Update netweork 'BLKR'.

2018-10-15 01:04:40 +02:00 · 2018-10-15 01:04:40 +02:00 · 7e2e43ffe7
commit 7e2e43ffe7
parent 27de2ec9b6
248 changed files with 38711 additions and 11 deletions
--- a/BLKR/README.txt
+++ b/BLKR/README.txt
@ -1,5 +1,8 @@
 -------
 Notice:
 -------
   You have to change some configuration files becaus the because
   the configuration of network interfaces must not be equal.
@ -17,9 +20,9 @@ Notice:
   So you have to change the following files
-      dsl-provider.ANW-KM: ppp0 comes over eth2
+      dsl-provider.BLKR: ppp0 comes over eth2
-      interfaces.ANW-KM: see above
+      interfaces.BLKR: see above
-      default_isc-dhcp-server.ANW-KM
+      default_isc-dhcp-server.BLKR
-      ipt-firewall.ANW-KM: LAN device (mostly ) = eth1
+      ipt-firewall.BLKR: LAN device (mostly ) = eth1
-                                second LAN WLAN or what ever (if present) = eth0
+      second LAN WLAN or what ever (if present) = eth0
--- a/BLKR/aiccu.BLKR
+++ b/BLKR/aiccu.BLKR
@ -0,0 +1,11 @@
 # This is a configuration file for /etc/init.d/aiccu; it allows you to
 # perform common modifications to the behavior of the aiccu daemon
 # startup without editing the init script (and thus getting prompted
 # by dpkg on upgrades).  We all love dpkg prompts.
 # Arguments to pass to aiccu daemon.
 DAEMON_ARGS=""
 # Run aiccu at startup ?
 AICCU_ENABLED=Yes
--- a/BLKR/aiccu.conf.BLKR
+++ b/BLKR/aiccu.conf.BLKR
@ -0,0 +1,79 @@
 # Under control from debconf, please use 'dpkg-reconfigure aiccu' to reconfigure
 # AICCU Configuration
 # Login information (defaults: none)
 username CKM11-SIXXS
 password zLkJIZF0
 # Protocol and server to use for setting up the tunnel (defaults: none)
 protocol tic
 server tic.sixxs.net
 # Interface names to use (default: aiccu)
 # ipv6_interface is the name of the interface that will be used as a tunnel interface.
 # On *BSD the ipv6_interface should be set to gifX (eg gif0) for proto-41 tunnels
 # or tunX (eg tun0) for AYIYA tunnels.
 ipv6_interface sixxs
 # The tunnel_id to use (default: none)
 # (only required when there are multiple tunnels in the list)
 tunnel_id T129038
 # Be verbose? (default: false)
 #verbose false
 # Daemonize? (default: true)
 # Set to false if you want to see any output
 # When true output goes to syslog
 #
 # WARNING: never run AICCU from DaemonTools or a similar automated
 # 'restart' tool/script. When AICCU does not start, it has a reason
 # not to start which it gives on either the stdout or in the (sys)log
 # file. The TIC server *will* automatically disable accounts which
 # are detected to run in this mode.
 #
 daemonize true
 # Automatic Login and Tunnel activation?
 automatic true
 # Require TLS?
 # When set to true, if TLS is not supported on the server
 # the TIC transaction will fail.
 # When set to false, it will try a starttls, when that is
 # not supported it will continue.
 # In any case if AICCU is build with TLS support it will
 # try to do a 'starttls' to the TIC server to see if that
 # is supported.
 requiretls false
 # PID File
 #pidfile /var/run/aiccu.pid
 # Add a default route (default: true)
 #defaultroute true
 # Script to run after setting up the interfaces (default: none)
 #setupscript /usr/local/etc/aiccu-subnets.sh
 # Make heartbeats (default true)
 # In general you don't want to turn this off
 # Of course only applies to AYIYA and heartbeat tunnels not to static ones
 #makebeats true
 # Don't configure anything (default: false)
 #noconfigure true
 # Behind NAT (default: false)
 # Notify the user that a NAT-kind network is detected
 #behindnat true
 # Local IPv4 Override (default: none)
 # Overrides the IPv4 parameter received from TIC
 # This allows one to configure a NAT into "DMZ" mode and then
 # forwarding the proto-41 packets to an internal host.
 # 
 # This is only needed for static proto-41 tunnels!
 # AYIYA and heartbeat tunnels don't require this.
 #local_ipv4_override
--- a/BLKR/bin/admin-stuff
+++ b/BLKR/bin/admin-stuff
@ -1 +1 @@
-Subproject commit 8d81bd8667f74cf7f7cc1c521b52eab0e7c4b034
+Subproject commit d9eb23578987cb722b175a59bdab9b36e2e1316f
--- a/BLKR/bin/manage-gw-config
+++ b/BLKR/bin/manage-gw-config
@ -1 +1 @@
-Subproject commit b5fb1f7b3a421a24388ba6b25a3e5d58591ae7fe
+Subproject commit 06b975094a3a3192070a996e5f03be38b23fa14d
--- a/BLKR/bin/monitoring
+++ b/BLKR/bin/monitoring
@ -1 +0,0 @@
 Subproject commit f66029fe95ffc2010b0d3e435dbebf9ef7b7f849
--- a/BLKR/bin/postfix
+++ b/BLKR/bin/postfix
@ -0,0 +1 @@
 Subproject commit b497e297553ef92ccc80cfb774fa4a6f90284dc1
--- a/BLKR/chap-secrets.BLKR
+++ b/BLKR/chap-secrets.BLKR
@ -0,0 +1,51 @@
 # Secrets for authentication using CHAP
 # client	server	secret			IP addresses
 ## - Aktionsbuendnis
 "feste-ip9/1TBGC27CYX92@t-online-com.de" * "7FbmJz7L"
 ## - Anwaltskanzlei - Karl-Marx_Strasse (anw-km)
 "0017005041965502052728690001@t-online.de" * "62812971"
 ## - Anwaltskanzlei - Urbanstrasse (anw-urb)
 "0019673090265502751343110001@t-online.de" * "85593499"
 ## - B3 Bornim
 "t-online-com/8TB0LIXKXV82@t-online-com.de" * "38460707"
 ## - Fluechlingsrat BRB
 "0022044435885511150351780001@t-online.de" * "27475004"
 ## - Jonas
 "0023866648325511093506040001@t-online.de" * "13635448"
 ## - Kanzlei Kiel
 ## - DSL
 "ar0284280107" * "39457541"
 ## - VDSL
 "ab3391185321" * "jhecfmvk"
 ## - MBR Berlin
 ## - DSL
 "0019507524965100021004430001@t-online.de" * "76695918"
 ## - VDSL
 "0029741693695511193970180001@t-online.de" * "84616024"
 ## - Opferperspektive
 "feste-ip3/6TB9UZGGP1GK@t-online-com.de" * "53506202"
 ## - ReachOut Berlin
 ## - first (primary) line
 "ar2667509237" * "93925410"
 ## - second line
 "ar1435496252" * "93925410"
 ## - Sprachenatelier Berlin
 "0021920376975502683262730001@t-online.de" * "52167784"
 ## - Warenform
 "feste-ip4/7TB02K2HZ4Q3@t-online-com.de" * "EadGl15E"
 ## - ckubu
 "0025591824365511139967620001@t-online.de" * "67982653"
--- a/BLKR/default_isc-dhcp-server.BLKR
+++ b/BLKR/default_isc-dhcp-server.BLKR
@ -13,9 +13,9 @@
 #DHCPD_PID=/var/run/dhcpd.pid
 # Additional options to start dhcpd with.
-#  Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead
+#	Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead
 #OPTIONS=""
 # On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
-#  Separate multiple interfaces with spaces, e.g. "eth0 eth1".
+#	Separate multiple interfaces with spaces, e.g. "eth0 eth1".
 INTERFACESv4="eth1"
--- a/BLKR/dhcpd6.conf.BLKR
+++ b/BLKR/dhcpd6.conf.BLKR
@ -0,0 +1,102 @@
 # Server configuration file example for DHCPv6
 # From the file used for TAHI tests - addresses chosen
 # to match TAHI rather than example block.
 # IPv6 address valid lifetime
 #  (at the end the address is no longer usable by the client)
 #  (set to 30 days, the usual IPv6 default)
 default-lease-time 2592000;
 # IPv6 address preferred lifetime
 #  (at the end the address is deprecated, i.e., the client should use
 #   other addresses for new connections)
 #  (set to 7 days, the	usual IPv6 default)
 preferred-lifetime 604800;
 # T1, the delay before Renew
 #  (default is 1/2 preferred lifetime)
 #  (set to 1 hour)
 option dhcp-renewal-time 3600;
 # T2, the delay before Rebind (if Renews failed)
 #  (default is 3/4 preferred lifetime)
 #  (set to 2 hours)
 option dhcp-rebinding-time 7200;
 # Enable RFC 5007 support (same than for DHCPv4)
 allow leasequery;
 # Global definitions for name server address(es) and domain search list
 option dhcp6.name-servers 3ffe:501:ffff:100:200:ff:fe00:3f3e;
 option dhcp6.domain-search "test.example.com","example.com";
 # Set preference to 255 (maximum) in order to avoid waiting for
 # additional servers when there is only one
 ##option dhcp6.preference 255;
 # Server side command to enable rapid-commit (2 packet exchange)
 ##option dhcp6.rapid-commit;
 # The delay before information-request refresh
 #  (minimum is 10 minutes, maximum one day, default is to not refresh)
 #  (set to 6 hours)
 option dhcp6.info-refresh-time 21600;
 # Static definition (must be global)
 #host myclient {
 #	# The entry is looked up by this
 #	host-identifier option
 #		dhcp6.client-id 00:01:00:01:00:04:93:e0:00:00:00:00:a2:a2;
 #
 #	# A fixed address
 #	fixed-address6 3ffe:501:ffff:100::1234;
 #
 #	# A fixed prefix
 #	fixed-prefix6 3ffe:501:ffff:101::/64;
 #
 #	# Override of the global definitions,
 #	# works only when a resource (address or prefix) is assigned
 #	option dhcp6.name-servers 3ffe:501:ffff:100:200:ff:fe00:4f4e;
 #
 #	# For debug (to see when the entry statements are executed)
 #	#  (log "sol" when a matching Solicitation is received)
 #	##if packet(0,1) = 1 { log(debug,"sol"); }
 #}
 #
 #host otherclient {
 #        # This host entry is hopefully matched if the client supplies a DUID-LL
 #        # or DUID-LLT containing this MAC address.
 #        hardware ethernet 01:00:80:a2:55:67;
 #
 #        fixed-address6 3ffe:501:ffff:100::4321;
 #}
 # The subnet where the server is attached
 #  (i.e., the server has an address in this subnet)
 #subnet6 3ffe:501:ffff:100::/64 {
 #	# Two addresses available to clients
 #	#  (the third client should get NoAddrsAvail)
 #	range6 3ffe:501:ffff:100::10 3ffe:501:ffff:100::11;
 #
 #	# Use the whole /64 prefix for temporary addresses
 #	#  (i.e., direct application of RFC 4941)
 #	range6 3ffe:501:ffff:100:: temporary;
 #
 #	# Some /64 prefixes available for Prefix Delegation (RFC 3633)
 #	prefix6 3ffe:501:ffff:100:: 3ffe:501:ffff:111:: /64;
 #}
 # A second subnet behind a relay agent
 #subnet6 3ffe:501:ffff:101::/64 {
 #	range6 3ffe:501:ffff:101::10 3ffe:501:ffff:101::11;
 #
 #	# Override of the global definitions,
 #	# works only when a resource (address or prefix) is assigned
 #	option dhcp6.name-servers 3ffe:501:ffff:101:200:ff:fe00:3f3e;
 #
 #}
 # A third subnet behind a relay agent chain
 #subnet6 3ffe:501:ffff:102::/64 {
 #	range6 3ffe:501:ffff:102::10 3ffe:501:ffff:102::11;
 #}
--- a/BLKR/email_notice.BLKR
+++ b/BLKR/email_notice.BLKR
@ -0,0 +1,42 @@
 #!/bin/sh
 PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11
 file=/tmp/mail_ip-up$$
 admin_email=argus@oopen.de
 from_address=ip-up_`hostname`@oopen.de
 from_name="ip-up - ckubu local net"
 host=`hostname -f`
 echo "" > $file
 echo " *************************************************************" >> $file
 echo " *** This is an autogenerated mail from $host ***" >> $file
 echo "" >> $file
 echo " I brought up the ppp-daemon with the following" >> $file
 echo -e " parameters:\n" >> $file
 echo -e "\tInterface name...............: $PPP_IFACE" >> $file
 echo -e "\tThe tty......................: $PPP_TTY" >> $file
 echo -e "\tThe link speed...............: $PPP_SPEED" >> $file
 echo -e "\tLocal IP number..............: $PPP_LOCAL" >> $file
 echo -e "\tPeer  IP number..............: $PPP_REMOTE" >> $file
 if [ "$USEPEERDNS" ] && [ "$DNS1" ] ; then
   echo -e "\tNameserver 1.................: $DNS1" >> $file
   if [ "$DNS2" ] ; then
      echo -e "\tNameserver 2.................: $DNS2" >> $file
   fi
 fi
 echo -e "\tOptional \"ipparam\" value.....: $PPP_IPPARAM" >> $file
 echo "" >> $file
 echo -e "\tDate.........................: `date +\"%d.%m.%Y\"`" >> $file
 echo -e "\tTime.........................: `date +\"%H:%M:%S\"`" >> $file
 echo "" >> $file
 echo " **************************************************************" >> $file
 echo -e "To:${admin_email}\nSubject:$PPP_LOCAL\n`cat $file`" | /usr/sbin/sendmail -F "$from_name" -f $from_address $admin_email
 rm -f $file
--- a/BLKR/igmpproxy.conf.BLKR
+++ b/BLKR/igmpproxy.conf.BLKR
@ -0,0 +1,75 @@
 ########################################################
 #
 #   Example configuration file for the IgmpProxy
 #   --------------------------------------------
 #
 #   The configuration file must define one upstream
 #   interface, and one or more downstream interfaces.
 #
 #   If multicast traffic originates outside the
 #   upstream subnet, the "altnet" option can be
 #   used in order to define legal multicast sources.
 #   (Se example...)
 #
 #   The "quickleave" should be used to avoid saturation
 #   of the upstream link. The option should only
 #   be used if it's absolutely nessecary to
 #   accurately imitate just one Client.
 #
 ########################################################
 ##------------------------------------------------------
 ## Enable Quickleave mode (Sends Leave instantly)
 ##------------------------------------------------------
 quickleave
 ##------------------------------------------------------
 ## Configuration for eth0 (Upstream Interface)
 ##------------------------------------------------------
 #phyint eth0 upstream  ratelimit 0  threshold 1
 #        altnet 10.0.0.0/8 
 #        altnet 192.168.0.0/24
 ##------------------------------------------------------
 ## Configuration for ppp0 (Upstream Interface)
 ##------------------------------------------------------
 #phyint ppp0 upstream  ratelimit 0  threshold 1
 phyint eth2.8 upstream  ratelimit 0  threshold 1
        altnet 217.0.119.194/24
        altnet 193.158.35.0/24;
        altnet 239.35.100.6/24;
        altnet 93.230.64.0/19;
        altnet 192.168.63.0/24;
        #
        #altnet 192.168.63.5/32;
        #altnet 192.168.63.40/32;
 ##------------------------------------------------------
 ## Configuration for eth1 (Downstream Interface)
 ##------------------------------------------------------
 #phyint br0 downstream  ratelimit 0  threshold 1
 phyint eth1 downstream  ratelimit 0  threshold 1
        # IP der TV-Box
        altnet 192.168.63.0/24;
        #altnet 192.168.63.5/32;
        #altnet 192.168.63.40/32;
 ##------------------------------------------------------
 ## Configuration for eth2 (Disabled Interface)
 ##------------------------------------------------------
 #phyint eth2 disabled
 ##------------------------------------------------------
 ## Configuration for eth2 (Disabled Interface)
 ##------------------------------------------------------
 phyint eth0 disabled
 phyint eth2 disabled
 phyint eth2.7 disabled
 phyint eth1:0 disabled
 phyint eth1:wf disabled
 phyint ppp0 disabled
 phyint tun0 disabled
 phyint lo disabled
--- a/BLKR/interfaces.BLKR
+++ b/BLKR/interfaces.BLKR
@ -62,3 +62,11 @@ iface br0 inet static
 iface eth0 inet manual
 iface wlan0 inet manual
 auto eth1:rescue
 iface eth1:rescue inet static
   address 172.16.1.1
   network 172.16.1.0
   netmask 255.255.255.0
   broadcast 172.16.1.255
--- a/BLKR/isc-dhcp6-server.BLKR
+++ b/BLKR/isc-dhcp6-server.BLKR
@ -0,0 +1,116 @@
 #!/bin/sh
 #
 #
 ### BEGIN INIT INFO
 # Provides:          isc-dhcp6-server
 # Required-Start:    $remote_fs $network $syslog
 # Required-Stop:     $remote_fs $network $syslog
 # Should-Start:      $local_fs slapd $named
 # Should-Stop:       $local_fs slapd
 # Default-Start:     2 3 4 5
 # Default-Stop:      0 1 6
 # Short-Description: DHCPv6 server
 # Description:       Dynamic Host Configuration Protocol Server
 ### END INIT INFO
 PATH=/sbin:/bin:/usr/sbin:/usr/bin
 OPTIONS="-6"
 test -f /usr/sbin/dhcpd || exit 0
 DHCPD_DEFAULT="${DHCPD_DEFAULT:-/etc/default/isc-dhcp6-server}"
 # It is not safe to start if we don't have a default configuration...
 if [ ! -f "$DHCPD_DEFAULT" ]; then
 	echo "$DHCPD_DEFAULT does not exist! - Aborting..."
 	if [ "$DHCPD_DEFAULT" = "/etc/default/isc-dhcp-server" ]; then
 		echo "Run 'dpkg-reconfigure isc-dhcp-server' to fix the problem."
 	fi
 	exit 0
 fi
 . /lib/lsb/init-functions
 # Read init script configuration
 [ -f "$DHCPD_DEFAULT" ] && . "$DHCPD_DEFAULT"
 NAME=dhcpd6
 DESC="ISC DHCPv6 server"
 # fallback to default config file
 DHCPD_CONF=${DHCPD_CONF:-/etc/dhcp/dhcpd6.conf}
 # try to read pid file name from config file, with fallback to /var/run/dhcpd.pid
 if [ -z "$DHCPD_PID" ]; then
 	DHCPD_PID=$(sed -n -e 's/^[ \t]*pid-file-name[ \t]*"(.*)"[ \t]*;.*$/\1/p' < "$DHCPD_CONF" 2>/dev/null | head -n 1)
 fi
 DHCPD_PID="${DHCPD_PID:-/var/run/dhcpd6.pid}"
 test_config()
 {
 	if ! /usr/sbin/dhcpd -t $OPTIONS -q -cf "$DHCPD_CONF" > /dev/null 2>&1; then
 		echo "dhcpd self-test failed. Please fix $DHCPD_CONF."
 		echo "The error was: "
 		/usr/sbin/dhcpd -t $OPTIONS -cf "$DHCPD_CONF"
 		exit 1
 	fi
 }
 # single arg is -v for messages, -q for none
 check_status()
 {
    if [ ! -r "$DHCPD_PID" ]; then
 	test "$1" != -v || echo "$NAME is not running."
 	return 3
    fi
    if read pid < "$DHCPD_PID" && ps -p "$pid" > /dev/null 2>&1; then
 	test "$1" != -v || echo "$NAME is running."
 	return 0
    else
 	test "$1" != -v || echo "$NAME is not running but $DHCPD_PID exists."
 	return 1
    fi
 }
 case "$1" in
 	start)
 		test_config
 		log_daemon_msg "Starting $DESC" "$NAME"
 		start-stop-daemon --start --quiet --pidfile "$DHCPD_PID" \
 			--exec /usr/sbin/dhcpd -- \
 			-q $OPTIONS -cf "$DHCPD_CONF" -pf "$DHCPD_PID" $INTERFACES
 		sleep 2
 		if check_status -q; then
 			log_end_msg 0
 		else
 			log_failure_msg "check syslog for diagnostics."
 			log_end_msg 1
 			exit 1
 		fi
 		;;
 	stop)
 		log_daemon_msg "Stopping $DESC" "$NAME"
 		start-stop-daemon --stop --quiet --pidfile "$DHCPD_PID"
 		log_end_msg $?
 		rm -f "$DHCPD_PID"
 		;;
 	restart | force-reload)
 		test_config
 		$0 stop
 		sleep 2
 		$0 start
 		if [ "$?" != "0" ]; then
 			exit 1
 		fi
 		;;
 	status)
 		echo -n "Status of $DESC: "
 		check_status -v
 		exit "$?"
 		;;
 	*)
 		echo "Usage: $0 {start|stop|restart|force-reload|status}"
 		exit 1 
 esac
 exit 0
--- a/BLKR/openvpn/blkr/client-configs/chris.conf
+++ b/BLKR/openvpn/blkr/client-configs/chris.conf
@ -0,0 +1,285 @@
 ##############################################
 # Sample client-side OpenVPN 2.0 config file #
 # for connecting to multi-client server.     #
 #                                            #
 # This configuration can be used by multiple #
 # clients, however each client should have   #
 # its own cert and key files.                #
 #                                            #
 # On Windows, you might want to rename this  #
 # file so it has a .ovpn extension           #
 ##############################################
 # Specify that we are a client and that we
 # will be pulling certain config file directives
 # from the server.
 client
 # Use the same setting as you are using on
 # the server.
 # On most systems, the VPN will not function
 # unless you partially or fully disable
 # the firewall for the TUN/TAP interface.
 ;dev tap
 dev tun
 # Are we connecting to a TCP or
 # UDP server?  Use the same setting as
 # on the server
 proto udp
 # The hostname/IP and port of the server.
 # You can have multiple remote entries
 # to load balance between the servers.
 remote gw-blkr.oopen.de 1194
 topology subnet
 # Keep trying indefinitely to resolve the
 # host name of the OpenVPN server.  Very useful
 # on machines which are not permanently connected
 # to the internet such as laptops.
 resolv-retry infinite
 # Most clients don't need to bind to
 # a specific local port number.
 nobind
 # Try to preserve some state across restarts.
 persist-key
 persist-tun
 # Server CA
 <ca>
 -----BEGIN CERTIFICATE-----
 MIIG0jCCBLqgAwIBAgIJANQ1kko/1TXWMA0GCSqGSIb3DQEBCwUAMIGgMQswCQYD
 VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
 BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczERMA8GA1UEAxMI
 VlBOLUJMS1IxETAPBgNVBCkTCFZQTiBCTEtSMR0wGwYJKoZIhvcNAQkBFg5hcmd1
 c0Bvb3Blbi5kZTAgFw0xODEwMTQxMTI2NTJaGA8yMDUwMTAxNDExMjY1MlowgaAx
 CzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEP
 MA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMREwDwYD
 VQQDEwhWUE4tQkxLUjERMA8GA1UEKRMIVlBOIEJMS1IxHTAbBgkqhkiG9w0BCQEW
 DmFyZ3VzQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA
 0+cJGjlxrQfc0Hb34YJ7o3P+ctVU3jYlwV+XQrF8WFMAJ8w5QvRI4jcplY1MdMwW
 WCUZTuQ1woPbCJ2d53/ZR8RYlvq8XNdRhJmuJofWkEHEUe3YvDeTGumzco06xx+r
 Y/aA7+EI5cRismLTJkrwoIg2CYO/Vc82wTYKyJ2pThR1QAOWQ+WheEuqPAp2LfXI
 3oCGfRxgTe9756+gPzwKBZwGSMNFQjGOTHxqWnoCkQoDgOkOnCzTDcRbRVBAh7Bl
 aZ/yOte1iSyWiU8V/7VaosReizEY2/cCmSrj/p2TVcMPe6B8xBJyHI+6VZRPllEt
 l7zClTRWcp5xo1Ii/yZ+UJxK/PvYUNYt0gmJTJ7tKx05kF1HT/KmrvxV34/GCR9w
 adAteQTPDllMeBb9Wt1PXxcTcRU8MdvTONLXRp+JocfRkUR9ObSy9xdQG/HfTxOZ
 DIzECPa84tyn0nmrIJFkoKccLPJcYT+O0vypmTsVHlDIPai7gqWe5uYdUxba0Cjk
 OvbVZkQVlA/Z8yY/GiOUIfZTdjZFxLPbOWn/h6K+ud6wcjpQ3Y7vRU+FXZ+EQtqy
 GlCDmmDh6A0bIgoNvthk4bDlc2NMwQI/k9rUshe2i3k5rUmxa9KkIPLVdyw7xtvH
 bBTMdb2zlkUld3Gt5tb7g24GGe7Gh8iMdaYVhOPoJpkCAwEAAaOCAQkwggEFMB0G
 A1UdDgQWBBT2d6OZJIK5jYNiovzEe63K1m754jCB1QYDVR0jBIHNMIHKgBT2d6OZ
 JIK5jYNiovzEe63K1m754qGBpqSBozCBoDELMAkGA1UEBhMCREUxDzANBgNVBAgT
 BkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNV
 BAsTEE5ldHdvcmsgU2VydmljZXMxETAPBgNVBAMTCFZQTi1CTEtSMREwDwYDVQQp
 EwhWUE4gQkxLUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDUNZJK
 P9U11jAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQCv2pi832EnyOuH
 N407W6It/8PvmwSpC3/ZSIHt+IEKf2YOkR256J3NsO8/C3SaYNySk4Ew9DwNFVzJ
 vZ4bcoTZsKehcY0zuzJ7onafLvQV549QA8SLA75ydgAYeMEwQtF1Yni5xJYDfA7x
 t4yDNnbSTPjqBq2nLEh0Bv2pzXbPGAR8VyLKj0IKHQ1FMFVoRv+uidTCz5VVZilD
 5ojgljMnTcxwYbYQAtG9XFukxcFsvEltN19xujrJgt84isPAtbGcbI8Y98Fh1BbR
 xTN9o+KCRkneZtseNSWoCIAuLLwJEx+NWQHJXYGzOZAgoopw7G7N4U44VSdwhQSC
 JYgfmkjqW+VMYB/AEXPhXMZFGPyeYTYhugChrf9t3heREZL/JJPHfCkGe1mAQCOm
 xzAbZVgzjE4VKLjdvNvhW2Rosmqym3dCq0wC3xeUsrYPeq8U6r3kpkxrmTbMDnqr
 DIqDbstwbxsmTOXWYqTnNw5PDNdyzC/rL0r0H02FrLiZ+mj3wpD5+jEnicO5cWk+
 GkpKVerSY3EjOWvmkLdRr7AiZqq+D84Aqqh0rvFIuSfSQlcylZ4LEpp66ADCZWiQ
 B+yd54UiGk9/gwgmqJiaPYySWf4BKWxO9f64rdfzChgLplxCX+6wQaAcPYsk0sy9
 IUetobAJBkntkGyb4+NO8Jp4oJbh+g==
 -----END CERTIFICATE-----
 </ca>
 # Client Certificate
 <cert>
 -----BEGIN CERTIFICATE-----
 MIIHLjCCBRagAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCREUx
 DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
 ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxETAPBgNVBAMTCFZQTi1CTEtS
 MREwDwYDVQQpEwhWUE4gQkxLUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4u
 ZGUwHhcNMTgxMDE0MjIzNjU1WhcNMzgxMDE0MjIzNjU1WjCBpjELMAkGA1UEBhMC
 REUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZv
 Lm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFzAVBgNVBAMTDlZQTi1C
 TEtSLWNocmlzMREwDwYDVQQpEwhWUE4gQkxLUjEdMBsGCSqGSIb3DQEJARYOYXJn
 dXNAb29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCoZnE5
 rGKolfRVO9meGggYwPDbBQCl5eA/IyG2sGkpTDyt1u7piCXfEcaNRlcIVfnCZ2i/
 +edfBkR4oZETR42TZKrQvSTKoJHlUXbsmxM9UsiZeh05yZEEhku0ohKplpxbuEUZ
 5tj4MTFM9iNxNr9RAThrto8GKPZvil8MJeBVGAQdglyXN4tgp1+OHCiX7qFTaZFz
 GYZ4A+SqwEBwQrse9GkHMKgqlYG/wjhIzYDtmy8xIKAlB2a2RXDlzSH2+BKdPAFT
 EN8Qrw+bwBup8ArnXyk5V8DxJySxMHCinxxDBaVmhw191E53qY5RhC2MLm2FcpoH
 PYkjGwggBdiCmynMYyGNyXaZNveHaQehGOGtK++Zaa+ecVb/gIcGxS8l/7/qJfZf
 Zfx1wPs03FAMyu8GakO3DvgrheXDHHlLtpUpeKnFyu3h63bZvOHTv0jGvF/tGxX4
 eNh8FHW44Y1UTk4A2Agg5SJzDrZHRzUOoKnzmq1mSBPBetztvhcMclwPOz9P7qWo
 G4FqQc5CGG88i7ULMXX/xv7U/tZF7WzJv6G0b2lTBvlVoLsnubMmQD0L4NYUeQ71
 Gqdscpvg6Qkptv7Zc79GH7LG7JfOVmajBT3Va9BRYhZzXwkT/iyasc01OXKlgUjS
 9Kex5LCfGgHmaWMmIADjdaNwRhKIEGnguKA5+wIDAQABo4IBaTCCAWUwCQYDVR0T
 BAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2VuZXJhdGVkIENlcnRpZmlj
 YXRlMB0GA1UdDgQWBBSiVTG2MqiFqM6DVofOs+Z136+ukTCB1QYDVR0jBIHNMIHK
 gBT2d6OZJIK5jYNiovzEe63K1m754qGBpqSBozCBoDELMAkGA1UEBhMCREUxDzAN
 BgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4x
 GTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxETAPBgNVBAMTCFZQTi1CTEtSMREw
 DwYDVQQpEwhWUE4gQkxLUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWC
 CQDUNZJKP9U11jATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEAYD
 VR0RBAkwB4IFY2hyaXMwDQYJKoZIhvcNAQELBQADggIBANMD+MABYRMiHxIg/HDi
 zZG80OgwDb18GdcQJf2vUBIw8qtZJ9RxIbjeVDLd6fnVuI3XC9VrO6y3i6NcdhSy
 M3Mtp8L+++PW6voZrdm9o/LXVuGbh/xic/r4dEr0TiB4aj0OQr72iWj/53UkU0Jq
 XqLt8fsopI0uxio4sUZzXtqXR8Rr2L+88aVc7bSo7C5wX/6h526CdPvxDqhXWJOi
 Q4Jzgz6S8xFMns4MmT91Qkpz1LDRaklygx616NBK0Dz7w15tEiofjpXfjZHuiih1
 VBwAnc5CeU9zyAftoLWOLik2p5H/fL+fvn1xU9oyaeW6YMmVGF+kYhagA4wyZRF+
 xGsSLFnIFGWVCI/YuIn4PFOqK+kpJ1HhU/fpUOtnUMYZXMvQr9ak5b18icdvBHxv
 MqQLPFE4mHlQihK1A/eHhGDl14KTmSz2VicM9TYeGYcSU23otW/V6Mbm9hiu1Dho
 fwLiN1IrN+pDvUZy9XG/EEi1WtPFMhxlWzwm5Spmpu1+0lb2QyvcDIRtyVvVHFMe
 4wfrRjd0Zs4xB5Wl8vuxlezr7ac62LlK9OVJs0wRAMIEZQG+L040uCPrD8wfCh12
 Eogm5BDBDWHmFmczpSUmPPuGps4XhI1m5TWdAreKY6VxGt+yZd7vZJqI42XoTJIT
 EPdYrpMPTFzsbTg5X8Ww7ASJ
 -----END CERTIFICATE-----
 </cert>
 # Client Key
 <key>
 -----BEGIN ENCRYPTED PRIVATE KEY-----
 MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIxJf0YDJ2bXICAggA
 MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECKDdb7uwem+1BIIJSGE659lsNhky
