Merge branch 'master' of https://git.oopen.de/o.open/Office_Networks
This commit is contained in:
commit
793079fac1
6
.gitmodules
vendored
Normal file
6
.gitmodules
vendored
Normal file
@ -0,0 +1,6 @@
|
||||
[submodule "Kanzlei-Kiel/src/mailsystem"]
|
||||
path = Kanzlei-Kiel/src/mailsystem
|
||||
url = https://git.oopen.de/install/mailsystem
|
||||
[submodule "Kanzlei-Kiel/src/Kanzlei-Kiel/src/openvpn"]
|
||||
path = Kanzlei-Kiel/src/Kanzlei-Kiel/src/openvpn
|
||||
url = https://git.oopen.de/install/openvpn
|
||||
@ -1,5 +1,8 @@
|
||||
|
||||
-------
|
||||
Notice:
|
||||
-------
|
||||
|
||||
You have to change some configuration files becaus the because
|
||||
the configuration of network interfaces must not be equal.
|
||||
|
||||
@ -21,5 +24,5 @@ Notice:
|
||||
interfaces.Kanzlei-Kiel: see above
|
||||
default_isc-dhcp-server.Kanzlei-Kiel
|
||||
ipt-firewall.Kanzlei-Kiel: LAN device (mostly ) = eth1
|
||||
second LAN WLAN or what ever (if present) = eth0
|
||||
second LAN WLAN or what ever (if present) = eth0
|
||||
|
||||
|
||||
11
Kanzlei-Kiel/aiccu.Kanzlei-Kiel
Normal file
11
Kanzlei-Kiel/aiccu.Kanzlei-Kiel
Normal file
@ -0,0 +1,11 @@
|
||||
# This is a configuration file for /etc/init.d/aiccu; it allows you to
|
||||
# perform common modifications to the behavior of the aiccu daemon
|
||||
# startup without editing the init script (and thus getting prompted
|
||||
# by dpkg on upgrades). We all love dpkg prompts.
|
||||
|
||||
# Arguments to pass to aiccu daemon.
|
||||
DAEMON_ARGS=""
|
||||
|
||||
# Run aiccu at startup ?
|
||||
AICCU_ENABLED=Yes
|
||||
|
||||
@ -1 +1 @@
|
||||
Subproject commit 6c91fc0987a1d4b55910523e167b3755ab1f6718
|
||||
Subproject commit 33b4a60887e2185bf4de943dcdaed07dc9e229c4
|
||||
@ -3,7 +3,7 @@
|
||||
;
|
||||
$TTL 43600
|
||||
@ IN SOA kanzlei-kiel.netz. ckubu.oopen.de. (
|
||||
2012020701 ; Serial
|
||||
2018060601 ; Serial
|
||||
604800 ; Refresh
|
||||
86400 ; Retry
|
||||
2419200 ; Expire
|
||||
@ -17,23 +17,28 @@ $TTL 43600
|
||||
; ==========
|
||||
|
||||
; Gateway/Firewall
|
||||
254 IN PTR gw-kanzlei-kiel.kanzlei-kiel.netz.
|
||||
254 IN PTR gw-ah.kanzlei-kiel.netz.
|
||||
|
||||
; (Caching ) Nameserver
|
||||
1 IN PTR ns.kanzlei-kiel.netz.
|
||||
1 IN PTR ns.kanzlei-kiel.netz.
|
||||
|
||||
; File Server
|
||||
10 IN PTR file-ah.kanzlei-kiel.netz.
|
||||
12 IN PTR file-ah.kanzlei-kiel.netz.
|
||||
10 IN PTR file-ah.kanzlei-kiel.netz.
|
||||
|
||||
; IPMI - File Server
|
||||
11 IN PTR file-ipmi.kanzlei-kiel.netz.
|
||||
11 IN PTR file-ipmi-alt.kanzlei-kiel.netz.
|
||||
15 IN PTR file-ipmi.kanzlei-kiel.netz.
|
||||
|
||||
; USV
|
||||
;15 IN PTR usv-kanzlei-kiel.kanzlei-kiel.netz.
|
||||
|
||||
; Windows 7 Server
|
||||
20 IN PTR file-win7.kanzlei-kiel.netz.
|
||||
25 IN PTR win7-ah.kanzlei-kiel.netz.
|
||||
20 IN PTR file-win7.kanzlei-kiel.netz.
|
||||
25 IN PTR win7-ah.kanzlei-kiel.netz.
|
||||
|
||||
; Windows Server 2016 - Domain Controler
|
||||
30 IN PTR ad-dc.kanzlei-kiel.netz.
|
||||
|
||||
|
||||
; ==========
|
||||
@ -41,7 +46,8 @@ $TTL 43600
|
||||
; ==========
|
||||
|
||||
; UniFi AP-AC-LR
|
||||
50 IN PTR unify-ap.kanzlei-kiel.netz.
|
||||
50 IN PTR unifi-ap-0.kanzlei-kiel.netz.
|
||||
51 IN PTR unifi-ap-1.kanzlei-kiel.netz.
|
||||
|
||||
|
||||
; ==========
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
;
|
||||
$TTL 43600
|
||||
@ IN SOA ns.kanzlei-kiel.netz. ckubu.oopen.de. (
|
||||
2017013001 ; Serial
|
||||
2018060601 ; Serial
|
||||
604800 ; Refresh
|
||||
86400 ; Retry
|
||||
2419200 ; Expire
|
||||
@ -11,7 +11,7 @@ $TTL 43600
|
||||
;
|
||||
|
||||
|
||||
IN NS ns.kanzlei-kiel.netz.
|
||||
IN NS ns.kanzlei-kiel.netz.
|
||||
|
||||
|
||||
; ==========
|
||||
@ -19,28 +19,37 @@ $TTL 43600
|
||||
; ==========
|
||||
|
||||
; Gateway/Firewall
|
||||
gw-ah IN A 192.168.100.254
|
||||
gate IN CNAME gw-ah
|
||||
gw IN CNAME gw-ah
|
||||
gw-ah IN A 192.168.100.254
|
||||
gate IN CNAME gw-ah
|
||||
gw IN CNAME gw-ah
|
||||
|
||||
; (Caching ) Nameserver
|
||||
ns IN A 192.168.100.1
|
||||
nscache IN CNAME ns
|
||||
ns IN A 192.168.100.1
|
||||
nscache IN CNAME ns
|
||||
|
||||
; File Server
|
||||
file-ah IN A 192.168.100.10
|
||||
file IN CNAME file-ah
|
||||
file-ah-alt IN A 192.168.100.12
|
||||
file-ah IN A 192.168.100.10
|
||||
file IN CNAME file-ah
|
||||
|
||||
; IPMI - File Server
|
||||
file-ipmi IN A 192.168.100.11
|
||||
file-ipmi-alt IN A 192.168.100.11
|
||||
file-ipmi IN A 192.168.100.15
|
||||
|
||||
; USV - APC Management Card
|
||||
;usv-ah IN A 192.168.100.15
|
||||
;usv IN CNAME usv-ah
|
||||
|
||||
; Windows 7 Server
|
||||
file-win7 IN A 192.168.100.20
|
||||
win7-ah IN A 192.168.100.25
|
||||
file-win7 IN A 192.168.100.20
|
||||
win7-ah IN A 192.168.100.25
|
||||
|
||||
; Windows Server 2016 - Domain Controler
|
||||
ad-dc IN A 192.168.100.30
|
||||
file-win IN CNAME ad-dc
|
||||
|
||||
; cryptpad
|
||||
pad IN CNAME file-ah
|
||||
|
||||
|
||||
; ==========
|
||||
@ -48,11 +57,11 @@ win7-ah IN A 192.168.100.25
|
||||
; ==========
|
||||
|
||||
; Controller for Unifi AP's
|
||||
unifi-ctl IN A 192.168.100.254
|
||||
unifi-ctl IN A 192.168.100.254
|
||||
|
||||
; UniFi AP-AC-LR
|
||||
unify-ap IN A 192.168.100.50
|
||||
accesspoint IN CNAME unify-ap
|
||||
unifi-ap-0 IN A 192.168.100.50
|
||||
unifi-ap-1 IN A 192.168.100.51
|
||||
|
||||
|
||||
; ==========
|
||||
@ -60,35 +69,35 @@ accesspoint IN CNAME unify-ap
|
||||
; ==========
|
||||
|
||||
; Laserdrucker Kyocera FS-2020D
|
||||
kyocera-fs-2020d IN A 192.168.100.29
|
||||
kyocera-fs-2020d IN A 192.168.100.29
|
||||
|
||||
; Multifunktions Drucker Kyocera TASKalfa 3051ci
|
||||
kyocera-taskalfa-3051ci IN A 192.168.100.100
|
||||
kyocera-scanner IN CNAME kyocera-taskalfa-3051ci
|
||||
|
||||
; Laserdrucker Kyocera FS-2100DN
|
||||
kyocera-fs-2100dn IN A 192.168.100.189
|
||||
kyocera-fs-2100dn IN A 192.168.100.189
|
||||
|
||||
|
||||
; ==========
|
||||
; - Buero PC's
|
||||
; ==========
|
||||
|
||||
buerozwei IN A 192.168.100.22
|
||||
dokumentenscannerrechner IN A 192.168.100.77
|
||||
buero-doro IN A 192.168.100.81
|
||||
axel IN A 192.168.100.88
|
||||
zk IN A 192.168.100.99
|
||||
shuttle IN A 192.168.100.101
|
||||
buerooben IN A 192.168.100.121
|
||||
laptop-doro IN A 192.168.100.184
|
||||
buerozwei IN A 192.168.100.22
|
||||
dokumentenscannerrechner IN A 192.168.100.77
|
||||
buero-doro IN A 192.168.100.81
|
||||
axel IN A 192.168.100.88
|
||||
zk IN A 192.168.100.99
|
||||
shuttle IN A 192.168.100.101
|
||||
buerooben IN A 192.168.100.121
|
||||
laptop-doro IN A 192.168.100.184
|
||||
|
||||
; ---
|
||||
; - ckubu
|
||||
; ---
|
||||
|
||||
; Laptop (devil) LAN (eth0)
|
||||
devil IN A 192.168.100.90
|
||||
devil IN A 192.168.100.90
|
||||
; Laptop (devil) WLAN (wlan0)
|
||||
devil-wlan IN A 192.168.101.91
|
||||
devil-wlan IN A 192.168.101.91
|
||||
|
||||
|
||||
@ -1,10 +0,0 @@
|
||||
/var/log/check_net.log
|
||||
{
|
||||
rotate 7
|
||||
daily
|
||||
missingok
|
||||
notifempty
|
||||
copytruncate
|
||||
delaycompress
|
||||
compress
|
||||
}
|
||||
@ -1,16 +0,0 @@
|
||||
[Unit]
|
||||
Description=Configure Routing for Internet Connections;
|
||||
After=network.target
|
||||
After=rc-local.service
|
||||
|
||||
[Service]
|
||||
ExecStart=/usr/local/sbin/check_net.sh
|
||||
ExecStartPre=rm -rf /tmp/check_net.sh.LOCK
|
||||
ExecStopPost=rm -rf /tmp/check_net.sh.LOCK
|
||||
KillMode=control-group
|
||||
SendSIGKILL=yes
|
||||
TimeoutStopSec=2
|
||||
Restart=on-failure
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
@ -1,5 +1,5 @@
|
||||
# DO NOT EDIT THIS FILE - edit the master and reinstall.
|
||||
# (/tmp/crontab.7DKfVy/crontab installed on Fri Mar 16 11:09:15 2018)
|
||||
# (/tmp/crontab.pCSfMl/crontab installed on Wed May 29 14:28:54 2019)
|
||||
# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $)
|
||||
# Edit this file to introduce tasks to be run by cron.
|
||||
#
|
||||
@ -49,7 +49,7 @@ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
||||
|
||||
## - reconnect to internet
|
||||
## -
|
||||
13 6 * * * /root/bin/admin-stuff/reconnect_inet.sh ppp-ah dsl-ah
|
||||
#13 6 * * * /root/bin/admin-stuff/reconnect_inet.sh ppp-ah dsl-ah
|
||||
|
||||
## - Copy gateway configuration
|
||||
## -
|
||||
|
||||
@ -18,5 +18,4 @@
|
||||
|
||||
# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
|
||||
# Separate multiple interfaces with spaces, e.g. "eth0 eth1".
|
||||
#INTERFACES=""
|
||||
INTERFACESv4="eth0 eth1"
|
||||
INTERFACESv4="eth1"
|
||||
|
||||
138
Kanzlei-Kiel/hostapd.conf.Kanzlei-Kiel
Normal file
138
Kanzlei-Kiel/hostapd.conf.Kanzlei-Kiel
Normal file
@ -0,0 +1,138 @@
|
||||
# if you want to bridge the onboard eth0 and the
|
||||
# wireless (USB) adapter's wlan0, this should work
|
||||
interface=wlan0
|
||||
bridge=br0
|
||||
|
||||
# this is the driver that must be used for ath9k
|
||||
# and other similar chipset devices
|
||||
driver=nl80211
|
||||
|
||||
# Operation mode (a = IEEE 802.11a, b = IEEE 802.11b, g = IEEE 802.11g,
|
||||
# Default: IEEE 802.11b
|
||||
# !! Note:
|
||||
# the n-speeds get layered on top of 802.11g, so
|
||||
# use hw_mode=g also for 802.11n
|
||||
hw_mode=g
|
||||
#hw_mode=a
|
||||
|
||||
# ieee80211n: Whether IEEE 802.11n (HT) is enabled
|
||||
# 0 = disabled (default)
|
||||
# 1 = enabled
|
||||
# !! Note:
|
||||
# You will also need to enable WMM for full HT functionality.
|
||||
ieee80211n=1
|
||||
wmm_enabled=1
|
||||
|
||||
# Channel number (IEEE 802.11)
|
||||
# (default: 0, i.e., not set)
|
||||
# Please note that some drivers do not use this value from hostapd and the
|
||||
# channel will need to be configured separately with iwconfig.
|
||||
## - 2.4 Ghz : hw_mode=g (ht_capab=[HT40+].. channel 1-9)
|
||||
## - (ht_capab=[HT40-].. channel 5-11(13) )
|
||||
## - 5 Ghz : hw_mode=a (ht_capab=[HT40+].. channel 36,44 )
|
||||
## - (ht_capab=[HT40-].. channel 40)
|
||||
channel=7
|
||||
#channel=44
|
||||
|
||||
# these have to be set in agreement w/ channel and
|
||||
# some other values... read hostapd.conf docs
|
||||
#
|
||||
## - D-LINK DWA-552 (2.4 Ghz)
|
||||
## - MicroTIK RouterBOARD R52n-M (Dualband: 2.4 / 5 Ghz)
|
||||
## - MicroTIK RouterBOARD R52Hn (Dualband: 2.4 / 5 Ghz)
|
||||
## -
|
||||
ht_capab=[HT40-][SHORT-GI-40][TX-STBC][RX-STBC1][DSSS_CCK-40]
|
||||
## -
|
||||
## - SR71-E Hi-Power (802.11a/b/g/n miniPCI-E Module)
|
||||
## -
|
||||
## - 5 Ghz -->channel 36
|
||||
## -
|
||||
#ht_capab=[HT40+][SHORT-GI-40][TX-STBC][RX-STBC1][DSSS_CCK-40]
|
||||
#ht_capab=[SHORT-GI-40][TX-STBC][RX-STBC1][DSSS_CCK-40]
|
||||
## -
|
||||
## - D-LINK DWA-556 (PCIe) (2,4 / 5 Ghz)
|
||||
## -
|
||||
#ht_capab=[HT40+][SHORT-GI-40][DSSS_CCK-40]
|
||||
## -
|
||||
## - Linksys WMP600N (Dualband: 2.4 / 5 Ghz)
|
||||
## -
|
||||
#ht_capab=[HT40+][SHORT-GI-20][SHORT-GI-40][TX-STBC][RX-STBC12]
|
||||
|
||||
|
||||
# adjust to fit your location
|
||||
country_code=DE
|
||||
|
||||
|
||||
# SSID to be used in IEEE 802.11 management frames
|
||||
ssid=WLAN-OOPEN
|
||||
|
||||
# makes the SSID visible and broadcasted
|
||||
ignore_broadcast_ssid=0
|
||||
|
||||
# IEEE 802.11 specifies two authentication algorithms. hostapd can be
|
||||
# configured to allow both of these or only one. Open system authentication
|
||||
# should be used with IEEE 802.1X.
|
||||
# Bit fields of allowed authentication algorithms:
|
||||
# bit 0 = Open System Authentication
|
||||
# bit 1 = Shared Key Authentication (requires WEP)
|
||||
#auth_algs=3
|
||||
auth_algs=1
|
||||
|
||||
# bit0 = WPA
|
||||
# bit1 = IEEE 802.11i/RSN (WPA2) (dot11RSNAEnabled)
|
||||
wpa=3
|
||||
|
||||
# Set of accepted key management algorithms (WPA-PSK, WPA-EAP, or both). The
|
||||
# entries are separated with a space. WPA-PSK-SHA256 and WPA-EAP-SHA256 can be
|
||||
# added to enable SHA256-based stronger algorithms.
|
||||
# (dot11RSNAConfigAuthenticationSuitesTable)
|
||||
wpa_key_mgmt=WPA-PSK
|
||||
|
||||
# WPA pre-shared keys for WPA-PSK.
|
||||
wpa_passphrase=WoAuchImmer
|
||||
|
||||
# Set of accepted cipher suites (encryption algorithms) for pairwise keys
|
||||
# (unicast packets). This is a space separated list of algorithms:
|
||||
# CCMP = AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0]
|
||||
# TKIP = Temporal Key Integrity Protocol [IEEE 802.11i/D7.0]
|
||||
# Group cipher suite (encryption algorithm for broadcast and multicast frames)
|
||||
# is automatically selected based on this configuration. If only CCMP is
|
||||
# allowed as the pairwise cipher, group cipher will also be CCMP. Otherwise,
|
||||
# TKIP will be used as the group cipher.
|
||||
# (dot11RSNAConfigPairwiseCiphersTable)
|
||||
# Pairwise cipher for WPA (v1) (default: TKIP)
|
||||
wpa_pairwise=TKIP CCMP
|
||||
|
||||
# Pairwise cipher for RSN/WPA2 (default: use wpa_pairwise value)
|
||||
rsn_pairwise=CCMP
|
||||
|
||||
# Time interval for rekeying GTK (broadcast/multicast encryption keys) in
|
||||
# seconds. (dot11RSNAConfigGroupRekeyTime)
|
||||
wpa_group_rekey=600
|
||||
|
||||
# Station MAC address -based authentication
|
||||
# Please note that this kind of access control requires a driver that uses
|
||||
# hostapd to take care of management frame processing and as such, this can be
|
||||
# used with driver=hostap or driver=nl80211, but not with driver=madwifi.
|
||||
# 0 = accept unless in deny list
|
||||
# 1 = deny unless in accept list
|
||||
# 2 = use external RADIUS server (accept/deny lists are searched first)
|
||||
macaddr_acl=0
|
||||
|
||||
# Interface for separate control program. If this is specified, hostapd
|
||||
# will create this directory and a UNIX domain socket for listening to requests
|
||||
# from external programs (CLI/GUI, etc.) for status information and
|
||||
# configuration. The socket file will be named based on the interface name, so
|
||||
# multiple hostapd processes/interfaces can be run at the same time if more
|
||||
# than one interface is used.
|
||||
# /var/run/hostapd is the recommended directory for sockets and by default,
|
||||
# hostapd_cli will use it when trying to connect with hostapd.
|
||||
ctrl_interface=/var/run/hostapd
|
||||
|
||||
|
||||
# debugging output - uncomment them to activate; issue hostapd -d /etc/hostapd/hostapd.conf
|
||||
# to get debugging info in visible/real-time form
|
||||
#logger_syslog=-1
|
||||
#logger_syslog_level=2
|
||||
#logger_stdout=-1
|
||||
#logger_stdout_level=2
|
||||
@ -13,9 +13,14 @@ host file-ah {
|
||||
fixed-address file-ah.kanzlei-kiel.netz;
|
||||
}
|
||||
|
||||
# - IPMI Fileserver -ALT
|
||||
host file-ipmi-alt {
|
||||
hardware ethernet 00:25:90:52:c6:37;
|
||||
fixed-address file-ipmi-alt.kanzlei-kiel.netz;
|
||||
}
|
||||
# - IPMI Fileserver
|
||||
host file-ipmi {
|
||||
hardware ethernet 00:25:90:52:c6:37;
|
||||
hardware ethernet ac:1f:6b:89:8c:28;
|
||||
fixed-address file-ipmi.kanzlei-kiel.netz;
|
||||
}
|
||||
|
||||
@ -57,9 +62,13 @@ host kyocera-fs-2100dn {
|
||||
# ---
|
||||
|
||||
# - Accesspoint (UniFi AP-AC-LR)
|
||||
host unify-ap {
|
||||
host unif1-ap-0 {
|
||||
hardware ethernet 44:d9:e7:f6:58:e5 ;
|
||||
fixed-address unify-ap.kanzlei-kiel.netz;
|
||||
fixed-address unifi-ap-0.kanzlei-kiel.netz;
|
||||
}
|
||||
host unif1-ap-1 {
|
||||
hardware ethernet fc:ec:da:1c:81:99 ;
|
||||
fixed-address unifi-ap-1.kanzlei-kiel.netz;
|
||||
}
|
||||
|
||||
|
||||
|
||||
@ -24,13 +24,14 @@ iface eth0 inet static
|
||||
# eth1 - LAN
|
||||
#-----------------------------
|
||||
|
||||
auto eth1 eth1:0
|
||||
auto eth1 eth1:ns
|
||||
iface eth1 inet static
|
||||
address 192.168.100.254
|
||||
network 192.168.100.0
|
||||
netmask 255.255.255.0
|
||||
broadcast 192.168.100.255
|
||||
iface eth1:0 inet static
|
||||
|
||||
iface eth1:ns inet static
|
||||
address 192.168.100.1
|
||||
network 192.168.100.1
|
||||
netmask 255.255.255.255
|
||||
@ -60,12 +61,12 @@ iface eth2 inet static
|
||||
network 172.16.100.0
|
||||
netmask 255.255.255.0
|
||||
broadcast 172.16.100.255
|
||||
post-up vconfig add eth2 7
|
||||
post-down vconfig rem eth2.7
|
||||
|
||||
auto dsl-ah
|
||||
iface dsl-ah inet ppp
|
||||
pre-up /sbin/ifconfig eth2 up # line maintained by pppoeconf
|
||||
pre-up /sbin/ifconfig eth2.7 up # line maintained by pppoeconf
|
||||
provider dsl-ah
|
||||
gateway 172.16.100.254
|
||||
#post-up vconfig add eth2 7
|
||||
#post-down vconfig rem eth2.7
|
||||
|
||||
#auto dsl-ah
|
||||
#iface dsl-ah inet ppp
|
||||
# pre-up /sbin/ifconfig eth2 up # line maintained by pppoeconf
|
||||
# pre-up /sbin/ifconfig eth2.7 up # line maintained by pppoeconf
|
||||
# provider dsl-ah
|
||||
|
||||
22
Kanzlei-Kiel/ipt-firewall/ban_ipv4.list
Normal file
22
Kanzlei-Kiel/ipt-firewall/ban_ipv4.list
Normal file
@ -0,0 +1,22 @@
|
||||
# - IPv4 addresses listet here will be completly banned by the firewall
|
||||
# -
|
||||
# - - Line beginning with '#' will be ignored.
|
||||
# - - Blank lines will be ignored
|
||||
# - - Only the first entry (until space sign or end of line) of each line will be considered.
|
||||
# -
|
||||
# - Valid values are:
|
||||
# - complete IPv4 adresses like 1.2.3.4 (will be converted to 1.2.3.0/32)
|
||||
# - partial IPv4 addresses like 1.2.3 (will be converted to 1.2.3.0/24)
|
||||
# - network/nn CIDR notation like 1.2.3.0/27
|
||||
# - network/netmask notaions like 1.2.3.0/255.255.255.0
|
||||
# - network/partial_netmask like 1.2.3.4/255
|
||||
# -
|
||||
# - Note:
|
||||
# - - wrong addresses like 1.2.3.256 or 1.2.3.4/33 will be ignored
|
||||
# -
|
||||
# - Example:
|
||||
# - 79.171.81.0/24
|
||||
# - 79.171.81.0/255.255.255.0
|
||||
# - 79.171.81.0/255.255.255
|
||||
# - 79.171.81
|
||||
|
||||
@ -6,7 +6,7 @@
|
||||
|
||||
# - Extern Interfaces DSL Lines
|
||||
# - (blank separated list)
|
||||
ext_if_dsl_1="ppp-ah"
|
||||
ext_if_dsl_1=""
|
||||
ext_if_dsl_2=""
|
||||
ext_if_dsl_3=""
|
||||
ext_if_dsl_4=""
|
||||
|
||||
@ -21,7 +21,7 @@ iptable_raw
|
||||
|
||||
# - Load base modules for tracking
|
||||
# -
|
||||
nf_conntrack
|
||||
nf_conntrack nf_conntrack_helper=0
|
||||
nf_nat
|
||||
|
||||
# - Load module for FTP Connection tracking and NAT
|
||||
|
||||
@ -252,6 +252,86 @@ allow_local_if_to_local_ip=""
|
||||
|
||||
|
||||
|
||||
# =============
|
||||
# - Allow local ip address from given local interface
|
||||
# =============
|
||||
|
||||
# - allow_local_if_to_local_ip
|
||||
# -
|
||||
# - All traffic from the given network interface to the given ip address is allowed
|
||||
# -
|
||||
# - Example:
|
||||
# - allow_local_if_to_local_ip="${local_if_1}:192.168.10.1
|
||||
# - ${local_if_2}:192.168.10.13"
|
||||
# -
|
||||
# - Blank separated list
|
||||
# -
|
||||
allow_local_if_to_local_ip=""
|
||||
|
||||
|
||||
|
||||
# =============
|
||||
# - Allow extern service from given local interface
|
||||
# =============
|
||||
|
||||
# - allow_local_if_to_ext_service
|
||||
# -
|
||||
# - allow_local_if_to_ext_service="<local-interface>:<extern-ip>:<ext-port>:<protocol> [.."
|
||||
# -
|
||||
# - All traffic from the given (local) network interface to the given (extern) service is allowed
|
||||
# -
|
||||
# - Example:
|
||||
# - allow_local_if_to_ext_service="${local_if_1}:83.223.86.98:3306:tcp
|
||||
# - ${local_if_2}:83.223.86.98:3306:tcp"
|
||||
# -
|
||||
# - Blank separated list
|
||||
# -
|
||||
allow_local_if_to_ext_service="
|
||||
${local_if_1}:172.16.100.254:80:tcp
|
||||
"
|
||||
|
||||
|
||||
|
||||
# =============
|
||||
# - Allow extern network from given local interface
|
||||
# =============
|
||||
|
||||
# - allow_local_if_to_ext_net
|
||||
# -
|
||||
# - allow_local_if_to_ext_net="<local-interface>:ext-network> [<local-interface>:ext-network> [.."
|
||||
# -
|
||||
# - All traffic from the given (local) network interface to the given (extern) network is allowed
|
||||
# -
|
||||
# - Example:
|
||||
# - allow_local_if_to_ext_net="${local_if_1}:83.223.86.98/32
|
||||
# - ${local_if_2}:83.223.86.98/32"
|
||||
# -
|
||||
# - Blank separated list
|
||||
# -
|
||||
allow_local_if_to_ext_net=""
|
||||
|
||||
|
||||
|
||||
# =============
|
||||
# - Allow extern service from given local network
|
||||
# =============
|
||||
|
||||
# - allow_local_net_to_ext_service
|
||||
# -
|
||||
# - allow_local_net_to_ext_service="<local-net:ext-ip:port:protocol> [<local-net:ext-ip:port:protocol> [.."
|
||||
# -
|
||||
# - All traffic from the given (local) network to the given (extern) service is allowed
|
||||
# -
|
||||
# - Example:
|
||||
# - allow_local_net_to_ext_service="192.168.63.0/24:83.223.86.98:3306:tcp
|
||||
# - 192.168.64.0/24:83.223.86.98:3306:tcp"
|
||||
# -
|
||||
# - Blank separated list
|
||||
# -
|
||||
allow_local_net_to_ext_service=""
|
||||
|
||||
|
||||
|
||||
# =============
|
||||
# --- Separate local Networks
|
||||
# =============
|
||||
@ -298,7 +378,7 @@ SIP_PORT_LOCAL=5067
|
||||
SIP_LOCAL_IP=192.168.63.240
|
||||
STUN_PORTS=3478
|
||||
|
||||
TC_DEV=$ext_if_dsl_1
|
||||
TC_DEV=$ext_if_static_1
|
||||
|
||||
|
||||
|
||||
@ -473,7 +553,7 @@ http_server_only_local_ips="192.168.100.100
|
||||
# - Multiple settins of this parameter is possible
|
||||
# -
|
||||
declare -A http_server_dmz_arr
|
||||
|
||||
#http_server_dmz_arr[192.168.100.10]=$ext_if_static_1
|
||||
|
||||
# - HTTPS Services DMZ only port 443 (reachable also from WAN)
|
||||
# -
|
||||
@ -573,7 +653,7 @@ ftp_server_only_local_ips=""
|
||||
# - ftp_passive_port_range=<first-port:last-port>
|
||||
# -
|
||||
declare -A ftp_server_dmz_arr
|
||||
#ftp_server_dmz_arr[192.168.63.20]=$ext_if_dsl_1
|
||||
#ftp_server_dmz_arr[192.168.63.20]=$ext_if_static_1
|
||||
ftp_passive_port_range="50000:50400"
|
||||
|
||||
# - FTP Ports
|
||||
@ -830,6 +910,7 @@ remote_console_port=5900
|
||||
# - same controller machine.
|
||||
# -
|
||||
# - unifi_stun_port=3478 # UDP port used for STUN
|
||||
# - # Open Port from controller to Unifi APs
|
||||
# -
|
||||
# -
|
||||
# - Ubiquity Networks uses port 10001/UDP for its AirControl
|
||||
@ -858,10 +939,20 @@ unify_broadcast_udp_ports="10001,5656:5699"
|
||||
# -
|
||||
local_unifi_controller_service=true
|
||||
|
||||
# - Unifi Accesspoints (AP's) controlled by UniFi controller at Gateway
|
||||
# -
|
||||
unifi_ap_local_ips="
|
||||
192.168.100.50
|
||||
192.168.100.51
|
||||
"
|
||||
|
||||
|
||||
# - UniFi Controllers on local network (other than this machine)
|
||||
# -
|
||||
unify_controller_local_net_ips=""
|
||||
|
||||
|
||||
|
||||
# ======
|
||||
# - IPMI Tools
|
||||
# ======
|
||||
@ -870,16 +961,26 @@ unify_controller_local_net_ips=""
|
||||
# -
|
||||
# - Blank seoarated list
|
||||
# -
|
||||
ipmi_server_ips="192.168.100.11 172.16.100.15"
|
||||
ipmi_server_ips="192.168.100.11 192.168.100.15 172.16.100.15"
|
||||
|
||||
# - IPMI Tools Port
|
||||
# -
|
||||
# - UDP 623: Access IPMI Programms (as IPMIView or FreeIPMI)
|
||||
# - TCP 623: Virtual Media for Remote Console
|
||||
# - TCP 3520: "This is TCP Port 3520 which is also needed in addition to TCP port 5900 to be able to use iKVM."
|
||||
# - UDP 161: SNMP
|
||||
# - UDP 623: Access IPMI Programms (as IPMIView or FreeIPMI)
|
||||
# -
|
||||
# - TCP 80: Webinterface.
|
||||
# - TCP 161: SNMP
|
||||
# - TCP 443: Webinterface (SSL)
|
||||
# - TCP 623: Virtual Media for Remote Console
|
||||
# - TCP 3520: "This is TCP Port 3520 which is also needed in addition to TCP port 5900 to be able to use iKVM."
|
||||
# - TCP 5120: CD/USB
|
||||
# - TCP 5123: Floppy
|
||||
# - TCP 5900: KVM over IP
|
||||
# - TCP 5901: Video for remote console
|
||||
# - TCP 5985: Wsman
|
||||
# -
|
||||
ipmi_udp_port=623
|
||||
ipmi_tcp_ports="623 3520"
|
||||
ipmi_udp_ports="161 623"
|
||||
ipmi_tcp_ports="80 161 443 623 3520 5120 5123 5900 5901 5985"
|
||||
|
||||
|
||||
# =============
|
||||
@ -968,6 +1069,28 @@ tv_extern_if="eth2.8"
|
||||
tv_local_if="$local_if_1"
|
||||
|
||||
|
||||
# =====
|
||||
# --- Allow special TCP Ports (OUT)
|
||||
# =====
|
||||
|
||||
# - TCP Ports
|
||||
# -
|
||||
# - Blank separated list of tcp ports
|
||||
# -
|
||||
tcp_out_ports=""
|
||||
|
||||
|
||||
# =====
|
||||
# --- Allow special UDP Ports (OUT)
|
||||
# =====
|
||||
|
||||
# - UDP Ports
|
||||
# -
|
||||
# - Blank separated list udp ports
|
||||
# -
|
||||
udp_out_ports=""
|
||||
|
||||
|
||||
|
||||
# ======
|
||||
# - Other local Services
|
||||
@ -1010,12 +1133,18 @@ nat_networks=""
|
||||
# - masquerade_tcp_con="192.168.63.0/24:192.168.62.244:80:${local_if_1}
|
||||
# - 10.0.0.0/8:192.168.62.244:443:${local_if_1}"
|
||||
# -
|
||||
# - 172.16.101.1: Accesspoint TP-Link TL-WA801ND (büro zebra)
|
||||
# - 172.16.100.254: FritzBOX! 7590
|
||||
# - 172.16.101.1: Accesspoint TP-Link TL-WA801ND (büro zebra)
|
||||
# -
|
||||
# - Blank separated list
|
||||
# -
|
||||
masquerade_tcp_cons="192.168.63.0/24:172.16.101.1:80:${local_if_1}
|
||||
10.0.100.0/24:172.16.101.1:80:${local_if_1}"
|
||||
masquerade_tcp_cons="
|
||||
192.168.100.0/24:172.16.100.254:80:${ext_if_static_1}
|
||||
10.0.100.0/24:172.16.100.254:80:${ext_if_static_1}
|
||||
192.168.63.0/24:172.16.100.254:80:${ext_if_static_1}
|
||||
192.168.63.0/24:172.16.101.1:80:${local_if_1}
|
||||
10.0.100.0/24:172.16.101.1:80:${local_if_1}
|
||||
"
|
||||
|
||||
|
||||
# =============
|
||||
@ -1049,7 +1178,10 @@ portforward_tcp=""
|
||||
# -
|
||||
# - Blank separated list
|
||||
# -
|
||||
portforward_udp="$vpn_ifs:49909:192.168.100.101:9"
|
||||
portforward_udp="
|
||||
$vpn_ifs:49909:192.168.100.101:9
|
||||
$ext_if_static_1:1198:172.16.102.194:1194
|
||||
"
|
||||
|
||||
|
||||
|
||||
|
||||
@ -149,6 +149,38 @@ for _val in $allow_local_if_to_local_ip ; do
|
||||
allow_local_if_to_local_ip_arr+=("$_val")
|
||||
done
|
||||
|
||||
# ---
|
||||
# - Allow extern service from given local interface
|
||||
# ---
|
||||
declare -a allow_local_if_to_ext_service_arr
|
||||
for _val in $allow_local_if_to_ext_service ; do
|
||||
allow_local_if_to_ext_service_arr+=("$_val")
|
||||
done
|
||||
|
||||
# ---
|
||||
# - Allow extern network from given local interface
|
||||
# ---
|
||||
declare -a allow_local_if_to_ext_net_arr
|
||||
for _val in $allow_local_if_to_ext_net ; do
|
||||
allow_local_if_to_ext_net_arr+=("$_val")
|
||||
done
|
||||
|
||||
# ---
|
||||
# - Allow extern service from given local network
|
||||
# ---
|
||||
declare -a allow_local_net_to_ext_service_arr
|
||||
for _val in $allow_local_net_to_ext_service ; do
|
||||
allow_local_net_to_ext_service_arr+=("$_val")
|
||||
done
|
||||
|
||||
# ---
|
||||
# - Allow extern network from given local network
|
||||
# ---
|
||||
declare -a allow_local_net_to_ext_net_arr
|
||||
for _val in $allow_local_net_to_ext_net ; do
|
||||
allow_local_net_to_ext_net_arr+=("$_val")
|
||||
done
|
||||
|
||||
# ---
|
||||
# - Separate local Networks
|
||||
# ---
|
||||
@ -378,6 +410,24 @@ for _ip in $rsync_out_ips ; do
|
||||
rsync_out_ip_arr+=("$_ip")
|
||||
done
|
||||
|
||||
# ---
|
||||
# - Special TCP Ports OUT
|
||||
# ---
|
||||
# local
|
||||
declare -a tcp_out_port_arr
|
||||
for _port in $tcp_out_ports ; do
|
||||
tcp_out_port_arr+=("$_port")
|
||||
done
|
||||
|
||||
# ---
|
||||
# - Special UDP Ports OUT
|
||||
# ---
|
||||
# local
|
||||
declare -a udp_out_port_arr
|
||||
for _port in $udp_out_ports ; do
|
||||
udp_out_port_arr+=("$_port")
|
||||
done
|
||||
|
||||
# ---
|
||||
# - Other local Services
|
||||
# ---
|
||||
|
||||
116
Kanzlei-Kiel/isc-dhcp6-server.Kanzlei-Kiel
Executable file
116
Kanzlei-Kiel/isc-dhcp6-server.Kanzlei-Kiel
Executable file
@ -0,0 +1,116 @@
|
||||
#!/bin/sh
|
||||
#
|
||||
#
|
||||
|
||||
### BEGIN INIT INFO
|
||||
# Provides: isc-dhcp6-server
|
||||
# Required-Start: $remote_fs $network $syslog
|
||||
# Required-Stop: $remote_fs $network $syslog
|
||||
# Should-Start: $local_fs slapd $named
|
||||
# Should-Stop: $local_fs slapd
|
||||
# Default-Start: 2 3 4 5
|
||||
# Default-Stop: 0 1 6
|
||||
# Short-Description: DHCPv6 server
|
||||
# Description: Dynamic Host Configuration Protocol Server
|
||||
### END INIT INFO
|
||||
|
||||
PATH=/sbin:/bin:/usr/sbin:/usr/bin
|
||||
OPTIONS="-6"
|
||||
|
||||
test -f /usr/sbin/dhcpd || exit 0
|
||||
|
||||
DHCPD_DEFAULT="${DHCPD_DEFAULT:-/etc/default/isc-dhcp6-server}"
|
||||
|
||||
# It is not safe to start if we don't have a default configuration...
|
||||
if [ ! -f "$DHCPD_DEFAULT" ]; then
|
||||
echo "$DHCPD_DEFAULT does not exist! - Aborting..."
|
||||
if [ "$DHCPD_DEFAULT" = "/etc/default/isc-dhcp-server" ]; then
|
||||
echo "Run 'dpkg-reconfigure isc-dhcp-server' to fix the problem."
|
||||
fi
|
||||
exit 0
|
||||
fi
|
||||
|
||||
. /lib/lsb/init-functions
|
||||
|
||||
# Read init script configuration
|
||||
[ -f "$DHCPD_DEFAULT" ] && . "$DHCPD_DEFAULT"
|
||||
|
||||
NAME=dhcpd6
|
||||
DESC="ISC DHCPv6 server"
|
||||
# fallback to default config file
|
||||
DHCPD_CONF=${DHCPD_CONF:-/etc/dhcp/dhcpd6.conf}
|
||||
# try to read pid file name from config file, with fallback to /var/run/dhcpd.pid
|
||||
if [ -z "$DHCPD_PID" ]; then
|
||||
DHCPD_PID=$(sed -n -e 's/^[ \t]*pid-file-name[ \t]*"(.*)"[ \t]*;.*$/\1/p' < "$DHCPD_CONF" 2>/dev/null | head -n 1)
|
||||
fi
|
||||
DHCPD_PID="${DHCPD_PID:-/var/run/dhcpd6.pid}"
|
||||
|
||||
test_config()
|
||||
{
|
||||
if ! /usr/sbin/dhcpd -t $OPTIONS -q -cf "$DHCPD_CONF" > /dev/null 2>&1; then
|
||||
echo "dhcpd self-test failed. Please fix $DHCPD_CONF."
|
||||
echo "The error was: "
|
||||
/usr/sbin/dhcpd -t $OPTIONS -cf "$DHCPD_CONF"
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
# single arg is -v for messages, -q for none
|
||||
check_status()
|
||||
{
|
||||
if [ ! -r "$DHCPD_PID" ]; then
|
||||
test "$1" != -v || echo "$NAME is not running."
|
||||
return 3
|
||||
fi
|
||||
if read pid < "$DHCPD_PID" && ps -p "$pid" > /dev/null 2>&1; then
|
||||
test "$1" != -v || echo "$NAME is running."
|
||||
return 0
|
||||
else
|
||||
test "$1" != -v || echo "$NAME is not running but $DHCPD_PID exists."
|
||||
return 1
|
||||
fi
|
||||
}
|
||||
|
||||
case "$1" in
|
||||
start)
|
||||
test_config
|
||||
log_daemon_msg "Starting $DESC" "$NAME"
|
||||
start-stop-daemon --start --quiet --pidfile "$DHCPD_PID" \
|
||||
--exec /usr/sbin/dhcpd -- \
|
||||
-q $OPTIONS -cf "$DHCPD_CONF" -pf "$DHCPD_PID" $INTERFACES
|
||||
sleep 2
|
||||
|
||||
if check_status -q; then
|
||||
log_end_msg 0
|
||||
else
|
||||
log_failure_msg "check syslog for diagnostics."
|
||||
log_end_msg 1
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
stop)
|
||||
log_daemon_msg "Stopping $DESC" "$NAME"
|
||||
start-stop-daemon --stop --quiet --pidfile "$DHCPD_PID"
|
||||
log_end_msg $?
|
||||
rm -f "$DHCPD_PID"
|
||||
;;
|
||||
restart | force-reload)
|
||||
test_config
|
||||
$0 stop
|
||||
sleep 2
|
||||
$0 start
|
||||
if [ "$?" != "0" ]; then
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
status)
|
||||
echo -n "Status of $DESC: "
|
||||
check_status -v
|
||||
exit "$?"
|
||||
;;
|
||||
*)
|
||||
echo "Usage: $0 {start|stop|restart|force-reload|status}"
|
||||
exit 1
|
||||
esac
|
||||
|
||||
exit 0
|
||||
@ -2,6 +2,6 @@ ifconfig-push 10.1.100.2 255.255.255.0
|
||||
push "route 192.168.100.0 255.255.255.0 10.1.100.1"
|
||||
push "route 192.168.101.0 255.255.255.0 10.1.100.1"
|
||||
push "route 172.16.101.0 255.255.255.0 10.1.100.1"
|
||||
push "route 172.16.102.0 255.255.255.0 10.1.100.1"
|
||||
push "route 172.16.100.0 255.255.255.0 10.1.100.1"
|
||||
iroute 192.168.63.0 255.255.255.0
|
||||
iroute 192.168.64.0 255.255.255.0
|
||||
|
||||
227
Kanzlei-Kiel/openvpn/client-configs/bjoern.conf
Normal file
227
Kanzlei-Kiel/openvpn/client-configs/bjoern.conf
Normal file
@ -0,0 +1,227 @@
|
||||
##############################################
|
||||
# Sample client-side OpenVPN 2.0 config file #
|
||||
# for connecting to multi-client server. #
|
||||
# #
|
||||
# This configuration can be used by multiple #
|
||||
# clients, however each client should have #
|
||||
# its own cert and key files. #
|
||||
# #
|
||||
# On Windows, you might want to rename this #
|
||||
# file so it has a .ovpn extension #
|
||||
##############################################
|
||||
|
||||
# Specify that we are a client and that we
|
||||
# will be pulling certain config file directives
|
||||
# from the server.
|
||||
client
|
||||
|
||||
# Use the same setting as you are using on
|
||||
# the server.
|
||||
# On most systems, the VPN will not function
|
||||
# unless you partially or fully disable
|
||||
# the firewall for the TUN/TAP interface.
|
||||
;dev tap
|
||||
dev tun
|
||||
|
||||
# Are we connecting to a TCP or
|
||||
# UDP server? Use the same setting as
|
||||
# on the server
|
||||
proto udp
|
||||
|
||||
# The hostname/IP and port of the server.
|
||||
# You can have multiple remote entries
|
||||
# to load balance between the servers.
|
||||
remote gw-ah.oopen.de 1194
|
||||
|
||||
topology subnet
|
||||
|
||||
# Keep trying indefinitely to resolve the
|
||||
# host name of the OpenVPN server. Very useful
|
||||
# on machines which are not permanently connected
|
||||
# to the internet such as laptops.
|
||||
resolv-retry infinite
|
||||
|
||||
# Most clients don't need to bind to
|
||||
# a specific local port number.
|
||||
nobind
|
||||
|
||||
# Try to preserve some state across restarts.
|
||||
persist-key
|
||||
persist-tun
|
||||
|
||||
# Server CA
|
||||
<ca>
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIFDDCCA/SgAwIBAgIJAP5ZrV6+kAU+MA0GCSqGSIb3DQEBCwUAMIG0MQswCQYD
|
||||
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
|
||||
BAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEZMBcGA1UEAxMQ
|
||||
VlBOLUthbnpsZWktS2llbDEZMBcGA1UEKRMQVlBOIEthbnpsZWkgS2llbDEhMB8G
|
||||
CSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlMB4XDTE3MDYyNzIzMDc1NloX
|
||||
DTQ5MDYyNzIzMDc1NlowgbQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4x
|
||||
DzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3
|
||||
b3JrIFNlcnZpY2VzMRkwFwYDVQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQp
|
||||
ExBWUE4gS2FuemxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29w
|
||||
ZW4uZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFxAf/gwUw+PD7
|
||||
xYRGHHmYzbjP/hl+cx60qwGZYbyitlIGIZ/0EjzSxyvL47EAB0gBHWuSofYD2L1d
|
||||
k9mYKLbBCAk+VdV+O1rPuE3DSc/T01vEEhlqYGfm6iTgKTLeIWFaPE4k5rNgGM+F
|
||||
A0LZXdWnH6/xj7Vp55UWl/G7/rzptKY9XTdBuV8pqFl1Cvs0dLlFG8JMyrl0ozEf
|
||||
w8cI8dyLsTSZWBEOEAaQQmwOE8WEPXwAhgXDzsQfXdMsKJlfMgM1nOlflux0AftE
|
||||
0Hi+jgTV9uvcjssOetpyf7fmsjvLwsoEIrgZcYK9cUtpO/sAuvDIo/cgbV3SBNIP
|
||||
68jXrrmvAgMBAAGjggEdMIIBGTAdBgNVHQ4EFgQUToIeFIHrm8hxLLEiaJC/7tnU
|
||||
/9QwgekGA1UdIwSB4TCB3oAUToIeFIHrm8hxLLEiaJC/7tnU/9ShgbqkgbcwgbQx
|
||||
CzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEP
|
||||
MA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRkwFwYD
|
||||
VQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQpExBWUE4gS2FuemxlaSBLaWVs
|
||||
MSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGWCCQD+Wa1evpAFPjAM
|
||||
BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCxLfN8SL5ANfwfU0OKi0MH
|
||||
cXlk2czIC9pcfrMaVp6gWgUKEqmNAC7NOqv8rN+fHXmfQhQ58s7SDqEJgYlfpwyW
|
||||
mAIT6D72NN2z8t4iYhu48R1fV+Ml7g9LfCtSOpJXezpzylKvNKAQL7QYOYsfZN1N
|
||||
SCIDyf9Ub65GLDiWmi3nrOUBlYO0yFddJ3c1MtU3aUAucMZGGGwORtEswqVzMcw1
|
||||
ZbQppHcWiwJ4nFNmTC6d2nct1ELrv2ckaaPT+HazFHVtiqkQ2yoYQwoZhjZqOAPp
|
||||
uxIR5f7mS9PtugPSuvf4aftN+7DZq6otfTEmOoIoN0dznV60Jc8xTQkzHuNRjwVi
|
||||
-----END CERTIFICATE-----
|
||||
</ca>
|
||||
|
||||
# Client Certificate
|
||||
<cert>
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIFbDCCBFSgAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
|
||||
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
|
||||
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
|
||||
bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
|
||||
CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xODA2MTkyMTM2MTZaFw0zODA2MTky
|
||||
MTM2MTZaMIG7MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
|
||||
EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
|
||||
aWNlczEgMB4GA1UEAxMXVlBOLUthbnpsZWktS2llbC1iam9lcm4xGTAXBgNVBCkT
|
||||
EFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Bl
|
||||
bi5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKwgvWjgVuT6zux9
|
||||
E5BRLsxUzscf/wMrUiiH0Jd7w9xlLJKt+zsdQstjVo8aONjZ8BJGmhwhKxEm9gKJ
|
||||
9LkIweMsgebzOC/Zrenu0GcShQUUNqehVGCfAi5FQrcAv2/swQIEyfLhMuLg/TvY
|
||||
h5p5/KO4oEAvEE96OTROvO74oTvsZbeAYJwid6nLkNiyJpa2mrjGNUSMab9HVtX0
|
||||
5u8oaQ7m4oGdvY07iyRrjGHHyR9PBIR3TlttDYLiCeVRR6KPECoTqY9dzZcdQp1q
|
||||
wyisRfSyc02PipjtR8t+oIte9ZMkmfTHtGyKp9K5BrPHIVuWJ2y8ECXGmiwiGXgR
|
||||
HRUBuHMCAwEAAaOCAX4wggF6MAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVh
|
||||
c3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUWLKQJXcG6kkB
|
||||
Wxo98rmvbcPZRLYwgekGA1UdIwSB4TCB3oAUToIeFIHrm8hxLLEiaJC/7tnU/9Sh
|
||||
gbqkgbcwgbQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcT
|
||||
BkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZp
|
||||
Y2VzMRkwFwYDVQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQpExBWUE4gS2Fu
|
||||
emxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGWCCQD+
|
||||
Wa1evpAFPjATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEQYDVR0R
|
||||
BAowCIIGYmpvZXJuMA0GCSqGSIb3DQEBCwUAA4IBAQB0KmURa9QjazV/Kf1VJnGQ
|
||||
vfzSKYFHYVtmW4Rh/MTHSnqfxgTjgolAyA0t05IEU+Kks9PXoh8D0IYTeri/cICs
|
||||
P1nyrvUse9rqlOHil1gC2J6ysiYGFPKKzbRhc2lh0WGYT30pfjvQ32UChHu/kxI+
|
||||
ny4HktXLalYK58rI+o6gTEHMl2/BSHgzxPpObxhONNVCXiS8iJLpw6nwUl2rrB9n
|
||||
wHXMMIpA96Q3Hk056sNhEWG01MN5GbjTAZXl435XKTQvYSvh30WahXoXY4/F2bA7
|
||||
OlVGpTeu3H2gid3fEajF+n3U25VFGsQRb/RDBNMsP9eDfYF9N5g2tswl24CFu1qr
|
||||
-----END CERTIFICATE-----
|
||||
</cert>
|
||||
|
||||
# Client Key
|
||||
<key>
|
||||
-----BEGIN ENCRYPTED PRIVATE KEY-----
|
||||
MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI6SE0PsXGw/wCAggA
|
||||
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECG7zORi+kUIQBIIEyOyz5+JUC/+K
