Update netweork 'BLKR'.

2018-10-15 01:04:40 +02:00 · 2018-10-15 01:04:40 +02:00 · 7e2e43ffe7
commit 7e2e43ffe7
parent 27de2ec9b6
248 changed files with 38711 additions and 11 deletions
--- a/BLKR/README.txt
+++ b/BLKR/README.txt
@ -1,5 +1,8 @@

+-------
 Notice:
+-------
+
   You have to change some configuration files becaus the because
   the configuration of network interfaces must not be equal.

@ -17,9 +20,9 @@ Notice:


   So you have to change the following files
-      dsl-provider.ANW-KM: ppp0 comes over eth2
-      interfaces.ANW-KM: see above
-      default_isc-dhcp-server.ANW-KM
-      ipt-firewall.ANW-KM: LAN device (mostly ) = eth1
+      dsl-provider.BLKR: ppp0 comes over eth2
+      interfaces.BLKR: see above
+      default_isc-dhcp-server.BLKR
+      ipt-firewall.BLKR: LAN device (mostly ) = eth1
      second LAN WLAN or what ever (if present) = eth0
         
--- a/BLKR/aiccu.BLKR
+++ b/BLKR/aiccu.BLKR
@ -0,0 +1,11 @@
+# This is a configuration file for /etc/init.d/aiccu; it allows you to
+# perform common modifications to the behavior of the aiccu daemon
+# startup without editing the init script (and thus getting prompted
+# by dpkg on upgrades).  We all love dpkg prompts.
+
+# Arguments to pass to aiccu daemon.
+DAEMON_ARGS=""
+
+# Run aiccu at startup ?
+AICCU_ENABLED=Yes
+
--- a/BLKR/aiccu.conf.BLKR
+++ b/BLKR/aiccu.conf.BLKR
@ -0,0 +1,79 @@
+# Under control from debconf, please use 'dpkg-reconfigure aiccu' to reconfigure
+# AICCU Configuration
+
+# Login information (defaults: none)
+username CKM11-SIXXS
+password zLkJIZF0
+
+# Protocol and server to use for setting up the tunnel (defaults: none)
+protocol tic
+server tic.sixxs.net
+
+# Interface names to use (default: aiccu)
+# ipv6_interface is the name of the interface that will be used as a tunnel interface.
+# On *BSD the ipv6_interface should be set to gifX (eg gif0) for proto-41 tunnels
+# or tunX (eg tun0) for AYIYA tunnels.
+ipv6_interface sixxs
+
+# The tunnel_id to use (default: none)
+# (only required when there are multiple tunnels in the list)
+tunnel_id T129038
+
+# Be verbose? (default: false)
+#verbose false
+
+# Daemonize? (default: true)
+# Set to false if you want to see any output
+# When true output goes to syslog
+#
+# WARNING: never run AICCU from DaemonTools or a similar automated
+# 'restart' tool/script. When AICCU does not start, it has a reason
+# not to start which it gives on either the stdout or in the (sys)log
+# file. The TIC server *will* automatically disable accounts which
+# are detected to run in this mode.
+#
+daemonize true
+
+# Automatic Login and Tunnel activation?
+automatic true
+
+# Require TLS?
+# When set to true, if TLS is not supported on the server
+# the TIC transaction will fail.
+# When set to false, it will try a starttls, when that is
+# not supported it will continue.
+# In any case if AICCU is build with TLS support it will
+# try to do a 'starttls' to the TIC server to see if that
+# is supported.
+requiretls false
+
+# PID File
+#pidfile /var/run/aiccu.pid
+
+# Add a default route (default: true)
+#defaultroute true
+
+# Script to run after setting up the interfaces (default: none)
+#setupscript /usr/local/etc/aiccu-subnets.sh
+
+# Make heartbeats (default true)
+# In general you don't want to turn this off
+# Of course only applies to AYIYA and heartbeat tunnels not to static ones
+#makebeats true
+
+# Don't configure anything (default: false)
+#noconfigure true
+
+# Behind NAT (default: false)
+# Notify the user that a NAT-kind network is detected
+#behindnat true
+
+# Local IPv4 Override (default: none)
+# Overrides the IPv4 parameter received from TIC
+# This allows one to configure a NAT into "DMZ" mode and then
+# forwarding the proto-41 packets to an internal host.
+# 
+# This is only needed for static proto-41 tunnels!
+# AYIYA and heartbeat tunnels don't require this.
+#local_ipv4_override
+
--- a/BLKR/bin/admin-stuff
+++ b/BLKR/bin/admin-stuff
@ -1 +1 @@
-Subproject commit 8d81bd8667f74cf7f7cc1c521b52eab0e7c4b034
+Subproject commit d9eb23578987cb722b175a59bdab9b36e2e1316f
--- a/BLKR/bin/manage-gw-config
+++ b/BLKR/bin/manage-gw-config
@ -1 +1 @@
-Subproject commit b5fb1f7b3a421a24388ba6b25a3e5d58591ae7fe
+Subproject commit 06b975094a3a3192070a996e5f03be38b23fa14d
--- a/BLKR/bin/monitoring
+++ b/BLKR/bin/monitoring
@ -1 +0,0 @@
-Subproject commit f66029fe95ffc2010b0d3e435dbebf9ef7b7f849
--- a/BLKR/bin/postfix
+++ b/BLKR/bin/postfix
@ -0,0 +1 @@
+Subproject commit b497e297553ef92ccc80cfb774fa4a6f90284dc1
--- a/BLKR/chap-secrets.BLKR
+++ b/BLKR/chap-secrets.BLKR
@ -0,0 +1,51 @@
+# Secrets for authentication using CHAP
+# client	server	secret			IP addresses
+
+
+## - Aktionsbuendnis
+"feste-ip9/1TBGC27CYX92@t-online-com.de" * "7FbmJz7L"
+
+## - Anwaltskanzlei - Karl-Marx_Strasse (anw-km)
+"0017005041965502052728690001@t-online.de" * "62812971"
+
+## - Anwaltskanzlei - Urbanstrasse (anw-urb)
+"0019673090265502751343110001@t-online.de" * "85593499"
+
+## - B3 Bornim
+"t-online-com/8TB0LIXKXV82@t-online-com.de" * "38460707"
+
+## - Fluechlingsrat BRB
+"0022044435885511150351780001@t-online.de" * "27475004"
+
+## - Jonas
+"0023866648325511093506040001@t-online.de" * "13635448"
+
+## - Kanzlei Kiel
+## - DSL
+"ar0284280107" * "39457541"
+## - VDSL
+"ab3391185321" * "jhecfmvk"
+
+## - MBR Berlin
+## - DSL
+"0019507524965100021004430001@t-online.de" * "76695918"
+## - VDSL
+"0029741693695511193970180001@t-online.de" * "84616024"
+
+## - Opferperspektive
+"feste-ip3/6TB9UZGGP1GK@t-online-com.de" * "53506202"
+
+## - ReachOut Berlin
+## - first (primary) line
+"ar2667509237" * "93925410"
+## - second line
+"ar1435496252" * "93925410"
+
+## - Sprachenatelier Berlin
+"0021920376975502683262730001@t-online.de" * "52167784"
+
+## - Warenform
+"feste-ip4/7TB02K2HZ4Q3@t-online-com.de" * "EadGl15E"
+
+## - ckubu
+"0025591824365511139967620001@t-online.de" * "67982653"
--- a/BLKR/dhcpd6.conf.BLKR
+++ b/BLKR/dhcpd6.conf.BLKR
@ -0,0 +1,102 @@
+# Server configuration file example for DHCPv6
+# From the file used for TAHI tests - addresses chosen
+# to match TAHI rather than example block.
+
+# IPv6 address valid lifetime
+#  (at the end the address is no longer usable by the client)
+#  (set to 30 days, the usual IPv6 default)
+default-lease-time 2592000;
+
+# IPv6 address preferred lifetime
+#  (at the end the address is deprecated, i.e., the client should use
+#   other addresses for new connections)
+#  (set to 7 days, the	usual IPv6 default)
+preferred-lifetime 604800;
+
+# T1, the delay before Renew
+#  (default is 1/2 preferred lifetime)
+#  (set to 1 hour)
+option dhcp-renewal-time 3600;
+
+# T2, the delay before Rebind (if Renews failed)
+#  (default is 3/4 preferred lifetime)
+#  (set to 2 hours)
+option dhcp-rebinding-time 7200;
+
+# Enable RFC 5007 support (same than for DHCPv4)
+allow leasequery;
+
+# Global definitions for name server address(es) and domain search list
+option dhcp6.name-servers 3ffe:501:ffff:100:200:ff:fe00:3f3e;
+option dhcp6.domain-search "test.example.com","example.com";
+
+# Set preference to 255 (maximum) in order to avoid waiting for
+# additional servers when there is only one
+##option dhcp6.preference 255;
+
+# Server side command to enable rapid-commit (2 packet exchange)
+##option dhcp6.rapid-commit;
+
+# The delay before information-request refresh
+#  (minimum is 10 minutes, maximum one day, default is to not refresh)
+#  (set to 6 hours)
+option dhcp6.info-refresh-time 21600;
+
+# Static definition (must be global)
+#host myclient {
+#	# The entry is looked up by this
+#	host-identifier option
+#		dhcp6.client-id 00:01:00:01:00:04:93:e0:00:00:00:00:a2:a2;
+#
+#	# A fixed address
+#	fixed-address6 3ffe:501:ffff:100::1234;
+#
+#	# A fixed prefix
+#	fixed-prefix6 3ffe:501:ffff:101::/64;
+#
+#	# Override of the global definitions,
+#	# works only when a resource (address or prefix) is assigned
+#	option dhcp6.name-servers 3ffe:501:ffff:100:200:ff:fe00:4f4e;
+#
+#	# For debug (to see when the entry statements are executed)
+#	#  (log "sol" when a matching Solicitation is received)
+#	##if packet(0,1) = 1 { log(debug,"sol"); }
+#}
+#
+#host otherclient {
+#        # This host entry is hopefully matched if the client supplies a DUID-LL
+#        # or DUID-LLT containing this MAC address.
+#        hardware ethernet 01:00:80:a2:55:67;
+#
+#        fixed-address6 3ffe:501:ffff:100::4321;
+#}
+
+# The subnet where the server is attached
+#  (i.e., the server has an address in this subnet)
+#subnet6 3ffe:501:ffff:100::/64 {
+#	# Two addresses available to clients
+#	#  (the third client should get NoAddrsAvail)
+#	range6 3ffe:501:ffff:100::10 3ffe:501:ffff:100::11;
+#
+#	# Use the whole /64 prefix for temporary addresses
+#	#  (i.e., direct application of RFC 4941)
+#	range6 3ffe:501:ffff:100:: temporary;
+#
+#	# Some /64 prefixes available for Prefix Delegation (RFC 3633)
+#	prefix6 3ffe:501:ffff:100:: 3ffe:501:ffff:111:: /64;
+#}
+
+# A second subnet behind a relay agent
+#subnet6 3ffe:501:ffff:101::/64 {
+#	range6 3ffe:501:ffff:101::10 3ffe:501:ffff:101::11;
+#
+#	# Override of the global definitions,
+#	# works only when a resource (address or prefix) is assigned
+#	option dhcp6.name-servers 3ffe:501:ffff:101:200:ff:fe00:3f3e;
+#
+#}
+
+# A third subnet behind a relay agent chain
+#subnet6 3ffe:501:ffff:102::/64 {
+#	range6 3ffe:501:ffff:102::10 3ffe:501:ffff:102::11;
+#}
--- a/BLKR/email_notice.BLKR
+++ b/BLKR/email_notice.BLKR
@ -0,0 +1,42 @@
+#!/bin/sh
+
+PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11
+
+
+file=/tmp/mail_ip-up$$
+admin_email=argus@oopen.de
+
+from_address=ip-up_`hostname`@oopen.de
+from_name="ip-up - ckubu local net"
+host=`hostname -f`
+
+echo "" > $file
+echo " *************************************************************" >> $file
+echo " *** This is an autogenerated mail from $host ***" >> $file
+echo "" >> $file
+echo " I brought up the ppp-daemon with the following" >> $file
+echo -e " parameters:\n" >> $file
+echo -e "\tInterface name...............: $PPP_IFACE" >> $file
+echo -e "\tThe tty......................: $PPP_TTY" >> $file
+echo -e "\tThe link speed...............: $PPP_SPEED" >> $file
+echo -e "\tLocal IP number..............: $PPP_LOCAL" >> $file
+echo -e "\tPeer  IP number..............: $PPP_REMOTE" >> $file
+if [ "$USEPEERDNS" ] && [ "$DNS1" ] ; then
+   echo -e "\tNameserver 1.................: $DNS1" >> $file
+   if [ "$DNS2" ] ; then
+      echo -e "\tNameserver 2.................: $DNS2" >> $file
+   fi
+fi
+
+
+echo -e "\tOptional \"ipparam\" value.....: $PPP_IPPARAM" >> $file
+echo "" >> $file
+echo -e "\tDate.........................: `date +\"%d.%m.%Y\"`" >> $file
+echo -e "\tTime.........................: `date +\"%H:%M:%S\"`" >> $file
+echo "" >> $file
+echo " **************************************************************" >> $file
+
+echo -e "To:${admin_email}\nSubject:$PPP_LOCAL\n`cat $file`" | /usr/sbin/sendmail -F "$from_name" -f $from_address $admin_email
+
+rm -f $file
+
--- a/BLKR/igmpproxy.conf.BLKR
+++ b/BLKR/igmpproxy.conf.BLKR
@ -0,0 +1,75 @@
+########################################################
+#
+#   Example configuration file for the IgmpProxy
+#   --------------------------------------------
+#
+#   The configuration file must define one upstream
+#   interface, and one or more downstream interfaces.
+#
+#   If multicast traffic originates outside the
+#   upstream subnet, the "altnet" option can be
+#   used in order to define legal multicast sources.
+#   (Se example...)
+#
+#   The "quickleave" should be used to avoid saturation
+#   of the upstream link. The option should only
+#   be used if it's absolutely nessecary to
+#   accurately imitate just one Client.
+#
+########################################################
+
+##------------------------------------------------------
+## Enable Quickleave mode (Sends Leave instantly)
+##------------------------------------------------------
+quickleave
+
+
+##------------------------------------------------------
+## Configuration for eth0 (Upstream Interface)
+##------------------------------------------------------
+#phyint eth0 upstream  ratelimit 0  threshold 1
+#        altnet 10.0.0.0/8 
+#        altnet 192.168.0.0/24
+##------------------------------------------------------
+## Configuration for ppp0 (Upstream Interface)
+##------------------------------------------------------
+#phyint ppp0 upstream  ratelimit 0  threshold 1
+phyint eth2.8 upstream  ratelimit 0  threshold 1
+        altnet 217.0.119.194/24
+        altnet 193.158.35.0/24;
+        altnet 239.35.100.6/24;
+        altnet 93.230.64.0/19;
+        altnet 192.168.63.0/24;
+        #
+        #altnet 192.168.63.5/32;
+        #altnet 192.168.63.40/32;
+
+
+##------------------------------------------------------
+## Configuration for eth1 (Downstream Interface)
+##------------------------------------------------------
+#phyint br0 downstream  ratelimit 0  threshold 1
+phyint eth1 downstream  ratelimit 0  threshold 1
+        # IP der TV-Box
+        altnet 192.168.63.0/24;
+        #altnet 192.168.63.5/32;
+        #altnet 192.168.63.40/32;
+
+
+##------------------------------------------------------
+## Configuration for eth2 (Disabled Interface)
+##------------------------------------------------------
+#phyint eth2 disabled
+##------------------------------------------------------
+## Configuration for eth2 (Disabled Interface)
+##------------------------------------------------------
+phyint eth0 disabled
+phyint eth2 disabled
+phyint eth2.7 disabled
+phyint eth1:0 disabled
+phyint eth1:wf disabled
+phyint ppp0 disabled
+phyint tun0 disabled
+phyint lo disabled
+
+
--- a/BLKR/interfaces.BLKR
+++ b/BLKR/interfaces.BLKR
@ -62,3 +62,11 @@ iface br0 inet static
 iface eth0 inet manual
 iface wlan0 inet manual

+
+
+auto eth1:rescue
+iface eth1:rescue inet static
+   address 172.16.1.1
+   network 172.16.1.0
+   netmask 255.255.255.0
+   broadcast 172.16.1.255
--- a/BLKR/isc-dhcp6-server.BLKR
+++ b/BLKR/isc-dhcp6-server.BLKR
@ -0,0 +1,116 @@
+#!/bin/sh
+#
+#
+
+### BEGIN INIT INFO
+# Provides:          isc-dhcp6-server
+# Required-Start:    $remote_fs $network $syslog
+# Required-Stop:     $remote_fs $network $syslog
+# Should-Start:      $local_fs slapd $named
+# Should-Stop:       $local_fs slapd
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: DHCPv6 server
+# Description:       Dynamic Host Configuration Protocol Server
+### END INIT INFO
+
+PATH=/sbin:/bin:/usr/sbin:/usr/bin
+OPTIONS="-6"
+
+test -f /usr/sbin/dhcpd || exit 0
+
+DHCPD_DEFAULT="${DHCPD_DEFAULT:-/etc/default/isc-dhcp6-server}"
+
+# It is not safe to start if we don't have a default configuration...
+if [ ! -f "$DHCPD_DEFAULT" ]; then
+	echo "$DHCPD_DEFAULT does not exist! - Aborting..."
+	if [ "$DHCPD_DEFAULT" = "/etc/default/isc-dhcp-server" ]; then
+		echo "Run 'dpkg-reconfigure isc-dhcp-server' to fix the problem."
+	fi
+	exit 0
+fi
+
+. /lib/lsb/init-functions
+
+# Read init script configuration
+[ -f "$DHCPD_DEFAULT" ] && . "$DHCPD_DEFAULT"
+
+NAME=dhcpd6
+DESC="ISC DHCPv6 server"
+# fallback to default config file
+DHCPD_CONF=${DHCPD_CONF:-/etc/dhcp/dhcpd6.conf}
+# try to read pid file name from config file, with fallback to /var/run/dhcpd.pid
+if [ -z "$DHCPD_PID" ]; then
+	DHCPD_PID=$(sed -n -e 's/^[ \t]*pid-file-name[ \t]*"(.*)"[ \t]*;.*$/\1/p' < "$DHCPD_CONF" 2>/dev/null | head -n 1)
+fi
+DHCPD_PID="${DHCPD_PID:-/var/run/dhcpd6.pid}"
+
+test_config()
+{
+	if ! /usr/sbin/dhcpd -t $OPTIONS -q -cf "$DHCPD_CONF" > /dev/null 2>&1; then
+		echo "dhcpd self-test failed. Please fix $DHCPD_CONF."
+		echo "The error was: "
+		/usr/sbin/dhcpd -t $OPTIONS -cf "$DHCPD_CONF"
+		exit 1
+	fi
+}
+
+# single arg is -v for messages, -q for none
+check_status()
+{
+    if [ ! -r "$DHCPD_PID" ]; then
+	test "$1" != -v || echo "$NAME is not running."
+	return 3
+    fi
+    if read pid < "$DHCPD_PID" && ps -p "$pid" > /dev/null 2>&1; then
+	test "$1" != -v || echo "$NAME is running."
+	return 0
+    else
+	test "$1" != -v || echo "$NAME is not running but $DHCPD_PID exists."
+	return 1
+    fi
+}
+
+case "$1" in
+	start)
+		test_config
+		log_daemon_msg "Starting $DESC" "$NAME"
+		start-stop-daemon --start --quiet --pidfile "$DHCPD_PID" \
+			--exec /usr/sbin/dhcpd -- \
+			-q $OPTIONS -cf "$DHCPD_CONF" -pf "$DHCPD_PID" $INTERFACES
+		sleep 2
+
+		if check_status -q; then
+			log_end_msg 0
+		else
+			log_failure_msg "check syslog for diagnostics."
+			log_end_msg 1
+			exit 1
+		fi
+		;;
+	stop)
+		log_daemon_msg "Stopping $DESC" "$NAME"
+		start-stop-daemon --stop --quiet --pidfile "$DHCPD_PID"
+		log_end_msg $?
+		rm -f "$DHCPD_PID"
+		;;
+	restart | force-reload)
+		test_config
+		$0 stop
+		sleep 2
+		$0 start
+		if [ "$?" != "0" ]; then
+			exit 1
+		fi
+		;;
+	status)
+		echo -n "Status of $DESC: "
+		check_status -v
+		exit "$?"
