdns-conf acct logacct /axfrdns /tinydns myip");
}
char *dir;
char *user;
char *loguser;
struct passwd *pw;
char *myip;
char *tinydns;
int main(int argc,char **argv)
{
user = argv[1];
if (!user) usage();
loguser = argv[2];
if (!loguser) usage();
dir = argv[3];
if (!dir) usage();
if (dir[0] != '/') usage();
tinydns = argv[4];
if (!tinydns) usage();
if (tinydns[0] != '/') usage();
myip = argv[5];
if (!myip) usage();
pw = getpwnam(loguser);
if (!pw)
strerr_die3x(111,FATAL,"unknown account ",loguser);
init(dir,FATAL);
makelog(loguser,pw->pw_uid,pw->pw_gid);
makedir("env");
perm(02755);
start("env/ROOT"); outs(tinydns); outs("/root\n"); finish();
perm(0644);
start("env/IP"); outs(myip); outs("\n"); finish();
perm(0644);
start("run");
outs("#!/bin/sh\nexec 2>&1\nexec envdir ./env sh -c '\n exec envuidgid "); outs(user);
outs(" softlimit -d300000 tcpserver -vDRHl0 -x tcp.cdb -- \"$IP\" 53 ");
outs(auto_home); outs("/bin/axfrdns\n'\n");
finish();
perm(0755);
start("Makefile");
outs("tcp.cdb: tcp\n");
outs("\ttcprules tcp.cdb tcp.tmp < tcp\n");
finish();
perm(0644);
start("tcp");
outs("# sample line: 1.2.3.4:allow,AXFR=\"heaven.af.mil/3.2.1.in-addr.arpa\"\n");
outs(":deny\n");
finish();
perm(0644);
_exit(0);
}

BIN
Kanzlei-Kiel/src/djbdns/djbdns-1.05/axfrdns-conf.o Normal file
View File

Binary file not shown.