|
||||
Uew57hlL3eIq4Lf1NKQvckgJ6LPkmfEZGPRkPlwpiFqy3KgOv/npjir7zq6nLRff
|
||||
KJf5FTLBie69FqreaY7dbO6KFfn81PHMvO7zitnT3Iohv0pLAXt35XxbM0ggUnul
|
||||
Y6aQArJoPRhyhyD/SorGHYDHQ5mSL8fjymzzy2faEq8i7PtbZvlRIvjTCIYHlTta
|
||||
mQFHfp0w+S2FLdbmodZRsXDZoN2mc6Rbu2PQ2DykDrezurseiKsjgilhvShph25H
|
||||
Q2kit081C9ldLjbVvbYUM7Rpwx624AqifMSncMq/i2CDa+x5mX8MP0O1ObBEZH9G
|
||||
yFX7hzS83smJiG3jdwG4IJwar6W2433fSDsQBrRUYonaUT8kebdyxTeUiVqxw6AH
|
||||
Bl/ru56WQ37w53JYadwWUr4Q1o8ud9XER2PpxkMVtyXMPxTDepX+kU/6W19vo6+I
|
||||
yC0E4DbWhx2uCgTNS8hxIvHOWWq3d7Gcxpof/NWPMVbLosuosX/3SA2Bu1x+/2cY
|
||||
IpwA61PAC08GKvkfBRV3wK74mlAJ1jZyrbY5FgmFNEH+aYUXQrRlpNt+H7N5dKlT
|
||||
Sa8gXtNGLHOoKbFQvjKakKdH72scJ1Gfu+WgojYAb1hLurkUyoAm6Du+AwRt1wK2
|
||||
Jilq6sbrH9R3Vdo+xRhjAvn8I43awtYqPRYUbCv9sGzVWhYFHU86pzyYJcyWAJTU
|
||||
0WWcZiOSy/zBOlVtaHidWuE4vtixIOxabvXvtfkG40VWOrX67CePrnCFnQQ5kfyT
|
||||
LJPMwL6u18037qsSFFi7jvBE4jYbfcpgsFHhK2sq6/oYGnFAUQxZ6W9BzLsdrGlA
|
||||
9BjQZrG/Dknnqo6+7NaHbaqe2dclSCoKDWr2tGN+hbFWTx71X5+bFMWJ0LinhUM0
|
||||
m5FjlI8NhA9PmCwBPZhUxHQVwLz6YYlqtAXgOXBKdJfAD/3MFXGWVQgUrPK+3wXS
|
||||
blAAwc+Gk5Aage0hO9TN++8fIyZRcOuYRjoXuK3Jf73tKZbzYw7kSt8QN4eFtaCO
|
||||
ExxRmisMJXK3a48ZSPaYb04WHxqP+ZEOaSvFLCgmQy+iw9nmWhn/6yTcPqCMyCkC
|
||||
PG7RBAiOrOsaDrKdaVYNecNgWKtfmKGx729t7H5NB419wOCbfyBvr5ROfYL3a6Ez
|
||||
RV/ljTkryXXf9wCBoGGK+2Xp9fmBf0f5MKG+u+QEIjPcCNcMjDMpgq/+7/GvBipi
|
||||
PYuzkky/CIb1atccWKxa0J+FzqPFhAKXRjHQ/P8VLrDBZFLS9fqOBVwA/FO2zdsa
|
||||
Wi+KQUF5tTMnNxqNd2QkM0aa7WZEjBtpbRZNvOwBUYuAjcAJ0nwn8X6OgZC3XH7e
|
||||
W8Te0S/miSsI/oJupN6LW8n8IkAcBm2RCnTOaOi064JSlo8FcDpDtuNg3N7ywMf1
|
||||
fB8JcgmWnRrH1WG3qscTh4UZyGs5iC5ELNghx5de2hNXTC8RW50EUGxl6Go7d8xf
|
||||
v/YRcASoi8jURtn9mDDSKOM7BwILC8FDE4w9cg80FkHKNJBPJVRceMPS2sVCe7Bp
|
||||
eENJA6sw10FC43d8bZc8qahi72fPxmCZNRm+xtJ1K4hSHiRNmluIC+hc22jKzbb1
|
||||
R14ylejrOfjDD+QqYhR1Zw==
|
||||
-----END ENCRYPTED PRIVATE KEY-----
|
||||
</key>
|
||||
|
||||
# Verify server certificate by checking
|
||||
# that the certicate has the nsCertType
|
||||
# field set to "server". This is an
|
||||
# important precaution to protect against
|
||||
# a potential attack discussed here:
|
||||
# http://openvpn.net/howto.html#mitm
|
||||
#
|
||||
# To use this feature, you will need to generate
|
||||
# your server certificates with the nsCertType
|
||||
# field set to "server". The build-key-server
|
||||
# script in the easy-rsa folder will do this.
|
||||
#
|
||||
# Note!
|
||||
# The option "ns-cert-type" has been deprecated since
|
||||
# version 2.4 and will be removed from later distributions.
|
||||
#
|
||||
# Use the modern equivalent "remote-cert-tls"
|
||||
#
|
||||
;ns-cert-type server
|
||||
remote-cert-tls server
|
||||
|
||||
# If a tls-auth key is used on the server
|
||||
# then every client must also have the key.
|
||||
#
|
||||
# Don't forget to set the 'key-direction' Parameter if using
|
||||
# Inline Key. Usualy , sever has key direction '0', while client
|
||||
# has ke direction '1'.
|
||||
#
|
||||
key-direction 1
|
||||
<tls-auth>
|
||||
-----BEGIN OpenVPN Static key V1-----
|
||||
36188fa3977457d267ecae99373870f5
|
||||
ef6e44a8899d4f5ccc831e9d2dbc31ac
|
||||
e171c7e8e49e0d2edd43c3834a2d0099
|
||||
236aa4924c80971b0a34310eb69b70e2
|
||||
fbe85a7395cc10bea13ad09efa46d738
|
||||
f594c332d26c068b289ba96bbb1f661d
|
||||
efb873b76137057a62b4e27b522cfce6
|
||||
aef7ea67ec2540b00b4782780352addf
|
||||
2f7722d1edd40a8f3de3b0295e2da07e
|
||||
b46d196a4cbfd85e47739dc320af6584
|
||||
eb960e2c5ba27bf2f56381f8eb3ceaf7
|
||||
cc72d829ab05aaca6fbb205b78606ff8
|
||||
cc58bc336adb644adfb0034f9974b7d9
|
||||
f2b1308249cd74ecb555a550af6af1ad
|
||||
b15a3f03ecef5f89fa70d2fada97a1b8
|
||||
6179b0d487a6e3196209d053597a7416
|
||||
-----END OpenVPN Static key V1-----
|
||||
</tls-auth>
|
||||
|
||||
# Select a cryptographic cipher.
|
||||
# If the cipher option is used on the server
|
||||
# then you must also specify it here.
|
||||
;cipher BF-CBC # Blowfish (default)
|
||||
;cipher AES-128-CBC # AES
|
||||
;cipher DES-EDE3-CBC # Triple-DES
|
||||
cipher AES-256-CBC
|
||||
|
||||
# Enable compression on the VPN link.
|
||||
# Don't enable this unless it is also
|
||||
# enabled in the server config file.
|
||||
;comp-lzo
|
||||
comp-lzo
|
||||
|
||||
# Verbosity level.
|
||||
# 0 -- quiet except for fatal errors.
|
||||
# 1 -- mostly quiet, but display non-fatal network errors.
|
||||
# 3 -- medium output, good for normal operation.
|
||||
# 9 -- verbose, good for troubleshooting
|
||||
verb 1
|
||||
|
||||
# Setting 'pull' on the client takes care to get the 'push' durectives
|
||||
# from the server
|
||||
pull
|
||||
227
Kanzlei-Kiel/openvpn/client-configs/gubitz.conf
Normal file
227
Kanzlei-Kiel/openvpn/client-configs/gubitz.conf
Normal file
@ -0,0 +1,227 @@
|
||||
##############################################
|
||||
# Sample client-side OpenVPN 2.0 config file #
|
||||
# for connecting to multi-client server. #
|
||||
# #
|
||||
# This configuration can be used by multiple #
|
||||
# clients, however each client should have #
|
||||
# its own cert and key files. #
|
||||
# #
|
||||
# On Windows, you might want to rename this #
|
||||
# file so it has a .ovpn extension #
|
||||
##############################################
|
||||
|
||||
# Specify that we are a client and that we
|
||||
# will be pulling certain config file directives
|
||||
# from the server.
|
||||
client
|
||||
|
||||
# Use the same setting as you are using on
|
||||
# the server.
|
||||
# On most systems, the VPN will not function
|
||||
# unless you partially or fully disable
|
||||
# the firewall for the TUN/TAP interface.
|
||||
;dev tap
|
||||
dev tun
|
||||
|
||||
# Are we connecting to a TCP or
|
||||
# UDP server? Use the same setting as
|
||||
# on the server
|
||||
proto udp
|
||||
|
||||
# The hostname/IP and port of the server.
|
||||
# You can have multiple remote entries
|
||||
# to load balance between the servers.
|
||||
remote gw-ah.oopen.de 1194
|
||||
|
||||
topology subnet
|
||||
|
||||
# Keep trying indefinitely to resolve the
|
||||
# host name of the OpenVPN server. Very useful
|
||||
# on machines which are not permanently connected
|
||||
# to the internet such as laptops.
|
||||
resolv-retry infinite
|
||||
|
||||
# Most clients don't need to bind to
|
||||
# a specific local port number.
|
||||
nobind
|
||||
|
||||
# Try to preserve some state across restarts.
|
||||
persist-key
|
||||
persist-tun
|
||||
|
||||
# Server CA
|
||||
<ca>
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIFDDCCA/SgAwIBAgIJAP5ZrV6+kAU+MA0GCSqGSIb3DQEBCwUAMIG0MQswCQYD
|
||||
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
|
||||
BAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEZMBcGA1UEAxMQ
|
||||
VlBOLUthbnpsZWktS2llbDEZMBcGA1UEKRMQVlBOIEthbnpsZWkgS2llbDEhMB8G
|
||||
CSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlMB4XDTE3MDYyNzIzMDc1NloX
|
||||
DTQ5MDYyNzIzMDc1NlowgbQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4x
|
||||
DzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3
|
||||
b3JrIFNlcnZpY2VzMRkwFwYDVQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQp
|
||||
ExBWUE4gS2FuemxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29w
|
||||
ZW4uZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFxAf/gwUw+PD7
|
||||
xYRGHHmYzbjP/hl+cx60qwGZYbyitlIGIZ/0EjzSxyvL47EAB0gBHWuSofYD2L1d
|
||||
k9mYKLbBCAk+VdV+O1rPuE3DSc/T01vEEhlqYGfm6iTgKTLeIWFaPE4k5rNgGM+F
|
||||
A0LZXdWnH6/xj7Vp55UWl/G7/rzptKY9XTdBuV8pqFl1Cvs0dLlFG8JMyrl0ozEf
|
||||
w8cI8dyLsTSZWBEOEAaQQmwOE8WEPXwAhgXDzsQfXdMsKJlfMgM1nOlflux0AftE
|
||||
0Hi+jgTV9uvcjssOetpyf7fmsjvLwsoEIrgZcYK9cUtpO/sAuvDIo/cgbV3SBNIP
|
||||
68jXrrmvAgMBAAGjggEdMIIBGTAdBgNVHQ4EFgQUToIeFIHrm8hxLLEiaJC/7tnU
|
||||
/9QwgekGA1UdIwSB4TCB3oAUToIeFIHrm8hxLLEiaJC/7tnU/9ShgbqkgbcwgbQx
|
||||
CzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEP
|
||||
MA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRkwFwYD
|
||||
VQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQpExBWUE4gS2FuemxlaSBLaWVs
|
||||
MSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGWCCQD+Wa1evpAFPjAM
|
||||
BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCxLfN8SL5ANfwfU0OKi0MH
|
||||
cXlk2czIC9pcfrMaVp6gWgUKEqmNAC7NOqv8rN+fHXmfQhQ58s7SDqEJgYlfpwyW
|
||||
mAIT6D72NN2z8t4iYhu48R1fV+Ml7g9LfCtSOpJXezpzylKvNKAQL7QYOYsfZN1N
|
||||
SCIDyf9Ub65GLDiWmi3nrOUBlYO0yFddJ3c1MtU3aUAucMZGGGwORtEswqVzMcw1
|
||||
ZbQppHcWiwJ4nFNmTC6d2nct1ELrv2ckaaPT+HazFHVtiqkQ2yoYQwoZhjZqOAPp
|
||||
uxIR5f7mS9PtugPSuvf4aftN+7DZq6otfTEmOoIoN0dznV60Jc8xTQkzHuNRjwVi
|
||||
-----END CERTIFICATE-----
|
||||
</ca>
|
||||
|
||||
# Client Certificate
|
||||
<cert>
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIFbDCCBFSgAwIBAgIBCDANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
|
||||
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
|
||||
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
|
||||
bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
|
||||
CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xODA2MTkyMTM3NTdaFw0zODA2MTky
|
||||
MTM3NTdaMIG7MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
|
||||
EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
|
||||
aWNlczEgMB4GA1UEAxMXVlBOLUthbnpsZWktS2llbC1ndWJpdHoxGTAXBgNVBCkT
|
||||
EFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Bl
|
||||
bi5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMd4TDT1U13n3yZC
|
||||
HRJE47qjlN/klXgNz27kEPrn24yKOCFEHjt1RfKTLtVUFvRJfQgWG+egDsMwdsV8
|
||||
d0AQ5+kmZvS8vSoTHrwmPExxEAKw8+5KIUdJIUhArE25t2gfijOmtkXItzuvJRS5
|
||||
IP+Kk7RrXz8m7/aSLSYq5SAGxiPhnNUMlH6x5xhx9Io7hDSF8K3TclLvmJIzPzx3
|
||||
tdFMECsa9fYbccHfW1GCn0LEKJVx0EGmAXvoX9E15PG4otXpj0ew6EjJGPGXZMYN
|
||||
oHqw+9Ry+6+hHbQjOt3IxuYGK5v6vi/a80djuhFyVauB46pJmXOy5FHeiDEc85F1
|
||||
U+bT6U8CAwEAAaOCAX4wggF6MAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVh
|
||||
c3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUsbgkl4EafINK
|
||||
kee8wrGPCfGV/XkwgekGA1UdIwSB4TCB3oAUToIeFIHrm8hxLLEiaJC/7tnU/9Sh
|
||||
gbqkgbcwgbQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcT
|
||||
BkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZp
|
||||
Y2VzMRkwFwYDVQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQpExBWUE4gS2Fu
|
||||
emxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGWCCQD+
|
||||
Wa1evpAFPjATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEQYDVR0R
|
||||
BAowCIIGZ3ViaXR6MA0GCSqGSIb3DQEBCwUAA4IBAQChppu8Flq0u72lwZE/Ao8G
|
||||
LUu+dvUJP1RZq7DSk+xj+SJir13riqMHjBCS5OqjKHs7nV5TWgnyMckfsMrQA/Lj
|
||||
SgMz90puQ1c3Ss7KWPnVIsIKGn3GaB5akElmq8iDYMdMUjJbw2Bo4EgoVSkbjE0m
|
||||
KdKrKm6CrfvW78kCn7icq+4ODbxbUxnHniGFVrHct3C0tC7gWNia00mC9ahGYMhu
|
||||
VIRyrn4VWYfKIGYul9MD++1cbFTEZ+HtAu/Ss/GLJMOQMlHXquEV6l7KE0jyzmsn
|
||||
ZPzmGD1/n9sjaSW6hhDvhdpDeHWhlk8/ds0fzVsqa747HbgixY48rF+m1l85dt/P
|
||||
-----END CERTIFICATE-----
|
||||
</cert>
|
||||
|
||||
# Client Key
|
||||
<key>
|
||||
-----BEGIN ENCRYPTED PRIVATE KEY-----
|
||||
MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIhxkoBFagQMYCAggA
|
||||
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECD6h10URNh7VBIIEyNSkokvr0z/k
|
||||
lwrSlr8SOK2chlZzjbz5j4dM8ChdHJib+eV084/XQDi0AMvz8G7ToKe5z/CT7HBb
|
||||
TtZu108SB7YeiC6aQUK8bKJcJVgcXi8PvOdy1PgGbSxaVKqyWmFuQofyi1y2CH6e
|
||||
2x7ct5cXwUh6tUUtFDVMW6r0uBNaIeRzodGY2kyV/dVBKC1fxqko6dgkOpQFgg7C
|
||||
wANDG6cnXg+acybl4YmqKowsYdnk16KpozV7DeVK85BQaiNJrZeOwehB8gM0zRtB
|
||||
ZPRr8BgXJCcZMsxOnSTy3rp7/vbu1lrTO1QIlfHZHb8xPifvaxtl3HwYTWl+hjup
|
||||
iFUqSalbC7tt924KTy7Z9ov90+f9czcKuVkKkVtxQ/Kq1B9EOkpNytKYfLqTw6dE
|
||||
y3c26lPmO3+eD8qJ/J4+bVfNBgOLZGwHekoZ6JaQtnHNPL7QC9EPDocyjqmmP9Cc
|
||||
UsbQBczCy3S8L/lm7oo068cADbbnAW+RX+18uheASvk1SO3srraEwpvwtbf5VFBE
|
||||
tR+o65zBYaxiIESEeNAlxNWC7YwD/fil0Rqwv8N9MwbZAIyfH4y/yDmHs6Qi8DjB
|
||||
ELeD6JQJfWI/gEIB22VFz6+bNIBqJ3yeJZczG8YQpl9cu0LAh8q68bZ0KD/4SyzW
|
||||
MeVBFAcBHR0zwXXaIdpD2RUYgkVDPqBecJUxdsIzc4BfrfNafztfHy+RV1/ZnK6g
|
||||
RkvUB4VRrmlAgMyX6AvAjYjVWrxIC1mJLstkPtwAeecdDNoH7mHQruh+rs/Xc0VU
|
||||
0dqKorWaEjA84nln+lE/5GIegDgxlmxOxBfIkdUa7IGGXKz1LLc0H6Y77bmRXxi0
|
||||
BKqyuzrReDBShZr3FccKtwhRHYdeq5qNdyou1N5AJwHpBgIoJb4GOjCShekvxgB1
|
||||
dFfW2IEdqwnQmYDoK+2bdz0lybr57IA1CdH2cnDpbFWlhGglBf2aEEZEGX1wRpEh
|
||||
GFH5Qw50LCOycqhcCVK7lrpEUH9DHRGjoyLadNo9yRfq0pdJIhYSZ3lLPzq2Dtpe
|
||||
Dvl1Py/0/YZyCAEr2zda3xn415ZzaSlPmzl9Ld245G7PveuL84DOqsgKuJs0rBmE
|
||||
QVbC7/cBZS+y4xEvEn9cKHsq55nIawmI9TpLMfgK1S8I+vHTiSaUdNO1l35XIZDE
|
||||
NNTfS7ChnhHK9chyBkxsy/dmG2lNKcTXn2HIa1IkRpESduV5CblFn4/T1Lpz3R/Z
|
||||
EQKR4QIgN0uY+nKRNvnh7agfMnKydjTALGp38v9blgOiJdODhL2j4H0dcxbtrCWb
|
||||
7TrXGm3ZtwN+7fkVFVkhXTLdteGDnxBjt0kPECkGtQ4kDmOyyROKgiFPpZlSDVic
|
||||
UqsRnbd7g1eLszuOqCLKEOb1pcJVTFtve24EN1Ezofhg7LMEa+yWkm83LyEVVEKX
|
||||
dhx1RYKc4Wk/SrZN5jtXLp8ilUu+HqSbN81jX7NGGbSRox9SxKJoIHkbtx4TJlBH
|
||||
4bnLP302n9GJmDiPG9Vd0+osYLAkEIspOMrbkBZa5bM3YDQUeAxrkRuAwJLQ9kyx
|
||||
fmZS832L/mKBHe8fjEr3UynKODeRh2ReGxSc0a0xnMFb5wagB4MbYKvAgnsMscyu
|
||||
lDA5vjV7W9f6bptn8b82zg==
|
||||
-----END ENCRYPTED PRIVATE KEY-----
|
||||
</key>
|
||||
|
||||
# Verify server certificate by checking
|
||||
# that the certicate has the nsCertType
|
||||
# field set to "server". This is an
|
||||
# important precaution to protect against
|
||||
# a potential attack discussed here:
|
||||
# http://openvpn.net/howto.html#mitm
|
||||
#
|
||||
# To use this feature, you will need to generate
|
||||
# your server certificates with the nsCertType
|
||||
# field set to "server". The build-key-server
|
||||
# script in the easy-rsa folder will do this.
|
||||
#
|
||||
# Note!
|
||||
# The option "ns-cert-type" has been deprecated since
|
||||
# version 2.4 and will be removed from later distributions.
|
||||
#
|
||||
# Use the modern equivalent "remote-cert-tls"
|
||||
#
|
||||
;ns-cert-type server
|
||||
remote-cert-tls server
|
||||
|
||||
# If a tls-auth key is used on the server
|
||||
# then every client must also have the key.
|
||||
#
|
||||
# Don't forget to set the 'key-direction' Parameter if using
|
||||
# Inline Key. Usualy , sever has key direction '0', while client
|
||||
# has ke direction '1'.
|
||||
#
|
||||
key-direction 1
|
||||
<tls-auth>
|
||||
-----BEGIN OpenVPN Static key V1-----
|
||||
36188fa3977457d267ecae99373870f5
|
||||
ef6e44a8899d4f5ccc831e9d2dbc31ac
|
||||
e171c7e8e49e0d2edd43c3834a2d0099
|
||||
236aa4924c80971b0a34310eb69b70e2
|
||||
fbe85a7395cc10bea13ad09efa46d738
|
||||
f594c332d26c068b289ba96bbb1f661d
|
||||
efb873b76137057a62b4e27b522cfce6
|
||||
aef7ea67ec2540b00b4782780352addf
|
||||
2f7722d1edd40a8f3de3b0295e2da07e
|
||||
b46d196a4cbfd85e47739dc320af6584
|
||||
eb960e2c5ba27bf2f56381f8eb3ceaf7
|
||||
cc72d829ab05aaca6fbb205b78606ff8
|
||||
cc58bc336adb644adfb0034f9974b7d9
|
||||
f2b1308249cd74ecb555a550af6af1ad
|
||||
b15a3f03ecef5f89fa70d2fada97a1b8
|
||||
6179b0d487a6e3196209d053597a7416
|
||||
-----END OpenVPN Static key V1-----
|
||||
</tls-auth>
|
||||
|
||||
# Select a cryptographic cipher.
|
||||
# If the cipher option is used on the server
|
||||
# then you must also specify it here.
|
||||
;cipher BF-CBC # Blowfish (default)
|
||||
;cipher AES-128-CBC # AES
|
||||
;cipher DES-EDE3-CBC # Triple-DES
|
||||
cipher AES-256-CBC
|
||||
|
||||
# Enable compression on the VPN link.
|
||||
# Don't enable this unless it is also
|
||||
# enabled in the server config file.
|
||||
;comp-lzo
|
||||
comp-lzo
|
||||
|
||||
# Verbosity level.
|
||||
# 0 -- quiet except for fatal errors.
|
||||
# 1 -- mostly quiet, but display non-fatal network errors.
|
||||
# 3 -- medium output, good for normal operation.
|
||||
# 9 -- verbose, good for troubleshooting
|
||||
verb 1
|
||||
|
||||
# Setting 'pull' on the client takes care to get the 'push' durectives
|
||||
# from the server
|
||||
pull
|
||||
228
Kanzlei-Kiel/openvpn/client-configs/hh-kanzlei.conf
Normal file
228
Kanzlei-Kiel/openvpn/client-configs/hh-kanzlei.conf
Normal file
@ -0,0 +1,228 @@
|
||||
##############################################
|
||||
# Sample client-side OpenVPN 2.0 config file #
|
||||
# for connecting to multi-client server. #
|
||||
# #
|
||||
# This configuration can be used by multiple #
|
||||
# clients, however each client should have #
|
||||
# its own cert and key files. #
|
||||
# #
|
||||
# On Windows, you might want to rename this #
|
||||
# file so it has a .ovpn extension #
|
||||
##############################################
|
||||
|
||||
# Specify that we are a client and that we
|
||||
# will be pulling certain config file directives
|
||||
# from the server.
|
||||
client
|
||||
|
||||
# Use the same setting as you are using on
|
||||
# the server.
|
||||
# On most systems, the VPN will not function
|
||||
# unless you partially or fully disable
|
||||
# the firewall for the TUN/TAP interface.
|
||||
;dev tap
|
||||
dev tun
|
||||
|
||||
# Are we connecting to a TCP or
|
||||
# UDP server? Use the same setting as
|
||||
# on the server
|
||||
proto udp
|
||||
|
||||
# The hostname/IP and port of the server.
|
||||
# You can have multiple remote entries
|
||||
# to load balance between the servers.
|
||||
remote gw-ah.oopen.de 1194
|
||||
|
||||
topology subnet
|
||||
|
||||
# Keep trying indefinitely to resolve the
|
||||
# host name of the OpenVPN server. Very useful
|
||||
# on machines which are not permanently connected
|
||||
# to the internet such as laptops.
|
||||
resolv-retry infinite
|
||||
|
||||
# Most clients don't need to bind to
|
||||
# a specific local port number.
|
||||
nobind
|
||||
|
||||
# Try to preserve some state across restarts.
|
||||
persist-key
|
||||
persist-tun
|
||||
|
||||
# Server CA
|
||||
<ca>
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIFDDCCA/SgAwIBAgIJAP5ZrV6+kAU+MA0GCSqGSIb3DQEBCwUAMIG0MQswCQYD
|
||||
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
|
||||
BAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEZMBcGA1UEAxMQ
|
||||
VlBOLUthbnpsZWktS2llbDEZMBcGA1UEKRMQVlBOIEthbnpsZWkgS2llbDEhMB8G
|
||||
CSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlMB4XDTE3MDYyNzIzMDc1NloX
|
||||
DTQ5MDYyNzIzMDc1NlowgbQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4x
|
||||
DzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3
|
||||
b3JrIFNlcnZpY2VzMRkwFwYDVQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQp
|
||||
ExBWUE4gS2FuemxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29w
|
||||
ZW4uZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFxAf/gwUw+PD7
|
||||
xYRGHHmYzbjP/hl+cx60qwGZYbyitlIGIZ/0EjzSxyvL47EAB0gBHWuSofYD2L1d
|
||||
k9mYKLbBCAk+VdV+O1rPuE3DSc/T01vEEhlqYGfm6iTgKTLeIWFaPE4k5rNgGM+F
|
||||
A0LZXdWnH6/xj7Vp55UWl/G7/rzptKY9XTdBuV8pqFl1Cvs0dLlFG8JMyrl0ozEf
|
||||
w8cI8dyLsTSZWBEOEAaQQmwOE8WEPXwAhgXDzsQfXdMsKJlfMgM1nOlflux0AftE
|
||||
0Hi+jgTV9uvcjssOetpyf7fmsjvLwsoEIrgZcYK9cUtpO/sAuvDIo/cgbV3SBNIP
|
||||
68jXrrmvAgMBAAGjggEdMIIBGTAdBgNVHQ4EFgQUToIeFIHrm8hxLLEiaJC/7tnU
|
||||
/9QwgekGA1UdIwSB4TCB3oAUToIeFIHrm8hxLLEiaJC/7tnU/9ShgbqkgbcwgbQx
|
||||
CzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEP
|
||||
MA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRkwFwYD
|
||||
VQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQpExBWUE4gS2FuemxlaSBLaWVs
|
||||
MSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGWCCQD+Wa1evpAFPjAM
|
||||
BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCxLfN8SL5ANfwfU0OKi0MH
|
||||
cXlk2czIC9pcfrMaVp6gWgUKEqmNAC7NOqv8rN+fHXmfQhQ58s7SDqEJgYlfpwyW
|
||||
mAIT6D72NN2z8t4iYhu48R1fV+Ml7g9LfCtSOpJXezpzylKvNKAQL7QYOYsfZN1N
|
||||
SCIDyf9Ub65GLDiWmi3nrOUBlYO0yFddJ3c1MtU3aUAucMZGGGwORtEswqVzMcw1
|
||||
ZbQppHcWiwJ4nFNmTC6d2nct1ELrv2ckaaPT+HazFHVtiqkQ2yoYQwoZhjZqOAPp
|
||||
uxIR5f7mS9PtugPSuvf4aftN+7DZq6otfTEmOoIoN0dznV60Jc8xTQkzHuNRjwVi
|
||||
-----END CERTIFICATE-----
|
||||
</ca>
|
||||
|
||||
# Client Certificate
|
||||
<cert>
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIFdDCCBFygAwIBAgIBDDANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
|
||||
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
|
||||
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
|
||||
bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
|
||||
CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xODA2MjAwMTE3MDZaFw0zODA2MjAw
|
||||
MTE3MDZaMIG/MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
|
||||
EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
|
||||
aWNlczEkMCIGA1UEAxMbVlBOLUthbnpsZWktS2llbC1oaC1rYW56bGVpMRkwFwYD
|
||||
VQQpExBWUE4gS2FuemxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1A
|
||||
b29wZW4uZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVUuQpDwsH
|
||||
vxSAvH4nppLzlcXizzUA/Wvn6cIysA3GO5nY9LKt5s2O4SWljMguYC8ta00jmK4G
|
||||
WfPyzarzZLxEBCosSsemxKUS4pW1hiPJFjgdoXwnWY6DsaeFFPFzKdyH84cM+8gD
|
||||
6XTLujYJnbG1rjQUqV6yi8EiwxfVxPDQAyNpvI37wxsr7abTNNKjvlZTAZd/DRgF
|
||||
7vTI4Nw1XWQxtam4kST4hKdd6ugnUyf9FfVaX06P3j316hhgoqXH2UfCPZlI+6CJ
|
||||
R/vmkB1FYplta3xKhHMRGGbhqTqvpK2ATNpZNGXZbVYd2Ly5FlMtbmDZrutbsbyk
|
||||
aptkZtZ72hMHAgMBAAGjggGCMIIBfjAJBgNVHRMEAjAAMC0GCWCGSAGG+EIBDQQg
|
||||
Fh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFEY6Tztq
|
||||
ocSJTcTYSs/N9DVPHK4/MIHpBgNVHSMEgeEwgd6AFE6CHhSB65vIcSyxImiQv+7Z
|
||||
1P/UoYG6pIG3MIG0MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYD
|
||||
VQQHEwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBT
|
||||
ZXJ2aWNlczEZMBcGA1UEAxMQVlBOLUthbnpsZWktS2llbDEZMBcGA1UEKRMQVlBO
|
||||
IEthbnpsZWkgS2llbDEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRl
|
||||
ggkA/lmtXr6QBT4wEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMBUG
|
||||
A1UdEQQOMAyCCmhoLWthbnpsZWkwDQYJKoZIhvcNAQELBQADggEBAFAUWaRuXrg0
|
||||
U8ksk3p7T86JrIi4jarr6VPt3DBXiFnplhXhqhUGBh6eWLd3q5DHSrh1Ll47jpAq
|
||||
O5hyknrbDnf4JWpg6RxTxj5dmvIWvBvInlyxpjnk1vudCDm09yU5hYZht9XVjWAQ
|
||||
DeRe6F1wqFjRZk33f1Pies/xJVdW+rQG23VuNp0OwIVvri3i1qBuDV/Cb/XQXdlU
|
||||
YsCG4IS2fLWU3DO4DaKCQh7TGhLJDSlPrwB+7UN419p8IPpQs+3eUTGM4He6153K
|
||||
iGvBeR4wfB8HVKX+Ro4O33Xa/Hcvvkl9FCgBF6dVJ1nmhBm4GWstMhIw8nnBuzl/
|
||||
YzBrq2Xgzsw=
|
||||
-----END CERTIFICATE-----
|
||||
</cert>
|
||||
|
||||
# Client Key
|
||||
<key>
|
||||
-----BEGIN ENCRYPTED PRIVATE KEY-----
|
||||
MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIz79jvbHv3DACAggA
|
||||
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECPE3o5ZalTfQBIIEyMw6MfxJ1fA5
|
||||
+84OUNHDJ/9BvnQu/0EbX6YkZIZgZ37zxvYR8NRMHqRdsR5oTqigbOgkSQTx7JEA
|
||||
M2p3uEi4nrz9Rle+T6ZALHaTQcQcUe3ZgpksyUXTQjVnKm+riZpK+jmoYpdPUfQo
|
||||
TyKb3FeuNxOoqyyruxiDyoyxtQvgz0SuibDrOX+GyM2HbXkZPD6JjZuW7U/TFriF
|
||||
0+R7Eog718e/0bisKlPs//3gktx0QyApc3RMQjKaXBrCS5xlwgsj/OAAitjBhwl3
|
||||
XP9FgoP/is/8pu7LERuqt3exwYk3QaJrruUkhxscupXCi1doe/Nql4cpZAiAVTQ2
|
||||
m0QDSj0PSqy7vAZwZ+R3DttZMHcPEtAsrzBFpcVhKnKte7bGk4k0ICRIZMI1wVJI
|
||||
uRK4ihPj2d38Bff3YuNoCjTlzETtOXMP5+UP3oH8fY7qb7P/QRp8Yp1lapL4NMgv
|
||||
fJyNyyQAg08K3XHhEZVF9I3N6KCiVPi8K5Uteb7r/kjXuQ+nOzxvzTPqjW+7huT/
|
||||
kbh5AIcMVUCxHvME9Au7yLpuy1T70TyW5zqmE1feZkVQE76oj8BAkhmhRAuvaCES
|
||||
ZglwSmTA1bYDPVs8/nnRB2VjcWYjus0oSC0xdiOAYRH0KuW59DgfMttaxXh4/9Mb
|
||||
uXsu/2HU3nOxrXEzBHUDOEb+ja/kKOrU0TrsdcpPGVqlMFHjEDEr7oEWVoIH7iGw
|
||||
4McLH9Q6054DczfJrfavhkx+Pk5Fb3nTfPH753ugCrPz733w0ugi2IKEzJXgAXOx
|
||||
3cTBVr6mOw3ctQ+7D9bOHIEAk4Gfgf+DdTlLRbDTIBB/OWiPjp2x7D+eu1oVMlOU
|
||||
5gkSadlklwkwe3dGjWsSjK5g+HE8rlBZbYTEe2gko1S5s7+v7jn2rP+2cY8DHASG
|
||||
UiPghE5+MC9W++5PizQyLaR5FNO6/GzbzalrtGeE7F4s2MnRjUotDKFfZdWeOdFJ
|
||||
zpv4GzNU36BH9WCbW3jrZMH0uDBt6lVoU+t7uwIvDnrAXY+FwodaffS7xWhNWm5r
|
||||
h3yGnHQzz17ZDUAnMRSOjejb32PmNq2M5StlnY80MBzKptE0qYuvW+BzpsMyYSFz
|
||||
2T3jhJmYwPsPoKE/O2xPVg2wGExss4UQyZUoV/rvtE+WTXUsYUzsjwBIV6DD0ux0
|
||||
PGDbO7yO83izhn3VlWRq6Re0n6CLXmyCg7nVi0Iuw93dHfUQWcuKCKE8uwRA5QE+
|
||||
3edHSYOtTZ/PLH+Uh+Qp6m11GiYhY3S+vlJ0l1FBfx07KCfOzbxBtB8lHK9q3XaY
|
||||
bZOBPDMs/Wx31O48L/i19OycBELKwoPUQTjEId6kgYMHxgjXO7XbHrN4Ryxw9ydT
|
||||
Iij3WOKaeICUmaSG/dx5luKJ6BV2ZJyJF3vKWVUMtpamEeqfFevxAMgTC9zh7D9+
|
||||
1WhNCPvvgJ5OXsfdUMcUnENnGdcSfznOG/BlKVRG7niGKjvk4DtdjZfHMI0TXqiV
|
||||
Krn4GcJFZjMVxG16TFxpCVK6M52CV3WoGgg2YLp1bop1bbv4zwE3gk00EILcRKfF
|
||||
UZrEn+5QF7XsS4Ym85y9DrOc1Oag3AFxwqT/cZuX7cfEDR6JE/ZQ8IGuQnH1sRkk
|
||||
5Gw1p3AFAgSy7ADVtsF/kA==
|
||||
-----END ENCRYPTED PRIVATE KEY-----
|
||||
</key>
|
||||
|
||||
# Verify server certificate by checking
|
||||
# that the certicate has the nsCertType
|
||||
# field set to "server". This is an
|
||||
# important precaution to protect against
|
||||
# a potential attack discussed here:
|
||||
# http://openvpn.net/howto.html#mitm
|
||||
#
|
||||
# To use this feature, you will need to generate
|
||||
# your server certificates with the nsCertType
|
||||
# field set to "server". The build-key-server
|
||||
# script in the easy-rsa folder will do this.
|
||||
#
|
||||
# Note!
|
||||
# The option "ns-cert-type" has been deprecated since
|
||||
# version 2.4 and will be removed from later distributions.
|
||||
#
|
||||
# Use the modern equivalent "remote-cert-tls"
|
||||
#
|
||||
;ns-cert-type server
|
||||
remote-cert-tls server
|
||||
|
||||
# If a tls-auth key is used on the server
|
||||
# then every client must also have the key.
|
||||
#
|
||||
# Don't forget to set the 'key-direction' Parameter if using
|
||||
# Inline Key. Usualy , sever has key direction '0', while client
|
||||
# has ke direction '1'.
|
||||
#
|
||||
key-direction 1
|
||||
<tls-auth>
|
||||
-----BEGIN OpenVPN Static key V1-----
|
||||
36188fa3977457d267ecae99373870f5
|
||||
ef6e44a8899d4f5ccc831e9d2dbc31ac
|
||||
e171c7e8e49e0d2edd43c3834a2d0099
|
||||
236aa4924c80971b0a34310eb69b70e2
|
||||
fbe85a7395cc10bea13ad09efa46d738
|
||||
f594c332d26c068b289ba96bbb1f661d
|
||||
efb873b76137057a62b4e27b522cfce6
|
||||
aef7ea67ec2540b00b4782780352addf
|
||||
2f7722d1edd40a8f3de3b0295e2da07e
|
||||
b46d196a4cbfd85e47739dc320af6584
|
||||
eb960e2c5ba27bf2f56381f8eb3ceaf7
|
||||
cc72d829ab05aaca6fbb205b78606ff8
|
||||
cc58bc336adb644adfb0034f9974b7d9
|
||||
f2b1308249cd74ecb555a550af6af1ad
|
||||
b15a3f03ecef5f89fa70d2fada97a1b8
|
||||
6179b0d487a6e3196209d053597a7416
|
||||
-----END OpenVPN Static key V1-----
|
||||
</tls-auth>
|
||||
|
||||
# Select a cryptographic cipher.
|
||||
# If the cipher option is used on the server
|
||||
# then you must also specify it here.
|
||||
;cipher BF-CBC # Blowfish (default)
|
||||
;cipher AES-128-CBC # AES
|
||||
;cipher DES-EDE3-CBC # Triple-DES
|
||||
cipher AES-256-CBC
|
||||
|
||||
# Enable compression on the VPN link.
|
||||
# Don't enable this unless it is also
|
||||
# enabled in the server config file.
|
||||
;comp-lzo
|
||||
comp-lzo
|
||||
|
||||
# Verbosity level.
|
||||
# 0 -- quiet except for fatal errors.
|
||||
# 1 -- mostly quiet, but display non-fatal network errors.
|
||||
# 3 -- medium output, good for normal operation.
|
||||
# 9 -- verbose, good for troubleshooting
|
||||
verb 1
|
||||
|
||||
# Setting 'pull' on the client takes care to get the 'push' durectives
|
||||
# from the server
|
||||
pull
|
||||
228
Kanzlei-Kiel/openvpn/client-configs/hh-lucke.conf
Normal file
228
Kanzlei-Kiel/openvpn/client-configs/hh-lucke.conf
Normal file
@ -0,0 +1,228 @@
|
||||
##############################################
|
||||
# Sample client-side OpenVPN 2.0 config file #
|
||||
# for connecting to multi-client server. #
|
||||
# #
|
||||
# This configuration can be used by multiple #
|
||||
# clients, however each client should have #
|
||||
# its own cert and key files. #
|
||||
# #
|
||||
# On Windows, you might want to rename this #
|
||||
# file so it has a .ovpn extension #
|
||||
##############################################
|
||||
|
||||
# Specify that we are a client and that we
|
||||
# will be pulling certain config file directives
|
||||
# from the server.
|
||||
client
|
||||
|
||||
# Use the same setting as you are using on
|
||||
# the server.
|
||||
# On most systems, the VPN will not function
|
||||
# unless you partially or fully disable
|
||||
# the firewall for the TUN/TAP interface.
|
||||
;dev tap
|
||||
dev tun
|
||||
|
||||
# Are we connecting to a TCP or
|
||||
# UDP server? Use the same setting as
|
||||
# on the server
|
||||
proto udp
|
||||
|
||||
# The hostname/IP and port of the server.
|
||||
# You can have multiple remote entries
|
||||
# to load balance between the servers.
|
||||
remote gw-ah.oopen.de 1194
|
||||
|
||||
topology subnet
|
||||
|
||||
# Keep trying indefinitely to resolve the
|
||||
# host name of the OpenVPN server. Very useful
|
||||
# on machines which are not permanently connected
|
||||
# to the internet such as laptops.
|
||||
resolv-retry infinite
|
||||
|
||||
# Most clients don't need to bind to
|
||||
# a specific local port number.
|
||||
nobind
|
||||
|
||||
# Try to preserve some state across restarts.
|
||||
persist-key
|
||||
persist-tun
|
||||
|
||||
# Server CA
|
||||
<ca>
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIFDDCCA/SgAwIBAgIJAP5ZrV6+kAU+MA0GCSqGSIb3DQEBCwUAMIG0MQswCQYD
|
||||
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
|
||||
BAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEZMBcGA1UEAxMQ
|
||||
VlBOLUthbnpsZWktS2llbDEZMBcGA1UEKRMQVlBOIEthbnpsZWkgS2llbDEhMB8G
|
||||
CSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlMB4XDTE3MDYyNzIzMDc1NloX
|
||||
DTQ5MDYyNzIzMDc1NlowgbQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4x
|
||||
DzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3
|
||||
b3JrIFNlcnZpY2VzMRkwFwYDVQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQp
|
||||
ExBWUE4gS2FuemxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29w
|
||||
ZW4uZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFxAf/gwUw+PD7
|
||||
xYRGHHmYzbjP/hl+cx60qwGZYbyitlIGIZ/0EjzSxyvL47EAB0gBHWuSofYD2L1d
|
||||
k9mYKLbBCAk+VdV+O1rPuE3DSc/T01vEEhlqYGfm6iTgKTLeIWFaPE4k5rNgGM+F
|
||||
A0LZXdWnH6/xj7Vp55UWl/G7/rzptKY9XTdBuV8pqFl1Cvs0dLlFG8JMyrl0ozEf
|
||||
w8cI8dyLsTSZWBEOEAaQQmwOE8WEPXwAhgXDzsQfXdMsKJlfMgM1nOlflux0AftE
|
||||
0Hi+jgTV9uvcjssOetpyf7fmsjvLwsoEIrgZcYK9cUtpO/sAuvDIo/cgbV3SBNIP
|
||||
68jXrrmvAgMBAAGjggEdMIIBGTAdBgNVHQ4EFgQUToIeFIHrm8hxLLEiaJC/7tnU
|
||||
/9QwgekGA1UdIwSB4TCB3oAUToIeFIHrm8hxLLEiaJC/7tnU/9ShgbqkgbcwgbQx
|
||||
CzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEP
|
||||
MA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRkwFwYD
|
||||
VQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQpExBWUE4gS2FuemxlaSBLaWVs
|
||||
MSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGWCCQD+Wa1evpAFPjAM
|
||||
BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCxLfN8SL5ANfwfU0OKi0MH
|
||||
cXlk2czIC9pcfrMaVp6gWgUKEqmNAC7NOqv8rN+fHXmfQhQ58s7SDqEJgYlfpwyW
|
||||
mAIT6D72NN2z8t4iYhu48R1fV+Ml7g9LfCtSOpJXezpzylKvNKAQL7QYOYsfZN1N
|
||||
SCIDyf9Ub65GLDiWmi3nrOUBlYO0yFddJ3c1MtU3aUAucMZGGGwORtEswqVzMcw1
|
||||
ZbQppHcWiwJ4nFNmTC6d2nct1ELrv2ckaaPT+HazFHVtiqkQ2yoYQwoZhjZqOAPp
|
||||
uxIR5f7mS9PtugPSuvf4aftN+7DZq6otfTEmOoIoN0dznV60Jc8xTQkzHuNRjwVi
|
||||
-----END CERTIFICATE-----
|
||||
</ca>
|
||||
|
||||
# Client Certificate
|
||||
<cert>
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIFcDCCBFigAwIBAgIBCzANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
|
||||
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
|
||||
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
|
||||
bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
|
||||
CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xODA2MjAwMTE1NDZaFw0zODA2MjAw
|
||||
MTE1NDZaMIG9MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
|
||||
EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
|
||||
aWNlczEiMCAGA1UEAxMZVlBOLUthbnpsZWktS2llbC1oaC1sdWNrZTEZMBcGA1UE
|
||||
KRMQVlBOIEthbnpsZWkgS2llbDEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9v
|
||||
cGVuLmRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApy+f6OZujjGd
|
||||
OknYsbwjBA5toqsqGXkSdMmo/xxCYc2KFiO5UODuUHR3R0ZSXaorUw5q7zVsA1w/
|
||||
IxTJiPaAvFB5m2RCFPDp/Kb1N6KdRs45fWKkgqf0qtgubk+PauZUJqIhs7ZMnOGu
|
||||
E5qCxS+gpeVYci/FiJbU+IQZHs16zwsNgRpyYe225BxovsXBvIJ8F5EggbFZYo8b
|
||||
Bc8whBTlKydk8CZ5SO9ObIcrHmiBXbfFNY5rmxgsyj40RH0hhln/zXUK59WBgg2k
|
||||
Ohirf0RpwFieeCg5xCF1NTNvpRKfDhQZqj2h0vyelN9LDZs/L9bGHoNu3xWlOXPi
|
||||
+bPKIZFivQIDAQABo4IBgDCCAXwwCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYe
|
||||
RWFzeS1SU0EgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBQSGG+S7wZ0
|
||||
V4+lpjuJuPnLCrCImjCB6QYDVR0jBIHhMIHegBROgh4UgeubyHEssSJokL/u2dT/
|
||||
1KGBuqSBtzCBtDELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UE
|
||||
BxMGQmVybGluMQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2Vy
|
||||
dmljZXMxGTAXBgNVBAMTEFZQTi1LYW56bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBL
|
||||
YW56bGVpIEtpZWwxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZYIJ
|
||||
AP5ZrV6+kAU+MBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDATBgNV
|
||||
HREEDDAKgghoaC1sdWNrZTANBgkqhkiG9w0BAQsFAAOCAQEAWC+QrydsgsXQCVQ0
|
||||
LZUd3es1NS6ClTPkY7+f/CZYWpFQP8qW3dB3W+S33qRRcOvyXP1m8k480EFejCXK
|
||||
qO8cUdKtDD4gFZccp+zWXKaZpmMjGm6WepqfhgDdtKcN2XdKvgwowy96c9JP78b0
|
||||
igGwfuI8bUF/dVgHMlkT6X+PIhl77OEh2bNUbpfeNlPCjr2+e70mCVcHji060D7T
|
||||
l4uh4pHJwi2JINLkZfh3m1xPvQU7h+K9D3Z9k/IL7yxFdAY+6tmG8VUjigDC7cN5
|
||||
NH29yAzC5fSyKO1xdDkc8s+s8Di5ufRBNVgcbflPzh7t7vcGlflOf8Gq1z5ShHIB
|
||||
ZQ21Jg==
|
||||
-----END CERTIFICATE-----
|
||||
</cert>
|
||||
|
||||
# Client Key
|
||||
<key>
|
||||
-----BEGIN ENCRYPTED PRIVATE KEY-----
|
||||
MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIXEjPaNf5KGgCAggA
|
||||
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECNdZNDlsLt4gBIIEyOzgTgA/V6IO
|
||||
pWGeNhluCi3s8PPytWN35z5mSE3N1ErEveJ65W865nNJkqnDR9a7RVciE++KhWs5
|
||||
CYoopoGcUyadyfKIe9HkOplxeZsy1qHoMYDNQqww4cr1BV3erA6OkW4XJ0RMZcyu
|
||||
aCdU649EmdDPmESmW23Q4getgX8sHC0/Yw3GHpZ8jqh3tH5HYJt2/MAQGAtlIlOn
|
||||
MW4cE9ZcWuD0DXH0sjakovu4UqxefOmmYEWhS9Rt1hfu7rE0Tb4Yvl3lzR7ke+NF
|
||||
IAobjcDtGvTr+XxUyhLY57I8qlK0uooyziHhZWusu358mjWaTifqFUN2NRw1rgqp
|
||||
FoMvkSeyGTPrMO9eY1N+QLw9KZ2/Sd+1KcLhOGHyc5DhL6YmlhxsnMJDUiqrDC/v
|
||||
j191WT41+yBSqfVY9PgKU3B1e/kEGWM+JZUz5Wpx8wP9NREjX+JUBkiTcvbho61D
|
||||
3qxHFrqbcic1gKcCQ61c7dV2c/cH9EAYl426qzTclmw0fL1rKjutUJ6USq05gcNU
|
||||
e8ugKz5xR/EyiUKx1iPRlKd1EJORX5n+XdTNhvJuO2x5CXmT28Snv7ZpQEC3Qpt+
|
||||
P6f8hm1c2Dmc05wePoc4fbPL4j47fG45EXWeMw2gAPzWuGkVEN2zUSRf43e985/k
|
||||
E3nzQVwXZ1K3zg80PEv9BcmH3aA0I0Vp4b3EH2gVi5Zxcf8fZoqVKBWppFND29pN
|
||||
hQ9Vnlu1R/LQ9I4OFO+txmuEADCVh4KNzZBfPwdz5ZiPAtw3jFpYSbbsC+nbha+4
|
||||
sW3HwDwCqF8tXBNyVFI5Vk5Saagu8Rj4/ng4NuEHVFIJD3Ul5bKb4Li2Ld5HGMmc
|
||||
WU7XTwBO08onPZp/EpYem8LQ3fPmwKIdyiWDc7gOIeHgLp0/y08aJTcacYBpInfq
|
||||
o3Ne6z/drZErYRie3r7NCpzCt3xzEcQhfMi3PxxTOMOU3cdEtQhkAq+XruWesIOS
|
||||
U4/Kgv59K0wpMmg8Ezg9qKrDnwylNhab//sC3IT6/CjHsvHAmMyxwRVaPu4420l1
|
||||
uK8fZPCHSmHeuR+A2iEiQMBmCWE51BIi3tOH25PhkibpZHD4RcN5b+Ws7lCbFF1s
|
||||
fCsYoVLEufzEZdsr7LkDpMdfvwJXt2BqvwRuNwoV5VnuVLI+yfnkak4j/pt9Vwvy
|
||||
hAqSCdzjxp6Sor/5tJBs7mfGQHO3ULgp3bVkuELnzHEOyUq1h3BOpk6VDnk9t2VI
|
||||
xg1WVr6gztKdvtjnfFoguE+Wdd6N1XGMxlBzzY7BM1TIXQM2k9mM6r5ACoy17/Xr
|
||||
M8aS8BQJ+M+dUVKTm0fMLPVOCqmIlmVwZRrJybwc0+Qx8yzLNGTbwHUlBZ0xct04
|
||||
JLrpH4vuzbewKIXCPQn9iCtmSNuHOkdaryKaVF/IrM2QXMl20WG3OMtazDnvYGP9
|
||||
NTyyDQp1CMug+WSH3aEhs65pHHMjxj/I+4cH8CcggKbencG5QF2ztBcP0RK+Facl
|
||||
YK4IEMkrCdorkY6MAOhLKhAOGPcYFSDgLwAvrN/xVLTkZg7Y2jR8gD33QZh9TDrl
|
||||
vn9D5Se2xoGt6F9P3HuGnRSNgSK572ViPoMXqqjEJz4SShPwCWyUn5PDwYhJhBJs
|
||||
UWrDe94SSE93IuXItNGO1A==
|
||||
-----END ENCRYPTED PRIVATE KEY-----
|
||||
</key>
|
||||
|
||||
# Verify server certificate by checking
|
||||
# that the certicate has the nsCertType
|
||||
# field set to "server". This is an
|
||||
# important precaution to protect against
|
||||
# a potential attack discussed here:
|
||||
# http://openvpn.net/howto.html#mitm
|
||||
#
|
||||
# To use this feature, you will need to generate
|
||||
# your server certificates with the nsCertType
|
||||
# field set to "server". The build-key-server
|
||||
# script in the easy-rsa folder will do this.
|
||||
#
|
||||
# Note!
|
||||
# The option "ns-cert-type" has been deprecated since
|
||||
# version 2.4 and will be removed from later distributions.
|
||||
#
|
||||
# Use the modern equivalent "remote-cert-tls"
|
||||
#
|
||||
;ns-cert-type server
|
||||
remote-cert-tls server
|
||||
|
||||
# If a tls-auth key is used on the server
|
||||
# then every client must also have the key.
|
||||
#
|
||||
# Don't forget to set the 'key-direction' Parameter if using
|
||||
# Inline Key. Usualy , sever has key direction '0', while client
|
||||
# has ke direction '1'.
|
||||
#
|
||||
key-direction 1
|
||||
<tls-auth>
|
||||
-----BEGIN OpenVPN Static key V1-----
|
||||
36188fa3977457d267ecae99373870f5
|
||||
ef6e44a8899d4f5ccc831e9d2dbc31ac
|
||||
e171c7e8e49e0d2edd43c3834a2d0099
|
||||
236aa4924c80971b0a34310eb69b70e2
|
||||
fbe85a7395cc10bea13ad09efa46d738
|
||||
f594c332d26c068b289ba96bbb1f661d
|
||||
efb873b76137057a62b4e27b522cfce6
|
||||
aef7ea67ec2540b00b4782780352addf
|
||||
2f7722d1edd40a8f3de3b0295e2da07e
|
||||
b46d196a4cbfd85e47739dc320af6584
|
||||
eb960e2c5ba27bf2f56381f8eb3ceaf7
|
||||
cc72d829ab05aaca6fbb205b78606ff8
|
||||
cc58bc336adb644adfb0034f9974b7d9
|
||||
f2b1308249cd74ecb555a550af6af1ad
|
||||
b15a3f03ecef5f89fa70d2fada97a1b8
|
||||
6179b0d487a6e3196209d053597a7416
|
||||
-----END OpenVPN Static key V1-----
|
||||
</tls-auth>
|
||||
|
||||
# Select a cryptographic cipher.
|
||||
# If the cipher option is used on the server
|
||||
# then you must also specify it here.
|
||||
;cipher BF-CBC # Blowfish (default)