+		;;
+	*)
+		echo "Usage: $0 {start|stop|restart|force-reload|status}"
+		exit 1 
+esac
+
+exit 0
--- a/BLKR/openvpn/blkr/client-configs/chris.conf
+++ b/BLKR/openvpn/blkr/client-configs/chris.conf
@ -0,0 +1,285 @@
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server.     #
+#                                            #
+# This configuration can be used by multiple #
+# clients, however each client should have   #
+# its own cert and key files.                #
+#                                            #
+# On Windows, you might want to rename this  #
+# file so it has a .ovpn extension           #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Are we connecting to a TCP or
+# UDP server?  Use the same setting as
+# on the server
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote gw-blkr.oopen.de 1194
+
+topology subnet
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server.  Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# Server CA
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIG0jCCBLqgAwIBAgIJANQ1kko/1TXWMA0GCSqGSIb3DQEBCwUAMIGgMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczERMA8GA1UEAxMI
+VlBOLUJMS1IxETAPBgNVBCkTCFZQTiBCTEtSMR0wGwYJKoZIhvcNAQkBFg5hcmd1
+c0Bvb3Blbi5kZTAgFw0xODEwMTQxMTI2NTJaGA8yMDUwMTAxNDExMjY1MlowgaAx
+CzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEP
+MA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMREwDwYD
+VQQDEwhWUE4tQkxLUjERMA8GA1UEKRMIVlBOIEJMS1IxHTAbBgkqhkiG9w0BCQEW
+DmFyZ3VzQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA
+0+cJGjlxrQfc0Hb34YJ7o3P+ctVU3jYlwV+XQrF8WFMAJ8w5QvRI4jcplY1MdMwW
+WCUZTuQ1woPbCJ2d53/ZR8RYlvq8XNdRhJmuJofWkEHEUe3YvDeTGumzco06xx+r
+Y/aA7+EI5cRismLTJkrwoIg2CYO/Vc82wTYKyJ2pThR1QAOWQ+WheEuqPAp2LfXI
+3oCGfRxgTe9756+gPzwKBZwGSMNFQjGOTHxqWnoCkQoDgOkOnCzTDcRbRVBAh7Bl
+aZ/yOte1iSyWiU8V/7VaosReizEY2/cCmSrj/p2TVcMPe6B8xBJyHI+6VZRPllEt
+l7zClTRWcp5xo1Ii/yZ+UJxK/PvYUNYt0gmJTJ7tKx05kF1HT/KmrvxV34/GCR9w
+adAteQTPDllMeBb9Wt1PXxcTcRU8MdvTONLXRp+JocfRkUR9ObSy9xdQG/HfTxOZ
+DIzECPa84tyn0nmrIJFkoKccLPJcYT+O0vypmTsVHlDIPai7gqWe5uYdUxba0Cjk
+OvbVZkQVlA/Z8yY/GiOUIfZTdjZFxLPbOWn/h6K+ud6wcjpQ3Y7vRU+FXZ+EQtqy
+GlCDmmDh6A0bIgoNvthk4bDlc2NMwQI/k9rUshe2i3k5rUmxa9KkIPLVdyw7xtvH
+bBTMdb2zlkUld3Gt5tb7g24GGe7Gh8iMdaYVhOPoJpkCAwEAAaOCAQkwggEFMB0G
+A1UdDgQWBBT2d6OZJIK5jYNiovzEe63K1m754jCB1QYDVR0jBIHNMIHKgBT2d6OZ
+JIK5jYNiovzEe63K1m754qGBpqSBozCBoDELMAkGA1UEBhMCREUxDzANBgNVBAgT
+BkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNV
+BAsTEE5ldHdvcmsgU2VydmljZXMxETAPBgNVBAMTCFZQTi1CTEtSMREwDwYDVQQp
+EwhWUE4gQkxLUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDUNZJK
+P9U11jAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQCv2pi832EnyOuH
+N407W6It/8PvmwSpC3/ZSIHt+IEKf2YOkR256J3NsO8/C3SaYNySk4Ew9DwNFVzJ
+vZ4bcoTZsKehcY0zuzJ7onafLvQV549QA8SLA75ydgAYeMEwQtF1Yni5xJYDfA7x
+t4yDNnbSTPjqBq2nLEh0Bv2pzXbPGAR8VyLKj0IKHQ1FMFVoRv+uidTCz5VVZilD
+5ojgljMnTcxwYbYQAtG9XFukxcFsvEltN19xujrJgt84isPAtbGcbI8Y98Fh1BbR
+xTN9o+KCRkneZtseNSWoCIAuLLwJEx+NWQHJXYGzOZAgoopw7G7N4U44VSdwhQSC
+JYgfmkjqW+VMYB/AEXPhXMZFGPyeYTYhugChrf9t3heREZL/JJPHfCkGe1mAQCOm
+xzAbZVgzjE4VKLjdvNvhW2Rosmqym3dCq0wC3xeUsrYPeq8U6r3kpkxrmTbMDnqr
+DIqDbstwbxsmTOXWYqTnNw5PDNdyzC/rL0r0H02FrLiZ+mj3wpD5+jEnicO5cWk+
+GkpKVerSY3EjOWvmkLdRr7AiZqq+D84Aqqh0rvFIuSfSQlcylZ4LEpp66ADCZWiQ
+B+yd54UiGk9/gwgmqJiaPYySWf4BKWxO9f64rdfzChgLplxCX+6wQaAcPYsk0sy9
+IUetobAJBkntkGyb4+NO8Jp4oJbh+g==
+-----END CERTIFICATE-----
+</ca>
+
+# Client Certificate
+<cert>
+-----BEGIN CERTIFICATE-----
+MIIHLjCCBRagAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxETAPBgNVBAMTCFZQTi1CTEtS
+MREwDwYDVQQpEwhWUE4gQkxLUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4u
+ZGUwHhcNMTgxMDE0MjIzNjU1WhcNMzgxMDE0MjIzNjU1WjCBpjELMAkGA1UEBhMC
+REUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZv
+Lm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFzAVBgNVBAMTDlZQTi1C
+TEtSLWNocmlzMREwDwYDVQQpEwhWUE4gQkxLUjEdMBsGCSqGSIb3DQEJARYOYXJn
+dXNAb29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCoZnE5
+rGKolfRVO9meGggYwPDbBQCl5eA/IyG2sGkpTDyt1u7piCXfEcaNRlcIVfnCZ2i/
+edfBkR4oZETR42TZKrQvSTKoJHlUXbsmxM9UsiZeh05yZEEhku0ohKplpxbuEUZ
+5tj4MTFM9iNxNr9RAThrto8GKPZvil8MJeBVGAQdglyXN4tgp1+OHCiX7qFTaZFz
+GYZ4A+SqwEBwQrse9GkHMKgqlYG/wjhIzYDtmy8xIKAlB2a2RXDlzSH2+BKdPAFT
+EN8Qrw+bwBup8ArnXyk5V8DxJySxMHCinxxDBaVmhw191E53qY5RhC2MLm2FcpoH
+PYkjGwggBdiCmynMYyGNyXaZNveHaQehGOGtK++Zaa+ecVb/gIcGxS8l/7/qJfZf
+Zfx1wPs03FAMyu8GakO3DvgrheXDHHlLtpUpeKnFyu3h63bZvOHTv0jGvF/tGxX4
+eNh8FHW44Y1UTk4A2Agg5SJzDrZHRzUOoKnzmq1mSBPBetztvhcMclwPOz9P7qWo
+G4FqQc5CGG88i7ULMXX/xv7U/tZF7WzJv6G0b2lTBvlVoLsnubMmQD0L4NYUeQ71
+Gqdscpvg6Qkptv7Zc79GH7LG7JfOVmajBT3Va9BRYhZzXwkT/iyasc01OXKlgUjS
+9Kex5LCfGgHmaWMmIADjdaNwRhKIEGnguKA5+wIDAQABo4IBaTCCAWUwCQYDVR0T
+BAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2VuZXJhdGVkIENlcnRpZmlj
+YXRlMB0GA1UdDgQWBBSiVTG2MqiFqM6DVofOs+Z136+ukTCB1QYDVR0jBIHNMIHK
+gBT2d6OZJIK5jYNiovzEe63K1m754qGBpqSBozCBoDELMAkGA1UEBhMCREUxDzAN
+BgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4x
+GTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxETAPBgNVBAMTCFZQTi1CTEtSMREw
+DwYDVQQpEwhWUE4gQkxLUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWC
+CQDUNZJKP9U11jATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEAYD
+VR0RBAkwB4IFY2hyaXMwDQYJKoZIhvcNAQELBQADggIBANMD+MABYRMiHxIg/HDi
+zZG80OgwDb18GdcQJf2vUBIw8qtZJ9RxIbjeVDLd6fnVuI3XC9VrO6y3i6NcdhSy
+M3Mtp8L+++PW6voZrdm9o/LXVuGbh/xic/r4dEr0TiB4aj0OQr72iWj/53UkU0Jq
+XqLt8fsopI0uxio4sUZzXtqXR8Rr2L+88aVc7bSo7C5wX/6h526CdPvxDqhXWJOi
+Q4Jzgz6S8xFMns4MmT91Qkpz1LDRaklygx616NBK0Dz7w15tEiofjpXfjZHuiih1
+VBwAnc5CeU9zyAftoLWOLik2p5H/fL+fvn1xU9oyaeW6YMmVGF+kYhagA4wyZRF+
+xGsSLFnIFGWVCI/YuIn4PFOqK+kpJ1HhU/fpUOtnUMYZXMvQr9ak5b18icdvBHxv
+MqQLPFE4mHlQihK1A/eHhGDl14KTmSz2VicM9TYeGYcSU23otW/V6Mbm9hiu1Dho
+fwLiN1IrN+pDvUZy9XG/EEi1WtPFMhxlWzwm5Spmpu1+0lb2QyvcDIRtyVvVHFMe
+4wfrRjd0Zs4xB5Wl8vuxlezr7ac62LlK9OVJs0wRAMIEZQG+L040uCPrD8wfCh12
+Eogm5BDBDWHmFmczpSUmPPuGps4XhI1m5TWdAreKY6VxGt+yZd7vZJqI42XoTJIT
+EPdYrpMPTFzsbTg5X8Ww7ASJ
+-----END CERTIFICATE-----
+</cert>
+
+# Client Key
+<key>
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIxJf0YDJ2bXICAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECKDdb7uwem+1BIIJSGE659lsNhky
+dlHvkMZoLXc3zl2BCntyqB3EMEf2ff22utReSrla9Dh7iw3DR2E6sW8tW2HMHB21
+uA689ozPf4MrYVEVHO0tF/Eb8ibeQc9kZDCocArMU3heOx6wtokFY18H+LEBxaUd
+1rUMJDQozsvWtgsmQHKaEkMXGJE/kpytOQqA7eIFQBb7m3666BUEyh3wDx2IZleF
+zvkxCzIi5neuqTndpPEohr0uQvshQI1GCSFTrJk1Ox9JN4TcpH+QvBnDBYcZUqLt
+ZSehC6OyXp/KdAL5N+VvobzulKO/Ll+8WjNlhQAeDehJ14fz3BGnX56HYeEeu2n
+xPp4mQpQp8dYwsSArTcSGB56soQ1qK1utOSYNpVTS8jEV+HUbpXUxG0gZpQOPThp
+i3s/ujQdGf19RZ3W3W3nGWsLVf8YoXjqme/4kZVnQ1mhdNsNVBOHq8GewsUqkUBW
+gbgsmPm4Vz0YBF6dGFkPJ0HAP4nSyVC/D1A6DjoZtp6xEEz/9NoujiDZhXr2izGX
+hkn4NrKzezOfBp8yxdkXF+UnDJOXYnVH4JqhcQCVSubOyPurPRQkxY/ETOKntPyZ
+0j0n78w5LlzKQSjHHjxlD4GpLmhNTGcRPt8CahAdk6fUuXKQj0vswPNTbwnGAmTi
+uKhzg44v9jARqayCndzIjE70HGPxV282iv7/+l6jBSavvpk1WUW8L0SN8WHBWtP8
+mTKVWfGPt7K9cpR0jZM07jVRv9+j7shwK1C81ORXmKrSMhYAlgG6vf4EBOcFrrUg
+LuDN6KJFtJ1ofDZt++ySm9PC1Mxp4bSJ9Dto9PA+dwuIaQmkhU8DZMS5O0pfBAmV
+UHAQNQOBi6xKNuhkuDt261pHcoy+I4JrqMPZDsrYFIoMdAcUhzD5WhzVj5Xj8ON3
+GxKTaGEareKt1bIWoWD3VmOZqas2PAzy9W2FyktzpZlWktK7uJYwoxOZGTuoP8DA
+umEZO4PX9r+vdGXy75Qfv8+LnYdQdK/JBSXNHBXjj57JeiR494fgJ8uSzRRCMpM9
+mTJqSgZkCZQ8XwY16susz5UyMpwbCBawBzRKvJ0DNGb46v2EPtYUYOmjk/k7AO5J
+IIWr+FdK7UmsFKvAxDGHW54HRf9rpcl1+KMNTubmIyzz5iFK3IFfQu9A35jYkKd/
+YnP29BJ+jWbQdVvsjf94Nfxn9x/FUpSQj91jeQzt1I167cn/OLIkqubTgce221oa
+KqxUPSCZ+VuONiFUDC3XXyve5ZeVgZ1a2L69owSF/7SQpF099t75Tu9DbKCGz+Yb
+OJrne1UuJHJyGyNlUgsIgQZplDN/uW7PfpaEK9wzZS3ydJ/LMherJ4FazSx38Wiw
+5crdQW8YxgWoGsYCLZEFg2INjZcKs8Fq8uybDJM5B7oyOTFVvtEw6YqGVw7BSs3c
+S1qdwMYiA6KJSEoPHZWrIs+1ua3D37pMv9bf5CJQIJ4vfoRbY/EmILmV7y5tlumu
+GJ82Eyt7QOWoTVnfN9AIRbPMLERCF1S7PRivl62ElM5DY7C/N09Kx5lgei859vQ8
+wO4qXePLJuZbu2pO2FMIol+mXk0FJY7aKERPMu2mSfymv0PlPkHzQnP3eUeG498n
+1kuAeIiggm1sSKrJwCKorekRN3aCt4JKPoAPlK9u2V7kgF5Zsflu17KqZSOm7iEL
+t+GZX5cy6Nw+SpakwfUdFfy0eR16fvrII6QGXQomhwzGp455csTCffFLRxpcng5f
+6XHWaLRr/xfsM8/HOzur7kCB/Q5cRvn5hbwz31COHM/iSpJC9r9z1uOUY+i+0mIu
+RQK3L1S71JYt1VcDbNDAow4rsgJIYiXJnl8ZujZsMuSFy39lrHPDxuKuVN6mwt0I
+jICVpBnDkuBFtK9UNaI/d9ebohTq143/FJoyu1BKaMbTB0yhBT/xK4n2lJY3js6I
+1S7nR/tr7O4nSfv02L3ga6AbZ50Nasy//wY4V24wfrDO/IWzTpLhsSooPNzlm2uh
+j1lhH05l7AkSBmfErzEVsGhgp+C3QZFORgWu1KOVHoYpbq7qVjK05lCfQFXIL1+T
+NGR6LAu4Iipt7rSxMRds2jYfTUpM/GcANkQ+DI/VHrwusu5yQpzrru8L869xNhd1
+ksNct94q/Z3llhRzdRyQmHgIOZQVHHXAGwxfShRKvKGeaSnpIGk3nG3/Pt1Gk8DZ
+7bW7XgGx28bR9JcyvhFDgXmGNWFnqet67OzHC2rJkDeb2sA+jt7OoxvZD24ild/X
+CnobPHn1ECn0BNqcS13Af9HeUwf9eRmMsizvQK3UlWW7tGtcnH/+HJ4duGiCLcHw
+BOeWKS95yty9o3WS0LTTgt4fKvumeRgWtnJh/rcGnCM+tgVjgAt8KwtuDgEaDmuq
+jVegNDjISQ00yr8PgH6syUfvQgDeZ0pIGVc9bFJ/7PeTjV7EvEZwd8DUsWqYlzuD
+d+tJvcEcHWdPKAFz8caLyz/X/+G2aqwClCC63wqsMidXPR1Yu2/ASRtOwdO8UVMd
+Jh9H11AjvmqSmxjVMBYgidd8771sEBdPBfEEM+AlhOOl+OwSNqisvnmrimx24jj0
+R4Ju7Q1upE4nJmXfkklwGVPAcmIqOwJ6FMz8JAXdeJ2F4GWleOvDpENXuiU4IqYi
+60nOjF6NLl7e3rDWfkiz/kOGxoODvN+slrtNn/FTKfeu6L5jYMCcB6XxlwHf4J/x
+IOYJgPJqzvQCqCheWGeH0OSR6CiHq57uTDYXFaGFyB/ZjpN9ODmfqR47pAUUui37
+g3Bmuui00rshdFQY3KMryuQM9d04E9E87gSFoU8hsOhpEcGbFoBWryhLFf5VJXGZ
+Ki2EgnIZCxDGvBOzttOWVigOe5F4qKqd73+DJlcFLKpHtI9j+SXTLWu+GLehmqM6
+aXhrvIOg+Sv9Qg5R0SLWu8s8sCc22IcvJ1HH1QYcdCkn8nsxEPo9NU+1cfYBwUEm
+9xSEj0nzz2gk7wp2yEqb59a9sab3Ok3nTVLTf503zRMY/aZp6vlHAEOBN5zPyayS
+kV8u5nrd5jkGHQE16Hyph+pZOeeBNzi8k1AlnYi/KgUAcz/vgbQf8Jk9FjbwFm8I
+3u9GJpj7PP9xptKcVchLu8nEOZqsTVeKhNNVOoVM3qaVCKfrbB8znh6I39o3ym3p
+PJOlG292z79sHyhYkLAS6g==
+-----END ENCRYPTED PRIVATE KEY-----
+</key>
+
+# Verify server certificate by checking
+# that the certicate has the nsCertType
+# field set to "server".  This is an
+# important precaution to protect against
+# a potential attack discussed here:
+#  http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the nsCertType
+# field set to "server".  The build-key-server
+# script in the easy-rsa folder will do this.
+#
+# Note!
+# The option "ns-cert-type" has been deprecated since 
+# version 2.4 and will be removed from later distributions.
+#
+# Use the modern equivalent "remote-cert-tls"
+# 
+;ns-cert-type server
+remote-cert-tls server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+#
+# Don't forget to set the 'key-direction' Parameter if using
+# Inline Key. Usualy , sever has key direction '0', while client
+# has ke direction '1'.
+#
+key-direction 1
+<tls-auth>
+-----BEGIN OpenVPN Static key V1-----
+b185215657011d3b8e96ff855a3f90ba
+94131670f65a203848ac7040329594ae
+e867c606a0df1d12c265d7ec7d4dbd91
+c38c1e2103405f6b5c345548da2ae3e9
+6ddf55904f191037d673dc454e31dac7
+d6dd17917b0a045914860b19d310e541
+7bd707c41a3ed7d3b2d6fe522419a1d4
+cd929a7e2aa6183a0c83a4b212cbe96b
+e9bef5a76b621ef947858f96be60229f
+e2107488c6f0a50e7f3acfe5a27952db
+53f6e8156b7d10b4da35861906b81558
+f8a24a15f2311d592a0d6186a95261e8
+f186ec3f54672edec2d04b4c99e5666a
+815684b3129721e82c24482438ea4c7b
+80585ab2e4fd43cba32bede430bfa685
+cfc5755d9b1087aa3ec4299583e1f0a6
+-----END OpenVPN Static key V1-----
+</tls-auth>
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+;cipher BF-CBC        # Blowfish (default)
+;cipher AES-128-CBC   # AES
+;cipher DES-EDE3-CBC  # Triple-DES
+cipher AES-256-CBC
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+;comp-lzo
+
+# --auth-nocache
+# 
+# Don't cache --askpass or --auth-user-pass username/passwords in 
+# virtual memory. 
+# If specified, this directive will cause OpenVPN to immediately forget 
+# username/password inputs after they are used. As a result, when OpenVPN 
+# needs a username/password, it will prompt for input from stdin, which may 
+# be multiple times during the duration of an OpenVPN session. 
+#
+# When using --auth-nocache in combination with a user/password file 
+# and --chroot or --daemon, make sure to use an absolute path. 
+#
+# 
+auth-nocache
+
+# Verbosity level.
+# 0 -- quiet except for fatal errors.
+# 1 -- mostly quiet, but display non-fatal network errors.
+# 3 -- medium output, good for normal operation.
+# 9 -- verbose, good for troubleshooting
+verb 1
+
+# Setting 'pull' on the client takes care to get the 'push' durectives
+# from the server
+pull
--- a/BLKR/openvpn/blkr/client-configs/julius.conf
+++ b/BLKR/openvpn/blkr/client-configs/julius.conf
@ -0,0 +1,285 @@
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server.     #
+#                                            #
+# This configuration can be used by multiple #
+# clients, however each client should have   #
+# its own cert and key files.                #
+#                                            #
+# On Windows, you might want to rename this  #
+# file so it has a .ovpn extension           #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Are we connecting to a TCP or
+# UDP server?  Use the same setting as
+# on the server
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote gw-blkr.oopen.de 1194
+
+topology subnet
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server.  Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# Server CA
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIG0jCCBLqgAwIBAgIJANQ1kko/1TXWMA0GCSqGSIb3DQEBCwUAMIGgMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczERMA8GA1UEAxMI
+VlBOLUJMS1IxETAPBgNVBCkTCFZQTiBCTEtSMR0wGwYJKoZIhvcNAQkBFg5hcmd1
+c0Bvb3Blbi5kZTAgFw0xODEwMTQxMTI2NTJaGA8yMDUwMTAxNDExMjY1MlowgaAx
+CzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEP
+MA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMREwDwYD
+VQQDEwhWUE4tQkxLUjERMA8GA1UEKRMIVlBOIEJMS1IxHTAbBgkqhkiG9w0BCQEW
+DmFyZ3VzQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA
+0+cJGjlxrQfc0Hb34YJ7o3P+ctVU3jYlwV+XQrF8WFMAJ8w5QvRI4jcplY1MdMwW
+WCUZTuQ1woPbCJ2d53/ZR8RYlvq8XNdRhJmuJofWkEHEUe3YvDeTGumzco06xx+r
+Y/aA7+EI5cRismLTJkrwoIg2CYO/Vc82wTYKyJ2pThR1QAOWQ+WheEuqPAp2LfXI
+3oCGfRxgTe9756+gPzwKBZwGSMNFQjGOTHxqWnoCkQoDgOkOnCzTDcRbRVBAh7Bl
+aZ/yOte1iSyWiU8V/7VaosReizEY2/cCmSrj/p2TVcMPe6B8xBJyHI+6VZRPllEt
+l7zClTRWcp5xo1Ii/yZ+UJxK/PvYUNYt0gmJTJ7tKx05kF1HT/KmrvxV34/GCR9w
+adAteQTPDllMeBb9Wt1PXxcTcRU8MdvTONLXRp+JocfRkUR9ObSy9xdQG/HfTxOZ
+DIzECPa84tyn0nmrIJFkoKccLPJcYT+O0vypmTsVHlDIPai7gqWe5uYdUxba0Cjk
+OvbVZkQVlA/Z8yY/GiOUIfZTdjZFxLPbOWn/h6K+ud6wcjpQ3Y7vRU+FXZ+EQtqy
+GlCDmmDh6A0bIgoNvthk4bDlc2NMwQI/k9rUshe2i3k5rUmxa9KkIPLVdyw7xtvH
+bBTMdb2zlkUld3Gt5tb7g24GGe7Gh8iMdaYVhOPoJpkCAwEAAaOCAQkwggEFMB0G
+A1UdDgQWBBT2d6OZJIK5jYNiovzEe63K1m754jCB1QYDVR0jBIHNMIHKgBT2d6OZ
+JIK5jYNiovzEe63K1m754qGBpqSBozCBoDELMAkGA1UEBhMCREUxDzANBgNVBAgT
+BkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNV
+BAsTEE5ldHdvcmsgU2VydmljZXMxETAPBgNVBAMTCFZQTi1CTEtSMREwDwYDVQQp
+EwhWUE4gQkxLUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDUNZJK
+P9U11jAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQCv2pi832EnyOuH
+N407W6It/8PvmwSpC3/ZSIHt+IEKf2YOkR256J3NsO8/C3SaYNySk4Ew9DwNFVzJ
+vZ4bcoTZsKehcY0zuzJ7onafLvQV549QA8SLA75ydgAYeMEwQtF1Yni5xJYDfA7x
+t4yDNnbSTPjqBq2nLEh0Bv2pzXbPGAR8VyLKj0IKHQ1FMFVoRv+uidTCz5VVZilD
+5ojgljMnTcxwYbYQAtG9XFukxcFsvEltN19xujrJgt84isPAtbGcbI8Y98Fh1BbR
+xTN9o+KCRkneZtseNSWoCIAuLLwJEx+NWQHJXYGzOZAgoopw7G7N4U44VSdwhQSC
+JYgfmkjqW+VMYB/AEXPhXMZFGPyeYTYhugChrf9t3heREZL/JJPHfCkGe1mAQCOm
+xzAbZVgzjE4VKLjdvNvhW2Rosmqym3dCq0wC3xeUsrYPeq8U6r3kpkxrmTbMDnqr
+DIqDbstwbxsmTOXWYqTnNw5PDNdyzC/rL0r0H02FrLiZ+mj3wpD5+jEnicO5cWk+
+GkpKVerSY3EjOWvmkLdRr7AiZqq+D84Aqqh0rvFIuSfSQlcylZ4LEpp66ADCZWiQ
+B+yd54UiGk9/gwgmqJiaPYySWf4BKWxO9f64rdfzChgLplxCX+6wQaAcPYsk0sy9
+IUetobAJBkntkGyb4+NO8Jp4oJbh+g==
+-----END CERTIFICATE-----
+</ca>
+
+# Client Certificate
+<cert>
+-----BEGIN CERTIFICATE-----
+MIIHMDCCBRigAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxETAPBgNVBAMTCFZQTi1CTEtS
+MREwDwYDVQQpEwhWUE4gQkxLUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4u
+ZGUwHhcNMTgxMDE0MjI0NjM0WhcNMzgxMDE0MjI0NjM0WjCBpzELMAkGA1UEBhMC
+REUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZv
+Lm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGDAWBgNVBAMTD1ZQTi1C
+TEtSLWp1bGl1czERMA8GA1UEKRMIVlBOIEJMS1IxHTAbBgkqhkiG9w0BCQEWDmFy
+Z3VzQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAsRFt
+kM7rZMACsU2m1cXW4aSR5Ohoo+lb5vuU9vAyJLUcZIXod2D6PFEeHsSr2XrjPYCs
+xMf098dARSS4n1WXfEIoKqqqCox40c7P3qOnFENPQ40IPY9Dza/Eqsx/XrJfydTz
+vm0ieuIjMyEUJ2U+zsB3ED+jnreq5B0MV+JgnnWSfaVe66kq+C3tR1ihfzyBSMcl
+W6CxgxO0ON8/N/iXj/gevqPfENocOFXKEmDuahzB4SUt4zw4+ML31fo7Dshwr5gM
+Xj/kooF4pRTuvwCFQiv6LWMIONdX77/lVySo3yqPtce/edeLVraKyoSaaCvcho9G
+5GCSK/vqjBf/jDArhm4QNSAXjvhVOrT7q923ASMMIuljZg5T1ZXnZMAvNjYiZbOY
+Qz1NiDzVMCsVd3SouApJxUejZPM6fs222330hzuNCKlG9+grO8OTFcL4yBNG/dkE
+qrjnCOdhrlJSB5vkHNkdg55M7ZULTbdt46BO4p1e5vRiA2V1F/GIlrUzQCLndGcs
+vKsR1acBBmcbF96OMyOJHdCChKToKvKWFlMiaG5hr1wDtPPrbUVbmOMqQCWdfWsL
+VRVaRjagR525f4HXdSJH6RbNJOcx6Z1D6HppcdGHjvBlDJ/1JPNnhJnD7P8peHPe
+b3fAWLq3eSYoHwiE/LRfdqHdhrD7aLEH79JnkvkCAwEAAaOCAWowggFmMAkGA1Ud
+EwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZp
+Y2F0ZTAdBgNVHQ4EFgQUsbDah+SyK0zNTayFSlMEsRC7/t0wgdUGA1UdIwSBzTCB
+yoAU9nejmSSCuY2DYqL8xHutytZu+eKhgaakgaMwgaAxCzAJBgNVBAYTAkRFMQ8w
+DQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVu
+MRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMREwDwYDVQQDEwhWUE4tQkxLUjER
+MA8GA1UEKRMIVlBOIEJMS1IxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRl
+ggkA1DWSSj/VNdYwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMBEG
+A1UdEQQKMAiCBmp1bGl1czANBgkqhkiG9w0BAQsFAAOCAgEANb2uCYVkQgdUYKH9
+fZ6qobcc2vhrDP7r/oSS2vFvcpBq+/6wb09e8a9n47txbUmNT/1/2ADXwwMUQ3jz
+dI5wHckbQLUHRi3H1A9Qbvvb+xohyMJpq0kNdVkGGx7woFc6SQq4Npf2h+yCm7T2
+pFvDO7CmWuKYYv0wWbtqhI7hcQSdvhmCMcLebsz47rj9t1pobIpqbletYr0gXgzZ
+DiOOwlIJ1hSQ9OqauR4I+ba49Jy840o6C2W/ZAF/zMTfZbYMp4wAZsKiTamE8MNw
+KbQByrBbL8LC15i2J5BE3DzMgkDzMUk3nthe1qOoaoZjOyzILrtl4B8FGgtGXnVd
+6VO+c70/hkbpkl5++c8Z61Bgd6pewj9bBIDLR+zk0XbVXdPHZZ6zKDABhLMK2XTO
+46hEMWibB90cMbYprJ6P6S8Jat7E3yj5MJiFGC3tY5Tw+D+/+n1C8zxRlLaLqznp
+gWMuik1AuzQhjTmclQTNpz2PIcFjvw0xVGmISNCUGZjnJPK3yCBPzUd1/KU2biRC
+STSildvyB3JwuHmfn0u7lB3ui9FfSbPSGZbLAEJUaG8AYZ5mbFX2ZSELMIHIzluh
+qeL+MpPV6p1gyC5ze9oAsHrjnBX4F/GIG747+/AOBl83jLVOj+gzfojaZxhXPdxg
+JBOkzmg5L6ieQx+1EeJ4jNf1D+k=
+-----END CERTIFICATE-----
+</cert>
+
+# Client Key
+<key>
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIKFf7x+y0VjICAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECKNd68aH723ZBIIJSCSKYMe/zTkn
+g+fRJKj1dcWhw1Lih1uS/Q636GDykHj1DCcQsZjgNcy61FVh/B1Hpd7f2dxRf3vp
+YKDxCnEKAcGjSMsXhkXwc0mz6vPrYNGhdJ5/9SizjW6/+hU/qhi8iZQVPPJU9zVh
+4YUVC8kYHkU8FjgEEOyMPwjtRjxWAuB54Q0Ans1C1wlzz040UEGRfVm5+FkuupUm
+mvMzcJQdwGYcWFZR066xTUkiDm4fCaG9Lc8RXj2TCzUsKsJUlfmoSCO8DHgOqUM/
+6M7TNP6HmIWtX9NOlH7j/dLDIF53afbuDFaoXKdL/6nibZvG/o39IJ3n7hJHeZFB
+Ydfe1b8fCLl4+6O2RFEQfTmbjt9AA1G8bRHdFT80ekD0rUfqBEMetDsHkExHr8Vt
+kscM9KmYxLA1ExnQ07UWRPPqj31dvOg+sIVYBs9Ou5K0yK9vj7rZPK9M6P+Rs5mD
+V0YHCrCzAPLYd8zzWT7uI0hVoDd8ooMoCUXNffzLAwfjormVzR1as3ttIhf0zjz1
+6oqXvby1ACaIqWpRm52LNef7MDcCdv6R1kgB1JR+CWduOTCMQ7yklOY9A+S+E4Xd
+xSRkXTkVh4awVIRdoqmFbgrKlQAoarvZU8V/ayusS6nGx+9j1F9JYXFbp7Dz2kLq
+hLZnO8sOsQo3+s/2nOjhREI+YLBbanSge7t9hYsXEeJ51lwx5luED6ktfFEr2fTs
+AbyoM9JpAolYkyqmDHYH5WmRPeTHLIt0ZKfhnkCroV4KC+zMN1mNzgEbEuZA7eY+
+sAjFMJzsiamCTDlSb8x9VzVBHTeyGW/OFPlzratv1l8/9qZ5YGqOFEyAGLF5956w
+5YEP1ojOe/aYi+zYdablrQkBY//Lxv37ZzwhUclkBKt7iHk3cS5EAFtL6if0vsQ8
+d6W5+dNgkEYcoTbupkjGHXAG/UqbibR4j97WODb+qBdsUl5mIV38Tl9y+rwJjANP
+Xi9pdnFE+O/u/sbXNVNlN/tfu2AS4gfvKccNJJV5kqGHDFwAsuoy5Nado8KHSetR
+FOCLh/ADa8OE071xsqr4z2T9JkpN2aIqiHROCJvOtepZq+8gblmF1VKEnQDTuLFW
+hRMbXkL9Xd3vz02tJCGf+1YKKS+G5cQirVHCxRRAVc7e52Nd5+W+0Ds3xLo3oZIV
+txHZyQ8qFuAw5EzYQ/vVSXfuTFohcrqDQl7DTtlEAcEyRyc5J0oJzRCk4tTvnFdD
+xL+yxb6EqU018Y/aryEOJAhxIullpaCAEAy8WyiUyu9Bf4gx90UVUpXVoU8+WGk3
+/BGyAwmyXCVv/M6rzcSQ2bm1n5ga8SkmZvLH9YC11oir4jM2YY+tFvjeZg0Zcatv
+pdm4XM1bpk3ysf8HatFqBwnd+xR2Uk6l+f3dyhYzcz74VZyqjbrnUgUPwFTZTI7c
+9TA7alPzRqnuL0LBYjs2H4DSih7LPfJTTohrePhMEMpJnewKWayTuWSmMoQlZWOM
+iIzT+KcLxWQSliolEUQ2HytjJ+898WETe2pJaCrA12XJ2fPZcAhuYKdrWD1N5qXb
+lll0Xl08nVxpQ0jRxpoIvjBiwrdPF97BIYaVCXCERQMFu8rFeOzlDPf4H/jtCCSY
+Obv4b5h7XVhKbewKHZsOWprOecetK2goGVO5UAiPsrE2VKugzkg2+5HoV/wC4VBN
+yhImVgK1MsUqFnwSsRNQTRZZ5bUL83urBOlEJvBh2A7Lgo6tVJY+mYCIM5/1UYMA
+2JPyXFn688h+/f0j3p9kGLiLgblsiexu8MT7DABgTrQVd0pb2O/7T7B1/zoMzDW6
+DQhxg/+hW4A4zbxoauup7iRBkLuoc9UjA1p3wa7Kd6bcPesjv0iTjfxGYNhl7dCM
+48eqm2arMd1N9ns3kjKQzbQPswuKx4TjpE4yJ1hPQGWhD5i1znJ4yl3IhIlckHoH
+LAXxeu82HGbMF7qACMO4Xan00o9egawkbqx2sOC8ghBcxi8Jn4zEt5kEgQVcVg4d
+8wIJ2f+D2z7c94ycBv96Cm04QVyNZkm5Gzzf3AQW0wLo1MRaBok+JOiWMEb+dqV0
+/MAZ2KibMxWTkRNfIsJVx88fwupUk+ztM8ZsaAuYRBrMZrnw4LGt70xHhp1V75qp
+6eReNMU3/oZ8JNjP7yoYLX8T9fBlEj9z/ErbyAEmWHZSSwR6sXJIzXr4ywVWHjXk
+U8ZkWMVa0VMozAUdzfMPBjFZwhYBeEguiAYN1Wtvbz//EqnbogxNtTckwTlgD4xI
+ECfVaAsaTCtL8/nOVM11wQhmJYAbMtbi5BFS/KOoCo9N3wse77aFD9PF7bxV8RHk
+JtY/u1seqbLN9ZjGpQCusl22GgvK4Kz80mRrTtDpP0aoT1BTn0Hz6Y4GJRzX0x1Q
+u+fVt0+beC4pjd1mJndpoXG1S2+WHPh3SV2f+ZYiFrQd1uQ5U2dCq6VlfZBgf6xP
+bZoOmcly9NQM4nEszGt9AFGFj5mw234dmQdVwbjcYhMmXSfmI5wCLVyyQBKHrp5V
+kG4eEM8HgXqBrTMVoyA+BNK8SRRUZUD/eN3bwvE2CEkAaVc4QRIJCtJwEvOP3SA2
+EjbcNbdfhIT6OA7AWIMXaLwCTre3vMDU4z26EA7/k4wNKvvpJb49ScgJDMuIS9h5
+BXh0q8B6VvPFGuTVV46uz/gl8fU1cROvCJclCbaUMt4lcna+rgvJWoX2BtOwWfEV
+ZYGHBqPt/94tO+fEWr9e0SqIwZSiyrfTZhfJUZjyDNXTedF4BfWyI0CkC/NfEswG
+P97ozo4un/+P5NseqQN4EXnZR1egUur4mCJz2KCrv9M0LSxwbZK2cjZCqnsIc4U1
+aufbzS5YerTKCduGVvuwCSlA57CeDXlFE89M3hwSD5xp9tJbXNL/q0ufaPCSSV9C
+BMW6SMUvDzKBY1hULCfYCnrrzI0+xfvoBQ5PwiUT7TVqKV4wViWiJ1BSp5uJkein
+hrm3ER4tmS7LX+pNBb49Lgpar2Omivm4/tmgVwhhw9e0X+OnpWqlTAqcti73rHKm
+5zksjTcjTxfjj2kEX8ASXD5I8H2v+hXZrmjE8PV+jA4Gl5fooMF9gp7z3EE3wyeD
+OfI90G7V8F2NBjx9rQx+e1/Sz6yRtEdtUCKWFMTJnSEWTOF2e4I1py0IRvspMOTG
+gQVi7sR0xnQD61dmqU8dWw==
+-----END ENCRYPTED PRIVATE KEY-----
+</key>
+
+# Verify server certificate by checking
+# that the certicate has the nsCertType
+# field set to "server".  This is an
+# important precaution to protect against
+# a potential attack discussed here:
+#  http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the nsCertType
+# field set to "server".  The build-key-server
+# script in the easy-rsa folder will do this.