 dlHvkMZoLXc3zl2BCntyqB3EMEf2ff22utReSrla9Dh7iw3DR2E6sW8tW2HMHB21
 uA689ozPf4MrYVEVHO0tF/Eb8ibeQc9kZDCocArMU3heOx6wtokFY18H+LEBxaUd
 1rUMJDQozsvWtgsmQHKaEkMXGJE/kpytOQqA7eIFQBb7m3666BUEyh3wDx2IZleF
 zvkxCzIi5neuqTndpPEohr0uQvshQI1GCSFTrJk1Ox9JN4TcpH+QvBnDBYcZUqLt
 +ZSehC6OyXp/KdAL5N+VvobzulKO/Ll+8WjNlhQAeDehJ14fz3BGnX56HYeEeu2n
 xPp4mQpQp8dYwsSArTcSGB56soQ1qK1utOSYNpVTS8jEV+HUbpXUxG0gZpQOPThp
 i3s/ujQdGf19RZ3W3W3nGWsLVf8YoXjqme/4kZVnQ1mhdNsNVBOHq8GewsUqkUBW
 gbgsmPm4Vz0YBF6dGFkPJ0HAP4nSyVC/D1A6DjoZtp6xEEz/9NoujiDZhXr2izGX
 hkn4NrKzezOfBp8yxdkXF+UnDJOXYnVH4JqhcQCVSubOyPurPRQkxY/ETOKntPyZ
 0j0n78w5LlzKQSjHHjxlD4GpLmhNTGcRPt8CahAdk6fUuXKQj0vswPNTbwnGAmTi
 uKhzg44v9jARqayCndzIjE70HGPxV282iv7/+l6jBSavvpk1WUW8L0SN8WHBWtP8
 mTKVWfGPt7K9cpR0jZM07jVRv9+j7shwK1C81ORXmKrSMhYAlgG6vf4EBOcFrrUg
 LuDN6KJFtJ1ofDZt++ySm9PC1Mxp4bSJ9Dto9PA+dwuIaQmkhU8DZMS5O0pfBAmV
 UHAQNQOBi6xKNuhkuDt261pHcoy+I4JrqMPZDsrYFIoMdAcUhzD5WhzVj5Xj8ON3
 GxKTaGEareKt1bIWoWD3VmOZqas2PAzy9W2FyktzpZlWktK7uJYwoxOZGTuoP8DA
 umEZO4PX9r+vdGXy75Qfv8+LnYdQdK/JBSXNHBXjj57JeiR494fgJ8uSzRRCMpM9
 mTJqSgZkCZQ8XwY16susz5UyMpwbCBawBzRKvJ0DNGb46v2EPtYUYOmjk/k7AO5J
 IIWr+FdK7UmsFKvAxDGHW54HRf9rpcl1+KMNTubmIyzz5iFK3IFfQu9A35jYkKd/
 YnP29BJ+jWbQdVvsjf94Nfxn9x/FUpSQj91jeQzt1I167cn/OLIkqubTgce221oa
 KqxUPSCZ+VuONiFUDC3XXyve5ZeVgZ1a2L69owSF/7SQpF099t75Tu9DbKCGz+Yb
 OJrne1UuJHJyGyNlUgsIgQZplDN/uW7PfpaEK9wzZS3ydJ/LMherJ4FazSx38Wiw
 5crdQW8YxgWoGsYCLZEFg2INjZcKs8Fq8uybDJM5B7oyOTFVvtEw6YqGVw7BSs3c
 S1qdwMYiA6KJSEoPHZWrIs+1ua3D37pMv9bf5CJQIJ4vfoRbY/EmILmV7y5tlumu
 GJ82Eyt7QOWoTVnfN9AIRbPMLERCF1S7PRivl62ElM5DY7C/N09Kx5lgei859vQ8
 wO4qXePLJuZbu2pO2FMIol+mXk0FJY7aKERPMu2mSfymv0PlPkHzQnP3eUeG498n
 1kuAeIiggm1sSKrJwCKorekRN3aCt4JKPoAPlK9u2V7kgF5Zsflu17KqZSOm7iEL
 t+GZX5cy6Nw+SpakwfUdFfy0eR16fvrII6QGXQomhwzGp455csTCffFLRxpcng5f
 6XHWaLRr/xfsM8/HOzur7kCB/Q5cRvn5hbwz31COHM/iSpJC9r9z1uOUY+i+0mIu
 RQK3L1S71JYt1VcDbNDAow4rsgJIYiXJnl8ZujZsMuSFy39lrHPDxuKuVN6mwt0I
 jICVpBnDkuBFtK9UNaI/d9ebohTq143/FJoyu1BKaMbTB0yhBT/xK4n2lJY3js6I
 1S7nR/tr7O4nSfv02L3ga6AbZ50Nasy//wY4V24wfrDO/IWzTpLhsSooPNzlm2uh
 j1lhH05l7AkSBmfErzEVsGhgp+C3QZFORgWu1KOVHoYpbq7qVjK05lCfQFXIL1+T
 NGR6LAu4Iipt7rSxMRds2jYfTUpM/GcANkQ+DI/VHrwusu5yQpzrru8L869xNhd1
 ksNct94q/Z3llhRzdRyQmHgIOZQVHHXAGwxfShRKvKGeaSnpIGk3nG3/Pt1Gk8DZ
 7bW7XgGx28bR9JcyvhFDgXmGNWFnqet67OzHC2rJkDeb2sA+jt7OoxvZD24ild/X
 CnobPHn1ECn0BNqcS13Af9HeUwf9eRmMsizvQK3UlWW7tGtcnH/+HJ4duGiCLcHw
 BOeWKS95yty9o3WS0LTTgt4fKvumeRgWtnJh/rcGnCM+tgVjgAt8KwtuDgEaDmuq
 jVegNDjISQ00yr8PgH6syUfvQgDeZ0pIGVc9bFJ/7PeTjV7EvEZwd8DUsWqYlzuD
 d+tJvcEcHWdPKAFz8caLyz/X/+G2aqwClCC63wqsMidXPR1Yu2/ASRtOwdO8UVMd
 Jh9H11AjvmqSmxjVMBYgidd8771sEBdPBfEEM+AlhOOl+OwSNqisvnmrimx24jj0
 R4Ju7Q1upE4nJmXfkklwGVPAcmIqOwJ6FMz8JAXdeJ2F4GWleOvDpENXuiU4IqYi
 60nOjF6NLl7e3rDWfkiz/kOGxoODvN+slrtNn/FTKfeu6L5jYMCcB6XxlwHf4J/x
 IOYJgPJqzvQCqCheWGeH0OSR6CiHq57uTDYXFaGFyB/ZjpN9ODmfqR47pAUUui37
 g3Bmuui00rshdFQY3KMryuQM9d04E9E87gSFoU8hsOhpEcGbFoBWryhLFf5VJXGZ
 Ki2EgnIZCxDGvBOzttOWVigOe5F4qKqd73+DJlcFLKpHtI9j+SXTLWu+GLehmqM6
 aXhrvIOg+Sv9Qg5R0SLWu8s8sCc22IcvJ1HH1QYcdCkn8nsxEPo9NU+1cfYBwUEm
 9xSEj0nzz2gk7wp2yEqb59a9sab3Ok3nTVLTf503zRMY/aZp6vlHAEOBN5zPyayS
 kV8u5nrd5jkGHQE16Hyph+pZOeeBNzi8k1AlnYi/KgUAcz/vgbQf8Jk9FjbwFm8I
 3u9GJpj7PP9xptKcVchLu8nEOZqsTVeKhNNVOoVM3qaVCKfrbB8znh6I39o3ym3p
 PJOlG292z79sHyhYkLAS6g==
 -----END ENCRYPTED PRIVATE KEY-----
 </key>
 # Verify server certificate by checking
 # that the certicate has the nsCertType
 # field set to "server".  This is an
 # important precaution to protect against
 # a potential attack discussed here:
 #  http://openvpn.net/howto.html#mitm
 #
 # To use this feature, you will need to generate
 # your server certificates with the nsCertType
 # field set to "server".  The build-key-server
 # script in the easy-rsa folder will do this.
 #
 # Note!
 # The option "ns-cert-type" has been deprecated since 
 # version 2.4 and will be removed from later distributions.
 #
 # Use the modern equivalent "remote-cert-tls"
 # 
 ;ns-cert-type server
 remote-cert-tls server
 # If a tls-auth key is used on the server
 # then every client must also have the key.
 #
 # Don't forget to set the 'key-direction' Parameter if using
 # Inline Key. Usualy , sever has key direction '0', while client
 # has ke direction '1'.
 #
 key-direction 1
 <tls-auth>
 -----BEGIN OpenVPN Static key V1-----
 b185215657011d3b8e96ff855a3f90ba
 94131670f65a203848ac7040329594ae
 e867c606a0df1d12c265d7ec7d4dbd91
 c38c1e2103405f6b5c345548da2ae3e9
 6ddf55904f191037d673dc454e31dac7
 d6dd17917b0a045914860b19d310e541
 7bd707c41a3ed7d3b2d6fe522419a1d4
 cd929a7e2aa6183a0c83a4b212cbe96b
 e9bef5a76b621ef947858f96be60229f
 e2107488c6f0a50e7f3acfe5a27952db
 53f6e8156b7d10b4da35861906b81558
 f8a24a15f2311d592a0d6186a95261e8
 f186ec3f54672edec2d04b4c99e5666a
 815684b3129721e82c24482438ea4c7b
 80585ab2e4fd43cba32bede430bfa685
 cfc5755d9b1087aa3ec4299583e1f0a6
 -----END OpenVPN Static key V1-----
 </tls-auth>
 # Select a cryptographic cipher.
 # If the cipher option is used on the server
 # then you must also specify it here.
 ;cipher BF-CBC        # Blowfish (default)
 ;cipher AES-128-CBC   # AES
 ;cipher DES-EDE3-CBC  # Triple-DES
 cipher AES-256-CBC
 # Enable compression on the VPN link.
 # Don't enable this unless it is also
 # enabled in the server config file.
 ;comp-lzo
 # --auth-nocache
 # 
 # Don't cache --askpass or --auth-user-pass username/passwords in 
 # virtual memory. 
 # If specified, this directive will cause OpenVPN to immediately forget 
 # username/password inputs after they are used. As a result, when OpenVPN 
 # needs a username/password, it will prompt for input from stdin, which may 
 # be multiple times during the duration of an OpenVPN session. 
 #
 # When using --auth-nocache in combination with a user/password file 
 # and --chroot or --daemon, make sure to use an absolute path. 
 #
 # 
 auth-nocache
 # Verbosity level.
 # 0 -- quiet except for fatal errors.
 # 1 -- mostly quiet, but display non-fatal network errors.
 # 3 -- medium output, good for normal operation.
 # 9 -- verbose, good for troubleshooting
 verb 1
 # Setting 'pull' on the client takes care to get the 'push' durectives
 # from the server
 pull
--- a/BLKR/openvpn/blkr/client-configs/julius.conf
+++ b/BLKR/openvpn/blkr/client-configs/julius.conf
@ -0,0 +1,285 @@
 ##############################################
 # Sample client-side OpenVPN 2.0 config file #
 # for connecting to multi-client server.     #
 #                                            #
 # This configuration can be used by multiple #
 # clients, however each client should have   #
 # its own cert and key files.                #
 #                                            #
 # On Windows, you might want to rename this  #
 # file so it has a .ovpn extension           #
 ##############################################
 # Specify that we are a client and that we
 # will be pulling certain config file directives
 # from the server.
 client
 # Use the same setting as you are using on
 # the server.
 # On most systems, the VPN will not function
 # unless you partially or fully disable
 # the firewall for the TUN/TAP interface.
 ;dev tap
 dev tun
 # Are we connecting to a TCP or
 # UDP server?  Use the same setting as
 # on the server
 proto udp
 # The hostname/IP and port of the server.
 # You can have multiple remote entries
 # to load balance between the servers.
 remote gw-blkr.oopen.de 1194
 topology subnet
 # Keep trying indefinitely to resolve the
 # host name of the OpenVPN server.  Very useful
 # on machines which are not permanently connected
 # to the internet such as laptops.
 resolv-retry infinite
 # Most clients don't need to bind to
 # a specific local port number.
 nobind
 # Try to preserve some state across restarts.
 persist-key
 persist-tun
 # Server CA
 <ca>
 -----BEGIN CERTIFICATE-----
 MIIG0jCCBLqgAwIBAgIJANQ1kko/1TXWMA0GCSqGSIb3DQEBCwUAMIGgMQswCQYD
 VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
 BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczERMA8GA1UEAxMI
 VlBOLUJMS1IxETAPBgNVBCkTCFZQTiBCTEtSMR0wGwYJKoZIhvcNAQkBFg5hcmd1
 c0Bvb3Blbi5kZTAgFw0xODEwMTQxMTI2NTJaGA8yMDUwMTAxNDExMjY1MlowgaAx
 CzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEP
 MA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMREwDwYD
 VQQDEwhWUE4tQkxLUjERMA8GA1UEKRMIVlBOIEJMS1IxHTAbBgkqhkiG9w0BCQEW
 DmFyZ3VzQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA
 0+cJGjlxrQfc0Hb34YJ7o3P+ctVU3jYlwV+XQrF8WFMAJ8w5QvRI4jcplY1MdMwW
 WCUZTuQ1woPbCJ2d53/ZR8RYlvq8XNdRhJmuJofWkEHEUe3YvDeTGumzco06xx+r
 Y/aA7+EI5cRismLTJkrwoIg2CYO/Vc82wTYKyJ2pThR1QAOWQ+WheEuqPAp2LfXI
 3oCGfRxgTe9756+gPzwKBZwGSMNFQjGOTHxqWnoCkQoDgOkOnCzTDcRbRVBAh7Bl
 aZ/yOte1iSyWiU8V/7VaosReizEY2/cCmSrj/p2TVcMPe6B8xBJyHI+6VZRPllEt
 l7zClTRWcp5xo1Ii/yZ+UJxK/PvYUNYt0gmJTJ7tKx05kF1HT/KmrvxV34/GCR9w
 adAteQTPDllMeBb9Wt1PXxcTcRU8MdvTONLXRp+JocfRkUR9ObSy9xdQG/HfTxOZ
 DIzECPa84tyn0nmrIJFkoKccLPJcYT+O0vypmTsVHlDIPai7gqWe5uYdUxba0Cjk
 OvbVZkQVlA/Z8yY/GiOUIfZTdjZFxLPbOWn/h6K+ud6wcjpQ3Y7vRU+FXZ+EQtqy
 GlCDmmDh6A0bIgoNvthk4bDlc2NMwQI/k9rUshe2i3k5rUmxa9KkIPLVdyw7xtvH
 bBTMdb2zlkUld3Gt5tb7g24GGe7Gh8iMdaYVhOPoJpkCAwEAAaOCAQkwggEFMB0G
 A1UdDgQWBBT2d6OZJIK5jYNiovzEe63K1m754jCB1QYDVR0jBIHNMIHKgBT2d6OZ
 JIK5jYNiovzEe63K1m754qGBpqSBozCBoDELMAkGA1UEBhMCREUxDzANBgNVBAgT
 BkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNV
 BAsTEE5ldHdvcmsgU2VydmljZXMxETAPBgNVBAMTCFZQTi1CTEtSMREwDwYDVQQp
 EwhWUE4gQkxLUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDUNZJK
 P9U11jAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQCv2pi832EnyOuH
 N407W6It/8PvmwSpC3/ZSIHt+IEKf2YOkR256J3NsO8/C3SaYNySk4Ew9DwNFVzJ
 vZ4bcoTZsKehcY0zuzJ7onafLvQV549QA8SLA75ydgAYeMEwQtF1Yni5xJYDfA7x
 t4yDNnbSTPjqBq2nLEh0Bv2pzXbPGAR8VyLKj0IKHQ1FMFVoRv+uidTCz5VVZilD
 5ojgljMnTcxwYbYQAtG9XFukxcFsvEltN19xujrJgt84isPAtbGcbI8Y98Fh1BbR
 xTN9o+KCRkneZtseNSWoCIAuLLwJEx+NWQHJXYGzOZAgoopw7G7N4U44VSdwhQSC
 JYgfmkjqW+VMYB/AEXPhXMZFGPyeYTYhugChrf9t3heREZL/JJPHfCkGe1mAQCOm
 xzAbZVgzjE4VKLjdvNvhW2Rosmqym3dCq0wC3xeUsrYPeq8U6r3kpkxrmTbMDnqr
 DIqDbstwbxsmTOXWYqTnNw5PDNdyzC/rL0r0H02FrLiZ+mj3wpD5+jEnicO5cWk+
 GkpKVerSY3EjOWvmkLdRr7AiZqq+D84Aqqh0rvFIuSfSQlcylZ4LEpp66ADCZWiQ
 B+yd54UiGk9/gwgmqJiaPYySWf4BKWxO9f64rdfzChgLplxCX+6wQaAcPYsk0sy9
 IUetobAJBkntkGyb4+NO8Jp4oJbh+g==
 -----END CERTIFICATE-----
 </ca>
 # Client Certificate
 <cert>
 -----BEGIN CERTIFICATE-----
 MIIHMDCCBRigAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCREUx
 DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
 ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxETAPBgNVBAMTCFZQTi1CTEtS
 MREwDwYDVQQpEwhWUE4gQkxLUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4u
 ZGUwHhcNMTgxMDE0MjI0NjM0WhcNMzgxMDE0MjI0NjM0WjCBpzELMAkGA1UEBhMC
 REUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZv
 Lm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGDAWBgNVBAMTD1ZQTi1C
 TEtSLWp1bGl1czERMA8GA1UEKRMIVlBOIEJMS1IxHTAbBgkqhkiG9w0BCQEWDmFy
 Z3VzQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAsRFt
 kM7rZMACsU2m1cXW4aSR5Ohoo+lb5vuU9vAyJLUcZIXod2D6PFEeHsSr2XrjPYCs
 xMf098dARSS4n1WXfEIoKqqqCox40c7P3qOnFENPQ40IPY9Dza/Eqsx/XrJfydTz
 vm0ieuIjMyEUJ2U+zsB3ED+jnreq5B0MV+JgnnWSfaVe66kq+C3tR1ihfzyBSMcl
 W6CxgxO0ON8/N/iXj/gevqPfENocOFXKEmDuahzB4SUt4zw4+ML31fo7Dshwr5gM
 Xj/kooF4pRTuvwCFQiv6LWMIONdX77/lVySo3yqPtce/edeLVraKyoSaaCvcho9G
 5GCSK/vqjBf/jDArhm4QNSAXjvhVOrT7q923ASMMIuljZg5T1ZXnZMAvNjYiZbOY
 Qz1NiDzVMCsVd3SouApJxUejZPM6fs222330hzuNCKlG9+grO8OTFcL4yBNG/dkE
 qrjnCOdhrlJSB5vkHNkdg55M7ZULTbdt46BO4p1e5vRiA2V1F/GIlrUzQCLndGcs
 vKsR1acBBmcbF96OMyOJHdCChKToKvKWFlMiaG5hr1wDtPPrbUVbmOMqQCWdfWsL
 VRVaRjagR525f4HXdSJH6RbNJOcx6Z1D6HppcdGHjvBlDJ/1JPNnhJnD7P8peHPe
 b3fAWLq3eSYoHwiE/LRfdqHdhrD7aLEH79JnkvkCAwEAAaOCAWowggFmMAkGA1Ud
 EwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZp
 Y2F0ZTAdBgNVHQ4EFgQUsbDah+SyK0zNTayFSlMEsRC7/t0wgdUGA1UdIwSBzTCB
 yoAU9nejmSSCuY2DYqL8xHutytZu+eKhgaakgaMwgaAxCzAJBgNVBAYTAkRFMQ8w
 DQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVu
 MRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMREwDwYDVQQDEwhWUE4tQkxLUjER
 MA8GA1UEKRMIVlBOIEJMS1IxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRl
 ggkA1DWSSj/VNdYwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMBEG
 A1UdEQQKMAiCBmp1bGl1czANBgkqhkiG9w0BAQsFAAOCAgEANb2uCYVkQgdUYKH9
 fZ6qobcc2vhrDP7r/oSS2vFvcpBq+/6wb09e8a9n47txbUmNT/1/2ADXwwMUQ3jz
 dI5wHckbQLUHRi3H1A9Qbvvb+xohyMJpq0kNdVkGGx7woFc6SQq4Npf2h+yCm7T2
 pFvDO7CmWuKYYv0wWbtqhI7hcQSdvhmCMcLebsz47rj9t1pobIpqbletYr0gXgzZ
 DiOOwlIJ1hSQ9OqauR4I+ba49Jy840o6C2W/ZAF/zMTfZbYMp4wAZsKiTamE8MNw
 KbQByrBbL8LC15i2J5BE3DzMgkDzMUk3nthe1qOoaoZjOyzILrtl4B8FGgtGXnVd
 6VO+c70/hkbpkl5++c8Z61Bgd6pewj9bBIDLR+zk0XbVXdPHZZ6zKDABhLMK2XTO
 46hEMWibB90cMbYprJ6P6S8Jat7E3yj5MJiFGC3tY5Tw+D+/+n1C8zxRlLaLqznp
 gWMuik1AuzQhjTmclQTNpz2PIcFjvw0xVGmISNCUGZjnJPK3yCBPzUd1/KU2biRC
 STSildvyB3JwuHmfn0u7lB3ui9FfSbPSGZbLAEJUaG8AYZ5mbFX2ZSELMIHIzluh
 qeL+MpPV6p1gyC5ze9oAsHrjnBX4F/GIG747+/AOBl83jLVOj+gzfojaZxhXPdxg
 JBOkzmg5L6ieQx+1EeJ4jNf1D+k=
 -----END CERTIFICATE-----
 </cert>
 # Client Key
 <key>
 -----BEGIN ENCRYPTED PRIVATE KEY-----
 MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIKFf7x+y0VjICAggA
 MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECKNd68aH723ZBIIJSCSKYMe/zTkn
 g+fRJKj1dcWhw1Lih1uS/Q636GDykHj1DCcQsZjgNcy61FVh/B1Hpd7f2dxRf3vp
 YKDxCnEKAcGjSMsXhkXwc0mz6vPrYNGhdJ5/9SizjW6/+hU/qhi8iZQVPPJU9zVh
 4YUVC8kYHkU8FjgEEOyMPwjtRjxWAuB54Q0Ans1C1wlzz040UEGRfVm5+FkuupUm
 mvMzcJQdwGYcWFZR066xTUkiDm4fCaG9Lc8RXj2TCzUsKsJUlfmoSCO8DHgOqUM/
 6M7TNP6HmIWtX9NOlH7j/dLDIF53afbuDFaoXKdL/6nibZvG/o39IJ3n7hJHeZFB
 Ydfe1b8fCLl4+6O2RFEQfTmbjt9AA1G8bRHdFT80ekD0rUfqBEMetDsHkExHr8Vt
 kscM9KmYxLA1ExnQ07UWRPPqj31dvOg+sIVYBs9Ou5K0yK9vj7rZPK9M6P+Rs5mD
 V0YHCrCzAPLYd8zzWT7uI0hVoDd8ooMoCUXNffzLAwfjormVzR1as3ttIhf0zjz1
 6oqXvby1ACaIqWpRm52LNef7MDcCdv6R1kgB1JR+CWduOTCMQ7yklOY9A+S+E4Xd
 xSRkXTkVh4awVIRdoqmFbgrKlQAoarvZU8V/ayusS6nGx+9j1F9JYXFbp7Dz2kLq
 hLZnO8sOsQo3+s/2nOjhREI+YLBbanSge7t9hYsXEeJ51lwx5luED6ktfFEr2fTs
 AbyoM9JpAolYkyqmDHYH5WmRPeTHLIt0ZKfhnkCroV4KC+zMN1mNzgEbEuZA7eY+
 sAjFMJzsiamCTDlSb8x9VzVBHTeyGW/OFPlzratv1l8/9qZ5YGqOFEyAGLF5956w
 5YEP1ojOe/aYi+zYdablrQkBY//Lxv37ZzwhUclkBKt7iHk3cS5EAFtL6if0vsQ8
 d6W5+dNgkEYcoTbupkjGHXAG/UqbibR4j97WODb+qBdsUl5mIV38Tl9y+rwJjANP
 Xi9pdnFE+O/u/sbXNVNlN/tfu2AS4gfvKccNJJV5kqGHDFwAsuoy5Nado8KHSetR
 FOCLh/ADa8OE071xsqr4z2T9JkpN2aIqiHROCJvOtepZq+8gblmF1VKEnQDTuLFW
 hRMbXkL9Xd3vz02tJCGf+1YKKS+G5cQirVHCxRRAVc7e52Nd5+W+0Ds3xLo3oZIV
 txHZyQ8qFuAw5EzYQ/vVSXfuTFohcrqDQl7DTtlEAcEyRyc5J0oJzRCk4tTvnFdD
 xL+yxb6EqU018Y/aryEOJAhxIullpaCAEAy8WyiUyu9Bf4gx90UVUpXVoU8+WGk3
 /BGyAwmyXCVv/M6rzcSQ2bm1n5ga8SkmZvLH9YC11oir4jM2YY+tFvjeZg0Zcatv
 pdm4XM1bpk3ysf8HatFqBwnd+xR2Uk6l+f3dyhYzcz74VZyqjbrnUgUPwFTZTI7c
 9TA7alPzRqnuL0LBYjs2H4DSih7LPfJTTohrePhMEMpJnewKWayTuWSmMoQlZWOM
 iIzT+KcLxWQSliolEUQ2HytjJ+898WETe2pJaCrA12XJ2fPZcAhuYKdrWD1N5qXb
 lll0Xl08nVxpQ0jRxpoIvjBiwrdPF97BIYaVCXCERQMFu8rFeOzlDPf4H/jtCCSY
 Obv4b5h7XVhKbewKHZsOWprOecetK2goGVO5UAiPsrE2VKugzkg2+5HoV/wC4VBN
 yhImVgK1MsUqFnwSsRNQTRZZ5bUL83urBOlEJvBh2A7Lgo6tVJY+mYCIM5/1UYMA
 2JPyXFn688h+/f0j3p9kGLiLgblsiexu8MT7DABgTrQVd0pb2O/7T7B1/zoMzDW6
 DQhxg/+hW4A4zbxoauup7iRBkLuoc9UjA1p3wa7Kd6bcPesjv0iTjfxGYNhl7dCM
 48eqm2arMd1N9ns3kjKQzbQPswuKx4TjpE4yJ1hPQGWhD5i1znJ4yl3IhIlckHoH
 LAXxeu82HGbMF7qACMO4Xan00o9egawkbqx2sOC8ghBcxi8Jn4zEt5kEgQVcVg4d
 8wIJ2f+D2z7c94ycBv96Cm04QVyNZkm5Gzzf3AQW0wLo1MRaBok+JOiWMEb+dqV0
 /MAZ2KibMxWTkRNfIsJVx88fwupUk+ztM8ZsaAuYRBrMZrnw4LGt70xHhp1V75qp
 6eReNMU3/oZ8JNjP7yoYLX8T9fBlEj9z/ErbyAEmWHZSSwR6sXJIzXr4ywVWHjXk
 U8ZkWMVa0VMozAUdzfMPBjFZwhYBeEguiAYN1Wtvbz//EqnbogxNtTckwTlgD4xI
 ECfVaAsaTCtL8/nOVM11wQhmJYAbMtbi5BFS/KOoCo9N3wse77aFD9PF7bxV8RHk
 JtY/u1seqbLN9ZjGpQCusl22GgvK4Kz80mRrTtDpP0aoT1BTn0Hz6Y4GJRzX0x1Q
 u+fVt0+beC4pjd1mJndpoXG1S2+WHPh3SV2f+ZYiFrQd1uQ5U2dCq6VlfZBgf6xP
 bZoOmcly9NQM4nEszGt9AFGFj5mw234dmQdVwbjcYhMmXSfmI5wCLVyyQBKHrp5V
 kG4eEM8HgXqBrTMVoyA+BNK8SRRUZUD/eN3bwvE2CEkAaVc4QRIJCtJwEvOP3SA2
 EjbcNbdfhIT6OA7AWIMXaLwCTre3vMDU4z26EA7/k4wNKvvpJb49ScgJDMuIS9h5
 BXh0q8B6VvPFGuTVV46uz/gl8fU1cROvCJclCbaUMt4lcna+rgvJWoX2BtOwWfEV
 ZYGHBqPt/94tO+fEWr9e0SqIwZSiyrfTZhfJUZjyDNXTedF4BfWyI0CkC/NfEswG
 P97ozo4un/+P5NseqQN4EXnZR1egUur4mCJz2KCrv9M0LSxwbZK2cjZCqnsIc4U1
 aufbzS5YerTKCduGVvuwCSlA57CeDXlFE89M3hwSD5xp9tJbXNL/q0ufaPCSSV9C
 BMW6SMUvDzKBY1hULCfYCnrrzI0+xfvoBQ5PwiUT7TVqKV4wViWiJ1BSp5uJkein
 hrm3ER4tmS7LX+pNBb49Lgpar2Omivm4/tmgVwhhw9e0X+OnpWqlTAqcti73rHKm
 5zksjTcjTxfjj2kEX8ASXD5I8H2v+hXZrmjE8PV+jA4Gl5fooMF9gp7z3EE3wyeD
 OfI90G7V8F2NBjx9rQx+e1/Sz6yRtEdtUCKWFMTJnSEWTOF2e4I1py0IRvspMOTG
 gQVi7sR0xnQD61dmqU8dWw==
 -----END ENCRYPTED PRIVATE KEY-----
 </key>
 # Verify server certificate by checking
 # that the certicate has the nsCertType
 # field set to "server".  This is an
 # important precaution to protect against
 # a potential attack discussed here:
 #  http://openvpn.net/howto.html#mitm
 #
 # To use this feature, you will need to generate
 # your server certificates with the nsCertType
 # field set to "server".  The build-key-server
 # script in the easy-rsa folder will do this.
 #
 # Note!
 # The option "ns-cert-type" has been deprecated since 
 # version 2.4 and will be removed from later distributions.
 #
 # Use the modern equivalent "remote-cert-tls"
 # 
 ;ns-cert-type server
 remote-cert-tls server
 # If a tls-auth key is used on the server
 # then every client must also have the key.
 #
 # Don't forget to set the 'key-direction' Parameter if using
 # Inline Key. Usualy , sever has key direction '0', while client
 # has ke direction '1'.
 #
 key-direction 1
 <tls-auth>
 -----BEGIN OpenVPN Static key V1-----
 b185215657011d3b8e96ff855a3f90ba
 94131670f65a203848ac7040329594ae
 e867c606a0df1d12c265d7ec7d4dbd91
 c38c1e2103405f6b5c345548da2ae3e9
 6ddf55904f191037d673dc454e31dac7
 d6dd17917b0a045914860b19d310e541
 7bd707c41a3ed7d3b2d6fe522419a1d4
 cd929a7e2aa6183a0c83a4b212cbe96b
 e9bef5a76b621ef947858f96be60229f
 e2107488c6f0a50e7f3acfe5a27952db
 53f6e8156b7d10b4da35861906b81558
 f8a24a15f2311d592a0d6186a95261e8
 f186ec3f54672edec2d04b4c99e5666a
 815684b3129721e82c24482438ea4c7b
 80585ab2e4fd43cba32bede430bfa685
 cfc5755d9b1087aa3ec4299583e1f0a6
 -----END OpenVPN Static key V1-----
 </tls-auth>
 # Select a cryptographic cipher.
 # If the cipher option is used on the server
 # then you must also specify it here.
 ;cipher BF-CBC        # Blowfish (default)
 ;cipher AES-128-CBC   # AES
 ;cipher DES-EDE3-CBC  # Triple-DES
 cipher AES-256-CBC
 # Enable compression on the VPN link.
 # Don't enable this unless it is also
 # enabled in the server config file.
 ;comp-lzo
 # --auth-nocache
 # 
 # Don't cache --askpass or --auth-user-pass username/passwords in 
 # virtual memory. 
 # If specified, this directive will cause OpenVPN to immediately forget 
 # username/password inputs after they are used. As a result, when OpenVPN 
 # needs a username/password, it will prompt for input from stdin, which may 
 # be multiple times during the duration of an OpenVPN session. 
 #
 # When using --auth-nocache in combination with a user/password file 
 # and --chroot or --daemon, make sure to use an absolute path. 
 #
 # 
 auth-nocache
 # Verbosity level.
 # 0 -- quiet except for fatal errors.
 # 1 -- mostly quiet, but display non-fatal network errors.
 # 3 -- medium output, good for normal operation.
 # 9 -- verbose, good for troubleshooting
 verb 1
 # Setting 'pull' on the client takes care to get the 'push' durectives
 # from the server
 pull
--- a/BLKR/openvpn/blkr/crl.pem
+++ b/BLKR/openvpn/blkr/crl.pem
@ -0,0 +1,18 @@
 -----BEGIN X509 CRL-----
 MIIC6TCB0jANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCREUxDzANBgNVBAgT
 BkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNV
 BAsTEE5ldHdvcmsgU2VydmljZXMxETAPBgNVBAMTCFZQTi1CTEtSMREwDwYDVQQp
 EwhWUE4gQkxLUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUXDTE4MTAx
 NDIxMjMzNFoYDzIwNTAxMDE0MjEyMzM0WjANBgkqhkiG9w0BAQsFAAOCAgEAtlkA
 pIPBbAmqenFArYr0tPbry6/BFMmsfOz05CV3oLorIxfK2ZatW1pEAAp6+8DyqKiu
 ZweRt27Z4K1vjqLla9VLrLjyyoSA6mQCkSi5S8GhV4bVmGh+kVdGQ+TpVCHSRurc
 STV0kMjlbgTeMw2a+Z3akbOeA7OeRzNz1URxi56fakPEosfv3tvvA8KSx2mzL8Jj
 SjIzUv87cBd9RiJsiNAMVhy+HR1I3VbUlrJ0flL8JaFw0+nzF+zxLwfJ1iOiKAjn
 t6aN2MVzHjhwwowGRAsh0ofSrScE0+vXbuYWXXhwITOj+sMARGatUPcARgnYT5Xd
 NUYL6aJOknXI18pkLSMI7lrGPwf4Tz1ktKy3nCEqjmQMpiqV7p/Fpi3eFwo4IjcP
 HMtJY1eon3kTYbaMgVqWSXSliiJl0U51fT6kYDrbbNKx81175HOfzRO1J6RYI7hW
 /KKyBZwOxfVjlIHVzTB0zfGnhZcNd3LY3HZWB0/IvDhDUbjPiqgXLuih1dUDDc3r
 jqeM+XH5JHHcQrw28Ow4C0uWgExWMvrCeQ0j5P0V6rfyXXEJZhvg3UXTcUcWKv/S
 Cos4j6Az1JZ8YNKMYQZgLKGeTZX2sy/13yb0xdlftp1Y5L2mCP4Yra/a0CAwxugN
 XT9+LKMrA00zXZy45G74XCiaYUXWrg9bJd2IO90=
 -----END X509 CRL-----
--- a/BLKR/openvpn/blkr/easy-rsa/build-ca
+++ b/BLKR/openvpn/blkr/easy-rsa/build-ca
@ -0,0 +1 @@
 /usr/share/easy-rsa/build-ca
--- a/BLKR/openvpn/blkr/easy-rsa/build-dh
+++ b/BLKR/openvpn/blkr/easy-rsa/build-dh
@ -0,0 +1 @@
 /usr/share/easy-rsa/build-dh
--- a/BLKR/openvpn/blkr/easy-rsa/build-inter
+++ b/BLKR/openvpn/blkr/easy-rsa/build-inter
@ -0,0 +1 @@
 /usr/share/easy-rsa/build-inter
--- a/BLKR/openvpn/blkr/easy-rsa/build-key
+++ b/BLKR/openvpn/blkr/easy-rsa/build-key
@ -0,0 +1 @@
 /usr/share/easy-rsa/build-key
--- a/BLKR/openvpn/blkr/easy-rsa/build-key-pass
+++ b/BLKR/openvpn/blkr/easy-rsa/build-key-pass
@ -0,0 +1 @@
 /usr/share/easy-rsa/build-key-pass
--- a/BLKR/openvpn/blkr/easy-rsa/build-key-pkcs12
+++ b/BLKR/openvpn/blkr/easy-rsa/build-key-pkcs12
@ -0,0 +1 @@
 /usr/share/easy-rsa/build-key-pkcs12
--- a/BLKR/openvpn/blkr/easy-rsa/build-key-server
+++ b/BLKR/openvpn/blkr/easy-rsa/build-key-server
@ -0,0 +1 @@
 /usr/share/easy-rsa/build-key-server
--- a/BLKR/openvpn/blkr/easy-rsa/build-req
+++ b/BLKR/openvpn/blkr/easy-rsa/build-req
@ -0,0 +1 @@
 /usr/share/easy-rsa/build-req
--- a/BLKR/openvpn/blkr/easy-rsa/build-req-pass
+++ b/BLKR/openvpn/blkr/easy-rsa/build-req-pass
@ -0,0 +1 @@
 /usr/share/easy-rsa/build-req-pass
--- a/BLKR/openvpn/blkr/easy-rsa/clean-all
+++ b/BLKR/openvpn/blkr/easy-rsa/clean-all
@ -0,0 +1 @@
 /usr/share/easy-rsa/clean-all
--- a/BLKR/openvpn/blkr/easy-rsa/inherit-inter
+++ b/BLKR/openvpn/blkr/easy-rsa/inherit-inter
@ -0,0 +1 @@
 /usr/share/easy-rsa/inherit-inter
--- a/BLKR/openvpn/blkr/easy-rsa/list-crl
+++ b/BLKR/openvpn/blkr/easy-rsa/list-crl
@ -0,0 +1 @@
 /usr/share/easy-rsa/list-crl
--- a/BLKR/openvpn/blkr/easy-rsa/openssl-0.9.6.cnf
+++ b/BLKR/openvpn/blkr/easy-rsa/openssl-0.9.6.cnf
@ -0,0 +1,268 @@
 # For use with easy-rsa version 2.0
 #
 # OpenSSL example configuration file.
 # This is mostly being used for generation of certificate requests.
 #
 # This definition stops the following lines choking if HOME isn't
 # defined.
 HOME			= .
 RANDFILE		= $ENV::HOME/.rnd
 # Extra OBJECT IDENTIFIER info:
 #oid_file		= $ENV::HOME/.oid
 oid_section		= new_oids
 # To use this configuration file with the "-extfile" option of the
 # "openssl x509" utility, name here the section containing the
 # X.509v3 extensions to use:
 # extensions		= 
 # (Alternatively, use a configuration file that has only
 # X.509v3 extensions in its main [= default] section.)
 [ new_oids ]
 # We can add new OIDs in here for use by 'ca' and 'req'.
 # Add a simple OID like this:
 # testoid1=1.2.3.4
 # Or use config file substitution like this:
 # testoid2=${testoid1}.5.6
 ####################################################################
 [ ca ]
 default_ca	= CA_default		# The default ca section
 ####################################################################
 [ CA_default ]
 dir		= $ENV::KEY_DIR		# Where everything is kept
 certs		= $dir			# Where the issued certs are kept
 crl_dir		= $dir			# Where the issued crl are kept
 database	= $dir/index.txt	# database index file.
 new_certs_dir	= $dir			# default place for new certs.
 certificate	= $dir/ca.crt	 	# The CA certificate
 serial		= $dir/serial 		# The current serial number
 crl		= $dir/crl.pem 		# The current CRL
 private_key	= $dir/ca.key	 	# The private key
 RANDFILE	= $dir/.rand		# private random number file
 x509_extensions	= usr_cert		# The extentions to add to the cert
 # Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
 # so this is commented out by default to leave a V1 CRL.
 # crl_extensions	= crl_ext
 default_days	= 3650			# how long to certify for
 default_crl_days= 30			# how long before next CRL
 default_md	= sha256		# which md to use.
 preserve	= no			# keep passed DN ordering
 # A few difference way of specifying how similar the request should look
 # For type CA, the listed attributes must be the same, and the optional
 # and supplied fields are just that :-)
 policy		= policy_anything
 # For the CA policy
 [ policy_match ]
 countryName		= match
 stateOrProvinceName	= match
 organizationName	= match
 organizationalUnitName	= optional
 commonName		= supplied
 emailAddress		= optional
 # For the 'anything' policy
 # At this point in time, you must list all acceptable 'object'
 # types.
 [ policy_anything ]
 countryName		= optional
 stateOrProvinceName	= optional
 localityName		= optional
 organizationName	= optional
 organizationalUnitName	= optional
 commonName		= supplied
 emailAddress		= optional
 ####################################################################
 [ req ]
 default_bits		= $ENV::KEY_SIZE
 default_keyfile 	= privkey.pem
 default_md		= sha256
 distinguished_name	= req_distinguished_name
 attributes		= req_attributes
 x509_extensions	= v3_ca	# The extentions to add to the self signed cert
 # Passwords for private keys if not present they will be prompted for
 # input_password = secret
 # output_password = secret
 # This sets a mask for permitted string types. There are several options. 
 # default: PrintableString, T61String, BMPString.
 # pkix	 : PrintableString, BMPString.
 # utf8only: only UTF8Strings.
 # nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
 # MASK:XXXX a literal mask value.
 # WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
 # so use this option with caution!
 string_mask = nombstr
 # req_extensions = v3_req # The extensions to add to a certificate request
 [ req_distinguished_name ]
 countryName			= Country Name (2 letter code)
 countryName_default		= $ENV::KEY_COUNTRY
 countryName_min			= 2
 countryName_max			= 2
 stateOrProvinceName		= State or Province Name (full name)
 stateOrProvinceName_default	= $ENV::KEY_PROVINCE
 localityName			= Locality Name (eg, city)
 localityName_default		= $ENV::KEY_CITY
 0.organizationName		= Organization Name (eg, company)
 0.organizationName_default	= $ENV::KEY_ORG
 # we can do this but it is not needed normally :-)
 #1.organizationName		= Second Organization Name (eg, company)
 #1.organizationName_default	= World Wide Web Pty Ltd
 organizationalUnitName		= Organizational Unit Name (eg, section)
 #organizationalUnitName_default	=
 commonName			= Common Name (eg, your name or your server\'s hostname)
 commonName_max			= 64
 emailAddress			= Email Address
 emailAddress_default		= $ENV::KEY_EMAIL
 emailAddress_max		= 40
 # JY -- added for batch mode
 organizationalUnitName_default = $ENV::KEY_OU
 commonName_default = $ENV::KEY_CN
 # SET-ex3			= SET extension number 3
 [ req_attributes ]
 challengePassword		= A challenge password
 challengePassword_min		= 4
 challengePassword_max		= 20
 unstructuredName		= An optional company name
 [ usr_cert ]
 # These extensions are added when 'ca' signs a request.
 # This goes against PKIX guidelines but some CAs do it and some software
 # requires this to avoid interpreting an end user certificate as a CA.
 basicConstraints=CA:FALSE
 # Here are some examples of the usage of nsCertType. If it is omitted
 # the certificate can be used for anything *except* object signing.
 # This is OK for an SSL server.
 # nsCertType			= server
 # For an object signing certificate this would be used.
 # nsCertType = objsign
 # For normal client use this is typical
 # nsCertType = client, email
 # and for everything including object signing:
 # nsCertType = client, email, objsign
 # This is typical in keyUsage for a client certificate.
 # keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 # This will be displayed in Netscape's comment listbox.
 nsComment			= "Easy-RSA Generated Certificate"
 # PKIX recommendations harmless if included in all certificates.
 subjectKeyIdentifier=hash
 authorityKeyIdentifier=keyid,issuer:always
 extendedKeyUsage=clientAuth
 keyUsage = digitalSignature
 # This stuff is for subjectAltName and issuerAltname.
 # Import the email address.
 # subjectAltName=email:copy
 subjectAltName=$ENV::KEY_ALTNAMES
 # Copy subject details
 # issuerAltName=issuer:copy
 #nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
 #nsBaseUrl
 #nsRevocationUrl
 #nsRenewalUrl
 #nsCaPolicyUrl
 #nsSslServerName
 [ server ]
 # JY ADDED -- Make a cert with nsCertType set to "server"
 basicConstraints=CA:FALSE
 nsCertType			= server
 nsComment			= "Easy-RSA Generated Server Certificate"
 subjectKeyIdentifier=hash
 authorityKeyIdentifier=keyid,issuer:always
 extendedKeyUsage=serverAuth
 keyUsage = digitalSignature, keyEncipherment
 subjectAltName=$ENV::KEY_ALTNAMES
 [ v3_req ]
 # Extensions to add to a certificate request
 basicConstraints = CA:FALSE
 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 [ v3_ca ]
 # Extensions for a typical CA
 # PKIX recommendation.
 subjectKeyIdentifier=hash
 authorityKeyIdentifier=keyid:always,issuer:always
 # This is what PKIX recommends but some broken software chokes on critical
 # extensions.
 #basicConstraints = critical,CA:true
 # So we do this instead.
 basicConstraints = CA:true
 # Key usage: this is typical for a CA certificate. However since it will
 # prevent it being used as an test self-signed certificate it is best
 # left out by default.
 # keyUsage = cRLSign, keyCertSign
 # Some might want this also
 # nsCertType = sslCA, emailCA
 # Include email address in subject alt name: another PKIX recommendation
 # subjectAltName=email:copy
 # Copy issuer details
 # issuerAltName=issuer:copy
 # DER hex encoding of an extension: beware experts only!
 # obj=DER:02:03
 # Where 'obj' is a standard or added object
 # You can even override a supported extension:
 # basicConstraints= critical, DER:30:03:01:01:FF
 [ crl_ext ]
 # CRL extensions.
 # Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
 # issuerAltName=issuer:copy
 authorityKeyIdentifier=keyid:always,issuer:always
--- a/BLKR/openvpn/blkr/easy-rsa/openssl-0.9.8.cnf
+++ b/BLKR/openvpn/blkr/easy-rsa/openssl-0.9.8.cnf
@ -0,0 +1,293 @@
 # For use with easy-rsa version 2.0
 #
 # OpenSSL example configuration file.
 # This is mostly being used for generation of certificate requests.
 #
 # This definition stops the following lines choking if HOME isn't
 # defined.
 HOME			= .