|
||||
;cipher AES-128-CBC # AES
|
||||
;cipher DES-EDE3-CBC # Triple-DES
|
||||
cipher AES-256-CBC
|
||||
|
||||
# Enable compression on the VPN link.
|
||||
# Don't enable this unless it is also
|
||||
# enabled in the server config file.
|
||||
;comp-lzo
|
||||
comp-lzo
|
||||
|
||||
# Verbosity level.
|
||||
# 0 -- quiet except for fatal errors.
|
||||
# 1 -- mostly quiet, but display non-fatal network errors.
|
||||
# 3 -- medium output, good for normal operation.
|
||||
# 9 -- verbose, good for troubleshooting
|
||||
verb 1
|
||||
|
||||
# Setting 'pull' on the client takes care to get the 'push' durectives
|
||||
# from the server
|
||||
pull
|
||||
228
Kanzlei-Kiel/openvpn/client-configs/hh-suesse.conf
Normal file
228
Kanzlei-Kiel/openvpn/client-configs/hh-suesse.conf
Normal file
@ -0,0 +1,228 @@
|
||||
##############################################
|
||||
# Sample client-side OpenVPN 2.0 config file #
|
||||
# for connecting to multi-client server. #
|
||||
# #
|
||||
# This configuration can be used by multiple #
|
||||
# clients, however each client should have #
|
||||
# its own cert and key files. #
|
||||
# #
|
||||
# On Windows, you might want to rename this #
|
||||
# file so it has a .ovpn extension #
|
||||
##############################################
|
||||
|
||||
# Specify that we are a client and that we
|
||||
# will be pulling certain config file directives
|
||||
# from the server.
|
||||
client
|
||||
|
||||
# Use the same setting as you are using on
|
||||
# the server.
|
||||
# On most systems, the VPN will not function
|
||||
# unless you partially or fully disable
|
||||
# the firewall for the TUN/TAP interface.
|
||||
;dev tap
|
||||
dev tun
|
||||
|
||||
# Are we connecting to a TCP or
|
||||
# UDP server? Use the same setting as
|
||||
# on the server
|
||||
proto udp
|
||||
|
||||
# The hostname/IP and port of the server.
|
||||
# You can have multiple remote entries
|
||||
# to load balance between the servers.
|
||||
remote gw-ah.oopen.de 1194
|
||||
|
||||
topology subnet
|
||||
|
||||
# Keep trying indefinitely to resolve the
|
||||
# host name of the OpenVPN server. Very useful
|
||||
# on machines which are not permanently connected
|
||||
# to the internet such as laptops.
|
||||
resolv-retry infinite
|
||||
|
||||
# Most clients don't need to bind to
|
||||
# a specific local port number.
|
||||
nobind
|
||||
|
||||
# Try to preserve some state across restarts.
|
||||
persist-key
|
||||
persist-tun
|
||||
|
||||
# Server CA
|
||||
<ca>
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIFDDCCA/SgAwIBAgIJAP5ZrV6+kAU+MA0GCSqGSIb3DQEBCwUAMIG0MQswCQYD
|
||||
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
|
||||
BAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEZMBcGA1UEAxMQ
|
||||
VlBOLUthbnpsZWktS2llbDEZMBcGA1UEKRMQVlBOIEthbnpsZWkgS2llbDEhMB8G
|
||||
CSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlMB4XDTE3MDYyNzIzMDc1NloX
|
||||
DTQ5MDYyNzIzMDc1NlowgbQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4x
|
||||
DzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3
|
||||
b3JrIFNlcnZpY2VzMRkwFwYDVQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQp
|
||||
ExBWUE4gS2FuemxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29w
|
||||
ZW4uZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFxAf/gwUw+PD7
|
||||
xYRGHHmYzbjP/hl+cx60qwGZYbyitlIGIZ/0EjzSxyvL47EAB0gBHWuSofYD2L1d
|
||||
k9mYKLbBCAk+VdV+O1rPuE3DSc/T01vEEhlqYGfm6iTgKTLeIWFaPE4k5rNgGM+F
|
||||
A0LZXdWnH6/xj7Vp55UWl/G7/rzptKY9XTdBuV8pqFl1Cvs0dLlFG8JMyrl0ozEf
|
||||
w8cI8dyLsTSZWBEOEAaQQmwOE8WEPXwAhgXDzsQfXdMsKJlfMgM1nOlflux0AftE
|
||||
0Hi+jgTV9uvcjssOetpyf7fmsjvLwsoEIrgZcYK9cUtpO/sAuvDIo/cgbV3SBNIP
|
||||
68jXrrmvAgMBAAGjggEdMIIBGTAdBgNVHQ4EFgQUToIeFIHrm8hxLLEiaJC/7tnU
|
||||
/9QwgekGA1UdIwSB4TCB3oAUToIeFIHrm8hxLLEiaJC/7tnU/9ShgbqkgbcwgbQx
|
||||
CzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEP
|
||||
MA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRkwFwYD
|
||||
VQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQpExBWUE4gS2FuemxlaSBLaWVs
|
||||
MSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGWCCQD+Wa1evpAFPjAM
|
||||
BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCxLfN8SL5ANfwfU0OKi0MH
|
||||
cXlk2czIC9pcfrMaVp6gWgUKEqmNAC7NOqv8rN+fHXmfQhQ58s7SDqEJgYlfpwyW
|
||||
mAIT6D72NN2z8t4iYhu48R1fV+Ml7g9LfCtSOpJXezpzylKvNKAQL7QYOYsfZN1N
|
||||
SCIDyf9Ub65GLDiWmi3nrOUBlYO0yFddJ3c1MtU3aUAucMZGGGwORtEswqVzMcw1
|
||||
ZbQppHcWiwJ4nFNmTC6d2nct1ELrv2ckaaPT+HazFHVtiqkQ2yoYQwoZhjZqOAPp
|
||||
uxIR5f7mS9PtugPSuvf4aftN+7DZq6otfTEmOoIoN0dznV60Jc8xTQkzHuNRjwVi
|
||||
-----END CERTIFICATE-----
|
||||
</ca>
|
||||
|
||||
# Client Certificate
|
||||
<cert>
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIFcjCCBFqgAwIBAgIBDTANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
|
||||
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
|
||||
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
|
||||
bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
|
||||
CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xODA2MjAwMTE4NDBaFw0zODA2MjAw
|
||||
MTE4NDBaMIG+MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
|
||||
EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
|
||||
aWNlczEjMCEGA1UEAxMaVlBOLUthbnpsZWktS2llbC1oaC1zdWVzc2UxGTAXBgNV
|
||||
BCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBv
|
||||
b3Blbi5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM5HTV+tr9x4
|
||||
Gaw3ZnsKnge3QAxyNG3Ta6S3YllKFpZ6q/ZQGqdoX7Hrj2il8FbKmxJ6mCByajvL
|
||||
LPCwX8toQAES7aea4dAyYXZ3R8tgMHrhwUqk7r8U04AVRRlyBiWiK5XTKBM3mbhl
|
||||
t/UcDnsRzszsYmEGv09Uz+6dYzlcaHNiNjKJZYfcOZGy53X/q5RRLr7tzt0eO7DD
|
||||
jF1dkRrnbe/nP5VzShetIJ4EiRkdy48Pg6r18kTi24bhD/TCIx8WLfs5j7AnVgWc
|
||||
lbhNx07j1mvKUh7qB380ykS0UmFwWrUNCFaTViQDOOnX1DVG/Qd2m1nTQMwb5u8l
|
||||
2DB7qJ2u/2MCAwEAAaOCAYEwggF9MAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAW
|
||||
HkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUZfN/lRCx
|
||||
SA0SjnsTHrjM5RD50IcwgekGA1UdIwSB4TCB3oAUToIeFIHrm8hxLLEiaJC/7tnU
|
||||
/9ShgbqkgbcwgbQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNV
|
||||
BAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3JrIFNl
|
||||
cnZpY2VzMRkwFwYDVQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQpExBWUE4g
|
||||
S2FuemxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGWC
|
||||
CQD+Wa1evpAFPjATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwFAYD
|
||||
VR0RBA0wC4IJaGgtc3Vlc3NlMA0GCSqGSIb3DQEBCwUAA4IBAQApGaMEsj00yDyE
|
||||
Aqqd2PjodW0wNnonTKpnzpI2DJl+Qapr8vtmMy8h6fzFxTTNf6GeY6iZbYZPdHOH
|
||||
pdRfWTZh0nFq5roRoYfglyuBqeB6qpWGYs+dIDm1Qbhbb3pXtHKdU/f00XJviyOQ
|
||||
OFZTl/LO4L12Vv/09H9Y18OU/XyPimMuSYTWhbNtrd5eLps353p3sEVjWY+gbJ8g
|
||||
GxDLPIi5YWF72rhpl4wHqHVXpbtKH1dTbRtLm+kseFVN6MvnzvhhnuQEYz9srThz
|
||||
dGEDJffJbNlCwACM75OczQmchP9Drhz+hR3DDOemCT1IYCJqaYxu3ZgwzOIDxfGB
|
||||
KFTBa2Y4
|
||||
-----END CERTIFICATE-----
|
||||
</cert>
|
||||
|
||||
# Client Key
|
||||
<key>
|
||||
-----BEGIN ENCRYPTED PRIVATE KEY-----
|
||||
MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIRrW75zSeh/gCAggA
|
||||
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECM/ACjLMnFOqBIIEyH3tvetavQ4n
|
||||
r+z1sBiLqhhfjqR0KVWznMpRWnwClNdu3XqQOYjRYRTcmMX1ILE7ifsyMfYNqmtw
|
||||
df1zCB0qc4rpg+FGMjEAJpGuU2uxcN85nTvRI7l7y8iIi5Bffjr44eMfitLjXRat
|
||||
XxZrkHIsbSpEhDeNBC5Pc9TCuqJY7PLac3a3JR0qNib+Ucpp9I8gWEW6FHrobSbG
|
||||
mSpEZe+w7uoAq5tcaJy8yHAzVQfmh0TJK09mhiXdKEmDipcaWDyCeXX+8Ck9sY/I
|
||||
Ykm5Fi/HrlAwMRYO834cWdBN1Zle1Prnn2xuOJsIKKTw/XktpOzbvOlykNgzVrvJ
|
||||
VbGfydf7DpN9Z6QkX+b0DrwYP8B3ZJyFVoFSyS4x7id6SXhsV5QMa7Rpr61g5Eag
|
||||
C3rcqwupmYqqirAHPMNbsjiV7APhGtXiGkoHZyDWe3NTzm6hMzYIbDcFtjIUEgyH
|
||||
htqd33oUNkSbrx0BWBQQulrq/kjYTcJpc19txJSvdBJZeNemxxcrr73EXI1GOhJL
|
||||
wKSP91yp7VPIE7S222eD1Q4hOvFHo/RTcaXXLUCX6MXH0kpLatf4iO26/FffRVxG
|
||||
+Ds/5IGTCjfLlj/Z3FiFkRbC7Ra7W8qkGdfykVvMkmjgEZBVFRzVZpPkTrvwa3J8
|
||||
93BlheE6bi6iGkvd6fRgLHl/029k3Rdt25Thfy/yXYWsXRJqc8J3/2ADjVFv0M0G
|
||||
wW/O2WtIaHeMK3g/KNgGIc+Gui+2UFy26VJOK+xA5pxMtr80+o01D1RKkrriKEXP
|
||||
qPtw/haSBpGKxn+RusujcNoRlwOC0oVHWvN7NqMaRJR78Zite2tECphCE454bl+g
|
||||
SpjGei9O0OajCNe+RraWgAL4uhE51RUiLqbrx+Rt6NhZxxTQ4nqOzeI5sHIerIAy
|
||||
YmMgWzjJljFwKSKysyjda1AVXSVtb82EXBko9ezmcTFtfvZIrx3w6pd0IXAh521j
|
||||
y6zYiAdp+4wZzuL54wZYk1t8ZG7dcA/iXY+RTS9PVkXveDHF2c6jgmBEjJtoxBMM
|
||||
WHdU0iE2pr7lSqmznr5wxZ2rcXCuUGYUCqdYAwdD4o8OLouWXhYtMdFcGrx6ouc9
|
||||
9YFwZR8qpeNHyEzJplxBIgLQ5maDm2pwpCAZXauU5zLZ1L35B6lF79+TUNQjqtSZ
|
||||
QI75KiukKh34a3a941IjALjXqrp+CzDCjdmww/R291oW3KeJ381E/k8+lZi9M8d9
|
||||
ZdCchKVpLOrixRCw5r7ItWczeFpVukdWuf2CzqHEzEz6r42IPbITAkrqChsm2UHh
|
||||
v3xrAk/JySmDL2D+iIapGTxlDto7Sf5D1AxKqvb3xWyReG01mEzYn6sxzng/BpNB
|
||||
7gkouadIUGsSnzz3gqGuBWUjMVa6Xq0bf9onUrfRk/6e6I3maWOpkTsn2x2nkAwm
|
||||
kgyA2PEZ1HcKyxQM6C4JOSAcLMZI4cDsA8/V6vwwxY249HhPGDtfDvUTpDipogW7
|
||||
D5qWyVsNpaeKPmAf5C8Wm5M9ikgQTJ2woCkkpzi9pn4K/j8s94sam2rAxTnTksKS
|
||||
GYnA1Tq6s6jyVYXqf4wE3Oh5AJoy3uQ0NQZW9QIobK0gIibNk+MUZbsXffKidbU3
|
||||
qxWilBX7I6N07FjmO1fYTg==
|
||||
-----END ENCRYPTED PRIVATE KEY-----
|
||||
</key>
|
||||
|
||||
# Verify server certificate by checking
|
||||
# that the certicate has the nsCertType
|
||||
# field set to "server". This is an
|
||||
# important precaution to protect against
|
||||
# a potential attack discussed here:
|
||||
# http://openvpn.net/howto.html#mitm
|
||||
#
|
||||
# To use this feature, you will need to generate
|
||||
# your server certificates with the nsCertType
|
||||
# field set to "server". The build-key-server
|
||||
# script in the easy-rsa folder will do this.
|
||||
#
|
||||
# Note!
|
||||
# The option "ns-cert-type" has been deprecated since
|
||||
# version 2.4 and will be removed from later distributions.
|
||||
#
|
||||
# Use the modern equivalent "remote-cert-tls"
|
||||
#
|
||||
;ns-cert-type server
|
||||
remote-cert-tls server
|
||||
|
||||
# If a tls-auth key is used on the server
|
||||
# then every client must also have the key.
|
||||
#
|
||||
# Don't forget to set the 'key-direction' Parameter if using
|
||||
# Inline Key. Usualy , sever has key direction '0', while client
|
||||
# has ke direction '1'.
|
||||
#
|
||||
key-direction 1
|
||||
<tls-auth>
|
||||
-----BEGIN OpenVPN Static key V1-----
|
||||
36188fa3977457d267ecae99373870f5
|
||||
ef6e44a8899d4f5ccc831e9d2dbc31ac
|
||||
e171c7e8e49e0d2edd43c3834a2d0099
|
||||
236aa4924c80971b0a34310eb69b70e2
|
||||
fbe85a7395cc10bea13ad09efa46d738
|
||||
f594c332d26c068b289ba96bbb1f661d
|
||||
efb873b76137057a62b4e27b522cfce6
|
||||
aef7ea67ec2540b00b4782780352addf
|
||||
2f7722d1edd40a8f3de3b0295e2da07e
|
||||
b46d196a4cbfd85e47739dc320af6584
|
||||
eb960e2c5ba27bf2f56381f8eb3ceaf7
|
||||
cc72d829ab05aaca6fbb205b78606ff8
|
||||
cc58bc336adb644adfb0034f9974b7d9
|
||||
f2b1308249cd74ecb555a550af6af1ad
|
||||
b15a3f03ecef5f89fa70d2fada97a1b8
|
||||
6179b0d487a6e3196209d053597a7416
|
||||
-----END OpenVPN Static key V1-----
|
||||
</tls-auth>
|
||||
|
||||
# Select a cryptographic cipher.
|
||||
# If the cipher option is used on the server
|
||||
# then you must also specify it here.
|
||||
;cipher BF-CBC # Blowfish (default)
|
||||
;cipher AES-128-CBC # AES
|
||||
;cipher DES-EDE3-CBC # Triple-DES
|
||||
cipher AES-256-CBC
|
||||
|
||||
# Enable compression on the VPN link.
|
||||
# Don't enable this unless it is also
|
||||
# enabled in the server config file.
|
||||
;comp-lzo
|
||||
comp-lzo
|
||||
|
||||
# Verbosity level.
|
||||
# 0 -- quiet except for fatal errors.
|
||||
# 1 -- mostly quiet, but display non-fatal network errors.
|
||||
# 3 -- medium output, good for normal operation.
|
||||
# 9 -- verbose, good for troubleshooting
|
||||
verb 1
|
||||
|
||||
# Setting 'pull' on the client takes care to get the 'push' durectives
|
||||
# from the server
|
||||
pull
|
||||
228
Kanzlei-Kiel/openvpn/client-configs/molkentin.conf
Normal file
228
Kanzlei-Kiel/openvpn/client-configs/molkentin.conf
Normal file
@ -0,0 +1,228 @@
|
||||
##############################################
|
||||
# Sample client-side OpenVPN 2.0 config file #
|
||||
# for connecting to multi-client server. #
|
||||
# #
|
||||
# This configuration can be used by multiple #
|
||||
# clients, however each client should have #
|
||||
# its own cert and key files. #
|
||||
# #
|
||||
# On Windows, you might want to rename this #
|
||||
# file so it has a .ovpn extension #
|
||||
##############################################
|
||||
|
||||
# Specify that we are a client and that we
|
||||
# will be pulling certain config file directives
|
||||
# from the server.
|
||||
client
|
||||
|
||||
# Use the same setting as you are using on
|
||||
# the server.
|
||||
# On most systems, the VPN will not function
|
||||
# unless you partially or fully disable
|
||||
# the firewall for the TUN/TAP interface.
|
||||
;dev tap
|
||||
dev tun
|
||||
|
||||
# Are we connecting to a TCP or
|
||||
# UDP server? Use the same setting as
|
||||
# on the server
|
||||
proto udp
|
||||
|
||||
# The hostname/IP and port of the server.
|
||||
# You can have multiple remote entries
|
||||
# to load balance between the servers.
|
||||
remote gw-ah.oopen.de 1194
|
||||
|
||||
topology subnet
|
||||
|
||||
# Keep trying indefinitely to resolve the
|
||||
# host name of the OpenVPN server. Very useful
|
||||
# on machines which are not permanently connected
|
||||
# to the internet such as laptops.
|
||||
resolv-retry infinite
|
||||
|
||||
# Most clients don't need to bind to
|
||||
# a specific local port number.
|
||||
nobind
|
||||
|
||||
# Try to preserve some state across restarts.
|
||||
persist-key
|
||||
persist-tun
|
||||
|
||||
# Server CA
|
||||
<ca>
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIFDDCCA/SgAwIBAgIJAP5ZrV6+kAU+MA0GCSqGSIb3DQEBCwUAMIG0MQswCQYD
|
||||
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
|
||||
BAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEZMBcGA1UEAxMQ
|
||||
VlBOLUthbnpsZWktS2llbDEZMBcGA1UEKRMQVlBOIEthbnpsZWkgS2llbDEhMB8G
|
||||
CSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlMB4XDTE3MDYyNzIzMDc1NloX
|
||||
DTQ5MDYyNzIzMDc1NlowgbQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4x
|
||||
DzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3
|
||||
b3JrIFNlcnZpY2VzMRkwFwYDVQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQp
|
||||
ExBWUE4gS2FuemxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29w
|
||||
ZW4uZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFxAf/gwUw+PD7
|
||||
xYRGHHmYzbjP/hl+cx60qwGZYbyitlIGIZ/0EjzSxyvL47EAB0gBHWuSofYD2L1d
|
||||
k9mYKLbBCAk+VdV+O1rPuE3DSc/T01vEEhlqYGfm6iTgKTLeIWFaPE4k5rNgGM+F
|
||||
A0LZXdWnH6/xj7Vp55UWl/G7/rzptKY9XTdBuV8pqFl1Cvs0dLlFG8JMyrl0ozEf
|
||||
w8cI8dyLsTSZWBEOEAaQQmwOE8WEPXwAhgXDzsQfXdMsKJlfMgM1nOlflux0AftE
|
||||
0Hi+jgTV9uvcjssOetpyf7fmsjvLwsoEIrgZcYK9cUtpO/sAuvDIo/cgbV3SBNIP
|
||||
68jXrrmvAgMBAAGjggEdMIIBGTAdBgNVHQ4EFgQUToIeFIHrm8hxLLEiaJC/7tnU
|
||||
/9QwgekGA1UdIwSB4TCB3oAUToIeFIHrm8hxLLEiaJC/7tnU/9ShgbqkgbcwgbQx
|
||||
CzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEP
|
||||
MA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRkwFwYD
|
||||
VQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQpExBWUE4gS2FuemxlaSBLaWVs
|
||||
MSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGWCCQD+Wa1evpAFPjAM
|
||||
BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCxLfN8SL5ANfwfU0OKi0MH
|
||||
cXlk2czIC9pcfrMaVp6gWgUKEqmNAC7NOqv8rN+fHXmfQhQ58s7SDqEJgYlfpwyW
|
||||
mAIT6D72NN2z8t4iYhu48R1fV+Ml7g9LfCtSOpJXezpzylKvNKAQL7QYOYsfZN1N
|
||||
SCIDyf9Ub65GLDiWmi3nrOUBlYO0yFddJ3c1MtU3aUAucMZGGGwORtEswqVzMcw1
|
||||
ZbQppHcWiwJ4nFNmTC6d2nct1ELrv2ckaaPT+HazFHVtiqkQ2yoYQwoZhjZqOAPp
|
||||
uxIR5f7mS9PtugPSuvf4aftN+7DZq6otfTEmOoIoN0dznV60Jc8xTQkzHuNRjwVi
|
||||
-----END CERTIFICATE-----
|
||||
</ca>
|
||||
|
||||
# Client Certificate
|
||||
<cert>
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIFcjCCBFqgAwIBAgIBCjANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
|
||||
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
|
||||
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
|
||||
bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
|
||||
CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xODA2MTkyMTQxNTNaFw0zODA2MTky
|
||||
MTQxNTNaMIG+MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
|
||||
EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
|
||||
aWNlczEjMCEGA1UEAxMaVlBOLUthbnpsZWktS2llbC1tb2xrZW50aW4xGTAXBgNV
|
||||
BCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBv
|
||||
b3Blbi5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMZqwJKDtQxG
|
||||
h45+wyyHtVUZQ+qRhLAgLp/FZFpY6Xz1lSY8NIbEHSPpeH0QfYS4KRT/AMsTOqL7
|
||||
zAy9nluZG8YLqkcni/NhDDaizPH9xk3Msdrpe5N2U1KZkCddD12OHkwa/igX3M0e
|
||||
8xl7OCYqtDOA0Dh+gOZu6e5pa4tYIks2tnsXC6CK1PPEdgGkrRyH3WVqQN5py04l
|
||||
EMZM+d+UEXgS5nQVsSvnQQhQxt0x9JiAb++CF2geq1kM2HJUHWsJLp+IJ5B24ZdP
|
||||
21vv4a9MED/rUeangriVxj0Zph4W9i/3bYtMne6qMjumc2cOuAGNKESNBSo8nlE/
|
||||
CdBeRNjcR80CAwEAAaOCAYEwggF9MAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAW
|
||||
HkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUcl2LsdAN
|
||||
GDmbssHt2DssMEW38xYwgekGA1UdIwSB4TCB3oAUToIeFIHrm8hxLLEiaJC/7tnU
|
||||
/9ShgbqkgbcwgbQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNV
|
||||
BAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3JrIFNl
|
||||
cnZpY2VzMRkwFwYDVQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQpExBWUE4g
|
||||
S2FuemxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGWC
|
||||
CQD+Wa1evpAFPjATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwFAYD
|
||||
VR0RBA0wC4IJbW9sa2VudGluMA0GCSqGSIb3DQEBCwUAA4IBAQBEUBCWZVQJ0am3
|
||||
sA9NUEVK7Kfr+xcVRL4OsXAsBddG7upZOpJS8ojlEYbCNFqUkih0tGvjMdHTTci/
|
||||
KmoaHVHKpMm7pG3DiW+vnGgFcO9pVakLLjAdpOjSpVPhUYKA236rHpCKm8WnbP3N
|
||||
bYlBeaKu+RsZgymYLobWw5feWLMKNLFzmu0qnhipe/qdDP6ctGju3nwtQEwh4r4Z
|
||||
7+uR4xEfVZraLw2x+7EwroMwu+8YZF5X3m+3ylgGBkopGiX1cUo5SoNE19hi6jEY
|
||||
K9HsTz5LsYJBdhB/fOSVKOY+4MOC2IfbVgpNrcwiBdF2CrnZCwg9NTTS5yWpauiq
|
||||
PePBcAAq
|
||||
-----END CERTIFICATE-----
|
||||
</cert>
|
||||
|
||||
# Client Key
|
||||
<key>
|
||||
-----BEGIN ENCRYPTED PRIVATE KEY-----
|
||||
MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIhT82G+86y3QCAggA
|
||||
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECHY/+Su7BqkgBIIEyIyaJBc3qqTh
|
||||
pIhFPfRyyn8CKIS4czpHbPOAfO3CGm+Jhkv8x9xpgv22+lg2t8fp5Tbc5lDEdI9n
|
||||
WQaXiwtlgLTkh8h3HxMnz63nQ3Noh+GIVlowLz+mxGw3rjXyOKgmwdJc2RLijaM8
|
||||
Ug2E2Umx7PH6w78ILrt6edj6VapzGs8frlRYcB+w4eOnX3aDA+hIH5jkmKTiJF9o
|
||||
bX3OzscISbak6od/FqMj5SNXMDVQd00wpmOqx/BUPdUWgK+yKjr1OG7QtihsrkwQ
|
||||
Xwan+8OWUvlxWZbOgALWVKACZxgSQUxg9KUY6xZa/yYo2fgUjeaFd7eimi6cATER
|
||||
Zc/zW4Dueo5PxnKw3F4VK44QyL2817EdrUvTKFJKE9mPS1szBFdqhbsN7OO91ked
|
||||
rSzE84CijhuTuMZ58afQp/nueTSlswFl/MwftTJo6lRR6gNzoc3E2HL4fV+tYUdk
|
||||
oV4vb0HBLxbSX1vIG2pcST4V7VhTqXvGbKNqv0a1zFz1s+tK9cJV1OstTmqyIsSx
|
||||
MEM8AYNmwC7ww1sbdTYCPtoHlvlK9edgzA4ojbGGLVE84P7BSNrAQiTeanGYROZr
|
||||
yw4ZRAQOonv091+2sBQTVJkiuTu78yAxoVXWjCwhb3E1YX/h/5wmtViB0uRt9SOB
|
||||
zPi8qZWWHi8SLBBVQ2YTj6dotZN3Zy9SxbKn/p9AjoNMX4En/bvfZyMHcqKjfJUD
|
||||
tIXNQUOglMVRoJ4JR6legma9v+QCtptiDUHm+4Kw40zgHrL4UZbvf49a9itbz1Ti
|
||||
aiOzMBlpZGuv9D5HQrnxY6v4kWPlbvWHVLtPd335rOpNfCR9Mdp8ZDH4QpOkjWKY
|
||||
07JgaBt60mmzZwO7skUVJyiG8MC9k4BZ9OB08IQPMvKiLzGAYcUl8455tM98KBZ0
|
||||
oDCRsq+/osDuCusJo+cRkIuhoMkEL1AkrNYZNbZnxJH7O9loFxwyzkAphcKFDsKf
|
||||
eFl1I/k5aMmWEzMrosoVfaSe1Q71EZOpE4AM97/whTAl1ZyI25yKtvcdmhzTRO6c
|
||||
geuELG713eEP5F6HuCWwb4EL/7XeTH5fIXvOrrNlArTLf4oVceVC0oHntI6dqtly
|
||||
BKdkeaRMBmINWTIcSgf18b/+EVZf723IHJsnodyWw1AssXSfyxzw7e5L4H8isQI4
|
||||
AAUiZjU4O3xRWnuuz86ikcDWsZ4AQoWePOZvqr2kXqArLTG/EBXaR54cVHiQMr/z
|
||||
11C7lIJ1OuqnP1/aFbSti1tnbiGK24LpJAW0ycvcj4JBLNxd3KlQs6yjtpLExjtn
|
||||
MbUArEROdJnJmmQ1kuTZII87vnhkmzB6EQslqfXKCpDc9w7WGv7Yuqf2r7vOhuGG
|
||||
eIvtwX+sqzO29UKJNCxe14TMZpQpe6Oyewk4L5xUCLjNpd9qmm2Oc/At/N2k85Ct
|
||||
4BcWvNrpBklLgTR2+Hiiw3tS34pZ5VJdUlYHN0ZPbChqYIjeqhBQsYktoLAoVkDv
|
||||
p+w/DuErEV4S9SxhwMHHlMZXpQIGYs+aGaJiTgYmos6Wxgg3Pnz95pN3w7KUd+Ig
|
||||
5BL2d0ZfmC8Wm/h4RdGeZZYHmA4dl1n+8D6Pycm02f/LXNoylsbge4kvzOoV2U8J
|
||||
b0ZWRsYKxyssZP8ZWc6QZw==
|
||||
-----END ENCRYPTED PRIVATE KEY-----
|
||||
</key>
|
||||
|
||||
# Verify server certificate by checking
|
||||
# that the certicate has the nsCertType
|
||||
# field set to "server". This is an
|
||||
# important precaution to protect against
|
||||
# a potential attack discussed here:
|
||||
# http://openvpn.net/howto.html#mitm
|
||||
#
|
||||
# To use this feature, you will need to generate
|
||||
# your server certificates with the nsCertType
|
||||
# field set to "server". The build-key-server
|
||||
# script in the easy-rsa folder will do this.
|
||||
#
|
||||
# Note!
|
||||
# The option "ns-cert-type" has been deprecated since
|
||||
# version 2.4 and will be removed from later distributions.
|
||||
#
|
||||
# Use the modern equivalent "remote-cert-tls"
|
||||
#
|
||||
;ns-cert-type server
|
||||
remote-cert-tls server
|
||||
|
||||
# If a tls-auth key is used on the server
|
||||
# then every client must also have the key.
|
||||
#
|
||||
# Don't forget to set the 'key-direction' Parameter if using
|
||||
# Inline Key. Usualy , sever has key direction '0', while client
|
||||
# has ke direction '1'.
|
||||
#
|
||||
key-direction 1
|
||||
<tls-auth>
|
||||
-----BEGIN OpenVPN Static key V1-----
|
||||
36188fa3977457d267ecae99373870f5
|
||||
ef6e44a8899d4f5ccc831e9d2dbc31ac
|
||||
e171c7e8e49e0d2edd43c3834a2d0099
|
||||
236aa4924c80971b0a34310eb69b70e2
|
||||
fbe85a7395cc10bea13ad09efa46d738
|
||||
f594c332d26c068b289ba96bbb1f661d
|
||||
efb873b76137057a62b4e27b522cfce6
|
||||
aef7ea67ec2540b00b4782780352addf
|
||||
2f7722d1edd40a8f3de3b0295e2da07e
|
||||
b46d196a4cbfd85e47739dc320af6584
|
||||
eb960e2c5ba27bf2f56381f8eb3ceaf7
|
||||
cc72d829ab05aaca6fbb205b78606ff8
|
||||
cc58bc336adb644adfb0034f9974b7d9
|
||||
f2b1308249cd74ecb555a550af6af1ad
|
||||
b15a3f03ecef5f89fa70d2fada97a1b8
|
||||
6179b0d487a6e3196209d053597a7416
|
||||
-----END OpenVPN Static key V1-----
|
||||
</tls-auth>
|
||||
|
||||
# Select a cryptographic cipher.
|
||||
# If the cipher option is used on the server
|
||||
# then you must also specify it here.
|
||||
;cipher BF-CBC # Blowfish (default)
|
||||
;cipher AES-128-CBC # AES
|
||||
;cipher DES-EDE3-CBC # Triple-DES
|
||||
cipher AES-256-CBC
|
||||
|
||||
# Enable compression on the VPN link.
|
||||
# Don't enable this unless it is also
|
||||
# enabled in the server config file.
|
||||
;comp-lzo
|
||||
comp-lzo
|
||||
|
||||
# Verbosity level.
|
||||
# 0 -- quiet except for fatal errors.
|
||||
# 1 -- mostly quiet, but display non-fatal network errors.
|
||||
# 3 -- medium output, good for normal operation.
|
||||
# 9 -- verbose, good for troubleshooting
|
||||
verb 1
|
||||
|
||||
# Setting 'pull' on the client takes care to get the 'push' durectives
|
||||
# from the server
|
||||
pull
|
||||
227
Kanzlei-Kiel/openvpn/client-configs/schaar.conf
Normal file
227
Kanzlei-Kiel/openvpn/client-configs/schaar.conf
Normal file
@ -0,0 +1,227 @@
|
||||
##############################################
|
||||
# Sample client-side OpenVPN 2.0 config file #
|
||||
# for connecting to multi-client server. #
|
||||
# #
|
||||
# This configuration can be used by multiple #
|
||||
# clients, however each client should have #
|
||||
# its own cert and key files. #
|
||||
# #
|
||||
# On Windows, you might want to rename this #
|
||||
# file so it has a .ovpn extension #
|
||||
##############################################
|
||||
|
||||
# Specify that we are a client and that we
|
||||
# will be pulling certain config file directives
|
||||
# from the server.
|
||||
client
|
||||
|
||||
# Use the same setting as you are using on
|
||||
# the server.
|
||||
# On most systems, the VPN will not function
|
||||
# unless you partially or fully disable
|
||||
# the firewall for the TUN/TAP interface.
|
||||
;dev tap
|
||||
dev tun
|
||||
|
||||
# Are we connecting to a TCP or
|
||||
# UDP server? Use the same setting as
|
||||
# on the server
|
||||
proto udp
|
||||
|
||||
# The hostname/IP and port of the server.
|
||||
# You can have multiple remote entries
|
||||
# to load balance between the servers.
|
||||
remote gw-ah.oopen.de 1194
|
||||
|
||||
topology subnet
|
||||
|
||||
# Keep trying indefinitely to resolve the
|
||||
# host name of the OpenVPN server. Very useful
|
||||
# on machines which are not permanently connected
|
||||
# to the internet such as laptops.
|
||||
resolv-retry infinite
|
||||
|
||||
# Most clients don't need to bind to
|
||||
# a specific local port number.
|
||||
nobind
|
||||
|
||||
# Try to preserve some state across restarts.
|
||||
persist-key
|
||||
persist-tun
|
||||
|
||||
# Server CA
|
||||
<ca>
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIFDDCCA/SgAwIBAgIJAP5ZrV6+kAU+MA0GCSqGSIb3DQEBCwUAMIG0MQswCQYD
|
||||
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
|
||||
BAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEZMBcGA1UEAxMQ
|
||||
VlBOLUthbnpsZWktS2llbDEZMBcGA1UEKRMQVlBOIEthbnpsZWkgS2llbDEhMB8G
|
||||
CSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlMB4XDTE3MDYyNzIzMDc1NloX
|
||||
DTQ5MDYyNzIzMDc1NlowgbQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4x
|
||||
DzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3
|
||||
b3JrIFNlcnZpY2VzMRkwFwYDVQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQp
|
||||
ExBWUE4gS2FuemxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29w
|
||||
ZW4uZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFxAf/gwUw+PD7
|
||||
xYRGHHmYzbjP/hl+cx60qwGZYbyitlIGIZ/0EjzSxyvL47EAB0gBHWuSofYD2L1d
|
||||
k9mYKLbBCAk+VdV+O1rPuE3DSc/T01vEEhlqYGfm6iTgKTLeIWFaPE4k5rNgGM+F
|
||||
A0LZXdWnH6/xj7Vp55UWl/G7/rzptKY9XTdBuV8pqFl1Cvs0dLlFG8JMyrl0ozEf
|
||||
w8cI8dyLsTSZWBEOEAaQQmwOE8WEPXwAhgXDzsQfXdMsKJlfMgM1nOlflux0AftE
|
||||
0Hi+jgTV9uvcjssOetpyf7fmsjvLwsoEIrgZcYK9cUtpO/sAuvDIo/cgbV3SBNIP
|
||||
68jXrrmvAgMBAAGjggEdMIIBGTAdBgNVHQ4EFgQUToIeFIHrm8hxLLEiaJC/7tnU
|
||||
/9QwgekGA1UdIwSB4TCB3oAUToIeFIHrm8hxLLEiaJC/7tnU/9ShgbqkgbcwgbQx
|
||||
CzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEP
|
||||
MA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRkwFwYD
|
||||
VQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQpExBWUE4gS2FuemxlaSBLaWVs
|
||||
MSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGWCCQD+Wa1evpAFPjAM
|
||||
BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCxLfN8SL5ANfwfU0OKi0MH
|
||||
cXlk2czIC9pcfrMaVp6gWgUKEqmNAC7NOqv8rN+fHXmfQhQ58s7SDqEJgYlfpwyW
|
||||
mAIT6D72NN2z8t4iYhu48R1fV+Ml7g9LfCtSOpJXezpzylKvNKAQL7QYOYsfZN1N
|
||||
SCIDyf9Ub65GLDiWmi3nrOUBlYO0yFddJ3c1MtU3aUAucMZGGGwORtEswqVzMcw1
|
||||
ZbQppHcWiwJ4nFNmTC6d2nct1ELrv2ckaaPT+HazFHVtiqkQ2yoYQwoZhjZqOAPp
|
||||
uxIR5f7mS9PtugPSuvf4aftN+7DZq6otfTEmOoIoN0dznV60Jc8xTQkzHuNRjwVi
|
||||
-----END CERTIFICATE-----
|
||||
</ca>
|
||||
|
||||
# Client Certificate
|
||||
<cert>
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIFbDCCBFSgAwIBAgIBCTANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
|
||||
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
|
||||
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
|
||||
bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
|
||||
CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xODA2MTkyMTQwMjFaFw0zODA2MTky
|
||||
MTQwMjFaMIG7MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
|
||||
EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
|
||||
aWNlczEgMB4GA1UEAxMXVlBOLUthbnpsZWktS2llbC1zY2hhYXIxGTAXBgNVBCkT
|
||||
EFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Bl
|
||||
bi5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKAl9KwrJEY48kbO
|
||||
XtG6vxGxp8AnOZe6iFym+KACyXX0rlJckTiFrptKl4CGTdrcz/7T2F51g1ZLHkI9
|
||||
VQ2aLDB+Ucjou0WZwvJ2UeigYlt8LUSReM7qC5rcoZCHTgKDUGUr/+8Ste7nYYGJ
|
||||
I/a5VDvdCdB8o8Y/++3qRpLhaMluETAaLj3P8cGBvt7fceP0vqL6UJ916olD2bWT
|
||||
ZxD7LIuyhCRz47MZzrkUxQmP3HN6PI6Hxpe+4tzt1GWrQnmwGCyVs6rEuZEXe/GP
|
||||
vfD1WRJ6iFwJdhmpfGeGD2XVXqioYM7Epb5xxZy5TBuBoDvuWZAbfhmgvh7zXCJ9
|
||||
cKab3JsCAwEAAaOCAX4wggF6MAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVh
|
||||
c3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUt2SyE3NU4JQt
|
||||
Kj2PEgqCG9cXpnEwgekGA1UdIwSB4TCB3oAUToIeFIHrm8hxLLEiaJC/7tnU/9Sh
|
||||
gbqkgbcwgbQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcT
|
||||
BkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZp
|
||||
Y2VzMRkwFwYDVQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQpExBWUE4gS2Fu
|
||||
emxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGWCCQD+
|
||||
Wa1evpAFPjATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEQYDVR0R
|
||||
BAowCIIGc2NoYWFyMA0GCSqGSIb3DQEBCwUAA4IBAQCUdZ5sr8Dlw9MXPAH6Fc6u
|
||||
N9+0MHocHA6gqL39wvnyVvz/K5eoGiUSoXFags4wVj8gXt0ydpq893GR8DhTKH7O
|
||||
aSg84wvzrTfWIxYH98JCEpMgVXKuZzHLgRgeiwTg5LeRrT5xGwowpBy6wjthCUjE
|
||||
jSRVB1B3HuE6dYNIJSnRd2Amv+YNoXJUwShYr7zy3WWaR/GkEP/LeMn1EzvkWqQP
|
||||
pdh4Xg7ni7lh3+Fyt1879d665qlwWGg8QhHyw7Bu1X8mmZ2R05f0YFZkV99ILSEY
|
||||
Ab55w/w+T/7RzfNxE1926av0GHhAMr6ybXKxABf1t33Sa9RGZizTY/Lw635l/lqq
|
||||
-----END CERTIFICATE-----
|
||||
</cert>
|
||||
|
||||
# Client Key
|
||||
<key>
|
||||
-----BEGIN ENCRYPTED PRIVATE KEY-----
|
||||
MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI1Veh57OJg/kCAggA
|
||||
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECIGb91ZmXtibBIIEyNonyB+eF+2I
|
||||
NwQeNXzcqL/jiPNiTN6Wk6VD6OUeDejhXXgoVAC3x8fs+HPMdMqAQCR4gXlCJMCd
|
||||
W0Jse3QvmH+46KkV6vTLaNV59lZonZIod4lp8J4PQqH8+s6o8SJ9sPypx7C9AbZf
|
||||
Y+Ibrv6lp4BRu8vL8e5PAUoltv/1NlxDyxALxJzO/wAFOQRNGtjWcSBPKDPXURR5
|
||||
DGhz/Ody/5LilOpC57KmphlCD4Mx4w94NalsBibE0aumT7I9wKeyHKrkq4sJBUHs
|
||||
/M22S0blCfXhcvf8bQc1+FzsBWp1+UtRTgEJuiwFRKLK4APxvmXsXpaDBOM02F4K
|
||||
a1ZFiQtrJLCLPfShV9/DL6rzX/bP/p0kwpx7valpW/nFA/iCRuyNA3isaB+NC9Lm
|
||||
XaOPETsxPMxS/BsFDiMvryeDC8KEuuAa/WEizq9Z0xWYKvOYgan1HKoWvRvzmiC2
|
||||
7txnrPK/axiwlha1jMZxTaHCGy6b6w08gz6ss+U1vPT4Qb0fK4Ovnbs8zh1/U8AS
|
||||
z7kDsLRoxfSUynkYSYJjaJRysqe4YcDCcUisyDRYIQrRYgZk3h2pev1aell91F9R
|
||||
LgHJ9mWECqB5xni80B/MpPiF/gWqTb316iPse1g+Bp/dAGl1tDHppUl5Z9/wqdMM
|
||||
9ULtJOZm3EYfgOHNFvpDwNlLFEAB07PO4+oMByL890Ym3tcaoCt+d3fx4jmmaJqA
|
||||
qqD2Wd+f8628gbhsbGq0Mex2DqAiOig96X9awcknZrs7EQIFvR9cK0wl4uEt8FuF
|
||||
5tBPPY8Tsjm3jphOw0WBe/E4DuFnQsnNcsKmEOTOn8125UkQbPhlPqCOBMlcw5aK
|
||||
L7b3ikd79zFTdWgSAao9Sf9/xhHNwsK7IBE32gXO6qD61AnOQgihKzi/ZV2Tp90P
|
||||
w6I3EZ5oP3BNnPp9l6nvGYe0HnkNqUigcuP0w28M3wj+nX+cFVZD++3uTh7xOJM6
|
||||
+br+TBQ4HDZ324PqiMXF45KCRvUrQ0ubRa9QxaXGVxpA9Rn8L+nqPkGocrrg1tb8
|
||||
eeVYxLyQeQqsDBjO7w7rDL1ZHra72we78/3BkMS5gv2tQoAqPhAEv/43J2hyp3cR
|
||||
0crZ8elxduaYXscDob56mYyBaDjWaOeKbGrm76yB10leEmN9MeHI7kQVur8/J/cI
|
||||
GjK00zp7dY4/WorFxPFuSFQjeDnvI2bLlqdYaX9d35lLr7s4TYlAXM47+j9QzyMp
|
||||
Maos/5/uUTkoyKiZbdzE0QoLlGqqoFGCWA6TgpPZHW3uXmf4gU9EQzTVHPcI6h9B
|
||||
2APQiECFvDPTHtlDaU0f8b14k3KV4KBEBiFCa7yBnVCGOt74tz//cPOft1Jf5vph
|
||||
QRhgNBw3l6rivM1QnMIKFuM9gqC4xcS6By+2+Ia4Ddo+SIEvDLEHtMs/DnheVkNi
|
||||
e0TAiruK58J5nvdXf9h91WdqPhQAU4BRGzwtVX0yE8D6nSCvUZfaLT4tukr9kt0H
|
||||
393u4t1/ruz4hpe4vCngnKDfSk/kbMbXF/XaDzytTO5AoA68CgS5pvhGpmRzVptk
|
||||
aHglm1S5S3yCB0+ye2jDTBnckUIs+XXy8Uej6fJBon25HD4hyiVPIXkwOB78mhjv
|
||||
AQwv/QUSTX4l1owOvSvW4g==
|
||||
-----END ENCRYPTED PRIVATE KEY-----
|
||||
</key>
|
||||
|
||||
# Verify server certificate by checking
|
||||
# that the certicate has the nsCertType
|
||||
# field set to "server". This is an
|
||||
# important precaution to protect against
|
||||
# a potential attack discussed here:
|
||||
# http://openvpn.net/howto.html#mitm
|
||||
#
|
||||
# To use this feature, you will need to generate
|
||||
# your server certificates with the nsCertType
|
||||
# field set to "server". The build-key-server
|
||||
# script in the easy-rsa folder will do this.
|
||||
#
|
||||
# Note!
|
||||
# The option "ns-cert-type" has been deprecated since
|
||||
# version 2.4 and will be removed from later distributions.
|
||||
#
|
||||
# Use the modern equivalent "remote-cert-tls"
|
||||
#
|
||||
;ns-cert-type server
|
||||
remote-cert-tls server
|
||||
|
||||
# If a tls-auth key is used on the server
|
||||
# then every client must also have the key.
|
||||
#
|
||||
# Don't forget to set the 'key-direction' Parameter if using
|
||||
# Inline Key. Usualy , sever has key direction '0', while client
|
||||
# has ke direction '1'.
|
||||
#
|
||||
key-direction 1
|
||||
<tls-auth>
|
||||
-----BEGIN OpenVPN Static key V1-----
|
||||
36188fa3977457d267ecae99373870f5
|
||||
ef6e44a8899d4f5ccc831e9d2dbc31ac
|
||||
e171c7e8e49e0d2edd43c3834a2d0099
|
||||
236aa4924c80971b0a34310eb69b70e2
|
||||
fbe85a7395cc10bea13ad09efa46d738
|
||||
f594c332d26c068b289ba96bbb1f661d
|
||||
efb873b76137057a62b4e27b522cfce6
|
||||
aef7ea67ec2540b00b4782780352addf
|
||||
2f7722d1edd40a8f3de3b0295e2da07e
|
||||
b46d196a4cbfd85e47739dc320af6584
|
||||
eb960e2c5ba27bf2f56381f8eb3ceaf7
|
||||
cc72d829ab05aaca6fbb205b78606ff8
|
||||
cc58bc336adb644adfb0034f9974b7d9
|
||||
f2b1308249cd74ecb555a550af6af1ad
|
||||
b15a3f03ecef5f89fa70d2fada97a1b8
|
||||
6179b0d487a6e3196209d053597a7416
|
||||
-----END OpenVPN Static key V1-----
|
||||
</tls-auth>
|
||||
|
||||
# Select a cryptographic cipher.
|
||||
# If the cipher option is used on the server
|
||||
# then you must also specify it here.
|
||||
;cipher BF-CBC # Blowfish (default)