+#
+# Note!
+# The option "ns-cert-type" has been deprecated since 
+# version 2.4 and will be removed from later distributions.
+#
+# Use the modern equivalent "remote-cert-tls"
+# 
+;ns-cert-type server
+remote-cert-tls server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+#
+# Don't forget to set the 'key-direction' Parameter if using
+# Inline Key. Usualy , sever has key direction '0', while client
+# has ke direction '1'.
+#
+key-direction 1
+<tls-auth>
+-----BEGIN OpenVPN Static key V1-----
+b185215657011d3b8e96ff855a3f90ba
+94131670f65a203848ac7040329594ae
+e867c606a0df1d12c265d7ec7d4dbd91
+c38c1e2103405f6b5c345548da2ae3e9
+6ddf55904f191037d673dc454e31dac7
+d6dd17917b0a045914860b19d310e541
+7bd707c41a3ed7d3b2d6fe522419a1d4
+cd929a7e2aa6183a0c83a4b212cbe96b
+e9bef5a76b621ef947858f96be60229f
+e2107488c6f0a50e7f3acfe5a27952db
+53f6e8156b7d10b4da35861906b81558
+f8a24a15f2311d592a0d6186a95261e8
+f186ec3f54672edec2d04b4c99e5666a
+815684b3129721e82c24482438ea4c7b
+80585ab2e4fd43cba32bede430bfa685
+cfc5755d9b1087aa3ec4299583e1f0a6
+-----END OpenVPN Static key V1-----
+</tls-auth>
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+;cipher BF-CBC        # Blowfish (default)
+;cipher AES-128-CBC   # AES
+;cipher DES-EDE3-CBC  # Triple-DES
+cipher AES-256-CBC
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+;comp-lzo
+
+# --auth-nocache
+# 
+# Don't cache --askpass or --auth-user-pass username/passwords in 
+# virtual memory. 
+# If specified, this directive will cause OpenVPN to immediately forget 
+# username/password inputs after they are used. As a result, when OpenVPN 
+# needs a username/password, it will prompt for input from stdin, which may 
+# be multiple times during the duration of an OpenVPN session. 
+#
+# When using --auth-nocache in combination with a user/password file 
+# and --chroot or --daemon, make sure to use an absolute path. 
+#
+# 
+auth-nocache
+
+# Verbosity level.
+# 0 -- quiet except for fatal errors.
+# 1 -- mostly quiet, but display non-fatal network errors.
+# 3 -- medium output, good for normal operation.
+# 9 -- verbose, good for troubleshooting
+verb 1
+
+# Setting 'pull' on the client takes care to get the 'push' durectives
+# from the server
+pull
--- a/BLKR/openvpn/blkr/crl.pem
+++ b/BLKR/openvpn/blkr/crl.pem
@ -0,0 +1,18 @@
+-----BEGIN X509 CRL-----
+MIIC6TCB0jANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCREUxDzANBgNVBAgT
+BkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNV
+BAsTEE5ldHdvcmsgU2VydmljZXMxETAPBgNVBAMTCFZQTi1CTEtSMREwDwYDVQQp
+EwhWUE4gQkxLUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUXDTE4MTAx
+NDIxMjMzNFoYDzIwNTAxMDE0MjEyMzM0WjANBgkqhkiG9w0BAQsFAAOCAgEAtlkA
+pIPBbAmqenFArYr0tPbry6/BFMmsfOz05CV3oLorIxfK2ZatW1pEAAp6+8DyqKiu
+ZweRt27Z4K1vjqLla9VLrLjyyoSA6mQCkSi5S8GhV4bVmGh+kVdGQ+TpVCHSRurc
+STV0kMjlbgTeMw2a+Z3akbOeA7OeRzNz1URxi56fakPEosfv3tvvA8KSx2mzL8Jj
+SjIzUv87cBd9RiJsiNAMVhy+HR1I3VbUlrJ0flL8JaFw0+nzF+zxLwfJ1iOiKAjn
+t6aN2MVzHjhwwowGRAsh0ofSrScE0+vXbuYWXXhwITOj+sMARGatUPcARgnYT5Xd
+NUYL6aJOknXI18pkLSMI7lrGPwf4Tz1ktKy3nCEqjmQMpiqV7p/Fpi3eFwo4IjcP
+HMtJY1eon3kTYbaMgVqWSXSliiJl0U51fT6kYDrbbNKx81175HOfzRO1J6RYI7hW
+/KKyBZwOxfVjlIHVzTB0zfGnhZcNd3LY3HZWB0/IvDhDUbjPiqgXLuih1dUDDc3r
+jqeM+XH5JHHcQrw28Ow4C0uWgExWMvrCeQ0j5P0V6rfyXXEJZhvg3UXTcUcWKv/S
+Cos4j6Az1JZ8YNKMYQZgLKGeTZX2sy/13yb0xdlftp1Y5L2mCP4Yra/a0CAwxugN
+XT9+LKMrA00zXZy45G74XCiaYUXWrg9bJd2IO90=
+-----END X509 CRL-----
--- a/BLKR/openvpn/blkr/easy-rsa/build-ca
+++ b/BLKR/openvpn/blkr/easy-rsa/build-ca
@ -0,0 +1 @@
+/usr/share/easy-rsa/build-ca
--- a/BLKR/openvpn/blkr/easy-rsa/build-dh
+++ b/BLKR/openvpn/blkr/easy-rsa/build-dh
@ -0,0 +1 @@
+/usr/share/easy-rsa/build-dh
--- a/BLKR/openvpn/blkr/easy-rsa/build-inter
+++ b/BLKR/openvpn/blkr/easy-rsa/build-inter
@ -0,0 +1 @@
+/usr/share/easy-rsa/build-inter
--- a/BLKR/openvpn/blkr/easy-rsa/build-key
+++ b/BLKR/openvpn/blkr/easy-rsa/build-key
@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key
--- a/BLKR/openvpn/blkr/easy-rsa/build-key-pass
+++ b/BLKR/openvpn/blkr/easy-rsa/build-key-pass
@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-pass
--- a/BLKR/openvpn/blkr/easy-rsa/build-key-pkcs12
+++ b/BLKR/openvpn/blkr/easy-rsa/build-key-pkcs12
@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-pkcs12
--- a/BLKR/openvpn/blkr/easy-rsa/build-key-server
+++ b/BLKR/openvpn/blkr/easy-rsa/build-key-server
@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-server
--- a/BLKR/openvpn/blkr/easy-rsa/build-req
+++ b/BLKR/openvpn/blkr/easy-rsa/build-req
@ -0,0 +1 @@
+/usr/share/easy-rsa/build-req
--- a/BLKR/openvpn/blkr/easy-rsa/build-req-pass
+++ b/BLKR/openvpn/blkr/easy-rsa/build-req-pass
@ -0,0 +1 @@
+/usr/share/easy-rsa/build-req-pass
--- a/BLKR/openvpn/blkr/easy-rsa/clean-all
+++ b/BLKR/openvpn/blkr/easy-rsa/clean-all
@ -0,0 +1 @@
+/usr/share/easy-rsa/clean-all
--- a/BLKR/openvpn/blkr/easy-rsa/inherit-inter
+++ b/BLKR/openvpn/blkr/easy-rsa/inherit-inter
@ -0,0 +1 @@
+/usr/share/easy-rsa/inherit-inter
--- a/BLKR/openvpn/blkr/easy-rsa/list-crl
+++ b/BLKR/openvpn/blkr/easy-rsa/list-crl
@ -0,0 +1 @@
+/usr/share/easy-rsa/list-crl
--- a/BLKR/openvpn/blkr/easy-rsa/openssl-0.9.6.cnf
+++ b/BLKR/openvpn/blkr/easy-rsa/openssl-0.9.6.cnf
@ -0,0 +1,268 @@
+# For use with easy-rsa version 2.0
+
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		= 
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key	 	# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha256		# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options. 
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType			= server
+nsComment			= "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
--- a/BLKR/openvpn/blkr/easy-rsa/openssl-0.9.8.cnf
+++ b/BLKR/openvpn/blkr/easy-rsa/openssl-0.9.8.cnf
@ -0,0 +1,293 @@
+# For use with easy-rsa version 2.0
+
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines                 = engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key	 	# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha256		# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType			= server
+nsComment			= "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0
--- a/BLKR/openvpn/blkr/easy-rsa/openssl-1.0.0.cnf
+++ b/BLKR/openvpn/blkr/easy-rsa/openssl-1.0.0.cnf
@ -0,0 +1,290 @@
+# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines			= engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key		# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+#default_days	= 3650			# how long to certify for
+default_days   = 11688
+#default_crl_days= 30			# how long before next CRL
+default_crl_days   = 11688
+default_md	= sha256		# use public key default MD
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString (PKIX recommendation after 2004).
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType                     = server
+nsComment                      = "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0
--- a/BLKR/openvpn/blkr/easy-rsa/openssl-1.0.0.cnf.ORIG
+++ b/BLKR/openvpn/blkr/easy-rsa/openssl-1.0.0.cnf.ORIG
@ -0,0 +1,288 @@
+# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines			= engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key		# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha256		# use public key default MD
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString (PKIX recommendation after 2004).
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType                     = server
+nsComment                      = "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0
--- a/BLKR/openvpn/blkr/easy-rsa/openssl.cnf
+++ b/BLKR/openvpn/blkr/easy-rsa/openssl.cnf
@ -0,0 +1 @@
+/etc/openvpn/blkr/easy-rsa/openssl-1.0.0.cnf
--- a/BLKR/openvpn/blkr/easy-rsa/pkitool
+++ b/BLKR/openvpn/blkr/easy-rsa/pkitool
@ -0,0 +1 @@
+/usr/share/easy-rsa/pkitool
--- a/BLKR/openvpn/blkr/easy-rsa/revoke-full
+++ b/BLKR/openvpn/blkr/easy-rsa/revoke-full
@ -0,0 +1 @@
+/usr/share/easy-rsa/revoke-full
--- a/BLKR/openvpn/blkr/easy-rsa/sign-req
+++ b/BLKR/openvpn/blkr/easy-rsa/sign-req
@ -0,0 +1 @@
+/usr/share/easy-rsa/sign-req
--- a/BLKR/openvpn/blkr/easy-rsa/vars
+++ b/BLKR/openvpn/blkr/easy-rsa/vars
@ -0,0 +1,96 @@
+# easy-rsa parameter settings
+
+# NOTE: If you installed from an RPM,
+# don't edit this file in place in
+# /usr/share/openvpn/easy-rsa --
+# instead, you should copy the whole
+# easy-rsa directory to another location
+# (such as /etc/openvpn) so that your
+# edits will not be wiped out by a future
+# OpenVPN package upgrade.
+
+# This variable should point to
+# the top level of the easy-rsa
+# tree.
+##export EASY_RSA="`pwd`"
+export BASE_DIR="/etc/openvpn/blkr"
+export EASY_RSA="$BASE_DIR/easy-rsa"
+
+#
+# This variable should point to
+# the requested executables
+#
+export OPENSSL="openssl"
+export PKCS11TOOL="pkcs11-tool"
+export GREP="grep"
+
+
+# This variable should point to
+# the openssl.cnf file included
+# with easy-rsa.
+export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
+
+# Edit this variable to point to
+# your soon-to-be-created key
+# directory.
+#
+# WARNING: clean-all will do
+# a rm -rf on this directory
+# so make sure you define
+# it correctly!
+##export KEY_DIR="$EASY_RSA/keys"
+export KEY_DIR="$BASE_DIR/keys"
+
+# Issue rm -rf warning
+echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
+
+# PKCS11 fixes
+export PKCS11_MODULE_PATH="dummy"
+export PKCS11_PIN="dummy"
+
+# Increase this to 2048 if you
+# are paranoid.  This will slow
+# down TLS negotiation performance
+# as well as the one-time DH parms
+# generation process.
+##export KEY_SIZE=2048
+export KEY_SIZE=4096
+
+# In how many days should the root CA key expire?
+##export CA_EXPIRE=3650
+export CA_EXPIRE=11688
+
+# In how many days should certificates expire?
+##export KEY_EXPIRE=3650
+export KEY_EXPIRE=7305
+
+# These are the default values for fields
+# which will be placed in the certificate.
+# Don't leave any of these fields blank.
+##export KEY_COUNTRY="US"
+export KEY_COUNTRY="DE"
+##export KEY_PROVINCE="CA"
+export KEY_PROVINCE="Berlin"
+##export KEY_CITY="SanFrancisco"
+export KEY_CITY="Berlin"
+##export KEY_ORG="Fort-Funston"
+export KEY_ORG="o.open"
+##export KEY_EMAIL="me@myhost.mydomain"
+export KEY_EMAIL="argus@oopen.de"
+##export KEY_OU="MyOrganizationalUnit"
+export KEY_OU="Network Services"
+
+# X509 Subject Field
+##export KEY_NAME="EasyRSA"
+export KEY_NAME="VPN BLKR"
+
+# PKCS11 Smart Card
+# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
+# export PKCS11_PIN=1234
+
+# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
+# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
+## export KEY_CN="CommonName"
+export KEY_CN="VPN-BLKR"
+
+export KEY_ALTNAMES="VPN-BLKR"
--- a/BLKR/openvpn/blkr/easy-rsa/vars.2018-10-14-1321
+++ b/BLKR/openvpn/blkr/easy-rsa/vars.2018-10-14-1321
@ -0,0 +1,80 @@
+# easy-rsa parameter settings
+
+# NOTE: If you installed from an RPM,
+# don't edit this file in place in
+# /usr/share/openvpn/easy-rsa --
+# instead, you should copy the whole
+# easy-rsa directory to another location
+# (such as /etc/openvpn) so that your
+# edits will not be wiped out by a future
+# OpenVPN package upgrade.
+
+# This variable should point to
+# the top level of the easy-rsa
+# tree.
+export EASY_RSA="`pwd`"
+
+#
+# This variable should point to
+# the requested executables
+#
+export OPENSSL="openssl"
+export PKCS11TOOL="pkcs11-tool"
+export GREP="grep"
+
+
+# This variable should point to
+# the openssl.cnf file included
+# with easy-rsa.
+export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
+
+# Edit this variable to point to
+# your soon-to-be-created key
+# directory.
+#
+# WARNING: clean-all will do
+# a rm -rf on this directory
+# so make sure you define
+# it correctly!
+export KEY_DIR="$EASY_RSA/keys"
+
+# Issue rm -rf warning
+echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
+
+# PKCS11 fixes
+export PKCS11_MODULE_PATH="dummy"
+export PKCS11_PIN="dummy"
+
+# Increase this to 2048 if you
+# are paranoid.  This will slow
+# down TLS negotiation performance
+# as well as the one-time DH parms
+# generation process.
+export KEY_SIZE=2048
+
+# In how many days should the root CA key expire?
+export CA_EXPIRE=3650
+
+# In how many days should certificates expire?
+export KEY_EXPIRE=3650
+
+# These are the default values for fields
+# which will be placed in the certificate.
+# Don't leave any of these fields blank.
+export KEY_COUNTRY="US"
+export KEY_PROVINCE="CA"
+export KEY_CITY="SanFrancisco"
+export KEY_ORG="Fort-Funston"
+export KEY_EMAIL="me@myhost.mydomain"
+export KEY_OU="MyOrganizationalUnit"
+
+# X509 Subject Field
+export KEY_NAME="EasyRSA"
+
+# PKCS11 Smart Card
+# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
+# export PKCS11_PIN=1234
+
+# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
+# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
+# export KEY_CN="CommonName"
--- a/BLKR/openvpn/blkr/easy-rsa/whichopensslcnf
+++ b/BLKR/openvpn/blkr/easy-rsa/whichopensslcnf
@ -0,0 +1 @@
+/usr/share/easy-rsa/whichopensslcnf
--- a/BLKR/openvpn/blkr/keys-created.txt
+++ b/BLKR/openvpn/blkr/keys-created.txt
@ -0,0 +1,8 @@
+
+key...............: chris.key
+common name.......: VPN-BLKR-chris
+password..........: dbddhkpuka.&EadGl15E.