 RANDFILE		= $ENV::HOME/.rnd
 openssl_conf		= openssl_init
 [ openssl_init ]
 # Extra OBJECT IDENTIFIER info:
 #oid_file		= $ENV::HOME/.oid
 oid_section		= new_oids
 engines                 = engine_section
 # To use this configuration file with the "-extfile" option of the
 # "openssl x509" utility, name here the section containing the
 # X.509v3 extensions to use:
 # extensions		=
 # (Alternatively, use a configuration file that has only
 # X.509v3 extensions in its main [= default] section.)
 [ new_oids ]
 # We can add new OIDs in here for use by 'ca' and 'req'.
 # Add a simple OID like this:
 # testoid1=1.2.3.4
 # Or use config file substitution like this:
 # testoid2=${testoid1}.5.6
 ####################################################################
 [ ca ]
 default_ca	= CA_default		# The default ca section
 ####################################################################
 [ CA_default ]
 dir		= $ENV::KEY_DIR		# Where everything is kept
 certs		= $dir			# Where the issued certs are kept
 crl_dir		= $dir			# Where the issued crl are kept
 database	= $dir/index.txt	# database index file.
 new_certs_dir	= $dir			# default place for new certs.
 certificate	= $dir/ca.crt	 	# The CA certificate
 serial		= $dir/serial 		# The current serial number
 crl		= $dir/crl.pem 		# The current CRL
 private_key	= $dir/ca.key	 	# The private key
 RANDFILE	= $dir/.rand		# private random number file
 x509_extensions	= usr_cert		# The extentions to add to the cert
 # Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
 # so this is commented out by default to leave a V1 CRL.
 # crl_extensions	= crl_ext
 default_days	= 3650			# how long to certify for
 default_crl_days= 30			# how long before next CRL
 default_md	= sha256		# which md to use.
 preserve	= no			# keep passed DN ordering
 # A few difference way of specifying how similar the request should look
 # For type CA, the listed attributes must be the same, and the optional
 # and supplied fields are just that :-)
 policy		= policy_anything
 # For the CA policy
 [ policy_match ]
 countryName		= match
 stateOrProvinceName	= match
 organizationName	= match
 organizationalUnitName	= optional
 commonName		= supplied
 name			= optional
 emailAddress		= optional
 # For the 'anything' policy
 # At this point in time, you must list all acceptable 'object'
 # types.
 [ policy_anything ]
 countryName		= optional
 stateOrProvinceName	= optional
 localityName		= optional
 organizationName	= optional
 organizationalUnitName	= optional
 commonName		= supplied
 name			= optional
 emailAddress		= optional
 ####################################################################
 [ req ]
 default_bits		= $ENV::KEY_SIZE
 default_keyfile 	= privkey.pem
 default_md		= sha256
 distinguished_name	= req_distinguished_name
 attributes		= req_attributes
 x509_extensions	= v3_ca	# The extentions to add to the self signed cert
 # Passwords for private keys if not present they will be prompted for
 # input_password = secret
 # output_password = secret
 # This sets a mask for permitted string types. There are several options.
 # default: PrintableString, T61String, BMPString.
 # pkix	 : PrintableString, BMPString.
 # utf8only: only UTF8Strings.
 # nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
 # MASK:XXXX a literal mask value.
 # WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
 # so use this option with caution!
 string_mask = nombstr
 # req_extensions = v3_req # The extensions to add to a certificate request
 [ req_distinguished_name ]
 countryName			= Country Name (2 letter code)
 countryName_default		= $ENV::KEY_COUNTRY
 countryName_min			= 2
 countryName_max			= 2
 stateOrProvinceName		= State or Province Name (full name)
 stateOrProvinceName_default	= $ENV::KEY_PROVINCE
 localityName			= Locality Name (eg, city)
 localityName_default		= $ENV::KEY_CITY
 0.organizationName		= Organization Name (eg, company)
 0.organizationName_default	= $ENV::KEY_ORG
 # we can do this but it is not needed normally :-)
 #1.organizationName		= Second Organization Name (eg, company)
 #1.organizationName_default	= World Wide Web Pty Ltd
 organizationalUnitName		= Organizational Unit Name (eg, section)
 #organizationalUnitName_default	=
 commonName			= Common Name (eg, your name or your server\'s hostname)
 commonName_max			= 64
 name				= Name
 name_max			= 64
 emailAddress			= Email Address
 emailAddress_default		= $ENV::KEY_EMAIL
 emailAddress_max		= 40
 # JY -- added for batch mode
 organizationalUnitName_default = $ENV::KEY_OU
 commonName_default = $ENV::KEY_CN
 name_default = $ENV::KEY_NAME
 # SET-ex3			= SET extension number 3
 [ req_attributes ]
 challengePassword		= A challenge password
 challengePassword_min		= 4
 challengePassword_max		= 20
 unstructuredName		= An optional company name
 [ usr_cert ]
 # These extensions are added when 'ca' signs a request.
 # This goes against PKIX guidelines but some CAs do it and some software
 # requires this to avoid interpreting an end user certificate as a CA.
 basicConstraints=CA:FALSE
 # Here are some examples of the usage of nsCertType. If it is omitted
 # the certificate can be used for anything *except* object signing.
 # This is OK for an SSL server.
 # nsCertType			= server
 # For an object signing certificate this would be used.
 # nsCertType = objsign
 # For normal client use this is typical
 # nsCertType = client, email
 # and for everything including object signing:
 # nsCertType = client, email, objsign
 # This is typical in keyUsage for a client certificate.
 # keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 # This will be displayed in Netscape's comment listbox.
 nsComment			= "Easy-RSA Generated Certificate"
 # PKIX recommendations harmless if included in all certificates.
 subjectKeyIdentifier=hash
 authorityKeyIdentifier=keyid,issuer:always
 extendedKeyUsage=clientAuth
 keyUsage = digitalSignature
 # This stuff is for subjectAltName and issuerAltname.
 # Import the email address.
 # subjectAltName=email:copy
 subjectAltName=$ENV::KEY_ALTNAMES
 # Copy subject details
 # issuerAltName=issuer:copy
 #nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
 #nsBaseUrl
 #nsRevocationUrl
 #nsRenewalUrl
 #nsCaPolicyUrl
 #nsSslServerName
 [ server ]
 # JY ADDED -- Make a cert with nsCertType set to "server"
 basicConstraints=CA:FALSE
 nsCertType			= server
 nsComment			= "Easy-RSA Generated Server Certificate"
 subjectKeyIdentifier=hash
 authorityKeyIdentifier=keyid,issuer:always
 extendedKeyUsage=serverAuth
 keyUsage = digitalSignature, keyEncipherment
 subjectAltName=$ENV::KEY_ALTNAMES
 [ v3_req ]
 # Extensions to add to a certificate request
 basicConstraints = CA:FALSE
 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 [ v3_ca ]
 # Extensions for a typical CA
 # PKIX recommendation.
 subjectKeyIdentifier=hash
 authorityKeyIdentifier=keyid:always,issuer:always
 # This is what PKIX recommends but some broken software chokes on critical
 # extensions.
 #basicConstraints = critical,CA:true
 # So we do this instead.
 basicConstraints = CA:true
 # Key usage: this is typical for a CA certificate. However since it will
 # prevent it being used as an test self-signed certificate it is best
 # left out by default.
 # keyUsage = cRLSign, keyCertSign
 # Some might want this also
 # nsCertType = sslCA, emailCA
 # Include email address in subject alt name: another PKIX recommendation
 # subjectAltName=email:copy
 # Copy issuer details
 # issuerAltName=issuer:copy
 # DER hex encoding of an extension: beware experts only!
 # obj=DER:02:03
 # Where 'obj' is a standard or added object
 # You can even override a supported extension:
 # basicConstraints= critical, DER:30:03:01:01:FF
 [ crl_ext ]
 # CRL extensions.
 # Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
 # issuerAltName=issuer:copy
 authorityKeyIdentifier=keyid:always,issuer:always
 [ engine_section ]
 #
 # If you are using PKCS#11
 # Install engine_pkcs11 of opensc (www.opensc.org)
 # And uncomment the following
 # verify that dynamic_path points to the correct location
 #
 #pkcs11 = pkcs11_section
 [ pkcs11_section ]
 engine_id = pkcs11
 dynamic_path = /usr/lib/engines/engine_pkcs11.so
 MODULE_PATH = $ENV::PKCS11_MODULE_PATH
 PIN = $ENV::PKCS11_PIN
 init = 0
--- a/BLKR/openvpn/blkr/easy-rsa/openssl-1.0.0.cnf
+++ b/BLKR/openvpn/blkr/easy-rsa/openssl-1.0.0.cnf
@ -0,0 +1,290 @@
 # For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
 # This definition stops the following lines choking if HOME isn't
 # defined.
 HOME			= .
 RANDFILE		= $ENV::HOME/.rnd
 openssl_conf		= openssl_init
 [ openssl_init ]
 # Extra OBJECT IDENTIFIER info:
 #oid_file		= $ENV::HOME/.oid
 oid_section		= new_oids
 engines			= engine_section
 # To use this configuration file with the "-extfile" option of the
 # "openssl x509" utility, name here the section containing the
 # X.509v3 extensions to use:
 # extensions		=
 # (Alternatively, use a configuration file that has only
 # X.509v3 extensions in its main [= default] section.)
 [ new_oids ]
 # We can add new OIDs in here for use by 'ca' and 'req'.
 # Add a simple OID like this:
 # testoid1=1.2.3.4
 # Or use config file substitution like this:
 # testoid2=${testoid1}.5.6
 ####################################################################
 [ ca ]
 default_ca	= CA_default		# The default ca section
 ####################################################################
 [ CA_default ]
 dir		= $ENV::KEY_DIR		# Where everything is kept
 certs		= $dir			# Where the issued certs are kept
 crl_dir		= $dir			# Where the issued crl are kept
 database	= $dir/index.txt	# database index file.
 new_certs_dir	= $dir			# default place for new certs.
 certificate	= $dir/ca.crt	 	# The CA certificate
 serial		= $dir/serial 		# The current serial number
 crl		= $dir/crl.pem 		# The current CRL
 private_key	= $dir/ca.key		# The private key
 RANDFILE	= $dir/.rand		# private random number file
 x509_extensions	= usr_cert		# The extentions to add to the cert
 # Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
 # so this is commented out by default to leave a V1 CRL.
 # crl_extensions	= crl_ext
 #default_days	= 3650			# how long to certify for
 default_days   = 11688
 #default_crl_days= 30			# how long before next CRL
 default_crl_days   = 11688
 default_md	= sha256		# use public key default MD
 preserve	= no			# keep passed DN ordering
 # A few difference way of specifying how similar the request should look
 # For type CA, the listed attributes must be the same, and the optional
 # and supplied fields are just that :-)
 policy		= policy_anything
 # For the CA policy
 [ policy_match ]
 countryName		= match
 stateOrProvinceName	= match
 organizationName	= match
 organizationalUnitName	= optional
 commonName		= supplied
 name			= optional
 emailAddress		= optional
 # For the 'anything' policy
 # At this point in time, you must list all acceptable 'object'
 # types.
 [ policy_anything ]
 countryName		= optional
 stateOrProvinceName	= optional
 localityName		= optional
 organizationName	= optional
 organizationalUnitName	= optional
 commonName		= supplied
 name			= optional
 emailAddress		= optional
 ####################################################################
 [ req ]
 default_bits		= $ENV::KEY_SIZE
 default_keyfile 	= privkey.pem
 default_md		= sha256
 distinguished_name	= req_distinguished_name
 attributes		= req_attributes
 x509_extensions	= v3_ca	# The extentions to add to the self signed cert
 # Passwords for private keys if not present they will be prompted for
 # input_password = secret
 # output_password = secret
 # This sets a mask for permitted string types. There are several options.
 # default: PrintableString, T61String, BMPString.
 # pkix	 : PrintableString, BMPString (PKIX recommendation after 2004).
 # utf8only: only UTF8Strings (PKIX recommendation after 2004).
 # nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
 # MASK:XXXX a literal mask value.
 string_mask = nombstr
 # req_extensions = v3_req # The extensions to add to a certificate request
 [ req_distinguished_name ]
 countryName			= Country Name (2 letter code)
 countryName_default		= $ENV::KEY_COUNTRY
 countryName_min			= 2
 countryName_max			= 2
 stateOrProvinceName		= State or Province Name (full name)
 stateOrProvinceName_default	= $ENV::KEY_PROVINCE
 localityName			= Locality Name (eg, city)
 localityName_default		= $ENV::KEY_CITY
 0.organizationName		= Organization Name (eg, company)
 0.organizationName_default	= $ENV::KEY_ORG
 # we can do this but it is not needed normally :-)
 #1.organizationName		= Second Organization Name (eg, company)
 #1.organizationName_default	= World Wide Web Pty Ltd
 organizationalUnitName		= Organizational Unit Name (eg, section)
 #organizationalUnitName_default	=
 commonName			= Common Name (eg, your name or your server\'s hostname)
 commonName_max			= 64
 name				= Name
 name_max			= 64
 emailAddress			= Email Address
 emailAddress_default		= $ENV::KEY_EMAIL
 emailAddress_max		= 40
 # JY -- added for batch mode
 organizationalUnitName_default = $ENV::KEY_OU
 commonName_default = $ENV::KEY_CN
 name_default = $ENV::KEY_NAME
 # SET-ex3			= SET extension number 3
 [ req_attributes ]
 challengePassword		= A challenge password
 challengePassword_min		= 4
 challengePassword_max		= 20
 unstructuredName		= An optional company name
 [ usr_cert ]
 # These extensions are added when 'ca' signs a request.
 # This goes against PKIX guidelines but some CAs do it and some software
 # requires this to avoid interpreting an end user certificate as a CA.
 basicConstraints=CA:FALSE
 # Here are some examples of the usage of nsCertType. If it is omitted
 # the certificate can be used for anything *except* object signing.
 # This is OK for an SSL server.
 # nsCertType			= server
 # For an object signing certificate this would be used.
 # nsCertType = objsign
 # For normal client use this is typical
 # nsCertType = client, email
 # and for everything including object signing:
 # nsCertType = client, email, objsign
 # This is typical in keyUsage for a client certificate.
 # keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 # This will be displayed in Netscape's comment listbox.
 nsComment			= "Easy-RSA Generated Certificate"
 # PKIX recommendations harmless if included in all certificates.
 subjectKeyIdentifier=hash
 authorityKeyIdentifier=keyid,issuer:always
 extendedKeyUsage=clientAuth
 keyUsage = digitalSignature
 # This stuff is for subjectAltName and issuerAltname.
 # Import the email address.
 # subjectAltName=email:copy
 subjectAltName=$ENV::KEY_ALTNAMES
 # Copy subject details
 # issuerAltName=issuer:copy
 #nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
 #nsBaseUrl
 #nsRevocationUrl
 #nsRenewalUrl
 #nsCaPolicyUrl
 #nsSslServerName
 [ server ]
 # JY ADDED -- Make a cert with nsCertType set to "server"
 basicConstraints=CA:FALSE
 nsCertType                     = server
 nsComment                      = "Easy-RSA Generated Server Certificate"
 subjectKeyIdentifier=hash
 authorityKeyIdentifier=keyid,issuer:always
 extendedKeyUsage=serverAuth
 keyUsage = digitalSignature, keyEncipherment
 subjectAltName=$ENV::KEY_ALTNAMES
 [ v3_req ]
 # Extensions to add to a certificate request
 basicConstraints = CA:FALSE
 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 [ v3_ca ]
 # Extensions for a typical CA
 # PKIX recommendation.
 subjectKeyIdentifier=hash
 authorityKeyIdentifier=keyid:always,issuer:always
 # This is what PKIX recommends but some broken software chokes on critical
 # extensions.
 #basicConstraints = critical,CA:true
 # So we do this instead.
 basicConstraints = CA:true
 # Key usage: this is typical for a CA certificate. However since it will
 # prevent it being used as an test self-signed certificate it is best
 # left out by default.
 # keyUsage = cRLSign, keyCertSign
 # Some might want this also
 # nsCertType = sslCA, emailCA
 # Include email address in subject alt name: another PKIX recommendation
 # subjectAltName=email:copy
 # Copy issuer details
 # issuerAltName=issuer:copy
 # DER hex encoding of an extension: beware experts only!
 # obj=DER:02:03
 # Where 'obj' is a standard or added object
 # You can even override a supported extension:
 # basicConstraints= critical, DER:30:03:01:01:FF
 [ crl_ext ]
 # CRL extensions.
 # Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
 # issuerAltName=issuer:copy
 authorityKeyIdentifier=keyid:always,issuer:always
 [ engine_section ]
 #
 # If you are using PKCS#11
 # Install engine_pkcs11 of opensc (www.opensc.org)
 # And uncomment the following
 # verify that dynamic_path points to the correct location
 #
 #pkcs11 = pkcs11_section
 [ pkcs11_section ]
 engine_id = pkcs11
 dynamic_path = /usr/lib/engines/engine_pkcs11.so
 MODULE_PATH = $ENV::PKCS11_MODULE_PATH
 PIN = $ENV::PKCS11_PIN
 init = 0
--- a/BLKR/openvpn/blkr/easy-rsa/openssl-1.0.0.cnf.ORIG
+++ b/BLKR/openvpn/blkr/easy-rsa/openssl-1.0.0.cnf.ORIG
@ -0,0 +1,288 @@
 # For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
 # This definition stops the following lines choking if HOME isn't
 # defined.
 HOME			= .
 RANDFILE		= $ENV::HOME/.rnd
 openssl_conf		= openssl_init
 [ openssl_init ]
 # Extra OBJECT IDENTIFIER info:
 #oid_file		= $ENV::HOME/.oid
 oid_section		= new_oids
 engines			= engine_section
 # To use this configuration file with the "-extfile" option of the
 # "openssl x509" utility, name here the section containing the
 # X.509v3 extensions to use:
 # extensions		=
 # (Alternatively, use a configuration file that has only
 # X.509v3 extensions in its main [= default] section.)
 [ new_oids ]
 # We can add new OIDs in here for use by 'ca' and 'req'.
 # Add a simple OID like this:
 # testoid1=1.2.3.4
 # Or use config file substitution like this:
 # testoid2=${testoid1}.5.6
 ####################################################################
 [ ca ]
 default_ca	= CA_default		# The default ca section
 ####################################################################
 [ CA_default ]
 dir		= $ENV::KEY_DIR		# Where everything is kept
 certs		= $dir			# Where the issued certs are kept
 crl_dir		= $dir			# Where the issued crl are kept
 database	= $dir/index.txt	# database index file.
 new_certs_dir	= $dir			# default place for new certs.
 certificate	= $dir/ca.crt	 	# The CA certificate
 serial		= $dir/serial 		# The current serial number
 crl		= $dir/crl.pem 		# The current CRL
 private_key	= $dir/ca.key		# The private key
 RANDFILE	= $dir/.rand		# private random number file
 x509_extensions	= usr_cert		# The extentions to add to the cert
 # Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
 # so this is commented out by default to leave a V1 CRL.
 # crl_extensions	= crl_ext
 default_days	= 3650			# how long to certify for
 default_crl_days= 30			# how long before next CRL
 default_md	= sha256		# use public key default MD
 preserve	= no			# keep passed DN ordering
 # A few difference way of specifying how similar the request should look
 # For type CA, the listed attributes must be the same, and the optional
 # and supplied fields are just that :-)
 policy		= policy_anything
 # For the CA policy
 [ policy_match ]
 countryName		= match
 stateOrProvinceName	= match
 organizationName	= match
 organizationalUnitName	= optional
 commonName		= supplied
 name			= optional
 emailAddress		= optional
 # For the 'anything' policy
 # At this point in time, you must list all acceptable 'object'
 # types.
 [ policy_anything ]
 countryName		= optional
 stateOrProvinceName	= optional
 localityName		= optional
 organizationName	= optional
 organizationalUnitName	= optional
 commonName		= supplied
 name			= optional
 emailAddress		= optional
 ####################################################################
 [ req ]
 default_bits		= $ENV::KEY_SIZE
 default_keyfile 	= privkey.pem
 default_md		= sha256
 distinguished_name	= req_distinguished_name
 attributes		= req_attributes
 x509_extensions	= v3_ca	# The extentions to add to the self signed cert
 # Passwords for private keys if not present they will be prompted for
 # input_password = secret
 # output_password = secret
 # This sets a mask for permitted string types. There are several options.
 # default: PrintableString, T61String, BMPString.
 # pkix	 : PrintableString, BMPString (PKIX recommendation after 2004).
 # utf8only: only UTF8Strings (PKIX recommendation after 2004).
 # nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
 # MASK:XXXX a literal mask value.
 string_mask = nombstr
 # req_extensions = v3_req # The extensions to add to a certificate request
 [ req_distinguished_name ]
 countryName			= Country Name (2 letter code)
 countryName_default		= $ENV::KEY_COUNTRY
 countryName_min			= 2
 countryName_max			= 2
 stateOrProvinceName		= State or Province Name (full name)
 stateOrProvinceName_default	= $ENV::KEY_PROVINCE
 localityName			= Locality Name (eg, city)
 localityName_default		= $ENV::KEY_CITY
 0.organizationName		= Organization Name (eg, company)
 0.organizationName_default	= $ENV::KEY_ORG
 # we can do this but it is not needed normally :-)
 #1.organizationName		= Second Organization Name (eg, company)
 #1.organizationName_default	= World Wide Web Pty Ltd
 organizationalUnitName		= Organizational Unit Name (eg, section)
 #organizationalUnitName_default	=
 commonName			= Common Name (eg, your name or your server\'s hostname)
 commonName_max			= 64
 name				= Name
 name_max			= 64
 emailAddress			= Email Address
 emailAddress_default		= $ENV::KEY_EMAIL
 emailAddress_max		= 40
 # JY -- added for batch mode
 organizationalUnitName_default = $ENV::KEY_OU
 commonName_default = $ENV::KEY_CN
 name_default = $ENV::KEY_NAME
 # SET-ex3			= SET extension number 3
 [ req_attributes ]
 challengePassword		= A challenge password
 challengePassword_min		= 4
 challengePassword_max		= 20
 unstructuredName		= An optional company name
 [ usr_cert ]
 # These extensions are added when 'ca' signs a request.
 # This goes against PKIX guidelines but some CAs do it and some software
 # requires this to avoid interpreting an end user certificate as a CA.
 basicConstraints=CA:FALSE
 # Here are some examples of the usage of nsCertType. If it is omitted
 # the certificate can be used for anything *except* object signing.
 # This is OK for an SSL server.
 # nsCertType			= server
 # For an object signing certificate this would be used.
 # nsCertType = objsign
 # For normal client use this is typical
 # nsCertType = client, email
 # and for everything including object signing:
 # nsCertType = client, email, objsign
 # This is typical in keyUsage for a client certificate.
 # keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 # This will be displayed in Netscape's comment listbox.
 nsComment			= "Easy-RSA Generated Certificate"
 # PKIX recommendations harmless if included in all certificates.
 subjectKeyIdentifier=hash
 authorityKeyIdentifier=keyid,issuer:always
 extendedKeyUsage=clientAuth
 keyUsage = digitalSignature
 # This stuff is for subjectAltName and issuerAltname.
 # Import the email address.
 # subjectAltName=email:copy
 subjectAltName=$ENV::KEY_ALTNAMES
 # Copy subject details
 # issuerAltName=issuer:copy
 #nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
 #nsBaseUrl
 #nsRevocationUrl
 #nsRenewalUrl
 #nsCaPolicyUrl
 #nsSslServerName
 [ server ]
 # JY ADDED -- Make a cert with nsCertType set to "server"
 basicConstraints=CA:FALSE
 nsCertType                     = server
 nsComment                      = "Easy-RSA Generated Server Certificate"
 subjectKeyIdentifier=hash
 authorityKeyIdentifier=keyid,issuer:always
 extendedKeyUsage=serverAuth
 keyUsage = digitalSignature, keyEncipherment
 subjectAltName=$ENV::KEY_ALTNAMES
 [ v3_req ]
 # Extensions to add to a certificate request
 basicConstraints = CA:FALSE
 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 [ v3_ca ]
 # Extensions for a typical CA
 # PKIX recommendation.
 subjectKeyIdentifier=hash
 authorityKeyIdentifier=keyid:always,issuer:always
 # This is what PKIX recommends but some broken software chokes on critical
 # extensions.
 #basicConstraints = critical,CA:true
 # So we do this instead.
 basicConstraints = CA:true
 # Key usage: this is typical for a CA certificate. However since it will
 # prevent it being used as an test self-signed certificate it is best
 # left out by default.
 # keyUsage = cRLSign, keyCertSign
 # Some might want this also
 # nsCertType = sslCA, emailCA
 # Include email address in subject alt name: another PKIX recommendation
 # subjectAltName=email:copy
 # Copy issuer details
 # issuerAltName=issuer:copy
 # DER hex encoding of an extension: beware experts only!
 # obj=DER:02:03
 # Where 'obj' is a standard or added object
 # You can even override a supported extension:
 # basicConstraints= critical, DER:30:03:01:01:FF
 [ crl_ext ]
 # CRL extensions.
 # Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
 # issuerAltName=issuer:copy
 authorityKeyIdentifier=keyid:always,issuer:always
 [ engine_section ]
 #
 # If you are using PKCS#11
 # Install engine_pkcs11 of opensc (www.opensc.org)
 # And uncomment the following
 # verify that dynamic_path points to the correct location
 #
 #pkcs11 = pkcs11_section
 [ pkcs11_section ]
 engine_id = pkcs11
 dynamic_path = /usr/lib/engines/engine_pkcs11.so
 MODULE_PATH = $ENV::PKCS11_MODULE_PATH
 PIN = $ENV::PKCS11_PIN
 init = 0
--- a/BLKR/openvpn/blkr/easy-rsa/openssl.cnf
+++ b/BLKR/openvpn/blkr/easy-rsa/openssl.cnf
@ -0,0 +1 @@
 /etc/openvpn/blkr/easy-rsa/openssl-1.0.0.cnf
--- a/BLKR/openvpn/blkr/easy-rsa/pkitool
+++ b/BLKR/openvpn/blkr/easy-rsa/pkitool
@ -0,0 +1 @@
 /usr/share/easy-rsa/pkitool
--- a/BLKR/openvpn/blkr/easy-rsa/revoke-full
+++ b/BLKR/openvpn/blkr/easy-rsa/revoke-full
@ -0,0 +1 @@
 /usr/share/easy-rsa/revoke-full
--- a/BLKR/openvpn/blkr/easy-rsa/sign-req
+++ b/BLKR/openvpn/blkr/easy-rsa/sign-req
@ -0,0 +1 @@
 /usr/share/easy-rsa/sign-req
--- a/BLKR/openvpn/blkr/easy-rsa/vars
+++ b/BLKR/openvpn/blkr/easy-rsa/vars
@ -0,0 +1,96 @@
 # easy-rsa parameter settings
 # NOTE: If you installed from an RPM,
 # don't edit this file in place in
 # /usr/share/openvpn/easy-rsa --
 # instead, you should copy the whole
 # easy-rsa directory to another location
 # (such as /etc/openvpn) so that your
 # edits will not be wiped out by a future
 # OpenVPN package upgrade.
 # This variable should point to
 # the top level of the easy-rsa
 # tree.
 ##export EASY_RSA="`pwd`"
 export BASE_DIR="/etc/openvpn/blkr"
 export EASY_RSA="$BASE_DIR/easy-rsa"
 #
 # This variable should point to
 # the requested executables
 #
 export OPENSSL="openssl"
 export PKCS11TOOL="pkcs11-tool"
 export GREP="grep"
 # This variable should point to
 # the openssl.cnf file included
 # with easy-rsa.
 export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
 # Edit this variable to point to
 # your soon-to-be-created key
 # directory.
 #
 # WARNING: clean-all will do
 # a rm -rf on this directory
 # so make sure you define
 # it correctly!
 ##export KEY_DIR="$EASY_RSA/keys"
 export KEY_DIR="$BASE_DIR/keys"
 # Issue rm -rf warning
 echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
 # PKCS11 fixes
 export PKCS11_MODULE_PATH="dummy"
 export PKCS11_PIN="dummy"
 # Increase this to 2048 if you
 # are paranoid.  This will slow
 # down TLS negotiation performance
 # as well as the one-time DH parms
 # generation process.
 ##export KEY_SIZE=2048
 export KEY_SIZE=4096
 # In how many days should the root CA key expire?
 ##export CA_EXPIRE=3650
 export CA_EXPIRE=11688
 # In how many days should certificates expire?
 ##export KEY_EXPIRE=3650
 export KEY_EXPIRE=7305
 # These are the default values for fields
 # which will be placed in the certificate.
 # Don't leave any of these fields blank.
 ##export KEY_COUNTRY="US"
 export KEY_COUNTRY="DE"
 ##export KEY_PROVINCE="CA"
 export KEY_PROVINCE="Berlin"
 ##export KEY_CITY="SanFrancisco"
 export KEY_CITY="Berlin"
 ##export KEY_ORG="Fort-Funston"
 export KEY_ORG="o.open"
 ##export KEY_EMAIL="me@myhost.mydomain"
 export KEY_EMAIL="argus@oopen.de"
 ##export KEY_OU="MyOrganizationalUnit"
 export KEY_OU="Network Services"
 # X509 Subject Field
 ##export KEY_NAME="EasyRSA"
 export KEY_NAME="VPN BLKR"
 # PKCS11 Smart Card
 # export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
 # export PKCS11_PIN=1234
 # If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
 # You will also need to make sure your OpenVPN server config has the duplicate-cn option set
 ## export KEY_CN="CommonName"
 export KEY_CN="VPN-BLKR"
 export KEY_ALTNAMES="VPN-BLKR"
--- a/BLKR/openvpn/blkr/easy-rsa/vars.2018-10-14-1321
+++ b/BLKR/openvpn/blkr/easy-rsa/vars.2018-10-14-1321
@ -0,0 +1,80 @@
 # easy-rsa parameter settings
 # NOTE: If you installed from an RPM,
 # don't edit this file in place in
 # /usr/share/openvpn/easy-rsa --
 # instead, you should copy the whole
 # easy-rsa directory to another location
 # (such as /etc/openvpn) so that your
 # edits will not be wiped out by a future
 # OpenVPN package upgrade.
 # This variable should point to
 # the top level of the easy-rsa
 # tree.
 export EASY_RSA="`pwd`"
 #
 # This variable should point to
 # the requested executables
 #
 export OPENSSL="openssl"
 export PKCS11TOOL="pkcs11-tool"
 export GREP="grep"
 # This variable should point to
 # the openssl.cnf file included
 # with easy-rsa.
 export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
 # Edit this variable to point to
 # your soon-to-be-created key
 # directory.
 #
 # WARNING: clean-all will do
 # a rm -rf on this directory
 # so make sure you define
 # it correctly!
 export KEY_DIR="$EASY_RSA/keys"
 # Issue rm -rf warning
 echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
 # PKCS11 fixes
 export PKCS11_MODULE_PATH="dummy"
 export PKCS11_PIN="dummy"
 # Increase this to 2048 if you
 # are paranoid.  This will slow
 # down TLS negotiation performance
 # as well as the one-time DH parms
 # generation process.
 export KEY_SIZE=2048
 # In how many days should the root CA key expire?
 export CA_EXPIRE=3650
 # In how many days should certificates expire?
 export KEY_EXPIRE=3650
 # These are the default values for fields
 # which will be placed in the certificate.
 # Don't leave any of these fields blank.
 export KEY_COUNTRY="US"
 export KEY_PROVINCE="CA"
 export KEY_CITY="SanFrancisco"
 export KEY_ORG="Fort-Funston"
 export KEY_EMAIL="me@myhost.mydomain"
 export KEY_OU="MyOrganizationalUnit"
 # X509 Subject Field
 export KEY_NAME="EasyRSA"
 # PKCS11 Smart Card
 # export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
 # export PKCS11_PIN=1234
 # If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
 # You will also need to make sure your OpenVPN server config has the duplicate-cn option set
 # export KEY_CN="CommonName"
--- a/BLKR/openvpn/blkr/easy-rsa/whichopensslcnf
+++ b/BLKR/openvpn/blkr/easy-rsa/whichopensslcnf
@ -0,0 +1 @@
 /usr/share/easy-rsa/whichopensslcnf
--- a/BLKR/openvpn/blkr/keys-created.txt
+++ b/BLKR/openvpn/blkr/keys-created.txt
@ -0,0 +1,8 @@
 key...............: chris.key
 common name.......: VPN-BLKR-chris
 password..........: dbddhkpuka.&EadGl15E.