|
||||
;cipher AES-128-CBC # AES
|
||||
;cipher DES-EDE3-CBC # Triple-DES
|
||||
cipher AES-256-CBC
|
||||
|
||||
# Enable compression on the VPN link.
|
||||
# Don't enable this unless it is also
|
||||
# enabled in the server config file.
|
||||
;comp-lzo
|
||||
comp-lzo
|
||||
|
||||
# Verbosity level.
|
||||
# 0 -- quiet except for fatal errors.
|
||||
# 1 -- mostly quiet, but display non-fatal network errors.
|
||||
# 3 -- medium output, good for normal operation.
|
||||
# 9 -- verbose, good for troubleshooting
|
||||
verb 1
|
||||
|
||||
# Setting 'pull' on the client takes care to get the 'push' durectives
|
||||
# from the server
|
||||
pull
|
||||
@ -18,3 +18,31 @@ password..........: CHtq9MsL93LW
|
||||
key...............: doro.key
|
||||
common name.......: VPN-Kanzlei-Kiel-doro
|
||||
password..........: 20_Doro_16-45
|
||||
|
||||
key...............: bjoern.key
|
||||
common name.......: VPN-Kanzlei-Kiel-bjoern
|
||||
password..........: 99p3LVTds4c3
|
||||
|
||||
key...............: gubitz.key
|
||||
common name.......: VPN-Kanzlei-Kiel-gubitz
|
||||
password..........: hKgJTvx39nH4
|
||||
|
||||
key...............: schaar.key
|
||||
common name.......: VPN-Kanzlei-Kiel-schaar
|
||||
password..........: 7KKXh37wRq9n
|
||||
|
||||
key...............: molkentin.key
|
||||
common name.......: VPN-Kanzlei-Kiel-molkentin
|
||||
password..........: qdJd9C3tR3Vw
|
||||
|
||||
key...............: hh-lucke.key
|
||||
common name.......: VPN-Kanzlei-Kiel-hh-lucke
|
||||
password..........: jMX47zpR9p3P
|
||||
|
||||
key...............: hh-kanzlei.key
|
||||
common name.......: VPN-Kanzlei-Kiel-hh-kanzlei
|
||||
password..........: RcNd7xgFTV9p
|
||||
|
||||
key...............: hh-suesse.key
|
||||
common name.......: VPN-Kanzlei-Kiel-hh-suesse
|
||||
password..........: d9xzRPpmzX73
|
||||
|
||||
98
Kanzlei-Kiel/openvpn/keys/07.pem
Normal file
98
Kanzlei-Kiel/openvpn/keys/07.pem
Normal file
@ -0,0 +1,98 @@
|
||||
Certificate:
|
||||
Data:
|
||||
Version: 3 (0x2)
|
||||
Serial Number: 7 (0x7)
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
|
||||
Validity
|
||||
Not Before: Jun 19 21:36:16 2018 GMT
|
||||
Not After : Jun 19 21:36:16 2038 GMT
|
||||
Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel-bjoern/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
|
||||
Subject Public Key Info:
|
||||
Public Key Algorithm: rsaEncryption
|
||||
Public-Key: (2048 bit)
|
||||
Modulus:
|
||||
00:ac:20:bd:68:e0:56:e4:fa:ce:ec:7d:13:90:51:
|
||||
2e:cc:54:ce:c7:1f:ff:03:2b:52:28:87:d0:97:7b:
|
||||
c3:dc:65:2c:92:ad:fb:3b:1d:42:cb:63:56:8f:1a:
|
||||
38:d8:d9:f0:12:46:9a:1c:21:2b:11:26:f6:02:89:
|
||||
f4:b9:08:c1:e3:2c:81:e6:f3:38:2f:d9:ad:e9:ee:
|
||||
d0:67:12:85:05:14:36:a7:a1:54:60:9f:02:2e:45:
|
||||
42:b7:00:bf:6f:ec:c1:02:04:c9:f2:e1:32:e2:e0:
|
||||
fd:3b:d8:87:9a:79:fc:a3:b8:a0:40:2f:10:4f:7a:
|
||||
39:34:4e:bc:ee:f8:a1:3b:ec:65:b7:80:60:9c:22:
|
||||
77:a9:cb:90:d8:b2:26:96:b6:9a:b8:c6:35:44:8c:
|
||||
69:bf:47:56:d5:f4:e6:ef:28:69:0e:e6:e2:81:9d:
|
||||
bd:8d:3b:8b:24:6b:8c:61:c7:c9:1f:4f:04:84:77:
|
||||
4e:5b:6d:0d:82:e2:09:e5:51:47:a2:8f:10:2a:13:
|
||||
a9:8f:5d:cd:97:1d:42:9d:6a:c3:28:ac:45:f4:b2:
|
||||
73:4d:8f:8a:98:ed:47:cb:7e:a0:8b:5e:f5:93:24:
|
||||
99:f4:c7:b4:6c:8a:a7:d2:b9:06:b3:c7:21:5b:96:
|
||||
27:6c:bc:10:25:c6:9a:2c:22:19:78:11:1d:15:01:
|
||||
b8:73
|
||||
Exponent: 65537 (0x10001)
|
||||
X509v3 extensions:
|
||||
X509v3 Basic Constraints:
|
||||
CA:FALSE
|
||||
Netscape Comment:
|
||||
Easy-RSA Generated Certificate
|
||||
X509v3 Subject Key Identifier:
|
||||
58:B2:90:25:77:06:EA:49:01:5B:1A:3D:F2:B9:AF:6D:C3:D9:44:B6
|
||||
X509v3 Authority Key Identifier:
|
||||
keyid:4E:82:1E:14:81:EB:9B:C8:71:2C:B1:22:68:90:BF:EE:D9:D4:FF:D4
|
||||
DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
|
||||
serial:FE:59:AD:5E:BE:90:05:3E
|
||||
|
||||
X509v3 Extended Key Usage:
|
||||
TLS Web Client Authentication
|
||||
X509v3 Key Usage:
|
||||
Digital Signature
|
||||
X509v3 Subject Alternative Name:
|
||||
DNS:bjoern
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
74:2a:65:11:6b:d4:23:6b:35:7f:29:fd:55:26:71:90:bd:fc:
|
||||
d2:29:81:47:61:5b:66:5b:84:61:fc:c4:c7:4a:7a:9f:c6:04:
|
||||
e3:82:89:40:c8:0d:2d:d3:92:04:53:e2:a4:b3:d3:d7:a2:1f:
|
||||
03:d0:86:13:7a:b8:bf:70:80:ac:3f:59:f2:ae:f5:2c:7b:da:
|
||||
ea:94:e1:e2:97:58:02:d8:9e:b2:b2:26:06:14:f2:8a:cd:b4:
|
||||
61:73:69:61:d1:61:98:4f:7d:29:7e:3b:d0:df:65:02:84:7b:
|
||||
bf:93:12:3e:9f:2e:07:92:d5:cb:6a:56:0a:e7:ca:c8:fa:8e:
|
||||
a0:4c:41:cc:97:6f:c1:48:78:33:c4:fa:4e:6f:18:4e:34:d5:
|
||||
42:5e:24:bc:88:92:e9:c3:a9:f0:52:5d:ab:ac:1f:67:c0:75:
|
||||
cc:30:8a:40:f7:a4:37:1e:4d:39:ea:c3:61:11:61:b4:d4:c3:
|
||||
79:19:b8:d3:01:95:e5:e3:7e:57:29:34:2f:61:2b:e1:df:45:
|
||||
9a:85:7a:17:63:8f:c5:d9:b0:3b:3a:55:46:a5:37:ae:dc:7d:
|
||||
a0:89:dd:df:11:a8:c5:fa:7d:d4:db:95:45:1a:c4:11:6f:f4:
|
||||
43:04:d3:2c:3f:d7:83:7d:81:7d:37:98:36:b6:cc:25:db:80:
|
||||
85:bb:5a:ab
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIFbDCCBFSgAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
|
||||
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
|
||||
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
|
||||
bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
|
||||
CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xODA2MTkyMTM2MTZaFw0zODA2MTky
|
||||
MTM2MTZaMIG7MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
|
||||
EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
|
||||
aWNlczEgMB4GA1UEAxMXVlBOLUthbnpsZWktS2llbC1iam9lcm4xGTAXBgNVBCkT
|
||||
EFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Bl
|
||||
bi5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKwgvWjgVuT6zux9
|
||||
E5BRLsxUzscf/wMrUiiH0Jd7w9xlLJKt+zsdQstjVo8aONjZ8BJGmhwhKxEm9gKJ
|
||||
9LkIweMsgebzOC/Zrenu0GcShQUUNqehVGCfAi5FQrcAv2/swQIEyfLhMuLg/TvY
|
||||
h5p5/KO4oEAvEE96OTROvO74oTvsZbeAYJwid6nLkNiyJpa2mrjGNUSMab9HVtX0
|
||||
5u8oaQ7m4oGdvY07iyRrjGHHyR9PBIR3TlttDYLiCeVRR6KPECoTqY9dzZcdQp1q
|
||||
wyisRfSyc02PipjtR8t+oIte9ZMkmfTHtGyKp9K5BrPHIVuWJ2y8ECXGmiwiGXgR
|
||||
HRUBuHMCAwEAAaOCAX4wggF6MAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVh
|
||||
c3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUWLKQJXcG6kkB
|
||||
Wxo98rmvbcPZRLYwgekGA1UdIwSB4TCB3oAUToIeFIHrm8hxLLEiaJC/7tnU/9Sh
|
||||
gbqkgbcwgbQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcT
|
||||
BkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZp
|
||||
Y2VzMRkwFwYDVQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQpExBWUE4gS2Fu
|
||||
emxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGWCCQD+
|
||||
Wa1evpAFPjATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEQYDVR0R
|
||||
BAowCIIGYmpvZXJuMA0GCSqGSIb3DQEBCwUAA4IBAQB0KmURa9QjazV/Kf1VJnGQ
|
||||
vfzSKYFHYVtmW4Rh/MTHSnqfxgTjgolAyA0t05IEU+Kks9PXoh8D0IYTeri/cICs
|
||||
P1nyrvUse9rqlOHil1gC2J6ysiYGFPKKzbRhc2lh0WGYT30pfjvQ32UChHu/kxI+
|
||||
ny4HktXLalYK58rI+o6gTEHMl2/BSHgzxPpObxhONNVCXiS8iJLpw6nwUl2rrB9n
|
||||
wHXMMIpA96Q3Hk056sNhEWG01MN5GbjTAZXl435XKTQvYSvh30WahXoXY4/F2bA7
|
||||
OlVGpTeu3H2gid3fEajF+n3U25VFGsQRb/RDBNMsP9eDfYF9N5g2tswl24CFu1qr
|
||||
-----END CERTIFICATE-----
|
||||
98
Kanzlei-Kiel/openvpn/keys/08.pem
Normal file
98
Kanzlei-Kiel/openvpn/keys/08.pem
Normal file
@ -0,0 +1,98 @@
|
||||
Certificate:
|
||||
Data:
|
||||
Version: 3 (0x2)
|
||||
Serial Number: 8 (0x8)
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
|
||||
Validity
|
||||
Not Before: Jun 19 21:37:57 2018 GMT
|
||||
Not After : Jun 19 21:37:57 2038 GMT
|
||||
Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel-gubitz/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
|
||||
Subject Public Key Info:
|
||||
Public Key Algorithm: rsaEncryption
|
||||
Public-Key: (2048 bit)
|
||||
Modulus:
|
||||
00:c7:78:4c:34:f5:53:5d:e7:df:26:42:1d:12:44:
|
||||
e3:ba:a3:94:df:e4:95:78:0d:cf:6e:e4:10:fa:e7:
|
||||
db:8c:8a:38:21:44:1e:3b:75:45:f2:93:2e:d5:54:
|
||||
16:f4:49:7d:08:16:1b:e7:a0:0e:c3:30:76:c5:7c:
|
||||
77:40:10:e7:e9:26:66:f4:bc:bd:2a:13:1e:bc:26:
|
||||
3c:4c:71:10:02:b0:f3:ee:4a:21:47:49:21:48:40:
|
||||
ac:4d:b9:b7:68:1f:8a:33:a6:b6:45:c8:b7:3b:af:
|
||||
25:14:b9:20:ff:8a:93:b4:6b:5f:3f:26:ef:f6:92:
|
||||
2d:26:2a:e5:20:06:c6:23:e1:9c:d5:0c:94:7e:b1:
|
||||
e7:18:71:f4:8a:3b:84:34:85:f0:ad:d3:72:52:ef:
|
||||
98:92:33:3f:3c:77:b5:d1:4c:10:2b:1a:f5:f6:1b:
|
||||
71:c1:df:5b:51:82:9f:42:c4:28:95:71:d0:41:a6:
|
||||
01:7b:e8:5f:d1:35:e4:f1:b8:a2:d5:e9:8f:47:b0:
|
||||
e8:48:c9:18:f1:97:64:c6:0d:a0:7a:b0:fb:d4:72:
|
||||
fb:af:a1:1d:b4:23:3a:dd:c8:c6:e6:06:2b:9b:fa:
|
||||
be:2f:da:f3:47:63:ba:11:72:55:ab:81:e3:aa:49:
|
||||
99:73:b2:e4:51:de:88:31:1c:f3:91:75:53:e6:d3:
|
||||
e9:4f
|
||||
Exponent: 65537 (0x10001)
|
||||
X509v3 extensions:
|
||||
X509v3 Basic Constraints:
|
||||
CA:FALSE
|
||||
Netscape Comment:
|
||||
Easy-RSA Generated Certificate
|
||||
X509v3 Subject Key Identifier:
|
||||
B1:B8:24:97:81:1A:7C:83:4A:91:E7:BC:C2:B1:8F:09:F1:95:FD:79
|
||||
X509v3 Authority Key Identifier:
|
||||
keyid:4E:82:1E:14:81:EB:9B:C8:71:2C:B1:22:68:90:BF:EE:D9:D4:FF:D4
|
||||
DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
|
||||
serial:FE:59:AD:5E:BE:90:05:3E
|
||||
|
||||
X509v3 Extended Key Usage:
|
||||
TLS Web Client Authentication
|
||||
X509v3 Key Usage:
|
||||
Digital Signature
|
||||
X509v3 Subject Alternative Name:
|
||||
DNS:gubitz
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
a1:a6:9b:bc:16:5a:b4:bb:bd:a5:c1:91:3f:02:8f:06:2d:4b:
|
||||
be:76:f5:09:3f:54:59:ab:b0:d2:93:ec:63:f9:22:62:af:5d:
|
||||
eb:8a:a3:07:8c:10:92:e4:ea:a3:28:7b:3b:9d:5e:53:5a:09:
|
||||
f2:31:c9:1f:b0:ca:d0:03:f2:e3:4a:03:33:f7:4a:6e:43:57:
|
||||
37:4a:ce:ca:58:f9:d5:22:c2:0a:1a:7d:c6:68:1e:5a:90:49:
|
||||
66:ab:c8:83:60:c7:4c:52:32:5b:c3:60:68:e0:48:28:55:29:
|
||||
1b:8c:4d:26:29:d2:ab:2a:6e:82:ad:fb:d6:ef:c9:02:9f:b8:
|
||||
9c:ab:ee:0e:0d:bc:5b:53:19:c7:9e:21:85:56:b1:dc:b7:70:
|
||||
b4:b4:2e:e0:58:d8:9a:d3:49:82:f5:a8:46:60:c8:6e:54:84:
|
||||
72:ae:7e:15:59:87:ca:20:66:2e:97:d3:03:fb:ed:5c:6c:54:
|
||||
c4:67:e1:ed:02:ef:d2:b3:f1:8b:24:c3:90:32:51:d7:aa:e1:
|
||||
15:ea:5e:ca:13:48:f2:ce:6b:27:64:fc:e6:18:3d:7f:9f:db:
|
||||
23:69:25:ba:86:10:ef:85:da:43:78:75:a1:96:4f:3f:76:cd:
|
||||
1f:cd:5b:2a:6b:be:3b:1d:b8:22:c5:8e:3c:ac:5f:a6:d6:5f:
|
||||
39:76:df:cf
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIFbDCCBFSgAwIBAgIBCDANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
|
||||
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
|
||||
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
|
||||
bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
|
||||
CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xODA2MTkyMTM3NTdaFw0zODA2MTky
|
||||
MTM3NTdaMIG7MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
|
||||
EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
|
||||
aWNlczEgMB4GA1UEAxMXVlBOLUthbnpsZWktS2llbC1ndWJpdHoxGTAXBgNVBCkT
|
||||
EFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Bl
|
||||
bi5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMd4TDT1U13n3yZC
|
||||
HRJE47qjlN/klXgNz27kEPrn24yKOCFEHjt1RfKTLtVUFvRJfQgWG+egDsMwdsV8
|
||||
d0AQ5+kmZvS8vSoTHrwmPExxEAKw8+5KIUdJIUhArE25t2gfijOmtkXItzuvJRS5
|
||||
IP+Kk7RrXz8m7/aSLSYq5SAGxiPhnNUMlH6x5xhx9Io7hDSF8K3TclLvmJIzPzx3
|
||||
tdFMECsa9fYbccHfW1GCn0LEKJVx0EGmAXvoX9E15PG4otXpj0ew6EjJGPGXZMYN
|
||||
oHqw+9Ry+6+hHbQjOt3IxuYGK5v6vi/a80djuhFyVauB46pJmXOy5FHeiDEc85F1
|
||||
U+bT6U8CAwEAAaOCAX4wggF6MAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVh
|
||||
c3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUsbgkl4EafINK
|
||||
kee8wrGPCfGV/XkwgekGA1UdIwSB4TCB3oAUToIeFIHrm8hxLLEiaJC/7tnU/9Sh
|
||||
gbqkgbcwgbQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcT
|
||||
BkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZp
|
||||
Y2VzMRkwFwYDVQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQpExBWUE4gS2Fu
|
||||
emxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGWCCQD+
|
||||
Wa1evpAFPjATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEQYDVR0R
|
||||
BAowCIIGZ3ViaXR6MA0GCSqGSIb3DQEBCwUAA4IBAQChppu8Flq0u72lwZE/Ao8G
|
||||
LUu+dvUJP1RZq7DSk+xj+SJir13riqMHjBCS5OqjKHs7nV5TWgnyMckfsMrQA/Lj
|
||||
SgMz90puQ1c3Ss7KWPnVIsIKGn3GaB5akElmq8iDYMdMUjJbw2Bo4EgoVSkbjE0m
|
||||
KdKrKm6CrfvW78kCn7icq+4ODbxbUxnHniGFVrHct3C0tC7gWNia00mC9ahGYMhu
|
||||
VIRyrn4VWYfKIGYul9MD++1cbFTEZ+HtAu/Ss/GLJMOQMlHXquEV6l7KE0jyzmsn
|
||||
ZPzmGD1/n9sjaSW6hhDvhdpDeHWhlk8/ds0fzVsqa747HbgixY48rF+m1l85dt/P
|
||||
-----END CERTIFICATE-----
|
||||
98
Kanzlei-Kiel/openvpn/keys/09.pem
Normal file
98
Kanzlei-Kiel/openvpn/keys/09.pem
Normal file
@ -0,0 +1,98 @@
|
||||
Certificate:
|
||||
Data:
|
||||
Version: 3 (0x2)
|
||||
Serial Number: 9 (0x9)
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
|
||||
Validity
|
||||
Not Before: Jun 19 21:40:21 2018 GMT
|
||||
Not After : Jun 19 21:40:21 2038 GMT
|
||||
Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel-schaar/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
|
||||
Subject Public Key Info:
|
||||
Public Key Algorithm: rsaEncryption
|
||||
Public-Key: (2048 bit)
|
||||
Modulus:
|
||||
00:a0:25:f4:ac:2b:24:46:38:f2:46:ce:5e:d1:ba:
|
||||
bf:11:b1:a7:c0:27:39:97:ba:88:5c:a6:f8:a0:02:
|
||||
c9:75:f4:ae:52:5c:91:38:85:ae:9b:4a:97:80:86:
|
||||
4d:da:dc:cf:fe:d3:d8:5e:75:83:56:4b:1e:42:3d:
|
||||
55:0d:9a:2c:30:7e:51:c8:e8:bb:45:99:c2:f2:76:
|
||||
51:e8:a0:62:5b:7c:2d:44:91:78:ce:ea:0b:9a:dc:
|
||||
a1:90:87:4e:02:83:50:65:2b:ff:ef:12:b5:ee:e7:
|
||||
61:81:89:23:f6:b9:54:3b:dd:09:d0:7c:a3:c6:3f:
|
||||
fb:ed:ea:46:92:e1:68:c9:6e:11:30:1a:2e:3d:cf:
|
||||
f1:c1:81:be:de:df:71:e3:f4:be:a2:fa:50:9f:75:
|
||||
ea:89:43:d9:b5:93:67:10:fb:2c:8b:b2:84:24:73:
|
||||
e3:b3:19:ce:b9:14:c5:09:8f:dc:73:7a:3c:8e:87:
|
||||
c6:97:be:e2:dc:ed:d4:65:ab:42:79:b0:18:2c:95:
|
||||
b3:aa:c4:b9:91:17:7b:f1:8f:bd:f0:f5:59:12:7a:
|
||||
88:5c:09:76:19:a9:7c:67:86:0f:65:d5:5e:a8:a8:
|
||||
60:ce:c4:a5:be:71:c5:9c:b9:4c:1b:81:a0:3b:ee:
|
||||
59:90:1b:7e:19:a0:be:1e:f3:5c:22:7d:70:a6:9b:
|
||||
dc:9b
|
||||
Exponent: 65537 (0x10001)
|
||||
X509v3 extensions:
|
||||
X509v3 Basic Constraints:
|
||||
CA:FALSE
|
||||
Netscape Comment:
|
||||
Easy-RSA Generated Certificate
|
||||
X509v3 Subject Key Identifier:
|
||||
B7:64:B2:13:73:54:E0:94:2D:2A:3D:8F:12:0A:82:1B:D7:17:A6:71
|
||||
X509v3 Authority Key Identifier:
|
||||
keyid:4E:82:1E:14:81:EB:9B:C8:71:2C:B1:22:68:90:BF:EE:D9:D4:FF:D4
|
||||
DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
|
||||
serial:FE:59:AD:5E:BE:90:05:3E
|
||||
|
||||
X509v3 Extended Key Usage:
|
||||
TLS Web Client Authentication
|
||||
X509v3 Key Usage:
|
||||
Digital Signature
|
||||
X509v3 Subject Alternative Name:
|
||||
DNS:schaar
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
94:75:9e:6c:af:c0:e5:c3:d3:17:3c:01:fa:15:ce:ae:37:df:
|
||||
b4:30:7a:1c:1c:0e:a0:a8:bd:fd:c2:f9:f2:56:fc:ff:2b:97:
|
||||
a8:1a:25:12:a1:71:5a:82:ce:30:56:3f:20:5e:dd:32:76:9a:
|
||||
bc:f7:71:91:f0:38:53:28:7e:ce:69:28:3c:e3:0b:f3:ad:37:
|
||||
d6:23:16:07:f7:c2:42:12:93:20:55:72:ae:67:31:cb:81:18:
|
||||
1e:8b:04:e0:e4:b7:91:ad:3e:71:1b:0a:30:a4:1c:ba:c2:3b:
|
||||
61:09:48:c4:8d:24:55:07:50:77:1e:e1:3a:75:83:48:25:29:
|
||||
d1:77:60:26:bf:e6:0d:a1:72:54:c1:28:58:af:bc:f2:dd:65:
|
||||
9a:47:f1:a4:10:ff:cb:78:c9:f5:13:3b:e4:5a:a4:0f:a5:d8:
|
||||
78:5e:0e:e7:8b:b9:61:df:e1:72:b7:5f:3b:f5:de:ba:e6:a9:
|
||||
70:58:68:3c:42:11:f2:c3:b0:6e:d5:7f:26:99:9d:91:d3:97:
|
||||
f4:60:56:64:57:df:48:2d:21:18:01:be:79:c3:fc:3e:4f:fe:
|
||||
d1:cd:f3:71:13:5f:76:e9:ab:f4:18:78:40:32:be:b2:6d:72:
|
||||
b1:00:17:f5:b7:7d:d2:6b:d4:46:66:2c:d3:63:f2:f0:eb:7e:
|
||||
65:fe:5a:aa
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIFbDCCBFSgAwIBAgIBCTANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
|
||||
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
|
||||
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
|
||||
bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
|
||||
CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xODA2MTkyMTQwMjFaFw0zODA2MTky
|
||||
MTQwMjFaMIG7MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
|
||||
EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
|
||||
aWNlczEgMB4GA1UEAxMXVlBOLUthbnpsZWktS2llbC1zY2hhYXIxGTAXBgNVBCkT
|
||||
EFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Bl
|
||||
bi5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKAl9KwrJEY48kbO
|
||||
XtG6vxGxp8AnOZe6iFym+KACyXX0rlJckTiFrptKl4CGTdrcz/7T2F51g1ZLHkI9
|
||||
VQ2aLDB+Ucjou0WZwvJ2UeigYlt8LUSReM7qC5rcoZCHTgKDUGUr/+8Ste7nYYGJ
|
||||
I/a5VDvdCdB8o8Y/++3qRpLhaMluETAaLj3P8cGBvt7fceP0vqL6UJ916olD2bWT
|
||||
ZxD7LIuyhCRz47MZzrkUxQmP3HN6PI6Hxpe+4tzt1GWrQnmwGCyVs6rEuZEXe/GP
|
||||
vfD1WRJ6iFwJdhmpfGeGD2XVXqioYM7Epb5xxZy5TBuBoDvuWZAbfhmgvh7zXCJ9
|
||||
cKab3JsCAwEAAaOCAX4wggF6MAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVh
|
||||
c3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUt2SyE3NU4JQt
|
||||
Kj2PEgqCG9cXpnEwgekGA1UdIwSB4TCB3oAUToIeFIHrm8hxLLEiaJC/7tnU/9Sh
|
||||
gbqkgbcwgbQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcT
|
||||
BkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZp
|
||||
Y2VzMRkwFwYDVQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQpExBWUE4gS2Fu
|
||||
emxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGWCCQD+
|
||||
Wa1evpAFPjATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEQYDVR0R
|
||||
BAowCIIGc2NoYWFyMA0GCSqGSIb3DQEBCwUAA4IBAQCUdZ5sr8Dlw9MXPAH6Fc6u
|
||||
N9+0MHocHA6gqL39wvnyVvz/K5eoGiUSoXFags4wVj8gXt0ydpq893GR8DhTKH7O
|
||||
aSg84wvzrTfWIxYH98JCEpMgVXKuZzHLgRgeiwTg5LeRrT5xGwowpBy6wjthCUjE
|
||||
jSRVB1B3HuE6dYNIJSnRd2Amv+YNoXJUwShYr7zy3WWaR/GkEP/LeMn1EzvkWqQP
|
||||
pdh4Xg7ni7lh3+Fyt1879d665qlwWGg8QhHyw7Bu1X8mmZ2R05f0YFZkV99ILSEY
|
||||
Ab55w/w+T/7RzfNxE1926av0GHhAMr6ybXKxABf1t33Sa9RGZizTY/Lw635l/lqq
|
||||
-----END CERTIFICATE-----
|
||||
99
Kanzlei-Kiel/openvpn/keys/0A.pem
Normal file
99
Kanzlei-Kiel/openvpn/keys/0A.pem
Normal file
@ -0,0 +1,99 @@
|
||||
Certificate:
|
||||
Data:
|
||||
Version: 3 (0x2)
|
||||
Serial Number: 10 (0xa)
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
|
||||
Validity
|
||||
Not Before: Jun 19 21:41:53 2018 GMT
|
||||
Not After : Jun 19 21:41:53 2038 GMT
|
||||
Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel-molkentin/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
|
||||
Subject Public Key Info:
|
||||
Public Key Algorithm: rsaEncryption
|
||||
Public-Key: (2048 bit)
|
||||
Modulus:
|
||||
00:c6:6a:c0:92:83:b5:0c:46:87:8e:7e:c3:2c:87:
|
||||
b5:55:19:43:ea:91:84:b0:20:2e:9f:c5:64:5a:58:
|
||||
e9:7c:f5:95:26:3c:34:86:c4:1d:23:e9:78:7d:10:
|
||||
7d:84:b8:29:14:ff:00:cb:13:3a:a2:fb:cc:0c:bd:
|
||||
9e:5b:99:1b:c6:0b:aa:47:27:8b:f3:61:0c:36:a2:
|
||||
cc:f1:fd:c6:4d:cc:b1:da:e9:7b:93:76:53:52:99:
|
||||
90:27:5d:0f:5d:8e:1e:4c:1a:fe:28:17:dc:cd:1e:
|
||||
f3:19:7b:38:26:2a:b4:33:80:d0:38:7e:80:e6:6e:
|
||||
e9:ee:69:6b:8b:58:22:4b:36:b6:7b:17:0b:a0:8a:
|
||||
d4:f3:c4:76:01:a4:ad:1c:87:dd:65:6a:40:de:69:
|
||||
cb:4e:25:10:c6:4c:f9:df:94:11:78:12:e6:74:15:
|
||||
b1:2b:e7:41:08:50:c6:dd:31:f4:98:80:6f:ef:82:
|
||||
17:68:1e:ab:59:0c:d8:72:54:1d:6b:09:2e:9f:88:
|
||||
27:90:76:e1:97:4f:db:5b:ef:e1:af:4c:10:3f:eb:
|
||||
51:e6:a7:82:b8:95:c6:3d:19:a6:1e:16:f6:2f:f7:
|
||||
6d:8b:4c:9d:ee:aa:32:3b:a6:73:67:0e:b8:01:8d:
|
||||
28:44:8d:05:2a:3c:9e:51:3f:09:d0:5e:44:d8:dc:
|
||||
47:cd
|
||||
Exponent: 65537 (0x10001)
|
||||
X509v3 extensions:
|
||||
X509v3 Basic Constraints:
|
||||
CA:FALSE
|
||||
Netscape Comment:
|
||||
Easy-RSA Generated Certificate
|
||||
X509v3 Subject Key Identifier:
|
||||
72:5D:8B:B1:D0:0D:18:39:9B:B2:C1:ED:D8:3B:2C:30:45:B7:F3:16
|
||||
X509v3 Authority Key Identifier:
|
||||
keyid:4E:82:1E:14:81:EB:9B:C8:71:2C:B1:22:68:90:BF:EE:D9:D4:FF:D4
|
||||
DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
|
||||
serial:FE:59:AD:5E:BE:90:05:3E
|
||||
|
||||
X509v3 Extended Key Usage:
|
||||
TLS Web Client Authentication
|
||||
X509v3 Key Usage:
|
||||
Digital Signature
|
||||
X509v3 Subject Alternative Name:
|
||||
DNS:molkentin
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
44:50:10:96:65:54:09:d1:a9:b7:b0:0f:4d:50:45:4a:ec:a7:
|
||||
eb:fb:17:15:44:be:0e:b1:70:2c:05:d7:46:ee:ea:59:3a:92:
|
||||
52:f2:88:e5:11:86:c2:34:5a:94:92:28:74:b4:6b:e3:31:d1:
|
||||
d3:4d:c8:bf:2a:6a:1a:1d:51:ca:a4:c9:bb:a4:6d:c3:89:6f:
|
||||
af:9c:68:05:70:ef:69:55:a9:0b:2e:30:1d:a4:e8:d2:a5:53:
|
||||
e1:51:82:80:db:7e:ab:1e:90:8a:9b:c5:a7:6c:fd:cd:6d:89:
|
||||
41:79:a2:ae:f9:1b:19:83:29:98:2e:86:d6:c3:97:de:58:b3:
|
||||
0a:34:b1:73:9a:ed:2a:9e:18:a9:7b:fa:9d:0c:fe:9c:b4:68:
|
||||
ee:de:7c:2d:40:4c:21:e2:be:19:ef:eb:91:e3:11:1f:55:9a:
|
||||
da:2f:0d:b1:fb:b1:30:ae:83:30:bb:ef:18:64:5e:57:de:6f:
|
||||
b7:ca:58:06:06:4a:29:1a:25:f5:71:4a:39:4a:83:44:d7:d8:
|
||||
62:ea:31:18:2b:d1:ec:4f:3e:4b:b1:82:41:76:10:7f:7c:e4:
|
||||
95:28:e6:3e:e0:c3:82:d8:87:db:56:0a:4d:ad:cc:22:05:d1:
|
||||
76:0a:b9:d9:0b:08:3d:35:34:d2:e7:25:a9:6a:e8:aa:3d:e3:
|
||||
c1:70:00:2a
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIFcjCCBFqgAwIBAgIBCjANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
|
||||
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
|
||||
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
|
||||
bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
|
||||
CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xODA2MTkyMTQxNTNaFw0zODA2MTky
|
||||
MTQxNTNaMIG+MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
|
||||
EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
|
||||
aWNlczEjMCEGA1UEAxMaVlBOLUthbnpsZWktS2llbC1tb2xrZW50aW4xGTAXBgNV
|
||||
BCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBv
|
||||
b3Blbi5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMZqwJKDtQxG
|
||||
h45+wyyHtVUZQ+qRhLAgLp/FZFpY6Xz1lSY8NIbEHSPpeH0QfYS4KRT/AMsTOqL7
|
||||
zAy9nluZG8YLqkcni/NhDDaizPH9xk3Msdrpe5N2U1KZkCddD12OHkwa/igX3M0e
|
||||
8xl7OCYqtDOA0Dh+gOZu6e5pa4tYIks2tnsXC6CK1PPEdgGkrRyH3WVqQN5py04l
|
||||
EMZM+d+UEXgS5nQVsSvnQQhQxt0x9JiAb++CF2geq1kM2HJUHWsJLp+IJ5B24ZdP
|
||||
21vv4a9MED/rUeangriVxj0Zph4W9i/3bYtMne6qMjumc2cOuAGNKESNBSo8nlE/
|
||||
CdBeRNjcR80CAwEAAaOCAYEwggF9MAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAW
|
||||
HkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUcl2LsdAN
|
||||
GDmbssHt2DssMEW38xYwgekGA1UdIwSB4TCB3oAUToIeFIHrm8hxLLEiaJC/7tnU
|
||||
/9ShgbqkgbcwgbQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNV
|
||||
BAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3JrIFNl
|
||||
cnZpY2VzMRkwFwYDVQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQpExBWUE4g
|
||||
S2FuemxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGWC
|
||||
CQD+Wa1evpAFPjATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwFAYD
|
||||
VR0RBA0wC4IJbW9sa2VudGluMA0GCSqGSIb3DQEBCwUAA4IBAQBEUBCWZVQJ0am3
|
||||
sA9NUEVK7Kfr+xcVRL4OsXAsBddG7upZOpJS8ojlEYbCNFqUkih0tGvjMdHTTci/
|
||||
KmoaHVHKpMm7pG3DiW+vnGgFcO9pVakLLjAdpOjSpVPhUYKA236rHpCKm8WnbP3N
|
||||
bYlBeaKu+RsZgymYLobWw5feWLMKNLFzmu0qnhipe/qdDP6ctGju3nwtQEwh4r4Z
|
||||
7+uR4xEfVZraLw2x+7EwroMwu+8YZF5X3m+3ylgGBkopGiX1cUo5SoNE19hi6jEY
|
||||
K9HsTz5LsYJBdhB/fOSVKOY+4MOC2IfbVgpNrcwiBdF2CrnZCwg9NTTS5yWpauiq
|
||||
PePBcAAq
|
||||
-----END CERTIFICATE-----
|
||||
99
Kanzlei-Kiel/openvpn/keys/0B.pem
Normal file
99
Kanzlei-Kiel/openvpn/keys/0B.pem
Normal file
@ -0,0 +1,99 @@
|
||||
Certificate:
|
||||
Data:
|
||||
Version: 3 (0x2)
|
||||
Serial Number: 11 (0xb)
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
|
||||
Validity
|
||||
Not Before: Jun 20 01:15:46 2018 GMT
|
||||
Not After : Jun 20 01:15:46 2038 GMT
|
||||
Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel-hh-lucke/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
|
||||
Subject Public Key Info:
|
||||
Public Key Algorithm: rsaEncryption
|
||||
Public-Key: (2048 bit)
|
||||
Modulus:
|
||||
00:a7:2f:9f:e8:e6:6e:8e:31:9d:3a:49:d8:b1:bc:
|
||||
23:04:0e:6d:a2:ab:2a:19:79:12:74:c9:a8:ff:1c:
|
||||
42:61:cd:8a:16:23:b9:50:e0:ee:50:74:77:47:46:
|
||||
52:5d:aa:2b:53:0e:6a:ef:35:6c:03:5c:3f:23:14:
|
||||
c9:88:f6:80:bc:50:79:9b:64:42:14:f0:e9:fc:a6:
|
||||
f5:37:a2:9d:46:ce:39:7d:62:a4:82:a7:f4:aa:d8:
|
||||
2e:6e:4f:8f:6a:e6:54:26:a2:21:b3:b6:4c:9c:e1:
|
||||
ae:13:9a:82:c5:2f:a0:a5:e5:58:72:2f:c5:88:96:
|
||||
d4:f8:84:19:1e:cd:7a:cf:0b:0d:81:1a:72:61:ed:
|
||||
b6:e4:1c:68:be:c5:c1:bc:82:7c:17:91:20:81:b1:
|
||||
59:62:8f:1b:05:cf:30:84:14:e5:2b:27:64:f0:26:
|
||||
79:48:ef:4e:6c:87:2b:1e:68:81:5d:b7:c5:35:8e:
|
||||
6b:9b:18:2c:ca:3e:34:44:7d:21:86:59:ff:cd:75:
|
||||
0a:e7:d5:81:82:0d:a4:3a:18:ab:7f:44:69:c0:58:
|
||||
9e:78:28:39:c4:21:75:35:33:6f:a5:12:9f:0e:14:
|
||||
19:aa:3d:a1:d2:fc:9e:94:df:4b:0d:9b:3f:2f:d6:
|
||||
c6:1e:83:6e:df:15:a5:39:73:e2:f9:b3:ca:21:91:
|
||||
62:bd
|
||||
Exponent: 65537 (0x10001)
|
||||
X509v3 extensions:
|
||||
X509v3 Basic Constraints:
|
||||
CA:FALSE
|
||||
Netscape Comment:
|
||||
Easy-RSA Generated Certificate
|
||||
X509v3 Subject Key Identifier:
|
||||
12:18:6F:92:EF:06:74:57:8F:A5:A6:3B:89:B8:F9:CB:0A:B0:88:9A
|
||||
X509v3 Authority Key Identifier:
|
||||
keyid:4E:82:1E:14:81:EB:9B:C8:71:2C:B1:22:68:90:BF:EE:D9:D4:FF:D4
|
||||
DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
|
||||
serial:FE:59:AD:5E:BE:90:05:3E
|
||||
|
||||
X509v3 Extended Key Usage:
|
||||
TLS Web Client Authentication
|
||||
X509v3 Key Usage:
|
||||
Digital Signature
|
||||
X509v3 Subject Alternative Name:
|
||||
DNS:hh-lucke
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
58:2f:90:af:27:6c:82:c5:d0:09:54:34:2d:95:1d:dd:eb:35:
|
||||
35:2e:82:95:33:e4:63:bf:9f:fc:26:58:5a:91:50:3f:ca:96:
|
||||
dd:d0:77:5b:e4:b7:de:a4:51:70:eb:f2:5c:fd:66:f2:4e:3c:
|
||||
d0:41:5e:8c:25:ca:a8:ef:1c:51:d2:ad:0c:3e:20:15:97:1c:
|
||||
a7:ec:d6:5c:a6:99:a6:63:23:1a:6e:96:7a:9a:9f:86:00:dd:
|
||||
b4:a7:0d:d9:77:4a:be:0c:28:c3:2f:7a:73:d2:4f:ef:c6:f4:
|
||||
8a:01:b0:7e:e2:3c:6d:41:7f:75:58:07:32:59:13:e9:7f:8f:
|
||||
22:19:7b:ec:e1:21:d9:b3:54:6e:97:de:36:53:c2:8e:bd:be:
|
||||
7b:bd:26:09:57:07:8e:2d:3a:d0:3e:d3:97:8b:a1:e2:91:c9:
|
||||
c2:2d:89:20:d2:e4:65:f8:77:9b:5c:4f:bd:05:3b:87:e2:bd:
|
||||
0f:76:7d:93:f2:0b:ef:2c:45:74:06:3e:ea:d9:86:f1:55:23:
|
||||
8a:00:c2:ed:c3:79:34:7d:bd:c8:0c:c2:e5:f4:b2:28:ed:71:
|
||||
74:39:1c:f2:cf:ac:f0:38:b9:b9:f4:41:35:58:1c:6d:f9:4f:
|
||||
ce:1e:ed:ee:f7:06:95:f9:4e:7f:c1:aa:d7:3e:52:84:72:01:
|
||||
65:0d:b5:26
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIFcDCCBFigAwIBAgIBCzANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
|
||||
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
|
||||
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
|
||||
bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
|
||||
CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xODA2MjAwMTE1NDZaFw0zODA2MjAw
|
||||
MTE1NDZaMIG9MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
|
||||
EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
|
||||
aWNlczEiMCAGA1UEAxMZVlBOLUthbnpsZWktS2llbC1oaC1sdWNrZTEZMBcGA1UE
|
||||
KRMQVlBOIEthbnpsZWkgS2llbDEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9v
|
||||
cGVuLmRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApy+f6OZujjGd
|
||||
OknYsbwjBA5toqsqGXkSdMmo/xxCYc2KFiO5UODuUHR3R0ZSXaorUw5q7zVsA1w/
|
||||
IxTJiPaAvFB5m2RCFPDp/Kb1N6KdRs45fWKkgqf0qtgubk+PauZUJqIhs7ZMnOGu
|
||||
E5qCxS+gpeVYci/FiJbU+IQZHs16zwsNgRpyYe225BxovsXBvIJ8F5EggbFZYo8b
|
||||
Bc8whBTlKydk8CZ5SO9ObIcrHmiBXbfFNY5rmxgsyj40RH0hhln/zXUK59WBgg2k
|
||||
Ohirf0RpwFieeCg5xCF1NTNvpRKfDhQZqj2h0vyelN9LDZs/L9bGHoNu3xWlOXPi
|
||||
+bPKIZFivQIDAQABo4IBgDCCAXwwCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYe
|
||||
RWFzeS1SU0EgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBQSGG+S7wZ0
|
||||
V4+lpjuJuPnLCrCImjCB6QYDVR0jBIHhMIHegBROgh4UgeubyHEssSJokL/u2dT/
|
||||
1KGBuqSBtzCBtDELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UE
|
||||
BxMGQmVybGluMQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2Vy
|
||||
dmljZXMxGTAXBgNVBAMTEFZQTi1LYW56bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBL
|
||||
YW56bGVpIEtpZWwxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZYIJ
|
||||
AP5ZrV6+kAU+MBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDATBgNV
|
||||
HREEDDAKgghoaC1sdWNrZTANBgkqhkiG9w0BAQsFAAOCAQEAWC+QrydsgsXQCVQ0
|
||||
LZUd3es1NS6ClTPkY7+f/CZYWpFQP8qW3dB3W+S33qRRcOvyXP1m8k480EFejCXK
|
||||
qO8cUdKtDD4gFZccp+zWXKaZpmMjGm6WepqfhgDdtKcN2XdKvgwowy96c9JP78b0
|
||||
igGwfuI8bUF/dVgHMlkT6X+PIhl77OEh2bNUbpfeNlPCjr2+e70mCVcHji060D7T
|
||||
l4uh4pHJwi2JINLkZfh3m1xPvQU7h+K9D3Z9k/IL7yxFdAY+6tmG8VUjigDC7cN5
|
||||
NH29yAzC5fSyKO1xdDkc8s+s8Di5ufRBNVgcbflPzh7t7vcGlflOf8Gq1z5ShHIB
|
||||
ZQ21Jg==
|
||||
-----END CERTIFICATE-----
|
||||
99
Kanzlei-Kiel/openvpn/keys/0C.pem
Normal file
99
Kanzlei-Kiel/openvpn/keys/0C.pem
Normal file
@ -0,0 +1,99 @@
|
||||
Certificate:
|
||||
Data:
|
||||
Version: 3 (0x2)
|
||||
Serial Number: 12 (0xc)
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
|
||||
Validity
|
||||
Not Before: Jun 20 01:17:06 2018 GMT
|
||||
Not After : Jun 20 01:17:06 2038 GMT
|
||||
Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel-hh-kanzlei/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
|
||||
Subject Public Key Info:
|
||||
Public Key Algorithm: rsaEncryption
|
||||
Public-Key: (2048 bit)
|
||||
Modulus:
|
||||
00:d5:52:e4:29:0f:0b:07:bf:14:80:bc:7e:27:a6:
|
||||
92:f3:95:c5:e2:cf:35:00:fd:6b:e7:e9:c2:32:b0:
|
||||
0d:c6:3b:99:d8:f4:b2:ad:e6:cd:8e:e1:25:a5:8c:
|
||||
c8:2e:60:2f:2d:6b:4d:23:98:ae:06:59:f3:f2:cd:
|
||||
aa:f3:64:bc:44:04:2a:2c:4a:c7:a6:c4:a5:12:e2:
|
||||
95:b5:86:23:c9:16:38:1d:a1:7c:27:59:8e:83:b1:
|
||||
a7:85:14:f1:73:29:dc:87:f3:87:0c:fb:c8:03:e9:
|
||||
74:cb:ba:36:09:9d:b1:b5:ae:34:14:a9:5e:b2:8b:
|
||||
c1:22:c3:17:d5:c4:f0:d0:03:23:69:bc:8d:fb:c3:
|
||||
1b:2b:ed:a6:d3:34:d2:a3:be:56:53:01:97:7f:0d:
|
||||
18:05:ee:f4:c8:e0:dc:35:5d:64:31:b5:a9:b8:91:
|
||||
24:f8:84:a7:5d:ea:e8:27:53:27:fd:15:f5:5a:5f:
|
||||
4e:8f:de:3d:f5:ea:18:60:a2:a5:c7:d9:47:c2:3d:
|
||||
99:48:fb:a0:89:47:fb:e6:90:1d:45:62:99:6d:6b:
|
||||
7c:4a:84:73:11:18:66:e1:a9:3a:af:a4:ad:80:4c:
|
||||
da:59:34:65:d9:6d:56:1d:d8:bc:b9:16:53:2d:6e:
|
||||
60:d9:ae:eb:5b:b1:bc:a4:6a:9b:64:66:d6:7b:da:
|
||||
13:07
|
||||
Exponent: 65537 (0x10001)
|
||||
X509v3 extensions:
|
||||
X509v3 Basic Constraints:
|
||||
CA:FALSE
|
||||
Netscape Comment:
|
||||
Easy-RSA Generated Certificate
|
||||
X509v3 Subject Key Identifier:
|
||||
46:3A:4F:3B:6A:A1:C4:89:4D:C4:D8:4A:CF:CD:F4:35:4F:1C:AE:3F
|
||||
X509v3 Authority Key Identifier:
|
||||
keyid:4E:82:1E:14:81:EB:9B:C8:71:2C:B1:22:68:90:BF:EE:D9:D4:FF:D4
|
||||
DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
|
||||
serial:FE:59:AD:5E:BE:90:05:3E
|
||||
|
||||
X509v3 Extended Key Usage:
|
||||
TLS Web Client Authentication
|
||||
X509v3 Key Usage:
|
||||
Digital Signature
|
||||
X509v3 Subject Alternative Name:
|
||||
DNS:hh-kanzlei
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
50:14:59:a4:6e:5e:b8:34:53:c9:2c:93:7a:7b:4f:ce:89:ac:
|
||||
88:b8:8d:aa:eb:e9:53:ed:dc:30:57:88:59:e9:96:15:e1:aa:
|
||||
15:06:06:1e:9e:58:b7:77:ab:90:c7:4a:b8:75:2e:5e:3b:8e:
|
||||
90:2a:3b:98:72:92:7a:db:0e:77:f8:25:6a:60:e9:1c:53:c6:
|
||||
3e:5d:9a:f2:16:bc:1b:c8:9e:5c:b1:a6:39:e4:d6:fb:9d:08:
|
||||
39:b4:f7:25:39:85:86:61:b7:d5:d5:8d:60:10:0d:e4:5e:e8:
|
||||
5d:70:a8:58:d1:66:4d:f7:7f:53:e2:7a:cf:f1:25:57:56:fa:
|
||||
b4:06:db:75:6e:36:9d:0e:c0:85:6f:ae:2d:e2:d6:a0:6e:0d:
|
||||
5f:c2:6f:f5:d0:5d:d9:54:62:c0:86:e0:84:b6:7c:b5:94:dc:
|
||||
33:b8:0d:a2:82:42:1e:d3:1a:12:c9:0d:29:4f:af:00:7e:ed:
|
||||
43:78:d7:da:7c:20:fa:50:b3:ed:de:51:31:8c:e0:77:ba:d7:
|
||||
9d:ca:88:6b:c1:79:1e:30:7c:1f:07:54:a5:fe:46:8e:0e:df:
|
||||
75:da:fc:77:2f:be:49:7d:14:28:01:17:a7:55:27:59:e6:84:
|
||||
19:b8:19:6b:2d:32:12:30:f2:79:c1:bb:39:7f:63:30:6b:ab:
|
||||
65:e0:ce:cc
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIFdDCCBFygAwIBAgIBDDANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
|
||||
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
|
||||
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
|
||||
bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
|
||||
CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xODA2MjAwMTE3MDZaFw0zODA2MjAw
|
||||
MTE3MDZaMIG/MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
|
||||
EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
|
||||
aWNlczEkMCIGA1UEAxMbVlBOLUthbnpsZWktS2llbC1oaC1rYW56bGVpMRkwFwYD
|
||||
VQQpExBWUE4gS2FuemxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1A
|
||||
b29wZW4uZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVUuQpDwsH
|
||||
vxSAvH4nppLzlcXizzUA/Wvn6cIysA3GO5nY9LKt5s2O4SWljMguYC8ta00jmK4G
|
||||
WfPyzarzZLxEBCosSsemxKUS4pW1hiPJFjgdoXwnWY6DsaeFFPFzKdyH84cM+8gD
|
||||
6XTLujYJnbG1rjQUqV6yi8EiwxfVxPDQAyNpvI37wxsr7abTNNKjvlZTAZd/DRgF
|
||||
7vTI4Nw1XWQxtam4kST4hKdd6ugnUyf9FfVaX06P3j316hhgoqXH2UfCPZlI+6CJ
|
||||
R/vmkB1FYplta3xKhHMRGGbhqTqvpK2ATNpZNGXZbVYd2Ly5FlMtbmDZrutbsbyk
|
||||
aptkZtZ72hMHAgMBAAGjggGCMIIBfjAJBgNVHRMEAjAAMC0GCWCGSAGG+EIBDQQg
|
||||
Fh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFEY6Tztq
|
||||
ocSJTcTYSs/N9DVPHK4/MIHpBgNVHSMEgeEwgd6AFE6CHhSB65vIcSyxImiQv+7Z
|
||||
1P/UoYG6pIG3MIG0MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYD
|
||||
VQQHEwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBT
|
||||
ZXJ2aWNlczEZMBcGA1UEAxMQVlBOLUthbnpsZWktS2llbDEZMBcGA1UEKRMQVlBO
|
||||
IEthbnpsZWkgS2llbDEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRl
|
||||
ggkA/lmtXr6QBT4wEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMBUG
|
||||
A1UdEQQOMAyCCmhoLWthbnpsZWkwDQYJKoZIhvcNAQELBQADggEBAFAUWaRuXrg0
|
||||
U8ksk3p7T86JrIi4jarr6VPt3DBXiFnplhXhqhUGBh6eWLd3q5DHSrh1Ll47jpAq
|
||||
O5hyknrbDnf4JWpg6RxTxj5dmvIWvBvInlyxpjnk1vudCDm09yU5hYZht9XVjWAQ
|
||||
DeRe6F1wqFjRZk33f1Pies/xJVdW+rQG23VuNp0OwIVvri3i1qBuDV/Cb/XQXdlU
|
||||
YsCG4IS2fLWU3DO4DaKCQh7TGhLJDSlPrwB+7UN419p8IPpQs+3eUTGM4He6153K
|
||||
iGvBeR4wfB8HVKX+Ro4O33Xa/Hcvvkl9FCgBF6dVJ1nmhBm4GWstMhIw8nnBuzl/
|
||||
YzBrq2Xgzsw=
|
||||
-----END CERTIFICATE-----
|
||||
99
Kanzlei-Kiel/openvpn/keys/0D.pem
Normal file
99
Kanzlei-Kiel/openvpn/keys/0D.pem
Normal file
@ -0,0 +1,99 @@
|
||||
Certificate:
|
||||
Data:
|
||||
Version: 3 (0x2)
|
||||
Serial Number: 13 (0xd)
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
|
||||
Validity
|
||||
Not Before: Jun 20 01:18:40 2018 GMT
|
||||
Not After : Jun 20 01:18:40 2038 GMT
|
||||
Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel-hh-suesse/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
|
||||
Subject Public Key Info:
|
||||
Public Key Algorithm: rsaEncryption
|
||||
Public-Key: (2048 bit)
|
||||
Modulus:
|
||||
00:ce:47:4d:5f:ad:af:dc:78:19:ac:37:66:7b:0a:
|
||||
9e:07:b7:40:0c:72:34:6d:d3:6b:a4:b7:62:59:4a:
|
||||
16:96:7a:ab:f6:50:1a:a7:68:5f:b1:eb:8f:68:a5:
|
||||
f0:56:ca:9b:12:7a:98:20:72:6a:3b:cb:2c:f0:b0:
|
||||
5f:cb:68:40:01:12:ed:a7:9a:e1:d0:32:61:76:77:
|
||||
47:cb:60:30:7a:e1:c1:4a:a4:ee:bf:14:d3:80:15:
|
||||
45:19:72:06:25:a2:2b:95:d3:28:13:37:99:b8:65:
|
||||
b7:f5:1c:0e:7b:11:ce:cc:ec:62:61:06:bf:4f:54:
|
||||
cf:ee:9d:63:39:5c:68:73:62:36:32:89:65:87:dc:
|
||||
39:91:b2:e7:75:ff:ab:94:51:2e:be:ed:ce:dd:1e:
|
||||
3b:b0:c3:8c:5d:5d:91:1a:e7:6d:ef:e7:3f:95:73:
|
||||
4a:17:ad:20:9e:04:89:19:1d:cb:8f:0f:83:aa:f5:
|
||||
f2:44:e2:db:86:e1:0f:f4:c2:23:1f:16:2d:fb:39:
|
||||
8f:b0:27:56:05:9c:95:b8:4d:c7:4e:e3:d6:6b:ca:
|
||||
52:1e:ea:07:7f:34:ca:44:b4:52:61:70:5a:b5:0d:
|
||||
08:56:93:56:24:03:38:e9:d7:d4:35:46:fd:07:76:
|
||||
9b:59:d3:40:cc:1b:e6:ef:25:d8:30:7b:a8:9d:ae:
|
||||
ff:63
|
||||
Exponent: 65537 (0x10001)
|
||||
X509v3 extensions:
|
||||
X509v3 Basic Constraints:
|
||||
CA:FALSE
|
||||
Netscape Comment:
|
||||
Easy-RSA Generated Certificate
|
||||
X509v3 Subject Key Identifier:
|
||||
65:F3:7F:95:10:B1:48:0D:12:8E:7B:13:1E:B8:CC:E5:10:F9:D0:87
|
||||
X509v3 Authority Key Identifier:
|
||||
keyid:4E:82:1E:14:81:EB:9B:C8:71:2C:B1:22:68:90:BF:EE:D9:D4:FF:D4
|
||||
DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
|
||||
serial:FE:59:AD:5E:BE:90:05:3E
|
||||
|
||||
X509v3 Extended Key Usage:
|
||||
TLS Web Client Authentication
|
||||
X509v3 Key Usage:
|
||||
Digital Signature
|
||||
X509v3 Subject Alternative Name:
|
||||
DNS:hh-suesse
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
29:19:a3:04:b2:3d:34:c8:3c:84:02:aa:9d:d8:f8:e8:75:6d:
|
||||
30:36:7a:27:4c:aa:67:ce:92:36:0c:99:7e:41:aa:6b:f2:fb:
|
||||
66:33:2f:21:e9:fc:c5:c5:34:cd:7f:a1:9e:63:a8:99:6d:86:
|
||||
4f:74:73:87:a5:d4:5f:59:36:61:d2:71:6a:e6:ba:11:a1:87:
|
||||
e0:97:2b:81:a9:e0:7a:aa:95:86:62:cf:9d:20:39:b5:41:b8:
|
||||
5b:6f:7a:57:b4:72:9d:53:f7:f4:d1:72:6f:8b:23:90:38:56:
|
||||
53:97:f2:ce:e0:bd:76:56:ff:f4:f4:7f:58:d7:c3:94:fd:7c:
|
||||
8f:8a:63:2e:49:84:d6:85:b3:6d:ad:de:5e:2e:9b:37:e7:7a:
|
||||
77:b0:45:63:59:8f:a0:6c:9f:20:1b:10:cb:3c:88:b9:61:61:
|
||||
7b:da:b8:69:97:8c:07:a8:75:57:a5:bb:4a:1f:57:53:6d:1b:
|
||||
4b:9b:e9:2c:78:55:4d:e8:cb:e7:ce:f8:61:9e:e4:04:63:3f:
|
||||
6c:ad:38:73:74:61:03:25:f7:c9:6c:d9:42:c0:00:8c:ef:93:
|
||||
9c:cd:09:9c:84:ff:43:ae:1c:fe:85:1d:c3:0c:e7:a6:09:3d:
|
||||
48:60:22:6a:69:8c:6e:dd:98:30:cc:e2:03:c5:f1:81:28:54:
|
||||
c1:6b:66:38
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIFcjCCBFqgAwIBAgIBDTANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
|
||||
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
|
||||
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
|
||||
bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
|
||||
CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xODA2MjAwMTE4NDBaFw0zODA2MjAw
|
||||
MTE4NDBaMIG+MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
|
||||
EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
|
||||
aWNlczEjMCEGA1UEAxMaVlBOLUthbnpsZWktS2llbC1oaC1zdWVzc2UxGTAXBgNV
|
||||
BCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBv
|
||||
b3Blbi5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM5HTV+tr9x4
|
||||
Gaw3ZnsKnge3QAxyNG3Ta6S3YllKFpZ6q/ZQGqdoX7Hrj2il8FbKmxJ6mCByajvL
|
||||
LPCwX8toQAES7aea4dAyYXZ3R8tgMHrhwUqk7r8U04AVRRlyBiWiK5XTKBM3mbhl
|
||||
t/UcDnsRzszsYmEGv09Uz+6dYzlcaHNiNjKJZYfcOZGy53X/q5RRLr7tzt0eO7DD
|
||||
jF1dkRrnbe/nP5VzShetIJ4EiRkdy48Pg6r18kTi24bhD/TCIx8WLfs5j7AnVgWc
|
||||
lbhNx07j1mvKUh7qB380ykS0UmFwWrUNCFaTViQDOOnX1DVG/Qd2m1nTQMwb5u8l
|
||||
2DB7qJ2u/2MCAwEAAaOCAYEwggF9MAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAW
|
||||
HkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUZfN/lRCx
|
||||
SA0SjnsTHrjM5RD50IcwgekGA1UdIwSB4TCB3oAUToIeFIHrm8hxLLEiaJC/7tnU