+
+key...............: julius.key
+common name.......: VPN-BLKR-julius
+password..........: gt9K/3PJ4xN%
--- a/BLKR/openvpn/blkr/keys/01.pem
+++ b/BLKR/openvpn/blkr/keys/01.pem
@ -0,0 +1,141 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-BLKR/name=VPN BLKR/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Oct 14 21:23:17 2018 GMT
+            Not After : Oct 14 21:23:17 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-BLKR-server/name=VPN BLKR/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:e1:41:1d:ef:50:16:69:a2:68:b8:5a:27:ab:a9:
+                    df:96:c8:5b:57:dc:81:41:c3:d5:61:48:75:b8:e3:
+                    e3:3b:b8:4f:5e:fa:c8:a5:bd:58:7d:90:e1:70:c0:
+                    91:fc:df:19:1a:e9:6d:0f:ae:5e:5c:1e:a5:14:ad:
+                    d3:2c:09:77:32:3a:84:5e:06:08:ed:4d:05:a0:69:
+                    6a:8c:e4:2b:3c:60:07:2f:87:da:19:3d:f9:d6:2c:
+                    16:a9:4f:1b:0c:d2:bc:48:5c:90:55:21:98:85:16:
+                    93:c7:3b:62:e6:fe:3f:5c:5c:22:6b:8f:81:5a:bd:
+                    27:27:b1:af:6c:c1:af:1a:3b:40:33:4b:33:35:7d:
+                    21:0b:31:1f:0e:3c:46:77:33:dc:87:e0:82:e0:31:
+                    9a:f0:d7:93:a2:a3:89:6b:0b:9a:aa:fb:2b:14:9c:
+                    39:a9:fe:87:f3:76:6c:e2:0d:60:d2:da:2c:03:7b:
+                    ea:48:13:31:93:a2:ab:40:8c:a0:ef:fb:bd:3e:c9:
+                    b6:75:ed:35:fd:8b:d7:04:fc:4e:c0:b0:12:af:3b:
+                    99:00:71:52:a6:d0:3b:16:f8:5a:98:3c:a2:5b:76:
+                    0c:d8:36:35:3a:0a:1a:dc:2f:bd:f8:05:6d:dd:40:
+                    df:93:cb:da:92:f0:63:d0:24:7a:e2:2a:ef:af:3e:
+                    ad:95:54:27:1f:f4:82:18:ce:b9:e3:9b:e7:76:12:
+                    f7:7e:79:4b:45:fe:a9:34:7a:2a:7e:03:0b:57:b7:
+                    2e:1f:ff:99:ac:f9:26:94:89:6c:ac:94:fa:01:39:
+                    c3:15:12:f2:e8:40:93:43:06:f6:ba:be:ab:58:8c:
+                    b3:0c:01:f0:22:2e:f2:a1:3b:07:b1:01:a1:b7:cc:
+                    29:a2:c1:59:60:b9:2b:9c:22:5e:03:46:74:dd:d9:
+                    9f:04:05:18:3b:34:d6:74:49:13:da:33:7e:83:57:
+                    01:e2:9e:a6:ff:36:e4:81:f5:62:23:79:52:a3:13:
+                    e1:f3:55:d3:b2:15:9d:ec:ce:5a:78:0e:97:ad:0a:
+                    ef:d1:d3:1c:c6:38:1e:a6:56:32:e2:6c:11:8f:26:
+                    b9:8d:5b:3a:c0:d6:01:b2:c4:fd:1c:96:31:a4:98:
+                    19:2f:c7:e2:f4:49:a7:df:a3:91:49:1e:3d:f0:c1:
+                    1e:67:27:54:f6:4f:7a:ec:0a:33:91:d2:7d:86:87:
+                    93:d0:7c:14:5d:57:35:86:ee:5a:1c:4d:d3:3d:74:
+                    4b:f0:20:af:c9:cc:ab:c7:ec:66:a5:f8:ae:5e:e9:
+                    79:a6:8c:e7:2c:fc:76:f2:8b:a5:c4:47:47:40:0f:
+                    10:97:14:7d:f5:bd:96:77:25:b6:53:f6:f1:35:ae:
+                    96:7e:27
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Server
+            Netscape Comment: 
+                Easy-RSA Generated Server Certificate
+            X509v3 Subject Key Identifier: 
+                10:58:52:1D:17:5E:26:24:8B:10:AA:B2:C7:F9:CF:88:7E:2E:2B:7E
+            X509v3 Authority Key Identifier: 
+                keyid:F6:77:A3:99:24:82:B9:8D:83:62:A2:FC:C4:7B:AD:CA:D6:6E:F9:E2
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-BLKR/name=VPN BLKR/emailAddress=argus@oopen.de
+                serial:D4:35:92:4A:3F:D5:35:D6
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+            X509v3 Subject Alternative Name: 
+                DNS:server
+    Signature Algorithm: sha256WithRSAEncryption
+         d3:04:a5:22:2f:3f:f0:2c:4b:17:42:7e:cf:60:01:3f:13:95:
+         63:37:bb:94:60:fd:77:0f:38:4b:d0:72:cd:17:bc:e4:ca:ad:
+         4f:85:e2:7c:ab:e1:cb:c5:b9:08:9d:2a:bb:29:e1:c2:33:42:
+         26:de:25:7e:a1:fe:5c:79:3c:37:9c:dd:ed:3d:86:15:e1:84:
+         69:95:ff:91:de:18:f3:1f:a8:41:7a:77:c2:d9:b4:da:74:af:
+         c3:bc:b5:49:92:e1:12:5c:07:51:ac:15:67:8d:8c:a5:83:3d:
+         a3:99:80:f5:f4:20:41:78:29:4c:bf:ec:6d:9b:30:c6:0e:db:
+         b1:6b:e9:58:3d:e3:aa:b0:9d:eb:43:2b:c1:f0:69:ae:34:65:
+         b2:3f:bb:bb:ef:51:87:73:18:d4:0c:f6:07:f2:f9:d9:91:fe:
+         46:fa:de:dd:86:6d:7c:e7:bc:c0:c9:c8:60:90:2c:c5:da:bf:
+         71:28:50:13:7c:37:6b:47:bc:b4:7a:a9:3f:bc:67:81:cf:ed:
+         94:bb:54:3c:00:46:01:0a:e4:73:24:64:71:a0:7f:44:dd:ba:
+         83:3b:42:a0:9f:1c:0f:fd:31:bd:e0:d5:b7:69:22:9d:63:dc:
+         f9:94:b8:57:c4:7d:a3:52:29:c7:a1:78:c0:0f:f6:72:ab:75:
+         9d:5c:c8:2c:05:c9:2f:e4:73:1d:fd:41:8a:69:87:c9:be:c0:
+         7b:b7:ce:7a:d5:f9:04:f6:9f:c9:4b:c4:76:2a:d1:73:67:e6:
+         e5:8e:04:9e:01:e9:7b:62:84:12:54:f3:29:af:83:45:a7:e2:
+         bb:c2:2a:8c:16:68:5b:37:67:dd:18:47:67:03:0b:ff:0f:6e:
+         c4:71:0b:c2:a7:a6:e4:d8:4e:9e:4c:d8:a1:5d:4b:9e:24:02:
+         b9:bf:8d:3d:fd:64:66:34:32:a7:d3:e9:ab:cf:dc:2b:48:67:
+         ff:63:be:b9:d2:e5:74:4d:53:10:d2:31:b0:44:23:1a:29:6d:
+         35:00:98:39:2b:82:74:2e:73:75:dd:47:9a:e8:6d:72:ed:31:
+         53:b5:53:b9:71:46:3d:84:25:79:ee:3d:90:cc:48:9d:bd:5d:
+         8b:31:93:61:2f:4c:3f:87:92:45:ab:9a:e9:4c:01:6d:51:c9:
+         4d:ea:f7:35:11:cf:d3:83:c6:48:4b:a8:f5:14:d1:a0:19:3f:
+         27:04:2e:0a:61:5e:d5:53:53:15:47:ed:25:2d:db:14:26:8b:
+         16:b0:58:6d:91:9a:a2:5e:a4:94:d6:a2:0d:3e:83:ff:7c:19:
+         0d:2d:19:97:e5:1b:e1:a2:f4:56:96:bb:11:47:2c:a3:98:94:
+         a4:ad:7e:3d:5b:51:24:59
+-----BEGIN CERTIFICATE-----
+MIIHSjCCBTKgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxETAPBgNVBAMTCFZQTi1CTEtS
+MREwDwYDVQQpEwhWUE4gQkxLUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4u
+ZGUwHhcNMTgxMDE0MjEyMzE3WhcNMzgxMDE0MjEyMzE3WjCBpzELMAkGA1UEBhMC
+REUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZv
+Lm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGDAWBgNVBAMTD1ZQTi1C
+TEtSLXNlcnZlcjERMA8GA1UEKRMIVlBOIEJMS1IxHTAbBgkqhkiG9w0BCQEWDmFy
+Z3VzQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4UEd
+71AWaaJouFonq6nflshbV9yBQcPVYUh1uOPjO7hPXvrIpb1YfZDhcMCR/N8ZGult
+D65eXB6lFK3TLAl3MjqEXgYI7U0FoGlqjOQrPGAHL4faGT351iwWqU8bDNK8SFyQ
+VSGYhRaTxzti5v4/XFwia4+BWr0nJ7GvbMGvGjtAM0szNX0hCzEfDjxGdzPch+CC
+4DGa8NeToqOJawuaqvsrFJw5qf6H83Zs4g1g0tosA3vqSBMxk6KrQIyg7/u9Psm2
+de01/YvXBPxOwLASrzuZAHFSptA7FvhamDyiW3YM2DY1Ogoa3C+9+AVt3UDfk8va
+kvBj0CR64irvrz6tlVQnH/SCGM6545vndhL3fnlLRf6pNHoqfgMLV7cuH/+ZrPkm
+lIlsrJT6ATnDFRLy6ECTQwb2ur6rWIyzDAHwIi7yoTsHsQGht8wposFZYLkrnCJe
+A0Z03dmfBAUYOzTWdEkT2jN+g1cB4p6m/zbkgfViI3lSoxPh81XTshWd7M5aeA6X
+rQrv0dMcxjgeplYy4mwRjya5jVs6wNYBssT9HJYxpJgZL8fi9Emn36ORSR498MEe
+ZydU9k967AozkdJ9hoeT0HwUXVc1hu5aHE3TPXRL8CCvycyrx+xmpfiuXul5pozn
+LPx28oulxEdHQA8QlxR99b2WdyW2U/bxNa6WficCAwEAAaOCAYQwggGAMAkGA1Ud
+EwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMDQGCWCGSAGG+EIBDQQnFiVFYXN5LVJT
+QSBHZW5lcmF0ZWQgU2VydmVyIENlcnRpZmljYXRlMB0GA1UdDgQWBBQQWFIdF14m
+JIsQqrLH+c+Ifi4rfjCB1QYDVR0jBIHNMIHKgBT2d6OZJIK5jYNiovzEe63K1m75
+4qGBpqSBozCBoDELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UE
+BxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2Vy
+dmljZXMxETAPBgNVBAMTCFZQTi1CTEtSMREwDwYDVQQpEwhWUE4gQkxLUjEdMBsG
+CSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDUNZJKP9U11jATBgNVHSUEDDAK
+BggrBgEFBQcDATALBgNVHQ8EBAMCBaAwEQYDVR0RBAowCIIGc2VydmVyMA0GCSqG
+SIb3DQEBCwUAA4ICAQDTBKUiLz/wLEsXQn7PYAE/E5VjN7uUYP13DzhL0HLNF7zk
+yq1PheJ8q+HLxbkInSq7KeHCM0Im3iV+of5ceTw3nN3tPYYV4YRplf+R3hjzH6hB
+enfC2bTadK/DvLVJkuESXAdRrBVnjYylgz2jmYD19CBBeClMv+xtmzDGDtuxa+lY
+PeOqsJ3rQyvB8GmuNGWyP7u771GHcxjUDPYH8vnZkf5G+t7dhm1857zAychgkCzF
+2r9xKFATfDdrR7y0eqk/vGeBz+2Uu1Q8AEYBCuRzJGRxoH9E3bqDO0KgnxwP/TG9
+4NW3aSKdY9z5lLhXxH2jUinHoXjAD/Zyq3WdXMgsBckv5HMd/UGKaYfJvsB7t856
+1fkE9p/JS8R2KtFzZ+bljgSeAel7YoQSVPMpr4NFp+K7wiqMFmhbN2fdGEdnAwv/
+D27EcQvCp6bk2E6eTNihXUueJAK5v409/WRmNDKn0+mrz9wrSGf/Y7650uV0TVMQ
+0jGwRCMaKW01AJg5K4J0LnN13Uea6G1y7TFTtVO5cUY9hCV57j2QzEidvV2LMZNh
+L0w/h5JFq5rpTAFtUclN6vc1Ec/Tg8ZIS6j1FNGgGT8nBC4KYV7VU1MVR+0lLdsU
+JosWsFhtkZqiXqSU1qINPoP/fBkNLRmX5RvhovRWlrsRRyyjmJSkrX49W1EkWQ==
+-----END CERTIFICATE-----
--- a/BLKR/openvpn/blkr/keys/02.pem
+++ b/BLKR/openvpn/blkr/keys/02.pem
@ -0,0 +1,139 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-BLKR/name=VPN BLKR/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Oct 14 22:36:55 2018 GMT
+            Not After : Oct 14 22:36:55 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-BLKR-chris/name=VPN BLKR/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:a8:66:71:39:ac:62:a8:95:f4:55:3b:d9:9e:1a:
+                    08:18:c0:f0:db:05:00:a5:e5:e0:3f:23:21:b6:b0:
+                    69:29:4c:3c:ad:d6:ee:e9:88:25:df:11:c6:8d:46:
+                    57:08:55:f9:c2:67:68:bf:f9:e7:5f:06:44:78:a1:
+                    91:13:47:8d:93:64:aa:d0:bd:24:ca:a0:91:e5:51:
+                    76:ec:9b:13:3d:52:c8:99:7a:1d:39:c9:91:04:86:
+                    4b:b4:a2:12:a9:96:9c:5b:b8:45:19:e6:d8:f8:31:
+                    31:4c:f6:23:71:36:bf:51:01:38:6b:b6:8f:06:28:
+                    f6:6f:8a:5f:0c:25:e0:55:18:04:1d:82:5c:97:37:
+                    8b:60:a7:5f:8e:1c:28:97:ee:a1:53:69:91:73:19:
+                    86:78:03:e4:aa:c0:40:70:42:bb:1e:f4:69:07:30:
+                    a8:2a:95:81:bf:c2:38:48:cd:80:ed:9b:2f:31:20:
+                    a0:25:07:66:b6:45:70:e5:cd:21:f6:f8:12:9d:3c:
+                    01:53:10:df:10:af:0f:9b:c0:1b:a9:f0:0a:e7:5f:
+                    29:39:57:c0:f1:27:24:b1:30:70:a2:9f:1c:43:05:
+                    a5:66:87:0d:7d:d4:4e:77:a9:8e:51:84:2d:8c:2e:
+                    6d:85:72:9a:07:3d:89:23:1b:08:20:05:d8:82:9b:
+                    29:cc:63:21:8d:c9:76:99:36:f7:87:69:07:a1:18:
+                    e1:ad:2b:ef:99:69:af:9e:71:56:ff:80:87:06:c5:
+                    2f:25:ff:bf:ea:25:f6:5f:65:fc:75:c0:fb:34:dc:
+                    50:0c:ca:ef:06:6a:43:b7:0e:f8:2b:85:e5:c3:1c:
+                    79:4b:b6:95:29:78:a9:c5:ca:ed:e1:eb:76:d9:bc:
+                    e1:d3:bf:48:c6:bc:5f:ed:1b:15:f8:78:d8:7c:14:
+                    75:b8:e1:8d:54:4e:4e:00:d8:08:20:e5:22:73:0e:
+                    b6:47:47:35:0e:a0:a9:f3:9a:ad:66:48:13:c1:7a:
+                    dc:ed:be:17:0c:72:5c:0f:3b:3f:4f:ee:a5:a8:1b:
+                    81:6a:41:ce:42:18:6f:3c:8b:b5:0b:31:75:ff:c6:
+                    fe:d4:fe:d6:45:ed:6c:c9:bf:a1:b4:6f:69:53:06:
+                    f9:55:a0:bb:27:b9:b3:26:40:3d:0b:e0:d6:14:79:
+                    0e:f5:1a:a7:6c:72:9b:e0:e9:09:29:b6:fe:d9:73:
+                    bf:46:1f:b2:c6:ec:97:ce:56:66:a3:05:3d:d5:6b:
+                    d0:51:62:16:73:5f:09:13:fe:2c:9a:b1:cd:35:39:
+                    72:a5:81:48:d2:f4:a7:b1:e4:b0:9f:1a:01:e6:69:
+                    63:26:20:00:e3:75:a3:70:46:12:88:10:69:e0:b8:
+                    a0:39:fb
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                A2:55:31:B6:32:A8:85:A8:CE:83:56:87:CE:B3:E6:75:DF:AF:AE:91
+            X509v3 Authority Key Identifier: 
+                keyid:F6:77:A3:99:24:82:B9:8D:83:62:A2:FC:C4:7B:AD:CA:D6:6E:F9:E2
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-BLKR/name=VPN BLKR/emailAddress=argus@oopen.de
+                serial:D4:35:92:4A:3F:D5:35:D6
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:chris
+    Signature Algorithm: sha256WithRSAEncryption
+         d3:03:f8:c0:01:61:13:22:1f:12:20:fc:70:e2:cd:91:bc:d0:
+         e8:30:0d:bd:7c:19:d7:10:25:fd:af:50:12:30:f2:ab:59:27:
+         d4:71:21:b8:de:54:32:dd:e9:f9:d5:b8:8d:d7:0b:d5:6b:3b:
+         ac:b7:8b:a3:5c:76:14:b2:33:73:2d:a7:c2:fe:fb:e3:d6:ea:
+         fa:19:ad:d9:bd:a3:f2:d7:56:e1:9b:87:fc:62:73:fa:f8:74:
+         4a:f4:4e:20:78:6a:3d:0e:42:be:f6:89:68:ff:e7:75:24:53:
+         42:6a:5e:a2:ed:f1:fb:28:a4:8d:2e:c6:2a:38:b1:46:73:5e:
+         da:97:47:c4:6b:d8:bf:bc:f1:a5:5c:ed:b4:a8:ec:2e:70:5f:
+         fe:a1:e7:6e:82:74:fb:f1:0e:a8:57:58:93:a2:43:82:73:83:
+         3e:92:f3:11:4c:9e:ce:0c:99:3f:75:42:4a:73:d4:b0:d1:6a:
+         49:72:83:1e:b5:e8:d0:4a:d0:3c:fb:c3:5e:6d:12:2a:1f:8e:
+         95:df:8d:91:ee:8a:28:75:54:1c:00:9d:ce:42:79:4f:73:c8:
+         07:ed:a0:b5:8e:2e:29:36:a7:91:ff:7c:bf:9f:be:7d:71:53:
+         da:32:69:e5:ba:60:c9:95:18:5f:a4:62:16:a0:03:8c:32:65:
+         11:7e:c4:6b:12:2c:59:c8:14:65:95:08:8f:d8:b8:89:f8:3c:
+         53:aa:2b:e9:29:27:51:e1:53:f7:e9:50:eb:67:50:c6:19:5c:
+         cb:d0:af:d6:a4:e5:bd:7c:89:c7:6f:04:7c:6f:32:a4:0b:3c:
+         51:38:98:79:50:8a:12:b5:03:f7:87:84:60:e5:d7:82:93:99:
+         2c:f6:56:27:0c:f5:36:1e:19:87:12:53:6d:e8:b5:6f:d5:e8:
+         c6:e6:f6:18:ae:d4:38:68:7f:02:e2:37:52:2b:37:ea:43:bd:
+         46:72:f5:71:bf:10:48:b5:5a:d3:c5:32:1c:65:5b:3c:26:e5:
+         2a:66:a6:ed:7e:d2:56:f6:43:2b:dc:0c:84:6d:c9:5b:d5:1c:
+         53:1e:e3:07:eb:46:37:74:66:ce:31:07:95:a5:f2:fb:b1:95:
+         ec:eb:ed:a7:3a:d8:b9:4a:f4:e5:49:b3:4c:11:00:c2:04:65:
+         01:be:2f:4e:34:b8:23:eb:0f:cc:1f:0a:1d:76:12:88:26:e4:
+         10:c1:0d:61:e6:16:67:33:a5:25:26:3c:fb:86:a6:ce:17:84:
+         8d:66:e5:35:9d:02:b7:8a:63:a5:71:1a:df:b2:65:de:ef:64:
+         9a:88:e3:65:e8:4c:92:13:10:f7:58:ae:93:0f:4c:5c:ec:6d:
+         38:39:5f:c5:b0:ec:04:89
+-----BEGIN CERTIFICATE-----
+MIIHLjCCBRagAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxETAPBgNVBAMTCFZQTi1CTEtS
+MREwDwYDVQQpEwhWUE4gQkxLUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4u
+ZGUwHhcNMTgxMDE0MjIzNjU1WhcNMzgxMDE0MjIzNjU1WjCBpjELMAkGA1UEBhMC
+REUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZv
+Lm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFzAVBgNVBAMTDlZQTi1C
+TEtSLWNocmlzMREwDwYDVQQpEwhWUE4gQkxLUjEdMBsGCSqGSIb3DQEJARYOYXJn
+dXNAb29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCoZnE5
+rGKolfRVO9meGggYwPDbBQCl5eA/IyG2sGkpTDyt1u7piCXfEcaNRlcIVfnCZ2i/
+edfBkR4oZETR42TZKrQvSTKoJHlUXbsmxM9UsiZeh05yZEEhku0ohKplpxbuEUZ
+5tj4MTFM9iNxNr9RAThrto8GKPZvil8MJeBVGAQdglyXN4tgp1+OHCiX7qFTaZFz
+GYZ4A+SqwEBwQrse9GkHMKgqlYG/wjhIzYDtmy8xIKAlB2a2RXDlzSH2+BKdPAFT
+EN8Qrw+bwBup8ArnXyk5V8DxJySxMHCinxxDBaVmhw191E53qY5RhC2MLm2FcpoH
+PYkjGwggBdiCmynMYyGNyXaZNveHaQehGOGtK++Zaa+ecVb/gIcGxS8l/7/qJfZf
+Zfx1wPs03FAMyu8GakO3DvgrheXDHHlLtpUpeKnFyu3h63bZvOHTv0jGvF/tGxX4
+eNh8FHW44Y1UTk4A2Agg5SJzDrZHRzUOoKnzmq1mSBPBetztvhcMclwPOz9P7qWo
+G4FqQc5CGG88i7ULMXX/xv7U/tZF7WzJv6G0b2lTBvlVoLsnubMmQD0L4NYUeQ71
+Gqdscpvg6Qkptv7Zc79GH7LG7JfOVmajBT3Va9BRYhZzXwkT/iyasc01OXKlgUjS
+9Kex5LCfGgHmaWMmIADjdaNwRhKIEGnguKA5+wIDAQABo4IBaTCCAWUwCQYDVR0T
+BAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2VuZXJhdGVkIENlcnRpZmlj
+YXRlMB0GA1UdDgQWBBSiVTG2MqiFqM6DVofOs+Z136+ukTCB1QYDVR0jBIHNMIHK
+gBT2d6OZJIK5jYNiovzEe63K1m754qGBpqSBozCBoDELMAkGA1UEBhMCREUxDzAN
+BgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4x
+GTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxETAPBgNVBAMTCFZQTi1CTEtSMREw