378
Kanzlei-Kiel/src/djbdns/djbdns-1.05/axfrdns.c Normal file
View File

@ -0,0 +1,378 @@
#include <unistd.h>
#include "droproot.h"
#include "exit.h"
#include "env.h"
#include "uint32.h"
#include "uint16.h"
#include "ip4.h"
#include "tai.h"
#include "buffer.h"
#include "timeoutread.h"
#include "timeoutwrite.h"
#include "open.h"
#include "seek.h"
#include "cdb.h"
#include "stralloc.h"
#include "strerr.h"
#include "str.h"
#include "byte.h"
#include "case.h"
#include "dns.h"
#include "scan.h"
#include "qlog.h"
#include "response.h"
extern int respond(char *,char *,char *);
#define FATAL "axfrdns: fatal: "
void nomem()
{
strerr_die2x(111,FATAL,"out of memory");
}
void die_truncated()
{
strerr_die2x(111,FATAL,"truncated request");
}
void die_netwrite()
{
strerr_die2sys(111,FATAL,"unable to write to network: ");
}
void die_netread()
{
strerr_die2sys(111,FATAL,"unable to read from network: ");
}
void die_outside()
{
strerr_die2x(111,FATAL,"unable to locate information in data.cdb");
}
void die_cdbread()
{
strerr_die2sys(111,FATAL,"unable to read data.cdb: ");
}
void die_cdbformat()
{
strerr_die3x(111,FATAL,"unable to read data.cdb: ","format error");
}
int safewrite(int fd,char *buf,unsigned int len)
{
int w;
w = timeoutwrite(60,fd,buf,len);
if (w <= 0) die_netwrite();
return w;
}
char netwritespace[1024];
buffer netwrite = BUFFER_INIT(safewrite,1,netwritespace,sizeof netwritespace);
void print(char *buf,unsigned int len)
{
char tcpheader[2];
uint16_pack_big(tcpheader,len);
buffer_put(&netwrite,tcpheader,2);
buffer_put(&netwrite,buf,len);
buffer_flush(&netwrite);
}
char *axfr;
static char *axfrok;
void axfrcheck(char *q)
{
int i;
int j;
if (!axfr) return;
i = j = 0;
for (;;) {
if (!axfr[i] || (axfr[i] == '/')) {
if (i > j) {
if (!dns_domain_fromdot(&axfrok,axfr + j,i - j)) nomem();
if (dns_domain_equal(q,axfrok)) return;
}
j = i + 1;
}
if (!axfr[i]) break;
++i;
}
strerr_die2x(111,FATAL,"disallowed zone transfer request");
}
static char *zone;
unsigned int zonelen;
char typeclass[4];
int fdcdb;
buffer bcdb;
char bcdbspace[1024];
void get(char *buf,unsigned int len)
{
int r;
while (len > 0) {
r = buffer_get(&bcdb,buf,len);
if (r < 0) die_cdbread();
if (!r) die_cdbformat();
buf += r;
len -= r;
}
}
char ip[4];
unsigned long port;
char clientloc[2];
struct tai now;
char data[32767];
uint32 dlen;
uint32 dpos;
void copy(char *buf,unsigned int len)
{
dpos = dns_packet_copy(data,dlen,dpos,buf,len);
if (!dpos) die_cdbread();
}
void doname(stralloc *sa)
{
static char *d;
dpos = dns_packet_getname(data,dlen,dpos,&d);
if (!dpos) die_cdbread();
if (!stralloc_catb(sa,d,dns_domain_length(d))) nomem();
}
int build(stralloc *sa,char *q,int flagsoa,char id[2])
{
unsigned int rdatapos;
char misc[20];
char type[2];
char recordloc[2];
char ttl[4];
char ttd[8];
struct tai cutoff;
dpos = 0;
copy(type,2);
if (flagsoa) if (byte_diff(type,2,DNS_T_SOA)) return 0;
if (!flagsoa) if (byte_equal(type,2,DNS_T_SOA)) return 0;
if (!stralloc_copyb(sa,id,2)) nomem();
if (!stralloc_catb(sa,"\204\000\0\0\0\1\0\0\0\0",10)) nomem();
copy(misc,1);
if ((misc[0] == '=' + 1) || (misc[0] == '*' + 1)) {
--misc[0];
copy(recordloc,2);
if (byte_diff(recordloc,2,clientloc)) return 0;
}
if (misc[0] == '*') {
if (flagsoa) return 0;
if (!stralloc_catb(sa,"\1*",2)) nomem();
}
if (!stralloc_catb(sa,q,dns_domain_length(q))) nomem();
if (!stralloc_catb(sa,type,2)) nomem();
copy(ttl,4);
copy(ttd,8);
if (byte_diff(ttd,8,"\0\0\0\0\0\0\0\0")) {
tai_unpack(ttd,&cutoff);
if (byte_equal(ttl,4,"\0\0\0\0")) {
if (tai_less(&cutoff,&now)) return 0;
uint32_pack_big(ttl,2);
}
else
if (!tai_less(&cutoff,&now)) return 0;
}
if (!stralloc_catb(sa,DNS_C_IN,2)) nomem();
if (!stralloc_catb(sa,ttl,4)) nomem();
if (!stralloc_catb(sa,"\0\0",2)) nomem();
rdatapos = sa->len;
if (byte_equal(type,2,DNS_T_SOA)) {
doname(sa);
doname(sa);
copy(misc,20);
if (!stralloc_catb(sa,misc,20)) nomem();
}
else if (byte_equal(type,2,DNS_T_NS) || byte_equal(type,2,DNS_T_PTR) || byte_equal(type,2,DNS_T_CNAME)) {