|
||||
/9ShgbqkgbcwgbQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNV
|
||||
BAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3JrIFNl
|
||||
cnZpY2VzMRkwFwYDVQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQpExBWUE4g
|
||||
S2FuemxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGWC
|
||||
CQD+Wa1evpAFPjATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwFAYD
|
||||
VR0RBA0wC4IJaGgtc3Vlc3NlMA0GCSqGSIb3DQEBCwUAA4IBAQApGaMEsj00yDyE
|
||||
Aqqd2PjodW0wNnonTKpnzpI2DJl+Qapr8vtmMy8h6fzFxTTNf6GeY6iZbYZPdHOH
|
||||
pdRfWTZh0nFq5roRoYfglyuBqeB6qpWGYs+dIDm1Qbhbb3pXtHKdU/f00XJviyOQ
|
||||
OFZTl/LO4L12Vv/09H9Y18OU/XyPimMuSYTWhbNtrd5eLps353p3sEVjWY+gbJ8g
|
||||
GxDLPIi5YWF72rhpl4wHqHVXpbtKH1dTbRtLm+kseFVN6MvnzvhhnuQEYz9srThz
|
||||
dGEDJffJbNlCwACM75OczQmchP9Drhz+hR3DDOemCT1IYCJqaYxu3ZgwzOIDxfGB
|
||||
KFTBa2Y4
|
||||
-----END CERTIFICATE-----
|
||||
98
Kanzlei-Kiel/openvpn/keys/bjoern.crt
Normal file
98
Kanzlei-Kiel/openvpn/keys/bjoern.crt
Normal file
@ -0,0 +1,98 @@
|
||||
Certificate:
|
||||
Data:
|
||||
Version: 3 (0x2)
|
||||
Serial Number: 7 (0x7)
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
|
||||
Validity
|
||||
Not Before: Jun 19 21:36:16 2018 GMT
|
||||
Not After : Jun 19 21:36:16 2038 GMT
|
||||
Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel-bjoern/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
|
||||
Subject Public Key Info:
|
||||
Public Key Algorithm: rsaEncryption
|
||||
Public-Key: (2048 bit)
|
||||
Modulus:
|
||||
00:ac:20:bd:68:e0:56:e4:fa:ce:ec:7d:13:90:51:
|
||||
2e:cc:54:ce:c7:1f:ff:03:2b:52:28:87:d0:97:7b:
|
||||
c3:dc:65:2c:92:ad:fb:3b:1d:42:cb:63:56:8f:1a:
|
||||
38:d8:d9:f0:12:46:9a:1c:21:2b:11:26:f6:02:89:
|
||||
f4:b9:08:c1:e3:2c:81:e6:f3:38:2f:d9:ad:e9:ee:
|
||||
d0:67:12:85:05:14:36:a7:a1:54:60:9f:02:2e:45:
|
||||
42:b7:00:bf:6f:ec:c1:02:04:c9:f2:e1:32:e2:e0:
|
||||
fd:3b:d8:87:9a:79:fc:a3:b8:a0:40:2f:10:4f:7a:
|
||||
39:34:4e:bc:ee:f8:a1:3b:ec:65:b7:80:60:9c:22:
|
||||
77:a9:cb:90:d8:b2:26:96:b6:9a:b8:c6:35:44:8c:
|
||||
69:bf:47:56:d5:f4:e6:ef:28:69:0e:e6:e2:81:9d:
|
||||
bd:8d:3b:8b:24:6b:8c:61:c7:c9:1f:4f:04:84:77:
|
||||
4e:5b:6d:0d:82:e2:09:e5:51:47:a2:8f:10:2a:13:
|
||||
a9:8f:5d:cd:97:1d:42:9d:6a:c3:28:ac:45:f4:b2:
|
||||
73:4d:8f:8a:98:ed:47:cb:7e:a0:8b:5e:f5:93:24:
|
||||
99:f4:c7:b4:6c:8a:a7:d2:b9:06:b3:c7:21:5b:96:
|
||||
27:6c:bc:10:25:c6:9a:2c:22:19:78:11:1d:15:01:
|
||||
b8:73
|
||||
Exponent: 65537 (0x10001)
|
||||
X509v3 extensions:
|
||||
X509v3 Basic Constraints:
|
||||
CA:FALSE
|
||||
Netscape Comment:
|
||||
Easy-RSA Generated Certificate
|
||||
X509v3 Subject Key Identifier:
|
||||
58:B2:90:25:77:06:EA:49:01:5B:1A:3D:F2:B9:AF:6D:C3:D9:44:B6
|
||||
X509v3 Authority Key Identifier:
|
||||
keyid:4E:82:1E:14:81:EB:9B:C8:71:2C:B1:22:68:90:BF:EE:D9:D4:FF:D4
|
||||
DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
|
||||
serial:FE:59:AD:5E:BE:90:05:3E
|
||||
|
||||
X509v3 Extended Key Usage:
|
||||
TLS Web Client Authentication
|
||||
X509v3 Key Usage:
|
||||
Digital Signature
|
||||
X509v3 Subject Alternative Name:
|
||||
DNS:bjoern
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
74:2a:65:11:6b:d4:23:6b:35:7f:29:fd:55:26:71:90:bd:fc:
|
||||
d2:29:81:47:61:5b:66:5b:84:61:fc:c4:c7:4a:7a:9f:c6:04:
|
||||
e3:82:89:40:c8:0d:2d:d3:92:04:53:e2:a4:b3:d3:d7:a2:1f:
|
||||
03:d0:86:13:7a:b8:bf:70:80:ac:3f:59:f2:ae:f5:2c:7b:da:
|
||||
ea:94:e1:e2:97:58:02:d8:9e:b2:b2:26:06:14:f2:8a:cd:b4:
|
||||
61:73:69:61:d1:61:98:4f:7d:29:7e:3b:d0:df:65:02:84:7b:
|
||||
bf:93:12:3e:9f:2e:07:92:d5:cb:6a:56:0a:e7:ca:c8:fa:8e:
|
||||
a0:4c:41:cc:97:6f:c1:48:78:33:c4:fa:4e:6f:18:4e:34:d5:
|
||||
42:5e:24:bc:88:92:e9:c3:a9:f0:52:5d:ab:ac:1f:67:c0:75:
|
||||
cc:30:8a:40:f7:a4:37:1e:4d:39:ea:c3:61:11:61:b4:d4:c3:
|
||||
79:19:b8:d3:01:95:e5:e3:7e:57:29:34:2f:61:2b:e1:df:45:
|
||||
9a:85:7a:17:63:8f:c5:d9:b0:3b:3a:55:46:a5:37:ae:dc:7d:
|
||||
a0:89:dd:df:11:a8:c5:fa:7d:d4:db:95:45:1a:c4:11:6f:f4:
|
||||
43:04:d3:2c:3f:d7:83:7d:81:7d:37:98:36:b6:cc:25:db:80:
|
||||
85:bb:5a:ab
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIFbDCCBFSgAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
|
||||
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
|
||||
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
|
||||
bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
|
||||
CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xODA2MTkyMTM2MTZaFw0zODA2MTky
|
||||
MTM2MTZaMIG7MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
|
||||
EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
|
||||
aWNlczEgMB4GA1UEAxMXVlBOLUthbnpsZWktS2llbC1iam9lcm4xGTAXBgNVBCkT
|
||||
EFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Bl
|
||||
bi5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKwgvWjgVuT6zux9
|
||||
E5BRLsxUzscf/wMrUiiH0Jd7w9xlLJKt+zsdQstjVo8aONjZ8BJGmhwhKxEm9gKJ
|
||||
9LkIweMsgebzOC/Zrenu0GcShQUUNqehVGCfAi5FQrcAv2/swQIEyfLhMuLg/TvY
|
||||
h5p5/KO4oEAvEE96OTROvO74oTvsZbeAYJwid6nLkNiyJpa2mrjGNUSMab9HVtX0
|
||||
5u8oaQ7m4oGdvY07iyRrjGHHyR9PBIR3TlttDYLiCeVRR6KPECoTqY9dzZcdQp1q
|
||||
wyisRfSyc02PipjtR8t+oIte9ZMkmfTHtGyKp9K5BrPHIVuWJ2y8ECXGmiwiGXgR
|
||||
HRUBuHMCAwEAAaOCAX4wggF6MAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVh
|
||||
c3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUWLKQJXcG6kkB
|
||||
Wxo98rmvbcPZRLYwgekGA1UdIwSB4TCB3oAUToIeFIHrm8hxLLEiaJC/7tnU/9Sh
|
||||
gbqkgbcwgbQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcT
|
||||
BkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZp
|
||||
Y2VzMRkwFwYDVQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQpExBWUE4gS2Fu
|
||||
emxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGWCCQD+
|
||||
Wa1evpAFPjATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEQYDVR0R
|
||||
BAowCIIGYmpvZXJuMA0GCSqGSIb3DQEBCwUAA4IBAQB0KmURa9QjazV/Kf1VJnGQ
|
||||
vfzSKYFHYVtmW4Rh/MTHSnqfxgTjgolAyA0t05IEU+Kks9PXoh8D0IYTeri/cICs
|
||||
P1nyrvUse9rqlOHil1gC2J6ysiYGFPKKzbRhc2lh0WGYT30pfjvQ32UChHu/kxI+
|
||||
ny4HktXLalYK58rI+o6gTEHMl2/BSHgzxPpObxhONNVCXiS8iJLpw6nwUl2rrB9n
|
||||
wHXMMIpA96Q3Hk056sNhEWG01MN5GbjTAZXl435XKTQvYSvh30WahXoXY4/F2bA7
|
||||
OlVGpTeu3H2gid3fEajF+n3U25VFGsQRb/RDBNMsP9eDfYF9N5g2tswl24CFu1qr
|
||||
-----END CERTIFICATE-----
|
||||
19
Kanzlei-Kiel/openvpn/keys/bjoern.csr
Normal file
19
Kanzlei-Kiel/openvpn/keys/bjoern.csr
Normal file
@ -0,0 +1,19 @@
|
||||
-----BEGIN CERTIFICATE REQUEST-----
|
||||
MIIDATCCAekCAQAwgbsxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
|
||||
BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3Jr
|
||||
IFNlcnZpY2VzMSAwHgYDVQQDExdWUE4tS2FuemxlaS1LaWVsLWJqb2VybjEZMBcG
|
||||
A1UEKRMQVlBOIEthbnpsZWkgS2llbDEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRt
|
||||
QG9vcGVuLmRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArCC9aOBW
|
||||
5PrO7H0TkFEuzFTOxx//AytSKIfQl3vD3GUskq37Ox1Cy2NWjxo42NnwEkaaHCEr
|
||||
ESb2Aon0uQjB4yyB5vM4L9mt6e7QZxKFBRQ2p6FUYJ8CLkVCtwC/b+zBAgTJ8uEy
|
||||
4uD9O9iHmnn8o7igQC8QT3o5NE687vihO+xlt4BgnCJ3qcuQ2LImlraauMY1RIxp
|
||||
v0dW1fTm7yhpDubigZ29jTuLJGuMYcfJH08EhHdOW20NguIJ5VFHoo8QKhOpj13N
|
||||
lx1CnWrDKKxF9LJzTY+KmO1Hy36gi171kySZ9Me0bIqn0rkGs8chW5YnbLwQJcaa
|
||||
LCIZeBEdFQG4cwIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBACIeYLlXVUZXG1RW
|
||||
WXgXjLSQPOpJa0B+VHvyqnGtICHtd2vX9hyPDJZZOnkndqmmBhZc6i9JPO6paVnY
|
||||
B7LJnc4PrNiHh9qfjRUTmZ3irsea5GxBp6U7XmPoIReQeGYVJvaFwch2LyvEJwSB
|
||||
cmKrBhOmtqny/wAJvPA6OsJgC1GqToP/r9b0c8E7HkJWier3TFInUeDlfN9rIUM9
|
||||
t4gqYY1Q7CON7bi2cEIqLlZhCdOLtkce5FqUgD9YF3lpJ0NxdPZSilyx4qR/WN1Q
|
||||
IFSL3q9UNFrmonw8bkcjoerSFWOYvPXavG8ZzQ9gvZGZylxz2gstgJbHsHlmjS5n
|
||||
5smJVLY=
|
||||
-----END CERTIFICATE REQUEST-----
|
||||
30
Kanzlei-Kiel/openvpn/keys/bjoern.key
Normal file
30
Kanzlei-Kiel/openvpn/keys/bjoern.key
Normal file
@ -0,0 +1,30 @@
|
||||
-----BEGIN ENCRYPTED PRIVATE KEY-----
|
||||
MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI6SE0PsXGw/wCAggA
|
||||
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECG7zORi+kUIQBIIEyOyz5+JUC/+K
|
||||
Uew57hlL3eIq4Lf1NKQvckgJ6LPkmfEZGPRkPlwpiFqy3KgOv/npjir7zq6nLRff
|
||||
KJf5FTLBie69FqreaY7dbO6KFfn81PHMvO7zitnT3Iohv0pLAXt35XxbM0ggUnul
|
||||
Y6aQArJoPRhyhyD/SorGHYDHQ5mSL8fjymzzy2faEq8i7PtbZvlRIvjTCIYHlTta
|
||||
mQFHfp0w+S2FLdbmodZRsXDZoN2mc6Rbu2PQ2DykDrezurseiKsjgilhvShph25H
|
||||
Q2kit081C9ldLjbVvbYUM7Rpwx624AqifMSncMq/i2CDa+x5mX8MP0O1ObBEZH9G
|
||||
yFX7hzS83smJiG3jdwG4IJwar6W2433fSDsQBrRUYonaUT8kebdyxTeUiVqxw6AH
|
||||
Bl/ru56WQ37w53JYadwWUr4Q1o8ud9XER2PpxkMVtyXMPxTDepX+kU/6W19vo6+I
|
||||
yC0E4DbWhx2uCgTNS8hxIvHOWWq3d7Gcxpof/NWPMVbLosuosX/3SA2Bu1x+/2cY
|
||||
IpwA61PAC08GKvkfBRV3wK74mlAJ1jZyrbY5FgmFNEH+aYUXQrRlpNt+H7N5dKlT
|
||||
Sa8gXtNGLHOoKbFQvjKakKdH72scJ1Gfu+WgojYAb1hLurkUyoAm6Du+AwRt1wK2
|
||||
Jilq6sbrH9R3Vdo+xRhjAvn8I43awtYqPRYUbCv9sGzVWhYFHU86pzyYJcyWAJTU
|
||||
0WWcZiOSy/zBOlVtaHidWuE4vtixIOxabvXvtfkG40VWOrX67CePrnCFnQQ5kfyT
|
||||
LJPMwL6u18037qsSFFi7jvBE4jYbfcpgsFHhK2sq6/oYGnFAUQxZ6W9BzLsdrGlA
|
||||
9BjQZrG/Dknnqo6+7NaHbaqe2dclSCoKDWr2tGN+hbFWTx71X5+bFMWJ0LinhUM0
|
||||
m5FjlI8NhA9PmCwBPZhUxHQVwLz6YYlqtAXgOXBKdJfAD/3MFXGWVQgUrPK+3wXS
|
||||
blAAwc+Gk5Aage0hO9TN++8fIyZRcOuYRjoXuK3Jf73tKZbzYw7kSt8QN4eFtaCO
|
||||
ExxRmisMJXK3a48ZSPaYb04WHxqP+ZEOaSvFLCgmQy+iw9nmWhn/6yTcPqCMyCkC
|
||||
PG7RBAiOrOsaDrKdaVYNecNgWKtfmKGx729t7H5NB419wOCbfyBvr5ROfYL3a6Ez
|
||||
RV/ljTkryXXf9wCBoGGK+2Xp9fmBf0f5MKG+u+QEIjPcCNcMjDMpgq/+7/GvBipi
|
||||
PYuzkky/CIb1atccWKxa0J+FzqPFhAKXRjHQ/P8VLrDBZFLS9fqOBVwA/FO2zdsa
|
||||
Wi+KQUF5tTMnNxqNd2QkM0aa7WZEjBtpbRZNvOwBUYuAjcAJ0nwn8X6OgZC3XH7e
|
||||
W8Te0S/miSsI/oJupN6LW8n8IkAcBm2RCnTOaOi064JSlo8FcDpDtuNg3N7ywMf1
|
||||
fB8JcgmWnRrH1WG3qscTh4UZyGs5iC5ELNghx5de2hNXTC8RW50EUGxl6Go7d8xf
|
||||
v/YRcASoi8jURtn9mDDSKOM7BwILC8FDE4w9cg80FkHKNJBPJVRceMPS2sVCe7Bp
|
||||
eENJA6sw10FC43d8bZc8qahi72fPxmCZNRm+xtJ1K4hSHiRNmluIC+hc22jKzbb1
|
||||
R14ylejrOfjDD+QqYhR1Zw==
|
||||
-----END ENCRYPTED PRIVATE KEY-----
|
||||
98
Kanzlei-Kiel/openvpn/keys/gubitz.crt
Normal file
98
Kanzlei-Kiel/openvpn/keys/gubitz.crt
Normal file
@ -0,0 +1,98 @@
|
||||
Certificate:
|
||||
Data:
|
||||
Version: 3 (0x2)
|
||||
Serial Number: 8 (0x8)
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
|
||||
Validity
|
||||
Not Before: Jun 19 21:37:57 2018 GMT
|
||||
Not After : Jun 19 21:37:57 2038 GMT
|
||||
Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel-gubitz/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
|
||||
Subject Public Key Info:
|
||||
Public Key Algorithm: rsaEncryption
|
||||
Public-Key: (2048 bit)
|
||||
Modulus:
|
||||
00:c7:78:4c:34:f5:53:5d:e7:df:26:42:1d:12:44:
|
||||
e3:ba:a3:94:df:e4:95:78:0d:cf:6e:e4:10:fa:e7:
|
||||
db:8c:8a:38:21:44:1e:3b:75:45:f2:93:2e:d5:54:
|
||||
16:f4:49:7d:08:16:1b:e7:a0:0e:c3:30:76:c5:7c:
|
||||
77:40:10:e7:e9:26:66:f4:bc:bd:2a:13:1e:bc:26:
|
||||
3c:4c:71:10:02:b0:f3:ee:4a:21:47:49:21:48:40:
|
||||
ac:4d:b9:b7:68:1f:8a:33:a6:b6:45:c8:b7:3b:af:
|
||||
25:14:b9:20:ff:8a:93:b4:6b:5f:3f:26:ef:f6:92:
|
||||
2d:26:2a:e5:20:06:c6:23:e1:9c:d5:0c:94:7e:b1:
|
||||
e7:18:71:f4:8a:3b:84:34:85:f0:ad:d3:72:52:ef:
|
||||
98:92:33:3f:3c:77:b5:d1:4c:10:2b:1a:f5:f6:1b:
|
||||
71:c1:df:5b:51:82:9f:42:c4:28:95:71:d0:41:a6:
|
||||
01:7b:e8:5f:d1:35:e4:f1:b8:a2:d5:e9:8f:47:b0:
|
||||
e8:48:c9:18:f1:97:64:c6:0d:a0:7a:b0:fb:d4:72:
|
||||
fb:af:a1:1d:b4:23:3a:dd:c8:c6:e6:06:2b:9b:fa:
|
||||
be:2f:da:f3:47:63:ba:11:72:55:ab:81:e3:aa:49:
|
||||
99:73:b2:e4:51:de:88:31:1c:f3:91:75:53:e6:d3:
|
||||
e9:4f
|
||||
Exponent: 65537 (0x10001)
|
||||
X509v3 extensions:
|
||||
X509v3 Basic Constraints:
|
||||
CA:FALSE
|
||||
Netscape Comment:
|
||||
Easy-RSA Generated Certificate
|
||||
X509v3 Subject Key Identifier:
|
||||
B1:B8:24:97:81:1A:7C:83:4A:91:E7:BC:C2:B1:8F:09:F1:95:FD:79
|
||||
X509v3 Authority Key Identifier:
|
||||
keyid:4E:82:1E:14:81:EB:9B:C8:71:2C:B1:22:68:90:BF:EE:D9:D4:FF:D4
|
||||
DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
|
||||
serial:FE:59:AD:5E:BE:90:05:3E
|
||||
|
||||
X509v3 Extended Key Usage:
|
||||
TLS Web Client Authentication
|
||||
X509v3 Key Usage:
|
||||
Digital Signature
|
||||
X509v3 Subject Alternative Name:
|
||||
DNS:gubitz
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
a1:a6:9b:bc:16:5a:b4:bb:bd:a5:c1:91:3f:02:8f:06:2d:4b:
|
||||
be:76:f5:09:3f:54:59:ab:b0:d2:93:ec:63:f9:22:62:af:5d:
|
||||
eb:8a:a3:07:8c:10:92:e4:ea:a3:28:7b:3b:9d:5e:53:5a:09:
|
||||
f2:31:c9:1f:b0:ca:d0:03:f2:e3:4a:03:33:f7:4a:6e:43:57:
|
||||
37:4a:ce:ca:58:f9:d5:22:c2:0a:1a:7d:c6:68:1e:5a:90:49:
|
||||
66:ab:c8:83:60:c7:4c:52:32:5b:c3:60:68:e0:48:28:55:29:
|
||||
1b:8c:4d:26:29:d2:ab:2a:6e:82:ad:fb:d6:ef:c9:02:9f:b8:
|
||||
9c:ab:ee:0e:0d:bc:5b:53:19:c7:9e:21:85:56:b1:dc:b7:70:
|
||||
b4:b4:2e:e0:58:d8:9a:d3:49:82:f5:a8:46:60:c8:6e:54:84:
|
||||
72:ae:7e:15:59:87:ca:20:66:2e:97:d3:03:fb:ed:5c:6c:54:
|
||||
c4:67:e1:ed:02:ef:d2:b3:f1:8b:24:c3:90:32:51:d7:aa:e1:
|
||||
15:ea:5e:ca:13:48:f2:ce:6b:27:64:fc:e6:18:3d:7f:9f:db:
|
||||
23:69:25:ba:86:10:ef:85:da:43:78:75:a1:96:4f:3f:76:cd:
|
||||
1f:cd:5b:2a:6b:be:3b:1d:b8:22:c5:8e:3c:ac:5f:a6:d6:5f:
|
||||
39:76:df:cf
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIFbDCCBFSgAwIBAgIBCDANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
|
||||
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
|
||||
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
|
||||
bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
|
||||
CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xODA2MTkyMTM3NTdaFw0zODA2MTky
|
||||
MTM3NTdaMIG7MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
|
||||
EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
|
||||
aWNlczEgMB4GA1UEAxMXVlBOLUthbnpsZWktS2llbC1ndWJpdHoxGTAXBgNVBCkT
|
||||
EFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Bl
|
||||
bi5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMd4TDT1U13n3yZC
|
||||
HRJE47qjlN/klXgNz27kEPrn24yKOCFEHjt1RfKTLtVUFvRJfQgWG+egDsMwdsV8
|
||||
d0AQ5+kmZvS8vSoTHrwmPExxEAKw8+5KIUdJIUhArE25t2gfijOmtkXItzuvJRS5
|
||||
IP+Kk7RrXz8m7/aSLSYq5SAGxiPhnNUMlH6x5xhx9Io7hDSF8K3TclLvmJIzPzx3
|
||||
tdFMECsa9fYbccHfW1GCn0LEKJVx0EGmAXvoX9E15PG4otXpj0ew6EjJGPGXZMYN
|
||||
oHqw+9Ry+6+hHbQjOt3IxuYGK5v6vi/a80djuhFyVauB46pJmXOy5FHeiDEc85F1
|
||||
U+bT6U8CAwEAAaOCAX4wggF6MAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVh
|
||||
c3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUsbgkl4EafINK
|
||||
kee8wrGPCfGV/XkwgekGA1UdIwSB4TCB3oAUToIeFIHrm8hxLLEiaJC/7tnU/9Sh
|
||||
gbqkgbcwgbQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcT
|
||||
BkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZp
|
||||
Y2VzMRkwFwYDVQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQpExBWUE4gS2Fu
|
||||
emxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGWCCQD+
|
||||
Wa1evpAFPjATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEQYDVR0R
|
||||
BAowCIIGZ3ViaXR6MA0GCSqGSIb3DQEBCwUAA4IBAQChppu8Flq0u72lwZE/Ao8G
|
||||
LUu+dvUJP1RZq7DSk+xj+SJir13riqMHjBCS5OqjKHs7nV5TWgnyMckfsMrQA/Lj
|
||||
SgMz90puQ1c3Ss7KWPnVIsIKGn3GaB5akElmq8iDYMdMUjJbw2Bo4EgoVSkbjE0m
|
||||
KdKrKm6CrfvW78kCn7icq+4ODbxbUxnHniGFVrHct3C0tC7gWNia00mC9ahGYMhu
|
||||
VIRyrn4VWYfKIGYul9MD++1cbFTEZ+HtAu/Ss/GLJMOQMlHXquEV6l7KE0jyzmsn
|
||||
ZPzmGD1/n9sjaSW6hhDvhdpDeHWhlk8/ds0fzVsqa747HbgixY48rF+m1l85dt/P
|
||||
-----END CERTIFICATE-----
|
||||
19
Kanzlei-Kiel/openvpn/keys/gubitz.csr
Normal file
19
Kanzlei-Kiel/openvpn/keys/gubitz.csr
Normal file
@ -0,0 +1,19 @@
|
||||
-----BEGIN CERTIFICATE REQUEST-----
|
||||
MIIDATCCAekCAQAwgbsxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
|
||||
BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3Jr
|
||||
IFNlcnZpY2VzMSAwHgYDVQQDExdWUE4tS2FuemxlaS1LaWVsLWd1Yml0ejEZMBcG
|
||||
A1UEKRMQVlBOIEthbnpsZWkgS2llbDEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRt
|
||||
QG9vcGVuLmRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx3hMNPVT
|
||||
XeffJkIdEkTjuqOU3+SVeA3PbuQQ+ufbjIo4IUQeO3VF8pMu1VQW9El9CBYb56AO
|
||||
wzB2xXx3QBDn6SZm9Ly9KhMevCY8THEQArDz7kohR0khSECsTbm3aB+KM6a2Rci3
|
||||
O68lFLkg/4qTtGtfPybv9pItJirlIAbGI+Gc1QyUfrHnGHH0ijuENIXwrdNyUu+Y
|
||||
kjM/PHe10UwQKxr19htxwd9bUYKfQsQolXHQQaYBe+hf0TXk8bii1emPR7DoSMkY
|
||||
8Zdkxg2gerD71HL7r6EdtCM63cjG5gYrm/q+L9rzR2O6EXJVq4HjqkmZc7LkUd6I
|
||||
MRzzkXVT5tPpTwIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBAF8uteL4SYN9zXvc
|
||||
5/qq4Wvwvv149SWgH2hEyntik1aEeXavLZ6iiboPJMOKDGm1QCnb+BDzJQNvGRCJ
|
||||
mmuK6Kf7oMSLc+Y38CdUZjbAvvTZrlbMkbsiB8/R2knLbRRWj8NJqRrZXDldBeqD
|
||||
mxCgAUY8WyCdAdRQExbyZg51EW9+zZJNKi9Aslmv4b4glSoUJejPVF+xrgSGLdjp
|
||||
JBA773Jm/ESDeiE4/6bENWl/LYa//WTmGVKHYwOrZ1JdNYI3WHNun+WgzIZ0GzCh
|
||||
5A1/Am3kujouXINmNzm0B/7mKoVr4Mw6q5zEtqAY65q/Nu+O4/aePgeG95exsNJ/
|
||||
R1RkVW4=
|
||||
-----END CERTIFICATE REQUEST-----
|
||||
30
Kanzlei-Kiel/openvpn/keys/gubitz.key
Normal file
30
Kanzlei-Kiel/openvpn/keys/gubitz.key
Normal file
@ -0,0 +1,30 @@
|
||||
-----BEGIN ENCRYPTED PRIVATE KEY-----
|
||||
MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIhxkoBFagQMYCAggA
|
||||
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECD6h10URNh7VBIIEyNSkokvr0z/k
|
||||
lwrSlr8SOK2chlZzjbz5j4dM8ChdHJib+eV084/XQDi0AMvz8G7ToKe5z/CT7HBb
|
||||
TtZu108SB7YeiC6aQUK8bKJcJVgcXi8PvOdy1PgGbSxaVKqyWmFuQofyi1y2CH6e
|
||||
2x7ct5cXwUh6tUUtFDVMW6r0uBNaIeRzodGY2kyV/dVBKC1fxqko6dgkOpQFgg7C
|
||||
wANDG6cnXg+acybl4YmqKowsYdnk16KpozV7DeVK85BQaiNJrZeOwehB8gM0zRtB
|
||||
ZPRr8BgXJCcZMsxOnSTy3rp7/vbu1lrTO1QIlfHZHb8xPifvaxtl3HwYTWl+hjup
|
||||
iFUqSalbC7tt924KTy7Z9ov90+f9czcKuVkKkVtxQ/Kq1B9EOkpNytKYfLqTw6dE
|
||||
y3c26lPmO3+eD8qJ/J4+bVfNBgOLZGwHekoZ6JaQtnHNPL7QC9EPDocyjqmmP9Cc
|
||||
UsbQBczCy3S8L/lm7oo068cADbbnAW+RX+18uheASvk1SO3srraEwpvwtbf5VFBE
|
||||
tR+o65zBYaxiIESEeNAlxNWC7YwD/fil0Rqwv8N9MwbZAIyfH4y/yDmHs6Qi8DjB
|
||||
ELeD6JQJfWI/gEIB22VFz6+bNIBqJ3yeJZczG8YQpl9cu0LAh8q68bZ0KD/4SyzW
|
||||
MeVBFAcBHR0zwXXaIdpD2RUYgkVDPqBecJUxdsIzc4BfrfNafztfHy+RV1/ZnK6g
|
||||
RkvUB4VRrmlAgMyX6AvAjYjVWrxIC1mJLstkPtwAeecdDNoH7mHQruh+rs/Xc0VU
|
||||
0dqKorWaEjA84nln+lE/5GIegDgxlmxOxBfIkdUa7IGGXKz1LLc0H6Y77bmRXxi0
|
||||
BKqyuzrReDBShZr3FccKtwhRHYdeq5qNdyou1N5AJwHpBgIoJb4GOjCShekvxgB1
|
||||
dFfW2IEdqwnQmYDoK+2bdz0lybr57IA1CdH2cnDpbFWlhGglBf2aEEZEGX1wRpEh
|
||||
GFH5Qw50LCOycqhcCVK7lrpEUH9DHRGjoyLadNo9yRfq0pdJIhYSZ3lLPzq2Dtpe
|
||||
Dvl1Py/0/YZyCAEr2zda3xn415ZzaSlPmzl9Ld245G7PveuL84DOqsgKuJs0rBmE
|
||||
QVbC7/cBZS+y4xEvEn9cKHsq55nIawmI9TpLMfgK1S8I+vHTiSaUdNO1l35XIZDE
|
||||
NNTfS7ChnhHK9chyBkxsy/dmG2lNKcTXn2HIa1IkRpESduV5CblFn4/T1Lpz3R/Z
|
||||
EQKR4QIgN0uY+nKRNvnh7agfMnKydjTALGp38v9blgOiJdODhL2j4H0dcxbtrCWb
|
||||
7TrXGm3ZtwN+7fkVFVkhXTLdteGDnxBjt0kPECkGtQ4kDmOyyROKgiFPpZlSDVic
|
||||
UqsRnbd7g1eLszuOqCLKEOb1pcJVTFtve24EN1Ezofhg7LMEa+yWkm83LyEVVEKX
|
||||
dhx1RYKc4Wk/SrZN5jtXLp8ilUu+HqSbN81jX7NGGbSRox9SxKJoIHkbtx4TJlBH
|
||||
4bnLP302n9GJmDiPG9Vd0+osYLAkEIspOMrbkBZa5bM3YDQUeAxrkRuAwJLQ9kyx
|
||||
fmZS832L/mKBHe8fjEr3UynKODeRh2ReGxSc0a0xnMFb5wagB4MbYKvAgnsMscyu
|
||||
lDA5vjV7W9f6bptn8b82zg==
|
||||
-----END ENCRYPTED PRIVATE KEY-----
|
||||
99
Kanzlei-Kiel/openvpn/keys/hh-kanzlei.crt
Normal file
99
Kanzlei-Kiel/openvpn/keys/hh-kanzlei.crt
Normal file
@ -0,0 +1,99 @@
|
||||
Certificate:
|
||||
Data:
|
||||
Version: 3 (0x2)
|
||||
Serial Number: 12 (0xc)
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
|
||||
Validity
|
||||
Not Before: Jun 20 01:17:06 2018 GMT
|
||||
Not After : Jun 20 01:17:06 2038 GMT
|
||||
Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel-hh-kanzlei/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
|
||||
Subject Public Key Info:
|
||||
Public Key Algorithm: rsaEncryption
|
||||
Public-Key: (2048 bit)
|
||||
Modulus:
|
||||
00:d5:52:e4:29:0f:0b:07:bf:14:80:bc:7e:27:a6:
|
||||
92:f3:95:c5:e2:cf:35:00:fd:6b:e7:e9:c2:32:b0:
|
||||
0d:c6:3b:99:d8:f4:b2:ad:e6:cd:8e:e1:25:a5:8c:
|
||||
c8:2e:60:2f:2d:6b:4d:23:98:ae:06:59:f3:f2:cd:
|
||||
aa:f3:64:bc:44:04:2a:2c:4a:c7:a6:c4:a5:12:e2:
|
||||
95:b5:86:23:c9:16:38:1d:a1:7c:27:59:8e:83:b1:
|
||||
a7:85:14:f1:73:29:dc:87:f3:87:0c:fb:c8:03:e9:
|
||||
74:cb:ba:36:09:9d:b1:b5:ae:34:14:a9:5e:b2:8b:
|
||||
c1:22:c3:17:d5:c4:f0:d0:03:23:69:bc:8d:fb:c3:
|
||||
1b:2b:ed:a6:d3:34:d2:a3:be:56:53:01:97:7f:0d:
|
||||
18:05:ee:f4:c8:e0:dc:35:5d:64:31:b5:a9:b8:91:
|
||||
24:f8:84:a7:5d:ea:e8:27:53:27:fd:15:f5:5a:5f:
|
||||
4e:8f:de:3d:f5:ea:18:60:a2:a5:c7:d9:47:c2:3d:
|
||||
99:48:fb:a0:89:47:fb:e6:90:1d:45:62:99:6d:6b:
|
||||
7c:4a:84:73:11:18:66:e1:a9:3a:af:a4:ad:80:4c:
|
||||
da:59:34:65:d9:6d:56:1d:d8:bc:b9:16:53:2d:6e:
|
||||
60:d9:ae:eb:5b:b1:bc:a4:6a:9b:64:66:d6:7b:da:
|
||||
13:07
|
||||
Exponent: 65537 (0x10001)
|
||||
X509v3 extensions:
|
||||
X509v3 Basic Constraints:
|
||||
CA:FALSE
|
||||
Netscape Comment:
|
||||
Easy-RSA Generated Certificate
|
||||
X509v3 Subject Key Identifier:
|
||||
46:3A:4F:3B:6A:A1:C4:89:4D:C4:D8:4A:CF:CD:F4:35:4F:1C:AE:3F
|
||||
X509v3 Authority Key Identifier:
|
||||
keyid:4E:82:1E:14:81:EB:9B:C8:71:2C:B1:22:68:90:BF:EE:D9:D4:FF:D4
|
||||
DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
|
||||
serial:FE:59:AD:5E:BE:90:05:3E
|
||||
|
||||
X509v3 Extended Key Usage:
|
||||
TLS Web Client Authentication
|
||||
X509v3 Key Usage:
|
||||
Digital Signature
|
||||
X509v3 Subject Alternative Name:
|
||||
DNS:hh-kanzlei
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
50:14:59:a4:6e:5e:b8:34:53:c9:2c:93:7a:7b:4f:ce:89:ac:
|
||||
88:b8:8d:aa:eb:e9:53:ed:dc:30:57:88:59:e9:96:15:e1:aa:
|
||||
15:06:06:1e:9e:58:b7:77:ab:90:c7:4a:b8:75:2e:5e:3b:8e:
|
||||
90:2a:3b:98:72:92:7a:db:0e:77:f8:25:6a:60:e9:1c:53:c6:
|
||||
3e:5d:9a:f2:16:bc:1b:c8:9e:5c:b1:a6:39:e4:d6:fb:9d:08:
|
||||
39:b4:f7:25:39:85:86:61:b7:d5:d5:8d:60:10:0d:e4:5e:e8:
|
||||
5d:70:a8:58:d1:66:4d:f7:7f:53:e2:7a:cf:f1:25:57:56:fa:
|
||||
b4:06:db:75:6e:36:9d:0e:c0:85:6f:ae:2d:e2:d6:a0:6e:0d:
|
||||
5f:c2:6f:f5:d0:5d:d9:54:62:c0:86:e0:84:b6:7c:b5:94:dc:
|
||||
33:b8:0d:a2:82:42:1e:d3:1a:12:c9:0d:29:4f:af:00:7e:ed:
|
||||
43:78:d7:da:7c:20:fa:50:b3:ed:de:51:31:8c:e0:77:ba:d7:
|
||||
9d:ca:88:6b:c1:79:1e:30:7c:1f:07:54:a5:fe:46:8e:0e:df:
|
||||
75:da:fc:77:2f:be:49:7d:14:28:01:17:a7:55:27:59:e6:84:
|
||||
19:b8:19:6b:2d:32:12:30:f2:79:c1:bb:39:7f:63:30:6b:ab:
|
||||
65:e0:ce:cc
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIFdDCCBFygAwIBAgIBDDANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
|
||||
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
|
||||
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
|
||||
bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
|
||||
CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xODA2MjAwMTE3MDZaFw0zODA2MjAw
|
||||
MTE3MDZaMIG/MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
|
||||
EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
|
||||
aWNlczEkMCIGA1UEAxMbVlBOLUthbnpsZWktS2llbC1oaC1rYW56bGVpMRkwFwYD
|
||||
VQQpExBWUE4gS2FuemxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1A
|
||||
b29wZW4uZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVUuQpDwsH
|
||||
vxSAvH4nppLzlcXizzUA/Wvn6cIysA3GO5nY9LKt5s2O4SWljMguYC8ta00jmK4G
|
||||
WfPyzarzZLxEBCosSsemxKUS4pW1hiPJFjgdoXwnWY6DsaeFFPFzKdyH84cM+8gD
|
||||
6XTLujYJnbG1rjQUqV6yi8EiwxfVxPDQAyNpvI37wxsr7abTNNKjvlZTAZd/DRgF
|
||||
7vTI4Nw1XWQxtam4kST4hKdd6ugnUyf9FfVaX06P3j316hhgoqXH2UfCPZlI+6CJ
|
||||
R/vmkB1FYplta3xKhHMRGGbhqTqvpK2ATNpZNGXZbVYd2Ly5FlMtbmDZrutbsbyk
|
||||
aptkZtZ72hMHAgMBAAGjggGCMIIBfjAJBgNVHRMEAjAAMC0GCWCGSAGG+EIBDQQg
|
||||
Fh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFEY6Tztq
|
||||
ocSJTcTYSs/N9DVPHK4/MIHpBgNVHSMEgeEwgd6AFE6CHhSB65vIcSyxImiQv+7Z
|
||||
1P/UoYG6pIG3MIG0MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYD
|
||||
VQQHEwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBT
|
||||
ZXJ2aWNlczEZMBcGA1UEAxMQVlBOLUthbnpsZWktS2llbDEZMBcGA1UEKRMQVlBO
|
||||
IEthbnpsZWkgS2llbDEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRl
|
||||
ggkA/lmtXr6QBT4wEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMBUG
|
||||
A1UdEQQOMAyCCmhoLWthbnpsZWkwDQYJKoZIhvcNAQELBQADggEBAFAUWaRuXrg0
|
||||
U8ksk3p7T86JrIi4jarr6VPt3DBXiFnplhXhqhUGBh6eWLd3q5DHSrh1Ll47jpAq
|
||||
O5hyknrbDnf4JWpg6RxTxj5dmvIWvBvInlyxpjnk1vudCDm09yU5hYZht9XVjWAQ
|
||||
DeRe6F1wqFjRZk33f1Pies/xJVdW+rQG23VuNp0OwIVvri3i1qBuDV/Cb/XQXdlU
|
||||
YsCG4IS2fLWU3DO4DaKCQh7TGhLJDSlPrwB+7UN419p8IPpQs+3eUTGM4He6153K
|
||||
iGvBeR4wfB8HVKX+Ro4O33Xa/Hcvvkl9FCgBF6dVJ1nmhBm4GWstMhIw8nnBuzl/
|
||||
YzBrq2Xgzsw=
|
||||
-----END CERTIFICATE-----
|
||||
19
Kanzlei-Kiel/openvpn/keys/hh-kanzlei.csr
Normal file
19
Kanzlei-Kiel/openvpn/keys/hh-kanzlei.csr
Normal file
@ -0,0 +1,19 @@
|
||||
-----BEGIN CERTIFICATE REQUEST-----
|
||||
MIIDBTCCAe0CAQAwgb8xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
|
||||
BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3Jr
|
||||
IFNlcnZpY2VzMSQwIgYDVQQDExtWUE4tS2FuemxlaS1LaWVsLWhoLWthbnpsZWkx
|
||||
GTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0BCQEWEmNrdWJ1
|
||||
LWFkbUBvb3Blbi5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANVS
|
||||
5CkPCwe/FIC8fiemkvOVxeLPNQD9a+fpwjKwDcY7mdj0sq3mzY7hJaWMyC5gLy1r
|
||||
TSOYrgZZ8/LNqvNkvEQEKixKx6bEpRLilbWGI8kWOB2hfCdZjoOxp4UU8XMp3Ifz
|
||||
hwz7yAPpdMu6NgmdsbWuNBSpXrKLwSLDF9XE8NADI2m8jfvDGyvtptM00qO+VlMB
|
||||
l38NGAXu9Mjg3DVdZDG1qbiRJPiEp13q6CdTJ/0V9VpfTo/ePfXqGGCipcfZR8I9
|
||||
mUj7oIlH++aQHUVimW1rfEqEcxEYZuGpOq+krYBM2lk0ZdltVh3YvLkWUy1uYNmu
|
||||
61uxvKRqm2Rm1nvaEwcCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQAyk/SNslBi
|
||||
QIVKUrYkdwh7wq1XphPTUsobDf0PBP6WfBoe0DboCK5rGeF8P35C/ho7oMETMJr6
|
||||
LshaW0JZoskPNO8PTWHCAq+FCQNJV0l5apGCSmOY54Jgtb6yy4kna3lX8on8YBWN
|
||||
HFzv4Uvsr9Bu4JB3VjYDnkN4rL12oPjwhvkr05PeErh7w5YPai50cxml/Ee2GDUA
|
||||
IzB8AdNQDlT/LC+JzSF5sOxMn01aK8fiiygLjbnJt4HN8MDwbaWj2pWB52kFp9Xd
|
||||
g1lWbOIPvkOSjFzsugyFGhz9W/Hoc2ghSIwXiFKVcFY7JtXNCiuUmUz2hrpmjLd2
|
||||
u8F2f9Tpnk/+
|
||||
-----END CERTIFICATE REQUEST-----
|
||||
30
Kanzlei-Kiel/openvpn/keys/hh-kanzlei.key
Normal file
30
Kanzlei-Kiel/openvpn/keys/hh-kanzlei.key
Normal file
@ -0,0 +1,30 @@
|
||||
-----BEGIN ENCRYPTED PRIVATE KEY-----
|
||||
MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIz79jvbHv3DACAggA
|
||||
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECPE3o5ZalTfQBIIEyMw6MfxJ1fA5
|
||||
+84OUNHDJ/9BvnQu/0EbX6YkZIZgZ37zxvYR8NRMHqRdsR5oTqigbOgkSQTx7JEA
|
||||
M2p3uEi4nrz9Rle+T6ZALHaTQcQcUe3ZgpksyUXTQjVnKm+riZpK+jmoYpdPUfQo
|
||||
TyKb3FeuNxOoqyyruxiDyoyxtQvgz0SuibDrOX+GyM2HbXkZPD6JjZuW7U/TFriF
|
||||
0+R7Eog718e/0bisKlPs//3gktx0QyApc3RMQjKaXBrCS5xlwgsj/OAAitjBhwl3
|
||||
XP9FgoP/is/8pu7LERuqt3exwYk3QaJrruUkhxscupXCi1doe/Nql4cpZAiAVTQ2
|
||||
m0QDSj0PSqy7vAZwZ+R3DttZMHcPEtAsrzBFpcVhKnKte7bGk4k0ICRIZMI1wVJI
|
||||
uRK4ihPj2d38Bff3YuNoCjTlzETtOXMP5+UP3oH8fY7qb7P/QRp8Yp1lapL4NMgv
|
||||
fJyNyyQAg08K3XHhEZVF9I3N6KCiVPi8K5Uteb7r/kjXuQ+nOzxvzTPqjW+7huT/
|
||||
kbh5AIcMVUCxHvME9Au7yLpuy1T70TyW5zqmE1feZkVQE76oj8BAkhmhRAuvaCES
|
||||
ZglwSmTA1bYDPVs8/nnRB2VjcWYjus0oSC0xdiOAYRH0KuW59DgfMttaxXh4/9Mb
|
||||
uXsu/2HU3nOxrXEzBHUDOEb+ja/kKOrU0TrsdcpPGVqlMFHjEDEr7oEWVoIH7iGw
|
||||
4McLH9Q6054DczfJrfavhkx+Pk5Fb3nTfPH753ugCrPz733w0ugi2IKEzJXgAXOx
|
||||
3cTBVr6mOw3ctQ+7D9bOHIEAk4Gfgf+DdTlLRbDTIBB/OWiPjp2x7D+eu1oVMlOU
|
||||
5gkSadlklwkwe3dGjWsSjK5g+HE8rlBZbYTEe2gko1S5s7+v7jn2rP+2cY8DHASG
|
||||
UiPghE5+MC9W++5PizQyLaR5FNO6/GzbzalrtGeE7F4s2MnRjUotDKFfZdWeOdFJ
|
||||
zpv4GzNU36BH9WCbW3jrZMH0uDBt6lVoU+t7uwIvDnrAXY+FwodaffS7xWhNWm5r
|
||||
h3yGnHQzz17ZDUAnMRSOjejb32PmNq2M5StlnY80MBzKptE0qYuvW+BzpsMyYSFz
|
||||
2T3jhJmYwPsPoKE/O2xPVg2wGExss4UQyZUoV/rvtE+WTXUsYUzsjwBIV6DD0ux0
|
||||
PGDbO7yO83izhn3VlWRq6Re0n6CLXmyCg7nVi0Iuw93dHfUQWcuKCKE8uwRA5QE+
|
||||
3edHSYOtTZ/PLH+Uh+Qp6m11GiYhY3S+vlJ0l1FBfx07KCfOzbxBtB8lHK9q3XaY
|
||||
bZOBPDMs/Wx31O48L/i19OycBELKwoPUQTjEId6kgYMHxgjXO7XbHrN4Ryxw9ydT
|
||||
Iij3WOKaeICUmaSG/dx5luKJ6BV2ZJyJF3vKWVUMtpamEeqfFevxAMgTC9zh7D9+
|
||||
1WhNCPvvgJ5OXsfdUMcUnENnGdcSfznOG/BlKVRG7niGKjvk4DtdjZfHMI0TXqiV
|
||||
Krn4GcJFZjMVxG16TFxpCVK6M52CV3WoGgg2YLp1bop1bbv4zwE3gk00EILcRKfF
|
||||
UZrEn+5QF7XsS4Ym85y9DrOc1Oag3AFxwqT/cZuX7cfEDR6JE/ZQ8IGuQnH1sRkk
|
||||
5Gw1p3AFAgSy7ADVtsF/kA==
|
||||
-----END ENCRYPTED PRIVATE KEY-----
|
||||
99
Kanzlei-Kiel/openvpn/keys/hh-lucke.crt
Normal file
99
Kanzlei-Kiel/openvpn/keys/hh-lucke.crt
Normal file
@ -0,0 +1,99 @@
|
||||
Certificate:
|
||||
Data:
|
||||
Version: 3 (0x2)
|
||||
Serial Number: 11 (0xb)
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
|
||||
Validity
|
||||
Not Before: Jun 20 01:15:46 2018 GMT
|
||||
Not After : Jun 20 01:15:46 2038 GMT
|
||||
Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel-hh-lucke/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
|
||||
Subject Public Key Info:
|
||||
Public Key Algorithm: rsaEncryption
|
||||
Public-Key: (2048 bit)
|
||||
Modulus:
|
||||
00:a7:2f:9f:e8:e6:6e:8e:31:9d:3a:49:d8:b1:bc:
|
||||
23:04:0e:6d:a2:ab:2a:19:79:12:74:c9:a8:ff:1c:
|
||||
42:61:cd:8a:16:23:b9:50:e0:ee:50:74:77:47:46:
|
||||
52:5d:aa:2b:53:0e:6a:ef:35:6c:03:5c:3f:23:14:
|
||||
c9:88:f6:80:bc:50:79:9b:64:42:14:f0:e9:fc:a6:
|
||||
f5:37:a2:9d:46:ce:39:7d:62:a4:82:a7:f4:aa:d8:
|
||||
2e:6e:4f:8f:6a:e6:54:26:a2:21:b3:b6:4c:9c:e1:
|
||||
ae:13:9a:82:c5:2f:a0:a5:e5:58:72:2f:c5:88:96:
|
||||
d4:f8:84:19:1e:cd:7a:cf:0b:0d:81:1a:72:61:ed:
|
||||
b6:e4:1c:68:be:c5:c1:bc:82:7c:17:91:20:81:b1:
|
||||
59:62:8f:1b:05:cf:30:84:14:e5:2b:27:64:f0:26:
|
||||
79:48:ef:4e:6c:87:2b:1e:68:81:5d:b7:c5:35:8e:
|
||||
6b:9b:18:2c:ca:3e:34:44:7d:21:86:59:ff:cd:75:
|
||||
0a:e7:d5:81:82:0d:a4:3a:18:ab:7f:44:69:c0:58:
|
||||
9e:78:28:39:c4:21:75:35:33:6f:a5:12:9f:0e:14:
|
||||
19:aa:3d:a1:d2:fc:9e:94:df:4b:0d:9b:3f:2f:d6:
|
||||
c6:1e:83:6e:df:15:a5:39:73:e2:f9:b3:ca:21:91:
|
||||
62:bd
|
||||
Exponent: 65537 (0x10001)
|
||||
X509v3 extensions:
|
||||
X509v3 Basic Constraints:
|
||||
CA:FALSE
|
||||
Netscape Comment:
|
||||
Easy-RSA Generated Certificate
|
||||
X509v3 Subject Key Identifier:
|
||||
12:18:6F:92:EF:06:74:57:8F:A5:A6:3B:89:B8:F9:CB:0A:B0:88:9A
|
||||
X509v3 Authority Key Identifier:
|
||||
keyid:4E:82:1E:14:81:EB:9B:C8:71:2C:B1:22:68:90:BF:EE:D9:D4:FF:D4
|
||||
DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
|
||||
serial:FE:59:AD:5E:BE:90:05:3E
|
||||
|
||||
X509v3 Extended Key Usage:
|
||||
TLS Web Client Authentication
|
||||
X509v3 Key Usage:
|
||||
Digital Signature
|
||||
X509v3 Subject Alternative Name:
|
||||
DNS:hh-lucke
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
58:2f:90:af:27:6c:82:c5:d0:09:54:34:2d:95:1d:dd:eb:35:
|
||||
35:2e:82:95:33:e4:63:bf:9f:fc:26:58:5a:91:50:3f:ca:96:
|
||||
dd:d0:77:5b:e4:b7:de:a4:51:70:eb:f2:5c:fd:66:f2:4e:3c:
|
||||
d0:41:5e:8c:25:ca:a8:ef:1c:51:d2:ad:0c:3e:20:15:97:1c:
|
||||
a7:ec:d6:5c:a6:99:a6:63:23:1a:6e:96:7a:9a:9f:86:00:dd:
|
||||
b4:a7:0d:d9:77:4a:be:0c:28:c3:2f:7a:73:d2:4f:ef:c6:f4:
|
||||
8a:01:b0:7e:e2:3c:6d:41:7f:75:58:07:32:59:13:e9:7f:8f:
|
||||
22:19:7b:ec:e1:21:d9:b3:54:6e:97:de:36:53:c2:8e:bd:be:
|
||||
7b:bd:26:09:57:07:8e:2d:3a:d0:3e:d3:97:8b:a1:e2:91:c9:
|
||||
c2:2d:89:20:d2:e4:65:f8:77:9b:5c:4f:bd:05:3b:87:e2:bd:
|
||||
0f:76:7d:93:f2:0b:ef:2c:45:74:06:3e:ea:d9:86:f1:55:23:
|
||||
8a:00:c2:ed:c3:79:34:7d:bd:c8:0c:c2:e5:f4:b2:28:ed:71:
|
||||
74:39:1c:f2:cf:ac:f0:38:b9:b9:f4:41:35:58:1c:6d:f9:4f:
|
||||
ce:1e:ed:ee:f7:06:95:f9:4e:7f:c1:aa:d7:3e:52:84:72:01:
|
||||
65:0d:b5:26
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIFcDCCBFigAwIBAgIBCzANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
|
||||
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
|
||||
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
|
||||
bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
|
||||
CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xODA2MjAwMTE1NDZaFw0zODA2MjAw
|
||||
MTE1NDZaMIG9MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
|
||||
EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
|
||||
aWNlczEiMCAGA1UEAxMZVlBOLUthbnpsZWktS2llbC1oaC1sdWNrZTEZMBcGA1UE
|
||||
KRMQVlBOIEthbnpsZWkgS2llbDEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9v
|
||||
cGVuLmRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApy+f6OZujjGd
|
||||
OknYsbwjBA5toqsqGXkSdMmo/xxCYc2KFiO5UODuUHR3R0ZSXaorUw5q7zVsA1w/
|
||||
IxTJiPaAvFB5m2RCFPDp/Kb1N6KdRs45fWKkgqf0qtgubk+PauZUJqIhs7ZMnOGu
|
||||
E5qCxS+gpeVYci/FiJbU+IQZHs16zwsNgRpyYe225BxovsXBvIJ8F5EggbFZYo8b
|
||||
Bc8whBTlKydk8CZ5SO9ObIcrHmiBXbfFNY5rmxgsyj40RH0hhln/zXUK59WBgg2k
|
||||
Ohirf0RpwFieeCg5xCF1NTNvpRKfDhQZqj2h0vyelN9LDZs/L9bGHoNu3xWlOXPi
|
||||
+bPKIZFivQIDAQABo4IBgDCCAXwwCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYe
|
||||
RWFzeS1SU0EgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBQSGG+S7wZ0
|
||||
V4+lpjuJuPnLCrCImjCB6QYDVR0jBIHhMIHegBROgh4UgeubyHEssSJokL/u2dT/
|
||||
1KGBuqSBtzCBtDELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UE
|
||||
BxMGQmVybGluMQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2Vy
|
||||
dmljZXMxGTAXBgNVBAMTEFZQTi1LYW56bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBL
|
||||
YW56bGVpIEtpZWwxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZYIJ
|
||||
AP5ZrV6+kAU+MBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDATBgNV
|
||||
HREEDDAKgghoaC1sdWNrZTANBgkqhkiG9w0BAQsFAAOCAQEAWC+QrydsgsXQCVQ0
|
||||
LZUd3es1NS6ClTPkY7+f/CZYWpFQP8qW3dB3W+S33qRRcOvyXP1m8k480EFejCXK
|
||||
qO8cUdKtDD4gFZccp+zWXKaZpmMjGm6WepqfhgDdtKcN2XdKvgwowy96c9JP78b0
|
||||
igGwfuI8bUF/dVgHMlkT6X+PIhl77OEh2bNUbpfeNlPCjr2+e70mCVcHji060D7T
|
||||
l4uh4pHJwi2JINLkZfh3m1xPvQU7h+K9D3Z9k/IL7yxFdAY+6tmG8VUjigDC7cN5
|
||||
NH29yAzC5fSyKO1xdDkc8s+s8Di5ufRBNVgcbflPzh7t7vcGlflOf8Gq1z5ShHIB
|
||||
ZQ21Jg==
|
||||
-----END CERTIFICATE-----
|
||||
19
Kanzlei-Kiel/openvpn/keys/hh-lucke.csr
Normal file
19
Kanzlei-Kiel/openvpn/keys/hh-lucke.csr
Normal file
@ -0,0 +1,19 @@
|
||||
-----BEGIN CERTIFICATE REQUEST-----
|
||||
MIIDAzCCAesCAQAwgb0xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
|
||||
BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3Jr
|
||||
IFNlcnZpY2VzMSIwIAYDVQQDExlWUE4tS2FuemxlaS1LaWVsLWhoLWx1Y2tlMRkw
|
||||
FwYDVQQpExBWUE4gS2FuemxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1h
|
||||
ZG1Ab29wZW4uZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnL5/o
|
||||
5m6OMZ06SdixvCMEDm2iqyoZeRJ0yaj/HEJhzYoWI7lQ4O5QdHdHRlJdqitTDmrv
|
||||
NWwDXD8jFMmI9oC8UHmbZEIU8On8pvU3op1Gzjl9YqSCp/Sq2C5uT49q5lQmoiGz
|
||||
tkyc4a4TmoLFL6Cl5VhyL8WIltT4hBkezXrPCw2BGnJh7bbkHGi+xcG8gnwXkSCB
|
||||
sVlijxsFzzCEFOUrJ2TwJnlI705shyseaIFdt8U1jmubGCzKPjREfSGGWf/NdQrn
|
||||
1YGCDaQ6GKt/RGnAWJ54KDnEIXU1M2+lEp8OFBmqPaHS/J6U30sNmz8v1sYeg27f
|
||||
FaU5c+L5s8ohkWK9AgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEAZR/wHHvXr0l8
|
||||
BohIS0bp1T0EIQEqUgzRqfUq5NyZAv8zyYHd+4QW8mblkAibTRGw/PE/CwZuuKWc
|
||||
F69RnQv86MxFC9eZbwSqmcncSTtSqATbeRiXMf+KA5tWetdA9a788OJXX3MH94jg
|
||||
h4x9qX1He8EZFg+bmM2j+JeOfvxBYj3M/ptx9sOn54tj/Fmebel+6yGSGmLnND63
|
||||
i6OPgM3PKWAV40IBUtqlgF8uTheEEsiZHZJeyaW1jJqDpHZ7gfXUQH1ucXzBQYLh
|
||||
5EG3Vw2ffT34cnBJN0ujl3vom+QCZyXxzJ59l6U/Z8aq0Wt/9Sz0DLr2uEu02V0O
|
||||
lyJoeqxl1w==
|
||||
-----END CERTIFICATE REQUEST-----
|
||||
30
Kanzlei-Kiel/openvpn/keys/hh-lucke.key
Normal file
30
Kanzlei-Kiel/openvpn/keys/hh-lucke.key
Normal file
@ -0,0 +1,30 @@
|
||||
-----BEGIN ENCRYPTED PRIVATE KEY-----
|
||||
MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIXEjPaNf5KGgCAggA
|
||||
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECNdZNDlsLt4gBIIEyOzgTgA/V6IO
|
||||
pWGeNhluCi3s8PPytWN35z5mSE3N1ErEveJ65W865nNJkqnDR9a7RVciE++KhWs5
|
||||
CYoopoGcUyadyfKIe9HkOplxeZsy1qHoMYDNQqww4cr1BV3erA6OkW4XJ0RMZcyu
|
||||
aCdU649EmdDPmESmW23Q4getgX8sHC0/Yw3GHpZ8jqh3tH5HYJt2/MAQGAtlIlOn
|
||||
MW4cE9ZcWuD0DXH0sjakovu4UqxefOmmYEWhS9Rt1hfu7rE0Tb4Yvl3lzR7ke+NF
|
||||
IAobjcDtGvTr+XxUyhLY57I8qlK0uooyziHhZWusu358mjWaTifqFUN2NRw1rgqp
|
||||
FoMvkSeyGTPrMO9eY1N+QLw9KZ2/Sd+1KcLhOGHyc5DhL6YmlhxsnMJDUiqrDC/v
|
||||
j191WT41+yBSqfVY9PgKU3B1e/kEGWM+JZUz5Wpx8wP9NREjX+JUBkiTcvbho61D
|
||||
3qxHFrqbcic1gKcCQ61c7dV2c/cH9EAYl426qzTclmw0fL1rKjutUJ6USq05gcNU
|
||||
e8ugKz5xR/EyiUKx1iPRlKd1EJORX5n+XdTNhvJuO2x5CXmT28Snv7ZpQEC3Qpt+
|
||||
P6f8hm1c2Dmc05wePoc4fbPL4j47fG45EXWeMw2gAPzWuGkVEN2zUSRf43e985/k
|
||||
E3nzQVwXZ1K3zg80PEv9BcmH3aA0I0Vp4b3EH2gVi5Zxcf8fZoqVKBWppFND29pN
|
||||
hQ9Vnlu1R/LQ9I4OFO+txmuEADCVh4KNzZBfPwdz5ZiPAtw3jFpYSbbsC+nbha+4
|
||||
sW3HwDwCqF8tXBNyVFI5Vk5Saagu8Rj4/ng4NuEHVFIJD3Ul5bKb4Li2Ld5HGMmc
|
||||
WU7XTwBO08onPZp/EpYem8LQ3fPmwKIdyiWDc7gOIeHgLp0/y08aJTcacYBpInfq
|
||||
o3Ne6z/drZErYRie3r7NCpzCt3xzEcQhfMi3PxxTOMOU3cdEtQhkAq+XruWesIOS
|
||||
U4/Kgv59K0wpMmg8Ezg9qKrDnwylNhab//sC3IT6/CjHsvHAmMyxwRVaPu4420l1
|
||||
uK8fZPCHSmHeuR+A2iEiQMBmCWE51BIi3tOH25PhkibpZHD4RcN5b+Ws7lCbFF1s
|
||||
fCsYoVLEufzEZdsr7LkDpMdfvwJXt2BqvwRuNwoV5VnuVLI+yfnkak4j/pt9Vwvy
|
||||
hAqSCdzjxp6Sor/5tJBs7mfGQHO3ULgp3bVkuELnzHEOyUq1h3BOpk6VDnk9t2VI
|
||||
xg1WVr6gztKdvtjnfFoguE+Wdd6N1XGMxlBzzY7BM1TIXQM2k9mM6r5ACoy17/Xr
|
||||
M8aS8BQJ+M+dUVKTm0fMLPVOCqmIlmVwZRrJybwc0+Qx8yzLNGTbwHUlBZ0xct04
|
||||
JLrpH4vuzbewKIXCPQn9iCtmSNuHOkdaryKaVF/IrM2QXMl20WG3OMtazDnvYGP9
|
||||
NTyyDQp1CMug+WSH3aEhs65pHHMjxj/I+4cH8CcggKbencG5QF2ztBcP0RK+Facl
|
||||
YK4IEMkrCdorkY6MAOhLKhAOGPcYFSDgLwAvrN/xVLTkZg7Y2jR8gD33QZh9TDrl
|
||||
vn9D5Se2xoGt6F9P3HuGnRSNgSK572ViPoMXqqjEJz4SShPwCWyUn5PDwYhJhBJs
|
||||
UWrDe94SSE93IuXItNGO1A==
|
||||
-----END ENCRYPTED PRIVATE KEY-----
|
||||
99
Kanzlei-Kiel/openvpn/keys/hh-suesse.crt
Normal file
99
Kanzlei-Kiel/openvpn/keys/hh-suesse.crt
Normal file
@ -0,0 +1,99 @@
|
||||
Certificate:
|
||||
Data:
|
||||
Version: 3 (0x2)
|
||||
Serial Number: 13 (0xd)
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
|
||||
Validity
|
||||
Not Before: Jun 20 01:18:40 2018 GMT
|
||||
Not After : Jun 20 01:18:40 2038 GMT
|
||||
Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel-hh-suesse/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
|
||||
Subject Public Key Info:
|
||||
Public Key Algorithm: rsaEncryption
|
||||
Public-Key: (2048 bit)
|
||||
Modulus:
|
||||
00:ce:47:4d:5f:ad:af:dc:78:19:ac:37:66:7b:0a:
|
||||
9e:07:b7:40:0c:72:34:6d:d3:6b:a4:b7:62:59:4a:
|
||||
16:96:7a:ab:f6:50:1a:a7:68:5f:b1:eb:8f:68:a5:
|
||||
f0:56:ca:9b:12:7a:98:20:72:6a:3b:cb:2c:f0:b0:
|
||||
5f:cb:68:40:01:12:ed:a7:9a:e1:d0:32:61:76:77:
|
||||
47:cb:60:30:7a:e1:c1:4a:a4:ee:bf:14:d3:80:15:
|
||||
45:19:72:06:25:a2:2b:95:d3:28:13:37:99:b8:65:
|
||||
b7:f5:1c:0e:7b:11:ce:cc:ec:62:61:06:bf:4f:54:
|
||||
cf:ee:9d:63:39:5c:68:73:62:36:32:89:65:87:dc:
|
||||
39:91:b2:e7:75:ff:ab:94:51:2e:be:ed:ce:dd:1e:
|
||||
3b:b0:c3:8c:5d:5d:91:1a:e7:6d:ef:e7:3f:95:73:
|
||||
4a:17:ad:20:9e:04:89:19:1d:cb:8f:0f:83:aa:f5:
|
||||
f2:44:e2:db:86:e1:0f:f4:c2:23:1f:16:2d:fb:39:
|
||||
8f:b0:27:56:05:9c:95:b8:4d:c7:4e:e3:d6:6b:ca:
|
||||
52:1e:ea:07:7f:34:ca:44:b4:52:61:70:5a:b5:0d:
|
||||
08:56:93:56:24:03:38:e9:d7:d4:35:46:fd:07:76:
|
||||
9b:59:d3:40:cc:1b:e6:ef:25:d8:30:7b:a8:9d:ae:
|
||||
ff:63
|
||||
Exponent: 65537 (0x10001)
|
||||
X509v3 extensions:
|
||||
X509v3 Basic Constraints:
|
||||
CA:FALSE
|
||||
Netscape Comment:
|
||||
Easy-RSA Generated Certificate
|
||||
X509v3 Subject Key Identifier:
|
||||
65:F3:7F:95:10:B1:48:0D:12:8E:7B:13:1E:B8:CC:E5:10:F9:D0:87
|
||||
X509v3 Authority Key Identifier:
|
||||
keyid:4E:82:1E:14:81:EB:9B:C8:71:2C:B1:22:68:90:BF:EE:D9:D4:FF:D4
|
||||
DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
|
||||
serial:FE:59:AD:5E:BE:90:05:3E
|
||||
|
||||
X509v3 Extended Key Usage:
|
||||
TLS Web Client Authentication
|
||||
X509v3 Key Usage:
|
||||
Digital Signature
|
||||
X509v3 Subject Alternative Name:
|
||||
DNS:hh-suesse
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
29:19:a3:04:b2:3d:34:c8:3c:84:02:aa:9d:d8:f8:e8:75:6d:
|
||||
30:36:7a:27:4c:aa:67:ce:92:36:0c:99:7e:41:aa:6b:f2:fb:
|
||||
66:33:2f:21:e9:fc:c5:c5:34:cd:7f:a1:9e:63:a8:99:6d:86:
|
||||
4f:74:73:87:a5:d4:5f:59:36:61:d2:71:6a:e6:ba:11:a1:87:
|
||||
e0:97:2b:81:a9:e0:7a:aa:95:86:62:cf:9d:20:39:b5:41:b8:
|
||||
5b:6f:7a:57:b4:72:9d:53:f7:f4:d1:72:6f:8b:23:90:38:56:
|
||||
53:97:f2:ce:e0:bd:76:56:ff:f4:f4:7f:58:d7:c3:94:fd:7c:
|
||||
8f:8a:63:2e:49:84:d6:85:b3:6d:ad:de:5e:2e:9b:37:e7:7a:
|
||||
77:b0:45:63:59:8f:a0:6c:9f:20:1b:10:cb:3c:88:b9:61:61:
|
||||
7b:da:b8:69:97:8c:07:a8:75:57:a5:bb:4a:1f:57:53:6d:1b:
|
||||
4b:9b:e9:2c:78:55:4d:e8:cb:e7:ce:f8:61:9e:e4:04:63:3f:
|
||||
6c:ad:38:73:74:61:03:25:f7:c9:6c:d9:42:c0:00:8c:ef:93:
|
||||
9c:cd:09:9c:84:ff:43:ae:1c:fe:85:1d:c3:0c:e7:a6:09:3d:
|
||||
48:60:22:6a:69:8c:6e:dd:98:30:cc:e2:03:c5:f1:81:28:54:
|
||||
c1:6b:66:38
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIFcjCCBFqgAwIBAgIBDTANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
|
||||
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
|
||||
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
|
||||
bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
|
||||
CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xODA2MjAwMTE4NDBaFw0zODA2MjAw
|
||||
MTE4NDBaMIG+MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
|
||||
EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
|
||||
aWNlczEjMCEGA1UEAxMaVlBOLUthbnpsZWktS2llbC1oaC1zdWVzc2UxGTAXBgNV
|
||||
BCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBv
|
||||
b3Blbi5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM5HTV+tr9x4
|
||||
Gaw3ZnsKnge3QAxyNG3Ta6S3YllKFpZ6q/ZQGqdoX7Hrj2il8FbKmxJ6mCByajvL
|
||||
LPCwX8toQAES7aea4dAyYXZ3R8tgMHrhwUqk7r8U04AVRRlyBiWiK5XTKBM3mbhl
|
||||
t/UcDnsRzszsYmEGv09Uz+6dYzlcaHNiNjKJZYfcOZGy53X/q5RRLr7tzt0eO7DD
|
||||
jF1dkRrnbe/nP5VzShetIJ4EiRkdy48Pg6r18kTi24bhD/TCIx8WLfs5j7AnVgWc
|
||||
lbhNx07j1mvKUh7qB380ykS0UmFwWrUNCFaTViQDOOnX1DVG/Qd2m1nTQMwb5u8l
|
||||
2DB7qJ2u/2MCAwEAAaOCAYEwggF9MAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAW
|
||||
HkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUZfN/lRCx
|
||||
SA0SjnsTHrjM5RD50IcwgekGA1UdIwSB4TCB3oAUToIeFIHrm8hxLLEiaJC/7tnU
|
||||
/9ShgbqkgbcwgbQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNV
|
||||
BAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3JrIFNl
|
||||
cnZpY2VzMRkwFwYDVQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQpExBWUE4g
|
||||
S2FuemxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGWC
|
||||
CQD+Wa1evpAFPjATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwFAYD
|
||||
VR0RBA0wC4IJaGgtc3Vlc3NlMA0GCSqGSIb3DQEBCwUAA4IBAQApGaMEsj00yDyE
|
||||
Aqqd2PjodW0wNnonTKpnzpI2DJl+Qapr8vtmMy8h6fzFxTTNf6GeY6iZbYZPdHOH
|
||||
pdRfWTZh0nFq5roRoYfglyuBqeB6qpWGYs+dIDm1Qbhbb3pXtHKdU/f00XJviyOQ
|
||||
OFZTl/LO4L12Vv/09H9Y18OU/XyPimMuSYTWhbNtrd5eLps353p3sEVjWY+gbJ8g
|
||||
GxDLPIi5YWF72rhpl4wHqHVXpbtKH1dTbRtLm+kseFVN6MvnzvhhnuQEYz9srThz
|
||||
dGEDJffJbNlCwACM75OczQmchP9Drhz+hR3DDOemCT1IYCJqaYxu3ZgwzOIDxfGB
|
||||
KFTBa2Y4
|
||||
-----END CERTIFICATE-----
|
||||
19
Kanzlei-Kiel/openvpn/keys/hh-suesse.csr
Normal file
19
Kanzlei-Kiel/openvpn/keys/hh-suesse.csr
Normal file
@ -0,0 +1,19 @@
|
||||
-----BEGIN CERTIFICATE REQUEST-----
|
||||
MIIDBDCCAewCAQAwgb4xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
|
||||
BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3Jr
|
||||
IFNlcnZpY2VzMSMwIQYDVQQDExpWUE4tS2FuemxlaS1LaWVsLWhoLXN1ZXNzZTEZ
|
||||
MBcGA1UEKRMQVlBOIEthbnpsZWkgS2llbDEhMB8GCSqGSIb3DQEJARYSY2t1YnUt
|
||||
YWRtQG9vcGVuLmRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzkdN
|
||||
X62v3HgZrDdmewqeB7dADHI0bdNrpLdiWUoWlnqr9lAap2hfseuPaKXwVsqbEnqY
|
||||
IHJqO8ss8LBfy2hAARLtp5rh0DJhdndHy2AweuHBSqTuvxTTgBVFGXIGJaIrldMo
|
||||
EzeZuGW39RwOexHOzOxiYQa/T1TP7p1jOVxoc2I2Mollh9w5kbLndf+rlFEuvu3O
|
||||
3R47sMOMXV2RGudt7+c/lXNKF60gngSJGR3Ljw+DqvXyROLbhuEP9MIjHxYt+zmP
|
||||
sCdWBZyVuE3HTuPWa8pSHuoHfzTKRLRSYXBatQ0IVpNWJAM46dfUNUb9B3abWdNA
|
||||
zBvm7yXYMHuona7/YwIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBADV3CuVZBtIY
|
||||
DjQ5qvdhmQ70hjPcPYjb28ECdMqDyaWtKy083x1bMSuYkDcXMkjRbXaiRJW+aswa
|
||||
VWYS29wrSYBmz6QuIJWAyBWOZjgaY+kQ1aUzVkvS975kbKToxG5GcqBihDBQnEo8
|
||||
GiN1n/errFGDhkz/uC0MgM1TgY29/VckncL95FnVrFa/gm8fCgbyinR4XQkegPsG
|
||||
Qz26eXqgLxpS0SToD6uXfXvfa/9dBKex+bQnK3DCsiz69B2MnPwpwZrts7yBs/FX
|
||||
BjUV8I3RWBosopwZZb3NS4qXMhM7yU4rspihu2ueGCCzapKovp9OilDhRjpcpUoW
|
||||
YLvp92ZRLW0=
|
||||
-----END CERTIFICATE REQUEST-----
|
||||
30
Kanzlei-Kiel/openvpn/keys/hh-suesse.key
Normal file
30
Kanzlei-Kiel/openvpn/keys/hh-suesse.key
Normal file
@ -0,0 +1,30 @@
|
||||
-----BEGIN ENCRYPTED PRIVATE KEY-----
|
||||
MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIRrW75zSeh/gCAggA
|
||||
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECM/ACjLMnFOqBIIEyH3tvetavQ4n
|
||||
r+z1sBiLqhhfjqR0KVWznMpRWnwClNdu3XqQOYjRYRTcmMX1ILE7ifsyMfYNqmtw
|
||||
df1zCB0qc4rpg+FGMjEAJpGuU2uxcN85nTvRI7l7y8iIi5Bffjr44eMfitLjXRat
|
||||
XxZrkHIsbSpEhDeNBC5Pc9TCuqJY7PLac3a3JR0qNib+Ucpp9I8gWEW6FHrobSbG
|
||||
mSpEZe+w7uoAq5tcaJy8yHAzVQfmh0TJK09mhiXdKEmDipcaWDyCeXX+8Ck9sY/I
|
||||
Ykm5Fi/HrlAwMRYO834cWdBN1Zle1Prnn2xuOJsIKKTw/XktpOzbvOlykNgzVrvJ
|
||||
VbGfydf7DpN9Z6QkX+b0DrwYP8B3ZJyFVoFSyS4x7id6SXhsV5QMa7Rpr61g5Eag
|
||||
C3rcqwupmYqqirAHPMNbsjiV7APhGtXiGkoHZyDWe3NTzm6hMzYIbDcFtjIUEgyH
|
||||
htqd33oUNkSbrx0BWBQQulrq/kjYTcJpc19txJSvdBJZeNemxxcrr73EXI1GOhJL
|
||||
wKSP91yp7VPIE7S222eD1Q4hOvFHo/RTcaXXLUCX6MXH0kpLatf4iO26/FffRVxG
|
||||
+Ds/5IGTCjfLlj/Z3FiFkRbC7Ra7W8qkGdfykVvMkmjgEZBVFRzVZpPkTrvwa3J8
|
||||
93BlheE6bi6iGkvd6fRgLHl/029k3Rdt25Thfy/yXYWsXRJqc8J3/2ADjVFv0M0G
|
||||
wW/O2WtIaHeMK3g/KNgGIc+Gui+2UFy26VJOK+xA5pxMtr80+o01D1RKkrriKEXP
|
||||
qPtw/haSBpGKxn+RusujcNoRlwOC0oVHWvN7NqMaRJR78Zite2tECphCE454bl+g
|
||||
SpjGei9O0OajCNe+RraWgAL4uhE51RUiLqbrx+Rt6NhZxxTQ4nqOzeI5sHIerIAy
|
||||
YmMgWzjJljFwKSKysyjda1AVXSVtb82EXBko9ezmcTFtfvZIrx3w6pd0IXAh521j
|
||||
y6zYiAdp+4wZzuL54wZYk1t8ZG7dcA/iXY+RTS9PVkXveDHF2c6jgmBEjJtoxBMM
|
||||
WHdU0iE2pr7lSqmznr5wxZ2rcXCuUGYUCqdYAwdD4o8OLouWXhYtMdFcGrx6ouc9
|
||||
9YFwZR8qpeNHyEzJplxBIgLQ5maDm2pwpCAZXauU5zLZ1L35B6lF79+TUNQjqtSZ
|
||||
QI75KiukKh34a3a941IjALjXqrp+CzDCjdmww/R291oW3KeJ381E/k8+lZi9M8d9
|
||||
ZdCchKVpLOrixRCw5r7ItWczeFpVukdWuf2CzqHEzEz6r42IPbITAkrqChsm2UHh
|
||||
v3xrAk/JySmDL2D+iIapGTxlDto7Sf5D1AxKqvb3xWyReG01mEzYn6sxzng/BpNB
|
||||
7gkouadIUGsSnzz3gqGuBWUjMVa6Xq0bf9onUrfRk/6e6I3maWOpkTsn2x2nkAwm
|
||||
kgyA2PEZ1HcKyxQM6C4JOSAcLMZI4cDsA8/V6vwwxY249HhPGDtfDvUTpDipogW7
|
||||
D5qWyVsNpaeKPmAf5C8Wm5M9ikgQTJ2woCkkpzi9pn4K/j8s94sam2rAxTnTksKS
|
||||
GYnA1Tq6s6jyVYXqf4wE3Oh5AJoy3uQ0NQZW9QIobK0gIibNk+MUZbsXffKidbU3
|
||||
qxWilBX7I6N07FjmO1fYTg==
|
||||
-----END ENCRYPTED PRIVATE KEY-----
|
||||
@ -4,3 +4,10 @@ V 370627232459Z 03 unknown /C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Service
|
||||
V 370627232640Z 04 unknown /C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel-axel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
|
||||
V 370627233437Z 05 unknown /C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel-pc-hh/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
|
||||
V 370627234232Z 06 unknown /C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel-doro/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
|
||||
V 380619213616Z 07 unknown /C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel-bjoern/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
|
||||
V 380619213757Z 08 unknown /C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel-gubitz/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
|
||||
V 380619214021Z 09 unknown /C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel-schaar/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
|
||||
V 380619214153Z 0A unknown /C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel-molkentin/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
|
||||
V 380620011546Z 0B unknown /C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel-hh-lucke/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
|
||||
V 380620011706Z 0C unknown /C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel-hh-kanzlei/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
|
||||
V 380620011840Z 0D unknown /C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel-hh-suesse/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
|
||||
|
||||
@ -3,3 +3,10 @@ V 370627232059Z 02 unknown /C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Service
|
||||
V 370627232459Z 03 unknown /C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel-gw-ckubu/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
|
||||
V 370627232640Z 04 unknown /C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel-axel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
|
||||
V 370627233437Z 05 unknown /C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel-pc-hh/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
|
||||
V 370627234232Z 06 unknown /C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel-doro/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
|
||||
V 380619213616Z 07 unknown /C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel-bjoern/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
|
||||
V 380619213757Z 08 unknown /C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel-gubitz/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
|
||||
V 380619214021Z 09 unknown /C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel-schaar/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
|
||||
V 380619214153Z 0A unknown /C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel-molkentin/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
|
||||
V 380620011546Z 0B unknown /C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel-hh-lucke/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
|
||||
V 380620011706Z 0C unknown /C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel-hh-kanzlei/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
|
||||
|
||||
99
Kanzlei-Kiel/openvpn/keys/molkentin.crt
Normal file
99
Kanzlei-Kiel/openvpn/keys/molkentin.crt
Normal file
@ -0,0 +1,99 @@
|
||||
Certificate:
|
||||
Data:
|
||||
Version: 3 (0x2)
|
||||
Serial Number: 10 (0xa)
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
|
||||
Validity
|
||||
Not Before: Jun 19 21:41:53 2018 GMT
|
||||
Not After : Jun 19 21:41:53 2038 GMT
|
||||
Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel-molkentin/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
|
||||
Subject Public Key Info:
|
||||
Public Key Algorithm: rsaEncryption
|
||||
Public-Key: (2048 bit)
|
||||
Modulus:
|
||||
00:c6:6a:c0:92:83:b5:0c:46:87:8e:7e:c3:2c:87:
|
||||
b5:55:19:43:ea:91:84:b0:20:2e:9f:c5:64:5a:58:
|
||||
e9:7c:f5:95:26:3c:34:86:c4:1d:23:e9:78:7d:10:
|
||||
7d:84:b8:29:14:ff:00:cb:13:3a:a2:fb:cc:0c:bd:
|
||||
9e:5b:99:1b:c6:0b:aa:47:27:8b:f3:61:0c:36:a2:
|
||||
cc:f1:fd:c6:4d:cc:b1:da:e9:7b:93:76:53:52:99:
|
||||
90:27:5d:0f:5d:8e:1e:4c:1a:fe:28:17:dc:cd:1e:
|
||||
f3:19:7b:38:26:2a:b4:33:80:d0:38:7e:80:e6:6e:
|
||||
e9:ee:69:6b:8b:58:22:4b:36:b6:7b:17:0b:a0:8a:
|
||||
d4:f3:c4:76:01:a4:ad:1c:87:dd:65:6a:40:de:69:
|
||||
cb:4e:25:10:c6:4c:f9:df:94:11:78:12:e6:74:15:
|
||||
b1:2b:e7:41:08:50:c6:dd:31:f4:98:80:6f:ef:82:
|
||||
17:68:1e:ab:59:0c:d8:72:54:1d:6b:09:2e:9f:88:
|
||||
27:90:76:e1:97:4f:db:5b:ef:e1:af:4c:10:3f:eb:
|
||||
51:e6:a7:82:b8:95:c6:3d:19:a6:1e:16:f6:2f:f7:
|
||||
6d:8b:4c:9d:ee:aa:32:3b:a6:73:67:0e:b8:01:8d:
|
||||
28:44:8d:05:2a:3c:9e:51:3f:09:d0:5e:44:d8:dc:
|
||||
47:cd
|
||||
Exponent: 65537 (0x10001)
|
||||
X509v3 extensions:
|
||||
X509v3 Basic Constraints:
|
||||
CA:FALSE
|
||||
Netscape Comment:
|
||||
Easy-RSA Generated Certificate
|
||||
X509v3 Subject Key Identifier:
|
||||
72:5D:8B:B1:D0:0D:18:39:9B:B2:C1:ED:D8:3B:2C:30:45:B7:F3:16
|
||||
X509v3 Authority Key Identifier:
|
||||
keyid:4E:82:1E:14:81:EB:9B:C8:71:2C:B1:22:68:90:BF:EE:D9:D4:FF:D4
|
||||
DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
|
||||
serial:FE:59:AD:5E:BE:90:05:3E
|
||||
|
||||
X509v3 Extended Key Usage:
|
||||
TLS Web Client Authentication
|
||||
X509v3 Key Usage:
|
||||
Digital Signature
|
||||
X509v3 Subject Alternative Name:
|
||||
DNS:molkentin
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
44:50:10:96:65:54:09:d1:a9:b7:b0:0f:4d:50:45:4a:ec:a7:
|
||||
eb:fb:17:15:44:be:0e:b1:70:2c:05:d7:46:ee:ea:59:3a:92:
|
||||
52:f2:88:e5:11:86:c2:34:5a:94:92:28:74:b4:6b:e3:31:d1:
|
||||
d3:4d:c8:bf:2a:6a:1a:1d:51:ca:a4:c9:bb:a4:6d:c3:89:6f:
|
||||
af:9c:68:05:70:ef:69:55:a9:0b:2e:30:1d:a4:e8:d2:a5:53:
|
||||
e1:51:82:80:db:7e:ab:1e:90:8a:9b:c5:a7:6c:fd:cd:6d:89:
|
||||
41:79:a2:ae:f9:1b:19:83:29:98:2e:86:d6:c3:97:de:58:b3:
|
||||
0a:34:b1:73:9a:ed:2a:9e:18:a9:7b:fa:9d:0c:fe:9c:b4:68:
|
||||
ee:de:7c:2d:40:4c:21:e2:be:19:ef:eb:91:e3:11:1f:55:9a:
|
||||
da:2f:0d:b1:fb:b1:30:ae:83:30:bb:ef:18:64:5e:57:de:6f:
|
||||
b7:ca:58:06:06:4a:29:1a:25:f5:71:4a:39:4a:83:44:d7:d8:
|
||||
62:ea:31:18:2b:d1:ec:4f:3e:4b:b1:82:41:76:10:7f:7c:e4:
|
||||
95:28:e6:3e:e0:c3:82:d8:87:db:56:0a:4d:ad:cc:22:05:d1:
|
||||
76:0a:b9:d9:0b:08:3d:35:34:d2:e7:25:a9:6a:e8:aa:3d:e3:
|
||||
c1:70:00:2a
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIFcjCCBFqgAwIBAgIBCjANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
|
||||
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
|
||||
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
|
||||
bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
|
||||
CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xODA2MTkyMTQxNTNaFw0zODA2MTky
|
||||
MTQxNTNaMIG+MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
|
||||
EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
|
||||
aWNlczEjMCEGA1UEAxMaVlBOLUthbnpsZWktS2llbC1tb2xrZW50aW4xGTAXBgNV
|
||||
BCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBv
|
||||
b3Blbi5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMZqwJKDtQxG
|
||||
h45+wyyHtVUZQ+qRhLAgLp/FZFpY6Xz1lSY8NIbEHSPpeH0QfYS4KRT/AMsTOqL7
|
||||
zAy9nluZG8YLqkcni/NhDDaizPH9xk3Msdrpe5N2U1KZkCddD12OHkwa/igX3M0e
|
||||
8xl7OCYqtDOA0Dh+gOZu6e5pa4tYIks2tnsXC6CK1PPEdgGkrRyH3WVqQN5py04l
|
||||
EMZM+d+UEXgS5nQVsSvnQQhQxt0x9JiAb++CF2geq1kM2HJUHWsJLp+IJ5B24ZdP
|
||||
21vv4a9MED/rUeangriVxj0Zph4W9i/3bYtMne6qMjumc2cOuAGNKESNBSo8nlE/
|
||||
CdBeRNjcR80CAwEAAaOCAYEwggF9MAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAW
|
||||
HkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUcl2LsdAN
|
||||
GDmbssHt2DssMEW38xYwgekGA1UdIwSB4TCB3oAUToIeFIHrm8hxLLEiaJC/7tnU
|
||||
/9ShgbqkgbcwgbQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNV
|
||||
BAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3JrIFNl
|
||||
cnZpY2VzMRkwFwYDVQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQpExBWUE4g
|
||||
S2FuemxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGWC
|
||||
CQD+Wa1evpAFPjATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwFAYD
|
||||
VR0RBA0wC4IJbW9sa2VudGluMA0GCSqGSIb3DQEBCwUAA4IBAQBEUBCWZVQJ0am3
|
||||
sA9NUEVK7Kfr+xcVRL4OsXAsBddG7upZOpJS8ojlEYbCNFqUkih0tGvjMdHTTci/
|
||||
KmoaHVHKpMm7pG3DiW+vnGgFcO9pVakLLjAdpOjSpVPhUYKA236rHpCKm8WnbP3N
|
||||
bYlBeaKu+RsZgymYLobWw5feWLMKNLFzmu0qnhipe/qdDP6ctGju3nwtQEwh4r4Z
|
||||
7+uR4xEfVZraLw2x+7EwroMwu+8YZF5X3m+3ylgGBkopGiX1cUo5SoNE19hi6jEY
|
||||
K9HsTz5LsYJBdhB/fOSVKOY+4MOC2IfbVgpNrcwiBdF2CrnZCwg9NTTS5yWpauiq
|
||||
PePBcAAq
|
||||
-----END CERTIFICATE-----
|
||||
19
Kanzlei-Kiel/openvpn/keys/molkentin.csr
Normal file
19
Kanzlei-Kiel/openvpn/keys/molkentin.csr
Normal file
@ -0,0 +1,19 @@
|
||||
-----BEGIN CERTIFICATE REQUEST-----
|
||||
MIIDBDCCAewCAQAwgb4xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
|
||||
BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3Jr
|
||||
IFNlcnZpY2VzMSMwIQYDVQQDExpWUE4tS2FuemxlaS1LaWVsLW1vbGtlbnRpbjEZ
|
||||
MBcGA1UEKRMQVlBOIEthbnpsZWkgS2llbDEhMB8GCSqGSIb3DQEJARYSY2t1YnUt
|
||||
YWRtQG9vcGVuLmRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxmrA
|
||||
koO1DEaHjn7DLIe1VRlD6pGEsCAun8VkWljpfPWVJjw0hsQdI+l4fRB9hLgpFP8A
|
||||
yxM6ovvMDL2eW5kbxguqRyeL82EMNqLM8f3GTcyx2ul7k3ZTUpmQJ10PXY4eTBr+
|
||||
KBfczR7zGXs4Jiq0M4DQOH6A5m7p7mlri1giSza2excLoIrU88R2AaStHIfdZWpA
|
||||
3mnLTiUQxkz535QReBLmdBWxK+dBCFDG3TH0mIBv74IXaB6rWQzYclQdawkun4gn
|
||||
kHbhl0/bW+/hr0wQP+tR5qeCuJXGPRmmHhb2L/dti0yd7qoyO6ZzZw64AY0oRI0F
|
||||
KjyeUT8J0F5E2NxHzQIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBAGdE063Q3RRl
|
||||
v2YM1ZJGtTeDZT+TMSI0KrjMt2XcDrG+TDh9c3aJvwPE4dOGN88uqx1WMLGiuZcA
|
||||
G+0E4IzuZB+h8ANev4/xPnSORPouvs9JPhVzx0eAEDed87xOickvgi0qW04PArRv
|
||||
I0o8POvR0yeOQy4Ey91UN8iggn2nlatWGnW1VifEft8HyQzJAk5xJ6lErk+od/b5
|
||||
T1T5djwWYyCLg3Vu03sBhm3+DlB2VywzrfQbX+Lfco9rkFWKKAxqt6b70hI6NY2a
|
||||
0XtOJLg3fUXN0ubulP3kx0BwYJihjGnH2nTdwJqcyg0/GYWR2Fh5vojl441SjhXC
|
||||
ieMNBDXDUPs=
|
||||
-----END CERTIFICATE REQUEST-----
|
||||
30
Kanzlei-Kiel/openvpn/keys/molkentin.key
Normal file
30
Kanzlei-Kiel/openvpn/keys/molkentin.key
Normal file
@ -0,0 +1,30 @@
|
||||
-----BEGIN ENCRYPTED PRIVATE KEY-----
|
||||
MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIhT82G+86y3QCAggA
|
||||
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECHY/+Su7BqkgBIIEyIyaJBc3qqTh
|
||||
pIhFPfRyyn8CKIS4czpHbPOAfO3CGm+Jhkv8x9xpgv22+lg2t8fp5Tbc5lDEdI9n
|
||||
WQaXiwtlgLTkh8h3HxMnz63nQ3Noh+GIVlowLz+mxGw3rjXyOKgmwdJc2RLijaM8
|
||||
Ug2E2Umx7PH6w78ILrt6edj6VapzGs8frlRYcB+w4eOnX3aDA+hIH5jkmKTiJF9o
|
||||
bX3OzscISbak6od/FqMj5SNXMDVQd00wpmOqx/BUPdUWgK+yKjr1OG7QtihsrkwQ
|
||||
Xwan+8OWUvlxWZbOgALWVKACZxgSQUxg9KUY6xZa/yYo2fgUjeaFd7eimi6cATER
|
||||
Zc/zW4Dueo5PxnKw3F4VK44QyL2817EdrUvTKFJKE9mPS1szBFdqhbsN7OO91ked
|
||||
rSzE84CijhuTuMZ58afQp/nueTSlswFl/MwftTJo6lRR6gNzoc3E2HL4fV+tYUdk
|
||||
oV4vb0HBLxbSX1vIG2pcST4V7VhTqXvGbKNqv0a1zFz1s+tK9cJV1OstTmqyIsSx
|
||||
MEM8AYNmwC7ww1sbdTYCPtoHlvlK9edgzA4ojbGGLVE84P7BSNrAQiTeanGYROZr
|
||||
yw4ZRAQOonv091+2sBQTVJkiuTu78yAxoVXWjCwhb3E1YX/h/5wmtViB0uRt9SOB
|
||||
zPi8qZWWHi8SLBBVQ2YTj6dotZN3Zy9SxbKn/p9AjoNMX4En/bvfZyMHcqKjfJUD
|
||||
tIXNQUOglMVRoJ4JR6legma9v+QCtptiDUHm+4Kw40zgHrL4UZbvf49a9itbz1Ti
|
||||
aiOzMBlpZGuv9D5HQrnxY6v4kWPlbvWHVLtPd335rOpNfCR9Mdp8ZDH4QpOkjWKY
|
||||
07JgaBt60mmzZwO7skUVJyiG8MC9k4BZ9OB08IQPMvKiLzGAYcUl8455tM98KBZ0
|
||||
oDCRsq+/osDuCusJo+cRkIuhoMkEL1AkrNYZNbZnxJH7O9loFxwyzkAphcKFDsKf
|
||||
eFl1I/k5aMmWEzMrosoVfaSe1Q71EZOpE4AM97/whTAl1ZyI25yKtvcdmhzTRO6c
|
||||
geuELG713eEP5F6HuCWwb4EL/7XeTH5fIXvOrrNlArTLf4oVceVC0oHntI6dqtly
|
||||
BKdkeaRMBmINWTIcSgf18b/+EVZf723IHJsnodyWw1AssXSfyxzw7e5L4H8isQI4
|
||||
AAUiZjU4O3xRWnuuz86ikcDWsZ4AQoWePOZvqr2kXqArLTG/EBXaR54cVHiQMr/z
|
||||
11C7lIJ1OuqnP1/aFbSti1tnbiGK24LpJAW0ycvcj4JBLNxd3KlQs6yjtpLExjtn
|
||||
MbUArEROdJnJmmQ1kuTZII87vnhkmzB6EQslqfXKCpDc9w7WGv7Yuqf2r7vOhuGG
|
||||
eIvtwX+sqzO29UKJNCxe14TMZpQpe6Oyewk4L5xUCLjNpd9qmm2Oc/At/N2k85Ct
|
||||
4BcWvNrpBklLgTR2+Hiiw3tS34pZ5VJdUlYHN0ZPbChqYIjeqhBQsYktoLAoVkDv
|
||||
p+w/DuErEV4S9SxhwMHHlMZXpQIGYs+aGaJiTgYmos6Wxgg3Pnz95pN3w7KUd+Ig
|
||||
5BL2d0ZfmC8Wm/h4RdGeZZYHmA4dl1n+8D6Pycm02f/LXNoylsbge4kvzOoV2U8J
|
||||
b0ZWRsYKxyssZP8ZWc6QZw==
|
||||
-----END ENCRYPTED PRIVATE KEY-----
|
||||
98
Kanzlei-Kiel/openvpn/keys/schaar.crt
Normal file
98
Kanzlei-Kiel/openvpn/keys/schaar.crt
Normal file
@ -0,0 +1,98 @@
|
||||
Certificate:
|
||||
Data:
|
||||
Version: 3 (0x2)
|
||||
Serial Number: 9 (0x9)
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
|
||||
Validity
|
||||
Not Before: Jun 19 21:40:21 2018 GMT
|
||||
Not After : Jun 19 21:40:21 2038 GMT
|
||||
Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel-schaar/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
|
||||
Subject Public Key Info:
|
||||
Public Key Algorithm: rsaEncryption
|
||||
Public-Key: (2048 bit)
|
||||
Modulus:
|
||||
00:a0:25:f4:ac:2b:24:46:38:f2:46:ce:5e:d1:ba:
|
||||
bf:11:b1:a7:c0:27:39:97:ba:88:5c:a6:f8:a0:02:
|
||||
c9:75:f4:ae:52:5c:91:38:85:ae:9b:4a:97:80:86:
|
||||
4d:da:dc:cf:fe:d3:d8:5e:75:83:56:4b:1e:42:3d:
|
||||
55:0d:9a:2c:30:7e:51:c8:e8:bb:45:99:c2:f2:76:
|
||||
51:e8:a0:62:5b:7c:2d:44:91:78:ce:ea:0b:9a:dc:
|
||||
a1:90:87:4e:02:83:50:65:2b:ff:ef:12:b5:ee:e7:
|
||||
61:81:89:23:f6:b9:54:3b:dd:09:d0:7c:a3:c6:3f:
|
||||
fb:ed:ea:46:92:e1:68:c9:6e:11:30:1a:2e:3d:cf:
|
||||
f1:c1:81:be:de:df:71:e3:f4:be:a2:fa:50:9f:75:
|
||||
ea:89:43:d9:b5:93:67:10:fb:2c:8b:b2:84:24:73:
|
||||
e3:b3:19:ce:b9:14:c5:09:8f:dc:73:7a:3c:8e:87:
|
||||
c6:97:be:e2:dc:ed:d4:65:ab:42:79:b0:18:2c:95:
|
||||
b3:aa:c4:b9:91:17:7b:f1:8f:bd:f0:f5:59:12:7a:
|
||||
88:5c:09:76:19:a9:7c:67:86:0f:65:d5:5e:a8:a8:
|
||||
60:ce:c4:a5:be:71:c5:9c:b9:4c:1b:81:a0:3b:ee:
|
||||
59:90:1b:7e:19:a0:be:1e:f3:5c:22:7d:70:a6:9b:
|
||||
dc:9b
|
||||
Exponent: 65537 (0x10001)
|
||||
X509v3 extensions:
|
||||
X509v3 Basic Constraints:
|
||||
CA:FALSE
|
||||
Netscape Comment:
|
||||
Easy-RSA Generated Certificate
|
||||
X509v3 Subject Key Identifier:
|
||||
B7:64:B2:13:73:54:E0:94:2D:2A:3D:8F:12:0A:82:1B:D7:17:A6:71
|
||||
X509v3 Authority Key Identifier:
|
||||
keyid:4E:82:1E:14:81:EB:9B:C8:71:2C:B1:22:68:90:BF:EE:D9:D4:FF:D4
|
||||
DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
|
||||
serial:FE:59:AD:5E:BE:90:05:3E
|
||||
|
||||
X509v3 Extended Key Usage:
|
||||
TLS Web Client Authentication
|
||||
X509v3 Key Usage:
|
||||
Digital Signature
|
||||
X509v3 Subject Alternative Name:
|
||||
DNS:schaar
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
94:75:9e:6c:af:c0:e5:c3:d3:17:3c:01:fa:15:ce:ae:37:df:
|
||||
b4:30:7a:1c:1c:0e:a0:a8:bd:fd:c2:f9:f2:56:fc:ff:2b:97:
|
||||
a8:1a:25:12:a1:71:5a:82:ce:30:56:3f:20:5e:dd:32:76:9a:
|
||||
bc:f7:71:91:f0:38:53:28:7e:ce:69:28:3c:e3:0b:f3:ad:37:
|
||||
d6:23:16:07:f7:c2:42:12:93:20:55:72:ae:67:31:cb:81:18:
|
||||
1e:8b:04:e0:e4:b7:91:ad:3e:71:1b:0a:30:a4:1c:ba:c2:3b:
|
||||
61:09:48:c4:8d:24:55:07:50:77:1e:e1:3a:75:83:48:25:29:
|
||||
d1:77:60:26:bf:e6:0d:a1:72:54:c1:28:58:af:bc:f2:dd:65:
|
||||
9a:47:f1:a4:10:ff:cb:78:c9:f5:13:3b:e4:5a:a4:0f:a5:d8:
|
||||
78:5e:0e:e7:8b:b9:61:df:e1:72:b7:5f:3b:f5:de:ba:e6:a9:
|
||||
70:58:68:3c:42:11:f2:c3:b0:6e:d5:7f:26:99:9d:91:d3:97:
|
||||
f4:60:56:64:57:df:48:2d:21:18:01:be:79:c3:fc:3e:4f:fe:
|
||||
d1:cd:f3:71:13:5f:76:e9:ab:f4:18:78:40:32:be:b2:6d:72:
|
||||
b1:00:17:f5:b7:7d:d2:6b:d4:46:66:2c:d3:63:f2:f0:eb:7e:
|
||||
65:fe:5a:aa
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIFbDCCBFSgAwIBAgIBCTANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
|
||||
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
|
||||
RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
|
||||
bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
|
||||
CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xODA2MTkyMTQwMjFaFw0zODA2MTky
|
||||
MTQwMjFaMIG7MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
|
||||
EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
|
||||
aWNlczEgMB4GA1UEAxMXVlBOLUthbnpsZWktS2llbC1zY2hhYXIxGTAXBgNVBCkT
|
||||
EFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Bl
|
||||
bi5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKAl9KwrJEY48kbO
|
||||
XtG6vxGxp8AnOZe6iFym+KACyXX0rlJckTiFrptKl4CGTdrcz/7T2F51g1ZLHkI9
|
||||
VQ2aLDB+Ucjou0WZwvJ2UeigYlt8LUSReM7qC5rcoZCHTgKDUGUr/+8Ste7nYYGJ
|
||||
I/a5VDvdCdB8o8Y/++3qRpLhaMluETAaLj3P8cGBvt7fceP0vqL6UJ916olD2bWT
|
||||
ZxD7LIuyhCRz47MZzrkUxQmP3HN6PI6Hxpe+4tzt1GWrQnmwGCyVs6rEuZEXe/GP
|
||||
vfD1WRJ6iFwJdhmpfGeGD2XVXqioYM7Epb5xxZy5TBuBoDvuWZAbfhmgvh7zXCJ9
|
||||
cKab3JsCAwEAAaOCAX4wggF6MAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVh
|
||||
c3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUt2SyE3NU4JQt
|
||||
Kj2PEgqCG9cXpnEwgekGA1UdIwSB4TCB3oAUToIeFIHrm8hxLLEiaJC/7tnU/9Sh
|
||||
gbqkgbcwgbQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcT
|
||||
BkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZp
|
||||
Y2VzMRkwFwYDVQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQpExBWUE4gS2Fu
|
||||
emxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGWCCQD+
|
||||
Wa1evpAFPjATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEQYDVR0R
|
||||
BAowCIIGc2NoYWFyMA0GCSqGSIb3DQEBCwUAA4IBAQCUdZ5sr8Dlw9MXPAH6Fc6u
|
||||
N9+0MHocHA6gqL39wvnyVvz/K5eoGiUSoXFags4wVj8gXt0ydpq893GR8DhTKH7O
|
||||
aSg84wvzrTfWIxYH98JCEpMgVXKuZzHLgRgeiwTg5LeRrT5xGwowpBy6wjthCUjE
|
||||
jSRVB1B3HuE6dYNIJSnRd2Amv+YNoXJUwShYr7zy3WWaR/GkEP/LeMn1EzvkWqQP
|
||||
pdh4Xg7ni7lh3+Fyt1879d665qlwWGg8QhHyw7Bu1X8mmZ2R05f0YFZkV99ILSEY
|
||||
Ab55w/w+T/7RzfNxE1926av0GHhAMr6ybXKxABf1t33Sa9RGZizTY/Lw635l/lqq
|
||||
-----END CERTIFICATE-----
|
||||
19
Kanzlei-Kiel/openvpn/keys/schaar.csr
Normal file
19
Kanzlei-Kiel/openvpn/keys/schaar.csr
Normal file
@ -0,0 +1,19 @@
|
||||
-----BEGIN CERTIFICATE REQUEST-----
|
||||
MIIDATCCAekCAQAwgbsxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
|
||||
BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3Jr
|
||||
IFNlcnZpY2VzMSAwHgYDVQQDExdWUE4tS2FuemxlaS1LaWVsLXNjaGFhcjEZMBcG
|
||||
A1UEKRMQVlBOIEthbnpsZWkgS2llbDEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRt
|
||||
QG9vcGVuLmRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoCX0rCsk
|
||||
RjjyRs5e0bq/EbGnwCc5l7qIXKb4oALJdfSuUlyROIWum0qXgIZN2tzP/tPYXnWD
|
||||
VkseQj1VDZosMH5RyOi7RZnC8nZR6KBiW3wtRJF4zuoLmtyhkIdOAoNQZSv/7xK1
|
||||
7udhgYkj9rlUO90J0Hyjxj/77epGkuFoyW4RMBouPc/xwYG+3t9x4/S+ovpQn3Xq
|
||||
iUPZtZNnEPssi7KEJHPjsxnOuRTFCY/cc3o8jofGl77i3O3UZatCebAYLJWzqsS5
|
||||
kRd78Y+98PVZEnqIXAl2Gal8Z4YPZdVeqKhgzsSlvnHFnLlMG4GgO+5ZkBt+GaC+
|
||||
HvNcIn1wppvcmwIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBAHtKBTO1yq8N332X
|
||||
SCe8aekcXwjtqhZAZt8bRxaMq4+K/ewVwn4cOo2e4FSTS5EIKlFcLvb166tOIeNN
|
||||
jf8drOKLWCVVOHHs3KVwMDMUJuebXC3Jp6eslOtfC9KK0wBlhwCJFBBlLjEHN7bX
|
||||
Vj81CJWrYvmZ0m03D39KHBgRBoPpY1oAT7OqgkSXgK/tEpRMsFmTwDbpyp+TAvF9
|
||||
5cgmcLV5PxUgGfdO2F/7Lu2BrXWk0S/ldecYLNrSIGklFBt1nVOgqZu6C/rvD/5+
|
||||
0rNhM+o7QMwqW2ZHBZf1pEt/58sTEPLlrlKsYDmggNokH4ZEz3KfHKyH3+fuhg3f
|
||||
LXXxSNk=
|
||||
-----END CERTIFICATE REQUEST-----
|
||||
30
Kanzlei-Kiel/openvpn/keys/schaar.key
Normal file
30
Kanzlei-Kiel/openvpn/keys/schaar.key
Normal file
@ -0,0 +1,30 @@
|
||||
-----BEGIN ENCRYPTED PRIVATE KEY-----
|
||||
MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI1Veh57OJg/kCAggA
|
||||
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECIGb91ZmXtibBIIEyNonyB+eF+2I
|
||||
NwQeNXzcqL/jiPNiTN6Wk6VD6OUeDejhXXgoVAC3x8fs+HPMdMqAQCR4gXlCJMCd
|
||||
W0Jse3QvmH+46KkV6vTLaNV59lZonZIod4lp8J4PQqH8+s6o8SJ9sPypx7C9AbZf
|
||||
Y+Ibrv6lp4BRu8vL8e5PAUoltv/1NlxDyxALxJzO/wAFOQRNGtjWcSBPKDPXURR5
|
||||
DGhz/Ody/5LilOpC57KmphlCD4Mx4w94NalsBibE0aumT7I9wKeyHKrkq4sJBUHs
|
||||
/M22S0blCfXhcvf8bQc1+FzsBWp1+UtRTgEJuiwFRKLK4APxvmXsXpaDBOM02F4K
|
||||
a1ZFiQtrJLCLPfShV9/DL6rzX/bP/p0kwpx7valpW/nFA/iCRuyNA3isaB+NC9Lm
|
||||
XaOPETsxPMxS/BsFDiMvryeDC8KEuuAa/WEizq9Z0xWYKvOYgan1HKoWvRvzmiC2
|
||||
7txnrPK/axiwlha1jMZxTaHCGy6b6w08gz6ss+U1vPT4Qb0fK4Ovnbs8zh1/U8AS
|
||||
z7kDsLRoxfSUynkYSYJjaJRysqe4YcDCcUisyDRYIQrRYgZk3h2pev1aell91F9R
|
||||
LgHJ9mWECqB5xni80B/MpPiF/gWqTb316iPse1g+Bp/dAGl1tDHppUl5Z9/wqdMM
|
||||
9ULtJOZm3EYfgOHNFvpDwNlLFEAB07PO4+oMByL890Ym3tcaoCt+d3fx4jmmaJqA
|
||||
qqD2Wd+f8628gbhsbGq0Mex2DqAiOig96X9awcknZrs7EQIFvR9cK0wl4uEt8FuF
|
||||
5tBPPY8Tsjm3jphOw0WBe/E4DuFnQsnNcsKmEOTOn8125UkQbPhlPqCOBMlcw5aK
|
||||
L7b3ikd79zFTdWgSAao9Sf9/xhHNwsK7IBE32gXO6qD61AnOQgihKzi/ZV2Tp90P
|
||||
w6I3EZ5oP3BNnPp9l6nvGYe0HnkNqUigcuP0w28M3wj+nX+cFVZD++3uTh7xOJM6
|
||||
+br+TBQ4HDZ324PqiMXF45KCRvUrQ0ubRa9QxaXGVxpA9Rn8L+nqPkGocrrg1tb8
|
||||
eeVYxLyQeQqsDBjO7w7rDL1ZHra72we78/3BkMS5gv2tQoAqPhAEv/43J2hyp3cR
|
||||
0crZ8elxduaYXscDob56mYyBaDjWaOeKbGrm76yB10leEmN9MeHI7kQVur8/J/cI
|
||||
GjK00zp7dY4/WorFxPFuSFQjeDnvI2bLlqdYaX9d35lLr7s4TYlAXM47+j9QzyMp
|
||||
Maos/5/uUTkoyKiZbdzE0QoLlGqqoFGCWA6TgpPZHW3uXmf4gU9EQzTVHPcI6h9B
|
||||
2APQiECFvDPTHtlDaU0f8b14k3KV4KBEBiFCa7yBnVCGOt74tz//cPOft1Jf5vph
|
||||
QRhgNBw3l6rivM1QnMIKFuM9gqC4xcS6By+2+Ia4Ddo+SIEvDLEHtMs/DnheVkNi
|
||||
e0TAiruK58J5nvdXf9h91WdqPhQAU4BRGzwtVX0yE8D6nSCvUZfaLT4tukr9kt0H
|
||||
393u4t1/ruz4hpe4vCngnKDfSk/kbMbXF/XaDzytTO5AoA68CgS5pvhGpmRzVptk
|
||||
aHglm1S5S3yCB0+ye2jDTBnckUIs+XXy8Uej6fJBon25HD4hyiVPIXkwOB78mhjv
|
||||
AQwv/QUSTX4l1owOvSvW4g==
|
||||
-----END ENCRYPTED PRIVATE KEY-----
|
||||
@ -1 +1 @@
|
||||
07
|
||||
0E
|
||||
|
||||
@ -1 +1 @@
|
||||
06
|
||||
0D
|
||||
|
||||
@ -261,7 +261,7 @@ cipher AES-256-CBC
|
||||
# Enable compression on the VPN link.
|
||||
# If you enable it here, you must also
|
||||
# enable it in the client config file.
|
||||
comp-lzo
|
||||
;comp-lzo
|
||||
|
||||
# The maximum number of concurrently connected
|
||||
# clients we want to allow.
|
||||
|
||||
84
Kanzlei-Kiel/peers/dsl-provider.DSL
Normal file
84
Kanzlei-Kiel/peers/dsl-provider.DSL
Normal file
@ -0,0 +1,84 @@
|
||||
# Configuration file for PPP, using PPP over Ethernet
|
||||
# to connect to a DSL provider.
|
||||
#
|
||||
# See the manual page pppd(8) for information on all the options.
|
||||
|
||||
##
|
||||
# Section 1
|
||||
#
|
||||
# Stuff to configure...
|
||||
|
||||
# MUST CHANGE: Uncomment the following line, replacing the user@provider.net
|
||||
# by the DSL user name given to your by your DSL provider.
|
||||
# (There should be a matching entry in /etc/ppp/pap-secrets with the password.)
|
||||
#user myusername@myprovider.net
|
||||
|
||||
# Use the pppoe program to send the ppp packets over the Ethernet link
|
||||
# This line should work fine if this computer is the only one accessing
|
||||
# the Internet through this DSL connection. This is the right line to use
|
||||
# for most people.
|
||||
#pty "/usr/sbin/pppoe -I eth0 -T 80 -m 1452"
|
||||
|
||||
# An even more conservative version of the previous line, if things
|
||||
# don't work using -m 1452...
|
||||
#pty "/usr/sbin/pppoe -I eth0 -T 80 -m 1412"
|
||||
|
||||
# If the computer connected to the Internet using pppoe is not being used
|
||||
# by other computers as a gateway to the Internet, you can try the following
|
||||
# line instead, for a small gain in speed:
|
||||
#pty "/usr/sbin/pppoe -I eth0 -T 80"
|
||||
|
||||
|
||||
# The following two options should work fine for most DSL users.
|
||||
|
||||
# Assumes that your IP address is allocated dynamically
|
||||
# by your DSL provider...
|
||||
noipdefault
|
||||
# Try to get the name server addresses from the ISP.
|
||||
#usepeerdns
|
||||
# Use this connection as the default route.
|
||||
# Comment out if you already have the correct default route installed.
|
||||
defaultroute
|
||||
|
||||
##
|
||||
# Section 2
|
||||
#
|
||||
# Uncomment if your DSL provider charges by minute connected
|
||||
# and you want to use demand-dialing.
|
||||
#
|
||||
# Disconnect after 300 seconds (5 minutes) of idle time.
|
||||
|
||||
#demand
|
||||
#idle 300
|
||||
|
||||
##
|
||||
# Section 3
|
||||
#
|
||||
# You shouldn't need to change these options...
|
||||
|
||||
hide-password
|
||||
lcp-echo-interval 20
|
||||
lcp-echo-failure 3
|
||||
# Override any connect script that may have been set in /etc/ppp/options.
|
||||
connect /bin/true
|
||||
noauth
|
||||
persist
|
||||
|
||||
## mtu 1492
|
||||
## - notwendig bei vergabe einer festen ip
|
||||
## - von t-online:
|
||||
## - mtu 1456
|
||||
## -
|
||||
#mtu 1492
|
||||
mtu 1456
|
||||
|
||||
# RFC 2516, paragraph 7 mandates that the following options MUST NOT be
|
||||
# requested and MUST be rejected if requested by the peer:
|
||||
# Address-and-Control-Field-Compression (ACFC)
|
||||
noaccomp
|
||||
# Asynchronous-Control-Character-Map (ACCM)
|
||||
default-asyncmap
|
||||
|
||||
plugin rp-pppoe.so eth1
|
||||
#user "feste-ip7/9TB3EGVM46Z6@t-online-com.de"
|
||||
user "0021920376975502683262730001@t-online.de"
|
||||
84
Kanzlei-Kiel/peers/dsl-provider.VDSL
Normal file
84
Kanzlei-Kiel/peers/dsl-provider.VDSL
Normal file
@ -0,0 +1,84 @@
|
||||
# Configuration file for PPP, using PPP over Ethernet
|
||||
# to connect to a DSL provider.
|
||||
#
|
||||
# See the manual page pppd(8) for information on all the options.
|
||||
|
||||
##
|
||||
# Section 1
|
||||
#
|
||||
# Stuff to configure...
|
||||
|
||||
# MUST CHANGE: Uncomment the following line, replacing the user@provider.net
|
||||
# by the DSL user name given to your by your DSL provider.
|
||||
# (There should be a matching entry in /etc/ppp/pap-secrets with the password.)
|
||||
#user myusername@myprovider.net
|
||||
|
||||
# Use the pppoe program to send the ppp packets over the Ethernet link
|
||||
# This line should work fine if this computer is the only one accessing
|
||||
# the Internet through this DSL connection. This is the right line to use
|
||||
# for most people.
|
||||
#pty "/usr/sbin/pppoe -I eth0 -T 80 -m 1452"
|
||||
|
||||
# An even more conservative version of the previous line, if things
|
||||
# don't work using -m 1452...
|
||||
#pty "/usr/sbin/pppoe -I eth0 -T 80 -m 1412"
|
||||
|
||||
# If the computer connected to the Internet using pppoe is not being used
|
||||
# by other computers as a gateway to the Internet, you can try the following
|
||||
# line instead, for a small gain in speed:
|
||||
#pty "/usr/sbin/pppoe -I eth0 -T 80"
|
||||
|
||||
|
||||
# The following two options should work fine for most DSL users.
|
||||
|
||||
# Assumes that your IP address is allocated dynamically
|
||||
# by your DSL provider...
|
||||
noipdefault
|
||||
# Try to get the name server addresses from the ISP.
|
||||
#usepeerdns
|
||||
# Use this connection as the default route.
|
||||
# Comment out if you already have the correct default route installed.
|
||||
defaultroute
|
||||
|
||||
##
|
||||
# Section 2
|
||||
#
|
||||
# Uncomment if your DSL provider charges by minute connected
|
||||
# and you want to use demand-dialing.
|
||||
#
|
||||
# Disconnect after 300 seconds (5 minutes) of idle time.
|
||||
|
||||
#demand
|
||||
#idle 300
|
||||
|
||||
##
|
||||
# Section 3
|
||||
#
|
||||
# You shouldn't need to change these options...
|
||||
|
||||
hide-password
|
||||
lcp-echo-interval 20
|
||||
lcp-echo-failure 3
|
||||
# Override any connect script that may have been set in /etc/ppp/options.
|
||||
connect /bin/true
|
||||
noauth
|
||||
persist
|
||||
|
||||
## mtu 1492
|
||||
## - notwendig bei vergabe einer festen ip
|
||||
## - von t-online:
|
||||
## - mtu 1456
|
||||
## -
|
||||
#mtu 1492
|
||||
mtu 1456
|
||||
|
||||
# RFC 2516, paragraph 7 mandates that the following options MUST NOT be
|
||||
# requested and MUST be rejected if requested by the peer:
|
||||
# Address-and-Control-Field-Compression (ACFC)
|
||||
noaccomp
|
||||
# Asynchronous-Control-Character-Map (ACCM)
|
||||
default-asyncmap
|
||||
|
||||
plugin rp-pppoe.so eth1.7
|
||||
#user "feste-ip7/9TB3EGVM46Z6@t-online-com.de"
|
||||
user "0021920376975502683262730001@t-online.de"
|
||||
55
Kanzlei-Kiel/sbin/disk-action
Executable file
55
Kanzlei-Kiel/sbin/disk-action
Executable file
@ -0,0 +1,55 @@
|
||||
#!/bin/bash
|
||||
|
||||
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
||||
|
||||
BASENAME="${0##*/}"
|
||||
ACTION="$1"
|
||||
MOUNT_POINT="$2"
|
||||
|
||||
transmission_try_start() {
|
||||
. /etc/default/transmission-daemon
|
||||
if [ $(expr "${BASE_DIR}/" : "${MOUNT_POINT}/") -gt 0 ]; then
|
||||
sed -r 's/^ENABLE_DAEMON=.*$/ENABLE_DAEMON=1/' < /etc/default/transmission-daemon > /tmp/.transmission-daemon.$$
|
||||
cat /tmp/.transmission-daemon.$$ > /etc/default/transmission-daemon
|
||||
rm /tmp/.transmission-daemon.$$
|
||||
if [ "$(pidof transmission-daemon)" != "" ]; then
|
||||
killall -9 transmission-daemon 2>&1 >/dev/null
|
||||
sleep 1
|
||||
fi
|
||||
xMASK=$(umask); umask 0000
|
||||
[ ! -d "${BASE_DIR}" ] && mkdir -p "${BASE_DIR}"
|
||||
[ ! -d "${CONFIG_DIR}" ] && mkdir -p "${CONFIG_DIR}"
|
||||
[ ! -d "${DOWNLOAD_DIR}" ] && mkdir -p "${DOWNLOAD_DIR}"
|
||||
[ ! -d "${WATCH_DIR}" ] && mkdir -p "${WATCH_DIR}"
|
||||
[ ! -f "${CONFIG_DIR}/settings.json" ] && cp "/var/lib/transmission/settings.json.template" "${CONFIG_DIR}/settings.json"
|
||||
umask ${xMASK}
|
||||
/etc/init.d/transmission-daemon start 2>&1 >/dev/null
|
||||
fi
|
||||
}
|
||||
|
||||
transmission_try_stop() {
|
||||
. /etc/default/transmission-daemon
|
||||
if [ $(expr "${BASE_DIR}/" : "${MOUNT_POINT}/") -gt 0 ]; then
|
||||
sed -r 's/^ENABLE_DAEMON=.*$/ENABLE_DAEMON=0/' < /etc/default/transmission-daemon > /tmp/.transmission-daemon.$$
|
||||
cat /tmp/.transmission-daemon.$$ > /etc/default/transmission-daemon
|
||||
rm /tmp/.transmission-daemon.$$
|
||||
if [ "$(pidof transmission-daemon)" != "" ]; then
|
||||
killall -9 transmission-daemon 2>&1 >/dev/null
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
logger -t $BASENAME "$@ --> BEGIN"
|
||||
|
||||
case "$1" in
|
||||
add)
|
||||
transmission_try_start
|
||||
;;
|
||||
remove)
|
||||
transmission_try_stop
|
||||
;;
|
||||
*)
|
||||
echo "Use: $0 (add|remove) /mount/point"
|
||||
esac
|
||||
|
||||
logger -t $BASENAME "$@ --> END"
|
||||
3869
Kanzlei-Kiel/sbin/ip6t-firewall-gateway
Executable file
3869
Kanzlei-Kiel/sbin/ip6t-firewall-gateway
Executable file
File diff suppressed because it is too large
Load Diff
@ -258,7 +258,10 @@ if [[ ${#nat_network_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
|
||||
continue
|
||||
fi
|
||||
|
||||
# - ?? - Don't know which rule is the right one , maybe both..
|
||||
# -
|
||||
$ipt -t nat -A POSTROUTING -o ${_val_arr[1]} -d ${_val_arr[0]} -j MASQUERADE
|
||||
$ipt -t nat -A POSTROUTING -o ${_val_arr[1]} -s ${_val_arr[0]} -j MASQUERADE
|
||||
done
|
||||
fi
|
||||
|
||||
@ -607,6 +610,188 @@ done
|
||||
echo_done # Block IPs / Networks / Interfaces..
|
||||
|
||||
|
||||
|
||||
# ---
|
||||
# - Block IPs/Netwoks reading from file 'ban_ipv4.list'"
|
||||
# ---
|
||||
|
||||
echononl "\tBlock IPs/Netwoks reading from file 'ban_ipv4.list' .."