+DwYDVQQpEwhWUE4gQkxLUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWC
+CQDUNZJKP9U11jATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEAYD
+VR0RBAkwB4IFY2hyaXMwDQYJKoZIhvcNAQELBQADggIBANMD+MABYRMiHxIg/HDi
+zZG80OgwDb18GdcQJf2vUBIw8qtZJ9RxIbjeVDLd6fnVuI3XC9VrO6y3i6NcdhSy
+M3Mtp8L+++PW6voZrdm9o/LXVuGbh/xic/r4dEr0TiB4aj0OQr72iWj/53UkU0Jq
+XqLt8fsopI0uxio4sUZzXtqXR8Rr2L+88aVc7bSo7C5wX/6h526CdPvxDqhXWJOi
+Q4Jzgz6S8xFMns4MmT91Qkpz1LDRaklygx616NBK0Dz7w15tEiofjpXfjZHuiih1
+VBwAnc5CeU9zyAftoLWOLik2p5H/fL+fvn1xU9oyaeW6YMmVGF+kYhagA4wyZRF+
+xGsSLFnIFGWVCI/YuIn4PFOqK+kpJ1HhU/fpUOtnUMYZXMvQr9ak5b18icdvBHxv
+MqQLPFE4mHlQihK1A/eHhGDl14KTmSz2VicM9TYeGYcSU23otW/V6Mbm9hiu1Dho
+fwLiN1IrN+pDvUZy9XG/EEi1WtPFMhxlWzwm5Spmpu1+0lb2QyvcDIRtyVvVHFMe
+4wfrRjd0Zs4xB5Wl8vuxlezr7ac62LlK9OVJs0wRAMIEZQG+L040uCPrD8wfCh12
+Eogm5BDBDWHmFmczpSUmPPuGps4XhI1m5TWdAreKY6VxGt+yZd7vZJqI42XoTJIT
+EPdYrpMPTFzsbTg5X8Ww7ASJ
+-----END CERTIFICATE-----
--- a/BLKR/openvpn/blkr/keys/03.pem
+++ b/BLKR/openvpn/blkr/keys/03.pem
@ -0,0 +1,139 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 3 (0x3)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-BLKR/name=VPN BLKR/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Oct 14 22:46:34 2018 GMT
+            Not After : Oct 14 22:46:34 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-BLKR-julius/name=VPN BLKR/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:b1:11:6d:90:ce:eb:64:c0:02:b1:4d:a6:d5:c5:
+                    d6:e1:a4:91:e4:e8:68:a3:e9:5b:e6:fb:94:f6:f0:
+                    32:24:b5:1c:64:85:e8:77:60:fa:3c:51:1e:1e:c4:
+                    ab:d9:7a:e3:3d:80:ac:c4:c7:f4:f7:c7:40:45:24:
+                    b8:9f:55:97:7c:42:28:2a:aa:aa:0a:8c:78:d1:ce:
+                    cf:de:a3:a7:14:43:4f:43:8d:08:3d:8f:43:cd:af:
+                    c4:aa:cc:7f:5e:b2:5f:c9:d4:f3:be:6d:22:7a:e2:
+                    23:33:21:14:27:65:3e:ce:c0:77:10:3f:a3:9e:b7:
+                    aa:e4:1d:0c:57:e2:60:9e:75:92:7d:a5:5e:eb:a9:
+                    2a:f8:2d:ed:47:58:a1:7f:3c:81:48:c7:25:5b:a0:
+                    b1:83:13:b4:38:df:3f:37:f8:97:8f:f8:1e:be:a3:
+                    df:10:da:1c:38:55:ca:12:60:ee:6a:1c:c1:e1:25:
+                    2d:e3:3c:38:f8:c2:f7:d5:fa:3b:0e:c8:70:af:98:
+                    0c:5e:3f:e4:a2:81:78:a5:14:ee:bf:00:85:42:2b:
+                    fa:2d:63:08:38:d7:57:ef:bf:e5:57:24:a8:df:2a:
+                    8f:b5:c7:bf:79:d7:8b:56:b6:8a:ca:84:9a:68:2b:
+                    dc:86:8f:46:e4:60:92:2b:fb:ea:8c:17:ff:8c:30:
+                    2b:86:6e:10:35:20:17:8e:f8:55:3a:b4:fb:ab:dd:
+                    b7:01:23:0c:22:e9:63:66:0e:53:d5:95:e7:64:c0:
+                    2f:36:36:22:65:b3:98:43:3d:4d:88:3c:d5:30:2b:
+                    15:77:74:a8:b8:0a:49:c5:47:a3:64:f3:3a:7e:cd:
+                    b6:db:7d:f4:87:3b:8d:08:a9:46:f7:e8:2b:3b:c3:
+                    93:15:c2:f8:c8:13:46:fd:d9:04:aa:b8:e7:08:e7:
+                    61:ae:52:52:07:9b:e4:1c:d9:1d:83:9e:4c:ed:95:
+                    0b:4d:b7:6d:e3:a0:4e:e2:9d:5e:e6:f4:62:03:65:
+                    75:17:f1:88:96:b5:33:40:22:e7:74:67:2c:bc:ab:
+                    11:d5:a7:01:06:67:1b:17:de:8e:33:23:89:1d:d0:
+                    82:84:a4:e8:2a:f2:96:16:53:22:68:6e:61:af:5c:
+                    03:b4:f3:eb:6d:45:5b:98:e3:2a:40:25:9d:7d:6b:
+                    0b:55:15:5a:46:36:a0:47:9d:b9:7f:81:d7:75:22:
+                    47:e9:16:cd:24:e7:31:e9:9d:43:e8:7a:69:71:d1:
+                    87:8e:f0:65:0c:9f:f5:24:f3:67:84:99:c3:ec:ff:
+                    29:78:73:de:6f:77:c0:58:ba:b7:79:26:28:1f:08:
+                    84:fc:b4:5f:76:a1:dd:86:b0:fb:68:b1:07:ef:d2:
+                    67:92:f9
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                B1:B0:DA:87:E4:B2:2B:4C:CD:4D:AC:85:4A:53:04:B1:10:BB:FE:DD
+            X509v3 Authority Key Identifier: 
+                keyid:F6:77:A3:99:24:82:B9:8D:83:62:A2:FC:C4:7B:AD:CA:D6:6E:F9:E2
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-BLKR/name=VPN BLKR/emailAddress=argus@oopen.de
+                serial:D4:35:92:4A:3F:D5:35:D6
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:julius
+    Signature Algorithm: sha256WithRSAEncryption
+         35:bd:ae:09:85:64:42:07:54:60:a1:fd:7d:9e:aa:a1:b7:1c:
+         da:f8:6b:0c:fe:eb:fe:84:92:da:f1:6f:72:90:6a:fb:fe:b0:
+         6f:4f:5e:f1:af:67:e3:bb:71:6d:49:8d:4f:fd:7f:d8:00:d7:
+         c3:03:14:43:78:f3:74:8e:70:1d:c9:1b:40:b5:07:46:2d:c7:
+         d4:0f:50:6e:fb:db:fb:1a:21:c8:c2:69:ab:49:0d:75:59:06:
+         1b:1e:f0:a0:57:3a:49:0a:b8:36:97:f6:87:ec:82:9b:b4:f6:
+         a4:5b:c3:3b:b0:a6:5a:e2:98:62:fd:30:59:bb:6a:84:8e:e1:
+         71:04:9d:be:19:82:31:c2:de:6e:cc:f8:ee:b8:fd:b7:5a:68:
+         6c:8a:6a:6e:57:ad:62:bd:20:5e:0c:d9:0e:23:8e:c2:52:09:
+         d6:14:90:f4:ea:9a:b9:1e:08:f9:b6:b8:f4:9c:bc:e3:4a:3a:
+         0b:65:bf:64:01:7f:cc:c4:df:65:b6:0c:a7:8c:00:66:c2:a2:
+         4d:a9:84:f0:c3:70:29:b4:01:ca:b0:5b:2f:c2:c2:d7:98:b6:
+         27:90:44:dc:3c:cc:82:40:f3:31:49:37:9e:d8:5e:d6:a3:a8:
+         6a:86:63:3b:2c:c8:2e:bb:65:e0:1f:05:1a:0b:46:5e:75:5d:
+         e9:53:be:73:bd:3f:86:46:e9:92:5e:7e:f9:cf:19:eb:50:60:
+         77:aa:5e:c2:3f:5b:04:80:cb:47:ec:e4:d1:76:d5:5d:d3:c7:
+         65:9e:b3:28:30:01:84:b3:0a:d9:74:ce:e3:a8:44:31:68:9b:
+         07:dd:1c:31:b6:29:ac:9e:8f:e9:2f:09:6a:de:c4:df:28:f9:
+         30:98:85:18:2d:ed:63:94:f0:f8:3f:bf:fa:7d:42:f3:3c:51:
+         94:b6:8b:ab:39:e9:81:63:2e:8a:4d:40:bb:34:21:8d:39:9c:
+         95:04:cd:a7:3d:8f:21:c1:63:bf:0d:31:54:69:88:48:d0:94:
+         19:98:e7:24:f2:b7:c8:20:4f:cd:47:75:fc:a5:36:6e:24:42:
+         49:34:a2:95:db:f2:07:72:70:b8:79:9f:9f:4b:bb:94:1d:ee:
+         8b:d1:5f:49:b3:d2:19:96:cb:00:42:54:68:6f:00:61:9e:66:
+         6c:55:f6:65:21:0b:30:81:c8:ce:5b:a1:a9:e2:fe:32:93:d5:
+         ea:9d:60:c8:2e:73:7b:da:00:b0:7a:e3:9c:15:f8:17:f1:88:
+         1b:be:3b:fb:f0:0e:06:5f:37:8c:b5:4e:8f:e8:33:7e:88:da:
+         67:18:57:3d:dc:60:24:13:a4:ce:68:39:2f:a8:9e:43:1f:b5:
+         11:e2:78:8c:d7:f5:0f:e9
+-----BEGIN CERTIFICATE-----
+MIIHMDCCBRigAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxETAPBgNVBAMTCFZQTi1CTEtS
+MREwDwYDVQQpEwhWUE4gQkxLUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4u
+ZGUwHhcNMTgxMDE0MjI0NjM0WhcNMzgxMDE0MjI0NjM0WjCBpzELMAkGA1UEBhMC
+REUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZv
+Lm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGDAWBgNVBAMTD1ZQTi1C
+TEtSLWp1bGl1czERMA8GA1UEKRMIVlBOIEJMS1IxHTAbBgkqhkiG9w0BCQEWDmFy
+Z3VzQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAsRFt
+kM7rZMACsU2m1cXW4aSR5Ohoo+lb5vuU9vAyJLUcZIXod2D6PFEeHsSr2XrjPYCs
+xMf098dARSS4n1WXfEIoKqqqCox40c7P3qOnFENPQ40IPY9Dza/Eqsx/XrJfydTz
+vm0ieuIjMyEUJ2U+zsB3ED+jnreq5B0MV+JgnnWSfaVe66kq+C3tR1ihfzyBSMcl
+W6CxgxO0ON8/N/iXj/gevqPfENocOFXKEmDuahzB4SUt4zw4+ML31fo7Dshwr5gM
+Xj/kooF4pRTuvwCFQiv6LWMIONdX77/lVySo3yqPtce/edeLVraKyoSaaCvcho9G
+5GCSK/vqjBf/jDArhm4QNSAXjvhVOrT7q923ASMMIuljZg5T1ZXnZMAvNjYiZbOY
+Qz1NiDzVMCsVd3SouApJxUejZPM6fs222330hzuNCKlG9+grO8OTFcL4yBNG/dkE
+qrjnCOdhrlJSB5vkHNkdg55M7ZULTbdt46BO4p1e5vRiA2V1F/GIlrUzQCLndGcs
+vKsR1acBBmcbF96OMyOJHdCChKToKvKWFlMiaG5hr1wDtPPrbUVbmOMqQCWdfWsL
+VRVaRjagR525f4HXdSJH6RbNJOcx6Z1D6HppcdGHjvBlDJ/1JPNnhJnD7P8peHPe
+b3fAWLq3eSYoHwiE/LRfdqHdhrD7aLEH79JnkvkCAwEAAaOCAWowggFmMAkGA1Ud
+EwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZp
+Y2F0ZTAdBgNVHQ4EFgQUsbDah+SyK0zNTayFSlMEsRC7/t0wgdUGA1UdIwSBzTCB
+yoAU9nejmSSCuY2DYqL8xHutytZu+eKhgaakgaMwgaAxCzAJBgNVBAYTAkRFMQ8w
+DQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVu
+MRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMREwDwYDVQQDEwhWUE4tQkxLUjER
+MA8GA1UEKRMIVlBOIEJMS1IxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRl
+ggkA1DWSSj/VNdYwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMBEG
+A1UdEQQKMAiCBmp1bGl1czANBgkqhkiG9w0BAQsFAAOCAgEANb2uCYVkQgdUYKH9
+fZ6qobcc2vhrDP7r/oSS2vFvcpBq+/6wb09e8a9n47txbUmNT/1/2ADXwwMUQ3jz
+dI5wHckbQLUHRi3H1A9Qbvvb+xohyMJpq0kNdVkGGx7woFc6SQq4Npf2h+yCm7T2
+pFvDO7CmWuKYYv0wWbtqhI7hcQSdvhmCMcLebsz47rj9t1pobIpqbletYr0gXgzZ
+DiOOwlIJ1hSQ9OqauR4I+ba49Jy840o6C2W/ZAF/zMTfZbYMp4wAZsKiTamE8MNw
+KbQByrBbL8LC15i2J5BE3DzMgkDzMUk3nthe1qOoaoZjOyzILrtl4B8FGgtGXnVd
+6VO+c70/hkbpkl5++c8Z61Bgd6pewj9bBIDLR+zk0XbVXdPHZZ6zKDABhLMK2XTO
+46hEMWibB90cMbYprJ6P6S8Jat7E3yj5MJiFGC3tY5Tw+D+/+n1C8zxRlLaLqznp
+gWMuik1AuzQhjTmclQTNpz2PIcFjvw0xVGmISNCUGZjnJPK3yCBPzUd1/KU2biRC
+STSildvyB3JwuHmfn0u7lB3ui9FfSbPSGZbLAEJUaG8AYZ5mbFX2ZSELMIHIzluh
+qeL+MpPV6p1gyC5ze9oAsHrjnBX4F/GIG747+/AOBl83jLVOj+gzfojaZxhXPdxg
+JBOkzmg5L6ieQx+1EeJ4jNf1D+k=
+-----END CERTIFICATE-----
--- a/BLKR/openvpn/blkr/keys/ca.crt
+++ b/BLKR/openvpn/blkr/keys/ca.crt
@ -0,0 +1,39 @@
+-----BEGIN CERTIFICATE-----
+MIIG0jCCBLqgAwIBAgIJANQ1kko/1TXWMA0GCSqGSIb3DQEBCwUAMIGgMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczERMA8GA1UEAxMI
+VlBOLUJMS1IxETAPBgNVBCkTCFZQTiBCTEtSMR0wGwYJKoZIhvcNAQkBFg5hcmd1
+c0Bvb3Blbi5kZTAgFw0xODEwMTQxMTI2NTJaGA8yMDUwMTAxNDExMjY1MlowgaAx
+CzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEP
+MA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMREwDwYD
+VQQDEwhWUE4tQkxLUjERMA8GA1UEKRMIVlBOIEJMS1IxHTAbBgkqhkiG9w0BCQEW
+DmFyZ3VzQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA
+0+cJGjlxrQfc0Hb34YJ7o3P+ctVU3jYlwV+XQrF8WFMAJ8w5QvRI4jcplY1MdMwW
+WCUZTuQ1woPbCJ2d53/ZR8RYlvq8XNdRhJmuJofWkEHEUe3YvDeTGumzco06xx+r
+Y/aA7+EI5cRismLTJkrwoIg2CYO/Vc82wTYKyJ2pThR1QAOWQ+WheEuqPAp2LfXI
+3oCGfRxgTe9756+gPzwKBZwGSMNFQjGOTHxqWnoCkQoDgOkOnCzTDcRbRVBAh7Bl
+aZ/yOte1iSyWiU8V/7VaosReizEY2/cCmSrj/p2TVcMPe6B8xBJyHI+6VZRPllEt
+l7zClTRWcp5xo1Ii/yZ+UJxK/PvYUNYt0gmJTJ7tKx05kF1HT/KmrvxV34/GCR9w
+adAteQTPDllMeBb9Wt1PXxcTcRU8MdvTONLXRp+JocfRkUR9ObSy9xdQG/HfTxOZ
+DIzECPa84tyn0nmrIJFkoKccLPJcYT+O0vypmTsVHlDIPai7gqWe5uYdUxba0Cjk
+OvbVZkQVlA/Z8yY/GiOUIfZTdjZFxLPbOWn/h6K+ud6wcjpQ3Y7vRU+FXZ+EQtqy
+GlCDmmDh6A0bIgoNvthk4bDlc2NMwQI/k9rUshe2i3k5rUmxa9KkIPLVdyw7xtvH
+bBTMdb2zlkUld3Gt5tb7g24GGe7Gh8iMdaYVhOPoJpkCAwEAAaOCAQkwggEFMB0G
+A1UdDgQWBBT2d6OZJIK5jYNiovzEe63K1m754jCB1QYDVR0jBIHNMIHKgBT2d6OZ
+JIK5jYNiovzEe63K1m754qGBpqSBozCBoDELMAkGA1UEBhMCREUxDzANBgNVBAgT
+BkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNV
+BAsTEE5ldHdvcmsgU2VydmljZXMxETAPBgNVBAMTCFZQTi1CTEtSMREwDwYDVQQp
+EwhWUE4gQkxLUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDUNZJK
+P9U11jAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQCv2pi832EnyOuH
+N407W6It/8PvmwSpC3/ZSIHt+IEKf2YOkR256J3NsO8/C3SaYNySk4Ew9DwNFVzJ
+vZ4bcoTZsKehcY0zuzJ7onafLvQV549QA8SLA75ydgAYeMEwQtF1Yni5xJYDfA7x
+t4yDNnbSTPjqBq2nLEh0Bv2pzXbPGAR8VyLKj0IKHQ1FMFVoRv+uidTCz5VVZilD
+5ojgljMnTcxwYbYQAtG9XFukxcFsvEltN19xujrJgt84isPAtbGcbI8Y98Fh1BbR
+xTN9o+KCRkneZtseNSWoCIAuLLwJEx+NWQHJXYGzOZAgoopw7G7N4U44VSdwhQSC
+JYgfmkjqW+VMYB/AEXPhXMZFGPyeYTYhugChrf9t3heREZL/JJPHfCkGe1mAQCOm
+xzAbZVgzjE4VKLjdvNvhW2Rosmqym3dCq0wC3xeUsrYPeq8U6r3kpkxrmTbMDnqr
+DIqDbstwbxsmTOXWYqTnNw5PDNdyzC/rL0r0H02FrLiZ+mj3wpD5+jEnicO5cWk+
+GkpKVerSY3EjOWvmkLdRr7AiZqq+D84Aqqh0rvFIuSfSQlcylZ4LEpp66ADCZWiQ
+B+yd54UiGk9/gwgmqJiaPYySWf4BKWxO9f64rdfzChgLplxCX+6wQaAcPYsk0sy9
+IUetobAJBkntkGyb4+NO8Jp4oJbh+g==
+-----END CERTIFICATE-----
--- a/BLKR/openvpn/blkr/keys/ca.key
+++ b/BLKR/openvpn/blkr/keys/ca.key
@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDT5wkaOXGtB9zQ
+dvfhgnujc/5y1VTeNiXBX5dCsXxYUwAnzDlC9EjiNymVjUx0zBZYJRlO5DXCg9sI
+nZ3nf9lHxFiW+rxc11GEma4mh9aQQcRR7di8N5Ma6bNyjTrHH6tj9oDv4QjlxGKy
+YtMmSvCgiDYJg79VzzbBNgrInalOFHVAA5ZD5aF4S6o8CnYt9cjegIZ9HGBN73vn
+r6A/PAoFnAZIw0VCMY5MfGpaegKRCgOA6Q6cLNMNxFtFUECHsGVpn/I617WJLJaJ
+TxX/tVqixF6LMRjb9wKZKuP+nZNVww97oHzEEnIcj7pVlE+WUS2XvMKVNFZynnGj
+UiL/Jn5QnEr8+9hQ1i3SCYlMnu0rHTmQXUdP8qau/FXfj8YJH3Bp0C15BM8OWUx4
+Fv1a3U9fFxNxFTwx29M40tdGn4mhx9GRRH05tLL3F1Ab8d9PE5kMjMQI9rzi3KfS
+easgkWSgpxws8lxhP47S/KmZOxUeUMg9qLuCpZ7m5h1TFtrQKOQ69tVmRBWUD9nz
+Jj8aI5Qh9lN2NkXEs9s5af+Hor653rByOlDdju9FT4Vdn4RC2rIaUIOaYOHoDRsi
+Cg2+2GThsOVzY0zBAj+T2tSyF7aLeTmtSbFr0qQg8tV3LDvG28dsFMx1vbOWRSV3
+ca3m1vuDbgYZ7saHyIx1phWE4+gmmQIDAQABAoICAAyMbPyRlErD4W6y7OD84id+
+0f2o5nq2SCwYZhO8APoWCDdTH7z4TGyhCaRilrl/8H7Ny57hYtGfD1SGSPiRmKNo
+XDqspIT290vb8fU0LB+k1WRoqmITBHIejtLkzCtIk9S6n04VTHqW06VutsRYwcEv
+78tGcwk42Sw98AuLUqBeE8dzru1cZuCB0pX1pKP6HygWAmDcUlOrL/I7c0jrXEiS
+wciDT9Gor52V7JJpEUfXiPeUVZooCWOSUjlblEa0ynyjzStw5L431r5Q4aOf8Lsc
+1+B0St2T1iKN6KyGVlhI0dznVxwhX4KTfFxfCQuEySdoNTmyvL/S5DXgwlPLysUN
+seDRxXpDeKAqM+hj6yxwG0DMZc05IQOc1Lmlzbj8sMAxqAeT0kGXrU7MJanwaZe7
+KH5IcLKP3Gz9Q/b6ZVa7lwmnCIbEOKgb3rY6xDSYY3joqmQaXN+s5MYdREmWWZA4
+MwSn5w7mRmPjF1oG/8gxpjFq5uDFWtmkpcRV0zTRc0GlcBWle/pxIT8ZdxJjTtgN
+m55qvqf9mgZROvoYrHcEVuAAbnr+C0A9OjDGJGoA69alORNOh4RmP0+9xTv0tkp6
+mhfvsRSbc0868CvLS2bebVGHZB1nuznSvGMB+WdYrU+X/l5WHGB3ekkv3DhOl30r
+uQmNp8MQzaLUgRwX5IHFAoIBAQDxdi2wVHVjLdfdxtcxRf/MNIjQ2hP419NdI4KD
+PK/MbJsIa5sKkL0D6gvE8tccu1cRAkF5/4CrBxrhIo5l4ZGJ/Rqu82OmwDkRTVXO
+98pjYmYjj25J6XQY05vWe9vojmku3/4YwqrLPVLuaZ/cVEGMKqwqY4idKN6oOcn5
+4csA0i2gx/bS+A81F5uKckwtqF6ztSdVGE5sKEBaIZV8FsqVTM69YzJCdYsey8mZ
+J+SzAlTwTk9HZmTDPTLefw0YyLxGdD1aNdtZXD3IBV0xKCsruj9gLHAr2+RzkaIX
+LOrNUMy5d2BhLS4zihN4FW1Q5TXCH2E6D28VQ1Ln7HuXSa8LAoIBAQDgqT2bcR8h
+R6Lp/YWZvqDXzRmDao4Jn5R1a5ZV3L0649LX1l2wxbYP/6Vp9Ho/pxXCo4cCzJ82
+ReS1jSBKQhO+Ao4P4wfOh8ukmKJJh5XMo4jI5amZTXXnfCczFoq8SSbL/dutOgOs
+oZFfPGeBEP5yRNgy7d1j2A1rgfp2pVZg/bq0mCYN3d7BDeuD6QvO7AC1FbLJ41Z4
+HU9CC4EdUXp67yBmiQxtPiUEkVdRSBuTrWzIxudCMWA2S5CCO8wz84ihWeQO9YAb
+zMxT42bgrC4uvzfGtv71spBnX2vqFuLHgqz9qxOdYo0EbktcgyhnCETicDwfjbDF
+tXhaTBbBZhdrAoIBAQCSDxWGEyDK9KEeczgagyg/gwu7oh7wqMUfEurQrfX9ZzjE
+eCrZ0kGzy3CBGxAKPjxleoLW5DoVun+E7d1LPY5G9QaeC3YdGSusDqa4QmV3hr8Y
+BZwGM6RZnC8pJ9UXMIXpp+7RVXfw5tByjQv5QDJCMlHgdkLeJinBguttLysX/QtC
+tZLVfN3eFMCul4MDH1ThydPYApL1k8eRfb0pybOTalmocAen8ehMoaL59Qq/ScrN
+beFA5GxROYS62Am5EzvoNkoidm+P918bzjrYEF9E3S2W5GqZ7TKcwdxVvoLt3VFp
+Yw+22JiY7o3mVrfAdlX1bfvnHgzoxMeyqPb9xcGPAoIBAEYhTpP5aghPfnGgrFXk
+Bf2XjsFRP+mNISDOZu2CrKd3etfZmQGXlk/EM/SxVoAMPmS1+21KRuEATHbICS5l
+FhiYX5RiAIveJBnLc82UP5TT790WpCyw239ZaDswbDp+c1f2dN7MX11CSkj6aC0I
+CwXMq9iqHBQQ24+V0YO79Qzt55x8alSlz+Vf3QcedosvbMEadudCyjlQnO82/CUU
+zDEX+HtJiNGJNrEIVcOPyNv+pRi/zm0BUNFiIUgmNoZ5HUuQ7foldMo40gfV0sWL
+uhbpphWoBkrYZO+AAAXhAwXYqvu8rbDRlMevTmMgpjoTgL1W383Rwz7UeS9m1Sum
+HOUCggEAKs/RgEYlr1SlRJdL+hQQBIY6Lt4acLruhHU6ULXT0yTc6uCvihdEkU3T
+aV8A82dwa38KM7GYlXLiJO8/4KQCLUq6a6VWZ+LdSysI50YSsoHLNlHHekxPBeWl
+CZ4+VhmqW2viQJhKTuyrvXRUK58hS/+alevovjK2P1yDiTX9oPEuH3pe8VEAAokv
+jRUpAY/nyw5EXjKHE0PX33CwDmgXsMCBf6BcT1WCvnklJHpXvYSo7MZTJLn4gBnV
+WopmX4fF8qM3x+98SnqmFrgVc2HmW6zfFyWlR7udsShDafv0O5FO3+b86F1y1Pr4
+J5Ct9PGMMPKHqnRhfvz3vnlF5tBQlg==
+-----END PRIVATE KEY-----
--- a/BLKR/openvpn/blkr/keys/chris.crt
+++ b/BLKR/openvpn/blkr/keys/chris.crt
@ -0,0 +1,139 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-BLKR/name=VPN BLKR/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Oct 14 22:36:55 2018 GMT