 key...............: julius.key
 common name.......: VPN-BLKR-julius
 password..........: gt9K/3PJ4xN%
--- a/BLKR/openvpn/blkr/keys/01.pem
+++ b/BLKR/openvpn/blkr/keys/01.pem
@ -0,0 +1,141 @@
 Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-BLKR/name=VPN BLKR/emailAddress=argus@oopen.de
        Validity
            Not Before: Oct 14 21:23:17 2018 GMT
            Not After : Oct 14 21:23:17 2038 GMT
        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-BLKR-server/name=VPN BLKR/emailAddress=argus@oopen.de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (4096 bit)
                Modulus:
                    00:e1:41:1d:ef:50:16:69:a2:68:b8:5a:27:ab:a9:
                    df:96:c8:5b:57:dc:81:41:c3:d5:61:48:75:b8:e3:
                    e3:3b:b8:4f:5e:fa:c8:a5:bd:58:7d:90:e1:70:c0:
                    91:fc:df:19:1a:e9:6d:0f:ae:5e:5c:1e:a5:14:ad:
                    d3:2c:09:77:32:3a:84:5e:06:08:ed:4d:05:a0:69:
                    6a:8c:e4:2b:3c:60:07:2f:87:da:19:3d:f9:d6:2c:
                    16:a9:4f:1b:0c:d2:bc:48:5c:90:55:21:98:85:16:
                    93:c7:3b:62:e6:fe:3f:5c:5c:22:6b:8f:81:5a:bd:
                    27:27:b1:af:6c:c1:af:1a:3b:40:33:4b:33:35:7d:
                    21:0b:31:1f:0e:3c:46:77:33:dc:87:e0:82:e0:31:
                    9a:f0:d7:93:a2:a3:89:6b:0b:9a:aa:fb:2b:14:9c:
                    39:a9:fe:87:f3:76:6c:e2:0d:60:d2:da:2c:03:7b:
                    ea:48:13:31:93:a2:ab:40:8c:a0:ef:fb:bd:3e:c9:
                    b6:75:ed:35:fd:8b:d7:04:fc:4e:c0:b0:12:af:3b:
                    99:00:71:52:a6:d0:3b:16:f8:5a:98:3c:a2:5b:76:
                    0c:d8:36:35:3a:0a:1a:dc:2f:bd:f8:05:6d:dd:40:
                    df:93:cb:da:92:f0:63:d0:24:7a:e2:2a:ef:af:3e:
                    ad:95:54:27:1f:f4:82:18:ce:b9:e3:9b:e7:76:12:
                    f7:7e:79:4b:45:fe:a9:34:7a:2a:7e:03:0b:57:b7:
                    2e:1f:ff:99:ac:f9:26:94:89:6c:ac:94:fa:01:39:
                    c3:15:12:f2:e8:40:93:43:06:f6:ba:be:ab:58:8c:
                    b3:0c:01:f0:22:2e:f2:a1:3b:07:b1:01:a1:b7:cc:
                    29:a2:c1:59:60:b9:2b:9c:22:5e:03:46:74:dd:d9:
                    9f:04:05:18:3b:34:d6:74:49:13:da:33:7e:83:57:
                    01:e2:9e:a6:ff:36:e4:81:f5:62:23:79:52:a3:13:
                    e1:f3:55:d3:b2:15:9d:ec:ce:5a:78:0e:97:ad:0a:
                    ef:d1:d3:1c:c6:38:1e:a6:56:32:e2:6c:11:8f:26:
                    b9:8d:5b:3a:c0:d6:01:b2:c4:fd:1c:96:31:a4:98:
                    19:2f:c7:e2:f4:49:a7:df:a3:91:49:1e:3d:f0:c1:
                    1e:67:27:54:f6:4f:7a:ec:0a:33:91:d2:7d:86:87:
                    93:d0:7c:14:5d:57:35:86:ee:5a:1c:4d:d3:3d:74:
                    4b:f0:20:af:c9:cc:ab:c7:ec:66:a5:f8:ae:5e:e9:
                    79:a6:8c:e7:2c:fc:76:f2:8b:a5:c4:47:47:40:0f:
                    10:97:14:7d:f5:bd:96:77:25:b6:53:f6:f1:35:ae:
                    96:7e:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            Netscape Cert Type: 
                SSL Server
            Netscape Comment: 
                Easy-RSA Generated Server Certificate
            X509v3 Subject Key Identifier: 
                10:58:52:1D:17:5E:26:24:8B:10:AA:B2:C7:F9:CF:88:7E:2E:2B:7E
            X509v3 Authority Key Identifier: 
                keyid:F6:77:A3:99:24:82:B9:8D:83:62:A2:FC:C4:7B:AD:CA:D6:6E:F9:E2
                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-BLKR/name=VPN BLKR/emailAddress=argus@oopen.de
                serial:D4:35:92:4A:3F:D5:35:D6
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication
            X509v3 Key Usage: 
                Digital Signature, Key Encipherment
            X509v3 Subject Alternative Name: 
                DNS:server
    Signature Algorithm: sha256WithRSAEncryption
         d3:04:a5:22:2f:3f:f0:2c:4b:17:42:7e:cf:60:01:3f:13:95:
         63:37:bb:94:60:fd:77:0f:38:4b:d0:72:cd:17:bc:e4:ca:ad:
         4f:85:e2:7c:ab:e1:cb:c5:b9:08:9d:2a:bb:29:e1:c2:33:42:
         26:de:25:7e:a1:fe:5c:79:3c:37:9c:dd:ed:3d:86:15:e1:84:
         69:95:ff:91:de:18:f3:1f:a8:41:7a:77:c2:d9:b4:da:74:af:
         c3:bc:b5:49:92:e1:12:5c:07:51:ac:15:67:8d:8c:a5:83:3d:
         a3:99:80:f5:f4:20:41:78:29:4c:bf:ec:6d:9b:30:c6:0e:db:
         b1:6b:e9:58:3d:e3:aa:b0:9d:eb:43:2b:c1:f0:69:ae:34:65:
         b2:3f:bb:bb:ef:51:87:73:18:d4:0c:f6:07:f2:f9:d9:91:fe:
         46:fa:de:dd:86:6d:7c:e7:bc:c0:c9:c8:60:90:2c:c5:da:bf:
         71:28:50:13:7c:37:6b:47:bc:b4:7a:a9:3f:bc:67:81:cf:ed:
         94:bb:54:3c:00:46:01:0a:e4:73:24:64:71:a0:7f:44:dd:ba:
         83:3b:42:a0:9f:1c:0f:fd:31:bd:e0:d5:b7:69:22:9d:63:dc:
         f9:94:b8:57:c4:7d:a3:52:29:c7:a1:78:c0:0f:f6:72:ab:75:
         9d:5c:c8:2c:05:c9:2f:e4:73:1d:fd:41:8a:69:87:c9:be:c0:
         7b:b7:ce:7a:d5:f9:04:f6:9f:c9:4b:c4:76:2a:d1:73:67:e6:
         e5:8e:04:9e:01:e9:7b:62:84:12:54:f3:29:af:83:45:a7:e2:
         bb:c2:2a:8c:16:68:5b:37:67:dd:18:47:67:03:0b:ff:0f:6e:
         c4:71:0b:c2:a7:a6:e4:d8:4e:9e:4c:d8:a1:5d:4b:9e:24:02:
         b9:bf:8d:3d:fd:64:66:34:32:a7:d3:e9:ab:cf:dc:2b:48:67:
         ff:63:be:b9:d2:e5:74:4d:53:10:d2:31:b0:44:23:1a:29:6d:
         35:00:98:39:2b:82:74:2e:73:75:dd:47:9a:e8:6d:72:ed:31:
         53:b5:53:b9:71:46:3d:84:25:79:ee:3d:90:cc:48:9d:bd:5d:
         8b:31:93:61:2f:4c:3f:87:92:45:ab:9a:e9:4c:01:6d:51:c9:
         4d:ea:f7:35:11:cf:d3:83:c6:48:4b:a8:f5:14:d1:a0:19:3f:
         27:04:2e:0a:61:5e:d5:53:53:15:47:ed:25:2d:db:14:26:8b:
         16:b0:58:6d:91:9a:a2:5e:a4:94:d6:a2:0d:3e:83:ff:7c:19:
         0d:2d:19:97:e5:1b:e1:a2:f4:56:96:bb:11:47:2c:a3:98:94:
         a4:ad:7e:3d:5b:51:24:59
 -----BEGIN CERTIFICATE-----
 MIIHSjCCBTKgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCREUx
 DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
 ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxETAPBgNVBAMTCFZQTi1CTEtS
 MREwDwYDVQQpEwhWUE4gQkxLUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4u
 ZGUwHhcNMTgxMDE0MjEyMzE3WhcNMzgxMDE0MjEyMzE3WjCBpzELMAkGA1UEBhMC
 REUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZv
 Lm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGDAWBgNVBAMTD1ZQTi1C
 TEtSLXNlcnZlcjERMA8GA1UEKRMIVlBOIEJMS1IxHTAbBgkqhkiG9w0BCQEWDmFy
 Z3VzQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4UEd
 71AWaaJouFonq6nflshbV9yBQcPVYUh1uOPjO7hPXvrIpb1YfZDhcMCR/N8ZGult
 D65eXB6lFK3TLAl3MjqEXgYI7U0FoGlqjOQrPGAHL4faGT351iwWqU8bDNK8SFyQ
 VSGYhRaTxzti5v4/XFwia4+BWr0nJ7GvbMGvGjtAM0szNX0hCzEfDjxGdzPch+CC
 4DGa8NeToqOJawuaqvsrFJw5qf6H83Zs4g1g0tosA3vqSBMxk6KrQIyg7/u9Psm2
 de01/YvXBPxOwLASrzuZAHFSptA7FvhamDyiW3YM2DY1Ogoa3C+9+AVt3UDfk8va
 kvBj0CR64irvrz6tlVQnH/SCGM6545vndhL3fnlLRf6pNHoqfgMLV7cuH/+ZrPkm
 lIlsrJT6ATnDFRLy6ECTQwb2ur6rWIyzDAHwIi7yoTsHsQGht8wposFZYLkrnCJe
 A0Z03dmfBAUYOzTWdEkT2jN+g1cB4p6m/zbkgfViI3lSoxPh81XTshWd7M5aeA6X
 rQrv0dMcxjgeplYy4mwRjya5jVs6wNYBssT9HJYxpJgZL8fi9Emn36ORSR498MEe
 ZydU9k967AozkdJ9hoeT0HwUXVc1hu5aHE3TPXRL8CCvycyrx+xmpfiuXul5pozn
 LPx28oulxEdHQA8QlxR99b2WdyW2U/bxNa6WficCAwEAAaOCAYQwggGAMAkGA1Ud
 EwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMDQGCWCGSAGG+EIBDQQnFiVFYXN5LVJT
 QSBHZW5lcmF0ZWQgU2VydmVyIENlcnRpZmljYXRlMB0GA1UdDgQWBBQQWFIdF14m
 JIsQqrLH+c+Ifi4rfjCB1QYDVR0jBIHNMIHKgBT2d6OZJIK5jYNiovzEe63K1m75
 4qGBpqSBozCBoDELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UE
 BxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2Vy
 dmljZXMxETAPBgNVBAMTCFZQTi1CTEtSMREwDwYDVQQpEwhWUE4gQkxLUjEdMBsG
 CSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDUNZJKP9U11jATBgNVHSUEDDAK
 BggrBgEFBQcDATALBgNVHQ8EBAMCBaAwEQYDVR0RBAowCIIGc2VydmVyMA0GCSqG
 SIb3DQEBCwUAA4ICAQDTBKUiLz/wLEsXQn7PYAE/E5VjN7uUYP13DzhL0HLNF7zk
 yq1PheJ8q+HLxbkInSq7KeHCM0Im3iV+of5ceTw3nN3tPYYV4YRplf+R3hjzH6hB
 enfC2bTadK/DvLVJkuESXAdRrBVnjYylgz2jmYD19CBBeClMv+xtmzDGDtuxa+lY
 PeOqsJ3rQyvB8GmuNGWyP7u771GHcxjUDPYH8vnZkf5G+t7dhm1857zAychgkCzF
 2r9xKFATfDdrR7y0eqk/vGeBz+2Uu1Q8AEYBCuRzJGRxoH9E3bqDO0KgnxwP/TG9
 4NW3aSKdY9z5lLhXxH2jUinHoXjAD/Zyq3WdXMgsBckv5HMd/UGKaYfJvsB7t856
 1fkE9p/JS8R2KtFzZ+bljgSeAel7YoQSVPMpr4NFp+K7wiqMFmhbN2fdGEdnAwv/
 D27EcQvCp6bk2E6eTNihXUueJAK5v409/WRmNDKn0+mrz9wrSGf/Y7650uV0TVMQ
 0jGwRCMaKW01AJg5K4J0LnN13Uea6G1y7TFTtVO5cUY9hCV57j2QzEidvV2LMZNh
 L0w/h5JFq5rpTAFtUclN6vc1Ec/Tg8ZIS6j1FNGgGT8nBC4KYV7VU1MVR+0lLdsU
 JosWsFhtkZqiXqSU1qINPoP/fBkNLRmX5RvhovRWlrsRRyyjmJSkrX49W1EkWQ==
 -----END CERTIFICATE-----
--- a/BLKR/openvpn/blkr/keys/02.pem
+++ b/BLKR/openvpn/blkr/keys/02.pem
@ -0,0 +1,139 @@
 Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-BLKR/name=VPN BLKR/emailAddress=argus@oopen.de
        Validity
            Not Before: Oct 14 22:36:55 2018 GMT
            Not After : Oct 14 22:36:55 2038 GMT
        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-BLKR-chris/name=VPN BLKR/emailAddress=argus@oopen.de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (4096 bit)
                Modulus:
                    00:a8:66:71:39:ac:62:a8:95:f4:55:3b:d9:9e:1a:
                    08:18:c0:f0:db:05:00:a5:e5:e0:3f:23:21:b6:b0:
                    69:29:4c:3c:ad:d6:ee:e9:88:25:df:11:c6:8d:46:
                    57:08:55:f9:c2:67:68:bf:f9:e7:5f:06:44:78:a1:
                    91:13:47:8d:93:64:aa:d0:bd:24:ca:a0:91:e5:51:
                    76:ec:9b:13:3d:52:c8:99:7a:1d:39:c9:91:04:86:
                    4b:b4:a2:12:a9:96:9c:5b:b8:45:19:e6:d8:f8:31:
                    31:4c:f6:23:71:36:bf:51:01:38:6b:b6:8f:06:28:
                    f6:6f:8a:5f:0c:25:e0:55:18:04:1d:82:5c:97:37:
                    8b:60:a7:5f:8e:1c:28:97:ee:a1:53:69:91:73:19:
                    86:78:03:e4:aa:c0:40:70:42:bb:1e:f4:69:07:30:
                    a8:2a:95:81:bf:c2:38:48:cd:80:ed:9b:2f:31:20:
                    a0:25:07:66:b6:45:70:e5:cd:21:f6:f8:12:9d:3c:
                    01:53:10:df:10:af:0f:9b:c0:1b:a9:f0:0a:e7:5f:
                    29:39:57:c0:f1:27:24:b1:30:70:a2:9f:1c:43:05:
                    a5:66:87:0d:7d:d4:4e:77:a9:8e:51:84:2d:8c:2e:
                    6d:85:72:9a:07:3d:89:23:1b:08:20:05:d8:82:9b:
                    29:cc:63:21:8d:c9:76:99:36:f7:87:69:07:a1:18:
                    e1:ad:2b:ef:99:69:af:9e:71:56:ff:80:87:06:c5:
                    2f:25:ff:bf:ea:25:f6:5f:65:fc:75:c0:fb:34:dc:
                    50:0c:ca:ef:06:6a:43:b7:0e:f8:2b:85:e5:c3:1c:
                    79:4b:b6:95:29:78:a9:c5:ca:ed:e1:eb:76:d9:bc:
                    e1:d3:bf:48:c6:bc:5f:ed:1b:15:f8:78:d8:7c:14:
                    75:b8:e1:8d:54:4e:4e:00:d8:08:20:e5:22:73:0e:
                    b6:47:47:35:0e:a0:a9:f3:9a:ad:66:48:13:c1:7a:
                    dc:ed:be:17:0c:72:5c:0f:3b:3f:4f:ee:a5:a8:1b:
                    81:6a:41:ce:42:18:6f:3c:8b:b5:0b:31:75:ff:c6:
                    fe:d4:fe:d6:45:ed:6c:c9:bf:a1:b4:6f:69:53:06:
                    f9:55:a0:bb:27:b9:b3:26:40:3d:0b:e0:d6:14:79:
                    0e:f5:1a:a7:6c:72:9b:e0:e9:09:29:b6:fe:d9:73:
                    bf:46:1f:b2:c6:ec:97:ce:56:66:a3:05:3d:d5:6b:
                    d0:51:62:16:73:5f:09:13:fe:2c:9a:b1:cd:35:39:
                    72:a5:81:48:d2:f4:a7:b1:e4:b0:9f:1a:01:e6:69:
                    63:26:20:00:e3:75:a3:70:46:12:88:10:69:e0:b8:
                    a0:39:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            Netscape Comment: 
                Easy-RSA Generated Certificate
            X509v3 Subject Key Identifier: 
                A2:55:31:B6:32:A8:85:A8:CE:83:56:87:CE:B3:E6:75:DF:AF:AE:91
            X509v3 Authority Key Identifier: 
                keyid:F6:77:A3:99:24:82:B9:8D:83:62:A2:FC:C4:7B:AD:CA:D6:6E:F9:E2
                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-BLKR/name=VPN BLKR/emailAddress=argus@oopen.de
                serial:D4:35:92:4A:3F:D5:35:D6
            X509v3 Extended Key Usage: 
                TLS Web Client Authentication
            X509v3 Key Usage: 
                Digital Signature
            X509v3 Subject Alternative Name: 
                DNS:chris
    Signature Algorithm: sha256WithRSAEncryption
         d3:03:f8:c0:01:61:13:22:1f:12:20:fc:70:e2:cd:91:bc:d0:
         e8:30:0d:bd:7c:19:d7:10:25:fd:af:50:12:30:f2:ab:59:27:
         d4:71:21:b8:de:54:32:dd:e9:f9:d5:b8:8d:d7:0b:d5:6b:3b:
         ac:b7:8b:a3:5c:76:14:b2:33:73:2d:a7:c2:fe:fb:e3:d6:ea:
         fa:19:ad:d9:bd:a3:f2:d7:56:e1:9b:87:fc:62:73:fa:f8:74:
         4a:f4:4e:20:78:6a:3d:0e:42:be:f6:89:68:ff:e7:75:24:53:
         42:6a:5e:a2:ed:f1:fb:28:a4:8d:2e:c6:2a:38:b1:46:73:5e:
         da:97:47:c4:6b:d8:bf:bc:f1:a5:5c:ed:b4:a8:ec:2e:70:5f:
         fe:a1:e7:6e:82:74:fb:f1:0e:a8:57:58:93:a2:43:82:73:83:
         3e:92:f3:11:4c:9e:ce:0c:99:3f:75:42:4a:73:d4:b0:d1:6a:
         49:72:83:1e:b5:e8:d0:4a:d0:3c:fb:c3:5e:6d:12:2a:1f:8e:
         95:df:8d:91:ee:8a:28:75:54:1c:00:9d:ce:42:79:4f:73:c8:
         07:ed:a0:b5:8e:2e:29:36:a7:91:ff:7c:bf:9f:be:7d:71:53:
         da:32:69:e5:ba:60:c9:95:18:5f:a4:62:16:a0:03:8c:32:65:
         11:7e:c4:6b:12:2c:59:c8:14:65:95:08:8f:d8:b8:89:f8:3c:
         53:aa:2b:e9:29:27:51:e1:53:f7:e9:50:eb:67:50:c6:19:5c:
         cb:d0:af:d6:a4:e5:bd:7c:89:c7:6f:04:7c:6f:32:a4:0b:3c:
         51:38:98:79:50:8a:12:b5:03:f7:87:84:60:e5:d7:82:93:99:
         2c:f6:56:27:0c:f5:36:1e:19:87:12:53:6d:e8:b5:6f:d5:e8:
         c6:e6:f6:18:ae:d4:38:68:7f:02:e2:37:52:2b:37:ea:43:bd:
         46:72:f5:71:bf:10:48:b5:5a:d3:c5:32:1c:65:5b:3c:26:e5:
         2a:66:a6:ed:7e:d2:56:f6:43:2b:dc:0c:84:6d:c9:5b:d5:1c:
         53:1e:e3:07:eb:46:37:74:66:ce:31:07:95:a5:f2:fb:b1:95:
         ec:eb:ed:a7:3a:d8:b9:4a:f4:e5:49:b3:4c:11:00:c2:04:65:
         01:be:2f:4e:34:b8:23:eb:0f:cc:1f:0a:1d:76:12:88:26:e4:
         10:c1:0d:61:e6:16:67:33:a5:25:26:3c:fb:86:a6:ce:17:84:
         8d:66:e5:35:9d:02:b7:8a:63:a5:71:1a:df:b2:65:de:ef:64:
         9a:88:e3:65:e8:4c:92:13:10:f7:58:ae:93:0f:4c:5c:ec:6d:
         38:39:5f:c5:b0:ec:04:89
 -----BEGIN CERTIFICATE-----
 MIIHLjCCBRagAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCREUx
 DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
 ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxETAPBgNVBAMTCFZQTi1CTEtS
 MREwDwYDVQQpEwhWUE4gQkxLUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4u
 ZGUwHhcNMTgxMDE0MjIzNjU1WhcNMzgxMDE0MjIzNjU1WjCBpjELMAkGA1UEBhMC
 REUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZv
 Lm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFzAVBgNVBAMTDlZQTi1C
 TEtSLWNocmlzMREwDwYDVQQpEwhWUE4gQkxLUjEdMBsGCSqGSIb3DQEJARYOYXJn
 dXNAb29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCoZnE5
 rGKolfRVO9meGggYwPDbBQCl5eA/IyG2sGkpTDyt1u7piCXfEcaNRlcIVfnCZ2i/
 +edfBkR4oZETR42TZKrQvSTKoJHlUXbsmxM9UsiZeh05yZEEhku0ohKplpxbuEUZ
 5tj4MTFM9iNxNr9RAThrto8GKPZvil8MJeBVGAQdglyXN4tgp1+OHCiX7qFTaZFz
 GYZ4A+SqwEBwQrse9GkHMKgqlYG/wjhIzYDtmy8xIKAlB2a2RXDlzSH2+BKdPAFT
 EN8Qrw+bwBup8ArnXyk5V8DxJySxMHCinxxDBaVmhw191E53qY5RhC2MLm2FcpoH
 PYkjGwggBdiCmynMYyGNyXaZNveHaQehGOGtK++Zaa+ecVb/gIcGxS8l/7/qJfZf
 Zfx1wPs03FAMyu8GakO3DvgrheXDHHlLtpUpeKnFyu3h63bZvOHTv0jGvF/tGxX4
 eNh8FHW44Y1UTk4A2Agg5SJzDrZHRzUOoKnzmq1mSBPBetztvhcMclwPOz9P7qWo
 G4FqQc5CGG88i7ULMXX/xv7U/tZF7WzJv6G0b2lTBvlVoLsnubMmQD0L4NYUeQ71
 Gqdscpvg6Qkptv7Zc79GH7LG7JfOVmajBT3Va9BRYhZzXwkT/iyasc01OXKlgUjS
 9Kex5LCfGgHmaWMmIADjdaNwRhKIEGnguKA5+wIDAQABo4IBaTCCAWUwCQYDVR0T
 BAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2VuZXJhdGVkIENlcnRpZmlj
 YXRlMB0GA1UdDgQWBBSiVTG2MqiFqM6DVofOs+Z136+ukTCB1QYDVR0jBIHNMIHK
 gBT2d6OZJIK5jYNiovzEe63K1m754qGBpqSBozCBoDELMAkGA1UEBhMCREUxDzAN
 BgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4x
 GTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxETAPBgNVBAMTCFZQTi1CTEtSMREw
 DwYDVQQpEwhWUE4gQkxLUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWC
 CQDUNZJKP9U11jATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEAYD
 VR0RBAkwB4IFY2hyaXMwDQYJKoZIhvcNAQELBQADggIBANMD+MABYRMiHxIg/HDi
 zZG80OgwDb18GdcQJf2vUBIw8qtZJ9RxIbjeVDLd6fnVuI3XC9VrO6y3i6NcdhSy
 M3Mtp8L+++PW6voZrdm9o/LXVuGbh/xic/r4dEr0TiB4aj0OQr72iWj/53UkU0Jq
 XqLt8fsopI0uxio4sUZzXtqXR8Rr2L+88aVc7bSo7C5wX/6h526CdPvxDqhXWJOi
 Q4Jzgz6S8xFMns4MmT91Qkpz1LDRaklygx616NBK0Dz7w15tEiofjpXfjZHuiih1
 VBwAnc5CeU9zyAftoLWOLik2p5H/fL+fvn1xU9oyaeW6YMmVGF+kYhagA4wyZRF+
 xGsSLFnIFGWVCI/YuIn4PFOqK+kpJ1HhU/fpUOtnUMYZXMvQr9ak5b18icdvBHxv
 MqQLPFE4mHlQihK1A/eHhGDl14KTmSz2VicM9TYeGYcSU23otW/V6Mbm9hiu1Dho
 fwLiN1IrN+pDvUZy9XG/EEi1WtPFMhxlWzwm5Spmpu1+0lb2QyvcDIRtyVvVHFMe
 4wfrRjd0Zs4xB5Wl8vuxlezr7ac62LlK9OVJs0wRAMIEZQG+L040uCPrD8wfCh12
 Eogm5BDBDWHmFmczpSUmPPuGps4XhI1m5TWdAreKY6VxGt+yZd7vZJqI42XoTJIT
 EPdYrpMPTFzsbTg5X8Ww7ASJ
 -----END CERTIFICATE-----
--- a/BLKR/openvpn/blkr/keys/03.pem
+++ b/BLKR/openvpn/blkr/keys/03.pem
@ -0,0 +1,139 @@
 Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3 (0x3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-BLKR/name=VPN BLKR/emailAddress=argus@oopen.de
        Validity
            Not Before: Oct 14 22:46:34 2018 GMT
            Not After : Oct 14 22:46:34 2038 GMT
        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-BLKR-julius/name=VPN BLKR/emailAddress=argus@oopen.de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (4096 bit)
                Modulus:
                    00:b1:11:6d:90:ce:eb:64:c0:02:b1:4d:a6:d5:c5:
                    d6:e1:a4:91:e4:e8:68:a3:e9:5b:e6:fb:94:f6:f0:
                    32:24:b5:1c:64:85:e8:77:60:fa:3c:51:1e:1e:c4:
                    ab:d9:7a:e3:3d:80:ac:c4:c7:f4:f7:c7:40:45:24:
                    b8:9f:55:97:7c:42:28:2a:aa:aa:0a:8c:78:d1:ce:
                    cf:de:a3:a7:14:43:4f:43:8d:08:3d:8f:43:cd:af:
                    c4:aa:cc:7f:5e:b2:5f:c9:d4:f3:be:6d:22:7a:e2:
                    23:33:21:14:27:65:3e:ce:c0:77:10:3f:a3:9e:b7:
                    aa:e4:1d:0c:57:e2:60:9e:75:92:7d:a5:5e:eb:a9:
                    2a:f8:2d:ed:47:58:a1:7f:3c:81:48:c7:25:5b:a0:
                    b1:83:13:b4:38:df:3f:37:f8:97:8f:f8:1e:be:a3:
                    df:10:da:1c:38:55:ca:12:60:ee:6a:1c:c1:e1:25:
                    2d:e3:3c:38:f8:c2:f7:d5:fa:3b:0e:c8:70:af:98:
                    0c:5e:3f:e4:a2:81:78:a5:14:ee:bf:00:85:42:2b:
                    fa:2d:63:08:38:d7:57:ef:bf:e5:57:24:a8:df:2a:
                    8f:b5:c7:bf:79:d7:8b:56:b6:8a:ca:84:9a:68:2b:
                    dc:86:8f:46:e4:60:92:2b:fb:ea:8c:17:ff:8c:30:
                    2b:86:6e:10:35:20:17:8e:f8:55:3a:b4:fb:ab:dd:
                    b7:01:23:0c:22:e9:63:66:0e:53:d5:95:e7:64:c0:
                    2f:36:36:22:65:b3:98:43:3d:4d:88:3c:d5:30:2b:
                    15:77:74:a8:b8:0a:49:c5:47:a3:64:f3:3a:7e:cd:
                    b6:db:7d:f4:87:3b:8d:08:a9:46:f7:e8:2b:3b:c3:
                    93:15:c2:f8:c8:13:46:fd:d9:04:aa:b8:e7:08:e7:
                    61:ae:52:52:07:9b:e4:1c:d9:1d:83:9e:4c:ed:95:
                    0b:4d:b7:6d:e3:a0:4e:e2:9d:5e:e6:f4:62:03:65:
                    75:17:f1:88:96:b5:33:40:22:e7:74:67:2c:bc:ab:
                    11:d5:a7:01:06:67:1b:17:de:8e:33:23:89:1d:d0:
                    82:84:a4:e8:2a:f2:96:16:53:22:68:6e:61:af:5c:
                    03:b4:f3:eb:6d:45:5b:98:e3:2a:40:25:9d:7d:6b:
                    0b:55:15:5a:46:36:a0:47:9d:b9:7f:81:d7:75:22:
                    47:e9:16:cd:24:e7:31:e9:9d:43:e8:7a:69:71:d1:
                    87:8e:f0:65:0c:9f:f5:24:f3:67:84:99:c3:ec:ff:
                    29:78:73:de:6f:77:c0:58:ba:b7:79:26:28:1f:08:
                    84:fc:b4:5f:76:a1:dd:86:b0:fb:68:b1:07:ef:d2:
                    67:92:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            Netscape Comment: 
                Easy-RSA Generated Certificate
            X509v3 Subject Key Identifier: 
                B1:B0:DA:87:E4:B2:2B:4C:CD:4D:AC:85:4A:53:04:B1:10:BB:FE:DD
            X509v3 Authority Key Identifier: 
                keyid:F6:77:A3:99:24:82:B9:8D:83:62:A2:FC:C4:7B:AD:CA:D6:6E:F9:E2
                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-BLKR/name=VPN BLKR/emailAddress=argus@oopen.de
                serial:D4:35:92:4A:3F:D5:35:D6
            X509v3 Extended Key Usage: 
                TLS Web Client Authentication
            X509v3 Key Usage: 
                Digital Signature
            X509v3 Subject Alternative Name: 
                DNS:julius
    Signature Algorithm: sha256WithRSAEncryption
         35:bd:ae:09:85:64:42:07:54:60:a1:fd:7d:9e:aa:a1:b7:1c:
         da:f8:6b:0c:fe:eb:fe:84:92:da:f1:6f:72:90:6a:fb:fe:b0:
         6f:4f:5e:f1:af:67:e3:bb:71:6d:49:8d:4f:fd:7f:d8:00:d7:
         c3:03:14:43:78:f3:74:8e:70:1d:c9:1b:40:b5:07:46:2d:c7:
         d4:0f:50:6e:fb:db:fb:1a:21:c8:c2:69:ab:49:0d:75:59:06:
         1b:1e:f0:a0:57:3a:49:0a:b8:36:97:f6:87:ec:82:9b:b4:f6:
         a4:5b:c3:3b:b0:a6:5a:e2:98:62:fd:30:59:bb:6a:84:8e:e1:
         71:04:9d:be:19:82:31:c2:de:6e:cc:f8:ee:b8:fd:b7:5a:68:
         6c:8a:6a:6e:57:ad:62:bd:20:5e:0c:d9:0e:23:8e:c2:52:09:
         d6:14:90:f4:ea:9a:b9:1e:08:f9:b6:b8:f4:9c:bc:e3:4a:3a:
         0b:65:bf:64:01:7f:cc:c4:df:65:b6:0c:a7:8c:00:66:c2:a2:
         4d:a9:84:f0:c3:70:29:b4:01:ca:b0:5b:2f:c2:c2:d7:98:b6:
         27:90:44:dc:3c:cc:82:40:f3:31:49:37:9e:d8:5e:d6:a3:a8:
         6a:86:63:3b:2c:c8:2e:bb:65:e0:1f:05:1a:0b:46:5e:75:5d:
         e9:53:be:73:bd:3f:86:46:e9:92:5e:7e:f9:cf:19:eb:50:60:
         77:aa:5e:c2:3f:5b:04:80:cb:47:ec:e4:d1:76:d5:5d:d3:c7:
         65:9e:b3:28:30:01:84:b3:0a:d9:74:ce:e3:a8:44:31:68:9b:
         07:dd:1c:31:b6:29:ac:9e:8f:e9:2f:09:6a:de:c4:df:28:f9:
         30:98:85:18:2d:ed:63:94:f0:f8:3f:bf:fa:7d:42:f3:3c:51:
         94:b6:8b:ab:39:e9:81:63:2e:8a:4d:40:bb:34:21:8d:39:9c:
         95:04:cd:a7:3d:8f:21:c1:63:bf:0d:31:54:69:88:48:d0:94:
         19:98:e7:24:f2:b7:c8:20:4f:cd:47:75:fc:a5:36:6e:24:42:
         49:34:a2:95:db:f2:07:72:70:b8:79:9f:9f:4b:bb:94:1d:ee:
         8b:d1:5f:49:b3:d2:19:96:cb:00:42:54:68:6f:00:61:9e:66:
         6c:55:f6:65:21:0b:30:81:c8:ce:5b:a1:a9:e2:fe:32:93:d5:
         ea:9d:60:c8:2e:73:7b:da:00:b0:7a:e3:9c:15:f8:17:f1:88:
         1b:be:3b:fb:f0:0e:06:5f:37:8c:b5:4e:8f:e8:33:7e:88:da:
         67:18:57:3d:dc:60:24:13:a4:ce:68:39:2f:a8:9e:43:1f:b5:
         11:e2:78:8c:d7:f5:0f:e9
 -----BEGIN CERTIFICATE-----
 MIIHMDCCBRigAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCREUx
 DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
 ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxETAPBgNVBAMTCFZQTi1CTEtS
 MREwDwYDVQQpEwhWUE4gQkxLUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4u
 ZGUwHhcNMTgxMDE0MjI0NjM0WhcNMzgxMDE0MjI0NjM0WjCBpzELMAkGA1UEBhMC
 REUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZv
 Lm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGDAWBgNVBAMTD1ZQTi1C
 TEtSLWp1bGl1czERMA8GA1UEKRMIVlBOIEJMS1IxHTAbBgkqhkiG9w0BCQEWDmFy
 Z3VzQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAsRFt
 kM7rZMACsU2m1cXW4aSR5Ohoo+lb5vuU9vAyJLUcZIXod2D6PFEeHsSr2XrjPYCs
 xMf098dARSS4n1WXfEIoKqqqCox40c7P3qOnFENPQ40IPY9Dza/Eqsx/XrJfydTz
 vm0ieuIjMyEUJ2U+zsB3ED+jnreq5B0MV+JgnnWSfaVe66kq+C3tR1ihfzyBSMcl
 W6CxgxO0ON8/N/iXj/gevqPfENocOFXKEmDuahzB4SUt4zw4+ML31fo7Dshwr5gM
 Xj/kooF4pRTuvwCFQiv6LWMIONdX77/lVySo3yqPtce/edeLVraKyoSaaCvcho9G
 5GCSK/vqjBf/jDArhm4QNSAXjvhVOrT7q923ASMMIuljZg5T1ZXnZMAvNjYiZbOY
 Qz1NiDzVMCsVd3SouApJxUejZPM6fs222330hzuNCKlG9+grO8OTFcL4yBNG/dkE
 qrjnCOdhrlJSB5vkHNkdg55M7ZULTbdt46BO4p1e5vRiA2V1F/GIlrUzQCLndGcs
 vKsR1acBBmcbF96OMyOJHdCChKToKvKWFlMiaG5hr1wDtPPrbUVbmOMqQCWdfWsL
 VRVaRjagR525f4HXdSJH6RbNJOcx6Z1D6HppcdGHjvBlDJ/1JPNnhJnD7P8peHPe