|
||||
|
||||
if [[ -f "${ipt_conf_dir}/ban_ipv4.list" ]] ; then
|
||||
|
||||
declare -a octets
|
||||
declare -i index
|
||||
|
||||
while IFS='' read -r _line || [[ -n $_line ]] ; do
|
||||
|
||||
is_valid_ipv4=true
|
||||
is_valid_mask=true
|
||||
ipv4=""
|
||||
mask=""
|
||||
|
||||
# Ignore comment lines
|
||||
#
|
||||
[[ $_line =~ ^[[:space:]]{0,}# ]] && continue
|
||||
|
||||
# Ignore blank lines
|
||||
#
|
||||
[[ $_line =~ ^[[:space:]]*$ ]] && continue
|
||||
|
||||
# Remove leading whitespace characters
|
||||
#
|
||||
_line="${_line#"${_line%%[![:space:]]*}"}"
|
||||
|
||||
|
||||
# Catch IPv4 Address
|
||||
#
|
||||
given_ipv4="$(echo $_line | cut -d ' ' -f1)"
|
||||
|
||||
|
||||
# Splitt Ipv4 address from possible given CIDR number
|
||||
#
|
||||
IFS='/' read -ra _addr <<< "$given_ipv4"
|
||||
_ipv4="${_addr[0]}"
|
||||
|
||||
if [[ -n "${_addr[1]}" ]] ; then
|
||||
_mask="${_addr[1]}"
|
||||
test_netmask=false
|
||||
|
||||
# Is 'mask' a valid CIDR number? If not, test agains a valid netmask
|
||||
#
|
||||
if $(test -z "${_mask##*[!0-9]*}" > /dev/null 2>&1) ; then
|
||||
|
||||
# Its not a vaild mask number, but naybe a valit netmask.
|
||||
#
|
||||
test_netmask=true
|
||||
else
|
||||
if [[ $_mask -gt 32 ]]; then
|
||||
|
||||
# Its not a vaild cidr number, but naybe a valit netmask.
|
||||
#
|
||||
test_netmask=true
|
||||
else
|
||||
|
||||
# OK, we have a vaild cidr number between '0' and '32'
|
||||
#
|
||||
mask=$_mask
|
||||
fi
|
||||
fi
|
||||
|
||||
# Test if given '_mask' is a valid netmask.
|
||||
#
|
||||
if $test_netmask ; then
|
||||
octets=( ${_mask//\./ } )
|
||||
|
||||
# Complete netmask if necessary
|
||||
#
|
||||
while [[ ${#octets[@]} -lt 4 ]]; do
|
||||
octets+=(0)
|
||||
done
|
||||
|
||||
[[ ${#octets[@]} -gt 4 ]] && is_valid_mask=false
|
||||
|
||||
index=0
|
||||
for octet in ${octets[@]} ; do
|
||||
if [[ ${octet} =~ ^[0-9]{1,3}$ ]] ; then
|
||||
if [[ $octet -gt 255 ]] ; then
|
||||
is_valid_mask=false
|
||||
fi
|
||||
if [[ $index -gt 0 ]] ; then
|
||||
mask="${mask}.${octet}"
|
||||
else
|
||||
mask="${octet}"
|
||||
fi
|
||||
|
||||
else
|
||||
is_valid_mask=false
|
||||
fi
|
||||
|
||||
((index++))
|
||||
done
|
||||
fi
|
||||
|
||||
adjust_mask=false
|
||||
else
|
||||
mask=32
|
||||
adjust_mask=true
|
||||
fi
|
||||
|
||||
# Splitt given address into their octets
|
||||
#
|
||||
octets=( ${_ipv4//\./ } )
|
||||
|
||||
# Complete IPv4 address if necessary
|
||||
#
|
||||
while [[ ${#octets[@]} -lt 4 ]]; do
|
||||
octets+=(0)
|
||||
|
||||
# Only adjust CIDR number if not given
|
||||
#
|
||||
if $adjust_mask ; then
|
||||
mask="$(expr $mask - 8)"
|
||||
fi
|
||||
done
|
||||
|
||||
# Pre-check if given IPv4 Address seems to be a valid address
|
||||
#
|
||||
[[ ${#octets[@]} -gt 4 ]] && is_valid_ipv4=false
|
||||
|
||||
# Check if given IPv4 Address is a valid address
|
||||
#
|
||||
if $is_valid_ipv4 ; then
|
||||
index=0
|
||||
for octet in ${octets[@]} ; do
|
||||
if [[ ${octet} =~ ^[0-9]{1,3}$ ]] ; then
|
||||
if [[ $octet -gt 255 ]] ; then
|
||||
is_valid_ipv4=false
|
||||
fi
|
||||
if [[ $index -gt 0 ]] ; then
|
||||
ipv4="${ipv4}.${octet}"
|
||||
else
|
||||
ipv4="${octet}"
|
||||
fi
|
||||
|
||||
else
|
||||
is_valid_ipv4=false
|
||||
fi
|
||||
|
||||
((index++))
|
||||
done
|
||||
fi
|
||||
|
||||
if $is_valid_ipv4 && $is_valid_mask; then
|
||||
|
||||
_ip="${ipv4}/${mask}"
|
||||
|
||||
for _dev in ${ext_if_arr[@]} ; do
|
||||
if $log_blocked_ip || $log_all ; then
|
||||
$ipt -A INPUT -i $_dev -s $_ip -j LOG --log-prefix "$log_prefix Blocked ${_ip}: " --log-level $log_level
|
||||
if $kernel_activate_forwarding ; then
|
||||
$ipt -A FORWARD -i $_dev -s $_ip -j LOG --log-prefix "$log_prefix Blocked ${_ip}: " --log-level $log_level
|
||||
fi
|
||||
fi
|
||||
$ipt -A INPUT -i $_dev -s $_ip -j DROP
|
||||
if $kernel_activate_forwarding ; then
|
||||
$ipt -A FORWARD -i $_dev -s $_ip -j DROP
|
||||
fi
|
||||
done
|
||||
|
||||
|
||||
else
|
||||
msg="$msg '${given_ipv4}'"
|
||||
fi
|
||||
|
||||
done < "${ipt_conf_dir}/ban_ipv4.list"
|
||||
echo_done
|
||||
|
||||
if [[ -n "$msg" ]]; then
|
||||
warn "Ignored:$msg"
|
||||
fi
|
||||
else
|
||||
echo_skipped
|
||||
fi
|
||||
|
||||
|
||||
# ---
|
||||
# - Allow Forwarding certain private Addresses
|
||||
# ---
|
||||
@ -876,6 +1061,23 @@ esac
|
||||
echo
|
||||
|
||||
|
||||
# -------------
|
||||
# - suricata IPS (Inline Mode)
|
||||
# -------------
|
||||
|
||||
# - HACK for integrating suricata IPS (Inline Mode) at 'gw-ckubu'
|
||||
# -
|
||||
echononl "\tForward to suricata IPS (inline Mode)"
|
||||
if [[ -n "$(ps ax | grep "/usr/bin/suricata" 2>/dev/null | grep -v grep 2> /dev/null | awk '{print$1}')" ]] ; then
|
||||
$ipt -A FORWARD -m mark ! --mark 0x1/0x1 -j NFQUEUE --queue-balance 0:3
|
||||
echo_done
|
||||
else
|
||||
echo_skipped
|
||||
fi
|
||||
|
||||
echo
|
||||
|
||||
|
||||
# -------------
|
||||
# --- iPerf
|
||||
# -------------
|
||||
@ -1459,6 +1661,7 @@ fi
|
||||
|
||||
|
||||
|
||||
|
||||
# ---
|
||||
# - Allow local ip address from given local interface
|
||||
# ---
|
||||
@ -1491,6 +1694,126 @@ fi
|
||||
|
||||
|
||||
|
||||
# ---
|
||||
# - Allow extern service from given local interface
|
||||
# ---
|
||||
|
||||
echononl "\tAllow extern service from given local interface"
|
||||
|
||||
if [[ ${#allow_local_if_to_ext_service_arr[@]} -gt 0 ]] \
|
||||
&& $kernel_activate_forwarding ; then
|
||||
|
||||
for _val in "${allow_local_if_to_ext_service_arr[@]}" ; do
|
||||
IFS=':' read -a _val_arr <<< "${_val}"
|
||||
$ipt -A FORWARD -p ${_val_arr[3]} -i ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
|
||||
|
||||
# - Note:
|
||||
# - If (local) alias interfaces like eth1:0 in use, youe need a further
|
||||
# - special rule.
|
||||
# -
|
||||
if $local_alias_interfaces ; then
|
||||
if [[ "${_val_arr[3]}" = "tcp" ]]; then
|
||||
$ipt -A FORWARD -p tcp -i ${_val_arr[0]} -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
|
||||
$ipt -A FORWARD -p tcp -o ${_val_arr[0]} -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
|
||||
fi
|
||||
fi
|
||||
done
|
||||
|
||||
echo_done
|
||||
else
|
||||
echo_skipped
|
||||
fi
|
||||
|
||||
|
||||
|
||||
# ---
|
||||
# - Allow extern network from given local interface
|
||||
# ---
|
||||
|
||||
echononl "\tAllow extern network from given local interface"
|
||||
|
||||
if [[ ${#allow_local_if_to_ext_net_arr[@]} -gt 0 ]] \
|
||||
&& $kernel_activate_forwarding ; then
|
||||
|
||||
for _val in ${allow_local_if_to_ext_net_arr[@]} ; do
|
||||
IFS=':' read -a _val_arr <<< "${_val}"
|
||||
$ipt -A FORWARD -p ALL -i ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
|
||||
|
||||
# - Note:
|
||||
# - If (local) alias interfaces like eth1:0 in use, youe need a further
|
||||
# - special rule.
|
||||
# -
|
||||
if $local_alias_interfaces ; then
|
||||
$ipt -A FORWARD -p tcp -i ${_val_arr[0]} -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
|
||||
$ipt -A FORWARD -p tcp -o ${_val_arr[0]} -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
|
||||
fi
|
||||
done
|
||||
echo_done
|
||||
else
|
||||
echo_skipped
|
||||
fi
|
||||
|
||||
|
||||
|
||||
# ---
|
||||
# - Allow extern service from given local network
|
||||
# ---
|
||||
|
||||
echononl "\tAllow extern service from given local network"
|
||||
if [[ ${#allow_local_net_to_ext_service_arr[@]} -gt 0 ]] \
|
||||
&& $kernel_activate_forwarding ; then
|
||||
|
||||
for _val in "${allow_local_net_to_ext_service_arr[@]}" ; do
|
||||
IFS=':' read -a _val_arr <<< "${_val}"
|
||||
$ipt -A FORWARD -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
|
||||
|
||||
# - Note:
|
||||
# - If (local) alias interfaces like eth1:0 in use, youe need a further
|
||||
# - special rule.
|
||||
# -
|
||||
if $local_alias_interfaces ; then
|
||||
if [[ "${_val_arr[3]}" = "tcp" ]]; then
|
||||
$ipt -A FORWARD -p tcp -d ${_val_arr[1]} --dport ${_val_arr[2]} --tcp-flag ACK ACK -j ACCEPT
|
||||
$ipt -A FORWARD -p tcp -s ${_val_arr[1]} --sport ${_val_arr[2]} --tcp-flag ACK ACK -j ACCEPT
|
||||
fi
|
||||
fi
|
||||
done
|
||||
|
||||
echo_done
|
||||
else
|
||||
echo_skipped
|
||||
fi
|
||||
|
||||
|
||||
|
||||
# ---
|
||||
# - Allow extern network from given local network
|
||||
# ---
|
||||
|
||||
echononl "\tAllow extern network from given local network"
|
||||
if [[ ${#allow_local_net_to_ext_net_arr[@]} -gt 0 ]] \
|
||||
&& $kernel_activate_forwarding ; then
|
||||
|
||||
for _val in ${allow_local_net_to_ext_net_arr[@]} ; do
|
||||
IFS=':' read -a _val_arr <<< "${_val}"
|
||||
$ipt -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
|
||||
|
||||
# - Note:
|
||||
# - If (local) alias interfaces like eth1:0 in use, youe need a further
|
||||
# - special rule.
|
||||
# -
|
||||
if $local_alias_interfaces ; then
|
||||
$ipt -A FORWARD -p tcp -d ${_val_arr[1]} -s ${_val_arr[0]} --tcp-flag ACK ACK -j ACCEPT
|
||||
$ipt -A FORWARD -p tcp -d ${_val_arr[0]} -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
|
||||
fi
|
||||
done
|
||||
echo_done
|
||||
else
|
||||
echo_skipped
|
||||
fi
|
||||
|
||||
|
||||
|
||||
# ---
|
||||
# - Separate local networks
|
||||
# ---
|
||||
@ -1622,8 +1945,8 @@ echononl "\t\tLocal DHCP Client"
|
||||
|
||||
if [[ ${#dhcp_client_interfaces_arr[@]} -gt 0 ]] ; then
|
||||
for _dev in ${dhcp_client_interfaces_arr[@]} ; do
|
||||
$ip6t -A OUTPUT -o $_dev -p udp -m udp -d 255.255.255.255 --dport 67 -j ACCEPT
|
||||
$ip6t -A INPUT -i $_dev -p udp -m udp --dport 68 -j ACCEPT
|
||||
$ipt -A OUTPUT -o $_dev -p udp -m udp -d 255.255.255.255 --dport 67 -j ACCEPT
|
||||
$ipt -A INPUT -i $_dev -p udp -m udp --dport 68 -j ACCEPT
|
||||
done
|
||||
|
||||
echo_done
|
||||
@ -2455,6 +2778,12 @@ else
|
||||
fi
|
||||
|
||||
|
||||
# ---
|
||||
# - FTP common
|
||||
# ---
|
||||
ftp_helper_output_defined=false
|
||||
ftp_helper_prerouting_defined=false
|
||||
|
||||
# ---
|
||||
# - FTP out only
|
||||
# ---
|
||||
@ -2462,20 +2791,116 @@ fi
|
||||
echononl "\t\tFTP out only"
|
||||
|
||||
if $allow_ftp_request_out ; then
|
||||
|
||||
# - Used for different ftpdata recent lists 'ftpdata_$i'
|
||||
# -
|
||||
declare -i i=1
|
||||
|
||||
if ! $ftp_helper_output_defined ; then
|
||||
$ipt -A OUTPUT -t raw -p tcp --dport 21 -j CT --helper ftp
|
||||
ftp_helper_output_defined=true
|
||||
fi
|
||||
if $kernel_activate_forwarding && ! $ftp_helper_prerouting_defined ; then
|
||||
$ipt -A PREROUTING -t raw -p tcp --dport 21 -j CT --helper ftp
|
||||
ftp_helper_prerouting_defined=true
|
||||
fi
|
||||
|
||||
for _dev in ${ext_if_arr[@]} ; do
|
||||
$ipt -A OUTPUT -o $_dev -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT
|
||||
$ipt -A OUTPUT -o $_dev -p tcp --sport $unprivports --dport $unprivports -m conntrack --ctstate NEW -j ACCEPT
|
||||
|
||||
# - Open FTP connection and add the destination ip (--rdest) to ftpdata recent list 'ftpdata_$i'.
|
||||
# -
|
||||
$ipt -A OUTPUT -o $_dev -p tcp --dport 21 -m state --state NEW -m recent --name ftpdata_$i --rdest --set -j ACCEPT
|
||||
|
||||
# - (2)
|
||||
# - - Accept packets if the destination ip-address (--rdest) is in the 'ftpdata_$i' list (--update)
|
||||
# - and the destination ip-address was seen within the last 1800 seconds (--seconds 1800).
|
||||
# -
|
||||
# - - If matched, the "last seen" timestamp of the destination address will be updated (--update).
|
||||
# -
|
||||
# - - Entries in the ftpdata list not seen in the last 1800 will be removed (--reap).
|
||||
# -
|
||||
$ipt -A OUTPUT -o $_dev -p tcp -m state --state NEW --dport 1024: \
|
||||
-m recent --name ftpdata_$i --rdest --update --seconds 1800 --reap -j ACCEPT
|
||||
|
||||
((i++))
|
||||
|
||||
# - Accept (helper ftp) related connections
|
||||
# -
|
||||
$ipt -A OUTPUT -m conntrack --ctstate RELATED -m helper --helper ftp -o $_dev -p tcp --dport 1024: -j ACCEPT
|
||||
$ipt -A INPUT -m conntrack --ctstate RELATED -m helper --helper ftp -i $_dev -p tcp --dport 1024: -j ACCEPT
|
||||
|
||||
if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
|
||||
$ipt -A FORWARD -o $_dev -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT
|
||||
$ipt -A FORWARD -o $_dev -p tcp --sport $unprivports --dport $unprivports -m conntrack --ctstate NEW -j ACCEPT
|
||||
|
||||
# =====
|
||||
# -
|
||||
# - ip_conntrack_ftp cannot see the TLS-encrypted traffic
|
||||
# - ======================================================
|
||||
# -
|
||||
# - Workaround:
|
||||
# - (1) add (!) desitnatin ip to a 'recent list' named 'ftpdata_$i! if ftp control connections appear
|
||||
# - (2) accept packets of the formaly created recent list 'ftpdata_$i!
|
||||
# -
|
||||
# - Note:
|
||||
# - Use flag '--rdest' to match destination address
|
||||
# -
|
||||
# =====
|
||||
|
||||
# - (1)
|
||||
# -
|
||||
# - Open FTP connection and add the destination ip (--rdest) to ftpdata recent list 'ftpdata_$i'.
|
||||
# -
|
||||
$ipt -A FORWARD -o $_dev -p tcp --dport 21 -m state --state NEW \
|
||||
-m recent --name ftpdata_$i --rdest --set -j ACCEPT
|
||||
|
||||
# - (2)
|
||||
# - - Accept packets if the destination ip-address (--rdest) is in the 'ftpdata_$i' list (--update)
|
||||
# - and the destination ip-address was seen within the last 1800 seconds (--seconds 1800).
|
||||
# -
|
||||
# - - If matched, the "last seen" timestamp of the destination address will be updated (--update).
|
||||
# -
|
||||
# - - Entries in the ftpdata list not seen in the last 1800 will be removed (--reap).
|
||||
# -
|
||||
$ipt -A FORWARD -o $_dev -p tcp -m state --state NEW --dport 1024: \
|
||||
-m recent --name ftpdata_$i --rdest --update --seconds 1800 --reap -j ACCEPT
|
||||
|
||||
((i++))
|
||||
|
||||
|
||||
# - Accept (helper ftp) related connections
|
||||
# -
|
||||
$ipt -A FORWARD -m conntrack --ctstate RELATED -m helper --helper ftp -o $_dev -p tcp --dport 1024: -j ACCEPT
|
||||
$ipt -A FORWARD -m conntrack --ctstate RELATED -m helper --helper ftp -i $_dev -p tcp --dport 1024: -j ACCEPT
|
||||
|
||||
fi
|
||||
|
||||
done
|
||||
|
||||
echo_done
|
||||
else
|
||||
echo_done
|
||||
echo_skipped
|
||||
fi
|
||||
|
||||
#if $allow_ftp_request_out ; then
|
||||
# for _dev in ${ext_if_arr[@]} ; do
|
||||
# $ipt -A OUTPUT -o $_dev -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT
|
||||
# $ipt -A OUTPUT -o $_dev -p tcp --sport $unprivports --dport $unprivports -m conntrack --ctstate NEW -j ACCEPT
|
||||
# # - Allow active FTP connections from local network
|
||||
# # -
|
||||
# $ipt -A INPUT -i $_dev -p tcp --sport 20 -m conntrack --ctstate NEW -j ACCEPT
|
||||
# if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
|
||||
# $ipt -A FORWARD -o $_dev -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT
|
||||
# $ipt -A FORWARD -o $_dev -p tcp --sport $unprivports --dport $unprivports -m conntrack --ctstate NEW -j ACCEPT
|
||||
# fi
|
||||
# # - Allow active FTP connections from local network
|
||||
# # -
|
||||
# $ipt -A FORWARD -i $_dev -p tcp --sport 20 -m conntrack --ctstate NEW -j ACCEPT
|
||||
# done
|
||||
#
|
||||
# echo_done
|
||||
#else
|
||||
# echo_done
|
||||
#fi
|
||||
|
||||
|
||||
# ---
|
||||
# - FTP Service Gateway
|
||||
@ -2484,7 +2909,50 @@ fi
|
||||
echononl "\t\tFTP Service Gateway"
|
||||
|
||||
if $local_ftp_service ; then
|
||||
$ipt -A INPUT -p tcp --dport $standard_ftp_port --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
|
||||
|
||||
# =====
|
||||
# -
|
||||
# - ip_conntrack_ftp cannot see the TLS-encrypted traffic
|
||||
# - ======================================================
|
||||
# -
|
||||
# - Workaround:
|
||||
# - (1) add source ip to a 'recent list' named 'ftpservice! if ftp control connections appear
|
||||
# - (2) accept packets of the formaly created recent list 'ftpservice!
|
||||
# -
|
||||
# =====
|
||||
|
||||
# - (Re)define helper
|
||||
# -
|
||||
# - !! Note: !!
|
||||
# - for both, local FTP server (ftp_server_ip_arr)
|
||||
# - and forward to (extern) FTP server (forward_ftp_server_ip_arr)
|
||||
# -
|
||||
if ! $ftp_helper_prerouting_defined ; then
|
||||
$ipt -A PREROUTING -t raw -p tcp --dport 21 -j CT --helper ftp
|
||||
ftp_helper_prerouting_defined=true
|
||||
fi
|
||||
|
||||
# - (1)
|
||||
# -
|
||||
# - Accept initial FTP connection and add the source ip to ftpdata recent list 'ftpservice'.
|
||||
# -
|
||||
$ipt -A INPUT -p tcp -m state --state NEW --dport 21 -m recent --name ftpservice --set -j ACCEPT
|
||||
|
||||
# - (2)
|
||||
# - - Accept packets if the source ip-address is in the 'ftpservice' list (--update) and the
|
||||
# - source ip-address was seen within the last 1800 seconds (--seconds 1800).
|
||||
# -
|
||||
# - - If matched, the "last seen" timestamp of the source address will be updated (--update).
|
||||
# -
|
||||
# - - Entries in the ftpdata list not seen in the last 1800 will be removed (--reap).
|
||||
# -
|
||||
$ipt -A INPUT -p tcp -m state --state NEW --sport 1024: --dport $ftp_passive_port_range \
|
||||
-m recent --name ftpservice --update --seconds 1800 --reap -j ACCEPT
|
||||
|
||||
# - Accept (helper ftp) related connections
|
||||
# -
|
||||
$ipt -A INPUT -m conntrack --ctstate RELATED -m helper --helper ftp -p tcp --dport 1024: -j ACCEPT
|
||||
|
||||
echo_done
|
||||
else
|
||||
echo_skipped
|
||||
@ -2496,32 +2964,100 @@ fi
|
||||
# ---
|
||||
|
||||
echononl "\t\tFTP Service local Networks"
|
||||
|
||||
if [[ ${#ftp_server_only_local_ip_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
|
||||
|
||||
# - Used for different ftpdata recent lists 'ftpdata_local_$k'
|
||||
# -
|
||||
declare -i k=1
|
||||
|
||||
# - (Re)define helper
|
||||
# -
|
||||
if ! $ftp_helper_output_defined ; then
|
||||
$ipt -A OUTPUT -t raw -p tcp --dport 21 -j CT --helper ftp
|
||||
ftp_helper_output_defined=true
|
||||
fi
|
||||
if $kernel_activate_forwarding && ! $permit_between_local_networks && ! $ftp_helper_prerouting_defined ; then
|
||||
$ipt -A PREROUTING -t raw -p tcp --dport 21 -j CT --helper ftp
|
||||
ftp_helper_prerouting_defined=true
|
||||
fi
|
||||
|
||||
for _ip in ${ftp_server_only_local_ip_arr[@]} ; do
|
||||
$ipt -A OUTPUT -p tcp -d $_ip --dport 21 --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
|
||||
|
||||
if ! $permit_between_local_networks ; then
|
||||
$ipt -A FORWARD -p tcp -d $_ip --dport 21 --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
|
||||
# - (1)
|
||||
# -
|
||||
# - Open FTP connection and add the destination ip (--rdest) to ftpdata recent list 'ftpdata_$i'.
|
||||
# -
|
||||
$ipt -A OUTPUT -p tcp -d $_ip --dport 21 --sport 1024: -m state --state NEW \
|
||||
-m recent --name ftpdata_local_$k --rdest --set -j ACCEPT
|
||||
|
||||
$ipt -A FORWARD -d $_ip -p tcp --dport 21 -m state --state NEW \
|
||||
-m recent --name ftpdata_local_$k --rdest --set -j ACCEPT
|
||||
|
||||
# - (2)
|
||||
# - - Accept packets if the destination ip-address (--rdest) is in the 'ftpdata_$i' list (--update)
|
||||
# - and the destination ip-address was seen within the last 1800 seconds (--seconds 1800).
|
||||
# -
|
||||
# - - If matched, the "last seen" timestamp of the destination address will be updated (--update).
|
||||
# -
|
||||
# - - Entries in the ftpdata list not seen in the last 1800 will be removed (--reap).
|
||||
# -
|
||||
$ipt -A OUTPUT -d $_ip -p tcp -m state --state NEW --dport 1024: \
|
||||
-m recent --name ftpdata_local_$k --rdest --update --seconds 1800 --reap -j ACCEPT
|
||||
|
||||
if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
|
||||
$ipt -A FORWARD -d $_ip -p tcp -m state --state NEW --dport 1024: \
|
||||
-m recent --name ftpdata_local_$k --rdest --update --seconds 1800 --reap -j ACCEPT
|
||||
fi
|
||||
|
||||
if $local_alias_interfaces ; then
|
||||
# - Control Port
|
||||
$ipt -A FORWARD -p tcp -d $_ip --dport 21 --tcp-flag ACK ACK -j ACCEPT
|
||||
$ipt -A FORWARD -p tcp -s $_ip --sport 21 --tcp-flag ACK ACK -j ACCEPT
|
||||
# - Data Port activ
|
||||
$ipt -A FORWARD -p tcp -d $_ip --dport 20 --tcp-flag ACK ACK -j ACCEPT
|
||||
$ipt -A FORWARD -p tcp -s $_ip --sport 20 --tcp-flag ACK ACK -j ACCEPT
|
||||
# - Data Port passiv
|
||||
$ipt -A FORWARD -p tcp -d $_ip --sport $unprivports --dport $unprivports --tcp-flag ACK ACK -j ACCEPT
|
||||
((k++))
|
||||
|
||||
# - Accept (helper ftp) related connections
|
||||
# -
|
||||
$ipt -A OUTPUT -m conntrack --ctstate RELATED -m helper --helper ftp -o $_dev -p tcp --dport 1024: -j ACCEPT
|
||||
$ipt -A INPUT -m conntrack --ctstate RELATED -m helper --helper ftp -i $_dev -p tcp --dport 1024: -j ACCEPT
|
||||
|
||||
if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
|
||||
$ipt -A FORWARD -m conntrack --ctstate RELATED -m helper --helper ftp -p tcp -d $_ip --dport 1024: -j ACCEPT
|
||||
$ipt -A FORWARD -m conntrack --ctstate RELATED -m helper --helper ftp -p tcp -s $_ip --dport 1024: -j ACCEPT
|
||||
fi
|
||||
|
||||
done
|
||||
|
||||
|
||||
echo_done
|
||||
else
|
||||
echo_skipped
|
||||
fi
|
||||
|
||||
|
||||
|
||||
#echononl "\t\tFTP Service local Networks"
|
||||
#if [[ ${#ftp_server_only_local_ip_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
|
||||
# for _ip in ${ftp_server_only_local_ip_arr[@]} ; do
|
||||
# $ipt -A OUTPUT -p tcp -d $_ip --dport 21 --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
|
||||
#
|
||||
# if ! $permit_between_local_networks ; then
|
||||
# $ipt -A FORWARD -p tcp -d $_ip --dport 21 --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
|
||||
# fi
|
||||
#
|
||||
# if $local_alias_interfaces ; then
|
||||
# # - Control Port
|
||||
# $ipt -A FORWARD -p tcp -d $_ip --dport 21 --tcp-flag ACK ACK -j ACCEPT
|
||||
# $ipt -A FORWARD -p tcp -s $_ip --sport 21 --tcp-flag ACK ACK -j ACCEPT
|
||||
# # - Data Port activ
|
||||
# $ipt -A FORWARD -p tcp -d $_ip --dport 20 --tcp-flag ACK ACK -j ACCEPT
|
||||
# $ipt -A FORWARD -p tcp -s $_ip --sport 20 --tcp-flag ACK ACK -j ACCEPT
|
||||
# # - Data Port passiv
|
||||
# $ipt -A FORWARD -p tcp -d $_ip --sport $unprivports --dport $unprivports --tcp-flag ACK ACK -j ACCEPT
|
||||
# fi
|
||||
# done
|
||||
#
|
||||
# echo_done
|
||||
#else
|
||||
# echo_skipped
|
||||
#fi
|
||||
|
||||
|
||||
# ---
|
||||
# - FTP Services DMZ
|
||||
# ---
|
||||
@ -2627,6 +3163,38 @@ else
|
||||
fi
|
||||
|
||||
|
||||
# ---
|
||||
# - Samba Service only out
|
||||
# ---
|
||||
|
||||
echononl "\t\tSamba Service only out"
|
||||
|
||||
if $allow_samba_requests_out && ! $permit_local_net_to_inet ; then
|
||||
for _dev in ${ext_if_arr[@]} ; do
|
||||
|
||||
for _port in ${samba_udp_ports[@]} ; do
|
||||
$ipt -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
|
||||
done
|
||||
for _port in ${samba_tcp_ports[@]} ; do
|
||||
$ipt -A OUTPUT -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
|
||||
done
|
||||
|
||||
if $kernel_activate_forwarding ; then
|
||||
|
||||
for _port in ${samba_udp_ports[@]} ; do
|
||||
$ipt -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
|
||||
done
|
||||
for _port in ${samba_tcp_ports[@]} ; do
|
||||
$ipt -A FORWARD -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
|
||||
done
|
||||
fi
|
||||
done
|
||||
|
||||
echo_done
|
||||
else
|
||||
echo_skipped
|
||||
fi
|
||||
|
||||
|
||||
# ---
|
||||
# - Samba Service Gateway (only for local Networks)
|
||||
@ -3233,6 +3801,52 @@ else
|
||||
fi
|
||||
|
||||
|
||||
# ---
|
||||
# - Special TCP Ports OUT
|
||||
# ---
|
||||
|
||||
echononl "\t\tSpecial TCP Ports OUT"
|
||||
|
||||
if [[ ${#tcp_out_port_arr[@]} -gt 0 ]] ; then
|
||||
|
||||
for _dev in ${ext_if_arr[@]} ; do
|
||||
for _port in ${tcp_out_port_arr[@]} ; do
|
||||
$ipt -A OUTPUT -o $_dev -p tcp --dport $_port -m state --state NEW -j ACCEPT
|
||||
if $kernel_activate_forwarding ; then
|
||||
$ipt -A FORWARD -o $_dev -p tcp --dport $_port -m state --state NEW -j ACCEPT
|
||||
fi
|
||||
done
|
||||
done
|
||||
|
||||
echo_done
|
||||
else
|
||||
echo_skipped
|
||||
fi
|
||||
|
||||
|
||||
# ---
|
||||
# - Special UDP Ports OUT
|
||||
# ---
|
||||
|
||||
echononl "\t\tSpecial UDP Ports OUT"
|
||||
|
||||
if [[ ${#udp_out_port_arr[@]} -gt 0 ]] ; then
|
||||
|
||||
for _dev in ${ext_if_arr[@]} ; do
|
||||
for _port in ${udp_out_port_arr[@]} ; do
|
||||
$ipt -A OUTPUT -o $_dev -p udp --dport $_port -m state --state NEW -j ACCEPT
|
||||
if $kernel_activate_forwarding ; then
|
||||
$ipt -A FORWARD -o $_dev -p udp --dport $_port -m state --state NEW -j ACCEPT
|
||||
fi
|
||||
done
|
||||
done
|
||||
|
||||
echo_done
|
||||
else
|
||||
echo_skipped
|
||||
fi
|
||||
|
||||
|
||||
# ---
|
||||
# - Other local Services
|
||||
# ---
|
||||
@ -3363,12 +3977,14 @@ if [[ ${#pcns_server_ip_arr[@]} -gt 0 ]] && [[ -n "$usv_ip" ]] ; then
|
||||
|
||||
for _ip in ${pcns_server_ip_arr[@]} ; do
|
||||
if containsElement "$_ip" "${gateway_ipv4_address_arr[@]}" ; then
|
||||
$ipt -A OUTPUT -p tcp -s $_ip -d $usv_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
$ipt -A INPUT -p tcp -s $usv_ip --dport $pcns_tcp_port -m conntrack --ctstate NEW -j ACCEPT
|
||||
$ipt -A INPUT -p udp -s $usv_ip --dport $pcns_udp_port -m conntrack --ctstate NEW -j ACCEPT
|
||||
$ipt -A INPUT -p tcp --dport $pcns_web_port -m conntrack --ctstate NEW -j ACCEPT
|
||||
fi
|
||||
|
||||
if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
|
||||
$ipt -A FORWARD -p tcp -s $_ip -d $usv_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
$ipt -A FORWARD -p tcp -s $usv_ip -d $_ip --dport $pcns_tcp_port -m conntrack --ctstate NEW -j ACCEPT
|
||||
$ipt -A FORWARD -p udp -s $usv_ip -d $_ip --dport $pcns_udp_port -m conntrack --ctstate NEW -j ACCEPT
|
||||
$ipt -A FORWARD -p tcp -d $_ip --dport $pcns_web_port -m conntrack --ctstate NEW -j ACCEPT
|
||||
@ -3388,11 +4004,11 @@ fi
|
||||
|
||||
|
||||
# ---
|
||||
# - Ubiquiti Unifi Controler (Accesspoints) Gateway
|
||||
# - Ubiquiti Unifi Controller Gateway
|
||||
# ---
|
||||
|
||||
|
||||
echononl "\t\tUbiquiti Unifi Controler (Accesspoints) Gateway"
|
||||
echononl "\t\tUbiquiti Unifi Controller Gateway"
|
||||
if $local_unifi_controller_service ; then
|
||||
for _dev in ${local_if_arr[@]} ; do
|
||||
$ipt -A INPUT -p udp -i $_dev -m multiport --dports $unify_broadcast_udp_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
@ -3407,11 +4023,32 @@ else
|
||||
fi
|
||||
|
||||
|
||||
echononl "\t\tUbiquiti Unifi Controller Gateway - STUN to Unifi APs"
|
||||
if $local_unifi_controller_service ; then
|
||||
|
||||
if [[ ${#unifi_ap_local_ip_arr[@]} -gt 0 ]] ; then
|
||||
|
||||
for _ip_ap in ${unifi_ap_local_ip_arr[@]} ; do
|
||||
|
||||
$ipt -A OUTPUT -p udp -d $_ip_ap -m multiport --sports $unify_udp_ports -m conntrack --ctstate NEW -j ACCEPT
|
||||
|
||||
done
|
||||
|
||||
echo_done
|
||||
else
|
||||
echo_skipped
|
||||
warn "Local Unifi Controller is defined, but no Unifi APs!"
|
||||
fi
|
||||
else
|
||||
echo_skipped
|
||||
fi
|
||||
|
||||
|
||||
# ---
|
||||
# - Ubiquiti Unifi Controler (Accesspoints) local Network
|
||||
# - Ubiquiti Unifi Controller local Network
|
||||
# ---
|
||||
|
||||
echononl "\t\tUbiquiti Unifi Controler (Accesspoints) local Network"
|
||||
echononl "\t\tUbiquiti Unifi Controller local Network"
|
||||
if [[ ${#unify_controller_local_net_ip_arr[@]} -gt 0 ]] \
|
||||
&& $kernel_activate_forwarding \
|
||||
&& ! $permit_between_local_networks ; then
|
||||
|
||||
23
Kanzlei-Kiel/sbin/synctime
Executable file
23
Kanzlei-Kiel/sbin/synctime
Executable file
@ -0,0 +1,23 @@
|
||||
#!/bin/bash
|
||||
|
||||
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
||||
|
||||
NOW=$(date +%s)
|
||||
INTERVAL=$[ 8 * 60 * 60 ] # 8 hs
|
||||
CONTROL=/tmp/.lastSyncTime
|
||||
|
||||
sync_time() {
|
||||
ntpdate-debian -s || exit 1
|
||||
hwclock --systohc || exit 1
|
||||
touch ${CONTROL}
|
||||
}
|
||||
|
||||
[ ! -f ${CONTROL} ] && sync_time && exit 0
|
||||
|
||||
SYNCRONIZED=$(stat -c %Y ${CONTROL})
|
||||
SECONDS=$[ ${NOW} - ${SYNCRONIZED} ]
|
||||
|
||||
[ ${SECONDS} -gt ${INTERVAL} ] && sync_time && exit 0
|
||||
[ ${SECONDS} -lt 0 ] && sync_time && exit 0
|
||||
|
||||
exit 0
|
||||
8
Kanzlei-Kiel/sbin/tmpsize
Executable file
8
Kanzlei-Kiel/sbin/tmpsize
Executable file
@ -0,0 +1,8 @@
|
||||
#!/bin/bash
|
||||
|
||||
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
||||
|
||||
mount -t tmpfs | cut -d' ' -f3 | \
|
||||
while read MOUNT_POINT; do
|
||||
mount -o remount,size=30M ${MOUNT_POINT}
|
||||
done
|
||||
5
Kanzlei-Kiel/sbin/usb-leds-on-off
Executable file
5
Kanzlei-Kiel/sbin/usb-leds-on-off
Executable file
@ -0,0 +1,5 @@
|
||||
#!/bin/bash
|
||||
|
||||
[ -e "/sys/class/leds/alix:${2}/brightness" ] && {
|
||||
/bin/echo ${1} > "/sys/class/leds/alix:${2}/brightness"
|
||||
}
|
||||
1
Kanzlei-Kiel/src/Kanzlei-Kiel/src/openvpn
Submodule
1
Kanzlei-Kiel/src/Kanzlei-Kiel/src/openvpn
Submodule
@ -0,0 +1 @@
|
||||
Subproject commit 800d7e25a3e9bb0f76133148495a670a201ac905
|
||||
376
Kanzlei-Kiel/src/djbdns/djbdns-1.05/CHANGES
Normal file
376
Kanzlei-Kiel/src/djbdns/djbdns-1.05/CHANGES
Normal file
@ -0,0 +1,376 @@
|
||||
19991129
|
||||
version: dnscache 0.50, alpha. not released yet.
|
||||
19991223
|
||||
version: dnscache 0.60, alpha.
|
||||
19991224
|
||||
internal: dns_sortip() takes length argument.
|
||||
api: dns_ip4() sorts output. currently this means just random.
|
||||
api: added socket_bind4_reuse(). removed reuse from bind4().
|
||||
ui: used bind4_reuse() for port 53, bind4() otherwise.
|
||||
internal: eliminated some unused variables.
|
||||
internal: prototypes in cdb.h, cdbmake.h, cdbmss.h.
|
||||
internal: prototypes in case.h, env.h, fmt.h, scan.h, str.h.
|
||||
internal: prototypes in stralloc.h.
|
||||
internal: prototypes in error.h, strerr.h.
|
||||
internal: prototypes in ndelay.h, open.h, seek.h.
|
||||
internal: prototypes in sgetopt.h, subgetopt.h.
|
||||
internal: prototypes in tai.h, taia.h.
|
||||
internal: added some missing declarations.
|
||||
bug: query.c checked void response_finishanswer() return code.
|
||||
impact: cached responses were dropped on systems that
|
||||
didn't follow the traditional C return behavior. fix:
|
||||
obvious. tnx Giles Lean.
|
||||
internal: switched from taia_addsec() to taia_uint().
|
||||
api: switched to uint16 for socket_* port numbers.
|
||||
internal: integrated uint16_pack() and friends.
|
||||
ui: dnscache allows (recursive) queries from port 53.
|
||||
ui: dnscache has 10-second idle timer on TCP read/write.
|
||||
ui: dnscache limits itself to 20 concurrent TCP connections.
|
||||
internal: moved dns_domain_fromdot() to separate file.
|
||||
ui: supported \X, \1, \12, \123 in dns_domain_fromdot().
|
||||
ui: supported \123 in dns_domain_todot_append().
|
||||
version: dnscache 0.61, alpha.
|
||||
19991230
|
||||
api: added dns_ip4_qualify().
|
||||
api: added dns_resolvconfrewrite().
|
||||
ui: added dnsipq.
|
||||
api: dns_ip4() checks for (strings of) IP addresses.
|
||||
20000106
|
||||
port: Solaris needs /dev/udp, not just /dev/tcp. impact:
|
||||
dnscache and tinydns would stop immediately under
|
||||
Solaris. fix: create /dev/udp in configure; and have
|
||||
tinydns create socket before chroot. tnx Louis Theran.
|
||||
internal: moved dns_name4_domain() to dns_nd.c.
|
||||
ui: tinydns no longer excludes screwy queries from its log.
|
||||
internal: moved respond() to tdlookup.c under new name.
|
||||
ui: added tinydns-get.
|
||||
ui: rewrote tinydns-data for new data format.
|
||||
internal: expanded rts to cover tinydns-data using tinydns-get.
|
||||
20000107
|
||||
ui: tinydns-data allows arbitrary case in domain names.
|
||||
ui: dnscache supports preconfigured servers for non-root
|
||||
domains.
|
||||
ui: dnscache uses textual addresses for preconfigured servers.
|
||||
20000108
|
||||
ui: tinydns-data excludes the additional and authority sections
|
||||
if doing so helps meet the 512-byte UDP limit.
|
||||
version: dnscache 0.70, beta.
|
||||
20000114
|
||||
internal: in log.c, ulong() now prints a uint64.
|
||||
internal: added cache_motion, query_count, log_stats.
|
||||
ui: dnscache now prints queries/motion stats after typical
|
||||
response packets.
|
||||
20000115
|
||||
internal: added droproot.c. used in tinydns and dnscache.
|
||||
internal: moved tinydns log() to qlog.c under new name.
|
||||
ui: added walldns, configure-wd.
|
||||
ui: configure-td now creates an empty root/data.
|
||||
ui: added tinydns-edit.
|
||||
ui: configure-td now sets up root/add-{ns,childns,host,mx}.
|
||||
20000116
|
||||
ui: renamed configure* as *-conf.
|
||||
ui: added axfrdns, axfrdns-conf.
|
||||
ui: added axfr-get.
|
||||
ui: dnscache-conf 10.* or 192.168.* now sets IPSEND=0.0.0.0.
|
||||
20000117
|
||||
ui: added pickdns, pickdns-conf, pickdns-data.
|
||||
version: dnscache 0.75, beta.
|
||||
20000118
|
||||
internal: address* -> address_* in pickdns-data.c.
|
||||
internal: start writing cdb earlier in pickdns-data.c.
|
||||
internal: keep track of namelen in pickdns-data.c.
|
||||
ui: added client-location variability to pickdns, pickdns-data.
|
||||
ui: qlog logs short packets.
|
||||
ui: qlog logs header if RD or other unusual bits are set.
|
||||
ui: qlog logs non-Internet classes.
|
||||
api: dns_domain_todot_append() -> dns_domain_todot_cat().
|
||||
ui: axfr-get prints A records more nicely. tnx Russ Nelson.
|
||||
ui: tinydns, pickdns, and walldns respond REFUSED to multiple
|
||||
queries, strange classes, and strange header bits.
|
||||
pickdns and walldns also respond REFUSED to unrecognized
|
||||
domain names.
|
||||
20000120
|
||||
ui: dns_resolvconfip() and dns_resolvconfrewrite() reread after
|
||||
10 minutes or 10000 uses.
|
||||
ui: dns_resolvconfrewrite() treats "domain" like "search".
|
||||
ui: dns_resolvconfrewrite() supports $LOCALDOMAIN.
|
||||
ui: dns_resolvconfrewrite() supports gethostname().
|
||||
api: dns_ip4_qualify() -> dns_ip4_qualify_rules(). new function
|
||||
under the old name uses dns_resolvconfrewrite().
|
||||
internal: cleaned up log.h.
|
||||
20000121
|
||||
port: the gcc 2.95.2 -O2 optimizer can destroy parameters in a
|
||||
function that calls another function with a long long
|
||||
argument. impact: gcc 2.95.2 kills dnscache in
|
||||
log_query(). fix: pass log_stats() inputs by reference,
|
||||
and pass uint64's through a variable inside log.c.
|
||||
internal: introduced x_* in axfr-get.
|
||||
internal: more format verification in axfr-get.
|
||||
ui: minimal Z support in tinydns-data.
|
||||
ui: axfr-get prints Z lines.
|
||||
ui: juggled axfr-get to support BIND 8's many-answers option.
|
||||
ui: axfr-get prints common characters readably rather than in
|
||||
octal. tnx Karsten Thygesen.
|
||||
ui: install copies VERSION into .../etc.
|
||||
20000122
|
||||
ui: dns_domain_todot_cat() now lowercases everything.
|
||||
internal: split printrecord.c out of tinydns-get.
|
||||
ui: added dnstrace.
|
||||
20000123
|
||||
version: dnscache 0.76, beta.
|
||||
20000124
|
||||
port: Solaris needs socket libraries for dnstrace. impact:
|
||||
couldn't compile under Solaris. fix: use socket.lib.
|
||||
tnx Karsten Thygesen.
|
||||
20000126
|
||||
ui: dns_resolvconfip() supports $DNSCACHEIP.
|
||||
ui: changed tinydns-get arg order.
|
||||
internal: split printpacket.c out of tinydns-get.
|
||||
ui: added dnsquery.
|
||||
internal: merged case.a, fs.a, str.a, uint.a, ip4.a into byte.a.
|
||||
internal: merged strerr.a into buffer.a.
|
||||
internal: merged stralloc.a, getln.a into alloc.a.
|
||||
internal: merged error.a, open.a, seek.a, ndelay.a, socket.a
|
||||
into unix.a.
|
||||
internal: used catulong in axfr-get.c.
|
||||
ui: packet-parsing errors produce error_proto.
|
||||
ui: axfr-get goes out of its way to reject wildcards.
|
||||
internal: introduced generic-conf.c.
|
||||
internal: upgraded timeoutread and timeoutwrite to iopause.
|
||||
20000127
|
||||
ui: revamped details of the log formats.
|
||||
ui: full Z support in tinydns-data.
|
||||
ui: axfr-get accepts authority records and additional records.
|
||||
ui: axfrdns tries to imitate BIND's handling of glue.
|
||||
internal: expanded rts to try out the servers and *-conf.
|
||||
ui: added rbldns.
|
||||
20000128
|
||||
ui: increased MAXNS to 16 in query.h.
|
||||
20000129
|
||||
version: DNScache 0.80, beta.
|
||||
20000205
|
||||
ui: tinydns-data supports ^, for the benefit of people stuck
|
||||
behind reverse CNAMEs. tnx Petr Novotny.
|
||||
20000206
|
||||
ui: rbldns supports $.
|
||||
ui: tinydns-data supports C. CNAME is overridden by NS; CNAME
|
||||
overrides other records; no multiple CNAMEs.
|
||||
ui: axfr-get supports C.
|
||||
ui: axfr-get no longer rejects wildcards, except for NS.
|
||||
internal: eliminated flagempty from tinydns-data.
|
||||
internal: cleaned up delegation/NXDOMAIN loops in tinydns-data.
|
||||
internal: reorganized packet_start interface in tinydns-data.
|
||||
ui: tinydns-data supports BIND-style wildcards, except for NS.
|
||||
version: DNScache 0.81, beta.
|
||||
20000207
|
||||
ui: renamed dnsquery as dnsq, to eliminate name conflict with
|
||||
Beecher dnsquery program. tnx Anand Buddhdev.
|
||||
20000208
|
||||
ui: tinydns-edit supports add alias.
|
||||
ui: tinydns-conf sets up root/add-alias.
|
||||
20000209
|
||||
ui: dnscache-conf now sets IPSEND=0.0.0.0 in all cases.
|
||||
ui: dnsq and dnstrace allow server names.
|
||||
ui: dnsq and dnstrace allow type names.
|
||||
20000210
|
||||
internal: response_tc() reduces len, simplifying udprespond().
|
||||
ui: response_tc() now truncates immediately after query. this
|
||||
should work around the Squid parsing bug reported by
|
||||
Stuart Henderson.
|
||||
20000211
|
||||
ui: tinydns-get allows type names.
|
||||
ui: tinydns-data prints query name for >512 error. tnx Uwe Ohse.
|
||||
version: DNScache 0.82, beta.
|
||||
20000212
|
||||
ui: dns_transmit starts with loop 1 for recursive queries.
|
||||
ui: dnscache tries to allocate 128K of incoming UDP buffer
|
||||
space. tnx Jeremy Hansen.
|
||||
20000213
|
||||
ui: tinydns tries to allocate 64K of incoming UDP buffer space.
|
||||
internal: renamed response_*answer as response_r*.
|
||||
internal: expanded response_rfinish to allow au and ar.
|
||||
internal: expanded response_rstart to allow any ttl.
|
||||
internal: rewrote tinydns-data, tinydns, tinydns-get, axfrdns
|
||||
for compact new data.cdb format. a few ui effects: empty
|
||||
nodes produce NXDOMAIN; wildcards affect empty nodes.
|
||||
ui: response_addname() tries more extensive compression.
|
||||
20000215
|
||||
ui: tinydns-edit takes fn arguments. tnx Jason R. Mastaler.
|
||||
20000218
|
||||
internal: upgraded to new cdb library.
|
||||
internal: added globalip().
|
||||
ui: dnscache assigns IP addresses to dotted-decimal domain
|
||||
names in canonical form.
|
||||
internal: merged handling of C and ^ in tinydns-data.
|
||||
port: FreeBSD 3.4-RELEASE poll() doesn't think that regular
|
||||
files are readable. impact: under FreeBSD 3.4-RELEASE,
|
||||
dnsfilter hangs waiting to read from regular files. tnx
|
||||
Kenji Rikitake. fix: check for this bug in trypoll.c.
|
||||
20000219
|
||||
ui: tinydns-data supports time-to-die.
|
||||
ui: changed home directory from /usr/local/dnscache to
|
||||
/usr/local; moved @ from home/etc to home/etc/dnscache.
|
||||
internal: reorganized response.c.
|
||||
20000220
|
||||
ui: tinydns-data allows omitted numeric fields in Z lines. tnx
|
||||
Timothy L. Mayo.
|
||||
version: DNScache 0.85, beta.
|
||||
20000222
|
||||
ui: dns_transmit_get() pauses after server failure, if udploop
|
||||
is 2.
|
||||
internal: sped up name handling in response.c.
|
||||
20000223
|
||||
ui: dnscache ignores some garbage in queries: AA, !RD, RA, Z,
|
||||
RCODE, AN, AU, AR. (note that responses still say RD.)
|
||||
this allows bogus queries from Ultrix versions of BIND.
|
||||
internal: split dd.c out of query.c.
|
||||
internal: split server.c out of tinydns.
|
||||
internal: rewrote walldns, pickdns, rbldns to use server.c.
|
||||
ui: server.c allows some garbage in queries: RA, Z, RCODE, AN,
|
||||
AU, AR.
|
||||
ui: axfrdns logs packets.
|
||||
ui: walldns supports dotted-decimal IP addresses.
|
||||
20000224
|
||||
ui: revamped qlog, again.
|
||||
ui: better error message in dnscache-conf.c. tnx Chris Johnson.
|
||||
20000225
|
||||
version: DNScache 0.90, gamma.
|
||||
20000226
|
||||
internal: dnscache-conf sets up dnscache/run to avoid env. tnx
|
||||
Chris Cappuccio.
|
||||
20000227
|
||||
ui: tinydns-data uses server name instead of a.ns.domain for
|
||||
automatic primary in SOA. tnx Frank Tegtmeyer.
|
||||
20000228
|
||||
bug: axfrdns doesn't set aa bit in responses. impact: named-xfer
|
||||
refuses to do zone transfers from axfrdns. fix: set aa
|
||||
bit. tnx Peter Hunter.
|
||||
ui: server.c now accepts packets from low ports. sigh.
|
||||
20000229
|
||||
version: DNScache 0.91, gamma.
|
||||
20000307
|
||||
internal: switched from slurp to openreadclose.
|
||||
20000308
|
||||
ui: dns_transmit_get() pauses after recv() failure (such as
|
||||
connection-refused), if udploop is 2.
|
||||
ui: tinydns-data uses refresh 16384, retry 2048, expire 1048576.
|
||||
tnx Frank Tegtmeyer.
|
||||
version: DNScache 0.92, gamma.
|
||||
20000314
|
||||
portability problem: the poll() emulation in RedHat 5.1 doesn't
|
||||
clear revents when select() returns 0. tnx Petr Novotny.
|
||||
impact: dns_transmit_get() never times out;
|
||||
dns_resolve() busy-loops. fix: clear revents before
|
||||
poll().
|
||||
20000315
|
||||
ui: axfr-get grabs zones when serials drop. tnx Frank Tegtmeyer.
|
||||
version: DNScache 0.93, gamma.
|
||||
20000323
|
||||
ui: dns_rcip() accepts 0.0.0.0 in /etc/resolv.conf as 127.0.0.1.
|
||||
tnx Chris Saia.
|
||||
20000325
|
||||
version: DNScache 1.00.
|
||||
20000914
|
||||
ui: axfr-get decodes PTR. tnx to various people.
|
||||
ui: added dnsqr.
|
||||
20000915
|
||||
portability problem: on some buggy kernels, accept() fails to
|
||||
copy O_NONBLOCK. tnx Pavel Kankovsky. impact: with these
|
||||
kernels, dnscache hangs if a TCP connection times out.
|
||||
fix: ndelay_on() after accept().
|
||||
ui: dnscache discards non-recursive queries.
|
||||
ui: *-conf use envdir in */run.
|
||||
internal: reorganized seed_addtime() calls in dnscache-conf.
|
||||
ui: tinydns-data prohibits PTR in generic records.
|
||||
20000917
|
||||
ui: dns_transmit_get() does not pause after most recv() errors.
|
||||
still pauses after connection-refused when udploop is 2.
|
||||
version: djbdns 1.01.
|
||||
20000922
|
||||
portability problem: Linux distributions use bash as /bin/sh;
|
||||
bash destroys $UID. dorks. impact: dnscache and axfrdns
|
||||
run as root. fix: envdir, then sh, then envuidgid. but
|
||||
/bin/sh really has to stop polluting the environment.
|
||||
20000923
|
||||
ui: install /etc/dnsroots.global. dnscache-conf tries
|
||||
dnsroots.local, then dnsroots.global.
|
||||
ui: no longer install home/etc/dnscache.
|
||||
version: djbdns 1.02.
|
||||
20001224
|
||||
ui: new dnstrace output format.
|
||||
ui: dnstrace shows all servers providing each ns/a line.
|
||||
ui: added dnstracesort.
|
||||
20001225
|
||||
internal: response_rstart() and response_cname() use uint32 ttl.
|
||||
internal: added response_hidettl().
|
||||
internal: cache_get() returns ttl.
|
||||
internal: dnscache keeps track of ttls for aliases.
|
||||
ui: dnscache returns ttl unless $HIDETTL is set.
|
||||
ui: dnscache returns ttl 655360 for localhost et al.
|
||||
20001226
|
||||
ui: dnscache supports $FORWARDONLY. tnx to several people for
|
||||
the suggestion. tnx Dan Peterson for sample code.
|
||||
ui: dnscache now logs sequential query numbers, not indices.
|
||||
internal: revamped dnscache to separate udp from tcp.
|
||||
ui: dnscache reports uactive, tactive separately.
|
||||
ui: dnscache reports tcpopen/tcpclose by port and ip.
|
||||
ui: dnscache artificially times out oldest UDP query if UDP
|
||||
table is full, and oldest TCP connection if TCP table is
|
||||
full.
|
||||
ui: dnscache reports broken pipe when a TCP client sends FIN.
|
||||
20001228
|
||||
ui: dnstrace supports dd.
|
||||
ui: dnscache logs stats when it handles 1.0.0.127.in-addr.arpa.
|
||||
ui: pickdns actively refuses queries for unknown types.
|
||||
ui: pickdns responds to MX queries. tnx Mike Batchelor.
|
||||
internal: added const at various places.
|
||||
internal: removed some unused variables.
|
||||
internal: used time_t in tai_now.c.
|
||||
internal: used stdlib.h in alloc.c.
|
||||
api: split dns_domain_suffix() into suffix(), suffixpos().
|
||||
internal: switched to buffer_unix*.
|
||||
internal: included unistd.h for various declarations.
|
||||
20010103
|
||||
ui: increased maximum data size from 512 bytes to 32767 bytes in
|
||||
tinydns, tinydns-get, axfrdns. allows big TXT records.
|
||||
ui: dnsmx reformats name when it prints an artificial 0 MX.
|
||||
20010105
|
||||
ui: increased MAXLEVEL to 5. the Internet is becoming more
|
||||
glueless every day.
|
||||
20010106
|
||||
version: djbdns 1.03.
|
||||
20010113
|
||||
ui: increased MAXALIAS to 16.
|
||||
ui: dnscache no longer caches SERVFAIL. per-ip is obviously the
|
||||
way to go.
|
||||
ui: tinydns et al. now respond FORMERR to non-Internet-class
|
||||
queries.
|
||||
ui: tdlookup now returns A records in a random order in the
|
||||
answer section, and truncates the list after 8 records.
|
||||
ui: tinydns-data skips lines starting -.
|
||||
20010114
|
||||
internal: documented the tinydns data.cdb format.
|
||||
ui: tinydns-data, tinydns, tinydns-get, axfrdns support client
|
||||
differentiation.
|
||||
ui: dnsqr aborts if it is given an extra argument.
|
||||
20010117
|
||||
ui: dnstracesort removes duplicate lines.
|
||||
ui: dnstracesort prints glue.
|
||||
ui: dnstrace uses a ``start'' IP address for the root glue.
|
||||
20010121
|
||||
version: djbdns 1.04.
|
||||
20010206
|
||||
internal: response_query() takes a class argument.
|
||||
internal: query_start() takes a class argument.
|
||||
internal: packetquery() takes a class argument.
|
||||
ui: tinydns et al., axfrdns, and dnscache repeat qclass * in
|
||||
response to bogus * queries. tnx Mike Batchelor.
|
||||
ui: axfrdns rejects queries for weird classes.
|
||||
ui: axfrdns uses query ID instead of ID 0 in the series of AXFR
|
||||
response messages between the SOAs, to support the AXFR
|
||||
client in BIND 9.
|
||||
ui: axfrdns sets AA in the series of AXFR response messages.
|
||||
20010211
|
||||
ui: servers print starting message.
|
||||
internal: some respond() declarations.
|
||||
version: djbdns 1.05.