+            Not After : Oct 14 22:36:55 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-BLKR-chris/name=VPN BLKR/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:a8:66:71:39:ac:62:a8:95:f4:55:3b:d9:9e:1a:
+                    08:18:c0:f0:db:05:00:a5:e5:e0:3f:23:21:b6:b0:
+                    69:29:4c:3c:ad:d6:ee:e9:88:25:df:11:c6:8d:46:
+                    57:08:55:f9:c2:67:68:bf:f9:e7:5f:06:44:78:a1:
+                    91:13:47:8d:93:64:aa:d0:bd:24:ca:a0:91:e5:51:
+                    76:ec:9b:13:3d:52:c8:99:7a:1d:39:c9:91:04:86:
+                    4b:b4:a2:12:a9:96:9c:5b:b8:45:19:e6:d8:f8:31:
+                    31:4c:f6:23:71:36:bf:51:01:38:6b:b6:8f:06:28:
+                    f6:6f:8a:5f:0c:25:e0:55:18:04:1d:82:5c:97:37:
+                    8b:60:a7:5f:8e:1c:28:97:ee:a1:53:69:91:73:19:
+                    86:78:03:e4:aa:c0:40:70:42:bb:1e:f4:69:07:30:
+                    a8:2a:95:81:bf:c2:38:48:cd:80:ed:9b:2f:31:20:
+                    a0:25:07:66:b6:45:70:e5:cd:21:f6:f8:12:9d:3c:
+                    01:53:10:df:10:af:0f:9b:c0:1b:a9:f0:0a:e7:5f:
+                    29:39:57:c0:f1:27:24:b1:30:70:a2:9f:1c:43:05:
+                    a5:66:87:0d:7d:d4:4e:77:a9:8e:51:84:2d:8c:2e:
+                    6d:85:72:9a:07:3d:89:23:1b:08:20:05:d8:82:9b:
+                    29:cc:63:21:8d:c9:76:99:36:f7:87:69:07:a1:18:
+                    e1:ad:2b:ef:99:69:af:9e:71:56:ff:80:87:06:c5:
+                    2f:25:ff:bf:ea:25:f6:5f:65:fc:75:c0:fb:34:dc:
+                    50:0c:ca:ef:06:6a:43:b7:0e:f8:2b:85:e5:c3:1c:
+                    79:4b:b6:95:29:78:a9:c5:ca:ed:e1:eb:76:d9:bc:
+                    e1:d3:bf:48:c6:bc:5f:ed:1b:15:f8:78:d8:7c:14:
+                    75:b8:e1:8d:54:4e:4e:00:d8:08:20:e5:22:73:0e:
+                    b6:47:47:35:0e:a0:a9:f3:9a:ad:66:48:13:c1:7a:
+                    dc:ed:be:17:0c:72:5c:0f:3b:3f:4f:ee:a5:a8:1b:
+                    81:6a:41:ce:42:18:6f:3c:8b:b5:0b:31:75:ff:c6:
+                    fe:d4:fe:d6:45:ed:6c:c9:bf:a1:b4:6f:69:53:06:
+                    f9:55:a0:bb:27:b9:b3:26:40:3d:0b:e0:d6:14:79:
+                    0e:f5:1a:a7:6c:72:9b:e0:e9:09:29:b6:fe:d9:73:
+                    bf:46:1f:b2:c6:ec:97:ce:56:66:a3:05:3d:d5:6b:
+                    d0:51:62:16:73:5f:09:13:fe:2c:9a:b1:cd:35:39:
+                    72:a5:81:48:d2:f4:a7:b1:e4:b0:9f:1a:01:e6:69:
+                    63:26:20:00:e3:75:a3:70:46:12:88:10:69:e0:b8:
+                    a0:39:fb
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                A2:55:31:B6:32:A8:85:A8:CE:83:56:87:CE:B3:E6:75:DF:AF:AE:91
+            X509v3 Authority Key Identifier: 
+                keyid:F6:77:A3:99:24:82:B9:8D:83:62:A2:FC:C4:7B:AD:CA:D6:6E:F9:E2
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-BLKR/name=VPN BLKR/emailAddress=argus@oopen.de
+                serial:D4:35:92:4A:3F:D5:35:D6
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:chris
+    Signature Algorithm: sha256WithRSAEncryption
+         d3:03:f8:c0:01:61:13:22:1f:12:20:fc:70:e2:cd:91:bc:d0:
+         e8:30:0d:bd:7c:19:d7:10:25:fd:af:50:12:30:f2:ab:59:27:
+         d4:71:21:b8:de:54:32:dd:e9:f9:d5:b8:8d:d7:0b:d5:6b:3b:
+         ac:b7:8b:a3:5c:76:14:b2:33:73:2d:a7:c2:fe:fb:e3:d6:ea:
+         fa:19:ad:d9:bd:a3:f2:d7:56:e1:9b:87:fc:62:73:fa:f8:74:
+         4a:f4:4e:20:78:6a:3d:0e:42:be:f6:89:68:ff:e7:75:24:53:
+         42:6a:5e:a2:ed:f1:fb:28:a4:8d:2e:c6:2a:38:b1:46:73:5e:
+         da:97:47:c4:6b:d8:bf:bc:f1:a5:5c:ed:b4:a8:ec:2e:70:5f:
+         fe:a1:e7:6e:82:74:fb:f1:0e:a8:57:58:93:a2:43:82:73:83:
+         3e:92:f3:11:4c:9e:ce:0c:99:3f:75:42:4a:73:d4:b0:d1:6a:
+         49:72:83:1e:b5:e8:d0:4a:d0:3c:fb:c3:5e:6d:12:2a:1f:8e:
+         95:df:8d:91:ee:8a:28:75:54:1c:00:9d:ce:42:79:4f:73:c8:
+         07:ed:a0:b5:8e:2e:29:36:a7:91:ff:7c:bf:9f:be:7d:71:53:
+         da:32:69:e5:ba:60:c9:95:18:5f:a4:62:16:a0:03:8c:32:65:
+         11:7e:c4:6b:12:2c:59:c8:14:65:95:08:8f:d8:b8:89:f8:3c:
+         53:aa:2b:e9:29:27:51:e1:53:f7:e9:50:eb:67:50:c6:19:5c:
+         cb:d0:af:d6:a4:e5:bd:7c:89:c7:6f:04:7c:6f:32:a4:0b:3c:
+         51:38:98:79:50:8a:12:b5:03:f7:87:84:60:e5:d7:82:93:99:
+         2c:f6:56:27:0c:f5:36:1e:19:87:12:53:6d:e8:b5:6f:d5:e8:
+         c6:e6:f6:18:ae:d4:38:68:7f:02:e2:37:52:2b:37:ea:43:bd:
+         46:72:f5:71:bf:10:48:b5:5a:d3:c5:32:1c:65:5b:3c:26:e5:
+         2a:66:a6:ed:7e:d2:56:f6:43:2b:dc:0c:84:6d:c9:5b:d5:1c:
+         53:1e:e3:07:eb:46:37:74:66:ce:31:07:95:a5:f2:fb:b1:95:
+         ec:eb:ed:a7:3a:d8:b9:4a:f4:e5:49:b3:4c:11:00:c2:04:65:
+         01:be:2f:4e:34:b8:23:eb:0f:cc:1f:0a:1d:76:12:88:26:e4:
+         10:c1:0d:61:e6:16:67:33:a5:25:26:3c:fb:86:a6:ce:17:84:
+         8d:66:e5:35:9d:02:b7:8a:63:a5:71:1a:df:b2:65:de:ef:64:
+         9a:88:e3:65:e8:4c:92:13:10:f7:58:ae:93:0f:4c:5c:ec:6d:
+         38:39:5f:c5:b0:ec:04:89
+-----BEGIN CERTIFICATE-----
+MIIHLjCCBRagAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxETAPBgNVBAMTCFZQTi1CTEtS
+MREwDwYDVQQpEwhWUE4gQkxLUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4u
+ZGUwHhcNMTgxMDE0MjIzNjU1WhcNMzgxMDE0MjIzNjU1WjCBpjELMAkGA1UEBhMC
+REUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZv
+Lm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFzAVBgNVBAMTDlZQTi1C
+TEtSLWNocmlzMREwDwYDVQQpEwhWUE4gQkxLUjEdMBsGCSqGSIb3DQEJARYOYXJn
+dXNAb29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCoZnE5
+rGKolfRVO9meGggYwPDbBQCl5eA/IyG2sGkpTDyt1u7piCXfEcaNRlcIVfnCZ2i/
+edfBkR4oZETR42TZKrQvSTKoJHlUXbsmxM9UsiZeh05yZEEhku0ohKplpxbuEUZ
+5tj4MTFM9iNxNr9RAThrto8GKPZvil8MJeBVGAQdglyXN4tgp1+OHCiX7qFTaZFz
+GYZ4A+SqwEBwQrse9GkHMKgqlYG/wjhIzYDtmy8xIKAlB2a2RXDlzSH2+BKdPAFT
+EN8Qrw+bwBup8ArnXyk5V8DxJySxMHCinxxDBaVmhw191E53qY5RhC2MLm2FcpoH
+PYkjGwggBdiCmynMYyGNyXaZNveHaQehGOGtK++Zaa+ecVb/gIcGxS8l/7/qJfZf
+Zfx1wPs03FAMyu8GakO3DvgrheXDHHlLtpUpeKnFyu3h63bZvOHTv0jGvF/tGxX4
+eNh8FHW44Y1UTk4A2Agg5SJzDrZHRzUOoKnzmq1mSBPBetztvhcMclwPOz9P7qWo
+G4FqQc5CGG88i7ULMXX/xv7U/tZF7WzJv6G0b2lTBvlVoLsnubMmQD0L4NYUeQ71
+Gqdscpvg6Qkptv7Zc79GH7LG7JfOVmajBT3Va9BRYhZzXwkT/iyasc01OXKlgUjS
+9Kex5LCfGgHmaWMmIADjdaNwRhKIEGnguKA5+wIDAQABo4IBaTCCAWUwCQYDVR0T
+BAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2VuZXJhdGVkIENlcnRpZmlj
+YXRlMB0GA1UdDgQWBBSiVTG2MqiFqM6DVofOs+Z136+ukTCB1QYDVR0jBIHNMIHK
+gBT2d6OZJIK5jYNiovzEe63K1m754qGBpqSBozCBoDELMAkGA1UEBhMCREUxDzAN
+BgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4x
+GTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxETAPBgNVBAMTCFZQTi1CTEtSMREw
+DwYDVQQpEwhWUE4gQkxLUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWC
+CQDUNZJKP9U11jATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEAYD
+VR0RBAkwB4IFY2hyaXMwDQYJKoZIhvcNAQELBQADggIBANMD+MABYRMiHxIg/HDi
+zZG80OgwDb18GdcQJf2vUBIw8qtZJ9RxIbjeVDLd6fnVuI3XC9VrO6y3i6NcdhSy
+M3Mtp8L+++PW6voZrdm9o/LXVuGbh/xic/r4dEr0TiB4aj0OQr72iWj/53UkU0Jq
+XqLt8fsopI0uxio4sUZzXtqXR8Rr2L+88aVc7bSo7C5wX/6h526CdPvxDqhXWJOi
+Q4Jzgz6S8xFMns4MmT91Qkpz1LDRaklygx616NBK0Dz7w15tEiofjpXfjZHuiih1
+VBwAnc5CeU9zyAftoLWOLik2p5H/fL+fvn1xU9oyaeW6YMmVGF+kYhagA4wyZRF+
+xGsSLFnIFGWVCI/YuIn4PFOqK+kpJ1HhU/fpUOtnUMYZXMvQr9ak5b18icdvBHxv
+MqQLPFE4mHlQihK1A/eHhGDl14KTmSz2VicM9TYeGYcSU23otW/V6Mbm9hiu1Dho
+fwLiN1IrN+pDvUZy9XG/EEi1WtPFMhxlWzwm5Spmpu1+0lb2QyvcDIRtyVvVHFMe
+4wfrRjd0Zs4xB5Wl8vuxlezr7ac62LlK9OVJs0wRAMIEZQG+L040uCPrD8wfCh12
+Eogm5BDBDWHmFmczpSUmPPuGps4XhI1m5TWdAreKY6VxGt+yZd7vZJqI42XoTJIT
+EPdYrpMPTFzsbTg5X8Ww7ASJ
+-----END CERTIFICATE-----
--- a/BLKR/openvpn/blkr/keys/chris.csr
+++ b/BLKR/openvpn/blkr/keys/chris.csr
@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIE7DCCAtQCAQAwgaYxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMRcwFQYDVQQDEw5WUE4tQkxLUi1jaHJpczERMA8GA1UEKRMIVlBO
+IEJMS1IxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIICIjANBgkqhkiG
+9w0BAQEFAAOCAg8AMIICCgKCAgEAqGZxOaxiqJX0VTvZnhoIGMDw2wUApeXgPyMh
+trBpKUw8rdbu6Ygl3xHGjUZXCFX5wmdov/nnXwZEeKGRE0eNk2Sq0L0kyqCR5VF2
+7JsTPVLImXodOcmRBIZLtKISqZacW7hFGebY+DExTPYjcTa/UQE4a7aPBij2b4pf
+DCXgVRgEHYJclzeLYKdfjhwol+6hU2mRcxmGeAPkqsBAcEK7HvRpBzCoKpWBv8I4
+SM2A7ZsvMSCgJQdmtkVw5c0h9vgSnTwBUxDfEK8Pm8AbqfAK518pOVfA8ScksTBw
+op8cQwWlZocNfdROd6mOUYQtjC5thXKaBz2JIxsIIAXYgpspzGMhjcl2mTb3h2kH
+oRjhrSvvmWmvnnFW/4CHBsUvJf+/6iX2X2X8dcD7NNxQDMrvBmpDtw74K4Xlwxx5
+S7aVKXipxcrt4et22bzh079Ixrxf7RsV+HjYfBR1uOGNVE5OANgIIOUicw62R0c1
+DqCp85qtZkgTwXrc7b4XDHJcDzs/T+6lqBuBakHOQhhvPIu1CzF1/8b+1P7WRe1s
+yb+htG9pUwb5VaC7J7mzJkA9C+DWFHkO9RqnbHKb4OkJKbb+2XO/Rh+yxuyXzlZm
+owU91WvQUWIWc18JE/4smrHNNTlypYFI0vSnseSwnxoB5mljJiAA43WjcEYSiBBp
+4LigOfsCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4ICAQAlo8n8osbpLr2fsEm4nb2T
+YhY9BFyegd0EHwxtSRScM1H0Ok/AdbMA0weY1KiEBuHvxfzRXJFEbWPpLfdC4Pic
+FE8bRa+BnjK/x+HCpFQQ9qo/tmsld9dP/NP4AOKP9VoRl3u6DDQQh+haG8NXFBGK
+R1QfO4ZOxlgUwjnK0BeerR9K8r3v85V1NARxFhmSVsF8FBO+L2E/DElN+3C0ClzH
+9Q5cDwIID+JKn6IzizkFlbIpk9oPdJi5mIFP8WTWk2FMgoh6ecNoVuDXG81TB1Lw
+8sg9pEumaXVcnWRoRXmD/f63UkbAIIJ4WTPQBMMJXmIyaV1Ll1G5txNGfY7tYdB1
+1I/4MnUPdy5TaR/hLu5QAV3ySRn1RsbOyfKclv67jC8qZwk2tytEZbuP11mcatCl
+H6M4pBBwwGRXWoZW72evgL4zHfrBx7EJItJ507LtCyPle+mkSE71tTzRa90Xsi9o
+g8JpZed/oLfeF72WB9lHVW3sfM9x04ddxGRAG2lD27yYduXQ0hUS4V31ZMYzrP2e
+d5jJYl6kdyegYF+er13PiQe0MWAGcfo38LyUyg2TEbEIs9wAV8WrxW5oYfpwi7OC
+4HFl6oY9EraYbuBQuI4lJJg/j8SJOnaSAGMD63EbNmKWIG0n/ILznsXaulavsL7H
+VNztTyy2LjQ3nNN46cOXvQ==
+-----END CERTIFICATE REQUEST-----
--- a/BLKR/openvpn/blkr/keys/chris.key
+++ b/BLKR/openvpn/blkr/keys/chris.key
@ -0,0 +1,54 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIxJf0YDJ2bXICAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECKDdb7uwem+1BIIJSGE659lsNhky
+dlHvkMZoLXc3zl2BCntyqB3EMEf2ff22utReSrla9Dh7iw3DR2E6sW8tW2HMHB21
+uA689ozPf4MrYVEVHO0tF/Eb8ibeQc9kZDCocArMU3heOx6wtokFY18H+LEBxaUd
+1rUMJDQozsvWtgsmQHKaEkMXGJE/kpytOQqA7eIFQBb7m3666BUEyh3wDx2IZleF
+zvkxCzIi5neuqTndpPEohr0uQvshQI1GCSFTrJk1Ox9JN4TcpH+QvBnDBYcZUqLt
+ZSehC6OyXp/KdAL5N+VvobzulKO/Ll+8WjNlhQAeDehJ14fz3BGnX56HYeEeu2n
+xPp4mQpQp8dYwsSArTcSGB56soQ1qK1utOSYNpVTS8jEV+HUbpXUxG0gZpQOPThp
+i3s/ujQdGf19RZ3W3W3nGWsLVf8YoXjqme/4kZVnQ1mhdNsNVBOHq8GewsUqkUBW
+gbgsmPm4Vz0YBF6dGFkPJ0HAP4nSyVC/D1A6DjoZtp6xEEz/9NoujiDZhXr2izGX
+hkn4NrKzezOfBp8yxdkXF+UnDJOXYnVH4JqhcQCVSubOyPurPRQkxY/ETOKntPyZ
+0j0n78w5LlzKQSjHHjxlD4GpLmhNTGcRPt8CahAdk6fUuXKQj0vswPNTbwnGAmTi
+uKhzg44v9jARqayCndzIjE70HGPxV282iv7/+l6jBSavvpk1WUW8L0SN8WHBWtP8
+mTKVWfGPt7K9cpR0jZM07jVRv9+j7shwK1C81ORXmKrSMhYAlgG6vf4EBOcFrrUg
+LuDN6KJFtJ1ofDZt++ySm9PC1Mxp4bSJ9Dto9PA+dwuIaQmkhU8DZMS5O0pfBAmV
+UHAQNQOBi6xKNuhkuDt261pHcoy+I4JrqMPZDsrYFIoMdAcUhzD5WhzVj5Xj8ON3
+GxKTaGEareKt1bIWoWD3VmOZqas2PAzy9W2FyktzpZlWktK7uJYwoxOZGTuoP8DA
+umEZO4PX9r+vdGXy75Qfv8+LnYdQdK/JBSXNHBXjj57JeiR494fgJ8uSzRRCMpM9
+mTJqSgZkCZQ8XwY16susz5UyMpwbCBawBzRKvJ0DNGb46v2EPtYUYOmjk/k7AO5J
+IIWr+FdK7UmsFKvAxDGHW54HRf9rpcl1+KMNTubmIyzz5iFK3IFfQu9A35jYkKd/
+YnP29BJ+jWbQdVvsjf94Nfxn9x/FUpSQj91jeQzt1I167cn/OLIkqubTgce221oa
+KqxUPSCZ+VuONiFUDC3XXyve5ZeVgZ1a2L69owSF/7SQpF099t75Tu9DbKCGz+Yb
+OJrne1UuJHJyGyNlUgsIgQZplDN/uW7PfpaEK9wzZS3ydJ/LMherJ4FazSx38Wiw
+5crdQW8YxgWoGsYCLZEFg2INjZcKs8Fq8uybDJM5B7oyOTFVvtEw6YqGVw7BSs3c
+S1qdwMYiA6KJSEoPHZWrIs+1ua3D37pMv9bf5CJQIJ4vfoRbY/EmILmV7y5tlumu
+GJ82Eyt7QOWoTVnfN9AIRbPMLERCF1S7PRivl62ElM5DY7C/N09Kx5lgei859vQ8
+wO4qXePLJuZbu2pO2FMIol+mXk0FJY7aKERPMu2mSfymv0PlPkHzQnP3eUeG498n
+1kuAeIiggm1sSKrJwCKorekRN3aCt4JKPoAPlK9u2V7kgF5Zsflu17KqZSOm7iEL
+t+GZX5cy6Nw+SpakwfUdFfy0eR16fvrII6QGXQomhwzGp455csTCffFLRxpcng5f
+6XHWaLRr/xfsM8/HOzur7kCB/Q5cRvn5hbwz31COHM/iSpJC9r9z1uOUY+i+0mIu
+RQK3L1S71JYt1VcDbNDAow4rsgJIYiXJnl8ZujZsMuSFy39lrHPDxuKuVN6mwt0I
+jICVpBnDkuBFtK9UNaI/d9ebohTq143/FJoyu1BKaMbTB0yhBT/xK4n2lJY3js6I
+1S7nR/tr7O4nSfv02L3ga6AbZ50Nasy//wY4V24wfrDO/IWzTpLhsSooPNzlm2uh
+j1lhH05l7AkSBmfErzEVsGhgp+C3QZFORgWu1KOVHoYpbq7qVjK05lCfQFXIL1+T
+NGR6LAu4Iipt7rSxMRds2jYfTUpM/GcANkQ+DI/VHrwusu5yQpzrru8L869xNhd1
+ksNct94q/Z3llhRzdRyQmHgIOZQVHHXAGwxfShRKvKGeaSnpIGk3nG3/Pt1Gk8DZ
+7bW7XgGx28bR9JcyvhFDgXmGNWFnqet67OzHC2rJkDeb2sA+jt7OoxvZD24ild/X
+CnobPHn1ECn0BNqcS13Af9HeUwf9eRmMsizvQK3UlWW7tGtcnH/+HJ4duGiCLcHw
+BOeWKS95yty9o3WS0LTTgt4fKvumeRgWtnJh/rcGnCM+tgVjgAt8KwtuDgEaDmuq
+jVegNDjISQ00yr8PgH6syUfvQgDeZ0pIGVc9bFJ/7PeTjV7EvEZwd8DUsWqYlzuD
+d+tJvcEcHWdPKAFz8caLyz/X/+G2aqwClCC63wqsMidXPR1Yu2/ASRtOwdO8UVMd
+Jh9H11AjvmqSmxjVMBYgidd8771sEBdPBfEEM+AlhOOl+OwSNqisvnmrimx24jj0
+R4Ju7Q1upE4nJmXfkklwGVPAcmIqOwJ6FMz8JAXdeJ2F4GWleOvDpENXuiU4IqYi
+60nOjF6NLl7e3rDWfkiz/kOGxoODvN+slrtNn/FTKfeu6L5jYMCcB6XxlwHf4J/x
+IOYJgPJqzvQCqCheWGeH0OSR6CiHq57uTDYXFaGFyB/ZjpN9ODmfqR47pAUUui37
+g3Bmuui00rshdFQY3KMryuQM9d04E9E87gSFoU8hsOhpEcGbFoBWryhLFf5VJXGZ
+Ki2EgnIZCxDGvBOzttOWVigOe5F4qKqd73+DJlcFLKpHtI9j+SXTLWu+GLehmqM6
+aXhrvIOg+Sv9Qg5R0SLWu8s8sCc22IcvJ1HH1QYcdCkn8nsxEPo9NU+1cfYBwUEm
+9xSEj0nzz2gk7wp2yEqb59a9sab3Ok3nTVLTf503zRMY/aZp6vlHAEOBN5zPyayS
+kV8u5nrd5jkGHQE16Hyph+pZOeeBNzi8k1AlnYi/KgUAcz/vgbQf8Jk9FjbwFm8I
+3u9GJpj7PP9xptKcVchLu8nEOZqsTVeKhNNVOoVM3qaVCKfrbB8znh6I39o3ym3p
+PJOlG292z79sHyhYkLAS6g==
+-----END ENCRYPTED PRIVATE KEY-----
--- a/BLKR/openvpn/blkr/keys/crl.pem
+++ b/BLKR/openvpn/blkr/keys/crl.pem
@ -0,0 +1 @@
+../crl.pem
--- a/BLKR/openvpn/blkr/keys/dh4096.pem
+++ b/BLKR/openvpn/blkr/keys/dh4096.pem
@ -0,0 +1,13 @@
+-----BEGIN DH PARAMETERS-----
+MIICCAKCAgEApCNAyqb6OIHTCKypOn128i4eaRS03FvJUoJhZtMzRSfjgrnPBsOn
+WQG+1Mm/1aLKNgA2/Th4cO7uRbSaoWuexWAjKjIrVHYZbHEmqiqBX8ZaPJQOnOmm
+zxvssE0I2gB3+QvTsteP5H4+5zdZSYcPAsKlzvy7ohRS4OGKvSxX9pqrKaWAW44c
+LSyt7SkjA1nTbVLow6ptBjS/o0xNEZV2no0dnMig69y3zJyEWl2qdufhZ6C56GU6
+Pvqs3vps70zy0FH0z4SoyVlb6/LRjDkiXfMYMfYL+Q4E3YwL3r8GDzMfw2F6zfbI
+JyLWG8Z1ToyQy0Qa4mp5mgYmEUm5tVOTjEB9DQATpPXc88p0c15wRSjiZ0FOA5Bd
+5/WueKErzjLQ/MhlkjausWKLbZOgRiBCs9Kx/3t+n8HYtsUmsULaI1sAsQ5umg4D
+VHKHfz2lQwUfeT7+trPjyrHAN5VF3IgYFFqbQcHAt3k/twBpUeX0x7aMFDR7GeSY
+oSN0pEyGkHtZ9RWpM18hsnEFvbqZSKCqB9HuTlKQXLhTvj9RlumbrM1w3QTBvYvm
+u3URRmPH7ERJchQ+21i8oXNQK20JCV9Ak0lf5JBHoXYGzEiWWFiaID2aCBtcvusB
+zebF1iPJVaIvjJc/gzh6og2LXbDNSiNewVfrRg/QYeNvAm02Yg//HXsCAQI=
+-----END DH PARAMETERS-----
--- a/BLKR/openvpn/blkr/keys/index.txt
+++ b/BLKR/openvpn/blkr/keys/index.txt
@ -0,0 +1,3 @@
+V	381014212317Z		01	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-BLKR-server/name=VPN BLKR/emailAddress=argus@oopen.de
+V	381014223655Z		02	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-BLKR-chris/name=VPN BLKR/emailAddress=argus@oopen.de
+V	381014224634Z		03	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-BLKR-julius/name=VPN BLKR/emailAddress=argus@oopen.de
--- a/BLKR/openvpn/blkr/keys/index.txt.attr
+++ b/BLKR/openvpn/blkr/keys/index.txt.attr
@ -0,0 +1 @@
+unique_subject = yes
--- a/BLKR/openvpn/blkr/keys/index.txt.attr.old
+++ b/BLKR/openvpn/blkr/keys/index.txt.attr.old
@ -0,0 +1 @@
+unique_subject = yes
--- a/BLKR/openvpn/blkr/keys/index.txt.old
+++ b/BLKR/openvpn/blkr/keys/index.txt.old
@ -0,0 +1,2 @@
+V	381014212317Z		01	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-BLKR-server/name=VPN BLKR/emailAddress=argus@oopen.de