 b3fAWLq3eSYoHwiE/LRfdqHdhrD7aLEH79JnkvkCAwEAAaOCAWowggFmMAkGA1Ud
 EwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZp
 Y2F0ZTAdBgNVHQ4EFgQUsbDah+SyK0zNTayFSlMEsRC7/t0wgdUGA1UdIwSBzTCB
 yoAU9nejmSSCuY2DYqL8xHutytZu+eKhgaakgaMwgaAxCzAJBgNVBAYTAkRFMQ8w
 DQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVu
 MRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMREwDwYDVQQDEwhWUE4tQkxLUjER
 MA8GA1UEKRMIVlBOIEJMS1IxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRl
 ggkA1DWSSj/VNdYwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMBEG
 A1UdEQQKMAiCBmp1bGl1czANBgkqhkiG9w0BAQsFAAOCAgEANb2uCYVkQgdUYKH9
 fZ6qobcc2vhrDP7r/oSS2vFvcpBq+/6wb09e8a9n47txbUmNT/1/2ADXwwMUQ3jz
 dI5wHckbQLUHRi3H1A9Qbvvb+xohyMJpq0kNdVkGGx7woFc6SQq4Npf2h+yCm7T2
 pFvDO7CmWuKYYv0wWbtqhI7hcQSdvhmCMcLebsz47rj9t1pobIpqbletYr0gXgzZ
 DiOOwlIJ1hSQ9OqauR4I+ba49Jy840o6C2W/ZAF/zMTfZbYMp4wAZsKiTamE8MNw
 KbQByrBbL8LC15i2J5BE3DzMgkDzMUk3nthe1qOoaoZjOyzILrtl4B8FGgtGXnVd
 6VO+c70/hkbpkl5++c8Z61Bgd6pewj9bBIDLR+zk0XbVXdPHZZ6zKDABhLMK2XTO
 46hEMWibB90cMbYprJ6P6S8Jat7E3yj5MJiFGC3tY5Tw+D+/+n1C8zxRlLaLqznp
 gWMuik1AuzQhjTmclQTNpz2PIcFjvw0xVGmISNCUGZjnJPK3yCBPzUd1/KU2biRC
 STSildvyB3JwuHmfn0u7lB3ui9FfSbPSGZbLAEJUaG8AYZ5mbFX2ZSELMIHIzluh
 qeL+MpPV6p1gyC5ze9oAsHrjnBX4F/GIG747+/AOBl83jLVOj+gzfojaZxhXPdxg
 JBOkzmg5L6ieQx+1EeJ4jNf1D+k=
 -----END CERTIFICATE-----
--- a/BLKR/openvpn/blkr/keys/ca.crt
+++ b/BLKR/openvpn/blkr/keys/ca.crt
@ -0,0 +1,39 @@
 -----BEGIN CERTIFICATE-----
 MIIG0jCCBLqgAwIBAgIJANQ1kko/1TXWMA0GCSqGSIb3DQEBCwUAMIGgMQswCQYD
 VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
 BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczERMA8GA1UEAxMI
 VlBOLUJMS1IxETAPBgNVBCkTCFZQTiBCTEtSMR0wGwYJKoZIhvcNAQkBFg5hcmd1
 c0Bvb3Blbi5kZTAgFw0xODEwMTQxMTI2NTJaGA8yMDUwMTAxNDExMjY1MlowgaAx
 CzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEP
 MA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMREwDwYD
 VQQDEwhWUE4tQkxLUjERMA8GA1UEKRMIVlBOIEJMS1IxHTAbBgkqhkiG9w0BCQEW
 DmFyZ3VzQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA
 0+cJGjlxrQfc0Hb34YJ7o3P+ctVU3jYlwV+XQrF8WFMAJ8w5QvRI4jcplY1MdMwW
 WCUZTuQ1woPbCJ2d53/ZR8RYlvq8XNdRhJmuJofWkEHEUe3YvDeTGumzco06xx+r
 Y/aA7+EI5cRismLTJkrwoIg2CYO/Vc82wTYKyJ2pThR1QAOWQ+WheEuqPAp2LfXI
 3oCGfRxgTe9756+gPzwKBZwGSMNFQjGOTHxqWnoCkQoDgOkOnCzTDcRbRVBAh7Bl
 aZ/yOte1iSyWiU8V/7VaosReizEY2/cCmSrj/p2TVcMPe6B8xBJyHI+6VZRPllEt
 l7zClTRWcp5xo1Ii/yZ+UJxK/PvYUNYt0gmJTJ7tKx05kF1HT/KmrvxV34/GCR9w
 adAteQTPDllMeBb9Wt1PXxcTcRU8MdvTONLXRp+JocfRkUR9ObSy9xdQG/HfTxOZ
 DIzECPa84tyn0nmrIJFkoKccLPJcYT+O0vypmTsVHlDIPai7gqWe5uYdUxba0Cjk
 OvbVZkQVlA/Z8yY/GiOUIfZTdjZFxLPbOWn/h6K+ud6wcjpQ3Y7vRU+FXZ+EQtqy
 GlCDmmDh6A0bIgoNvthk4bDlc2NMwQI/k9rUshe2i3k5rUmxa9KkIPLVdyw7xtvH
 bBTMdb2zlkUld3Gt5tb7g24GGe7Gh8iMdaYVhOPoJpkCAwEAAaOCAQkwggEFMB0G
 A1UdDgQWBBT2d6OZJIK5jYNiovzEe63K1m754jCB1QYDVR0jBIHNMIHKgBT2d6OZ
 JIK5jYNiovzEe63K1m754qGBpqSBozCBoDELMAkGA1UEBhMCREUxDzANBgNVBAgT
 BkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNV
 BAsTEE5ldHdvcmsgU2VydmljZXMxETAPBgNVBAMTCFZQTi1CTEtSMREwDwYDVQQp
 EwhWUE4gQkxLUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDUNZJK
 P9U11jAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQCv2pi832EnyOuH
 N407W6It/8PvmwSpC3/ZSIHt+IEKf2YOkR256J3NsO8/C3SaYNySk4Ew9DwNFVzJ
 vZ4bcoTZsKehcY0zuzJ7onafLvQV549QA8SLA75ydgAYeMEwQtF1Yni5xJYDfA7x
 t4yDNnbSTPjqBq2nLEh0Bv2pzXbPGAR8VyLKj0IKHQ1FMFVoRv+uidTCz5VVZilD
 5ojgljMnTcxwYbYQAtG9XFukxcFsvEltN19xujrJgt84isPAtbGcbI8Y98Fh1BbR
 xTN9o+KCRkneZtseNSWoCIAuLLwJEx+NWQHJXYGzOZAgoopw7G7N4U44VSdwhQSC
 JYgfmkjqW+VMYB/AEXPhXMZFGPyeYTYhugChrf9t3heREZL/JJPHfCkGe1mAQCOm
 xzAbZVgzjE4VKLjdvNvhW2Rosmqym3dCq0wC3xeUsrYPeq8U6r3kpkxrmTbMDnqr
 DIqDbstwbxsmTOXWYqTnNw5PDNdyzC/rL0r0H02FrLiZ+mj3wpD5+jEnicO5cWk+
 GkpKVerSY3EjOWvmkLdRr7AiZqq+D84Aqqh0rvFIuSfSQlcylZ4LEpp66ADCZWiQ
 B+yd54UiGk9/gwgmqJiaPYySWf4BKWxO9f64rdfzChgLplxCX+6wQaAcPYsk0sy9
 IUetobAJBkntkGyb4+NO8Jp4oJbh+g==
 -----END CERTIFICATE-----
--- a/BLKR/openvpn/blkr/keys/ca.key
+++ b/BLKR/openvpn/blkr/keys/ca.key
@ -0,0 +1,52 @@
 -----BEGIN PRIVATE KEY-----
 MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDT5wkaOXGtB9zQ
 dvfhgnujc/5y1VTeNiXBX5dCsXxYUwAnzDlC9EjiNymVjUx0zBZYJRlO5DXCg9sI
 nZ3nf9lHxFiW+rxc11GEma4mh9aQQcRR7di8N5Ma6bNyjTrHH6tj9oDv4QjlxGKy
 YtMmSvCgiDYJg79VzzbBNgrInalOFHVAA5ZD5aF4S6o8CnYt9cjegIZ9HGBN73vn
 r6A/PAoFnAZIw0VCMY5MfGpaegKRCgOA6Q6cLNMNxFtFUECHsGVpn/I617WJLJaJ
 TxX/tVqixF6LMRjb9wKZKuP+nZNVww97oHzEEnIcj7pVlE+WUS2XvMKVNFZynnGj
 UiL/Jn5QnEr8+9hQ1i3SCYlMnu0rHTmQXUdP8qau/FXfj8YJH3Bp0C15BM8OWUx4
 Fv1a3U9fFxNxFTwx29M40tdGn4mhx9GRRH05tLL3F1Ab8d9PE5kMjMQI9rzi3KfS
 easgkWSgpxws8lxhP47S/KmZOxUeUMg9qLuCpZ7m5h1TFtrQKOQ69tVmRBWUD9nz
 Jj8aI5Qh9lN2NkXEs9s5af+Hor653rByOlDdju9FT4Vdn4RC2rIaUIOaYOHoDRsi
 Cg2+2GThsOVzY0zBAj+T2tSyF7aLeTmtSbFr0qQg8tV3LDvG28dsFMx1vbOWRSV3
 ca3m1vuDbgYZ7saHyIx1phWE4+gmmQIDAQABAoICAAyMbPyRlErD4W6y7OD84id+
 0f2o5nq2SCwYZhO8APoWCDdTH7z4TGyhCaRilrl/8H7Ny57hYtGfD1SGSPiRmKNo
 XDqspIT290vb8fU0LB+k1WRoqmITBHIejtLkzCtIk9S6n04VTHqW06VutsRYwcEv
 78tGcwk42Sw98AuLUqBeE8dzru1cZuCB0pX1pKP6HygWAmDcUlOrL/I7c0jrXEiS
 wciDT9Gor52V7JJpEUfXiPeUVZooCWOSUjlblEa0ynyjzStw5L431r5Q4aOf8Lsc
 1+B0St2T1iKN6KyGVlhI0dznVxwhX4KTfFxfCQuEySdoNTmyvL/S5DXgwlPLysUN
 seDRxXpDeKAqM+hj6yxwG0DMZc05IQOc1Lmlzbj8sMAxqAeT0kGXrU7MJanwaZe7
 KH5IcLKP3Gz9Q/b6ZVa7lwmnCIbEOKgb3rY6xDSYY3joqmQaXN+s5MYdREmWWZA4
 MwSn5w7mRmPjF1oG/8gxpjFq5uDFWtmkpcRV0zTRc0GlcBWle/pxIT8ZdxJjTtgN
 m55qvqf9mgZROvoYrHcEVuAAbnr+C0A9OjDGJGoA69alORNOh4RmP0+9xTv0tkp6
 mhfvsRSbc0868CvLS2bebVGHZB1nuznSvGMB+WdYrU+X/l5WHGB3ekkv3DhOl30r
 uQmNp8MQzaLUgRwX5IHFAoIBAQDxdi2wVHVjLdfdxtcxRf/MNIjQ2hP419NdI4KD
 PK/MbJsIa5sKkL0D6gvE8tccu1cRAkF5/4CrBxrhIo5l4ZGJ/Rqu82OmwDkRTVXO
 98pjYmYjj25J6XQY05vWe9vojmku3/4YwqrLPVLuaZ/cVEGMKqwqY4idKN6oOcn5
 4csA0i2gx/bS+A81F5uKckwtqF6ztSdVGE5sKEBaIZV8FsqVTM69YzJCdYsey8mZ
 J+SzAlTwTk9HZmTDPTLefw0YyLxGdD1aNdtZXD3IBV0xKCsruj9gLHAr2+RzkaIX
 LOrNUMy5d2BhLS4zihN4FW1Q5TXCH2E6D28VQ1Ln7HuXSa8LAoIBAQDgqT2bcR8h
 R6Lp/YWZvqDXzRmDao4Jn5R1a5ZV3L0649LX1l2wxbYP/6Vp9Ho/pxXCo4cCzJ82
 ReS1jSBKQhO+Ao4P4wfOh8ukmKJJh5XMo4jI5amZTXXnfCczFoq8SSbL/dutOgOs
 oZFfPGeBEP5yRNgy7d1j2A1rgfp2pVZg/bq0mCYN3d7BDeuD6QvO7AC1FbLJ41Z4
 HU9CC4EdUXp67yBmiQxtPiUEkVdRSBuTrWzIxudCMWA2S5CCO8wz84ihWeQO9YAb
 zMxT42bgrC4uvzfGtv71spBnX2vqFuLHgqz9qxOdYo0EbktcgyhnCETicDwfjbDF
 tXhaTBbBZhdrAoIBAQCSDxWGEyDK9KEeczgagyg/gwu7oh7wqMUfEurQrfX9ZzjE
 eCrZ0kGzy3CBGxAKPjxleoLW5DoVun+E7d1LPY5G9QaeC3YdGSusDqa4QmV3hr8Y
 BZwGM6RZnC8pJ9UXMIXpp+7RVXfw5tByjQv5QDJCMlHgdkLeJinBguttLysX/QtC
 tZLVfN3eFMCul4MDH1ThydPYApL1k8eRfb0pybOTalmocAen8ehMoaL59Qq/ScrN
 beFA5GxROYS62Am5EzvoNkoidm+P918bzjrYEF9E3S2W5GqZ7TKcwdxVvoLt3VFp
 Yw+22JiY7o3mVrfAdlX1bfvnHgzoxMeyqPb9xcGPAoIBAEYhTpP5aghPfnGgrFXk
 Bf2XjsFRP+mNISDOZu2CrKd3etfZmQGXlk/EM/SxVoAMPmS1+21KRuEATHbICS5l
 FhiYX5RiAIveJBnLc82UP5TT790WpCyw239ZaDswbDp+c1f2dN7MX11CSkj6aC0I
 CwXMq9iqHBQQ24+V0YO79Qzt55x8alSlz+Vf3QcedosvbMEadudCyjlQnO82/CUU
 zDEX+HtJiNGJNrEIVcOPyNv+pRi/zm0BUNFiIUgmNoZ5HUuQ7foldMo40gfV0sWL
 uhbpphWoBkrYZO+AAAXhAwXYqvu8rbDRlMevTmMgpjoTgL1W383Rwz7UeS9m1Sum
 HOUCggEAKs/RgEYlr1SlRJdL+hQQBIY6Lt4acLruhHU6ULXT0yTc6uCvihdEkU3T
 aV8A82dwa38KM7GYlXLiJO8/4KQCLUq6a6VWZ+LdSysI50YSsoHLNlHHekxPBeWl
 CZ4+VhmqW2viQJhKTuyrvXRUK58hS/+alevovjK2P1yDiTX9oPEuH3pe8VEAAokv
 jRUpAY/nyw5EXjKHE0PX33CwDmgXsMCBf6BcT1WCvnklJHpXvYSo7MZTJLn4gBnV
 WopmX4fF8qM3x+98SnqmFrgVc2HmW6zfFyWlR7udsShDafv0O5FO3+b86F1y1Pr4
 J5Ct9PGMMPKHqnRhfvz3vnlF5tBQlg==
 -----END PRIVATE KEY-----
--- a/BLKR/openvpn/blkr/keys/chris.crt
+++ b/BLKR/openvpn/blkr/keys/chris.crt
@ -0,0 +1,139 @@
 Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-BLKR/name=VPN BLKR/emailAddress=argus@oopen.de
        Validity
            Not Before: Oct 14 22:36:55 2018 GMT
            Not After : Oct 14 22:36:55 2038 GMT
        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-BLKR-chris/name=VPN BLKR/emailAddress=argus@oopen.de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (4096 bit)
                Modulus:
                    00:a8:66:71:39:ac:62:a8:95:f4:55:3b:d9:9e:1a:
                    08:18:c0:f0:db:05:00:a5:e5:e0:3f:23:21:b6:b0:
                    69:29:4c:3c:ad:d6:ee:e9:88:25:df:11:c6:8d:46:
                    57:08:55:f9:c2:67:68:bf:f9:e7:5f:06:44:78:a1:
                    91:13:47:8d:93:64:aa:d0:bd:24:ca:a0:91:e5:51:
                    76:ec:9b:13:3d:52:c8:99:7a:1d:39:c9:91:04:86:
                    4b:b4:a2:12:a9:96:9c:5b:b8:45:19:e6:d8:f8:31:
                    31:4c:f6:23:71:36:bf:51:01:38:6b:b6:8f:06:28:
                    f6:6f:8a:5f:0c:25:e0:55:18:04:1d:82:5c:97:37:
                    8b:60:a7:5f:8e:1c:28:97:ee:a1:53:69:91:73:19:
                    86:78:03:e4:aa:c0:40:70:42:bb:1e:f4:69:07:30:
                    a8:2a:95:81:bf:c2:38:48:cd:80:ed:9b:2f:31:20:
                    a0:25:07:66:b6:45:70:e5:cd:21:f6:f8:12:9d:3c:
                    01:53:10:df:10:af:0f:9b:c0:1b:a9:f0:0a:e7:5f:
                    29:39:57:c0:f1:27:24:b1:30:70:a2:9f:1c:43:05:
                    a5:66:87:0d:7d:d4:4e:77:a9:8e:51:84:2d:8c:2e:
                    6d:85:72:9a:07:3d:89:23:1b:08:20:05:d8:82:9b:
                    29:cc:63:21:8d:c9:76:99:36:f7:87:69:07:a1:18:
                    e1:ad:2b:ef:99:69:af:9e:71:56:ff:80:87:06:c5:
                    2f:25:ff:bf:ea:25:f6:5f:65:fc:75:c0:fb:34:dc:
                    50:0c:ca:ef:06:6a:43:b7:0e:f8:2b:85:e5:c3:1c:
                    79:4b:b6:95:29:78:a9:c5:ca:ed:e1:eb:76:d9:bc:
                    e1:d3:bf:48:c6:bc:5f:ed:1b:15:f8:78:d8:7c:14:
                    75:b8:e1:8d:54:4e:4e:00:d8:08:20:e5:22:73:0e:
                    b6:47:47:35:0e:a0:a9:f3:9a:ad:66:48:13:c1:7a:
                    dc:ed:be:17:0c:72:5c:0f:3b:3f:4f:ee:a5:a8:1b:
                    81:6a:41:ce:42:18:6f:3c:8b:b5:0b:31:75:ff:c6:
                    fe:d4:fe:d6:45:ed:6c:c9:bf:a1:b4:6f:69:53:06:
                    f9:55:a0:bb:27:b9:b3:26:40:3d:0b:e0:d6:14:79:
                    0e:f5:1a:a7:6c:72:9b:e0:e9:09:29:b6:fe:d9:73:
                    bf:46:1f:b2:c6:ec:97:ce:56:66:a3:05:3d:d5:6b:
                    d0:51:62:16:73:5f:09:13:fe:2c:9a:b1:cd:35:39:
                    72:a5:81:48:d2:f4:a7:b1:e4:b0:9f:1a:01:e6:69:
                    63:26:20:00:e3:75:a3:70:46:12:88:10:69:e0:b8:
                    a0:39:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            Netscape Comment: 
                Easy-RSA Generated Certificate
            X509v3 Subject Key Identifier: 
                A2:55:31:B6:32:A8:85:A8:CE:83:56:87:CE:B3:E6:75:DF:AF:AE:91
            X509v3 Authority Key Identifier: 
                keyid:F6:77:A3:99:24:82:B9:8D:83:62:A2:FC:C4:7B:AD:CA:D6:6E:F9:E2
                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-BLKR/name=VPN BLKR/emailAddress=argus@oopen.de
                serial:D4:35:92:4A:3F:D5:35:D6
            X509v3 Extended Key Usage: 
                TLS Web Client Authentication
            X509v3 Key Usage: 
                Digital Signature
            X509v3 Subject Alternative Name: 
                DNS:chris
    Signature Algorithm: sha256WithRSAEncryption
         d3:03:f8:c0:01:61:13:22:1f:12:20:fc:70:e2:cd:91:bc:d0:
         e8:30:0d:bd:7c:19:d7:10:25:fd:af:50:12:30:f2:ab:59:27:
         d4:71:21:b8:de:54:32:dd:e9:f9:d5:b8:8d:d7:0b:d5:6b:3b:
         ac:b7:8b:a3:5c:76:14:b2:33:73:2d:a7:c2:fe:fb:e3:d6:ea:
         fa:19:ad:d9:bd:a3:f2:d7:56:e1:9b:87:fc:62:73:fa:f8:74:
         4a:f4:4e:20:78:6a:3d:0e:42:be:f6:89:68:ff:e7:75:24:53:
         42:6a:5e:a2:ed:f1:fb:28:a4:8d:2e:c6:2a:38:b1:46:73:5e:
         da:97:47:c4:6b:d8:bf:bc:f1:a5:5c:ed:b4:a8:ec:2e:70:5f:
         fe:a1:e7:6e:82:74:fb:f1:0e:a8:57:58:93:a2:43:82:73:83:
         3e:92:f3:11:4c:9e:ce:0c:99:3f:75:42:4a:73:d4:b0:d1:6a:
         49:72:83:1e:b5:e8:d0:4a:d0:3c:fb:c3:5e:6d:12:2a:1f:8e:
         95:df:8d:91:ee:8a:28:75:54:1c:00:9d:ce:42:79:4f:73:c8:
         07:ed:a0:b5:8e:2e:29:36:a7:91:ff:7c:bf:9f:be:7d:71:53:
         da:32:69:e5:ba:60:c9:95:18:5f:a4:62:16:a0:03:8c:32:65:
         11:7e:c4:6b:12:2c:59:c8:14:65:95:08:8f:d8:b8:89:f8:3c:
         53:aa:2b:e9:29:27:51:e1:53:f7:e9:50:eb:67:50:c6:19:5c:
         cb:d0:af:d6:a4:e5:bd:7c:89:c7:6f:04:7c:6f:32:a4:0b:3c:
         51:38:98:79:50:8a:12:b5:03:f7:87:84:60:e5:d7:82:93:99:
         2c:f6:56:27:0c:f5:36:1e:19:87:12:53:6d:e8:b5:6f:d5:e8:
         c6:e6:f6:18:ae:d4:38:68:7f:02:e2:37:52:2b:37:ea:43:bd:
         46:72:f5:71:bf:10:48:b5:5a:d3:c5:32:1c:65:5b:3c:26:e5:
         2a:66:a6:ed:7e:d2:56:f6:43:2b:dc:0c:84:6d:c9:5b:d5:1c:
         53:1e:e3:07:eb:46:37:74:66:ce:31:07:95:a5:f2:fb:b1:95:
         ec:eb:ed:a7:3a:d8:b9:4a:f4:e5:49:b3:4c:11:00:c2:04:65:
         01:be:2f:4e:34:b8:23:eb:0f:cc:1f:0a:1d:76:12:88:26:e4:
         10:c1:0d:61:e6:16:67:33:a5:25:26:3c:fb:86:a6:ce:17:84:
         8d:66:e5:35:9d:02:b7:8a:63:a5:71:1a:df:b2:65:de:ef:64:
         9a:88:e3:65:e8:4c:92:13:10:f7:58:ae:93:0f:4c:5c:ec:6d:
         38:39:5f:c5:b0:ec:04:89
 -----BEGIN CERTIFICATE-----
 MIIHLjCCBRagAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCREUx
 DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
 ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxETAPBgNVBAMTCFZQTi1CTEtS
 MREwDwYDVQQpEwhWUE4gQkxLUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4u
 ZGUwHhcNMTgxMDE0MjIzNjU1WhcNMzgxMDE0MjIzNjU1WjCBpjELMAkGA1UEBhMC
 REUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZv
 Lm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFzAVBgNVBAMTDlZQTi1C
 TEtSLWNocmlzMREwDwYDVQQpEwhWUE4gQkxLUjEdMBsGCSqGSIb3DQEJARYOYXJn
 dXNAb29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCoZnE5
 rGKolfRVO9meGggYwPDbBQCl5eA/IyG2sGkpTDyt1u7piCXfEcaNRlcIVfnCZ2i/
 +edfBkR4oZETR42TZKrQvSTKoJHlUXbsmxM9UsiZeh05yZEEhku0ohKplpxbuEUZ
 5tj4MTFM9iNxNr9RAThrto8GKPZvil8MJeBVGAQdglyXN4tgp1+OHCiX7qFTaZFz
 GYZ4A+SqwEBwQrse9GkHMKgqlYG/wjhIzYDtmy8xIKAlB2a2RXDlzSH2+BKdPAFT
 EN8Qrw+bwBup8ArnXyk5V8DxJySxMHCinxxDBaVmhw191E53qY5RhC2MLm2FcpoH
 PYkjGwggBdiCmynMYyGNyXaZNveHaQehGOGtK++Zaa+ecVb/gIcGxS8l/7/qJfZf
 Zfx1wPs03FAMyu8GakO3DvgrheXDHHlLtpUpeKnFyu3h63bZvOHTv0jGvF/tGxX4
 eNh8FHW44Y1UTk4A2Agg5SJzDrZHRzUOoKnzmq1mSBPBetztvhcMclwPOz9P7qWo
 G4FqQc5CGG88i7ULMXX/xv7U/tZF7WzJv6G0b2lTBvlVoLsnubMmQD0L4NYUeQ71
 Gqdscpvg6Qkptv7Zc79GH7LG7JfOVmajBT3Va9BRYhZzXwkT/iyasc01OXKlgUjS
 9Kex5LCfGgHmaWMmIADjdaNwRhKIEGnguKA5+wIDAQABo4IBaTCCAWUwCQYDVR0T
 BAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2VuZXJhdGVkIENlcnRpZmlj
 YXRlMB0GA1UdDgQWBBSiVTG2MqiFqM6DVofOs+Z136+ukTCB1QYDVR0jBIHNMIHK
 gBT2d6OZJIK5jYNiovzEe63K1m754qGBpqSBozCBoDELMAkGA1UEBhMCREUxDzAN
 BgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4x
 GTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxETAPBgNVBAMTCFZQTi1CTEtSMREw
 DwYDVQQpEwhWUE4gQkxLUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWC
 CQDUNZJKP9U11jATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEAYD
 VR0RBAkwB4IFY2hyaXMwDQYJKoZIhvcNAQELBQADggIBANMD+MABYRMiHxIg/HDi
 zZG80OgwDb18GdcQJf2vUBIw8qtZJ9RxIbjeVDLd6fnVuI3XC9VrO6y3i6NcdhSy
 M3Mtp8L+++PW6voZrdm9o/LXVuGbh/xic/r4dEr0TiB4aj0OQr72iWj/53UkU0Jq
 XqLt8fsopI0uxio4sUZzXtqXR8Rr2L+88aVc7bSo7C5wX/6h526CdPvxDqhXWJOi
 Q4Jzgz6S8xFMns4MmT91Qkpz1LDRaklygx616NBK0Dz7w15tEiofjpXfjZHuiih1
 VBwAnc5CeU9zyAftoLWOLik2p5H/fL+fvn1xU9oyaeW6YMmVGF+kYhagA4wyZRF+
 xGsSLFnIFGWVCI/YuIn4PFOqK+kpJ1HhU/fpUOtnUMYZXMvQr9ak5b18icdvBHxv
 MqQLPFE4mHlQihK1A/eHhGDl14KTmSz2VicM9TYeGYcSU23otW/V6Mbm9hiu1Dho
 fwLiN1IrN+pDvUZy9XG/EEi1WtPFMhxlWzwm5Spmpu1+0lb2QyvcDIRtyVvVHFMe
 4wfrRjd0Zs4xB5Wl8vuxlezr7ac62LlK9OVJs0wRAMIEZQG+L040uCPrD8wfCh12
 Eogm5BDBDWHmFmczpSUmPPuGps4XhI1m5TWdAreKY6VxGt+yZd7vZJqI42XoTJIT
 EPdYrpMPTFzsbTg5X8Ww7ASJ
 -----END CERTIFICATE-----
--- a/BLKR/openvpn/blkr/keys/chris.csr
+++ b/BLKR/openvpn/blkr/keys/chris.csr
@ -0,0 +1,29 @@
 -----BEGIN CERTIFICATE REQUEST-----
 MIIE7DCCAtQCAQAwgaYxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
 BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3Jr
 IFNlcnZpY2VzMRcwFQYDVQQDEw5WUE4tQkxLUi1jaHJpczERMA8GA1UEKRMIVlBO
 IEJMS1IxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIICIjANBgkqhkiG
 9w0BAQEFAAOCAg8AMIICCgKCAgEAqGZxOaxiqJX0VTvZnhoIGMDw2wUApeXgPyMh
 trBpKUw8rdbu6Ygl3xHGjUZXCFX5wmdov/nnXwZEeKGRE0eNk2Sq0L0kyqCR5VF2
 7JsTPVLImXodOcmRBIZLtKISqZacW7hFGebY+DExTPYjcTa/UQE4a7aPBij2b4pf
 DCXgVRgEHYJclzeLYKdfjhwol+6hU2mRcxmGeAPkqsBAcEK7HvRpBzCoKpWBv8I4
 SM2A7ZsvMSCgJQdmtkVw5c0h9vgSnTwBUxDfEK8Pm8AbqfAK518pOVfA8ScksTBw
 op8cQwWlZocNfdROd6mOUYQtjC5thXKaBz2JIxsIIAXYgpspzGMhjcl2mTb3h2kH
 oRjhrSvvmWmvnnFW/4CHBsUvJf+/6iX2X2X8dcD7NNxQDMrvBmpDtw74K4Xlwxx5
 S7aVKXipxcrt4et22bzh079Ixrxf7RsV+HjYfBR1uOGNVE5OANgIIOUicw62R0c1
 DqCp85qtZkgTwXrc7b4XDHJcDzs/T+6lqBuBakHOQhhvPIu1CzF1/8b+1P7WRe1s
 yb+htG9pUwb5VaC7J7mzJkA9C+DWFHkO9RqnbHKb4OkJKbb+2XO/Rh+yxuyXzlZm
 owU91WvQUWIWc18JE/4smrHNNTlypYFI0vSnseSwnxoB5mljJiAA43WjcEYSiBBp
 4LigOfsCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4ICAQAlo8n8osbpLr2fsEm4nb2T
 YhY9BFyegd0EHwxtSRScM1H0Ok/AdbMA0weY1KiEBuHvxfzRXJFEbWPpLfdC4Pic
 FE8bRa+BnjK/x+HCpFQQ9qo/tmsld9dP/NP4AOKP9VoRl3u6DDQQh+haG8NXFBGK
 R1QfO4ZOxlgUwjnK0BeerR9K8r3v85V1NARxFhmSVsF8FBO+L2E/DElN+3C0ClzH
 9Q5cDwIID+JKn6IzizkFlbIpk9oPdJi5mIFP8WTWk2FMgoh6ecNoVuDXG81TB1Lw
 8sg9pEumaXVcnWRoRXmD/f63UkbAIIJ4WTPQBMMJXmIyaV1Ll1G5txNGfY7tYdB1
 1I/4MnUPdy5TaR/hLu5QAV3ySRn1RsbOyfKclv67jC8qZwk2tytEZbuP11mcatCl
 H6M4pBBwwGRXWoZW72evgL4zHfrBx7EJItJ507LtCyPle+mkSE71tTzRa90Xsi9o
 g8JpZed/oLfeF72WB9lHVW3sfM9x04ddxGRAG2lD27yYduXQ0hUS4V31ZMYzrP2e
 d5jJYl6kdyegYF+er13PiQe0MWAGcfo38LyUyg2TEbEIs9wAV8WrxW5oYfpwi7OC
 4HFl6oY9EraYbuBQuI4lJJg/j8SJOnaSAGMD63EbNmKWIG0n/ILznsXaulavsL7H
 VNztTyy2LjQ3nNN46cOXvQ==
 -----END CERTIFICATE REQUEST-----
--- a/BLKR/openvpn/blkr/keys/chris.key
+++ b/BLKR/openvpn/blkr/keys/chris.key
@ -0,0 +1,54 @@
 -----BEGIN ENCRYPTED PRIVATE KEY-----
 MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIxJf0YDJ2bXICAggA
 MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECKDdb7uwem+1BIIJSGE659lsNhky
 dlHvkMZoLXc3zl2BCntyqB3EMEf2ff22utReSrla9Dh7iw3DR2E6sW8tW2HMHB21
 uA689ozPf4MrYVEVHO0tF/Eb8ibeQc9kZDCocArMU3heOx6wtokFY18H+LEBxaUd
 1rUMJDQozsvWtgsmQHKaEkMXGJE/kpytOQqA7eIFQBb7m3666BUEyh3wDx2IZleF
 zvkxCzIi5neuqTndpPEohr0uQvshQI1GCSFTrJk1Ox9JN4TcpH+QvBnDBYcZUqLt
 +ZSehC6OyXp/KdAL5N+VvobzulKO/Ll+8WjNlhQAeDehJ14fz3BGnX56HYeEeu2n
 xPp4mQpQp8dYwsSArTcSGB56soQ1qK1utOSYNpVTS8jEV+HUbpXUxG0gZpQOPThp
 i3s/ujQdGf19RZ3W3W3nGWsLVf8YoXjqme/4kZVnQ1mhdNsNVBOHq8GewsUqkUBW
 gbgsmPm4Vz0YBF6dGFkPJ0HAP4nSyVC/D1A6DjoZtp6xEEz/9NoujiDZhXr2izGX
 hkn4NrKzezOfBp8yxdkXF+UnDJOXYnVH4JqhcQCVSubOyPurPRQkxY/ETOKntPyZ
 0j0n78w5LlzKQSjHHjxlD4GpLmhNTGcRPt8CahAdk6fUuXKQj0vswPNTbwnGAmTi
 uKhzg44v9jARqayCndzIjE70HGPxV282iv7/+l6jBSavvpk1WUW8L0SN8WHBWtP8
 mTKVWfGPt7K9cpR0jZM07jVRv9+j7shwK1C81ORXmKrSMhYAlgG6vf4EBOcFrrUg
 LuDN6KJFtJ1ofDZt++ySm9PC1Mxp4bSJ9Dto9PA+dwuIaQmkhU8DZMS5O0pfBAmV
 UHAQNQOBi6xKNuhkuDt261pHcoy+I4JrqMPZDsrYFIoMdAcUhzD5WhzVj5Xj8ON3
 GxKTaGEareKt1bIWoWD3VmOZqas2PAzy9W2FyktzpZlWktK7uJYwoxOZGTuoP8DA
 umEZO4PX9r+vdGXy75Qfv8+LnYdQdK/JBSXNHBXjj57JeiR494fgJ8uSzRRCMpM9
 mTJqSgZkCZQ8XwY16susz5UyMpwbCBawBzRKvJ0DNGb46v2EPtYUYOmjk/k7AO5J
 IIWr+FdK7UmsFKvAxDGHW54HRf9rpcl1+KMNTubmIyzz5iFK3IFfQu9A35jYkKd/
 YnP29BJ+jWbQdVvsjf94Nfxn9x/FUpSQj91jeQzt1I167cn/OLIkqubTgce221oa
 KqxUPSCZ+VuONiFUDC3XXyve5ZeVgZ1a2L69owSF/7SQpF099t75Tu9DbKCGz+Yb
 OJrne1UuJHJyGyNlUgsIgQZplDN/uW7PfpaEK9wzZS3ydJ/LMherJ4FazSx38Wiw
 5crdQW8YxgWoGsYCLZEFg2INjZcKs8Fq8uybDJM5B7oyOTFVvtEw6YqGVw7BSs3c
 S1qdwMYiA6KJSEoPHZWrIs+1ua3D37pMv9bf5CJQIJ4vfoRbY/EmILmV7y5tlumu
 GJ82Eyt7QOWoTVnfN9AIRbPMLERCF1S7PRivl62ElM5DY7C/N09Kx5lgei859vQ8
 wO4qXePLJuZbu2pO2FMIol+mXk0FJY7aKERPMu2mSfymv0PlPkHzQnP3eUeG498n
 1kuAeIiggm1sSKrJwCKorekRN3aCt4JKPoAPlK9u2V7kgF5Zsflu17KqZSOm7iEL
 t+GZX5cy6Nw+SpakwfUdFfy0eR16fvrII6QGXQomhwzGp455csTCffFLRxpcng5f
 6XHWaLRr/xfsM8/HOzur7kCB/Q5cRvn5hbwz31COHM/iSpJC9r9z1uOUY+i+0mIu
 RQK3L1S71JYt1VcDbNDAow4rsgJIYiXJnl8ZujZsMuSFy39lrHPDxuKuVN6mwt0I
 jICVpBnDkuBFtK9UNaI/d9ebohTq143/FJoyu1BKaMbTB0yhBT/xK4n2lJY3js6I
 1S7nR/tr7O4nSfv02L3ga6AbZ50Nasy//wY4V24wfrDO/IWzTpLhsSooPNzlm2uh
 j1lhH05l7AkSBmfErzEVsGhgp+C3QZFORgWu1KOVHoYpbq7qVjK05lCfQFXIL1+T
 NGR6LAu4Iipt7rSxMRds2jYfTUpM/GcANkQ+DI/VHrwusu5yQpzrru8L869xNhd1
 ksNct94q/Z3llhRzdRyQmHgIOZQVHHXAGwxfShRKvKGeaSnpIGk3nG3/Pt1Gk8DZ
 7bW7XgGx28bR9JcyvhFDgXmGNWFnqet67OzHC2rJkDeb2sA+jt7OoxvZD24ild/X
 CnobPHn1ECn0BNqcS13Af9HeUwf9eRmMsizvQK3UlWW7tGtcnH/+HJ4duGiCLcHw
 BOeWKS95yty9o3WS0LTTgt4fKvumeRgWtnJh/rcGnCM+tgVjgAt8KwtuDgEaDmuq
 jVegNDjISQ00yr8PgH6syUfvQgDeZ0pIGVc9bFJ/7PeTjV7EvEZwd8DUsWqYlzuD
 d+tJvcEcHWdPKAFz8caLyz/X/+G2aqwClCC63wqsMidXPR1Yu2/ASRtOwdO8UVMd
 Jh9H11AjvmqSmxjVMBYgidd8771sEBdPBfEEM+AlhOOl+OwSNqisvnmrimx24jj0
 R4Ju7Q1upE4nJmXfkklwGVPAcmIqOwJ6FMz8JAXdeJ2F4GWleOvDpENXuiU4IqYi
 60nOjF6NLl7e3rDWfkiz/kOGxoODvN+slrtNn/FTKfeu6L5jYMCcB6XxlwHf4J/x
 IOYJgPJqzvQCqCheWGeH0OSR6CiHq57uTDYXFaGFyB/ZjpN9ODmfqR47pAUUui37
 g3Bmuui00rshdFQY3KMryuQM9d04E9E87gSFoU8hsOhpEcGbFoBWryhLFf5VJXGZ
 Ki2EgnIZCxDGvBOzttOWVigOe5F4qKqd73+DJlcFLKpHtI9j+SXTLWu+GLehmqM6
 aXhrvIOg+Sv9Qg5R0SLWu8s8sCc22IcvJ1HH1QYcdCkn8nsxEPo9NU+1cfYBwUEm
 9xSEj0nzz2gk7wp2yEqb59a9sab3Ok3nTVLTf503zRMY/aZp6vlHAEOBN5zPyayS
 kV8u5nrd5jkGHQE16Hyph+pZOeeBNzi8k1AlnYi/KgUAcz/vgbQf8Jk9FjbwFm8I
 3u9GJpj7PP9xptKcVchLu8nEOZqsTVeKhNNVOoVM3qaVCKfrbB8znh6I39o3ym3p
 PJOlG292z79sHyhYkLAS6g==
 -----END ENCRYPTED PRIVATE KEY-----
--- a/BLKR/openvpn/blkr/keys/crl.pem
+++ b/BLKR/openvpn/blkr/keys/crl.pem
@ -0,0 +1 @@
 ../crl.pem
--- a/BLKR/openvpn/blkr/keys/dh4096.pem
+++ b/BLKR/openvpn/blkr/keys/dh4096.pem
@ -0,0 +1,13 @@
 -----BEGIN DH PARAMETERS-----
 MIICCAKCAgEApCNAyqb6OIHTCKypOn128i4eaRS03FvJUoJhZtMzRSfjgrnPBsOn
 WQG+1Mm/1aLKNgA2/Th4cO7uRbSaoWuexWAjKjIrVHYZbHEmqiqBX8ZaPJQOnOmm
 zxvssE0I2gB3+QvTsteP5H4+5zdZSYcPAsKlzvy7ohRS4OGKvSxX9pqrKaWAW44c
 LSyt7SkjA1nTbVLow6ptBjS/o0xNEZV2no0dnMig69y3zJyEWl2qdufhZ6C56GU6
 Pvqs3vps70zy0FH0z4SoyVlb6/LRjDkiXfMYMfYL+Q4E3YwL3r8GDzMfw2F6zfbI
 JyLWG8Z1ToyQy0Qa4mp5mgYmEUm5tVOTjEB9DQATpPXc88p0c15wRSjiZ0FOA5Bd
 5/WueKErzjLQ/MhlkjausWKLbZOgRiBCs9Kx/3t+n8HYtsUmsULaI1sAsQ5umg4D
 VHKHfz2lQwUfeT7+trPjyrHAN5VF3IgYFFqbQcHAt3k/twBpUeX0x7aMFDR7GeSY
 oSN0pEyGkHtZ9RWpM18hsnEFvbqZSKCqB9HuTlKQXLhTvj9RlumbrM1w3QTBvYvm
 u3URRmPH7ERJchQ+21i8oXNQK20JCV9Ak0lf5JBHoXYGzEiWWFiaID2aCBtcvusB
 zebF1iPJVaIvjJc/gzh6og2LXbDNSiNewVfrRg/QYeNvAm02Yg//HXsCAQI=
 -----END DH PARAMETERS-----
--- a/BLKR/openvpn/blkr/keys/index.txt
+++ b/BLKR/openvpn/blkr/keys/index.txt
@ -0,0 +1,3 @@
 V	381014212317Z		01	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-BLKR-server/name=VPN BLKR/emailAddress=argus@oopen.de
 V	381014223655Z		02	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-BLKR-chris/name=VPN BLKR/emailAddress=argus@oopen.de
 V	381014224634Z		03	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-BLKR-julius/name=VPN BLKR/emailAddress=argus@oopen.de
--- a/BLKR/openvpn/blkr/keys/index.txt.attr
+++ b/BLKR/openvpn/blkr/keys/index.txt.attr
@ -0,0 +1 @@
 unique_subject = yes
--- a/BLKR/openvpn/blkr/keys/index.txt.attr.old
+++ b/BLKR/openvpn/blkr/keys/index.txt.attr.old
@ -0,0 +1 @@
 unique_subject = yes
--- a/BLKR/openvpn/blkr/keys/index.txt.old
+++ b/BLKR/openvpn/blkr/keys/index.txt.old
@ -0,0 +1,2 @@
 V	381014212317Z		01	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-BLKR-server/name=VPN BLKR/emailAddress=argus@oopen.de
 V	381014223655Z		02	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-BLKR-chris/name=VPN BLKR/emailAddress=argus@oopen.de
--- a/BLKR/openvpn/blkr/keys/julius.crt
+++ b/BLKR/openvpn/blkr/keys/julius.crt
@ -0,0 +1,139 @@
 Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3 (0x3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-BLKR/name=VPN BLKR/emailAddress=argus@oopen.de
        Validity
            Not Before: Oct 14 22:46:34 2018 GMT
            Not After : Oct 14 22:46:34 2038 GMT
        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-BLKR-julius/name=VPN BLKR/emailAddress=argus@oopen.de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (4096 bit)
                Modulus:
                    00:b1:11:6d:90:ce:eb:64:c0:02:b1:4d:a6:d5:c5:
                    d6:e1:a4:91:e4:e8:68:a3:e9:5b:e6:fb:94:f6:f0:
                    32:24:b5:1c:64:85:e8:77:60:fa:3c:51:1e:1e:c4:
                    ab:d9:7a:e3:3d:80:ac:c4:c7:f4:f7:c7:40:45:24:
                    b8:9f:55:97:7c:42:28:2a:aa:aa:0a:8c:78:d1:ce:
                    cf:de:a3:a7:14:43:4f:43:8d:08:3d:8f:43:cd:af:
                    c4:aa:cc:7f:5e:b2:5f:c9:d4:f3:be:6d:22:7a:e2:
                    23:33:21:14:27:65:3e:ce:c0:77:10:3f:a3:9e:b7:
                    aa:e4:1d:0c:57:e2:60:9e:75:92:7d:a5:5e:eb:a9:
                    2a:f8:2d:ed:47:58:a1:7f:3c:81:48:c7:25:5b:a0:
                    b1:83:13:b4:38:df:3f:37:f8:97:8f:f8:1e:be:a3:
                    df:10:da:1c:38:55:ca:12:60:ee:6a:1c:c1:e1:25:
                    2d:e3:3c:38:f8:c2:f7:d5:fa:3b:0e:c8:70:af:98:
                    0c:5e:3f:e4:a2:81:78:a5:14:ee:bf:00:85:42:2b:
                    fa:2d:63:08:38:d7:57:ef:bf:e5:57:24:a8:df:2a:
                    8f:b5:c7:bf:79:d7:8b:56:b6:8a:ca:84:9a:68:2b:
                    dc:86:8f:46:e4:60:92:2b:fb:ea:8c:17:ff:8c:30:
                    2b:86:6e:10:35:20:17:8e:f8:55:3a:b4:fb:ab:dd:
                    b7:01:23:0c:22:e9:63:66:0e:53:d5:95:e7:64:c0:
                    2f:36:36:22:65:b3:98:43:3d:4d:88:3c:d5:30:2b:
                    15:77:74:a8:b8:0a:49:c5:47:a3:64:f3:3a:7e:cd:
                    b6:db:7d:f4:87:3b:8d:08:a9:46:f7:e8:2b:3b:c3:
                    93:15:c2:f8:c8:13:46:fd:d9:04:aa:b8:e7:08:e7:
                    61:ae:52:52:07:9b:e4:1c:d9:1d:83:9e:4c:ed:95:
                    0b:4d:b7:6d:e3:a0:4e:e2:9d:5e:e6:f4:62:03:65:
                    75:17:f1:88:96:b5:33:40:22:e7:74:67:2c:bc:ab:
                    11:d5:a7:01:06:67:1b:17:de:8e:33:23:89:1d:d0:
                    82:84:a4:e8:2a:f2:96:16:53:22:68:6e:61:af:5c:
                    03:b4:f3:eb:6d:45:5b:98:e3:2a:40:25:9d:7d:6b:
                    0b:55:15:5a:46:36:a0:47:9d:b9:7f:81:d7:75:22:
                    47:e9:16:cd:24:e7:31:e9:9d:43:e8:7a:69:71:d1:
                    87:8e:f0:65:0c:9f:f5:24:f3:67:84:99:c3:ec:ff:
                    29:78:73:de:6f:77:c0:58:ba:b7:79:26:28:1f:08:
                    84:fc:b4:5f:76:a1:dd:86:b0:fb:68:b1:07:ef:d2:
                    67:92:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            Netscape Comment: 
                Easy-RSA Generated Certificate
            X509v3 Subject Key Identifier: 
                B1:B0:DA:87:E4:B2:2B:4C:CD:4D:AC:85:4A:53:04:B1:10:BB:FE:DD
            X509v3 Authority Key Identifier: 
                keyid:F6:77:A3:99:24:82:B9:8D:83:62:A2:FC:C4:7B:AD:CA:D6:6E:F9:E2
                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-BLKR/name=VPN BLKR/emailAddress=argus@oopen.de
                serial:D4:35:92:4A:3F:D5:35:D6
            X509v3 Extended Key Usage: 
                TLS Web Client Authentication
            X509v3 Key Usage: 
                Digital Signature
            X509v3 Subject Alternative Name: 
                DNS:julius
    Signature Algorithm: sha256WithRSAEncryption
         35:bd:ae:09:85:64:42:07:54:60:a1:fd:7d:9e:aa:a1:b7:1c:
         da:f8:6b:0c:fe:eb:fe:84:92:da:f1:6f:72:90:6a:fb:fe:b0:
         6f:4f:5e:f1:af:67:e3:bb:71:6d:49:8d:4f:fd:7f:d8:00:d7:
         c3:03:14:43:78:f3:74:8e:70:1d:c9:1b:40:b5:07:46:2d:c7:
         d4:0f:50:6e:fb:db:fb:1a:21:c8:c2:69:ab:49:0d:75:59:06:
         1b:1e:f0:a0:57:3a:49:0a:b8:36:97:f6:87:ec:82:9b:b4:f6:
         a4:5b:c3:3b:b0:a6:5a:e2:98:62:fd:30:59:bb:6a:84:8e:e1:
         71:04:9d:be:19:82:31:c2:de:6e:cc:f8:ee:b8:fd:b7:5a:68:
         6c:8a:6a:6e:57:ad:62:bd:20:5e:0c:d9:0e:23:8e:c2:52:09:
         d6:14:90:f4:ea:9a:b9:1e:08:f9:b6:b8:f4:9c:bc:e3:4a:3a:
         0b:65:bf:64:01:7f:cc:c4:df:65:b6:0c:a7:8c:00:66:c2:a2:
         4d:a9:84:f0:c3:70:29:b4:01:ca:b0:5b:2f:c2:c2:d7:98:b6:
         27:90:44:dc:3c:cc:82:40:f3:31:49:37:9e:d8:5e:d6:a3:a8:
         6a:86:63:3b:2c:c8:2e:bb:65:e0:1f:05:1a:0b:46:5e:75:5d:
         e9:53:be:73:bd:3f:86:46:e9:92:5e:7e:f9:cf:19:eb:50:60:
         77:aa:5e:c2:3f:5b:04:80:cb:47:ec:e4:d1:76:d5:5d:d3:c7:
         65:9e:b3:28:30:01:84:b3:0a:d9:74:ce:e3:a8:44:31:68:9b:
         07:dd:1c:31:b6:29:ac:9e:8f:e9:2f:09:6a:de:c4:df:28:f9:
         30:98:85:18:2d:ed:63:94:f0:f8:3f:bf:fa:7d:42:f3:3c:51:
         94:b6:8b:ab:39:e9:81:63:2e:8a:4d:40:bb:34:21:8d:39:9c:
         95:04:cd:a7:3d:8f:21:c1:63:bf:0d:31:54:69:88:48:d0:94:
         19:98:e7:24:f2:b7:c8:20:4f:cd:47:75:fc:a5:36:6e:24:42:
         49:34:a2:95:db:f2:07:72:70:b8:79:9f:9f:4b:bb:94:1d:ee:
         8b:d1:5f:49:b3:d2:19:96:cb:00:42:54:68:6f:00:61:9e:66:
         6c:55:f6:65:21:0b:30:81:c8:ce:5b:a1:a9:e2:fe:32:93:d5:
         ea:9d:60:c8:2e:73:7b:da:00:b0:7a:e3:9c:15:f8:17:f1:88:
         1b:be:3b:fb:f0:0e:06:5f:37:8c:b5:4e:8f:e8:33:7e:88:da:
         67:18:57:3d:dc:60:24:13:a4:ce:68:39:2f:a8:9e:43:1f:b5:
         11:e2:78:8c:d7:f5:0f:e9
 -----BEGIN CERTIFICATE-----
 MIIHMDCCBRigAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCREUx
 DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
 ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxETAPBgNVBAMTCFZQTi1CTEtS
 MREwDwYDVQQpEwhWUE4gQkxLUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4u
 ZGUwHhcNMTgxMDE0MjI0NjM0WhcNMzgxMDE0MjI0NjM0WjCBpzELMAkGA1UEBhMC
 REUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZv
 Lm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGDAWBgNVBAMTD1ZQTi1C
 TEtSLWp1bGl1czERMA8GA1UEKRMIVlBOIEJMS1IxHTAbBgkqhkiG9w0BCQEWDmFy
 Z3VzQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAsRFt
 kM7rZMACsU2m1cXW4aSR5Ohoo+lb5vuU9vAyJLUcZIXod2D6PFEeHsSr2XrjPYCs
 xMf098dARSS4n1WXfEIoKqqqCox40c7P3qOnFENPQ40IPY9Dza/Eqsx/XrJfydTz
 vm0ieuIjMyEUJ2U+zsB3ED+jnreq5B0MV+JgnnWSfaVe66kq+C3tR1ihfzyBSMcl
 W6CxgxO0ON8/N/iXj/gevqPfENocOFXKEmDuahzB4SUt4zw4+ML31fo7Dshwr5gM
 Xj/kooF4pRTuvwCFQiv6LWMIONdX77/lVySo3yqPtce/edeLVraKyoSaaCvcho9G
 5GCSK/vqjBf/jDArhm4QNSAXjvhVOrT7q923ASMMIuljZg5T1ZXnZMAvNjYiZbOY
 Qz1NiDzVMCsVd3SouApJxUejZPM6fs222330hzuNCKlG9+grO8OTFcL4yBNG/dkE
 qrjnCOdhrlJSB5vkHNkdg55M7ZULTbdt46BO4p1e5vRiA2V1F/GIlrUzQCLndGcs
 vKsR1acBBmcbF96OMyOJHdCChKToKvKWFlMiaG5hr1wDtPPrbUVbmOMqQCWdfWsL
 VRVaRjagR525f4HXdSJH6RbNJOcx6Z1D6HppcdGHjvBlDJ/1JPNnhJnD7P8peHPe
 b3fAWLq3eSYoHwiE/LRfdqHdhrD7aLEH79JnkvkCAwEAAaOCAWowggFmMAkGA1Ud
 EwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZp
 Y2F0ZTAdBgNVHQ4EFgQUsbDah+SyK0zNTayFSlMEsRC7/t0wgdUGA1UdIwSBzTCB
 yoAU9nejmSSCuY2DYqL8xHutytZu+eKhgaakgaMwgaAxCzAJBgNVBAYTAkRFMQ8w
 DQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVu
 MRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMREwDwYDVQQDEwhWUE4tQkxLUjER
 MA8GA1UEKRMIVlBOIEJMS1IxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRl
 ggkA1DWSSj/VNdYwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMBEG
 A1UdEQQKMAiCBmp1bGl1czANBgkqhkiG9w0BAQsFAAOCAgEANb2uCYVkQgdUYKH9
 fZ6qobcc2vhrDP7r/oSS2vFvcpBq+/6wb09e8a9n47txbUmNT/1/2ADXwwMUQ3jz
 dI5wHckbQLUHRi3H1A9Qbvvb+xohyMJpq0kNdVkGGx7woFc6SQq4Npf2h+yCm7T2
 pFvDO7CmWuKYYv0wWbtqhI7hcQSdvhmCMcLebsz47rj9t1pobIpqbletYr0gXgzZ
 DiOOwlIJ1hSQ9OqauR4I+ba49Jy840o6C2W/ZAF/zMTfZbYMp4wAZsKiTamE8MNw
 KbQByrBbL8LC15i2J5BE3DzMgkDzMUk3nthe1qOoaoZjOyzILrtl4B8FGgtGXnVd
 6VO+c70/hkbpkl5++c8Z61Bgd6pewj9bBIDLR+zk0XbVXdPHZZ6zKDABhLMK2XTO
 46hEMWibB90cMbYprJ6P6S8Jat7E3yj5MJiFGC3tY5Tw+D+/+n1C8zxRlLaLqznp
 gWMuik1AuzQhjTmclQTNpz2PIcFjvw0xVGmISNCUGZjnJPK3yCBPzUd1/KU2biRC
 STSildvyB3JwuHmfn0u7lB3ui9FfSbPSGZbLAEJUaG8AYZ5mbFX2ZSELMIHIzluh
 qeL+MpPV6p1gyC5ze9oAsHrjnBX4F/GIG747+/AOBl83jLVOj+gzfojaZxhXPdxg
 JBOkzmg5L6ieQx+1EeJ4jNf1D+k=
 -----END CERTIFICATE-----
--- a/BLKR/openvpn/blkr/keys/julius.csr
+++ b/BLKR/openvpn/blkr/keys/julius.csr
@ -0,0 +1,29 @@
 -----BEGIN CERTIFICATE REQUEST-----
 MIIE7TCCAtUCAQAwgacxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
 BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3Jr
 IFNlcnZpY2VzMRgwFgYDVQQDEw9WUE4tQkxLUi1qdWxpdXMxETAPBgNVBCkTCFZQ
 TiBCTEtSMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCCAiIwDQYJKoZI
 hvcNAQEBBQADggIPADCCAgoCggIBALERbZDO62TAArFNptXF1uGkkeToaKPpW+b7
 lPbwMiS1HGSF6Hdg+jxRHh7Eq9l64z2ArMTH9PfHQEUkuJ9Vl3xCKCqqqgqMeNHO
 z96jpxRDT0ONCD2PQ82vxKrMf16yX8nU875tInriIzMhFCdlPs7AdxA/o563quQd
 DFfiYJ51kn2lXuupKvgt7UdYoX88gUjHJVugsYMTtDjfPzf4l4/4Hr6j3xDaHDhV
 yhJg7mocweElLeM8OPjC99X6Ow7IcK+YDF4/5KKBeKUU7r8AhUIr+i1jCDjXV++/
 5VckqN8qj7XHv3nXi1a2isqEmmgr3IaPRuRgkiv76owX/4wwK4ZuEDUgF474VTq0
 +6vdtwEjDCLpY2YOU9WV52TALzY2ImWzmEM9TYg81TArFXd0qLgKScVHo2TzOn7N
 ttt99Ic7jQipRvfoKzvDkxXC+MgTRv3ZBKq45wjnYa5SUgeb5BzZHYOeTO2VC023
 beOgTuKdXub0YgNldRfxiJa1M0Ai53RnLLyrEdWnAQZnGxfejjMjiR3QgoSk6Cry
 lhZTImhuYa9cA7Tz621FW5jjKkAlnX1rC1UVWkY2oEeduX+B13UiR+kWzSTnMemd
 Q+h6aXHRh47wZQyf9STzZ4SZw+z/KXhz3m93wFi6t3kmKB8IhPy0X3ah3Yaw+2ix
 B+/SZ5L5AgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAgEAFPBe9D5F9iT438Exsh0W
 pwPF69IzMr4STgobAIqki6M24+N4SAj41c4pOnS+WoIE1gbGDeHZUJz4K3nk4BbP
 YbS7Y971pNpMGYjf9P29f7o5GiZnVjeKq3bVHf/0eqx0dIqmZnMqPyCzBDW2KIeK
 PjSVka3g1BoDBAObe6FJUcWfQxxu/vjZrzLGLSlA3BmsE+1wTh3vIuewfTVGE00P
 FJyav/mPnGJcj6KPWAby+iOmdH+AkUzlu1TD+D0u87QQ8hBDGRbXb3Twe9SIOV3R
 gwPqBMvGjbb+1HMYUPqhL2vcynv1Pn6+CvCtkxu72tYU63SveEnVIT3td1AxiJrH
 hGfpkgJIE4/JHGn+gWn4kAMCl/iHlC6w32WFg7ce//08e+NtY8pIkP+gyx3wkKEA
 p891vzZrAvOlXpel7R+wd6otQYw64imLhE8KzVhh+hDybOA8Xc9P0EeGzd+Riahc
 StUjrcUy4GsQgBbvy/t6u9PKpFnGGCWOrtiWBwToBt3G9mixt65tnkwF7YdmeuJM
 9T1JAQvAGV8dF7TXSfhfsgFhXF8MPvVQy2njDUKr8UPIRoNFWL43aZrZz6qi4Dub
 FTDU3DbfgKUhjcmmLzLWCyniroHGCHikBVyQ/Elk2yCaNnRQ+QTFt8v9yJYcJMDz
 2OYX8pd3sfHL68WFb3ozhZU=
 -----END CERTIFICATE REQUEST-----
--- a/BLKR/openvpn/blkr/keys/julius.key
+++ b/BLKR/openvpn/blkr/keys/julius.key
@ -0,0 +1,54 @@
 -----BEGIN ENCRYPTED PRIVATE KEY-----
 MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIKFf7x+y0VjICAggA
 MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECKNd68aH723ZBIIJSCSKYMe/zTkn
 g+fRJKj1dcWhw1Lih1uS/Q636GDykHj1DCcQsZjgNcy61FVh/B1Hpd7f2dxRf3vp
 YKDxCnEKAcGjSMsXhkXwc0mz6vPrYNGhdJ5/9SizjW6/+hU/qhi8iZQVPPJU9zVh
 4YUVC8kYHkU8FjgEEOyMPwjtRjxWAuB54Q0Ans1C1wlzz040UEGRfVm5+FkuupUm
 mvMzcJQdwGYcWFZR066xTUkiDm4fCaG9Lc8RXj2TCzUsKsJUlfmoSCO8DHgOqUM/
 6M7TNP6HmIWtX9NOlH7j/dLDIF53afbuDFaoXKdL/6nibZvG/o39IJ3n7hJHeZFB
 Ydfe1b8fCLl4+6O2RFEQfTmbjt9AA1G8bRHdFT80ekD0rUfqBEMetDsHkExHr8Vt
 kscM9KmYxLA1ExnQ07UWRPPqj31dvOg+sIVYBs9Ou5K0yK9vj7rZPK9M6P+Rs5mD
 V0YHCrCzAPLYd8zzWT7uI0hVoDd8ooMoCUXNffzLAwfjormVzR1as3ttIhf0zjz1
 6oqXvby1ACaIqWpRm52LNef7MDcCdv6R1kgB1JR+CWduOTCMQ7yklOY9A+S+E4Xd
 xSRkXTkVh4awVIRdoqmFbgrKlQAoarvZU8V/ayusS6nGx+9j1F9JYXFbp7Dz2kLq
 hLZnO8sOsQo3+s/2nOjhREI+YLBbanSge7t9hYsXEeJ51lwx5luED6ktfFEr2fTs
 AbyoM9JpAolYkyqmDHYH5WmRPeTHLIt0ZKfhnkCroV4KC+zMN1mNzgEbEuZA7eY+
 sAjFMJzsiamCTDlSb8x9VzVBHTeyGW/OFPlzratv1l8/9qZ5YGqOFEyAGLF5956w
 5YEP1ojOe/aYi+zYdablrQkBY//Lxv37ZzwhUclkBKt7iHk3cS5EAFtL6if0vsQ8
 d6W5+dNgkEYcoTbupkjGHXAG/UqbibR4j97WODb+qBdsUl5mIV38Tl9y+rwJjANP
 Xi9pdnFE+O/u/sbXNVNlN/tfu2AS4gfvKccNJJV5kqGHDFwAsuoy5Nado8KHSetR
 FOCLh/ADa8OE071xsqr4z2T9JkpN2aIqiHROCJvOtepZq+8gblmF1VKEnQDTuLFW
 hRMbXkL9Xd3vz02tJCGf+1YKKS+G5cQirVHCxRRAVc7e52Nd5+W+0Ds3xLo3oZIV
 txHZyQ8qFuAw5EzYQ/vVSXfuTFohcrqDQl7DTtlEAcEyRyc5J0oJzRCk4tTvnFdD
 xL+yxb6EqU018Y/aryEOJAhxIullpaCAEAy8WyiUyu9Bf4gx90UVUpXVoU8+WGk3
 /BGyAwmyXCVv/M6rzcSQ2bm1n5ga8SkmZvLH9YC11oir4jM2YY+tFvjeZg0Zcatv
 pdm4XM1bpk3ysf8HatFqBwnd+xR2Uk6l+f3dyhYzcz74VZyqjbrnUgUPwFTZTI7c
 9TA7alPzRqnuL0LBYjs2H4DSih7LPfJTTohrePhMEMpJnewKWayTuWSmMoQlZWOM
 iIzT+KcLxWQSliolEUQ2HytjJ+898WETe2pJaCrA12XJ2fPZcAhuYKdrWD1N5qXb
 lll0Xl08nVxpQ0jRxpoIvjBiwrdPF97BIYaVCXCERQMFu8rFeOzlDPf4H/jtCCSY
 Obv4b5h7XVhKbewKHZsOWprOecetK2goGVO5UAiPsrE2VKugzkg2+5HoV/wC4VBN
 yhImVgK1MsUqFnwSsRNQTRZZ5bUL83urBOlEJvBh2A7Lgo6tVJY+mYCIM5/1UYMA
 2JPyXFn688h+/f0j3p9kGLiLgblsiexu8MT7DABgTrQVd0pb2O/7T7B1/zoMzDW6
 DQhxg/+hW4A4zbxoauup7iRBkLuoc9UjA1p3wa7Kd6bcPesjv0iTjfxGYNhl7dCM
 48eqm2arMd1N9ns3kjKQzbQPswuKx4TjpE4yJ1hPQGWhD5i1znJ4yl3IhIlckHoH
 LAXxeu82HGbMF7qACMO4Xan00o9egawkbqx2sOC8ghBcxi8Jn4zEt5kEgQVcVg4d
 8wIJ2f+D2z7c94ycBv96Cm04QVyNZkm5Gzzf3AQW0wLo1MRaBok+JOiWMEb+dqV0
 /MAZ2KibMxWTkRNfIsJVx88fwupUk+ztM8ZsaAuYRBrMZrnw4LGt70xHhp1V75qp
 6eReNMU3/oZ8JNjP7yoYLX8T9fBlEj9z/ErbyAEmWHZSSwR6sXJIzXr4ywVWHjXk
 U8ZkWMVa0VMozAUdzfMPBjFZwhYBeEguiAYN1Wtvbz//EqnbogxNtTckwTlgD4xI
 ECfVaAsaTCtL8/nOVM11wQhmJYAbMtbi5BFS/KOoCo9N3wse77aFD9PF7bxV8RHk
 JtY/u1seqbLN9ZjGpQCusl22GgvK4Kz80mRrTtDpP0aoT1BTn0Hz6Y4GJRzX0x1Q
 u+fVt0+beC4pjd1mJndpoXG1S2+WHPh3SV2f+ZYiFrQd1uQ5U2dCq6VlfZBgf6xP
 bZoOmcly9NQM4nEszGt9AFGFj5mw234dmQdVwbjcYhMmXSfmI5wCLVyyQBKHrp5V
 kG4eEM8HgXqBrTMVoyA+BNK8SRRUZUD/eN3bwvE2CEkAaVc4QRIJCtJwEvOP3SA2
 EjbcNbdfhIT6OA7AWIMXaLwCTre3vMDU4z26EA7/k4wNKvvpJb49ScgJDMuIS9h5
 BXh0q8B6VvPFGuTVV46uz/gl8fU1cROvCJclCbaUMt4lcna+rgvJWoX2BtOwWfEV
 ZYGHBqPt/94tO+fEWr9e0SqIwZSiyrfTZhfJUZjyDNXTedF4BfWyI0CkC/NfEswG
 P97ozo4un/+P5NseqQN4EXnZR1egUur4mCJz2KCrv9M0LSxwbZK2cjZCqnsIc4U1
 aufbzS5YerTKCduGVvuwCSlA57CeDXlFE89M3hwSD5xp9tJbXNL/q0ufaPCSSV9C
 BMW6SMUvDzKBY1hULCfYCnrrzI0+xfvoBQ5PwiUT7TVqKV4wViWiJ1BSp5uJkein
 hrm3ER4tmS7LX+pNBb49Lgpar2Omivm4/tmgVwhhw9e0X+OnpWqlTAqcti73rHKm
 5zksjTcjTxfjj2kEX8ASXD5I8H2v+hXZrmjE8PV+jA4Gl5fooMF9gp7z3EE3wyeD
 OfI90G7V8F2NBjx9rQx+e1/Sz6yRtEdtUCKWFMTJnSEWTOF2e4I1py0IRvspMOTG
 gQVi7sR0xnQD61dmqU8dWw==
 -----END ENCRYPTED PRIVATE KEY-----
--- a/BLKR/openvpn/blkr/keys/serial
+++ b/BLKR/openvpn/blkr/keys/serial
@ -0,0 +1 @@
 04
--- a/BLKR/openvpn/blkr/keys/serial.old
+++ b/BLKR/openvpn/blkr/keys/serial.old
@ -0,0 +1 @@
 03
--- a/BLKR/openvpn/blkr/keys/server.crt
+++ b/BLKR/openvpn/blkr/keys/server.crt
@ -0,0 +1,141 @@
 Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-BLKR/name=VPN BLKR/emailAddress=argus@oopen.de
        Validity
            Not Before: Oct 14 21:23:17 2018 GMT
            Not After : Oct 14 21:23:17 2038 GMT
        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-BLKR-server/name=VPN BLKR/emailAddress=argus@oopen.de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (4096 bit)
                Modulus:
                    00:e1:41:1d:ef:50:16:69:a2:68:b8:5a:27:ab:a9:
                    df:96:c8:5b:57:dc:81:41:c3:d5:61:48:75:b8:e3:
                    e3:3b:b8:4f:5e:fa:c8:a5:bd:58:7d:90:e1:70:c0:
                    91:fc:df:19:1a:e9:6d:0f:ae:5e:5c:1e:a5:14:ad:
                    d3:2c:09:77:32:3a:84:5e:06:08:ed:4d:05:a0:69:
                    6a:8c:e4:2b:3c:60:07:2f:87:da:19:3d:f9:d6:2c:
                    16:a9:4f:1b:0c:d2:bc:48:5c:90:55:21:98:85:16:
                    93:c7:3b:62:e6:fe:3f:5c:5c:22:6b:8f:81:5a:bd:
                    27:27:b1:af:6c:c1:af:1a:3b:40:33:4b:33:35:7d:
                    21:0b:31:1f:0e:3c:46:77:33:dc:87:e0:82:e0:31:
                    9a:f0:d7:93:a2:a3:89:6b:0b:9a:aa:fb:2b:14:9c:
                    39:a9:fe:87:f3:76:6c:e2:0d:60:d2:da:2c:03:7b:
                    ea:48:13:31:93:a2:ab:40:8c:a0:ef:fb:bd:3e:c9:
                    b6:75:ed:35:fd:8b:d7:04:fc:4e:c0:b0:12:af:3b:
                    99:00:71:52:a6:d0:3b:16:f8:5a:98:3c:a2:5b:76:
                    0c:d8:36:35:3a:0a:1a:dc:2f:bd:f8:05:6d:dd:40:
                    df:93:cb:da:92:f0:63:d0:24:7a:e2:2a:ef:af:3e:
                    ad:95:54:27:1f:f4:82:18:ce:b9:e3:9b:e7:76:12:
                    f7:7e:79:4b:45:fe:a9:34:7a:2a:7e:03:0b:57:b7:
                    2e:1f:ff:99:ac:f9:26:94:89:6c:ac:94:fa:01:39:
                    c3:15:12:f2:e8:40:93:43:06:f6:ba:be:ab:58:8c:
                    b3:0c:01:f0:22:2e:f2:a1:3b:07:b1:01:a1:b7:cc:
                    29:a2:c1:59:60:b9:2b:9c:22:5e:03:46:74:dd:d9:
                    9f:04:05:18:3b:34:d6:74:49:13:da:33:7e:83:57:
                    01:e2:9e:a6:ff:36:e4:81:f5:62:23:79:52:a3:13:
                    e1:f3:55:d3:b2:15:9d:ec:ce:5a:78:0e:97:ad:0a:
                    ef:d1:d3:1c:c6:38:1e:a6:56:32:e2:6c:11:8f:26:
                    b9:8d:5b:3a:c0:d6:01:b2:c4:fd:1c:96:31:a4:98:
                    19:2f:c7:e2:f4:49:a7:df:a3:91:49:1e:3d:f0:c1:
                    1e:67:27:54:f6:4f:7a:ec:0a:33:91:d2:7d:86:87:
                    93:d0:7c:14:5d:57:35:86:ee:5a:1c:4d:d3:3d:74:
                    4b:f0:20:af:c9:cc:ab:c7:ec:66:a5:f8:ae:5e:e9:
                    79:a6:8c:e7:2c:fc:76:f2:8b:a5:c4:47:47:40:0f:
                    10:97:14:7d:f5:bd:96:77:25:b6:53:f6:f1:35:ae:
                    96:7e:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            Netscape Cert Type: 
                SSL Server
            Netscape Comment: 
                Easy-RSA Generated Server Certificate
            X509v3 Subject Key Identifier: 
                10:58:52:1D:17:5E:26:24:8B:10:AA:B2:C7:F9:CF:88:7E:2E:2B:7E
            X509v3 Authority Key Identifier: 
                keyid:F6:77:A3:99:24:82:B9:8D:83:62:A2:FC:C4:7B:AD:CA:D6:6E:F9:E2
                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-BLKR/name=VPN BLKR/emailAddress=argus@oopen.de
                serial:D4:35:92:4A:3F:D5:35:D6
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication
            X509v3 Key Usage: 
                Digital Signature, Key Encipherment
            X509v3 Subject Alternative Name: 
                DNS:server
    Signature Algorithm: sha256WithRSAEncryption
         d3:04:a5:22:2f:3f:f0:2c:4b:17:42:7e:cf:60:01:3f:13:95:
         63:37:bb:94:60:fd:77:0f:38:4b:d0:72:cd:17:bc:e4:ca:ad:
         4f:85:e2:7c:ab:e1:cb:c5:b9:08:9d:2a:bb:29:e1:c2:33:42:
         26:de:25:7e:a1:fe:5c:79:3c:37:9c:dd:ed:3d:86:15:e1:84:
         69:95:ff:91:de:18:f3:1f:a8:41:7a:77:c2:d9:b4:da:74:af:
         c3:bc:b5:49:92:e1:12:5c:07:51:ac:15:67:8d:8c:a5:83:3d:
         a3:99:80:f5:f4:20:41:78:29:4c:bf:ec:6d:9b:30:c6:0e:db:
         b1:6b:e9:58:3d:e3:aa:b0:9d:eb:43:2b:c1:f0:69:ae:34:65:
         b2:3f:bb:bb:ef:51:87:73:18:d4:0c:f6:07:f2:f9:d9:91:fe:
         46:fa:de:dd:86:6d:7c:e7:bc:c0:c9:c8:60:90:2c:c5:da:bf:
         71:28:50:13:7c:37:6b:47:bc:b4:7a:a9:3f:bc:67:81:cf:ed:
         94:bb:54:3c:00:46:01:0a:e4:73:24:64:71:a0:7f:44:dd:ba:
         83:3b:42:a0:9f:1c:0f:fd:31:bd:e0:d5:b7:69:22:9d:63:dc:
         f9:94:b8:57:c4:7d:a3:52:29:c7:a1:78:c0:0f:f6:72:ab:75:
         9d:5c:c8:2c:05:c9:2f:e4:73:1d:fd:41:8a:69:87:c9:be:c0:
         7b:b7:ce:7a:d5:f9:04:f6:9f:c9:4b:c4:76:2a:d1:73:67:e6:
         e5:8e:04:9e:01:e9:7b:62:84:12:54:f3:29:af:83:45:a7:e2:
         bb:c2:2a:8c:16:68:5b:37:67:dd:18:47:67:03:0b:ff:0f:6e:
         c4:71:0b:c2:a7:a6:e4:d8:4e:9e:4c:d8:a1:5d:4b:9e:24:02:
         b9:bf:8d:3d:fd:64:66:34:32:a7:d3:e9:ab:cf:dc:2b:48:67:
         ff:63:be:b9:d2:e5:74:4d:53:10:d2:31:b0:44:23:1a:29:6d:
         35:00:98:39:2b:82:74:2e:73:75:dd:47:9a:e8:6d:72:ed:31:
         53:b5:53:b9:71:46:3d:84:25:79:ee:3d:90:cc:48:9d:bd:5d:
         8b:31:93:61:2f:4c:3f:87:92:45:ab:9a:e9:4c:01:6d:51:c9:
         4d:ea:f7:35:11:cf:d3:83:c6:48:4b:a8:f5:14:d1:a0:19:3f:
         27:04:2e:0a:61:5e:d5:53:53:15:47:ed:25:2d:db:14:26:8b:
         16:b0:58:6d:91:9a:a2:5e:a4:94:d6:a2:0d:3e:83:ff:7c:19:
         0d:2d:19:97:e5:1b:e1:a2:f4:56:96:bb:11:47:2c:a3:98:94:
         a4:ad:7e:3d:5b:51:24:59
 -----BEGIN CERTIFICATE-----
 MIIHSjCCBTKgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCREUx
 DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
 ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxETAPBgNVBAMTCFZQTi1CTEtS
 MREwDwYDVQQpEwhWUE4gQkxLUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4u
 ZGUwHhcNMTgxMDE0MjEyMzE3WhcNMzgxMDE0MjEyMzE3WjCBpzELMAkGA1UEBhMC
 REUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZv
 Lm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGDAWBgNVBAMTD1ZQTi1C
 TEtSLXNlcnZlcjERMA8GA1UEKRMIVlBOIEJMS1IxHTAbBgkqhkiG9w0BCQEWDmFy
 Z3VzQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4UEd
 71AWaaJouFonq6nflshbV9yBQcPVYUh1uOPjO7hPXvrIpb1YfZDhcMCR/N8ZGult
 D65eXB6lFK3TLAl3MjqEXgYI7U0FoGlqjOQrPGAHL4faGT351iwWqU8bDNK8SFyQ
 VSGYhRaTxzti5v4/XFwia4+BWr0nJ7GvbMGvGjtAM0szNX0hCzEfDjxGdzPch+CC
 4DGa8NeToqOJawuaqvsrFJw5qf6H83Zs4g1g0tosA3vqSBMxk6KrQIyg7/u9Psm2
 de01/YvXBPxOwLASrzuZAHFSptA7FvhamDyiW3YM2DY1Ogoa3C+9+AVt3UDfk8va
 kvBj0CR64irvrz6tlVQnH/SCGM6545vndhL3fnlLRf6pNHoqfgMLV7cuH/+ZrPkm
 lIlsrJT6ATnDFRLy6ECTQwb2ur6rWIyzDAHwIi7yoTsHsQGht8wposFZYLkrnCJe
 A0Z03dmfBAUYOzTWdEkT2jN+g1cB4p6m/zbkgfViI3lSoxPh81XTshWd7M5aeA6X
 rQrv0dMcxjgeplYy4mwRjya5jVs6wNYBssT9HJYxpJgZL8fi9Emn36ORSR498MEe
 ZydU9k967AozkdJ9hoeT0HwUXVc1hu5aHE3TPXRL8CCvycyrx+xmpfiuXul5pozn
 LPx28oulxEdHQA8QlxR99b2WdyW2U/bxNa6WficCAwEAAaOCAYQwggGAMAkGA1Ud
 EwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMDQGCWCGSAGG+EIBDQQnFiVFYXN5LVJT
 QSBHZW5lcmF0ZWQgU2VydmVyIENlcnRpZmljYXRlMB0GA1UdDgQWBBQQWFIdF14m
 JIsQqrLH+c+Ifi4rfjCB1QYDVR0jBIHNMIHKgBT2d6OZJIK5jYNiovzEe63K1m75
 4qGBpqSBozCBoDELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UE
 BxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2Vy
 dmljZXMxETAPBgNVBAMTCFZQTi1CTEtSMREwDwYDVQQpEwhWUE4gQkxLUjEdMBsG
 CSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDUNZJKP9U11jATBgNVHSUEDDAK
 BggrBgEFBQcDATALBgNVHQ8EBAMCBaAwEQYDVR0RBAowCIIGc2VydmVyMA0GCSqG
 SIb3DQEBCwUAA4ICAQDTBKUiLz/wLEsXQn7PYAE/E5VjN7uUYP13DzhL0HLNF7zk
 yq1PheJ8q+HLxbkInSq7KeHCM0Im3iV+of5ceTw3nN3tPYYV4YRplf+R3hjzH6hB
 enfC2bTadK/DvLVJkuESXAdRrBVnjYylgz2jmYD19CBBeClMv+xtmzDGDtuxa+lY
 PeOqsJ3rQyvB8GmuNGWyP7u771GHcxjUDPYH8vnZkf5G+t7dhm1857zAychgkCzF
 2r9xKFATfDdrR7y0eqk/vGeBz+2Uu1Q8AEYBCuRzJGRxoH9E3bqDO0KgnxwP/TG9
 4NW3aSKdY9z5lLhXxH2jUinHoXjAD/Zyq3WdXMgsBckv5HMd/UGKaYfJvsB7t856
 1fkE9p/JS8R2KtFzZ+bljgSeAel7YoQSVPMpr4NFp+K7wiqMFmhbN2fdGEdnAwv/
 D27EcQvCp6bk2E6eTNihXUueJAK5v409/WRmNDKn0+mrz9wrSGf/Y7650uV0TVMQ
 0jGwRCMaKW01AJg5K4J0LnN13Uea6G1y7TFTtVO5cUY9hCV57j2QzEidvV2LMZNh
 L0w/h5JFq5rpTAFtUclN6vc1Ec/Tg8ZIS6j1FNGgGT8nBC4KYV7VU1MVR+0lLdsU
 JosWsFhtkZqiXqSU1qINPoP/fBkNLRmX5RvhovRWlrsRRyyjmJSkrX49W1EkWQ==
 -----END CERTIFICATE-----
--- a/BLKR/openvpn/blkr/keys/server.csr
+++ b/BLKR/openvpn/blkr/keys/server.csr
@ -0,0 +1,29 @@
 -----BEGIN CERTIFICATE REQUEST-----
 MIIE7TCCAtUCAQAwgacxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
 BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3Jr
 IFNlcnZpY2VzMRgwFgYDVQQDEw9WUE4tQkxLUi1zZXJ2ZXIxETAPBgNVBCkTCFZQ
 TiBCTEtSMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCCAiIwDQYJKoZI
 hvcNAQEBBQADggIPADCCAgoCggIBAOFBHe9QFmmiaLhaJ6up35bIW1fcgUHD1WFI
 dbjj4zu4T176yKW9WH2Q4XDAkfzfGRrpbQ+uXlwepRSt0ywJdzI6hF4GCO1NBaBp
 aozkKzxgBy+H2hk9+dYsFqlPGwzSvEhckFUhmIUWk8c7Yub+P1xcImuPgVq9Jyex
 r2zBrxo7QDNLMzV9IQsxHw48Rncz3IfgguAxmvDXk6KjiWsLmqr7KxScOan+h/N2
 bOINYNLaLAN76kgTMZOiq0CMoO/7vT7JtnXtNf2L1wT8TsCwEq87mQBxUqbQOxb4
 Wpg8olt2DNg2NToKGtwvvfgFbd1A35PL2pLwY9AkeuIq768+rZVUJx/0ghjOueOb
 53YS9355S0X+qTR6Kn4DC1e3Lh//maz5JpSJbKyU+gE5wxUS8uhAk0MG9rq+q1iM
 swwB8CIu8qE7B7EBobfMKaLBWWC5K5wiXgNGdN3ZnwQFGDs01nRJE9ozfoNXAeKe
 pv825IH1YiN5UqMT4fNV07IVnezOWngOl60K79HTHMY4HqZWMuJsEY8muY1bOsDW
 AbLE/RyWMaSYGS/H4vRJp9+jkUkePfDBHmcnVPZPeuwKM5HSfYaHk9B8FF1XNYbu
 WhxN0z10S/Agr8nMq8fsZqX4rl7peaaM5yz8dvKLpcRHR0APEJcUffW9lncltlP2
 8TWuln4nAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAgEABbfyfEBgiXif6QpJMQLI