|
||||
254
Kanzlei-Kiel/src/djbdns/djbdns-1.05/FILES
Normal file
254
Kanzlei-Kiel/src/djbdns/djbdns-1.05/FILES
Normal file
@ -0,0 +1,254 @@
|
||||
README
|
||||
TODO
|
||||
CHANGES
|
||||
VERSION
|
||||
FILES
|
||||
SYSDEPS
|
||||
TARGETS
|
||||
Makefile
|
||||
dnsroots.global
|
||||
TINYDNS
|
||||
conf-cc
|
||||
conf-ld
|
||||
conf-home
|
||||
rts.sh
|
||||
rts.tests
|
||||
rts.exp
|
||||
dnscache-conf.c
|
||||
hasdevtcp.h1
|
||||
hasdevtcp.h2
|
||||
dnscache.c
|
||||
server.c
|
||||
walldns-conf.c
|
||||
walldns.c
|
||||
rbldns-conf.c
|
||||
rbldns.c
|
||||
rbldns-data.c
|
||||
pickdns-conf.c
|
||||
pickdns.c
|
||||
pickdns-data.c
|
||||
dnsipq.c
|
||||
tinydns-conf.c
|
||||
tinydns.c
|
||||
tdlookup.c
|
||||
tinydns-get.c
|
||||
tinydns-data.c
|
||||
tinydns-edit.c
|
||||
axfrdns-conf.c
|
||||
axfrdns.c
|
||||
axfr-get.c
|
||||
dnsip.c
|
||||
dnsname.c
|
||||
dnstxt.c
|
||||
dnsmx.c
|
||||
dnsfilter.c
|
||||
random-ip.c
|
||||
dnsqr.c
|
||||
dnsq.c
|
||||
dnstrace.c
|
||||
dnstracesort.sh
|
||||
utime.c
|
||||
cachetest.c
|
||||
generic-conf.h
|
||||
generic-conf.c
|
||||
dd.h
|
||||
dd.c
|
||||
droproot.h
|
||||
droproot.c
|
||||
response.h
|
||||
response.c
|
||||
query.h
|
||||
query.c
|
||||
cache.h
|
||||
cache.c
|
||||
log.h
|
||||
log.c
|
||||
okclient.h
|
||||
okclient.c
|
||||
roots.h
|
||||
roots.c
|
||||
qlog.h
|
||||
qlog.c
|
||||
printrecord.h
|
||||
printrecord.c
|
||||
printpacket.h
|
||||
printpacket.c
|
||||
parsetype.h
|
||||
parsetype.c
|
||||
dns.h
|
||||
dns_dfd.c
|
||||
dns_domain.c
|
||||
dns_dtda.c
|
||||
dns_ip.c
|
||||
dns_ipq.c
|
||||
dns_mx.c
|
||||
dns_name.c
|
||||
dns_nd.c
|
||||
dns_packet.c
|
||||
dns_random.c
|
||||
dns_rcip.c
|
||||
dns_rcrw.c
|
||||
dns_resolve.c
|
||||
dns_sortip.c
|
||||
dns_transmit.c
|
||||
dns_txt.c
|
||||
choose.sh
|
||||
warn-auto.sh
|
||||
find-systype.sh
|
||||
trycpp.c
|
||||
x86cpuid.c
|
||||
alloc.c
|
||||
alloc.h
|
||||
alloc_re.c
|
||||
auto-str.c
|
||||
auto_home.h
|
||||
buffer.c
|
||||
buffer.h
|
||||
buffer_1.c
|
||||
buffer_2.c
|
||||
buffer_copy.c
|
||||
buffer_get.c
|
||||
buffer_put.c
|
||||
byte.h
|
||||
byte_chr.c
|
||||
byte_copy.c
|
||||
byte_cr.c
|
||||
byte_diff.c
|
||||
byte_zero.c
|
||||
case.h
|
||||
case_diffb.c
|
||||
case_diffs.c
|
||||
case_lowerb.c
|
||||
cdb.c
|
||||
cdb.h
|
||||
cdb_hash.c
|
||||
cdb_make.c
|
||||
cdb_make.h
|
||||
chkshsgr.c
|
||||
direntry.h1
|
||||
direntry.h2
|
||||
env.c
|
||||
env.h
|
||||
error.c
|
||||
error.h
|
||||
error_str.c
|
||||
exit.h
|
||||
fmt.h
|
||||
fmt_ulong.c
|
||||
fmt_xlong.c
|
||||
gen_alloc.h
|
||||
gen_allocdefs.h
|
||||
getln.c
|
||||
getln.h
|
||||
getln2.c
|
||||
hasshsgr.h1
|
||||
hasshsgr.h2
|
||||
hier.c
|
||||
install.c
|
||||
instcheck.c
|
||||
iopause.c
|
||||
iopause.h1
|
||||
iopause.h2
|
||||
ip4.h
|
||||
ip4_fmt.c
|
||||
ip4_scan.c
|
||||
ip6.h
|
||||
ip6_fmt.c
|
||||
ip6_scan.c
|
||||
ndelay.h
|
||||
ndelay_off.c
|
||||
ndelay_on.c
|
||||
open.h
|
||||
open_read.c
|
||||
open_trunc.c
|
||||
openreadclose.c
|
||||
openreadclose.h
|
||||
prot.c
|
||||
prot.h
|
||||
readclose.c
|
||||
readclose.h
|
||||
scan.h
|
||||
scan_0x.c
|
||||
scan_ulong.c
|
||||
seek.h
|
||||
seek_set.c
|
||||
select.h1
|
||||
select.h2
|
||||
sgetopt.c
|
||||
sgetopt.h
|
||||
socket.h
|
||||
socket_accept.c
|
||||
socket_bind.c
|
||||
socket_conn.c
|
||||
socket_listen.c
|
||||
socket_recv.c
|
||||
socket_send.c
|
||||
socket_tcp.c
|
||||
socket_udp.c
|
||||
str.h
|
||||
str_chr.c
|
||||
str_diff.c
|
||||
str_len.c
|
||||
str_rchr.c
|
||||
str_start.c
|
||||
stralloc.h
|
||||
stralloc_cat.c
|
||||
stralloc_catb.c
|
||||
stralloc_cats.c
|
||||
stralloc_copy.c
|
||||
stralloc_eady.c
|
||||
stralloc_num.c
|
||||
stralloc_opyb.c
|
||||
stralloc_opys.c
|
||||
stralloc_pend.c
|
||||
strerr.h
|
||||
strerr_die.c
|
||||
strerr_sys.c
|
||||
subgetopt.c
|
||||
subgetopt.h
|
||||
tai.h
|
||||
tai_add.c
|
||||
tai_now.c
|
||||
tai_pack.c
|
||||
tai_sub.c
|
||||
tai_uint.c
|
||||
tai_unpack.c
|
||||
taia.h
|
||||
taia_add.c
|
||||
taia_approx.c
|
||||
taia_frac.c
|
||||
taia_less.c
|
||||
taia_now.c
|
||||
taia_pack.c
|
||||
taia_sub.c
|
||||
taia_tai.c
|
||||
taia_uint.c
|
||||
timeoutread.c
|
||||
timeoutread.h
|
||||
timeoutwrite.c
|
||||
timeoutwrite.h
|
||||
trydrent.c
|
||||
trylsock.c
|
||||
trypoll.c
|
||||
tryshsgr.c
|
||||
trysysel.c
|
||||
tryulong32.c
|
||||
tryulong64.c
|
||||
uint16.h
|
||||
uint16_pack.c
|
||||
uint16_unpack.c
|
||||
uint32.h1
|
||||
uint32.h2
|
||||
uint32_pack.c
|
||||
uint32_unpack.c
|
||||
uint64.h1
|
||||
uint64.h2
|
||||
warn-shsgr
|
||||
buffer_read.c
|
||||
buffer_write.c
|
||||
dns_nd6.c
|
||||
socket_udp6.c
|
||||
socket_getifidx.c
|
||||
tryn2i.c
|
||||
haven2i.h1
|
||||
haven2i.h2
|
||||
1226
Kanzlei-Kiel/src/djbdns/djbdns-1.05/Makefile
Normal file
1226
Kanzlei-Kiel/src/djbdns/djbdns-1.05/Makefile
Normal file
File diff suppressed because it is too large
Load Diff
7
Kanzlei-Kiel/src/djbdns/djbdns-1.05/README
Normal file
7
Kanzlei-Kiel/src/djbdns/djbdns-1.05/README
Normal file
@ -0,0 +1,7 @@
|
||||
djbdns 1.05
|
||||
20010211
|
||||
Copyright 2001
|
||||
D. J. Bernstein
|
||||
|
||||
djbdns home page: http://cr.yp.to/djbdns.html
|
||||
Installation instructions: http://cr.yp.to/djbdns/install.html
|
||||
10
Kanzlei-Kiel/src/djbdns/djbdns-1.05/SYSDEPS
Normal file
10
Kanzlei-Kiel/src/djbdns/djbdns-1.05/SYSDEPS
Normal file
@ -0,0 +1,10 @@
|
||||
VERSION
|
||||
systype
|
||||
uint32.h
|
||||
uint64.h
|
||||
select.h
|
||||
iopause.h
|
||||
direntry.h
|
||||
hasshsgr.h
|
||||
hasdevtcp.h
|
||||
socket.lib
|
||||
241
Kanzlei-Kiel/src/djbdns/djbdns-1.05/TARGETS
Normal file
241
Kanzlei-Kiel/src/djbdns/djbdns-1.05/TARGETS
Normal file
@ -0,0 +1,241 @@
|
||||
load
|
||||
compile
|
||||
systype
|
||||
hasdevtcp.h
|
||||
uint32.h
|
||||
choose
|
||||
uint64.h
|
||||
dnscache-conf.o
|
||||
generic-conf.o
|
||||
auto-str.o
|
||||
makelib
|
||||
buffer.o
|
||||
buffer_1.o
|
||||
buffer_2.o
|
||||
buffer_copy.o
|
||||
buffer_get.o
|
||||
buffer_put.o
|
||||
strerr_die.o
|
||||
strerr_sys.o
|
||||
buffer.a
|
||||
buffer_read.o
|
||||
buffer_write.o
|
||||
error.o
|
||||
error_str.o
|
||||
ndelay_off.o
|
||||
ndelay_on.o
|
||||
open_read.o
|
||||
open_trunc.o
|
||||
openreadclose.o
|
||||
readclose.o
|
||||
seek_set.o
|
||||
socket_accept.o
|
||||
socket_bind.o
|
||||
socket_conn.o
|
||||
socket_listen.o
|
||||
socket_recv.o
|
||||
socket_send.o
|
||||
socket_tcp.o
|
||||
socket_udp.o
|
||||
unix.a
|
||||
byte_chr.o
|
||||
byte_copy.o
|
||||
byte_cr.o
|
||||
byte_diff.o
|
||||
byte_zero.o
|
||||
case_diffb.o
|
||||
case_diffs.o
|
||||
case_lowerb.o
|
||||
fmt_ulong.o
|
||||
ip4_fmt.o
|
||||
ip4_scan.o
|
||||
scan_ulong.o
|
||||
str_chr.o
|
||||
str_diff.o
|
||||
str_len.o
|
||||
str_rchr.o
|
||||
str_start.o
|
||||
uint16_pack.o
|
||||
uint16_unpack.o
|
||||
uint32_pack.o
|
||||
uint32_unpack.o
|
||||
byte.a
|
||||
auto-str
|
||||
auto_home.c
|
||||
auto_home.o
|
||||
tai_add.o
|
||||
tai_now.o
|
||||
tai_pack.o
|
||||
tai_sub.o
|
||||
tai_uint.o
|
||||
tai_unpack.o
|
||||
taia_add.o
|
||||
taia_approx.o
|
||||
taia_frac.o
|
||||
taia_less.o
|
||||
taia_now.o
|
||||
taia_pack.o
|
||||
taia_sub.o
|
||||
taia_tai.o
|
||||
taia_uint.o
|
||||
libtai.a
|
||||
dnscache-conf
|
||||
iopause.h
|
||||
dnscache.o
|
||||
droproot.o
|
||||
okclient.o
|
||||
log.o
|
||||
cache.o
|
||||
query.o
|
||||
response.o
|
||||
dd.o
|
||||
direntry.h
|
||||
roots.o
|
||||
select.h
|
||||
iopause.o
|
||||
chkshsgr.o
|
||||
chkshsgr
|
||||
hasshsgr.h
|
||||
prot.o
|
||||
dns_dfd.o
|
||||
dns_domain.o
|
||||
dns_dtda.o
|
||||
dns_ip.o
|
||||
dns_ipq.o
|
||||
dns_ipq6.o
|
||||
dns_mx.o
|
||||
dns_name.o
|
||||
dns_nd.o
|
||||
dns_packet.o
|
||||
dns_random.o
|
||||
dns_rcip.o
|
||||
dns_rcrw.o
|
||||
dns_resolve.o
|
||||
dns_sortip.o
|
||||
dns_transmit.o
|
||||
dns_txt.o
|
||||
dns.a
|
||||
env.o
|
||||
env.a
|
||||
alloc.o
|
||||
alloc_re.o
|
||||
getln.o
|
||||
getln2.o
|
||||
stralloc_cat.o
|
||||
stralloc_catb.o
|
||||
stralloc_cats.o
|
||||
stralloc_copy.o
|
||||
stralloc_eady.o
|
||||
stralloc_num.o
|
||||
stralloc_opyb.o
|
||||
stralloc_opys.o
|
||||
stralloc_pend.o
|
||||
alloc.a
|
||||
socket.lib
|
||||
dnscache
|
||||
walldns-conf.o
|
||||
walldns-conf
|
||||
walldns.o
|
||||
server.o
|
||||
qlog.o
|
||||
cdb.o
|
||||
cdb_hash.o
|
||||
cdb_make.o
|
||||
cdb.a
|
||||
walldns
|
||||
rbldns-conf.o
|
||||
rbldns-conf
|
||||
rbldns.o
|
||||
rbldns
|
||||
rbldns-data.o
|
||||
rbldns-data
|
||||
pickdns-conf.o
|
||||
pickdns-conf
|
||||
pickdns.o
|
||||
pickdns
|
||||
pickdns-data.o
|
||||
pickdns-data
|
||||
tinydns-conf.o
|
||||
tinydns-conf
|
||||
tinydns.o
|
||||
tdlookup.o
|
||||
tinydns
|
||||
tinydns-data.o
|
||||
tinydns-data
|
||||
tinydns-get.o
|
||||
printpacket.o
|
||||
printrecord.o
|
||||
parsetype.o
|
||||
tinydns-get
|
||||
tinydns-edit.o
|
||||
tinydns-edit
|
||||
axfr-get.o
|
||||
timeoutread.o
|
||||
timeoutwrite.o
|
||||
axfr-get
|
||||
axfrdns-conf.o
|
||||
axfrdns-conf
|
||||
axfrdns.o
|
||||
axfrdns
|
||||
dnsip.o
|
||||
dnsip
|
||||
dnsipq.o
|
||||
dnsipq
|
||||
dnsip6q.o
|
||||
dnsip6q
|
||||
dnsname.o
|
||||
dnsname
|
||||
dnstxt.o
|
||||
dnstxt
|
||||
dnsmx.o
|
||||
dnsmx
|
||||
dnsfilter.o
|
||||
sgetopt.o
|
||||
subgetopt.o
|
||||
getopt.a
|
||||
dnsfilter
|
||||
random-ip.o
|
||||
random-ip
|
||||
dnsqr.o
|
||||
dnsqr
|
||||
dnsq.o
|
||||
dnsq
|
||||
dnstrace.o
|
||||
dnstrace
|
||||
dnstracesort
|
||||
cachetest.o
|
||||
cachetest
|
||||
utime.o
|
||||
utime
|
||||
rts
|
||||
prog
|
||||
install.o
|
||||
hier.o
|
||||
install
|
||||
instcheck.o
|
||||
instcheck
|
||||
it
|
||||
setup
|
||||
check
|
||||
scan_0x.o
|
||||
fmt_xlong.o
|
||||
ip6_scan.o
|
||||
ip6_fmt.o
|
||||
dnsip6.o
|
||||
dns_ip6.o
|
||||
dns_sortip6.o
|
||||
dnsip6
|
||||
dns_nd6.o
|
||||
socket_udp6.o
|
||||
socket_getifidx.o
|
||||
socket_bind6.o
|
||||
socket_noipv6.o
|
||||
socket_recv6.o
|
||||
socket_send6.o
|
||||
haveip6.h
|
||||
haven2i.h
|
||||
sockaddr_in6.h
|
||||
scan_xlong.o
|
||||
socket_accept6.o
|
||||
socket_connect6.o
|
||||
socket_tcp6.o
|
||||
25
Kanzlei-Kiel/src/djbdns/djbdns-1.05/TINYDNS
Normal file
25
Kanzlei-Kiel/src/djbdns/djbdns-1.05/TINYDNS
Normal file
@ -0,0 +1,25 @@
|
||||
The tinydns data.cdb format is subject to change. If you want to write
|
||||
code that relies on something here, let me know.
|
||||
|
||||
Keys starting with the two bytes \000\045 are locations. The rest of the
|
||||
key is an IP prefix, normally between 0 and 4 bytes long. The data is a
|
||||
2-byte location.
|
||||
|
||||
Other keys are owner names for DNS records. The data begins with a
|
||||
header in the following format:
|
||||
|
||||
* a 2-byte type;
|
||||
* either \075, or \076 with a 2-byte location;
|
||||
* a 4-byte TTL;
|
||||
* an 8-byte timestamp.
|
||||
|
||||
(Exception: Wildcard records replace \075 with \052 and \076 with \053;
|
||||
also, the owner name omits the wildcard.) The data continues in a
|
||||
type-specific format:
|
||||
|
||||
* SOA: first domain name, second domain name, 20-byte miscellany.
|
||||
* NS or PTR or CNAME: domain name.
|
||||
* MX: 2-byte preference, domain name.
|
||||
* Other types: no special structure.
|
||||
|
||||
Domain names, types, and numbers are in DNS packet format.
|
||||
12
Kanzlei-Kiel/src/djbdns/djbdns-1.05/TODO
Normal file
12
Kanzlei-Kiel/src/djbdns/djbdns-1.05/TODO
Normal file
@ -0,0 +1,12 @@
|
||||
end-to-end nym-based security
|
||||
link-level security
|
||||
|
||||
try to get the root authorities to set up a secure, usable NS-list system
|
||||
have dnscache-conf keep track of copies of dnsroots.global
|
||||
incorporate automatic NS-list upgrades
|
||||
|
||||
consider dead-server table in dnscache or in kernel
|
||||
|
||||
IPv6 lookups
|
||||
maybe reverse IPv6 lookups; what a mess
|
||||
DNS over IPv6
|
||||
1
Kanzlei-Kiel/src/djbdns/djbdns-1.05/VERSION
Normal file
1
Kanzlei-Kiel/src/djbdns/djbdns-1.05/VERSION
Normal file
@ -0,0 +1 @@
|
||||
djbdns 1.05
|
||||
BIN
Kanzlei-Kiel/src/djbdns/djbdns-1.05/alloc.a
Normal file
BIN
Kanzlei-Kiel/src/djbdns/djbdns-1.05/alloc.a
Normal file
Binary file not shown.
31
Kanzlei-Kiel/src/djbdns/djbdns-1.05/alloc.c
Normal file
31
Kanzlei-Kiel/src/djbdns/djbdns-1.05/alloc.c
Normal file
@ -0,0 +1,31 @@
|
||||
#include <stdlib.h>
|
||||
#include "alloc.h"
|
||||
#include "error.h"
|
||||
|
||||
#define ALIGNMENT 16 /* XXX: assuming that this alignment is enough */
|
||||
#define SPACE 2048 /* must be multiple of ALIGNMENT */
|
||||
|
||||
typedef union { char irrelevant[ALIGNMENT]; double d; } aligned;
|
||||
static aligned realspace[SPACE / ALIGNMENT];
|
||||
#define space ((char *) realspace)
|
||||
static unsigned int avail = SPACE; /* multiple of ALIGNMENT; 0<=avail<=SPACE */
|
||||
|
||||
/*@null@*//*@out@*/char *alloc(n)
|
||||
unsigned int n;
|
||||
{
|
||||
char *x;
|
||||
n = ALIGNMENT + n - (n & (ALIGNMENT - 1)); /* XXX: could overflow */
|
||||
if (n <= avail) { avail -= n; return space + avail; }
|
||||
x = malloc(n);
|
||||
if (!x) errno = error_nomem;
|
||||
return x;
|
||||
}
|
||||
|
||||
void alloc_free(x)
|
||||
char *x;
|
||||
{
|
||||
if (x >= space)
|
||||
if (x < space + SPACE)
|
||||
return; /* XXX: assuming that pointers are flat */
|
||||
free(x);
|
||||
}
|
||||
8
Kanzlei-Kiel/src/djbdns/djbdns-1.05/alloc.h
Normal file
8
Kanzlei-Kiel/src/djbdns/djbdns-1.05/alloc.h
Normal file
@ -0,0 +1,8 @@
|
||||
#ifndef ALLOC_H
|
||||
#define ALLOC_H
|
||||
|
||||
extern /*@null@*//*@out@*/char *alloc();
|
||||
extern void alloc_free();
|
||||
extern int alloc_re();
|
||||
|
||||
#endif
|
||||
BIN
Kanzlei-Kiel/src/djbdns/djbdns-1.05/alloc.o
Normal file
BIN
Kanzlei-Kiel/src/djbdns/djbdns-1.05/alloc.o
Normal file
Binary file not shown.
17
Kanzlei-Kiel/src/djbdns/djbdns-1.05/alloc_re.c
Normal file
17
Kanzlei-Kiel/src/djbdns/djbdns-1.05/alloc_re.c
Normal file
@ -0,0 +1,17 @@
|
||||
#include "alloc.h"
|
||||
#include "byte.h"
|
||||
|
||||
int alloc_re(x,m,n)
|
||||
char **x;
|
||||
unsigned int m;
|
||||
unsigned int n;
|
||||
{
|
||||
char *y;
|
||||
|
||||
y = alloc(n);
|
||||
if (!y) return 0;
|
||||
byte_copy(y,m,*x);
|
||||
alloc_free(*x);
|
||||
*x = y;
|
||||
return 1;
|
||||
}
|
||||
BIN
Kanzlei-Kiel/src/djbdns/djbdns-1.05/alloc_re.o
Normal file
BIN
Kanzlei-Kiel/src/djbdns/djbdns-1.05/alloc_re.o
Normal file
Binary file not shown.
BIN
Kanzlei-Kiel/src/djbdns/djbdns-1.05/auto-str
Executable file
BIN
Kanzlei-Kiel/src/djbdns/djbdns-1.05/auto-str
Executable file
Binary file not shown.
40
Kanzlei-Kiel/src/djbdns/djbdns-1.05/auto-str.c
Normal file
40
Kanzlei-Kiel/src/djbdns/djbdns-1.05/auto-str.c
Normal file
@ -0,0 +1,40 @@
|
||||
#include "buffer.h"
|
||||
#include "exit.h"
|
||||
|
||||
char bspace[256];
|
||||
buffer b = BUFFER_INIT(buffer_unixwrite,1,bspace,sizeof bspace);
|
||||
|
||||
void puts(const char *s)
|
||||
{
|
||||
if (buffer_puts(&b,s) == -1) _exit(111);
|
||||
}
|
||||
|
||||
int main(int argc,char **argv)
|
||||
{
|
||||
char *name;
|
||||
char *value;
|
||||
unsigned char ch;
|
||||
char octal[4];
|
||||
|
||||
name = argv[1];
|
||||
if (!name) _exit(100);
|
||||
value = argv[2];
|
||||
if (!value) _exit(100);
|
||||
|
||||
puts("const char ");
|
||||
puts(name);
|
||||
puts("[] = \"\\\n");
|
||||
|
||||
while (ch = *value++) {
|
||||
puts("\\");
|
||||
octal[3] = 0;
|
||||
octal[2] = '0' + (ch & 7); ch >>= 3;
|
||||
octal[1] = '0' + (ch & 7); ch >>= 3;
|
||||
octal[0] = '0' + (ch & 7);
|
||||
puts(octal);
|
||||
}
|
||||
|
||||
puts("\\\n\";\n");
|
||||
if (buffer_flush(&b) == -1) _exit(111);
|
||||
_exit(0);
|
||||
}
|
||||
BIN
Kanzlei-Kiel/src/djbdns/djbdns-1.05/auto-str.o
Normal file
BIN
Kanzlei-Kiel/src/djbdns/djbdns-1.05/auto-str.o
Normal file
Binary file not shown.
3
Kanzlei-Kiel/src/djbdns/djbdns-1.05/auto_home.c
Normal file
3
Kanzlei-Kiel/src/djbdns/djbdns-1.05/auto_home.c
Normal file
@ -0,0 +1,3 @@
|
||||
const char auto_home[] = "\
|
||||
\057\165\163\162\057\154\157\143\141\154\
|
||||
";
|
||||
6
Kanzlei-Kiel/src/djbdns/djbdns-1.05/auto_home.h
Normal file
6
Kanzlei-Kiel/src/djbdns/djbdns-1.05/auto_home.h
Normal file
@ -0,0 +1,6 @@
|
||||
#ifndef AUTO_HOME_H
|
||||
#define AUTO_HOME_H
|
||||
|
||||
extern const char auto_home[];
|
||||
|
||||
#endif
|
||||
BIN
Kanzlei-Kiel/src/djbdns/djbdns-1.05/auto_home.o
Normal file
BIN
Kanzlei-Kiel/src/djbdns/djbdns-1.05/auto_home.o
Normal file
Binary file not shown.
BIN
Kanzlei-Kiel/src/djbdns/djbdns-1.05/axfr-get
Executable file
BIN
Kanzlei-Kiel/src/djbdns/djbdns-1.05/axfr-get
Executable file
Binary file not shown.
382
Kanzlei-Kiel/src/djbdns/djbdns-1.05/axfr-get.c
Normal file
382
Kanzlei-Kiel/src/djbdns/djbdns-1.05/axfr-get.c
Normal file
@ -0,0 +1,382 @@
|
||||
#include <stdio.h>
|
||||
#include <unistd.h>
|
||||
#include "uint32.h"
|
||||
#include "uint16.h"
|
||||
#include "stralloc.h"
|
||||
#include "error.h"
|
||||
#include "strerr.h"
|
||||
#include "getln.h"
|
||||
#include "buffer.h"
|
||||
#include "exit.h"
|
||||
#include "open.h"
|
||||
#include "scan.h"
|
||||
#include "byte.h"
|
||||
#include "str.h"
|
||||
#include "ip4.h"
|
||||
#include "ip6.h"
|
||||
#include "timeoutread.h"
|
||||
#include "timeoutwrite.h"
|
||||
#include "dns.h"
|
||||
|
||||
#define FATAL "axfr-get: fatal: "
|
||||
|
||||
void die_usage(void)
|
||||
{
|
||||
strerr_die1x(100,"axfr-get: usage: axfr-get zone fn fn.tmp");
|
||||
}
|
||||
void die_generate(void)
|
||||
{
|
||||
strerr_die2sys(111,FATAL,"unable to generate AXFR query: ");
|
||||
}
|
||||
void die_parse(void)
|
||||
{
|
||||
strerr_die2sys(111,FATAL,"unable to parse AXFR results: ");
|
||||
}
|
||||
unsigned int x_copy(char *buf,unsigned int len,unsigned int pos,char *out,unsigned int outlen)
|
||||
{
|
||||
pos = dns_packet_copy(buf,len,pos,out,outlen);
|
||||
if (!pos) die_parse();
|
||||
return pos;
|
||||
}
|
||||
unsigned int x_getname(char *buf,unsigned int len,unsigned int pos,char **out)
|
||||
{
|
||||
pos = dns_packet_getname(buf,len,pos,out);
|
||||
if (!pos) die_parse();
|
||||
return pos;
|
||||
}
|
||||
unsigned int x_skipname(char *buf,unsigned int len,unsigned int pos)
|
||||
{
|
||||
pos = dns_packet_skipname(buf,len,pos);
|
||||
if (!pos) die_parse();
|
||||
return pos;
|
||||
}
|
||||
|
||||
static char *zone;
|
||||
unsigned int zonelen;
|
||||
char *fn;
|
||||
char *fntmp;
|
||||
|
||||
void die_netread(void)
|
||||
{
|
||||
strerr_die2sys(111,FATAL,"unable to read from network: ");
|
||||
}
|
||||
void die_netwrite(void)
|
||||
{
|
||||
strerr_die2sys(111,FATAL,"unable to write to network: ");
|
||||
}
|
||||
void die_read(void)
|
||||
{
|
||||
strerr_die4sys(111,FATAL,"unable to read ",fn,": ");
|
||||
}
|
||||
void die_write(void)
|
||||
{
|
||||
strerr_die4sys(111,FATAL,"unable to write ",fntmp,": ");
|
||||
}
|
||||
|
||||
int saferead(int fd,char *buf,unsigned int len)
|
||||
{
|
||||
int r;
|
||||
r = timeoutread(60,fd,buf,len);
|
||||
if (r == 0) { errno = error_proto; die_parse(); }
|
||||
if (r <= 0) die_netread();
|
||||
return r;
|
||||
}
|
||||
int safewrite(int fd,char *buf,unsigned int len)
|
||||
{
|
||||
int r;
|
||||
r = timeoutwrite(60,fd,buf,len);
|
||||
if (r <= 0) die_netwrite();
|
||||
return r;
|
||||
}
|
||||
char netreadspace[1024];
|
||||
buffer netread = BUFFER_INIT(saferead,6,netreadspace,sizeof netreadspace);
|
||||
char netwritespace[1024];
|
||||
buffer netwrite = BUFFER_INIT(safewrite,7,netwritespace,sizeof netwritespace);
|
||||
|
||||
void netget(char *buf,unsigned int len)
|
||||
{
|
||||
int r;
|
||||
|
||||
while (len > 0) {
|
||||
r = buffer_get(&netread,buf,len);
|
||||
buf += r; len -= r;
|
||||
}
|
||||
}
|
||||
|
||||
int fd;
|
||||
buffer b;
|
||||
char bspace[1024];
|
||||
|
||||
void put(char *buf,unsigned int len)
|
||||
{
|
||||
if (buffer_put(&b,buf,len) == -1) die_write();
|
||||
}
|
||||
|
||||
int printable(char ch)
|
||||
{
|
||||
if (ch == '.') return 1;
|
||||
if ((ch >= 'a') && (ch <= 'z')) return 1;
|
||||
if ((ch >= '0') && (ch <= '9')) return 1;
|
||||
if ((ch >= 'A') && (ch <= 'Z')) return 1;
|
||||
if (ch == '-') return 1;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static char *d1;
|
||||
static char *d2;
|
||||
static char *d3;
|
||||
|
||||
stralloc line;
|
||||
int match;
|
||||
|
||||
int numsoa;
|
||||
|
||||
unsigned int doit(char *buf,unsigned int len,unsigned int pos)
|
||||
{
|
||||
char data[20];
|
||||
uint32 ttl;
|
||||
uint16 dlen;
|
||||
uint16 typenum;
|
||||
uint32 u32;
|
||||
int i;
|
||||
|
||||
pos = x_getname(buf,len,pos,&d1);
|
||||
pos = x_copy(buf,len,pos,data,10);
|
||||
uint16_unpack_big(data,&typenum);
|
||||
uint32_unpack_big(data + 4,&ttl);
|
||||
uint16_unpack_big(data + 8,&dlen);
|
||||
if (len - pos < dlen) { errno = error_proto; return 0; }
|
||||
len = pos + dlen;
|
||||
|
||||
if (!dns_domain_suffix(d1,zone)) return len;
|
||||
if (byte_diff(data + 2,2,DNS_C_IN)) return len;
|
||||
|
||||
if (byte_equal(data,2,DNS_T_SOA)) {
|
||||
if (++numsoa >= 2) return len;
|
||||
pos = x_getname(buf,len,pos,&d2);
|
||||
pos = x_getname(buf,len,pos,&d3);
|
||||
x_copy(buf,len,pos,data,20);
|
||||
uint32_unpack_big(data,&u32);
|
||||
if (!stralloc_copys(&line,"#")) return 0;
|
||||
if (!stralloc_catulong0(&line,u32,0)) return 0;
|
||||
if (!stralloc_cats(&line," auto axfr-get\n")) return 0;
|
||||
if (!stralloc_cats(&line,"Z")) return 0;
|
||||
if (!dns_domain_todot_cat(&line,d1)) return 0;
|
||||
if (!stralloc_cats(&line,":")) return 0;
|
||||
if (!dns_domain_todot_cat(&line,d2)) return 0;
|
||||
if (!stralloc_cats(&line,".:")) return 0;
|
||||
if (!dns_domain_todot_cat(&line,d3)) return 0;
|
||||
if (!stralloc_cats(&line,".")) return 0;
|
||||
for (i = 0;i < 5;++i) {
|
||||
uint32_unpack_big(data + 4 * i,&u32);
|
||||
if (!stralloc_cats(&line,":")) return 0;
|
||||
if (!stralloc_catulong0(&line,u32,0)) return 0;
|
||||
}
|
||||
}
|
||||
else if (byte_equal(data,2,DNS_T_NS)) {
|
||||
if (!stralloc_copys(&line,"&")) return 0;
|
||||
if (byte_equal(d1,2,"\1*")) { errno = error_proto; return 0; }
|
||||
if (!dns_domain_todot_cat(&line,d1)) return 0;
|
||||
if (!stralloc_cats(&line,"::")) return 0;
|
||||
x_getname(buf,len,pos,&d1);
|
||||
if (!dns_domain_todot_cat(&line,d1)) return 0;
|
||||
if (!stralloc_cats(&line,".")) return 0;
|
||||
}
|
||||
else if (byte_equal(data,2,DNS_T_CNAME)) {
|
||||
if (!stralloc_copys(&line,"C")) return 0;
|
||||
if (!dns_domain_todot_cat(&line,d1)) return 0;
|
||||
if (!stralloc_cats(&line,":")) return 0;
|
||||
x_getname(buf,len,pos,&d1);
|
||||
if (!dns_domain_todot_cat(&line,d1)) return 0;
|
||||
if (!stralloc_cats(&line,".")) return 0;
|
||||
}
|
||||
else if (byte_equal(data,2,DNS_T_PTR)) {
|
||||
if (!stralloc_copys(&line,"^")) return 0;
|
||||
if (!dns_domain_todot_cat(&line,d1)) return 0;
|
||||
if (!stralloc_cats(&line,":")) return 0;
|
||||
x_getname(buf,len,pos,&d1);
|
||||
if (!dns_domain_todot_cat(&line,d1)) return 0;
|
||||
if (!stralloc_cats(&line,".")) return 0;
|
||||
}
|
||||
else if (byte_equal(data,2,DNS_T_MX)) {
|
||||
uint16 dist;
|
||||
if (!stralloc_copys(&line,"@")) return 0;
|
||||
if (!dns_domain_todot_cat(&line,d1)) return 0;
|
||||
if (!stralloc_cats(&line,"::")) return 0;
|
||||
pos = x_copy(buf,len,pos,data,2);
|
||||
uint16_unpack_big(data,&dist);
|
||||
x_getname(buf,len,pos,&d1);
|
||||
if (!dns_domain_todot_cat(&line,d1)) return 0;
|
||||
if (!stralloc_cats(&line,".:")) return 0;
|
||||
if (!stralloc_catulong0(&line,dist,0)) return 0;
|
||||
}
|
||||
else if (byte_equal(data,2,DNS_T_A) && (dlen == 4)) {
|
||||
char ipstr[IP4_FMT];
|
||||
if (!stralloc_copys(&line,"+")) return 0;
|
||||
if (!dns_domain_todot_cat(&line,d1)) return 0;
|
||||
if (!stralloc_cats(&line,":")) return 0;
|
||||
x_copy(buf,len,pos,data,4);
|
||||
if (!stralloc_catb(&line,ipstr,ip4_fmt(ipstr,data))) return 0;
|
||||
}
|
||||
else if (byte_equal(data,2,DNS_T_AAAA)) {
|
||||
char ipstr[IP6_FMT];
|
||||
if (!stralloc_copys(&line,"3")) return 0;
|
||||
if (!dns_domain_todot_cat(&line,d1)) return 0;
|
||||
if (!stralloc_cats(&line,":")) return 0;
|
||||
x_copy(buf,len,pos,data,16);
|
||||
if (!stralloc_catb(&line,ipstr,ip6_fmt_flat(ipstr,data))) return 0;
|
||||
}
|
||||
else {
|
||||
unsigned char ch;
|
||||
unsigned char ch2;
|
||||
if (!stralloc_copys(&line,":")) return 0;
|
||||
if (!dns_domain_todot_cat(&line,d1)) return 0;
|
||||
if (!stralloc_cats(&line,":")) return 0;
|
||||
if (!stralloc_catulong0(&line,typenum,0)) return 0;
|
||||
if (!stralloc_cats(&line,":")) return 0;
|
||||
for (i = 0;i < dlen;++i) {
|
||||
pos = x_copy(buf,len,pos,data,1);
|
||||
ch = data[0];
|
||||
if (printable(ch)) {
|
||||
if (!stralloc_catb(&line,&ch,1)) return 0;
|
||||
}
|
||||
else {
|
||||
if (!stralloc_cats(&line,"\\")) return 0;
|
||||
ch2 = '0' + ((ch >> 6) & 7);
|
||||
if (!stralloc_catb(&line,&ch2,1)) return 0;
|
||||
ch2 = '0' + ((ch >> 3) & 7);
|
||||
if (!stralloc_catb(&line,&ch2,1)) return 0;
|
||||
ch2 = '0' + (ch & 7);
|
||||
if (!stralloc_catb(&line,&ch2,1)) return 0;
|
||||
}
|
||||
}
|
||||
}
|
||||
if (!stralloc_cats(&line,":")) return 0;
|
||||
if (!stralloc_catulong0(&line,ttl,0)) return 0;
|
||||
if (!stralloc_cats(&line,"\n")) return 0;
|
||||
put(line.s,line.len);
|
||||
|
||||
return len;
|
||||
}
|
||||
|
||||
stralloc packet;
|
||||
|
||||
int main(int argc,char **argv)
|
||||
{
|
||||
char out[20];
|
||||
unsigned long u;
|
||||
uint16 dlen;
|
||||
unsigned int pos;
|
||||
uint32 oldserial = 0;
|
||||
uint32 newserial = 0;
|
||||
uint16 numqueries;
|
||||
uint16 numanswers;
|
||||
|
||||
if (!*argv) die_usage();
|
||||
|
||||
if (!*++argv) die_usage();
|
||||
if (!dns_domain_fromdot(&zone,*argv,str_len(*argv))) die_generate();
|
||||
zonelen = dns_domain_length(zone);
|
||||
|
||||
if (!*++argv) die_usage();
|
||||
fn = *argv;
|
||||
if (!*++argv) die_usage();
|
||||
fntmp = *argv;
|
||||
|
||||
fd = open_read(fn);
|
||||
if (fd == -1) {
|
||||
if (errno != error_noent) die_read();
|
||||
}
|
||||
else {
|
||||
buffer_init(&b,buffer_unixread,fd,bspace,sizeof bspace);
|
||||
if (getln(&b,&line,&match,'\n') == -1) die_read();
|
||||
if (!stralloc_0(&line)) die_read();
|
||||
if (line.s[0] == '#') {
|
||||
scan_ulong(line.s + 1,&u);
|
||||
oldserial = u;
|
||||
}
|
||||
close(fd);
|
||||
}
|
||||
|
||||
if (!stralloc_copyb(&packet,"\0\0\0\0\0\1\0\0\0\0\0\0",12)) die_generate();
|
||||
if (!stralloc_catb(&packet,zone,zonelen)) die_generate();
|
||||
if (!stralloc_catb(&packet,DNS_T_SOA DNS_C_IN,4)) die_generate();
|
||||
uint16_pack_big(out,packet.len);
|
||||
buffer_put(&netwrite,out,2);
|
||||
buffer_put(&netwrite,packet.s,packet.len);
|
||||
buffer_flush(&netwrite);
|
||||
|
||||
netget(out,2);
|
||||
uint16_unpack_big(out,&dlen);
|
||||
if (!stralloc_ready(&packet,dlen)) die_parse();
|
||||
netget(packet.s,dlen);
|
||||
packet.len = dlen;
|
||||
|
||||
pos = x_copy(packet.s,packet.len,0,out,12);
|
||||
uint16_unpack_big(out + 4,&numqueries);
|
||||
uint16_unpack_big(out + 6,&numanswers);
|
||||
|
||||
while (numqueries) {
|
||||
--numqueries;
|
||||
pos = x_skipname(packet.s,packet.len,pos);
|
||||
pos += 4;
|
||||
}
|
||||
|
||||
if (!numanswers) { errno = error_proto; die_parse(); }
|
||||
pos = x_getname(packet.s,packet.len,pos,&d1);
|
||||
if (!dns_domain_equal(zone,d1)) { errno = error_proto; die_parse(); }
|
||||
pos = x_copy(packet.s,packet.len,pos,out,10);
|
||||
if (byte_diff(out,4,DNS_T_SOA DNS_C_IN)) { errno = error_proto; die_parse(); }
|
||||
pos = x_skipname(packet.s,packet.len,pos);
|
||||
pos = x_skipname(packet.s,packet.len,pos);
|
||||
pos = x_copy(packet.s,packet.len,pos,out,4);
|
||||
|
||||
uint32_unpack_big(out,&newserial);
|
||||
|
||||
|
||||
if (oldserial && newserial) /* allow 0 for very recently modified zones */
|
||||
if (oldserial == newserial) /* allow serial numbers to move backwards */
|
||||
_exit(0);
|
||||
|
||||
|
||||
fd = open_trunc(fntmp);
|
||||
if (fd == -1) die_write();
|
||||
buffer_init(&b,buffer_unixwrite,fd,bspace,sizeof bspace);
|
||||
|
||||
if (!stralloc_copyb(&packet,"\0\0\0\0\0\1\0\0\0\0\0\0",12)) die_generate();
|
||||
if (!stralloc_catb(&packet,zone,zonelen)) die_generate();
|
||||
if (!stralloc_catb(&packet,DNS_T_AXFR DNS_C_IN,4)) die_generate();
|
||||
uint16_pack_big(out,packet.len);
|
||||
buffer_put(&netwrite,out,2);
|
||||
buffer_put(&netwrite,packet.s,packet.len);
|
||||
buffer_flush(&netwrite);
|
||||
|
||||
numsoa = 0;
|
||||
while (numsoa < 2) {
|
||||
netget(out,2);
|
||||
uint16_unpack_big(out,&dlen);
|
||||
if (!stralloc_ready(&packet,dlen)) die_parse();
|
||||
netget(packet.s,dlen);
|
||||
packet.len = dlen;
|
||||
|
||||
pos = x_copy(packet.s,packet.len,0,out,12);
|
||||
uint16_unpack_big(out + 4,&numqueries);
|
||||
|
||||
while (numqueries) {
|
||||
--numqueries;
|
||||
pos = x_skipname(packet.s,packet.len,pos);
|
||||
pos += 4;
|
||||
}
|
||||
while (pos < packet.len) {
|
||||
pos = doit(packet.s,packet.len,pos);
|
||||
if (!pos) die_parse();
|
||||
}
|
||||
}
|
||||
|
||||
if (buffer_flush(&b) == -1) die_write();
|
||||
if (fsync(fd) == -1) die_write();
|
||||
if (close(fd) == -1) die_write(); /* NFS dorks */
|
||||
if (rename(fntmp,fn) == -1)
|
||||
strerr_die6sys(111,FATAL,"unable to move ",fntmp," to ",fn,": ");
|
||||
_exit(0);
|
||||
}
|
||||
BIN
Kanzlei-Kiel/src/djbdns/djbdns-1.05/axfr-get.o
Normal file
BIN
Kanzlei-Kiel/src/djbdns/djbdns-1.05/axfr-get.o
Normal file
Binary file not shown.
BIN
Kanzlei-Kiel/src/djbdns/djbdns-1.05/axfrdns
Executable file
BIN
Kanzlei-Kiel/src/djbdns/djbdns-1.05/axfrdns
Executable file
Binary file not shown.
BIN
Kanzlei-Kiel/src/djbdns/djbdns-1.05/axfrdns-conf
Executable file
BIN
Kanzlei-Kiel/src/djbdns/djbdns-1.05/axfrdns-conf
Executable file
Binary file not shown.
71
Kanzlei-Kiel/src/djbdns/djbdns-1.05/axfrdns-conf.c
Normal file
71
Kanzlei-Kiel/src/djbdns/djbdns-1.05/axfrdns-conf.c
Normal file
@ -0,0 +1,71 @@
|
||||
#include <unistd.h>
|
||||
#include <pwd.h>
|
||||
#include "strerr.h"
|
||||
#include "exit.h"
|
||||
#include "auto_home.h"
|
||||
#include "generic-conf.h"
|
||||
|
||||
#define FATAL "axfrdns-conf: fatal: "
|
||||
|
||||
void usage(void)
|
||||
{
|
||||
strerr_die1x(100,"axfrdns-conf: usage: axfrdns-conf acct logacct /axfrdns /tinydns myip");
|
||||
}
|
||||
|
||||
char *dir;
|
||||
char *user;
|
||||
char *loguser;
|
||||
struct passwd *pw;
|
||||
char *myip;
|
||||
char *tinydns;
|
||||
|
||||
int main(int argc,char **argv)
|
||||
{
|
||||
user = argv[1];
|
||||
if (!user) usage();
|
||||
loguser = argv[2];
|
||||
if (!loguser) usage();
|
||||
dir = argv[3];
|
||||
if (!dir) usage();
|
||||
if (dir[0] != '/') usage();
|
||||
tinydns = argv[4];
|
||||
if (!tinydns) usage();
|
||||
if (tinydns[0] != '/') usage();
|
||||
myip = argv[5];
|
||||
if (!myip) usage();
|
||||
|
||||
pw = getpwnam(loguser);
|
||||
if (!pw)
|
||||
strerr_die3x(111,FATAL,"unknown account ",loguser);
|
||||
|
||||
init(dir,FATAL);
|
||||
makelog(loguser,pw->pw_uid,pw->pw_gid);
|
||||
|
||||
makedir("env");
|
||||
perm(02755);
|
||||
start("env/ROOT"); outs(tinydns); outs("/root\n"); finish();
|
||||
perm(0644);
|
||||
start("env/IP"); outs(myip); outs("\n"); finish();
|
||||
perm(0644);
|
||||
|
||||
start("run");
|
||||
outs("#!/bin/sh\nexec 2>&1\nexec envdir ./env sh -c '\n exec envuidgid "); outs(user);
|
||||
outs(" softlimit -d300000 tcpserver -vDRHl0 -x tcp.cdb -- \"$IP\" 53 ");
|
||||
outs(auto_home); outs("/bin/axfrdns\n'\n");
|
||||
finish();
|
||||
perm(0755);
|
||||
|
||||
start("Makefile");
|
||||
outs("tcp.cdb: tcp\n");
|
||||
outs("\ttcprules tcp.cdb tcp.tmp < tcp\n");
|
||||
finish();
|
||||
perm(0644);
|
||||
|
||||
start("tcp");
|
||||
outs("# sample line: 1.2.3.4:allow,AXFR=\"heaven.af.mil/3.2.1.in-addr.arpa\"\n");
|
||||
outs(":deny\n");
|
||||
finish();
|
||||
perm(0644);
|
||||
|
||||
_exit(0);
|
||||
}
|
||||
BIN
Kanzlei-Kiel/src/djbdns/djbdns-1.05/axfrdns-conf.o
Normal file
BIN
Kanzlei-Kiel/src/djbdns/djbdns-1.05/axfrdns-conf.o
Normal file
Binary file not shown.
378
Kanzlei-Kiel/src/djbdns/djbdns-1.05/axfrdns.c
Normal file
378
Kanzlei-Kiel/src/djbdns/djbdns-1.05/axfrdns.c
Normal file
@ -0,0 +1,378 @@
|
||||
#include <unistd.h>
|
||||
#include "droproot.h"
|
||||
#include "exit.h"
|
||||
#include "env.h"
|
||||
#include "uint32.h"
|
||||
#include "uint16.h"
|
||||
#include "ip4.h"
|
||||
#include "tai.h"
|
||||
#include "buffer.h"
|
||||
#include "timeoutread.h"
|
||||
#include "timeoutwrite.h"
|
||||
#include "open.h"
|
||||
#include "seek.h"
|
||||
#include "cdb.h"
|
||||
#include "stralloc.h"
|
||||
#include "strerr.h"
|
||||
#include "str.h"
|
||||
#include "byte.h"
|
||||
#include "case.h"
|
||||
#include "dns.h"
|
||||
#include "scan.h"
|
||||
#include "qlog.h"
|
||||
#include "response.h"
|
||||
|
||||
extern int respond(char *,char *,char *);
|
||||
|
||||
#define FATAL "axfrdns: fatal: "
|
||||
|
||||
void nomem()
|
||||
{
|
||||
strerr_die2x(111,FATAL,"out of memory");
|
||||
}
|
||||
void die_truncated()
|
||||
{
|
||||
strerr_die2x(111,FATAL,"truncated request");
|
||||
}
|
||||
void die_netwrite()
|
||||
{
|
||||
strerr_die2sys(111,FATAL,"unable to write to network: ");
|
||||
}
|
||||
void die_netread()
|
||||
{
|
||||
strerr_die2sys(111,FATAL,"unable to read from network: ");
|
||||
}
|
||||
void die_outside()
|
||||
{
|
||||
strerr_die2x(111,FATAL,"unable to locate information in data.cdb");
|
||||
}
|
||||
void die_cdbread()
|
||||
{
|
||||
strerr_die2sys(111,FATAL,"unable to read data.cdb: ");
|
||||
}
|
||||
void die_cdbformat()
|
||||
{
|
||||
strerr_die3x(111,FATAL,"unable to read data.cdb: ","format error");
|
||||
}
|
||||
|
||||
int safewrite(int fd,char *buf,unsigned int len)
|
||||
{
|
||||
int w;
|
||||
|
||||
w = timeoutwrite(60,fd,buf,len);
|
||||
if (w <= 0) die_netwrite();
|
||||
return w;
|
||||
}
|
||||
|
||||
char netwritespace[1024];
|
||||
buffer netwrite = BUFFER_INIT(safewrite,1,netwritespace,sizeof netwritespace);
|
||||
|
||||
void print(char *buf,unsigned int len)
|
||||
{
|
||||
char tcpheader[2];
|
||||
uint16_pack_big(tcpheader,len);
|
||||
buffer_put(&netwrite,tcpheader,2);
|
||||
buffer_put(&netwrite,buf,len);
|
||||
buffer_flush(&netwrite);
|
||||
}
|
||||
|
||||
char *axfr;
|
||||
static char *axfrok;
|
||||
|
||||
void axfrcheck(char *q)
|
||||
{
|
||||
int i;
|
||||
int j;
|
||||
|
||||
if (!axfr) return;
|
||||
|
||||
i = j = 0;
|
||||
for (;;) {
|
||||
if (!axfr[i] || (axfr[i] == '/')) {
|
||||
if (i > j) {
|
||||
if (!dns_domain_fromdot(&axfrok,axfr + j,i - j)) nomem();
|
||||
if (dns_domain_equal(q,axfrok)) return;
|
||||
}
|
||||
j = i + 1;
|
||||
}
|
||||
if (!axfr[i]) break;
|
||||
++i;
|
||||
}
|
||||
|
||||
strerr_die2x(111,FATAL,"disallowed zone transfer request");
|
||||
}
|
||||
|
||||
static char *zone;
|
||||
unsigned int zonelen;
|
||||
char typeclass[4];
|
||||
|
||||
int fdcdb;
|
||||
buffer bcdb;
|
||||
char bcdbspace[1024];
|
||||
|
||||
void get(char *buf,unsigned int len)
|
||||
{
|
||||
int r;
|
||||
|
||||
while (len > 0) {
|
||||
r = buffer_get(&bcdb,buf,len);
|
||||
if (r < 0) die_cdbread();
|
||||
if (!r) die_cdbformat();
|
||||
buf += r;
|
||||
len -= r;
|
||||
}
|
||||
}
|
||||
|
||||
char ip[4];
|
||||
unsigned long port;
|
||||
char clientloc[2];
|
||||
|
||||
struct tai now;
|
||||
char data[32767];
|
||||
uint32 dlen;
|
||||
uint32 dpos;
|
||||
|
||||
void copy(char *buf,unsigned int len)
|
||||
{
|
||||
dpos = dns_packet_copy(data,dlen,dpos,buf,len);
|
||||
if (!dpos) die_cdbread();
|
||||
}
|
||||
|
||||
void doname(stralloc *sa)
|
||||
{
|
||||
static char *d;
|
||||
dpos = dns_packet_getname(data,dlen,dpos,&d);
|
||||
if (!dpos) die_cdbread();
|
||||
if (!stralloc_catb(sa,d,dns_domain_length(d))) nomem();
|
||||
}
|
||||
|
||||
int build(stralloc *sa,char *q,int flagsoa,char id[2])
|
||||
{
|
||||
unsigned int rdatapos;
|
||||
char misc[20];
|
||||
char type[2];
|
||||
char recordloc[2];
|
||||
char ttl[4];
|
||||
char ttd[8];
|
||||
struct tai cutoff;
|
||||
|
||||
dpos = 0;
|
||||
copy(type,2);
|
||||
if (flagsoa) if (byte_diff(type,2,DNS_T_SOA)) return 0;
|
||||
if (!flagsoa) if (byte_equal(type,2,DNS_T_SOA)) return 0;
|
||||
|
||||
if (!stralloc_copyb(sa,id,2)) nomem();
|
||||
if (!stralloc_catb(sa,"\204\000\0\0\0\1\0\0\0\0",10)) nomem();
|
||||
copy(misc,1);
|
||||
if ((misc[0] == '=' + 1) || (misc[0] == '*' + 1)) {
|
||||
--misc[0];
|
||||
copy(recordloc,2);
|
||||
if (byte_diff(recordloc,2,clientloc)) return 0;
|
||||
}
|
||||
if (misc[0] == '*') {
|
||||
if (flagsoa) return 0;
|
||||
if (!stralloc_catb(sa,"\1*",2)) nomem();
|
||||
}
|
||||
if (!stralloc_catb(sa,q,dns_domain_length(q))) nomem();
|
||||
if (!stralloc_catb(sa,type,2)) nomem();
|
||||
|
||||
copy(ttl,4);
|
||||
copy(ttd,8);
|
||||
if (byte_diff(ttd,8,"\0\0\0\0\0\0\0\0")) {
|
||||
tai_unpack(ttd,&cutoff);
|
||||
if (byte_equal(ttl,4,"\0\0\0\0")) {
|
||||
if (tai_less(&cutoff,&now)) return 0;
|
||||
uint32_pack_big(ttl,2);
|
||||
}
|
||||
else
|
||||
if (!tai_less(&cutoff,&now)) return 0;
|
||||
}
|
||||
|
||||
if (!stralloc_catb(sa,DNS_C_IN,2)) nomem();
|
||||
if (!stralloc_catb(sa,ttl,4)) nomem();
|
||||
if (!stralloc_catb(sa,"\0\0",2)) nomem();
|
||||
rdatapos = sa->len;
|
||||
|
||||
if (byte_equal(type,2,DNS_T_SOA)) {
|
||||
doname(sa);
|
||||
doname(sa);
|
||||
copy(misc,20);
|
||||
if (!stralloc_catb(sa,misc,20)) nomem();
|
||||
}
|
||||
else if (byte_equal(type,2,DNS_T_NS) || byte_equal(type,2,DNS_T_PTR) || byte_equal(type,2,DNS_T_CNAME)) {
|
||||
doname(sa);
|
||||
}
|
||||
else if (byte_equal(type,2,DNS_T_MX)) {
|
||||
copy(misc,2);
|
||||
if (!stralloc_catb(sa,misc,2)) nomem();
|
||||
doname(sa);
|
||||
}
|
||||
else
|
||||
if (!stralloc_catb(sa,data + dpos,dlen - dpos)) nomem();
|
||||
|
||||
if (sa->len > 65535) die_cdbformat();
|
||||
uint16_pack_big(sa->s + rdatapos - 2,sa->len - rdatapos);
|
||||
return 1;
|
||||
}
|
||||
|
||||
static struct cdb c;
|
||||
static char *q;
|
||||
static stralloc soa;
|
||||
static stralloc message;
|
||||
|
||||
void doaxfr(char id[2])
|
||||
{
|
||||
char key[512];
|
||||
uint32 klen;
|
||||
char num[4];
|
||||
uint32 eod;
|
||||
uint32 pos;
|
||||
int r;
|
||||
|
||||
axfrcheck(zone);
|
||||
|
||||
tai_now(&now);
|
||||
cdb_init(&c,fdcdb);
|
||||
|
||||
byte_zero(clientloc,2);
|
||||
key[0] = 0;
|
||||
key[1] = '%';
|
||||
byte_copy(key + 2,4,ip);
|
||||
r = cdb_find(&c,key,6);
|
||||
if (!r) r = cdb_find(&c,key,5);
|
||||
if (!r) r = cdb_find(&c,key,4);
|
||||
if (!r) r = cdb_find(&c,key,3);
|
||||
if (!r) r = cdb_find(&c,key,2);
|
||||
if (r == -1) die_cdbread();
|
||||
if (r && (cdb_datalen(&c) == 2))
|
||||
if (cdb_read(&c,clientloc,2,cdb_datapos(&c)) == -1) die_cdbread();
|
||||
|
||||
cdb_findstart(&c);
|
||||
for (;;) {
|
||||
r = cdb_findnext(&c,zone,zonelen);
|
||||
if (r == -1) die_cdbread();
|
||||
if (!r) die_outside();
|
||||
dlen = cdb_datalen(&c);
|
||||
if (dlen > sizeof data) die_cdbformat();
|
||||
if (cdb_read(&c,data,dlen,cdb_datapos(&c)) == -1) die_cdbformat();
|
||||
if (build(&soa,zone,1,id)) break;
|
||||
}
|
||||
|
||||
cdb_free(&c);
|
||||
print(soa.s,soa.len);
|
||||
|
||||
seek_begin(fdcdb);
|
||||
buffer_init(&bcdb,buffer_unixread,fdcdb,bcdbspace,sizeof bcdbspace);
|
||||
|
||||
pos = 0;
|
||||
get(num,4); pos += 4;
|
||||
uint32_unpack(num,&eod);
|
||||
while (pos < 2048) { get(num,4); pos += 4; }
|
||||
|
||||
while (pos < eod) {
|
||||
if (eod - pos < 8) die_cdbformat();
|
||||
get(num,4); pos += 4;
|
||||
uint32_unpack(num,&klen);
|
||||
get(num,4); pos += 4;
|
||||
uint32_unpack(num,&dlen);
|
||||
if (eod - pos < klen) die_cdbformat();
|
||||
pos += klen;
|
||||
if (eod - pos < dlen) die_cdbformat();
|
||||
pos += dlen;
|
||||
|
||||
if (klen > sizeof key) die_cdbformat();
|
||||
get(key,klen);
|
||||
if (dlen > sizeof data) die_cdbformat();
|
||||
get(data,dlen);
|
||||
|
||||
if ((klen > 1) && (key[0] == 0)) continue; /* location */
|
||||
if (klen < 1) die_cdbformat();
|
||||
if (dns_packet_getname(key,klen,0,&q) != klen) die_cdbformat();
|
||||
if (!dns_domain_suffix(q,zone)) continue;
|
||||
if (!build(&message,q,0,id)) continue;
|
||||
print(message.s,message.len);
|
||||
}
|
||||
|
||||
print(soa.s,soa.len);
|
||||
}
|
||||
|
||||
void netread(char *buf,unsigned int len)
|
||||
{
|
||||
int r;
|
||||
|
||||
while (len > 0) {
|
||||
r = timeoutread(60,0,buf,len);
|
||||
if (r == 0) _exit(0);
|
||||
if (r < 0) die_netread();
|
||||
buf += r; len -= r;
|
||||
}
|
||||
}
|
||||
|
||||
char tcpheader[2];
|
||||
char buf[512];
|
||||
uint16 len;
|
||||
|
||||
static char seed[128];
|
||||
|
||||
int main()
|
||||
{
|
||||
unsigned int pos;
|
||||
char header[12];
|
||||
char qtype[2];
|
||||
char qclass[2];
|
||||
const char *x;
|
||||
|
||||
droproot(FATAL);
|
||||
dns_random_init(seed);
|
||||
|
||||
axfr = env_get("AXFR");
|
||||
|
||||
x = env_get("TCPREMOTEIP");
|
||||
if (x && ip4_scan(x,ip))
|
||||
;
|
||||
else
|
||||
byte_zero(ip,4);
|
||||
|
||||
x = env_get("TCPREMOTEPORT");
|
||||
if (!x) x = "0";
|
||||
scan_ulong(x,&port);
|
||||
|
||||
for (;;) {
|
||||
netread(tcpheader,2);
|
||||
uint16_unpack_big(tcpheader,&len);
|
||||
if (len > 512) strerr_die2x(111,FATAL,"excessively large request");
|
||||
netread(buf,len);
|
||||
|
||||
pos = dns_packet_copy(buf,len,0,header,12); if (!pos) die_truncated();
|
||||
if (header[2] & 254) strerr_die2x(111,FATAL,"bogus query");
|
||||
if (header[4] || (header[5] != 1)) strerr_die2x(111,FATAL,"bogus query");
|
||||
|
||||
pos = dns_packet_getname(buf,len,pos,&zone); if (!pos) die_truncated();
|
||||
zonelen = dns_domain_length(zone);
|
||||
pos = dns_packet_copy(buf,len,pos,qtype,2); if (!pos) die_truncated();
|
||||
pos = dns_packet_copy(buf,len,pos,qclass,2); if (!pos) die_truncated();
|
||||
|
||||
if (byte_diff(qclass,2,DNS_C_IN) && byte_diff(qclass,2,DNS_C_ANY))
|
||||
strerr_die2x(111,FATAL,"bogus query: bad class");
|
||||
|
||||
qlog(ip,port,header,zone,qtype," ");
|
||||
|
||||
if (byte_equal(qtype,2,DNS_T_AXFR)) {
|
||||
case_lowerb(zone,zonelen);
|
||||
fdcdb = open_read("data.cdb");
|
||||
if (fdcdb == -1) die_cdbread();
|
||||
doaxfr(header);
|
||||
close(fdcdb);
|
||||
}
|
||||
else {
|
||||
if (!response_query(zone,qtype,qclass)) nomem();
|
||||
response[2] |= 4;
|
||||
case_lowerb(zone,zonelen);
|
||||
response_id(header);
|
||||
response[3] &= ~128;
|
||||
if (!(header[2] & 1)) response[2] &= ~1;
|
||||
if (!respond(zone,qtype,ip)) die_outside();
|
||||
print(response,response_len);
|
||||
}
|
||||
}
|
||||
}
|
||||
BIN
Kanzlei-Kiel/src/djbdns/djbdns-1.05/axfrdns.o
Normal file
BIN
Kanzlei-Kiel/src/djbdns/djbdns-1.05/axfrdns.o
Normal file
Binary file not shown.
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user