doname(sa);
}
else if (byte_equal(type,2,DNS_T_MX)) {
copy(misc,2);
if (!stralloc_catb(sa,misc,2)) nomem();
doname(sa);
}
else
if (!stralloc_catb(sa,data + dpos,dlen - dpos)) nomem();
if (sa->len > 65535) die_cdbformat();
uint16_pack_big(sa->s + rdatapos - 2,sa->len - rdatapos);
return 1;
}
static struct cdb c;
static char *q;
static stralloc soa;
static stralloc message;
void doaxfr(char id[2])
{
char key[512];
uint32 klen;
char num[4];
uint32 eod;
uint32 pos;
int r;
axfrcheck(zone);
tai_now(&now);
cdb_init(&c,fdcdb);
byte_zero(clientloc,2);
key[0] = 0;
key[1] = '%';
byte_copy(key + 2,4,ip);
r = cdb_find(&c,key,6);
if (!r) r = cdb_find(&c,key,5);
if (!r) r = cdb_find(&c,key,4);
if (!r) r = cdb_find(&c,key,3);
if (!r) r = cdb_find(&c,key,2);
if (r == -1) die_cdbread();
if (r && (cdb_datalen(&c) == 2))
if (cdb_read(&c,clientloc,2,cdb_datapos(&c)) == -1) die_cdbread();
cdb_findstart(&c);
for (;;) {
r = cdb_findnext(&c,zone,zonelen);
if (r == -1) die_cdbread();
if (!r) die_outside();
dlen = cdb_datalen(&c);
if (dlen > sizeof data) die_cdbformat();
if (cdb_read(&c,data,dlen,cdb_datapos(&c)) == -1) die_cdbformat();
if (build(&soa,zone,1,id)) break;
}
cdb_free(&c);
print(soa.s,soa.len);
seek_begin(fdcdb);
buffer_init(&bcdb,buffer_unixread,fdcdb,bcdbspace,sizeof bcdbspace);
pos = 0;
get(num,4); pos += 4;
uint32_unpack(num,&eod);
while (pos < 2048) { get(num,4); pos += 4; }
while (pos < eod) {
if (eod - pos < 8) die_cdbformat();
get(num,4); pos += 4;
uint32_unpack(num,&klen);
get(num,4); pos += 4;
uint32_unpack(num,&dlen);
if (eod - pos < klen) die_cdbformat();
pos += klen;
if (eod - pos < dlen) die_cdbformat();
pos += dlen;
if (klen > sizeof key) die_cdbformat();
get(key,klen);
if (dlen > sizeof data) die_cdbformat();
get(data,dlen);
if ((klen > 1) && (key[0] == 0)) continue; /* location */
if (klen < 1) die_cdbformat();
if (dns_packet_getname(key,klen,0,&q) != klen) die_cdbformat();
if (!dns_domain_suffix(q,zone)) continue;
if (!build(&message,q,0,id)) continue;
print(message.s,message.len);
}
print(soa.s,soa.len);
}
void netread(char *buf,unsigned int len)
{
int r;
while (len > 0) {
r = timeoutread(60,0,buf,len);
if (r == 0) _exit(0);
if (r < 0) die_netread();
buf += r; len -= r;
}
}
char tcpheader[2];
char buf[512];
uint16 len;
static char seed[128];
int main()
{
unsigned int pos;
char header[12];
char qtype[2];
char qclass[2];
const char *x;
droproot(FATAL);
dns_random_init(seed);
axfr = env_get("AXFR");
x = env_get("TCPREMOTEIP");
if (x && ip4_scan(x,ip))
;
else
byte_zero(ip,4);
x = env_get("TCPREMOTEPORT");
if (!x) x = "0";
scan_ulong(x,&port);
for (;;) {
netread(tcpheader,2);
uint16_unpack_big(tcpheader,&len);
if (len > 512) strerr_die2x(111,FATAL,"excessively large request");
netread(buf,len);
pos = dns_packet_copy(buf,len,0,header,12); if (!pos) die_truncated();
if (header[2] & 254) strerr_die2x(111,FATAL,"bogus query");
if (header[4] || (header[5] != 1)) strerr_die2x(111,FATAL,"bogus query");
pos = dns_packet_getname(buf,len,pos,&zone); if (!pos) die_truncated();
zonelen = dns_domain_length(zone);
pos = dns_packet_copy(buf,len,pos,qtype,2); if (!pos) die_truncated();
pos = dns_packet_copy(buf,len,pos,qclass,2); if (!pos) die_truncated();
if (byte_diff(qclass,2,DNS_C_IN) && byte_diff(qclass,2,DNS_C_ANY))
strerr_die2x(111,FATAL,"bogus query: bad class");
qlog(ip,port,header,zone,qtype," ");
if (byte_equal(qtype,2,DNS_T_AXFR)) {
case_lowerb(zone,zonelen);
fdcdb = open_read("data.cdb");
if (fdcdb == -1) die_cdbread();
doaxfr(header);
close(fdcdb);
}
else {
if (!response_query(zone,qtype,qclass)) nomem();
response[2] |= 4;
case_lowerb(zone,zonelen);
response_id(header);
response[3] &= ~128;
if (!(header[2] & 1)) response[2] &= ~1;
if (!respond(zone,qtype,ip)) die_outside();
print(response,response_len);
}
}
}

BIN
Kanzlei-Kiel/src/djbdns/djbdns-1.05/axfrdns.o Normal file
View File

Binary file not shown.

Some files were not shown because too many files have changed in this diff Show More