 FXdD3ARX1xcaWp0Ym1QKfn9/PLSaCpPQGB0sgFNzG+NMwcHToQwXY8fUXlTX0NPq
 ocaaohiVdCqYzTovW95upyafd0Ccmb8e5rlJRi8r++M9jGsKqKcZZdn/2mPYxWrR
 UOnw8ORLKlgI0wC0UlYPt6OFoXcU6hzV5+tDKPilMT4WQRHvtUfcRqm9aqpdcPHo
 Hi7Jxei5jD4+cRiP/So9g0f1+KbTDv7ydmT45ujpMRdfX0v6YmekEmVeVK4Ouycj
 H89xTZG8hnMA9Jbi+Rw5x9UbXlGwIXpL8gWWa0sNLaT9TtQ8osd0+b7sEEkVcuPt
 FL42kI1Cx/VnsWKsiNHB3GTnENcrNKgtnA2QU5Tc9dXCiCflUp8LjDjIPotTuubL
 C0C6k/+5VYaDbnmv6rZJ106fc+t5pYPt+ds/HBwa58DWcgE72s+jl+VHa/PWAHJI
 GEP3XZ2631t2Tu6dOLnEzW8NOF+mKmFzI0rqj1+7m20gZBBR73MqmzgGsdRHZn8E
 fzROQ4xQ/4Ee4jS+ZKu8Z6H+BGGMronR5CuJeWAg0JTeTK6DVsxQZPb8FAPIQmn0
 3UDrWExpbrH+RFpbtjP1d/6Vutr8+kxRR99xZtNoJq+pXh4Mgs8Pz0u7ZHeIWYLN
 bH5ShGUWAi5FI2otpiMX7IM=
 -----END CERTIFICATE REQUEST-----
--- a/BLKR/openvpn/blkr/keys/server.key
+++ b/BLKR/openvpn/blkr/keys/server.key
@ -0,0 +1,52 @@
 -----BEGIN PRIVATE KEY-----
 MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDhQR3vUBZpomi4
 Wierqd+WyFtX3IFBw9VhSHW44+M7uE9e+silvVh9kOFwwJH83xka6W0Prl5cHqUU
 rdMsCXcyOoReBgjtTQWgaWqM5Cs8YAcvh9oZPfnWLBapTxsM0rxIXJBVIZiFFpPH
 O2Lm/j9cXCJrj4FavScnsa9swa8aO0AzSzM1fSELMR8OPEZ3M9yH4ILgMZrw15Oi
 o4lrC5qq+ysUnDmp/ofzdmziDWDS2iwDe+pIEzGToqtAjKDv+70+ybZ17TX9i9cE
 /E7AsBKvO5kAcVKm0DsW+FqYPKJbdgzYNjU6ChrcL734BW3dQN+Ty9qS8GPQJHri
 Ku+vPq2VVCcf9IIYzrnjm+d2Evd+eUtF/qk0eip+AwtXty4f/5ms+SaUiWyslPoB
 OcMVEvLoQJNDBva6vqtYjLMMAfAiLvKhOwexAaG3zCmiwVlguSucIl4DRnTd2Z8E
 BRg7NNZ0SRPaM36DVwHinqb/NuSB9WIjeVKjE+HzVdOyFZ3szlp4DpetCu/R0xzG
 OB6mVjLibBGPJrmNWzrA1gGyxP0cljGkmBkvx+L0Saffo5FJHj3wwR5nJ1T2T3rs
 CjOR0n2Gh5PQfBRdVzWG7locTdM9dEvwIK/JzKvH7Gal+K5e6XmmjOcs/Hbyi6XE
 R0dADxCXFH31vZZ3JbZT9vE1rpZ+JwIDAQABAoICAAkzdLqSxeeYt7hYDmjHrpdl
 Jb4IBsud6ThpEk30GRMWaz+Q9OM4QcYXRe4qH4x5vHfJ8yeB0t7mbY3Tr92LoW/O
 zhtdGb4/uCweQjjxFQcJUSHS5cjELFFgSaiuz4cNkJ1QEqE3lxhQnMa1mUugNQxb
 wxgrq3f+Y/wOGQFTRAjJRM0TlErqCpB/eCpHsgUqfCacuBvaSt7tn100WueheLbl
 PZRA8WYNPJZoTvhI3ZyfRs75n89D4XGLYn1ngSdsXAWVjbtxbhQmQykz+S+Lwaeg
 wpYvCtY/iTpd+K1hRKyBvPKT/EabpQ87cAISjrNL9BYAbLQ1143n/5D/efzpjYOJ
 ZzR14cLfbT92cwvHJ8fK8YlrS81Ap2KRZ2zQDb2YzykrQVzePk4iuSONDZ7cLY+y
 /vjU5k+5f7l77SHdcYAET8zZ+Svf35IGCxsU0YSGWA64F6Y2V1CDBBc27PwrcO39
 NFfU4HSmwPWHjNO3cYeqnoSBsH/YjgsxOW77CS9odbi3qCAl/UbD+1emFn9zkCNO
 zNLwzyan/imRZTxGzDbJswqpphgiK7DNvKG5YXlmmZvZc8worMxNRspa09qloxkm
 j5nrqabhYSgrM6ZGhGkFmYHiTrYENaihs+PilCtf3Y8mqpmK7065hnfbSHKsTDHv
 E/8sa4xwtOzwiLfybN7RAoIBAQDxCwi/aKalHr1E8XlyU0Y7CUZF0+2SwuJPKN/e
 +Kmzrej7XJj2HML7KYOiTdpjC0IjtzcOGRLoOZDOlOg4bUIDz7Pv0r0Uy8VPiAvc
 rXsrPBKbyinBHE+8bqdDqUm76bUUTKBRBM76Bix0kvThTloXC0shLsFbW2ws+i0V
 chDlAiUF3zgTPthcdjGHWpinfUL3qkth03GoRwAGdDnnYxte51IHc/oU/plibSvJ
 HbSmxh/YbRHgLce+oz7PP7XzAaVgwzMQphskzI6beai1bAJ4LKyeM0g3cRw86fmW
 a8U+29M09HeiwNv51Ylru2M7B9wOeJ5cXLaP8uUO7xhhI8u5AoIBAQDvO0dld3kg
 IJA6/QqqcBtLO12lZjLfsYIwlgocoGjCnsk2EFqrM/PUmaswQeJwv8h8bMAmd6eq
 IATJoUSIcsQSSk+G4J9J765vhIGTO8lC6BJz5QKL/Va2hVrXaLfc2RoKkunSYdeh
 ZUJncDOe0KuhsUxrK3sa8FF8XrY0dvs3XcIeif/n96sFzDLSB+YWB02Blm9Qy8P+
 OtkMGtgDhQGC2pe8FZhc8B62ITiV9jsLydK4VoW3hZIDZdE5NhWui8Y3emgg+evX
 LQ213uA25Cqhmyc4moC617WYrWNfrEZ3LJlGYEecwwfbz+gQ+VzOBaX1e81Yvbv4
 awKDoUqd/EjfAoIBAQCL5iCUn1OhID8vxYr8PLLVTuO3YXJQrMWWth2BFwe/nl9L
 jInGxhiwl36r882dkIo5mnvctdbQa6DNFYXWQit/dMx1k/VkHYSOTWK9GP8Ur9AJ
 FYO4bgslTX/M+HMwGkub1YFypHzQhkbE/gocvlHxb/+R6cYVlPErBaSm/sYpdF4y
 k0TDfsUqnPrQGVfiVgRJJFCOHZ+o0FSGamy1DEN1iIKGityJ1N8HTl+MYa5Y4ULY
 ZS1r1IZK8gphVRPwT3NBvuljb1Tvvb3DJRAzA9ZHE364bwEqFH8UJ6RRlokrm4Bx
 CrZpAtBpp3MT0PWd7EjfKUiYSMM4tvwU99ZJgvIZAoIBAAJtbo8IBFGgIvaGRMpv
 8sbzpkKcY93DNlf53cZmlkmLRO1ogxMDpvC8UnFd6cdNGuKwU87QHgJq6sGFAmYE
 DBtHZ8EtnFAqv3FgPdRZofQs2KsWYs0619toRQC0jlEOXuZGkVrSJVb86QyVpeBx
 q5wraWQY/9nJIHqLl3u2zVvFdsfKjK804yZe6REahWopzs6G0UBXoPh+bl9iElkO
 y3Ihd7Kv4WjoAtfERIe5BOZcuOen8RlooI+qQ9I5y0SHJI7BjjbvckYvrdjvlwTX
 kdsr8NzxLGc48x3GfKCm5dwltrRxG6jqjbTcSjWJ4jgw9HsmM3I4EqU1qMPfKhuq
 SK8CggEANiZ4CXH/8lAumxt4E+cPkJRgkna4VEXHDUWm4GkyzpclOY3ui7wNxpAX
 oPY4EVW7Awjk5Gl0je9w1zArJgB4j4yXHvL3X+5Spibun0rTHNMfuNdGrSwPMMhk
 CJCvo3AkquM9iekhF7PPxGbv3BtPmlSytcUeYzJDbZpDPbWT06ib/V4+24n8R4lL
 wYVHyLxSnuRYY0XOyo0TzlPnpydPchwZuf/bp0SznVObAKJPjVSl2fmQTJZW5f+2
 WKFAP3/XULPZWdTtk89Ok2zqWNADmT0AafCdUuwUnSaxq/UNyxcKv21l59TalTlc
 ls75nOE80Jj550Qyx2xusNMQkzHSjw==
 -----END PRIVATE KEY-----
--- a/BLKR/openvpn/blkr/keys/ta.key
+++ b/BLKR/openvpn/blkr/keys/ta.key
@ -0,0 +1,21 @@
 #
 # 2048 bit OpenVPN static key
 #
 -----BEGIN OpenVPN Static key V1-----
 b185215657011d3b8e96ff855a3f90ba
 94131670f65a203848ac7040329594ae
 e867c606a0df1d12c265d7ec7d4dbd91
 c38c1e2103405f6b5c345548da2ae3e9
 6ddf55904f191037d673dc454e31dac7
 d6dd17917b0a045914860b19d310e541
 7bd707c41a3ed7d3b2d6fe522419a1d4
 cd929a7e2aa6183a0c83a4b212cbe96b
 e9bef5a76b621ef947858f96be60229f
 e2107488c6f0a50e7f3acfe5a27952db
 53f6e8156b7d10b4da35861906b81558
 f8a24a15f2311d592a0d6186a95261e8
 f186ec3f54672edec2d04b4c99e5666a
 815684b3129721e82c24482438ea4c7b
 80585ab2e4fd43cba32bede430bfa685
 cfc5755d9b1087aa3ec4299583e1f0a6
 -----END OpenVPN Static key V1-----
--- a/BLKR/openvpn/gw-ckubu/client-configs/gw-ckubu.conf
+++ b/BLKR/openvpn/gw-ckubu/client-configs/gw-ckubu.conf
@ -0,0 +1,285 @@
 ##############################################
 # Sample client-side OpenVPN 2.0 config file #
 # for connecting to multi-client server.     #
 #                                            #
 # This configuration can be used by multiple #
 # clients, however each client should have   #
 # its own cert and key files.                #
 #                                            #
 # On Windows, you might want to rename this  #
 # file so it has a .ovpn extension           #
 ##############################################
 # Specify that we are a client and that we
 # will be pulling certain config file directives
 # from the server.
 client
 # Use the same setting as you are using on
 # the server.
 # On most systems, the VPN will not function
 # unless you partially or fully disable
 # the firewall for the TUN/TAP interface.
 ;dev tap
 dev tun
 # Are we connecting to a TCP or
 # UDP server?  Use the same setting as
 # on the server
 proto udp
 # The hostname/IP and port of the server.
 # You can have multiple remote entries
 # to load balance between the servers.
 remote gw-blkr.oopen.de 1195
 topology subnet
 # Keep trying indefinitely to resolve the
 # host name of the OpenVPN server.  Very useful
 # on machines which are not permanently connected
 # to the internet such as laptops.
 resolv-retry infinite
 # Most clients don't need to bind to
 # a specific local port number.
 nobind
 # Try to preserve some state across restarts.
 persist-key
 persist-tun
 # Server CA
 <ca>
 -----BEGIN CERTIFICATE-----
 MIIG0jCCBLqgAwIBAgIJAPmS0q/SPu+dMA0GCSqGSIb3DQEBCwUAMIGgMQswCQYD
 VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
 BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczERMA8GA1UEAxMI
 VlBOLUJMS1IxETAPBgNVBCkTCFZQTiBCTEtSMR0wGwYJKoZIhvcNAQkBFg5hcmd1
 c0Bvb3Blbi5kZTAgFw0xODEwMTQyMTQzMTVaGA8yMDUwMTAxNDIxNDMxNVowgaAx
 CzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEP
 MA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMREwDwYD
 VQQDEwhWUE4tQkxLUjERMA8GA1UEKRMIVlBOIEJMS1IxHTAbBgkqhkiG9w0BCQEW
 DmFyZ3VzQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA
 uV3aM8LnLlwhgci+qrzCkLAUk+A6VrXDc0cjJwwnliomKYckvwjGSG+7JCaBfPIQ
 TvBqoEbcbGo165qDNadcfM+s2E+Whda2FFUgUHujrQ69bsACuKGFarZqQUHqhmHC
 m/MSWZ39o+2A+4L4gIQzkLpPHOHRNArJfEkYVkGBaqU+TlzaGX9a4MUNyPQgjwWB
 cVDzOke/3PRUgaEq8U8kWsDw21y4cdS5Qhbd9/ijRbTFU37gfGWAz2E88flZzah2
 sTulBiHpaWaL+9K97UlHQ0RER0WmdgA0Ow90iqs7Sm6eDlJcafXFKh0Vu9lYnwpu
 /mrkWtk8EAl6xCq/VwMzrVebchomA11xDpzZLg2Xej4wLMsZ7ZVr+YixCJY06SA0
 Z/GMgq9vEn23P46CU9ZIjOPWpTXotXNGQbjWaJVRNuvlFvbF2URibo3ncjyPC6sR
 StIShahqLqG0tQ8YpT35+Zz6MuK7kUXIabMic/MFGX6o174ghOV1FhzrVC0GnnzT
 +217n5vVABf8aD+jAooSFaByXYlHorAxxjcD3JKwsFalvASYK5Mt89jeVjxIl7tr
 h1XMgnj6pMA6Dlj067bEvWS6oWrxlfKJhySmjOT3TgY4cUjgquTTyZE3Q0WlOhRi
 rHFqWNUKMs4fji5vCFYU7NbEqiQqMwSOzirVTvDqTpMCAwEAAaOCAQkwggEFMB0G
 A1UdDgQWBBS0GaTbhypyt98E5gZmorH+Brmj+jCB1QYDVR0jBIHNMIHKgBS0GaTb
 hypyt98E5gZmorH+Brmj+qGBpqSBozCBoDELMAkGA1UEBhMCREUxDzANBgNVBAgT
 BkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNV
 BAsTEE5ldHdvcmsgU2VydmljZXMxETAPBgNVBAMTCFZQTi1CTEtSMREwDwYDVQQp
 EwhWUE4gQkxLUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQD5ktKv
 0j7vnTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQBMPRcUtDO57n8k
 F7XtxpKEBUsIorlBDp3H8G0bleWlLA013s4rAD90nG2F5g5WTQQ3hnRX0K/JllaT
 8u4M/Qr3HHlnZGQVt2aY6bLLN5TkqhMPGqxCIyWrxg0GyGZ55jgff34fj8WRAdl4
 ylKCK19QclctlkSKyFlVLd+w5IMA1rb75oN00klgmemXSA2tQ1YcydOleR9ar+FB
 8jZifx+DKGUP/n9HpSld5Q+/+zbPmQXItwm57odBeRPmyLgWCUKh5EvJ3Er5VR/k
 hUgNzih8vNZcjWYcahcncZ7O30JIX4UcDPlPHpLUKbir9BA4jgVeM8cyhpity8dU
 Jmnt9S7o8owBPXWtZ/Mg2kzY80LSocOrsh8TeVRdQ/3uexj1ytLuPNku9s5QiU04
 ziTVzGl805PypcfT+xqONUi5hBjAF3/V0w34CtzKn+icmu1xbdQL3iEj39fY9V3T
 mbxbcAxUkoYwXI67scVAEbgbxDwN7yA4ztKRDsIWC0hE1rc0Yt27w6Yf6Fk7BxXT
 4eL5te0j9145lc2S2vQGFHMq1yW55a4v3EW5qJIxy500IQvRBtpe0iWqO9TZamIk
 DD6m50VdZ0VyjrHcYenKXDqf6RBQjcK5fyOYXC0YAcMEj6s+Sy+VNIdsYFvYvaL/
 7oLu/GfpkhX92MNOQeIucACdcIwpeg==
 -----END CERTIFICATE-----
 </ca>
 # Client Certificate
 <cert>
 -----BEGIN CERTIFICATE-----
 MIIHNDCCBRygAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCREUx
 DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
 ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxETAPBgNVBAMTCFZQTi1CTEtS
 MREwDwYDVQQpEwhWUE4gQkxLUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4u
 ZGUwHhcNMTgxMDE0MjIwOTUyWhcNMzgxMDE0MjIwOTUyWjCBqTELMAkGA1UEBhMC
 REUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZv
 Lm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGjAYBgNVBAMTEVZQTi1C
 TEtSLWd3LWNrdWJ1MREwDwYDVQQpEwhWUE4gQkxLUjEdMBsGCSqGSIb3DQEJARYO
 YXJndXNAb29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDf
 OEi1vK7bOIinZlafM/w37W/h5zxMPFAi6ImYzceJUntiaR28KWeUicMtuFK5UdOw
 fKZ+qO//DisQRKVEC4iUCnDHfJeB3qrGw6UFvT6kTbEnupZF1TQQ1gr6eZTXSCA/
 cNqqBvhv5Mc3M4dT8wSqYfGZ2c8Ze1/pQyr3j74EwsltS0oLj7yYbJbQwyMX3Fpv
 pGTFN4rvRCvqRR6Y0ZGxuZNkU0mFv/k3+XPcRthCpouNQw3iMaAg9k8dBsN0Mi28
 KWwGsWwTYXG976FtI1QOW4HhQLb0VeDIyv1qA0rsohe6+NePPdgm4GRIk2j+IG2H
 /MfpVe5Obl0HPcFSJPR84GgbVZDLsPEWVBvhhheCr+PZuZ/tKcqoNNZis6pC5KQu
 Vsc5tdV+ZPsonq0RSjZXxzhsegVfJ+OuHlJfmHFbV75ERE2FYDSfEL9tQKs9ZaGX
 cyBKzSV4zQwA8tRKYX6kQP+duIA0MkgahL3gTtlYgGh6liRugSahIZGRltKJiDYG
 /zhyFETDd9cc5hsp1AttbNmCNlnGu45MfE4KTz/0JxdaG50pWsj6TDbV0vrx3EBS
 aQ5tahDSCoCyI2SNh0qfvkIxjsnU39XC6Dl1wo+mepBllB3R0RTe0QpiZGGUPEDg
 5nVODCENoU5CYlSRC2ldhx7AFwYCRptmyr5qBYYHJQIDAQABo4IBbDCCAWgwCQYD
 VR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2VuZXJhdGVkIENlcnRp
 ZmljYXRlMB0GA1UdDgQWBBR/WxfMH2sbgHx9eESrgPskIQkQojCB1QYDVR0jBIHN
 MIHKgBS0GaTbhypyt98E5gZmorH+Brmj+qGBpqSBozCBoDELMAkGA1UEBhMCREUx
 DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
 ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxETAPBgNVBAMTCFZQTi1CTEtS
 MREwDwYDVQQpEwhWUE4gQkxLUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4u
 ZGWCCQD5ktKv0j7vnTATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4Aw
 EwYDVR0RBAwwCoIIZ3ctY2t1YnUwDQYJKoZIhvcNAQELBQADggIBACb7NjUyyb9B
 ofe1d38OTZBK7YC9mAq9ZgDuskXaqTlfQpX6NxMx0KviBj45DncPPYT+mVsYBJGU
 TZeAOUFyuaqDrAAxFl5cSJdD3Ix3FuYp6Wsz61mqLNqbI/JvSY45XhiLH1Fp9aDA
 pA6a7ACO2p9ZkjXE+TeK/JVcwmWX+ah3gvAOEFWUEnb3ZO+NkiGEoFSo4jY5rxiA
 K/kvaccTjukTqmtjGYmcGHVam896FTilSYsW+Jz0ORIP7CbeK9EPdhi7JSoTzAhn
 lOg6C2TVIrHDGNIyUNIadC0uSVmzHH5szpUMYECfILEkebj1Tv1qx9RnqdXSu4KI
 uR+K/kI7OY1KuPhSFGMmEDTIF6tg2HTTeEdGSrgTCDbi5Bqr73aCHGyCvFkdJEkW
 AjsDaA7wVe6j+PRgZhzZf7wA5LAfMO7to9xweI6ZDR4MglH34BcLIPOEewteiArh
 XY3XvUQkOJRr7tnGHi6h9rG8WlThF2JTSUO4Rhbhb5hfWEPyC/e5Mr7zVXFSd07Y
 fEuG/ppln0xtKsYLZMt7U/mzM7A4qLPpGIaWziojEMaxvbDpv1rZawajsoozT5X5
 zDF+VNFnwMEyaRu46zhbouhEcWU5FD8ux6II3aPYH1Bf8ZJ9btfkynHZorh2vFMg
 oBRLp3OUAKaJS3sZtH9cLAmCrlTPoCVk
 -----END CERTIFICATE-----
 </cert>
 # Client Key
 <key>
 -----BEGIN ENCRYPTED PRIVATE KEY-----
 MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIhPf7U8+0luwCAggA
 MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECEbFHS/M/mH2BIIJSLS6wTEg0/zk
 yRDTLJUeb2b/p7Yr819WamxkEraj1NY4f9bi04i75UKt2oKQHav5clCXQVSwmaZn
 rpOTpom42KPEzFcrpztWlwnje/MRSxt80SBEoA68mvPGWR9o2o9t0D7Rl8G+L8HK
 VUqGu+t9XKUnr2h6hFtP0gfTz2nOkRp5sQ1wlrPADYlyjOxdvM4bP4c5pLSmCrwV
 7vait4Lh7mQ7R9t7FJQSNnb3G90+9yjkbWh5ht7s4gyi6cSlwcWcCU/cZg4q1NdG
 TH2gnMe2AWX2TQg8gSypaJV3T6zL2HJhjNA6vRAIbCbWD66LvtVdVOeM+nrNSpHT
 HiqEEDNCCen+Xhz8sai/mwx+oUUx3VvXUtDrve3H3dhpqPHAhIhUNeAaWSv0f1tb
 jPN3He6oB+dZwmPnVgFRzfU8AJIE/vIneDUywYNdgJH9nb3piSiVcHG3/y+6q3fJ
 3f55YbtI4zW4io5o9aXeL7yLhoDA7DrHfNxI9ANTPlL+xvaUz6sUKd3NfOKA5tL4
 h6KgDlWrlVakLhkf8sQMHbvVa91CJYiBwEJbVsd3kITOpRD4JDUu8sN1OZqcC+89
 yRlJ8Xsb09UcARAc4ZmidBbo6bd5smIlcCsOOxO2A/xVzgy2IxoRgN25XIyoxj+S
 NOIXcARHZeU1HBbeoUEXq8TqB6iJWWVszEBEt25UMQDLYsLh/XBp+IlYHvnPu5Os
 D1gktNW1ZNl9NxVXjMlhBVbT7bqeoU4IvMNxFLUMTYMltl+PNeBLKe0Qa33kZGCm
 bICe+aMHEKaxSTdxNQSQAmYkkcuQRaMybnHO4TN+IZ+w5BIcdUgDvumKTQWG5/Kc
 oPPGkYMzT/gQ/JED3HOuaihS6f/jy72Tr4NrVJH2243Xo6NlgNy4bYPMsO/lnLsl
 d60XBDifUrbw7gAxcyisHRJD4DqXFW8y8HAcbGJMBF6O7nbmb/GXYSmSw35//ABf
 +drQtMOib4R5rlq/drK+aAYOEy45AKSojydfrpPIW4lZj9R6z6Utq8ckp4TRT7Ev
 jKf9CRW74pBjm8edfLgo3SNuyIolJwag1+PK+vCTtNXm8XX9et3clAE1pRUCJ4tA
 mUlJwSVpyG2PfhA+Y4XnRLDYoAdK92f+k2TW8vh5jt7wIpfyimFPfA1fnv/tLw+d
 Lr6mQGovAVlMgGW6S45yrp6buxUVVH5wdKtK1XpX/ktTHLD+XuUIERlJ3Iu0hysC
 IW/3R62pWzDnsEdMt2W5RItwwMkPzf74fOh0W5TGJLg4CAbc1NtzZ7PiPFPGecWU
 4DqKlb8+wQKwrOwkSokksxzPneVqg9Cq4ksXNYkdm4tK2lXAqUvS4ZpQM3w5AaoF
 otbx7fME5Y3CmV1mPlO+ENE7++qEHI61XheGphBBO06hD1vGG663WERhHE1CMXGu
 rOot+nUF4lomZhFzQUWLB4cc7bGdbljbXCAGnitTS0xZDl49B6XXMuZp2R+IRPg8
 CKVZynzp2JXjWEx+OzAqic9nGpe5HrDuUjnsnaKvhLvJzkNXg5ryufVOTr2LG2yV
 cKWzUJSDMKFbcyIgbAIHnn1z3wMJqLWNx7RXWUJbHIaO5cpLqPL6njdFq8wqe8LM
 CuYVBH4G7a57B1opNP2Unwe0YlNSH6YGkYO+HfpTubvQB4/lR2CThZvq+9llg9Rv
 7mE6ioSUuh4nGSpY5XKoc1PsZ1E95HnM2p7csKh7vvEws33rGQBD+o4azUqZA5Hz
 G8BHVMiUIZ+cc5vOJvKfgxevocI7yzL38FmploA5tp2HvyoU0KbuAMnZryLVfHuW
 vaoa5OjMcOMf+VZTitl/L+6gSW54VyUsgOacfvfPXXMifuN74v+E+KuUFHaLzPQ0
 exHenaWrN1/C2PcuORiCmqqjhfE1+ku1Ii7wv40zBycFC8pb4NNfTHMvhuGzw9Rq
 8aX+UMp9DsZzRQQDQa9gotzSbr0HEN+SZlnU05yorBvf4CtpV2Q42oYlpRnX5vsx
 wCxdSQFWiVYaL1dEYHa2RmEB2RXhuMuyugqZyPbVNgGLFWb925VgA0WwRMg3N56U
 6YgKyag1yzaxQbYPKs2c/iT+i5QMU6kx7Y6QPVs6zT7/DJvatRViogF1IQDiOS8o
 xtFbbCtQ7NGUsmgz6tsX8mo0oiCUZds1h/NBVUOY58EOYbOKs9Ywaui9ck+cKfGF
 X4dcPQz1sPEHgv4h5q1SpPNY3E2kuF8NSpV/KYznwxGiBV/Ui4rGH2/HmQUXNNQn
 VE3IqqbZs5/exZvdcWquKcTU9xNrclq5BgTkHI5QbGXXK+f3WmNR5rBQbd35UZQC
 cTn4pNSAM3iPJdMEO25ScsIQh8OkmIYvBnmpdMZxexnSpJx6HmOEF/Sf2mfvhz91
 Ah93E0ZF9ciN+6UQ697r3T97cXOeba+w4OhA1kw5Z75c0uOBomK8cfOzaG+vMOwf
 1uXkit13S5O234qzBcGoj3FLUprtooSmWj8f8sCtGK3qDCjZkyMoXWPu54V3jgXT
 IYmQ1Ps9QtMuXOqlN3itwu9BS0eFdQ/tKAQ33HoTMeHQ873Jhn67F9aPFzA+jnH5
 DWZlj/gV0HgZ9GYFLvzVZtjy1BDMTn3CscG9NkwXcu7YEXZANZ2YIeHcS/JwxOva
 DtQdERC0sHT9TSXLM7uL47UaIUoz7Pi6yYn3vJ/4cr2eLRLkfZuDD33gD4EBN/Oe
 DqmkycyrSdhIX6KfFG0sFxCNnkerUVhlxyrrnVP8JHRrfmRb+JV/mMLRv6MpGV8E
 Q/Y4AvkyhS2TJpJo3If7JjYTeihR3Lhq1KkAGoEBY0xkf0MApgq/TTjjU5BT2fD3
 k1Ywd0NzX4y3UmRoXb4+MV9/U0NkcYwhUSEPXgmuAj0vRRoC7sY7zbA7xcR9Gqlk
 0EJESYThFBBHJwKYJ1yEN8E3Ba1fQUKpwrb5sX+2UmniAx+KgLonPaQFcsaT1mFT
 98uJuvO+gMyLHDXv18DBTEsgFkR8lsjs27z1CnouHC9vFDho32Lwsfrpy8ty9p+r
 5WE/h3yOk95IAuX6OmhMPOlmNKskLyO1e0B/rYvksY0K3lf3J0+hUctKmX6e7XjM
 g81V0EyjjYQKhalzUDfHyTrPnNGuMOZOJ0eBmhavSSDGvENdp8lrz6vgjj0o5qaO
 IStU3QrW1Tcg8pvykyA/Lw==
 -----END ENCRYPTED PRIVATE KEY-----
 </key>
 # Verify server certificate by checking
 # that the certicate has the nsCertType
 # field set to "server".  This is an
 # important precaution to protect against
 # a potential attack discussed here:
 #  http://openvpn.net/howto.html#mitm
 #
 # To use this feature, you will need to generate
 # your server certificates with the nsCertType
 # field set to "server".  The build-key-server
 # script in the easy-rsa folder will do this.
 #
 # Note!
 # The option "ns-cert-type" has been deprecated since 
 # version 2.4 and will be removed from later distributions.
 #
 # Use the modern equivalent "remote-cert-tls"
 # 
 ;ns-cert-type server
 remote-cert-tls server
 # If a tls-auth key is used on the server
 # then every client must also have the key.
 #
 # Don't forget to set the 'key-direction' Parameter if using
 # Inline Key. Usualy , sever has key direction '0', while client
 # has ke direction '1'.
 #
 key-direction 1
 <tls-auth>
 -----BEGIN OpenVPN Static key V1-----
 3cf6285cea0c09098e2fd9c4f0b77e10
 17f36672d5dbdfc5c076dcfb15996950
 23483097039a2bd0ed987ec31a2deb2c
 6bc987cebd37dd435e4b591763375f1a
 af3b13a09680897fa379e952948e5c07
 8e314f92317b6ec2b347e80fffaa4371
 998b30ed33ad0570746bc9467434a4c5
 92850f34fb15de8385bb2aade5665048
 2cb73c00d4941411981bdc2c33e4e064
 03a1893991bdd08e645b94e9f959edb0
 397a71dc39558126f3aa83e09748873b
 5035c46ab289a548602e5b9f308562ab
 6ec9a6822b7db0e4641b42764a97ff20
 bd71debf42514513311779410f995974
 e5984887c5e43393cceccf2ddf7191c1
 a49f80dd24d79fc3d9409e9f42cae925
 -----END OpenVPN Static key V1-----
 </tls-auth>
 # Select a cryptographic cipher.
 # If the cipher option is used on the server
 # then you must also specify it here.
 ;cipher BF-CBC        # Blowfish (default)
 ;cipher AES-128-CBC   # AES
 ;cipher DES-EDE3-CBC  # Triple-DES
 cipher AES-128-CBC
 # Enable compression on the VPN link.
 # Don't enable this unless it is also
 # enabled in the server config file.
 ;comp-lzo
 # --auth-nocache
 # 
 # Don't cache --askpass or --auth-user-pass username/passwords in 
 # virtual memory. 
 # If specified, this directive will cause OpenVPN to immediately forget 
 # username/password inputs after they are used. As a result, when OpenVPN 
 # needs a username/password, it will prompt for input from stdin, which may 
 # be multiple times during the duration of an OpenVPN session. 
 #
 # When using --auth-nocache in combination with a user/password file 
 # and --chroot or --daemon, make sure to use an absolute path. 
 #
 # 
 auth-nocache
 # Verbosity level.
 # 0 -- quiet except for fatal errors.
 # 1 -- mostly quiet, but display non-fatal network errors.
 # 3 -- medium output, good for normal operation.
 # 9 -- verbose, good for troubleshooting
 verb 1
 # Setting 'pull' on the client takes care to get the 'push' durectives
 # from the server
 pull
--- a/BLKR/openvpn/gw-ckubu/crl.pem
+++ b/BLKR/openvpn/gw-ckubu/crl.pem
@ -0,0 +1,18 @@
 -----BEGIN X509 CRL-----
 MIIC6TCB0jANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCREUxDzANBgNVBAgT
 BkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNV
 BAsTEE5ldHdvcmsgU2VydmljZXMxETAPBgNVBAMTCFZQTi1CTEtSMREwDwYDVQQp
 EwhWUE4gQkxLUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUXDTE4MTAx
 NDIxNTMyMFoYDzIwNTAxMDE0MjE1MzIwWjANBgkqhkiG9w0BAQsFAAOCAgEADrVw
 HJ3D+lF2Sq5uJch0iqU/edvzn9Y9pWH9sd2PSRhd8qbOXsbta73nTEahaBlb1qbp
 uTMWkq+k54dmw5Ig2QzBSU6u4zVDhTlOS9aP6wwdVXq9230zxaialYGh2mRgr2/C
 fG+aI+XWGY4/Qof6Aekd2CDVhBDnTWAuDTgoAxW1MdaMaAyafTAQjaQ+ibJGKmoZ
 4z0VFYVyDhhuML8uo1c1O0tSXlmTeifeE1vNS2se0d4h4CPMVDRS0bRwu3CmPC5r
 UsIqOr97ShAKcpDp9IQWyUr+HurJSl19Q0oK0kDNO2WqrEf0p2VpgX3/5HcdXV1a
 6Zd9ogJ+nqyl75QgtcVTazGDGl2Fxy6IW6eIHMeVcB+v4ViU0ltMFzz79p3WKJfq
 K680DnFS3RYsxx4t+v3OkDBC+hFUzaxD/GwjhciLiRNg0OTjtIQ/jjctEJnOdENw
 8dYMMnys1K7xU4qcCDYvJIFycrUYGJLydQ0I9368HyLkXX/esS4fL3+RQTPkCoFk
 gNeIsVAp2Uz1mDrXEJw6eCHbwPCZ2zzONJo+xJTz3FY3sHFSwqKmrqQpWi0DNSS2
 gZS5SUIFLU0MWe5UrHew1bF4SdANvH8HDbb0iwSVLnUg41MNa4M1Qv5tj+CZVt9O
 rSHjlEFQuGHixms6mp6B56eLKiwHjMZSSPKTP7s=
 -----END X509 CRL-----
--- a/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/build-ca
+++ b/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/build-ca
@ -0,0 +1 @@
 /usr/share/easy-rsa/build-ca
--- a/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/build-dh
+++ b/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/build-dh
@ -0,0 +1 @@
 /usr/share/easy-rsa/build-dh
--- a/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/build-inter
+++ b/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/build-inter
@ -0,0 +1 @@
 /usr/share/easy-rsa/build-inter
--- a/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/build-key
+++ b/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/build-key
@ -0,0 +1 @@
 /usr/share/easy-rsa/build-key
--- a/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/build-key-pass
+++ b/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/build-key-pass
@ -0,0 +1 @@
 /usr/share/easy-rsa/build-key-pass
--- a/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/build-key-pkcs12
+++ b/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/build-key-pkcs12
@ -0,0 +1 @@
 /usr/share/easy-rsa/build-key-pkcs12
--- a/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/build-key-server
+++ b/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/build-key-server
@ -0,0 +1 @@
 /usr/share/easy-rsa/build-key-server
--- a/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/build-req
+++ b/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/build-req
@ -0,0 +1 @@
 /usr/share/easy-rsa/build-req
--- a/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/build-req-pass
+++ b/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/build-req-pass
@ -0,0 +1 @@
 /usr/share/easy-rsa/build-req-pass
--- a/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/clean-all
+++ b/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/clean-all
@ -0,0 +1 @@
 /usr/share/easy-rsa/clean-all
--- a/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/inherit-inter
+++ b/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/inherit-inter
@ -0,0 +1 @@
 /usr/share/easy-rsa/inherit-inter
--- a/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/list-crl
+++ b/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/list-crl
@ -0,0 +1 @@
 /usr/share/easy-rsa/list-crl
--- a/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/openssl-0.9.6.cnf
+++ b/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/openssl-0.9.6.cnf
@ -0,0 +1,268 @@
 # For use with easy-rsa version 2.0
 #
 # OpenSSL example configuration file.
 # This is mostly being used for generation of certificate requests.
 #
 # This definition stops the following lines choking if HOME isn't
 # defined.
 HOME			= .
 RANDFILE		= $ENV::HOME/.rnd
 # Extra OBJECT IDENTIFIER info:
 #oid_file		= $ENV::HOME/.oid
 oid_section		= new_oids
 # To use this configuration file with the "-extfile" option of the
 # "openssl x509" utility, name here the section containing the
 # X.509v3 extensions to use:
 # extensions		= 
 # (Alternatively, use a configuration file that has only
 # X.509v3 extensions in its main [= default] section.)
 [ new_oids ]
 # We can add new OIDs in here for use by 'ca' and 'req'.
 # Add a simple OID like this:
 # testoid1=1.2.3.4
 # Or use config file substitution like this:
 # testoid2=${testoid1}.5.6
 ####################################################################
 [ ca ]
 default_ca	= CA_default		# The default ca section
 ####################################################################
 [ CA_default ]
 dir		= $ENV::KEY_DIR		# Where everything is kept
 certs		= $dir			# Where the issued certs are kept
 crl_dir		= $dir			# Where the issued crl are kept
 database	= $dir/index.txt	# database index file.
 new_certs_dir	= $dir			# default place for new certs.
 certificate	= $dir/ca.crt	 	# The CA certificate
 serial		= $dir/serial 		# The current serial number
 crl		= $dir/crl.pem 		# The current CRL
 private_key	= $dir/ca.key	 	# The private key
 RANDFILE	= $dir/.rand		# private random number file
 x509_extensions	= usr_cert		# The extentions to add to the cert
 # Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
 # so this is commented out by default to leave a V1 CRL.
 # crl_extensions	= crl_ext
 default_days	= 3650			# how long to certify for
 default_crl_days= 30			# how long before next CRL
 default_md	= sha256		# which md to use.
 preserve	= no			# keep passed DN ordering
 # A few difference way of specifying how similar the request should look
 # For type CA, the listed attributes must be the same, and the optional
 # and supplied fields are just that :-)
 policy		= policy_anything
 # For the CA policy
 [ policy_match ]
 countryName		= match
 stateOrProvinceName	= match
 organizationName	= match
 organizationalUnitName	= optional
 commonName		= supplied
 emailAddress		= optional
 # For the 'anything' policy
 # At this point in time, you must list all acceptable 'object'
 # types.
 [ policy_anything ]
 countryName		= optional
 stateOrProvinceName	= optional
 localityName		= optional
 organizationName	= optional
 organizationalUnitName	= optional
 commonName		= supplied
 emailAddress		= optional
 ####################################################################
 [ req ]
 default_bits		= $ENV::KEY_SIZE
 default_keyfile 	= privkey.pem
 default_md		= sha256
 distinguished_name	= req_distinguished_name
 attributes		= req_attributes
 x509_extensions	= v3_ca	# The extentions to add to the self signed cert
 # Passwords for private keys if not present they will be prompted for
 # input_password = secret
 # output_password = secret
 # This sets a mask for permitted string types. There are several options. 
 # default: PrintableString, T61String, BMPString.
 # pkix	 : PrintableString, BMPString.
 # utf8only: only UTF8Strings.
 # nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
 # MASK:XXXX a literal mask value.
 # WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
 # so use this option with caution!
 string_mask = nombstr
 # req_extensions = v3_req # The extensions to add to a certificate request
 [ req_distinguished_name ]
 countryName			= Country Name (2 letter code)
 countryName_default		= $ENV::KEY_COUNTRY
 countryName_min			= 2
 countryName_max			= 2
 stateOrProvinceName		= State or Province Name (full name)
 stateOrProvinceName_default	= $ENV::KEY_PROVINCE
 localityName			= Locality Name (eg, city)
 localityName_default		= $ENV::KEY_CITY
 0.organizationName		= Organization Name (eg, company)
 0.organizationName_default	= $ENV::KEY_ORG
 # we can do this but it is not needed normally :-)
 #1.organizationName		= Second Organization Name (eg, company)
 #1.organizationName_default	= World Wide Web Pty Ltd
 organizationalUnitName		= Organizational Unit Name (eg, section)
 #organizationalUnitName_default	=
 commonName			= Common Name (eg, your name or your server\'s hostname)
 commonName_max			= 64
 emailAddress			= Email Address
 emailAddress_default		= $ENV::KEY_EMAIL
 emailAddress_max		= 40
 # JY -- added for batch mode
 organizationalUnitName_default = $ENV::KEY_OU
 commonName_default = $ENV::KEY_CN
 # SET-ex3			= SET extension number 3
 [ req_attributes ]
 challengePassword		= A challenge password
 challengePassword_min		= 4
 challengePassword_max		= 20
 unstructuredName		= An optional company name
 [ usr_cert ]
 # These extensions are added when 'ca' signs a request.
 # This goes against PKIX guidelines but some CAs do it and some software
 # requires this to avoid interpreting an end user certificate as a CA.
 basicConstraints=CA:FALSE
 # Here are some examples of the usage of nsCertType. If it is omitted
 # the certificate can be used for anything *except* object signing.
 # This is OK for an SSL server.
 # nsCertType			= server
 # For an object signing certificate this would be used.
 # nsCertType = objsign
 # For normal client use this is typical
 # nsCertType = client, email
 # and for everything including object signing:
 # nsCertType = client, email, objsign
 # This is typical in keyUsage for a client certificate.
 # keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 # This will be displayed in Netscape's comment listbox.
 nsComment			= "Easy-RSA Generated Certificate"
 # PKIX recommendations harmless if included in all certificates.
 subjectKeyIdentifier=hash
 authorityKeyIdentifier=keyid,issuer:always
 extendedKeyUsage=clientAuth
 keyUsage = digitalSignature
 # This stuff is for subjectAltName and issuerAltname.
 # Import the email address.
 # subjectAltName=email:copy
 subjectAltName=$ENV::KEY_ALTNAMES
 # Copy subject details
 # issuerAltName=issuer:copy
 #nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
 #nsBaseUrl
 #nsRevocationUrl
 #nsRenewalUrl
 #nsCaPolicyUrl
 #nsSslServerName
 [ server ]
 # JY ADDED -- Make a cert with nsCertType set to "server"
 basicConstraints=CA:FALSE
 nsCertType			= server
 nsComment			= "Easy-RSA Generated Server Certificate"
 subjectKeyIdentifier=hash
 authorityKeyIdentifier=keyid,issuer:always
 extendedKeyUsage=serverAuth
 keyUsage = digitalSignature, keyEncipherment
 subjectAltName=$ENV::KEY_ALTNAMES
 [ v3_req ]
 # Extensions to add to a certificate request
 basicConstraints = CA:FALSE
 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 [ v3_ca ]
 # Extensions for a typical CA
 # PKIX recommendation.
 subjectKeyIdentifier=hash
 authorityKeyIdentifier=keyid:always,issuer:always
 # This is what PKIX recommends but some broken software chokes on critical
 # extensions.
 #basicConstraints = critical,CA:true
 # So we do this instead.
 basicConstraints = CA:true
 # Key usage: this is typical for a CA certificate. However since it will
 # prevent it being used as an test self-signed certificate it is best
 # left out by default.
 # keyUsage = cRLSign, keyCertSign
 # Some might want this also
 # nsCertType = sslCA, emailCA
 # Include email address in subject alt name: another PKIX recommendation
 # subjectAltName=email:copy
 # Copy issuer details
 # issuerAltName=issuer:copy
 # DER hex encoding of an extension: beware experts only!
 # obj=DER:02:03
 # Where 'obj' is a standard or added object
 # You can even override a supported extension:
 # basicConstraints= critical, DER:30:03:01:01:FF
 [ crl_ext ]
 # CRL extensions.
 # Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
 # issuerAltName=issuer:copy
 authorityKeyIdentifier=keyid:always,issuer:always
--- a/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/openssl-0.9.8.cnf
+++ b/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/openssl-0.9.8.cnf
@ -0,0 +1,293 @@
 # For use with easy-rsa version 2.0
 #
 # OpenSSL example configuration file.
 # This is mostly being used for generation of certificate requests.
 #
 # This definition stops the following lines choking if HOME isn't
 # defined.
 HOME			= .
 RANDFILE		= $ENV::HOME/.rnd
 openssl_conf		= openssl_init
 [ openssl_init ]
 # Extra OBJECT IDENTIFIER info:
 #oid_file		= $ENV::HOME/.oid
 oid_section		= new_oids
 engines                 = engine_section
 # To use this configuration file with the "-extfile" option of the
 # "openssl x509" utility, name here the section containing the
 # X.509v3 extensions to use:
 # extensions		=
 # (Alternatively, use a configuration file that has only
 # X.509v3 extensions in its main [= default] section.)
 [ new_oids ]
 # We can add new OIDs in here for use by 'ca' and 'req'.
 # Add a simple OID like this:
 # testoid1=1.2.3.4
 # Or use config file substitution like this:
 # testoid2=${testoid1}.5.6
 ####################################################################
 [ ca ]
 default_ca	= CA_default		# The default ca section
 ####################################################################
 [ CA_default ]
 dir		= $ENV::KEY_DIR		# Where everything is kept
 certs		= $dir			# Where the issued certs are kept
 crl_dir		= $dir			# Where the issued crl are kept
 database	= $dir/index.txt	# database index file.
 new_certs_dir	= $dir			# default place for new certs.
 certificate	= $dir/ca.crt	 	# The CA certificate
 serial		= $dir/serial 		# The current serial number
 crl		= $dir/crl.pem 		# The current CRL
 private_key	= $dir/ca.key	 	# The private key
 RANDFILE	= $dir/.rand		# private random number file
 x509_extensions	= usr_cert		# The extentions to add to the cert
 # Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
 # so this is commented out by default to leave a V1 CRL.
 # crl_extensions	= crl_ext
 default_days	= 3650			# how long to certify for
 default_crl_days= 30			# how long before next CRL
 default_md	= sha256		# which md to use.
 preserve	= no			# keep passed DN ordering
 # A few difference way of specifying how similar the request should look
 # For type CA, the listed attributes must be the same, and the optional
 # and supplied fields are just that :-)
 policy		= policy_anything
 # For the CA policy
 [ policy_match ]
 countryName		= match
 stateOrProvinceName	= match
 organizationName	= match
 organizationalUnitName	= optional
 commonName		= supplied
 name			= optional
 emailAddress		= optional
 # For the 'anything' policy
 # At this point in time, you must list all acceptable 'object'
 # types.
 [ policy_anything ]
 countryName		= optional
 stateOrProvinceName	= optional
 localityName		= optional
 organizationName	= optional
 organizationalUnitName	= optional
 commonName		= supplied
 name			= optional
 emailAddress		= optional
 ####################################################################
 [ req ]
 default_bits		= $ENV::KEY_SIZE
 default_keyfile 	= privkey.pem
 default_md		= sha256
 distinguished_name	= req_distinguished_name
 attributes		= req_attributes
 x509_extensions	= v3_ca	# The extentions to add to the self signed cert
 # Passwords for private keys if not present they will be prompted for
 # input_password = secret
 # output_password = secret
 # This sets a mask for permitted string types. There are several options.
 # default: PrintableString, T61String, BMPString.
 # pkix	 : PrintableString, BMPString.
 # utf8only: only UTF8Strings.
 # nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
 # MASK:XXXX a literal mask value.
 # WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
 # so use this option with caution!
 string_mask = nombstr
 # req_extensions = v3_req # The extensions to add to a certificate request
 [ req_distinguished_name ]
 countryName			= Country Name (2 letter code)
 countryName_default		= $ENV::KEY_COUNTRY
 countryName_min			= 2
 countryName_max			= 2
 stateOrProvinceName		= State or Province Name (full name)
 stateOrProvinceName_default	= $ENV::KEY_PROVINCE
 localityName			= Locality Name (eg, city)
 localityName_default		= $ENV::KEY_CITY
 0.organizationName		= Organization Name (eg, company)
 0.organizationName_default	= $ENV::KEY_ORG
 # we can do this but it is not needed normally :-)
 #1.organizationName		= Second Organization Name (eg, company)
 #1.organizationName_default	= World Wide Web Pty Ltd
 organizationalUnitName		= Organizational Unit Name (eg, section)
 #organizationalUnitName_default	=
 commonName			= Common Name (eg, your name or your server\'s hostname)
 commonName_max			= 64
 name				= Name
 name_max			= 64
 emailAddress			= Email Address
 emailAddress_default		= $ENV::KEY_EMAIL
 emailAddress_max		= 40
 # JY -- added for batch mode
 organizationalUnitName_default = $ENV::KEY_OU
 commonName_default = $ENV::KEY_CN
 name_default = $ENV::KEY_NAME
 # SET-ex3			= SET extension number 3
 [ req_attributes ]
 challengePassword		= A challenge password
 challengePassword_min		= 4
 challengePassword_max		= 20
 unstructuredName		= An optional company name
 [ usr_cert ]
 # These extensions are added when 'ca' signs a request.
 # This goes against PKIX guidelines but some CAs do it and some software
 # requires this to avoid interpreting an end user certificate as a CA.
 basicConstraints=CA:FALSE
 # Here are some examples of the usage of nsCertType. If it is omitted
 # the certificate can be used for anything *except* object signing.
 # This is OK for an SSL server.
 # nsCertType			= server
 # For an object signing certificate this would be used.
 # nsCertType = objsign
 # For normal client use this is typical
 # nsCertType = client, email
 # and for everything including object signing:
 # nsCertType = client, email, objsign
 # This is typical in keyUsage for a client certificate.
 # keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 # This will be displayed in Netscape's comment listbox.
 nsComment			= "Easy-RSA Generated Certificate"
 # PKIX recommendations harmless if included in all certificates.
 subjectKeyIdentifier=hash
 authorityKeyIdentifier=keyid,issuer:always
 extendedKeyUsage=clientAuth
 keyUsage = digitalSignature
 # This stuff is for subjectAltName and issuerAltname.
 # Import the email address.
 # subjectAltName=email:copy
 subjectAltName=$ENV::KEY_ALTNAMES
 # Copy subject details
 # issuerAltName=issuer:copy
 #nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
 #nsBaseUrl
 #nsRevocationUrl
 #nsRenewalUrl
 #nsCaPolicyUrl
 #nsSslServerName
 [ server ]
 # JY ADDED -- Make a cert with nsCertType set to "server"
 basicConstraints=CA:FALSE
 nsCertType			= server
 nsComment			= "Easy-RSA Generated Server Certificate"
 subjectKeyIdentifier=hash
 authorityKeyIdentifier=keyid,issuer:always
 extendedKeyUsage=serverAuth
 keyUsage = digitalSignature, keyEncipherment
 subjectAltName=$ENV::KEY_ALTNAMES
 [ v3_req ]
 # Extensions to add to a certificate request
 basicConstraints = CA:FALSE
 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 [ v3_ca ]
 # Extensions for a typical CA
 # PKIX recommendation.
 subjectKeyIdentifier=hash
 authorityKeyIdentifier=keyid:always,issuer:always
 # This is what PKIX recommends but some broken software chokes on critical
 # extensions.
 #basicConstraints = critical,CA:true
 # So we do this instead.
 basicConstraints = CA:true
 # Key usage: this is typical for a CA certificate. However since it will
 # prevent it being used as an test self-signed certificate it is best
 # left out by default.
 # keyUsage = cRLSign, keyCertSign
 # Some might want this also
 # nsCertType = sslCA, emailCA
 # Include email address in subject alt name: another PKIX recommendation
 # subjectAltName=email:copy
 # Copy issuer details
 # issuerAltName=issuer:copy
 # DER hex encoding of an extension: beware experts only!
 # obj=DER:02:03
 # Where 'obj' is a standard or added object
 # You can even override a supported extension:
 # basicConstraints= critical, DER:30:03:01:01:FF
 [ crl_ext ]
 # CRL extensions.
 # Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
 # issuerAltName=issuer:copy
 authorityKeyIdentifier=keyid:always,issuer:always
 [ engine_section ]
 #
 # If you are using PKCS#11
 # Install engine_pkcs11 of opensc (www.opensc.org)
 # And uncomment the following
 # verify that dynamic_path points to the correct location
 #
 #pkcs11 = pkcs11_section
 [ pkcs11_section ]
 engine_id = pkcs11
 dynamic_path = /usr/lib/engines/engine_pkcs11.so
 MODULE_PATH = $ENV::PKCS11_MODULE_PATH
 PIN = $ENV::PKCS11_PIN
 init = 0
--- a/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/openssl-1.0.0.cnf
+++ b/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/openssl-1.0.0.cnf
@ -0,0 +1,290 @@
 # For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
 # This definition stops the following lines choking if HOME isn't
 # defined.
 HOME			= .
 RANDFILE		= $ENV::HOME/.rnd
 openssl_conf		= openssl_init
 [ openssl_init ]
 # Extra OBJECT IDENTIFIER info:
 #oid_file		= $ENV::HOME/.oid
 oid_section		= new_oids
 engines			= engine_section
 # To use this configuration file with the "-extfile" option of the
 # "openssl x509" utility, name here the section containing the
 # X.509v3 extensions to use:
 # extensions		=
 # (Alternatively, use a configuration file that has only
 # X.509v3 extensions in its main [= default] section.)
 [ new_oids ]
 # We can add new OIDs in here for use by 'ca' and 'req'.
 # Add a simple OID like this:
 # testoid1=1.2.3.4
 # Or use config file substitution like this:
 # testoid2=${testoid1}.5.6
 ####################################################################
 [ ca ]
 default_ca	= CA_default		# The default ca section
 ####################################################################
 [ CA_default ]
 dir		= $ENV::KEY_DIR		# Where everything is kept
 certs		= $dir			# Where the issued certs are kept
 crl_dir		= $dir			# Where the issued crl are kept
 database	= $dir/index.txt	# database index file.
 new_certs_dir	= $dir			# default place for new certs.
 certificate	= $dir/ca.crt	 	# The CA certificate
 serial		= $dir/serial 		# The current serial number
 crl		= $dir/crl.pem 		# The current CRL
 private_key	= $dir/ca.key		# The private key
 RANDFILE	= $dir/.rand		# private random number file
 x509_extensions	= usr_cert		# The extentions to add to the cert
 # Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
 # so this is commented out by default to leave a V1 CRL.
 # crl_extensions	= crl_ext
 #default_days	= 3650			# how long to certify for
 default_days   = 11688
 #default_crl_days= 30			# how long before next CRL
 default_crl_days   = 11688
 default_md	= sha256		# use public key default MD
 preserve	= no			# keep passed DN ordering
 # A few difference way of specifying how similar the request should look
 # For type CA, the listed attributes must be the same, and the optional
 # and supplied fields are just that :-)
 policy		= policy_anything
 # For the CA policy
 [ policy_match ]
 countryName		= match
 stateOrProvinceName	= match
 organizationName	= match
 organizationalUnitName	= optional
 commonName		= supplied
 name			= optional
 emailAddress		= optional
 # For the 'anything' policy
 # At this point in time, you must list all acceptable 'object'
 # types.
 [ policy_anything ]
 countryName		= optional
 stateOrProvinceName	= optional
 localityName		= optional
 organizationName	= optional
 organizationalUnitName	= optional
 commonName		= supplied
 name			= optional
 emailAddress		= optional
 ####################################################################
 [ req ]
 default_bits		= $ENV::KEY_SIZE
 default_keyfile 	= privkey.pem
 default_md		= sha256
 distinguished_name	= req_distinguished_name
 attributes		= req_attributes
 x509_extensions	= v3_ca	# The extentions to add to the self signed cert
 # Passwords for private keys if not present they will be prompted for
 # input_password = secret
 # output_password = secret
 # This sets a mask for permitted string types. There are several options.
 # default: PrintableString, T61String, BMPString.
 # pkix	 : PrintableString, BMPString (PKIX recommendation after 2004).
 # utf8only: only UTF8Strings (PKIX recommendation after 2004).
 # nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
 # MASK:XXXX a literal mask value.
 string_mask = nombstr
 # req_extensions = v3_req # The extensions to add to a certificate request
 [ req_distinguished_name ]
 countryName			= Country Name (2 letter code)
 countryName_default		= $ENV::KEY_COUNTRY
 countryName_min			= 2
 countryName_max			= 2
 stateOrProvinceName		= State or Province Name (full name)
 stateOrProvinceName_default	= $ENV::KEY_PROVINCE
 localityName			= Locality Name (eg, city)
 localityName_default		= $ENV::KEY_CITY
 0.organizationName		= Organization Name (eg, company)
 0.organizationName_default	= $ENV::KEY_ORG
 # we can do this but it is not needed normally :-)
 #1.organizationName		= Second Organization Name (eg, company)
 #1.organizationName_default	= World Wide Web Pty Ltd
 organizationalUnitName		= Organizational Unit Name (eg, section)
 #organizationalUnitName_default	=
 commonName			= Common Name (eg, your name or your server\'s hostname)
 commonName_max			= 64
 name				= Name
 name_max			= 64
 emailAddress			= Email Address
 emailAddress_default		= $ENV::KEY_EMAIL
 emailAddress_max		= 40
 # JY -- added for batch mode
 organizationalUnitName_default = $ENV::KEY_OU
 commonName_default = $ENV::KEY_CN
 name_default = $ENV::KEY_NAME
 # SET-ex3			= SET extension number 3
 [ req_attributes ]
 challengePassword		= A challenge password
 challengePassword_min		= 4
 challengePassword_max		= 20
 unstructuredName		= An optional company name
 [ usr_cert ]
 # These extensions are added when 'ca' signs a request.
 # This goes against PKIX guidelines but some CAs do it and some software
 # requires this to avoid interpreting an end user certificate as a CA.
 basicConstraints=CA:FALSE
 # Here are some examples of the usage of nsCertType. If it is omitted
 # the certificate can be used for anything *except* object signing.
 # This is OK for an SSL server.
 # nsCertType			= server
 # For an object signing certificate this would be used.
 # nsCertType = objsign
 # For normal client use this is typical
 # nsCertType = client, email
 # and for everything including object signing:
 # nsCertType = client, email, objsign
 # This is typical in keyUsage for a client certificate.
 # keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 # This will be displayed in Netscape's comment listbox.
 nsComment			= "Easy-RSA Generated Certificate"
 # PKIX recommendations harmless if included in all certificates.
 subjectKeyIdentifier=hash
 authorityKeyIdentifier=keyid,issuer:always
 extendedKeyUsage=clientAuth
 keyUsage = digitalSignature
 # This stuff is for subjectAltName and issuerAltname.
 # Import the email address.
 # subjectAltName=email:copy
 subjectAltName=$ENV::KEY_ALTNAMES
 # Copy subject details
 # issuerAltName=issuer:copy
 #nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
 #nsBaseUrl
 #nsRevocationUrl
 #nsRenewalUrl
 #nsCaPolicyUrl
 #nsSslServerName
 [ server ]
 # JY ADDED -- Make a cert with nsCertType set to "server"
 basicConstraints=CA:FALSE
 nsCertType                     = server
 nsComment                      = "Easy-RSA Generated Server Certificate"
 subjectKeyIdentifier=hash
 authorityKeyIdentifier=keyid,issuer:always
 extendedKeyUsage=serverAuth
 keyUsage = digitalSignature, keyEncipherment
 subjectAltName=$ENV::KEY_ALTNAMES
 [ v3_req ]
 # Extensions to add to a certificate request
 basicConstraints = CA:FALSE
 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 [ v3_ca ]
 # Extensions for a typical CA
 # PKIX recommendation.
 subjectKeyIdentifier=hash
 authorityKeyIdentifier=keyid:always,issuer:always
 # This is what PKIX recommends but some broken software chokes on critical
 # extensions.
 #basicConstraints = critical,CA:true
 # So we do this instead.
 basicConstraints = CA:true
 # Key usage: this is typical for a CA certificate. However since it will
 # prevent it being used as an test self-signed certificate it is best
 # left out by default.
 # keyUsage = cRLSign, keyCertSign
 # Some might want this also
 # nsCertType = sslCA, emailCA
 # Include email address in subject alt name: another PKIX recommendation
 # subjectAltName=email:copy
 # Copy issuer details
 # issuerAltName=issuer:copy
 # DER hex encoding of an extension: beware experts only!
 # obj=DER:02:03
 # Where 'obj' is a standard or added object
 # You can even override a supported extension:
 # basicConstraints= critical, DER:30:03:01:01:FF
 [ crl_ext ]
 # CRL extensions.
 # Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
 # issuerAltName=issuer:copy
 authorityKeyIdentifier=keyid:always,issuer:always
 [ engine_section ]
 #
 # If you are using PKCS#11
 # Install engine_pkcs11 of opensc (www.opensc.org)
 # And uncomment the following
 # verify that dynamic_path points to the correct location
 #
 #pkcs11 = pkcs11_section
 [ pkcs11_section ]
 engine_id = pkcs11
 dynamic_path = /usr/lib/engines/engine_pkcs11.so
 MODULE_PATH = $ENV::PKCS11_MODULE_PATH
 PIN = $ENV::PKCS11_PIN
 init = 0
--- a/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/openssl-1.0.0.cnf.ORIG
+++ b/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/openssl-1.0.0.cnf.ORIG
@ -0,0 +1,288 @@
 # For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
 # This definition stops the following lines choking if HOME isn't
 # defined.
 HOME			= .
 RANDFILE		= $ENV::HOME/.rnd
 openssl_conf		= openssl_init
 [ openssl_init ]
 # Extra OBJECT IDENTIFIER info:
 #oid_file		= $ENV::HOME/.oid
 oid_section		= new_oids
 engines			= engine_section
 # To use this configuration file with the "-extfile" option of the
 # "openssl x509" utility, name here the section containing the
 # X.509v3 extensions to use:
 # extensions		=
 # (Alternatively, use a configuration file that has only
 # X.509v3 extensions in its main [= default] section.)
 [ new_oids ]
 # We can add new OIDs in here for use by 'ca' and 'req'.
 # Add a simple OID like this:
 # testoid1=1.2.3.4
 # Or use config file substitution like this:
 # testoid2=${testoid1}.5.6
 ####################################################################
 [ ca ]
 default_ca	= CA_default		# The default ca section
 ####################################################################
 [ CA_default ]
 dir		= $ENV::KEY_DIR		# Where everything is kept
 certs		= $dir			# Where the issued certs are kept
 crl_dir		= $dir			# Where the issued crl are kept
 database	= $dir/index.txt	# database index file.
 new_certs_dir	= $dir			# default place for new certs.
 certificate	= $dir/ca.crt	 	# The CA certificate
 serial		= $dir/serial 		# The current serial number
 crl		= $dir/crl.pem 		# The current CRL
 private_key	= $dir/ca.key		# The private key
 RANDFILE	= $dir/.rand		# private random number file
 x509_extensions	= usr_cert		# The extentions to add to the cert
 # Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
 # so this is commented out by default to leave a V1 CRL.
 # crl_extensions	= crl_ext
 default_days	= 3650			# how long to certify for
 default_crl_days= 30			# how long before next CRL
 default_md	= sha256		# use public key default MD
 preserve	= no			# keep passed DN ordering
 # A few difference way of specifying how similar the request should look
 # For type CA, the listed attributes must be the same, and the optional
 # and supplied fields are just that :-)
 policy		= policy_anything
 # For the CA policy
 [ policy_match ]
 countryName		= match
 stateOrProvinceName	= match
 organizationName	= match
 organizationalUnitName	= optional
 commonName		= supplied
 name			= optional
 emailAddress		= optional
 # For the 'anything' policy
 # At this point in time, you must list all acceptable 'object'
 # types.
 [ policy_anything ]
 countryName		= optional
 stateOrProvinceName	= optional
 localityName		= optional
 organizationName	= optional
 organizationalUnitName	= optional
 commonName		= supplied
 name			= optional
 emailAddress		= optional
 ####################################################################
 [ req ]
 default_bits		= $ENV::KEY_SIZE
 default_keyfile 	= privkey.pem
 default_md		= sha256
 distinguished_name	= req_distinguished_name
 attributes		= req_attributes
 x509_extensions	= v3_ca	# The extentions to add to the self signed cert
 # Passwords for private keys if not present they will be prompted for
 # input_password = secret
 # output_password = secret
 # This sets a mask for permitted string types. There are several options.
 # default: PrintableString, T61String, BMPString.
 # pkix	 : PrintableString, BMPString (PKIX recommendation after 2004).
 # utf8only: only UTF8Strings (PKIX recommendation after 2004).
 # nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
 # MASK:XXXX a literal mask value.
 string_mask = nombstr
 # req_extensions = v3_req # The extensions to add to a certificate request
 [ req_distinguished_name ]
 countryName			= Country Name (2 letter code)
 countryName_default		= $ENV::KEY_COUNTRY
 countryName_min			= 2
 countryName_max			= 2
 stateOrProvinceName		= State or Province Name (full name)
 stateOrProvinceName_default	= $ENV::KEY_PROVINCE
 localityName			= Locality Name (eg, city)
 localityName_default		= $ENV::KEY_CITY
 0.organizationName		= Organization Name (eg, company)
 0.organizationName_default	= $ENV::KEY_ORG
 # we can do this but it is not needed normally :-)
 #1.organizationName		= Second Organization Name (eg, company)
 #1.organizationName_default	= World Wide Web Pty Ltd
 organizationalUnitName		= Organizational Unit Name (eg, section)
 #organizationalUnitName_default	=
 commonName			= Common Name (eg, your name or your server\'s hostname)
 commonName_max			= 64
 name				= Name
 name_max			= 64
 emailAddress			= Email Address
 emailAddress_default		= $ENV::KEY_EMAIL
 emailAddress_max		= 40
 # JY -- added for batch mode
 organizationalUnitName_default = $ENV::KEY_OU
 commonName_default = $ENV::KEY_CN
 name_default = $ENV::KEY_NAME
 # SET-ex3			= SET extension number 3
 [ req_attributes ]
 challengePassword		= A challenge password
 challengePassword_min		= 4
 challengePassword_max		= 20
 unstructuredName		= An optional company name
 [ usr_cert ]
 # These extensions are added when 'ca' signs a request.
 # This goes against PKIX guidelines but some CAs do it and some software
 # requires this to avoid interpreting an end user certificate as a CA.
 basicConstraints=CA:FALSE
 # Here are some examples of the usage of nsCertType. If it is omitted
 # the certificate can be used for anything *except* object signing.
 # This is OK for an SSL server.
 # nsCertType			= server
 # For an object signing certificate this would be used.
 # nsCertType = objsign
 # For normal client use this is typical
 # nsCertType = client, email
 # and for everything including object signing:
 # nsCertType = client, email, objsign
 # This is typical in keyUsage for a client certificate.
 # keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 # This will be displayed in Netscape's comment listbox.
 nsComment			= "Easy-RSA Generated Certificate"
 # PKIX recommendations harmless if included in all certificates.
 subjectKeyIdentifier=hash
 authorityKeyIdentifier=keyid,issuer:always
 extendedKeyUsage=clientAuth
 keyUsage = digitalSignature
 # This stuff is for subjectAltName and issuerAltname.
 # Import the email address.
 # subjectAltName=email:copy
 subjectAltName=$ENV::KEY_ALTNAMES
 # Copy subject details
 # issuerAltName=issuer:copy
 #nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
 #nsBaseUrl
 #nsRevocationUrl
 #nsRenewalUrl
 #nsCaPolicyUrl
 #nsSslServerName
 [ server ]
 # JY ADDED -- Make a cert with nsCertType set to "server"
 basicConstraints=CA:FALSE
 nsCertType                     = server
 nsComment                      = "Easy-RSA Generated Server Certificate"
 subjectKeyIdentifier=hash
 authorityKeyIdentifier=keyid,issuer:always
 extendedKeyUsage=serverAuth
 keyUsage = digitalSignature, keyEncipherment
 subjectAltName=$ENV::KEY_ALTNAMES
 [ v3_req ]
 # Extensions to add to a certificate request
 basicConstraints = CA:FALSE
 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 [ v3_ca ]
 # Extensions for a typical CA
 # PKIX recommendation.
 subjectKeyIdentifier=hash
 authorityKeyIdentifier=keyid:always,issuer:always
 # This is what PKIX recommends but some broken software chokes on critical
 # extensions.
 #basicConstraints = critical,CA:true
 # So we do this instead.
 basicConstraints = CA:true
 # Key usage: this is typical for a CA certificate. However since it will
 # prevent it being used as an test self-signed certificate it is best
 # left out by default.
 # keyUsage = cRLSign, keyCertSign
 # Some might want this also
 # nsCertType = sslCA, emailCA
 # Include email address in subject alt name: another PKIX recommendation
 # subjectAltName=email:copy
 # Copy issuer details
 # issuerAltName=issuer:copy
 # DER hex encoding of an extension: beware experts only!
 # obj=DER:02:03
 # Where 'obj' is a standard or added object
 # You can even override a supported extension:
 # basicConstraints= critical, DER:30:03:01:01:FF
 [ crl_ext ]
 # CRL extensions.
 # Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
 # issuerAltName=issuer:copy
 authorityKeyIdentifier=keyid:always,issuer:always
 [ engine_section ]
 #
 # If you are using PKCS#11
 # Install engine_pkcs11 of opensc (www.opensc.org)
 # And uncomment the following
 # verify that dynamic_path points to the correct location
 #
 #pkcs11 = pkcs11_section
 [ pkcs11_section ]
 engine_id = pkcs11
 dynamic_path = /usr/lib/engines/engine_pkcs11.so
 MODULE_PATH = $ENV::PKCS11_MODULE_PATH
 PIN = $ENV::PKCS11_PIN
 init = 0
--- a/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/openssl.cnf
+++ b/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/openssl.cnf
@ -0,0 +1 @@
 /etc/openvpn/gw-ckubu/easy-rsa/openssl-1.0.0.cnf
--- a/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/pkitool
+++ b/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/pkitool
@ -0,0 +1 @@
 /usr/share/easy-rsa/pkitool
--- a/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/revoke-full
+++ b/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/revoke-full
@ -0,0 +1 @@
 /usr/share/easy-rsa/revoke-full
--- a/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/sign-req
+++ b/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/sign-req
@ -0,0 +1 @@
 /usr/share/easy-rsa/sign-req
--- a/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/vars
+++ b/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/vars
@ -0,0 +1,96 @@
 # easy-rsa parameter settings
 # NOTE: If you installed from an RPM,
 # don't edit this file in place in
 # /usr/share/openvpn/easy-rsa --
 # instead, you should copy the whole
 # easy-rsa directory to another location
 # (such as /etc/openvpn) so that your
 # edits will not be wiped out by a future
 # OpenVPN package upgrade.
 # This variable should point to
 # the top level of the easy-rsa
 # tree.
 ##export EASY_RSA="`pwd`"
 export BASE_DIR="/etc/openvpn/gw-ckubu"
 export EASY_RSA="$BASE_DIR/easy-rsa"
 #
 # This variable should point to
 # the requested executables
 #
 export OPENSSL="openssl"
 export PKCS11TOOL="pkcs11-tool"
 export GREP="grep"
 # This variable should point to
 # the openssl.cnf file included
 # with easy-rsa.
 export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
 # Edit this variable to point to
 # your soon-to-be-created key
 # directory.
 #
 # WARNING: clean-all will do
 # a rm -rf on this directory
 # so make sure you define
 # it correctly!
 ##export KEY_DIR="$EASY_RSA/keys"
 export KEY_DIR="$BASE_DIR/keys"
 # Issue rm -rf warning
 echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
 # PKCS11 fixes
 export PKCS11_MODULE_PATH="dummy"
 export PKCS11_PIN="dummy"
 # Increase this to 2048 if you
 # are paranoid.  This will slow
 # down TLS negotiation performance
 # as well as the one-time DH parms
 # generation process.
 ##export KEY_SIZE=2048
 export KEY_SIZE=4096
 # In how many days should the root CA key expire?
 ##export CA_EXPIRE=3650
 export CA_EXPIRE=11688
 # In how many days should certificates expire?
 ##export KEY_EXPIRE=3650
 export KEY_EXPIRE=7305
 # These are the default values for fields
 # which will be placed in the certificate.
 # Don't leave any of these fields blank.
 ##export KEY_COUNTRY="US"
 export KEY_COUNTRY="DE"
 ##export KEY_PROVINCE="CA"
 export KEY_PROVINCE="Berlin"
 ##export KEY_CITY="SanFrancisco"
 export KEY_CITY="Berlin"
 ##export KEY_ORG="Fort-Funston"
 export KEY_ORG="o.open"
 ##export KEY_EMAIL="me@myhost.mydomain"
 export KEY_EMAIL="argus@oopen.de"
 ##export KEY_OU="MyOrganizationalUnit"
 export KEY_OU="Network Services"
 # X509 Subject Field
 ##export KEY_NAME="EasyRSA"
 export KEY_NAME="VPN BLKR"
 # PKCS11 Smart Card
 # export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
 # export PKCS11_PIN=1234
 # If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
 # You will also need to make sure your OpenVPN server config has the duplicate-cn option set
 ## export KEY_CN="CommonName"
 export KEY_CN="VPN-BLKR"
 export KEY_ALTNAMES="VPN-BLKR"
--- a/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/vars.2018-10-14-2324
+++ b/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/vars.2018-10-14-2324
@ -0,0 +1,80 @@
 # easy-rsa parameter settings
 # NOTE: If you installed from an RPM,
 # don't edit this file in place in
 # /usr/share/openvpn/easy-rsa --
 # instead, you should copy the whole
 # easy-rsa directory to another location
 # (such as /etc/openvpn) so that your
 # edits will not be wiped out by a future
 # OpenVPN package upgrade.
 # This variable should point to
 # the top level of the easy-rsa
 # tree.
 export EASY_RSA="`pwd`"
 #
 # This variable should point to
 # the requested executables
 #
 export OPENSSL="openssl"
 export PKCS11TOOL="pkcs11-tool"
 export GREP="grep"
 # This variable should point to
 # the openssl.cnf file included
 # with easy-rsa.
 export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
 # Edit this variable to point to
 # your soon-to-be-created key
 # directory.
 #
 # WARNING: clean-all will do
 # a rm -rf on this directory
 # so make sure you define
 # it correctly!
 export KEY_DIR="$EASY_RSA/keys"
 # Issue rm -rf warning
 echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
 # PKCS11 fixes
 export PKCS11_MODULE_PATH="dummy"
 export PKCS11_PIN="dummy"
 # Increase this to 2048 if you
 # are paranoid.  This will slow
 # down TLS negotiation performance
 # as well as the one-time DH parms
 # generation process.
 export KEY_SIZE=2048
 # In how many days should the root CA key expire?
 export CA_EXPIRE=3650
 # In how many days should certificates expire?
 export KEY_EXPIRE=3650
 # These are the default values for fields
 # which will be placed in the certificate.
 # Don't leave any of these fields blank.
 export KEY_COUNTRY="US"
 export KEY_PROVINCE="CA"
 export KEY_CITY="SanFrancisco"
 export KEY_ORG="Fort-Funston"
 export KEY_EMAIL="me@myhost.mydomain"
 export KEY_OU="MyOrganizationalUnit"
 # X509 Subject Field
 export KEY_NAME="EasyRSA"
 # PKCS11 Smart Card
 # export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
 # export PKCS11_PIN=1234
 # If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
 # You will also need to make sure your OpenVPN server config has the duplicate-cn option set
 # export KEY_CN="CommonName"
--- a/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/whichopensslcnf
+++ b/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/whichopensslcnf
@ -0,0 +1 @@
 /usr/share/easy-rsa/whichopensslcnf
--- a/BLKR/openvpn/gw-ckubu/easy-rsa/build-ca
+++ b/BLKR/openvpn/gw-ckubu/easy-rsa/build-ca
@ -0,0 +1 @@
 /usr/share/easy-rsa/build-ca
--- a/BLKR/openvpn/gw-ckubu/easy-rsa/build-dh
+++ b/BLKR/openvpn/gw-ckubu/easy-rsa/build-dh
@ -0,0 +1 @@
 /usr/share/easy-rsa/build-dh
--- a/BLKR/openvpn/gw-ckubu/easy-rsa/build-inter
+++ b/BLKR/openvpn/gw-ckubu/easy-rsa/build-inter
@ -0,0 +1 @@
 /usr/share/easy-rsa/build-inter
--- a/BLKR/openvpn/gw-ckubu/easy-rsa/build-key
+++ b/BLKR/openvpn/gw-ckubu/easy-rsa/build-key
@ -0,0 +1 @@
 /usr/share/easy-rsa/build-key
--- a/BLKR/openvpn/gw-ckubu/easy-rsa/build-key-pass
+++ b/BLKR/openvpn/gw-ckubu/easy-rsa/build-key-pass
@ -0,0 +1 @@
 /usr/share/easy-rsa/build-key-pass
--- a/BLKR/openvpn/gw-ckubu/easy-rsa/build-key-pkcs12
+++ b/BLKR/openvpn/gw-ckubu/easy-rsa/build-key-pkcs12
@ -0,0 +1 @@
 /usr/share/easy-rsa/build-key-pkcs12
--- a/BLKR/openvpn/gw-ckubu/easy-rsa/build-key-server
+++ b/BLKR/openvpn/gw-ckubu/easy-rsa/build-key-server
@ -0,0 +1 @@
 /usr/share/easy-rsa/build-key-server
--- a/BLKR/openvpn/gw-ckubu/easy-rsa/build-req
+++ b/BLKR/openvpn/gw-ckubu/easy-rsa/build-req
@ -0,0 +1 @@
 /usr/share/easy-rsa/build-req
--- a/BLKR/openvpn/gw-ckubu/easy-rsa/build-req-pass
+++ b/BLKR/openvpn/gw-ckubu/easy-rsa/build-req-pass
@ -0,0 +1 @@
 /usr/share/easy-rsa/build-req-pass
--- a/BLKR/openvpn/gw-ckubu/easy-rsa/clean-all
+++ b/BLKR/openvpn/gw-ckubu/easy-rsa/clean-all
@ -0,0 +1 @@
 /usr/share/easy-rsa/clean-all
--- a/BLKR/openvpn/gw-ckubu/easy-rsa/inherit-inter
+++ b/BLKR/openvpn/gw-ckubu/easy-rsa/inherit-inter
@ -0,0 +1 @@
 /usr/share/easy-rsa/inherit-inter
--- a/Show More
+++ b/Show More
		`@ -1 +1 @@`
			`Subproject commit 8d81bd8667f74cf7f7cc1c521b52eab0e7c4b034`				`Subproject commit d9eb23578987cb722b175a59bdab9b36e2e1316f`
		`@ -1 +1 @@`
			`Subproject commit b5fb1f7b3a421a24388ba6b25a3e5d58591ae7fe`				`Subproject commit 06b975094a3a3192070a996e5f03be38b23fa14d`
		`@ -1 +0,0 @@`
			`Subproject commit f66029fe95ffc2010b0d3e435dbebf9ef7b7f849`
		`@ -0,0 +1 @@`
							`Subproject commit b497e297553ef92ccc80cfb774fa4a6f90284dc1`
		`@ -0,0 +1 @@`
							`/etc/openvpn/blkr/easy-rsa/openssl-1.0.0.cnf`
		`@ -0,0 +1,2 @@`
							`V 381014212317Z 01 unknown /C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-BLKR-server/name=VPN BLKR/emailAddress=argus@oopen.de`
							`V 381014223655Z 02 unknown /C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-BLKR-chris/name=VPN BLKR/emailAddress=argus@oopen.de`
		`@ -0,0 +1 @@`
							`/etc/openvpn/gw-ckubu/easy-rsa/openssl-1.0.0.cnf`