+V	381014223655Z		02	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-BLKR-chris/name=VPN BLKR/emailAddress=argus@oopen.de
--- a/BLKR/openvpn/blkr/keys/julius.crt
+++ b/BLKR/openvpn/blkr/keys/julius.crt
@ -0,0 +1,139 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 3 (0x3)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-BLKR/name=VPN BLKR/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Oct 14 22:46:34 2018 GMT
+            Not After : Oct 14 22:46:34 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-BLKR-julius/name=VPN BLKR/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:b1:11:6d:90:ce:eb:64:c0:02:b1:4d:a6:d5:c5:
+                    d6:e1:a4:91:e4:e8:68:a3:e9:5b:e6:fb:94:f6:f0:
+                    32:24:b5:1c:64:85:e8:77:60:fa:3c:51:1e:1e:c4:
+                    ab:d9:7a:e3:3d:80:ac:c4:c7:f4:f7:c7:40:45:24:
+                    b8:9f:55:97:7c:42:28:2a:aa:aa:0a:8c:78:d1:ce:
+                    cf:de:a3:a7:14:43:4f:43:8d:08:3d:8f:43:cd:af:
+                    c4:aa:cc:7f:5e:b2:5f:c9:d4:f3:be:6d:22:7a:e2:
+                    23:33:21:14:27:65:3e:ce:c0:77:10:3f:a3:9e:b7:
+                    aa:e4:1d:0c:57:e2:60:9e:75:92:7d:a5:5e:eb:a9:
+                    2a:f8:2d:ed:47:58:a1:7f:3c:81:48:c7:25:5b:a0:
+                    b1:83:13:b4:38:df:3f:37:f8:97:8f:f8:1e:be:a3:
+                    df:10:da:1c:38:55:ca:12:60:ee:6a:1c:c1:e1:25:
+                    2d:e3:3c:38:f8:c2:f7:d5:fa:3b:0e:c8:70:af:98:
+                    0c:5e:3f:e4:a2:81:78:a5:14:ee:bf:00:85:42:2b:
+                    fa:2d:63:08:38:d7:57:ef:bf:e5:57:24:a8:df:2a:
+                    8f:b5:c7:bf:79:d7:8b:56:b6:8a:ca:84:9a:68:2b:
+                    dc:86:8f:46:e4:60:92:2b:fb:ea:8c:17:ff:8c:30:
+                    2b:86:6e:10:35:20:17:8e:f8:55:3a:b4:fb:ab:dd:
+                    b7:01:23:0c:22:e9:63:66:0e:53:d5:95:e7:64:c0:
+                    2f:36:36:22:65:b3:98:43:3d:4d:88:3c:d5:30:2b:
+                    15:77:74:a8:b8:0a:49:c5:47:a3:64:f3:3a:7e:cd:
+                    b6:db:7d:f4:87:3b:8d:08:a9:46:f7:e8:2b:3b:c3:
+                    93:15:c2:f8:c8:13:46:fd:d9:04:aa:b8:e7:08:e7:
+                    61:ae:52:52:07:9b:e4:1c:d9:1d:83:9e:4c:ed:95:
+                    0b:4d:b7:6d:e3:a0:4e:e2:9d:5e:e6:f4:62:03:65:
+                    75:17:f1:88:96:b5:33:40:22:e7:74:67:2c:bc:ab:
+                    11:d5:a7:01:06:67:1b:17:de:8e:33:23:89:1d:d0:
+                    82:84:a4:e8:2a:f2:96:16:53:22:68:6e:61:af:5c:
+                    03:b4:f3:eb:6d:45:5b:98:e3:2a:40:25:9d:7d:6b:
+                    0b:55:15:5a:46:36:a0:47:9d:b9:7f:81:d7:75:22:
+                    47:e9:16:cd:24:e7:31:e9:9d:43:e8:7a:69:71:d1:
+                    87:8e:f0:65:0c:9f:f5:24:f3:67:84:99:c3:ec:ff:
+                    29:78:73:de:6f:77:c0:58:ba:b7:79:26:28:1f:08:
+                    84:fc:b4:5f:76:a1:dd:86:b0:fb:68:b1:07:ef:d2:
+                    67:92:f9
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                B1:B0:DA:87:E4:B2:2B:4C:CD:4D:AC:85:4A:53:04:B1:10:BB:FE:DD
+            X509v3 Authority Key Identifier: 
+                keyid:F6:77:A3:99:24:82:B9:8D:83:62:A2:FC:C4:7B:AD:CA:D6:6E:F9:E2
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-BLKR/name=VPN BLKR/emailAddress=argus@oopen.de
+                serial:D4:35:92:4A:3F:D5:35:D6
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:julius
+    Signature Algorithm: sha256WithRSAEncryption
+         35:bd:ae:09:85:64:42:07:54:60:a1:fd:7d:9e:aa:a1:b7:1c:
+         da:f8:6b:0c:fe:eb:fe:84:92:da:f1:6f:72:90:6a:fb:fe:b0:
+         6f:4f:5e:f1:af:67:e3:bb:71:6d:49:8d:4f:fd:7f:d8:00:d7:
+         c3:03:14:43:78:f3:74:8e:70:1d:c9:1b:40:b5:07:46:2d:c7:
+         d4:0f:50:6e:fb:db:fb:1a:21:c8:c2:69:ab:49:0d:75:59:06:
+         1b:1e:f0:a0:57:3a:49:0a:b8:36:97:f6:87:ec:82:9b:b4:f6:
+         a4:5b:c3:3b:b0:a6:5a:e2:98:62:fd:30:59:bb:6a:84:8e:e1:
+         71:04:9d:be:19:82:31:c2:de:6e:cc:f8:ee:b8:fd:b7:5a:68:
+         6c:8a:6a:6e:57:ad:62:bd:20:5e:0c:d9:0e:23:8e:c2:52:09:
+         d6:14:90:f4:ea:9a:b9:1e:08:f9:b6:b8:f4:9c:bc:e3:4a:3a:
+         0b:65:bf:64:01:7f:cc:c4:df:65:b6:0c:a7:8c:00:66:c2:a2:
+         4d:a9:84:f0:c3:70:29:b4:01:ca:b0:5b:2f:c2:c2:d7:98:b6:
+         27:90:44:dc:3c:cc:82:40:f3:31:49:37:9e:d8:5e:d6:a3:a8:
+         6a:86:63:3b:2c:c8:2e:bb:65:e0:1f:05:1a:0b:46:5e:75:5d:
+         e9:53:be:73:bd:3f:86:46:e9:92:5e:7e:f9:cf:19:eb:50:60:
+         77:aa:5e:c2:3f:5b:04:80:cb:47:ec:e4:d1:76:d5:5d:d3:c7:
+         65:9e:b3:28:30:01:84:b3:0a:d9:74:ce:e3:a8:44:31:68:9b:
+         07:dd:1c:31:b6:29:ac:9e:8f:e9:2f:09:6a:de:c4:df:28:f9:
+         30:98:85:18:2d:ed:63:94:f0:f8:3f:bf:fa:7d:42:f3:3c:51:
+         94:b6:8b:ab:39:e9:81:63:2e:8a:4d:40:bb:34:21:8d:39:9c:
+         95:04:cd:a7:3d:8f:21:c1:63:bf:0d:31:54:69:88:48:d0:94:
+         19:98:e7:24:f2:b7:c8:20:4f:cd:47:75:fc:a5:36:6e:24:42:
+         49:34:a2:95:db:f2:07:72:70:b8:79:9f:9f:4b:bb:94:1d:ee:
+         8b:d1:5f:49:b3:d2:19:96:cb:00:42:54:68:6f:00:61:9e:66:
+         6c:55:f6:65:21:0b:30:81:c8:ce:5b:a1:a9:e2:fe:32:93:d5:
+         ea:9d:60:c8:2e:73:7b:da:00:b0:7a:e3:9c:15:f8:17:f1:88:
+         1b:be:3b:fb:f0:0e:06:5f:37:8c:b5:4e:8f:e8:33:7e:88:da:
+         67:18:57:3d:dc:60:24:13:a4:ce:68:39:2f:a8:9e:43:1f:b5:
+         11:e2:78:8c:d7:f5:0f:e9
+-----BEGIN CERTIFICATE-----
+MIIHMDCCBRigAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxETAPBgNVBAMTCFZQTi1CTEtS
+MREwDwYDVQQpEwhWUE4gQkxLUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4u
+ZGUwHhcNMTgxMDE0MjI0NjM0WhcNMzgxMDE0MjI0NjM0WjCBpzELMAkGA1UEBhMC
+REUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZv
+Lm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGDAWBgNVBAMTD1ZQTi1C
+TEtSLWp1bGl1czERMA8GA1UEKRMIVlBOIEJMS1IxHTAbBgkqhkiG9w0BCQEWDmFy
+Z3VzQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAsRFt
+kM7rZMACsU2m1cXW4aSR5Ohoo+lb5vuU9vAyJLUcZIXod2D6PFEeHsSr2XrjPYCs
+xMf098dARSS4n1WXfEIoKqqqCox40c7P3qOnFENPQ40IPY9Dza/Eqsx/XrJfydTz
+vm0ieuIjMyEUJ2U+zsB3ED+jnreq5B0MV+JgnnWSfaVe66kq+C3tR1ihfzyBSMcl
+W6CxgxO0ON8/N/iXj/gevqPfENocOFXKEmDuahzB4SUt4zw4+ML31fo7Dshwr5gM
+Xj/kooF4pRTuvwCFQiv6LWMIONdX77/lVySo3yqPtce/edeLVraKyoSaaCvcho9G
+5GCSK/vqjBf/jDArhm4QNSAXjvhVOrT7q923ASMMIuljZg5T1ZXnZMAvNjYiZbOY
+Qz1NiDzVMCsVd3SouApJxUejZPM6fs222330hzuNCKlG9+grO8OTFcL4yBNG/dkE
+qrjnCOdhrlJSB5vkHNkdg55M7ZULTbdt46BO4p1e5vRiA2V1F/GIlrUzQCLndGcs
+vKsR1acBBmcbF96OMyOJHdCChKToKvKWFlMiaG5hr1wDtPPrbUVbmOMqQCWdfWsL
+VRVaRjagR525f4HXdSJH6RbNJOcx6Z1D6HppcdGHjvBlDJ/1JPNnhJnD7P8peHPe
+b3fAWLq3eSYoHwiE/LRfdqHdhrD7aLEH79JnkvkCAwEAAaOCAWowggFmMAkGA1Ud
+EwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZp
+Y2F0ZTAdBgNVHQ4EFgQUsbDah+SyK0zNTayFSlMEsRC7/t0wgdUGA1UdIwSBzTCB
+yoAU9nejmSSCuY2DYqL8xHutytZu+eKhgaakgaMwgaAxCzAJBgNVBAYTAkRFMQ8w
+DQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVu
+MRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMREwDwYDVQQDEwhWUE4tQkxLUjER
+MA8GA1UEKRMIVlBOIEJMS1IxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRl
+ggkA1DWSSj/VNdYwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMBEG
+A1UdEQQKMAiCBmp1bGl1czANBgkqhkiG9w0BAQsFAAOCAgEANb2uCYVkQgdUYKH9
+fZ6qobcc2vhrDP7r/oSS2vFvcpBq+/6wb09e8a9n47txbUmNT/1/2ADXwwMUQ3jz
+dI5wHckbQLUHRi3H1A9Qbvvb+xohyMJpq0kNdVkGGx7woFc6SQq4Npf2h+yCm7T2
+pFvDO7CmWuKYYv0wWbtqhI7hcQSdvhmCMcLebsz47rj9t1pobIpqbletYr0gXgzZ
+DiOOwlIJ1hSQ9OqauR4I+ba49Jy840o6C2W/ZAF/zMTfZbYMp4wAZsKiTamE8MNw
+KbQByrBbL8LC15i2J5BE3DzMgkDzMUk3nthe1qOoaoZjOyzILrtl4B8FGgtGXnVd
+6VO+c70/hkbpkl5++c8Z61Bgd6pewj9bBIDLR+zk0XbVXdPHZZ6zKDABhLMK2XTO
+46hEMWibB90cMbYprJ6P6S8Jat7E3yj5MJiFGC3tY5Tw+D+/+n1C8zxRlLaLqznp
+gWMuik1AuzQhjTmclQTNpz2PIcFjvw0xVGmISNCUGZjnJPK3yCBPzUd1/KU2biRC
+STSildvyB3JwuHmfn0u7lB3ui9FfSbPSGZbLAEJUaG8AYZ5mbFX2ZSELMIHIzluh
+qeL+MpPV6p1gyC5ze9oAsHrjnBX4F/GIG747+/AOBl83jLVOj+gzfojaZxhXPdxg
+JBOkzmg5L6ieQx+1EeJ4jNf1D+k=
+-----END CERTIFICATE-----
--- a/BLKR/openvpn/blkr/keys/julius.csr
+++ b/BLKR/openvpn/blkr/keys/julius.csr
@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIE7TCCAtUCAQAwgacxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMRgwFgYDVQQDEw9WUE4tQkxLUi1qdWxpdXMxETAPBgNVBCkTCFZQ
+TiBCTEtSMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCCAiIwDQYJKoZI
+hvcNAQEBBQADggIPADCCAgoCggIBALERbZDO62TAArFNptXF1uGkkeToaKPpW+b7
+lPbwMiS1HGSF6Hdg+jxRHh7Eq9l64z2ArMTH9PfHQEUkuJ9Vl3xCKCqqqgqMeNHO
+z96jpxRDT0ONCD2PQ82vxKrMf16yX8nU875tInriIzMhFCdlPs7AdxA/o563quQd
+DFfiYJ51kn2lXuupKvgt7UdYoX88gUjHJVugsYMTtDjfPzf4l4/4Hr6j3xDaHDhV
+yhJg7mocweElLeM8OPjC99X6Ow7IcK+YDF4/5KKBeKUU7r8AhUIr+i1jCDjXV++/
+5VckqN8qj7XHv3nXi1a2isqEmmgr3IaPRuRgkiv76owX/4wwK4ZuEDUgF474VTq0
+6vdtwEjDCLpY2YOU9WV52TALzY2ImWzmEM9TYg81TArFXd0qLgKScVHo2TzOn7N
+ttt99Ic7jQipRvfoKzvDkxXC+MgTRv3ZBKq45wjnYa5SUgeb5BzZHYOeTO2VC023
+beOgTuKdXub0YgNldRfxiJa1M0Ai53RnLLyrEdWnAQZnGxfejjMjiR3QgoSk6Cry
+lhZTImhuYa9cA7Tz621FW5jjKkAlnX1rC1UVWkY2oEeduX+B13UiR+kWzSTnMemd
+Q+h6aXHRh47wZQyf9STzZ4SZw+z/KXhz3m93wFi6t3kmKB8IhPy0X3ah3Yaw+2ix
+B+/SZ5L5AgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAgEAFPBe9D5F9iT438Exsh0W
+pwPF69IzMr4STgobAIqki6M24+N4SAj41c4pOnS+WoIE1gbGDeHZUJz4K3nk4BbP
+YbS7Y971pNpMGYjf9P29f7o5GiZnVjeKq3bVHf/0eqx0dIqmZnMqPyCzBDW2KIeK
+PjSVka3g1BoDBAObe6FJUcWfQxxu/vjZrzLGLSlA3BmsE+1wTh3vIuewfTVGE00P
+FJyav/mPnGJcj6KPWAby+iOmdH+AkUzlu1TD+D0u87QQ8hBDGRbXb3Twe9SIOV3R
+gwPqBMvGjbb+1HMYUPqhL2vcynv1Pn6+CvCtkxu72tYU63SveEnVIT3td1AxiJrH
+hGfpkgJIE4/JHGn+gWn4kAMCl/iHlC6w32WFg7ce//08e+NtY8pIkP+gyx3wkKEA
+p891vzZrAvOlXpel7R+wd6otQYw64imLhE8KzVhh+hDybOA8Xc9P0EeGzd+Riahc
+StUjrcUy4GsQgBbvy/t6u9PKpFnGGCWOrtiWBwToBt3G9mixt65tnkwF7YdmeuJM
+9T1JAQvAGV8dF7TXSfhfsgFhXF8MPvVQy2njDUKr8UPIRoNFWL43aZrZz6qi4Dub
+FTDU3DbfgKUhjcmmLzLWCyniroHGCHikBVyQ/Elk2yCaNnRQ+QTFt8v9yJYcJMDz
+2OYX8pd3sfHL68WFb3ozhZU=
+-----END CERTIFICATE REQUEST-----
--- a/BLKR/openvpn/blkr/keys/julius.key
+++ b/BLKR/openvpn/blkr/keys/julius.key
@ -0,0 +1,54 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIKFf7x+y0VjICAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECKNd68aH723ZBIIJSCSKYMe/zTkn
+g+fRJKj1dcWhw1Lih1uS/Q636GDykHj1DCcQsZjgNcy61FVh/B1Hpd7f2dxRf3vp
+YKDxCnEKAcGjSMsXhkXwc0mz6vPrYNGhdJ5/9SizjW6/+hU/qhi8iZQVPPJU9zVh
+4YUVC8kYHkU8FjgEEOyMPwjtRjxWAuB54Q0Ans1C1wlzz040UEGRfVm5+FkuupUm
+mvMzcJQdwGYcWFZR066xTUkiDm4fCaG9Lc8RXj2TCzUsKsJUlfmoSCO8DHgOqUM/
+6M7TNP6HmIWtX9NOlH7j/dLDIF53afbuDFaoXKdL/6nibZvG/o39IJ3n7hJHeZFB
+Ydfe1b8fCLl4+6O2RFEQfTmbjt9AA1G8bRHdFT80ekD0rUfqBEMetDsHkExHr8Vt
+kscM9KmYxLA1ExnQ07UWRPPqj31dvOg+sIVYBs9Ou5K0yK9vj7rZPK9M6P+Rs5mD
+V0YHCrCzAPLYd8zzWT7uI0hVoDd8ooMoCUXNffzLAwfjormVzR1as3ttIhf0zjz1
+6oqXvby1ACaIqWpRm52LNef7MDcCdv6R1kgB1JR+CWduOTCMQ7yklOY9A+S+E4Xd
+xSRkXTkVh4awVIRdoqmFbgrKlQAoarvZU8V/ayusS6nGx+9j1F9JYXFbp7Dz2kLq
+hLZnO8sOsQo3+s/2nOjhREI+YLBbanSge7t9hYsXEeJ51lwx5luED6ktfFEr2fTs
+AbyoM9JpAolYkyqmDHYH5WmRPeTHLIt0ZKfhnkCroV4KC+zMN1mNzgEbEuZA7eY+
+sAjFMJzsiamCTDlSb8x9VzVBHTeyGW/OFPlzratv1l8/9qZ5YGqOFEyAGLF5956w
+5YEP1ojOe/aYi+zYdablrQkBY//Lxv37ZzwhUclkBKt7iHk3cS5EAFtL6if0vsQ8
+d6W5+dNgkEYcoTbupkjGHXAG/UqbibR4j97WODb+qBdsUl5mIV38Tl9y+rwJjANP
+Xi9pdnFE+O/u/sbXNVNlN/tfu2AS4gfvKccNJJV5kqGHDFwAsuoy5Nado8KHSetR
+FOCLh/ADa8OE071xsqr4z2T9JkpN2aIqiHROCJvOtepZq+8gblmF1VKEnQDTuLFW
+hRMbXkL9Xd3vz02tJCGf+1YKKS+G5cQirVHCxRRAVc7e52Nd5+W+0Ds3xLo3oZIV
+txHZyQ8qFuAw5EzYQ/vVSXfuTFohcrqDQl7DTtlEAcEyRyc5J0oJzRCk4tTvnFdD
+xL+yxb6EqU018Y/aryEOJAhxIullpaCAEAy8WyiUyu9Bf4gx90UVUpXVoU8+WGk3
+/BGyAwmyXCVv/M6rzcSQ2bm1n5ga8SkmZvLH9YC11oir4jM2YY+tFvjeZg0Zcatv
+pdm4XM1bpk3ysf8HatFqBwnd+xR2Uk6l+f3dyhYzcz74VZyqjbrnUgUPwFTZTI7c
+9TA7alPzRqnuL0LBYjs2H4DSih7LPfJTTohrePhMEMpJnewKWayTuWSmMoQlZWOM
+iIzT+KcLxWQSliolEUQ2HytjJ+898WETe2pJaCrA12XJ2fPZcAhuYKdrWD1N5qXb
+lll0Xl08nVxpQ0jRxpoIvjBiwrdPF97BIYaVCXCERQMFu8rFeOzlDPf4H/jtCCSY
+Obv4b5h7XVhKbewKHZsOWprOecetK2goGVO5UAiPsrE2VKugzkg2+5HoV/wC4VBN
+yhImVgK1MsUqFnwSsRNQTRZZ5bUL83urBOlEJvBh2A7Lgo6tVJY+mYCIM5/1UYMA
+2JPyXFn688h+/f0j3p9kGLiLgblsiexu8MT7DABgTrQVd0pb2O/7T7B1/zoMzDW6
+DQhxg/+hW4A4zbxoauup7iRBkLuoc9UjA1p3wa7Kd6bcPesjv0iTjfxGYNhl7dCM
+48eqm2arMd1N9ns3kjKQzbQPswuKx4TjpE4yJ1hPQGWhD5i1znJ4yl3IhIlckHoH
+LAXxeu82HGbMF7qACMO4Xan00o9egawkbqx2sOC8ghBcxi8Jn4zEt5kEgQVcVg4d
+8wIJ2f+D2z7c94ycBv96Cm04QVyNZkm5Gzzf3AQW0wLo1MRaBok+JOiWMEb+dqV0
+/MAZ2KibMxWTkRNfIsJVx88fwupUk+ztM8ZsaAuYRBrMZrnw4LGt70xHhp1V75qp
+6eReNMU3/oZ8JNjP7yoYLX8T9fBlEj9z/ErbyAEmWHZSSwR6sXJIzXr4ywVWHjXk
+U8ZkWMVa0VMozAUdzfMPBjFZwhYBeEguiAYN1Wtvbz//EqnbogxNtTckwTlgD4xI
+ECfVaAsaTCtL8/nOVM11wQhmJYAbMtbi5BFS/KOoCo9N3wse77aFD9PF7bxV8RHk
+JtY/u1seqbLN9ZjGpQCusl22GgvK4Kz80mRrTtDpP0aoT1BTn0Hz6Y4GJRzX0x1Q
+u+fVt0+beC4pjd1mJndpoXG1S2+WHPh3SV2f+ZYiFrQd1uQ5U2dCq6VlfZBgf6xP
+bZoOmcly9NQM4nEszGt9AFGFj5mw234dmQdVwbjcYhMmXSfmI5wCLVyyQBKHrp5V
+kG4eEM8HgXqBrTMVoyA+BNK8SRRUZUD/eN3bwvE2CEkAaVc4QRIJCtJwEvOP3SA2
+EjbcNbdfhIT6OA7AWIMXaLwCTre3vMDU4z26EA7/k4wNKvvpJb49ScgJDMuIS9h5
+BXh0q8B6VvPFGuTVV46uz/gl8fU1cROvCJclCbaUMt4lcna+rgvJWoX2BtOwWfEV
+ZYGHBqPt/94tO+fEWr9e0SqIwZSiyrfTZhfJUZjyDNXTedF4BfWyI0CkC/NfEswG
+P97ozo4un/+P5NseqQN4EXnZR1egUur4mCJz2KCrv9M0LSxwbZK2cjZCqnsIc4U1
+aufbzS5YerTKCduGVvuwCSlA57CeDXlFE89M3hwSD5xp9tJbXNL/q0ufaPCSSV9C
+BMW6SMUvDzKBY1hULCfYCnrrzI0+xfvoBQ5PwiUT7TVqKV4wViWiJ1BSp5uJkein
+hrm3ER4tmS7LX+pNBb49Lgpar2Omivm4/tmgVwhhw9e0X+OnpWqlTAqcti73rHKm
+5zksjTcjTxfjj2kEX8ASXD5I8H2v+hXZrmjE8PV+jA4Gl5fooMF9gp7z3EE3wyeD
+OfI90G7V8F2NBjx9rQx+e1/Sz6yRtEdtUCKWFMTJnSEWTOF2e4I1py0IRvspMOTG
+gQVi7sR0xnQD61dmqU8dWw==
+-----END ENCRYPTED PRIVATE KEY-----
--- a/BLKR/openvpn/blkr/keys/serial
+++ b/BLKR/openvpn/blkr/keys/serial
@ -0,0 +1 @@
+04
--- a/BLKR/openvpn/blkr/keys/serial.old
+++ b/BLKR/openvpn/blkr/keys/serial.old
@ -0,0 +1 @@
+03
--- a/BLKR/openvpn/blkr/keys/server.crt
+++ b/BLKR/openvpn/blkr/keys/server.crt
@ -0,0 +1,141 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-BLKR/name=VPN BLKR/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Oct 14 21:23:17 2018 GMT
+            Not After : Oct 14 21:23:17 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-BLKR-server/name=VPN BLKR/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:e1:41:1d:ef:50:16:69:a2:68:b8:5a:27:ab:a9:
+                    df:96:c8:5b:57:dc:81:41:c3:d5:61:48:75:b8:e3:
+                    e3:3b:b8:4f:5e:fa:c8:a5:bd:58:7d:90:e1:70:c0:
+                    91:fc:df:19:1a:e9:6d:0f:ae:5e:5c:1e:a5:14:ad:
+                    d3:2c:09:77:32:3a:84:5e:06:08:ed:4d:05:a0:69:
+                    6a:8c:e4:2b:3c:60:07:2f:87:da:19:3d:f9:d6:2c:
+                    16:a9:4f:1b:0c:d2:bc:48:5c:90:55:21:98:85:16:
+                    93:c7:3b:62:e6:fe:3f:5c:5c:22:6b:8f:81:5a:bd:
+                    27:27:b1:af:6c:c1:af:1a:3b:40:33:4b:33:35:7d:
+                    21:0b:31:1f:0e:3c:46:77:33:dc:87:e0:82:e0:31:
+                    9a:f0:d7:93:a2:a3:89:6b:0b:9a:aa:fb:2b:14:9c:
+                    39:a9:fe:87:f3:76:6c:e2:0d:60:d2:da:2c:03:7b:
+                    ea:48:13:31:93:a2:ab:40:8c:a0:ef:fb:bd:3e:c9:
+                    b6:75:ed:35:fd:8b:d7:04:fc:4e:c0:b0:12:af:3b:
+                    99:00:71:52:a6:d0:3b:16:f8:5a:98:3c:a2:5b:76:
+                    0c:d8:36:35:3a:0a:1a:dc:2f:bd:f8:05:6d:dd:40:
+                    df:93:cb:da:92:f0:63:d0:24:7a:e2:2a:ef:af:3e:
+                    ad:95:54:27:1f:f4:82:18:ce:b9:e3:9b:e7:76:12:
+                    f7:7e:79:4b:45:fe:a9:34:7a:2a:7e:03:0b:57:b7:
+                    2e:1f:ff:99:ac:f9:26:94:89:6c:ac:94:fa:01:39:
+                    c3:15:12:f2:e8:40:93:43:06:f6:ba:be:ab:58:8c:
+                    b3:0c:01:f0:22:2e:f2:a1:3b:07:b1:01:a1:b7:cc:
+                    29:a2:c1:59:60:b9:2b:9c:22:5e:03:46:74:dd:d9:
+                    9f:04:05:18:3b:34:d6:74:49:13:da:33:7e:83:57:
+                    01:e2:9e:a6:ff:36:e4:81:f5:62:23:79:52:a3:13:
+                    e1:f3:55:d3:b2:15:9d:ec:ce:5a:78:0e:97:ad:0a:
+                    ef:d1:d3:1c:c6:38:1e:a6:56:32:e2:6c:11:8f:26:
+                    b9:8d:5b:3a:c0:d6:01:b2:c4:fd:1c:96:31:a4:98:
+                    19:2f:c7:e2:f4:49:a7:df:a3:91:49:1e:3d:f0:c1:
+                    1e:67:27:54:f6:4f:7a:ec:0a:33:91:d2:7d:86:87:
+                    93:d0:7c:14:5d:57:35:86:ee:5a:1c:4d:d3:3d:74:
+                    4b:f0:20:af:c9:cc:ab:c7:ec:66:a5:f8:ae:5e:e9:
+                    79:a6:8c:e7:2c:fc:76:f2:8b:a5:c4:47:47:40:0f:
+                    10:97:14:7d:f5:bd:96:77:25:b6:53:f6:f1:35:ae:
+                    96:7e:27
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Server
+            Netscape Comment: 
+                Easy-RSA Generated Server Certificate
+            X509v3 Subject Key Identifier: 
+                10:58:52:1D:17:5E:26:24:8B:10:AA:B2:C7:F9:CF:88:7E:2E:2B:7E
+            X509v3 Authority Key Identifier: 
+                keyid:F6:77:A3:99:24:82:B9:8D:83:62:A2:FC:C4:7B:AD:CA:D6:6E:F9:E2
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-BLKR/name=VPN BLKR/emailAddress=argus@oopen.de
+                serial:D4:35:92:4A:3F:D5:35:D6
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+            X509v3 Subject Alternative Name: 
+                DNS:server
+    Signature Algorithm: sha256WithRSAEncryption
+         d3:04:a5:22:2f:3f:f0:2c:4b:17:42:7e:cf:60:01:3f:13:95:
+         63:37:bb:94:60:fd:77:0f:38:4b:d0:72:cd:17:bc:e4:ca:ad:
+         4f:85:e2:7c:ab:e1:cb:c5:b9:08:9d:2a:bb:29:e1:c2:33:42:
+         26:de:25:7e:a1:fe:5c:79:3c:37:9c:dd:ed:3d:86:15:e1:84:
+         69:95:ff:91:de:18:f3:1f:a8:41:7a:77:c2:d9:b4:da:74:af:
+         c3:bc:b5:49:92:e1:12:5c:07:51:ac:15:67:8d:8c:a5:83:3d:
+         a3:99:80:f5:f4:20:41:78:29:4c:bf:ec:6d:9b:30:c6:0e:db:
+         b1:6b:e9:58:3d:e3:aa:b0:9d:eb:43:2b:c1:f0:69:ae:34:65:
+         b2:3f:bb:bb:ef:51:87:73:18:d4:0c:f6:07:f2:f9:d9:91:fe:
+         46:fa:de:dd:86:6d:7c:e7:bc:c0:c9:c8:60:90:2c:c5:da:bf:
+         71:28:50:13:7c:37:6b:47:bc:b4:7a:a9:3f:bc:67:81:cf:ed:
+         94:bb:54:3c:00:46:01:0a:e4:73:24:64:71:a0:7f:44:dd:ba:
+         83:3b:42:a0:9f:1c:0f:fd:31:bd:e0:d5:b7:69:22:9d:63:dc:
+         f9:94:b8:57:c4:7d:a3:52:29:c7:a1:78:c0:0f:f6:72:ab:75:
+         9d:5c:c8:2c:05:c9:2f:e4:73:1d:fd:41:8a:69:87:c9:be:c0:
+         7b:b7:ce:7a:d5:f9:04:f6:9f:c9:4b:c4:76:2a:d1:73:67:e6:
+         e5:8e:04:9e:01:e9:7b:62:84:12:54:f3:29:af:83:45:a7:e2:
+         bb:c2:2a:8c:16:68:5b:37:67:dd:18:47:67:03:0b:ff:0f:6e:
+         c4:71:0b:c2:a7:a6:e4:d8:4e:9e:4c:d8:a1:5d:4b:9e:24:02:
+         b9:bf:8d:3d:fd:64:66:34:32:a7:d3:e9:ab:cf:dc:2b:48:67:
+         ff:63:be:b9:d2:e5:74:4d:53:10:d2:31:b0:44:23:1a:29:6d:
+         35:00:98:39:2b:82:74:2e:73:75:dd:47:9a:e8:6d:72:ed:31:
+         53:b5:53:b9:71:46:3d:84:25:79:ee:3d:90:cc:48:9d:bd:5d:
+         8b:31:93:61:2f:4c:3f:87:92:45:ab:9a:e9:4c:01:6d:51:c9:
+         4d:ea:f7:35:11:cf:d3:83:c6:48:4b:a8:f5:14:d1:a0:19:3f:
+         27:04:2e:0a:61:5e:d5:53:53:15:47:ed:25:2d:db:14:26:8b:
+         16:b0:58:6d:91:9a:a2:5e:a4:94:d6:a2:0d:3e:83:ff:7c:19:
+         0d:2d:19:97:e5:1b:e1:a2:f4:56:96:bb:11:47:2c:a3:98:94:
+         a4:ad:7e:3d:5b:51:24:59
+-----BEGIN CERTIFICATE-----
+MIIHSjCCBTKgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxETAPBgNVBAMTCFZQTi1CTEtS
+MREwDwYDVQQpEwhWUE4gQkxLUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4u
+ZGUwHhcNMTgxMDE0MjEyMzE3WhcNMzgxMDE0MjEyMzE3WjCBpzELMAkGA1UEBhMC
+REUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZv
+Lm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGDAWBgNVBAMTD1ZQTi1C
+TEtSLXNlcnZlcjERMA8GA1UEKRMIVlBOIEJMS1IxHTAbBgkqhkiG9w0BCQEWDmFy
+Z3VzQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4UEd
+71AWaaJouFonq6nflshbV9yBQcPVYUh1uOPjO7hPXvrIpb1YfZDhcMCR/N8ZGult
+D65eXB6lFK3TLAl3MjqEXgYI7U0FoGlqjOQrPGAHL4faGT351iwWqU8bDNK8SFyQ
+VSGYhRaTxzti5v4/XFwia4+BWr0nJ7GvbMGvGjtAM0szNX0hCzEfDjxGdzPch+CC
+4DGa8NeToqOJawuaqvsrFJw5qf6H83Zs4g1g0tosA3vqSBMxk6KrQIyg7/u9Psm2
+de01/YvXBPxOwLASrzuZAHFSptA7FvhamDyiW3YM2DY1Ogoa3C+9+AVt3UDfk8va
+kvBj0CR64irvrz6tlVQnH/SCGM6545vndhL3fnlLRf6pNHoqfgMLV7cuH/+ZrPkm
+lIlsrJT6ATnDFRLy6ECTQwb2ur6rWIyzDAHwIi7yoTsHsQGht8wposFZYLkrnCJe
+A0Z03dmfBAUYOzTWdEkT2jN+g1cB4p6m/zbkgfViI3lSoxPh81XTshWd7M5aeA6X
+rQrv0dMcxjgeplYy4mwRjya5jVs6wNYBssT9HJYxpJgZL8fi9Emn36ORSR498MEe
+ZydU9k967AozkdJ9hoeT0HwUXVc1hu5aHE3TPXRL8CCvycyrx+xmpfiuXul5pozn
+LPx28oulxEdHQA8QlxR99b2WdyW2U/bxNa6WficCAwEAAaOCAYQwggGAMAkGA1Ud
+EwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMDQGCWCGSAGG+EIBDQQnFiVFYXN5LVJT
+QSBHZW5lcmF0ZWQgU2VydmVyIENlcnRpZmljYXRlMB0GA1UdDgQWBBQQWFIdF14m
+JIsQqrLH+c+Ifi4rfjCB1QYDVR0jBIHNMIHKgBT2d6OZJIK5jYNiovzEe63K1m75
+4qGBpqSBozCBoDELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UE
+BxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2Vy
+dmljZXMxETAPBgNVBAMTCFZQTi1CTEtSMREwDwYDVQQpEwhWUE4gQkxLUjEdMBsG
+CSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDUNZJKP9U11jATBgNVHSUEDDAK
+BggrBgEFBQcDATALBgNVHQ8EBAMCBaAwEQYDVR0RBAowCIIGc2VydmVyMA0GCSqG
+SIb3DQEBCwUAA4ICAQDTBKUiLz/wLEsXQn7PYAE/E5VjN7uUYP13DzhL0HLNF7zk
+yq1PheJ8q+HLxbkInSq7KeHCM0Im3iV+of5ceTw3nN3tPYYV4YRplf+R3hjzH6hB
+enfC2bTadK/DvLVJkuESXAdRrBVnjYylgz2jmYD19CBBeClMv+xtmzDGDtuxa+lY
+PeOqsJ3rQyvB8GmuNGWyP7u771GHcxjUDPYH8vnZkf5G+t7dhm1857zAychgkCzF
+2r9xKFATfDdrR7y0eqk/vGeBz+2Uu1Q8AEYBCuRzJGRxoH9E3bqDO0KgnxwP/TG9
+4NW3aSKdY9z5lLhXxH2jUinHoXjAD/Zyq3WdXMgsBckv5HMd/UGKaYfJvsB7t856
+1fkE9p/JS8R2KtFzZ+bljgSeAel7YoQSVPMpr4NFp+K7wiqMFmhbN2fdGEdnAwv/
+D27EcQvCp6bk2E6eTNihXUueJAK5v409/WRmNDKn0+mrz9wrSGf/Y7650uV0TVMQ
+0jGwRCMaKW01AJg5K4J0LnN13Uea6G1y7TFTtVO5cUY9hCV57j2QzEidvV2LMZNh
+L0w/h5JFq5rpTAFtUclN6vc1Ec/Tg8ZIS6j1FNGgGT8nBC4KYV7VU1MVR+0lLdsU
+JosWsFhtkZqiXqSU1qINPoP/fBkNLRmX5RvhovRWlrsRRyyjmJSkrX49W1EkWQ==
+-----END CERTIFICATE-----
--- a/BLKR/openvpn/blkr/keys/server.csr
+++ b/BLKR/openvpn/blkr/keys/server.csr
@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIE7TCCAtUCAQAwgacxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMRgwFgYDVQQDEw9WUE4tQkxLUi1zZXJ2ZXIxETAPBgNVBCkTCFZQ
+TiBCTEtSMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCCAiIwDQYJKoZI
+hvcNAQEBBQADggIPADCCAgoCggIBAOFBHe9QFmmiaLhaJ6up35bIW1fcgUHD1WFI
+dbjj4zu4T176yKW9WH2Q4XDAkfzfGRrpbQ+uXlwepRSt0ywJdzI6hF4GCO1NBaBp
+aozkKzxgBy+H2hk9+dYsFqlPGwzSvEhckFUhmIUWk8c7Yub+P1xcImuPgVq9Jyex
+r2zBrxo7QDNLMzV9IQsxHw48Rncz3IfgguAxmvDXk6KjiWsLmqr7KxScOan+h/N2
+bOINYNLaLAN76kgTMZOiq0CMoO/7vT7JtnXtNf2L1wT8TsCwEq87mQBxUqbQOxb4
+Wpg8olt2DNg2NToKGtwvvfgFbd1A35PL2pLwY9AkeuIq768+rZVUJx/0ghjOueOb
+53YS9355S0X+qTR6Kn4DC1e3Lh//maz5JpSJbKyU+gE5wxUS8uhAk0MG9rq+q1iM
+swwB8CIu8qE7B7EBobfMKaLBWWC5K5wiXgNGdN3ZnwQFGDs01nRJE9ozfoNXAeKe
+pv825IH1YiN5UqMT4fNV07IVnezOWngOl60K79HTHMY4HqZWMuJsEY8muY1bOsDW
+AbLE/RyWMaSYGS/H4vRJp9+jkUkePfDBHmcnVPZPeuwKM5HSfYaHk9B8FF1XNYbu
+WhxN0z10S/Agr8nMq8fsZqX4rl7peaaM5yz8dvKLpcRHR0APEJcUffW9lncltlP2
+8TWuln4nAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAgEABbfyfEBgiXif6QpJMQLI
+FXdD3ARX1xcaWp0Ym1QKfn9/PLSaCpPQGB0sgFNzG+NMwcHToQwXY8fUXlTX0NPq
+ocaaohiVdCqYzTovW95upyafd0Ccmb8e5rlJRi8r++M9jGsKqKcZZdn/2mPYxWrR
+UOnw8ORLKlgI0wC0UlYPt6OFoXcU6hzV5+tDKPilMT4WQRHvtUfcRqm9aqpdcPHo
+Hi7Jxei5jD4+cRiP/So9g0f1+KbTDv7ydmT45ujpMRdfX0v6YmekEmVeVK4Ouycj
+H89xTZG8hnMA9Jbi+Rw5x9UbXlGwIXpL8gWWa0sNLaT9TtQ8osd0+b7sEEkVcuPt
+FL42kI1Cx/VnsWKsiNHB3GTnENcrNKgtnA2QU5Tc9dXCiCflUp8LjDjIPotTuubL
+C0C6k/+5VYaDbnmv6rZJ106fc+t5pYPt+ds/HBwa58DWcgE72s+jl+VHa/PWAHJI
+GEP3XZ2631t2Tu6dOLnEzW8NOF+mKmFzI0rqj1+7m20gZBBR73MqmzgGsdRHZn8E
+fzROQ4xQ/4Ee4jS+ZKu8Z6H+BGGMronR5CuJeWAg0JTeTK6DVsxQZPb8FAPIQmn0
+3UDrWExpbrH+RFpbtjP1d/6Vutr8+kxRR99xZtNoJq+pXh4Mgs8Pz0u7ZHeIWYLN
+bH5ShGUWAi5FI2otpiMX7IM=
+-----END CERTIFICATE REQUEST-----
--- a/BLKR/openvpn/blkr/keys/server.key
+++ b/BLKR/openvpn/blkr/keys/server.key
@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDhQR3vUBZpomi4
+Wierqd+WyFtX3IFBw9VhSHW44+M7uE9e+silvVh9kOFwwJH83xka6W0Prl5cHqUU
+rdMsCXcyOoReBgjtTQWgaWqM5Cs8YAcvh9oZPfnWLBapTxsM0rxIXJBVIZiFFpPH
+O2Lm/j9cXCJrj4FavScnsa9swa8aO0AzSzM1fSELMR8OPEZ3M9yH4ILgMZrw15Oi
+o4lrC5qq+ysUnDmp/ofzdmziDWDS2iwDe+pIEzGToqtAjKDv+70+ybZ17TX9i9cE
+/E7AsBKvO5kAcVKm0DsW+FqYPKJbdgzYNjU6ChrcL734BW3dQN+Ty9qS8GPQJHri
+Ku+vPq2VVCcf9IIYzrnjm+d2Evd+eUtF/qk0eip+AwtXty4f/5ms+SaUiWyslPoB
+OcMVEvLoQJNDBva6vqtYjLMMAfAiLvKhOwexAaG3zCmiwVlguSucIl4DRnTd2Z8E
+BRg7NNZ0SRPaM36DVwHinqb/NuSB9WIjeVKjE+HzVdOyFZ3szlp4DpetCu/R0xzG
+OB6mVjLibBGPJrmNWzrA1gGyxP0cljGkmBkvx+L0Saffo5FJHj3wwR5nJ1T2T3rs
+CjOR0n2Gh5PQfBRdVzWG7locTdM9dEvwIK/JzKvH7Gal+K5e6XmmjOcs/Hbyi6XE
+R0dADxCXFH31vZZ3JbZT9vE1rpZ+JwIDAQABAoICAAkzdLqSxeeYt7hYDmjHrpdl
+Jb4IBsud6ThpEk30GRMWaz+Q9OM4QcYXRe4qH4x5vHfJ8yeB0t7mbY3Tr92LoW/O
+zhtdGb4/uCweQjjxFQcJUSHS5cjELFFgSaiuz4cNkJ1QEqE3lxhQnMa1mUugNQxb
+wxgrq3f+Y/wOGQFTRAjJRM0TlErqCpB/eCpHsgUqfCacuBvaSt7tn100WueheLbl
+PZRA8WYNPJZoTvhI3ZyfRs75n89D4XGLYn1ngSdsXAWVjbtxbhQmQykz+S+Lwaeg
+wpYvCtY/iTpd+K1hRKyBvPKT/EabpQ87cAISjrNL9BYAbLQ1143n/5D/efzpjYOJ
+ZzR14cLfbT92cwvHJ8fK8YlrS81Ap2KRZ2zQDb2YzykrQVzePk4iuSONDZ7cLY+y
+/vjU5k+5f7l77SHdcYAET8zZ+Svf35IGCxsU0YSGWA64F6Y2V1CDBBc27PwrcO39
+NFfU4HSmwPWHjNO3cYeqnoSBsH/YjgsxOW77CS9odbi3qCAl/UbD+1emFn9zkCNO
+zNLwzyan/imRZTxGzDbJswqpphgiK7DNvKG5YXlmmZvZc8worMxNRspa09qloxkm
+j5nrqabhYSgrM6ZGhGkFmYHiTrYENaihs+PilCtf3Y8mqpmK7065hnfbSHKsTDHv
+E/8sa4xwtOzwiLfybN7RAoIBAQDxCwi/aKalHr1E8XlyU0Y7CUZF0+2SwuJPKN/e
+Kmzrej7XJj2HML7KYOiTdpjC0IjtzcOGRLoOZDOlOg4bUIDz7Pv0r0Uy8VPiAvc
+rXsrPBKbyinBHE+8bqdDqUm76bUUTKBRBM76Bix0kvThTloXC0shLsFbW2ws+i0V
+chDlAiUF3zgTPthcdjGHWpinfUL3qkth03GoRwAGdDnnYxte51IHc/oU/plibSvJ
+HbSmxh/YbRHgLce+oz7PP7XzAaVgwzMQphskzI6beai1bAJ4LKyeM0g3cRw86fmW
+a8U+29M09HeiwNv51Ylru2M7B9wOeJ5cXLaP8uUO7xhhI8u5AoIBAQDvO0dld3kg
+IJA6/QqqcBtLO12lZjLfsYIwlgocoGjCnsk2EFqrM/PUmaswQeJwv8h8bMAmd6eq
+IATJoUSIcsQSSk+G4J9J765vhIGTO8lC6BJz5QKL/Va2hVrXaLfc2RoKkunSYdeh
+ZUJncDOe0KuhsUxrK3sa8FF8XrY0dvs3XcIeif/n96sFzDLSB+YWB02Blm9Qy8P+
+OtkMGtgDhQGC2pe8FZhc8B62ITiV9jsLydK4VoW3hZIDZdE5NhWui8Y3emgg+evX
+LQ213uA25Cqhmyc4moC617WYrWNfrEZ3LJlGYEecwwfbz+gQ+VzOBaX1e81Yvbv4
+awKDoUqd/EjfAoIBAQCL5iCUn1OhID8vxYr8PLLVTuO3YXJQrMWWth2BFwe/nl9L
+jInGxhiwl36r882dkIo5mnvctdbQa6DNFYXWQit/dMx1k/VkHYSOTWK9GP8Ur9AJ
+FYO4bgslTX/M+HMwGkub1YFypHzQhkbE/gocvlHxb/+R6cYVlPErBaSm/sYpdF4y
+k0TDfsUqnPrQGVfiVgRJJFCOHZ+o0FSGamy1DEN1iIKGityJ1N8HTl+MYa5Y4ULY
+ZS1r1IZK8gphVRPwT3NBvuljb1Tvvb3DJRAzA9ZHE364bwEqFH8UJ6RRlokrm4Bx
+CrZpAtBpp3MT0PWd7EjfKUiYSMM4tvwU99ZJgvIZAoIBAAJtbo8IBFGgIvaGRMpv
+8sbzpkKcY93DNlf53cZmlkmLRO1ogxMDpvC8UnFd6cdNGuKwU87QHgJq6sGFAmYE
+DBtHZ8EtnFAqv3FgPdRZofQs2KsWYs0619toRQC0jlEOXuZGkVrSJVb86QyVpeBx
+q5wraWQY/9nJIHqLl3u2zVvFdsfKjK804yZe6REahWopzs6G0UBXoPh+bl9iElkO
+y3Ihd7Kv4WjoAtfERIe5BOZcuOen8RlooI+qQ9I5y0SHJI7BjjbvckYvrdjvlwTX
+kdsr8NzxLGc48x3GfKCm5dwltrRxG6jqjbTcSjWJ4jgw9HsmM3I4EqU1qMPfKhuq
+SK8CggEANiZ4CXH/8lAumxt4E+cPkJRgkna4VEXHDUWm4GkyzpclOY3ui7wNxpAX
+oPY4EVW7Awjk5Gl0je9w1zArJgB4j4yXHvL3X+5Spibun0rTHNMfuNdGrSwPMMhk
+CJCvo3AkquM9iekhF7PPxGbv3BtPmlSytcUeYzJDbZpDPbWT06ib/V4+24n8R4lL
+wYVHyLxSnuRYY0XOyo0TzlPnpydPchwZuf/bp0SznVObAKJPjVSl2fmQTJZW5f+2
+WKFAP3/XULPZWdTtk89Ok2zqWNADmT0AafCdUuwUnSaxq/UNyxcKv21l59TalTlc
+ls75nOE80Jj550Qyx2xusNMQkzHSjw==
+-----END PRIVATE KEY-----
--- a/BLKR/openvpn/blkr/keys/ta.key
+++ b/BLKR/openvpn/blkr/keys/ta.key
@ -0,0 +1,21 @@
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+b185215657011d3b8e96ff855a3f90ba
+94131670f65a203848ac7040329594ae
+e867c606a0df1d12c265d7ec7d4dbd91
+c38c1e2103405f6b5c345548da2ae3e9
+6ddf55904f191037d673dc454e31dac7
+d6dd17917b0a045914860b19d310e541
+7bd707c41a3ed7d3b2d6fe522419a1d4
+cd929a7e2aa6183a0c83a4b212cbe96b
+e9bef5a76b621ef947858f96be60229f
+e2107488c6f0a50e7f3acfe5a27952db
+53f6e8156b7d10b4da35861906b81558
+f8a24a15f2311d592a0d6186a95261e8
+f186ec3f54672edec2d04b4c99e5666a
+815684b3129721e82c24482438ea4c7b
+80585ab2e4fd43cba32bede430bfa685
+cfc5755d9b1087aa3ec4299583e1f0a6
+-----END OpenVPN Static key V1-----
--- a/BLKR/openvpn/gw-ckubu/client-configs/gw-ckubu.conf
+++ b/BLKR/openvpn/gw-ckubu/client-configs/gw-ckubu.conf
@ -0,0 +1,285 @@
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server.     #
+#                                            #
+# This configuration can be used by multiple #
+# clients, however each client should have   #
+# its own cert and key files.                #
+#                                            #
+# On Windows, you might want to rename this  #
+# file so it has a .ovpn extension           #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Are we connecting to a TCP or
+# UDP server?  Use the same setting as
+# on the server
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote gw-blkr.oopen.de 1195
+
+topology subnet
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server.  Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# Server CA
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIG0jCCBLqgAwIBAgIJAPmS0q/SPu+dMA0GCSqGSIb3DQEBCwUAMIGgMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczERMA8GA1UEAxMI
+VlBOLUJMS1IxETAPBgNVBCkTCFZQTiBCTEtSMR0wGwYJKoZIhvcNAQkBFg5hcmd1
+c0Bvb3Blbi5kZTAgFw0xODEwMTQyMTQzMTVaGA8yMDUwMTAxNDIxNDMxNVowgaAx
+CzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEP
+MA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMREwDwYD
+VQQDEwhWUE4tQkxLUjERMA8GA1UEKRMIVlBOIEJMS1IxHTAbBgkqhkiG9w0BCQEW
+DmFyZ3VzQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA
+uV3aM8LnLlwhgci+qrzCkLAUk+A6VrXDc0cjJwwnliomKYckvwjGSG+7JCaBfPIQ
+TvBqoEbcbGo165qDNadcfM+s2E+Whda2FFUgUHujrQ69bsACuKGFarZqQUHqhmHC
+m/MSWZ39o+2A+4L4gIQzkLpPHOHRNArJfEkYVkGBaqU+TlzaGX9a4MUNyPQgjwWB
+cVDzOke/3PRUgaEq8U8kWsDw21y4cdS5Qhbd9/ijRbTFU37gfGWAz2E88flZzah2
+sTulBiHpaWaL+9K97UlHQ0RER0WmdgA0Ow90iqs7Sm6eDlJcafXFKh0Vu9lYnwpu
+/mrkWtk8EAl6xCq/VwMzrVebchomA11xDpzZLg2Xej4wLMsZ7ZVr+YixCJY06SA0
+Z/GMgq9vEn23P46CU9ZIjOPWpTXotXNGQbjWaJVRNuvlFvbF2URibo3ncjyPC6sR
+StIShahqLqG0tQ8YpT35+Zz6MuK7kUXIabMic/MFGX6o174ghOV1FhzrVC0GnnzT
+217n5vVABf8aD+jAooSFaByXYlHorAxxjcD3JKwsFalvASYK5Mt89jeVjxIl7tr
+h1XMgnj6pMA6Dlj067bEvWS6oWrxlfKJhySmjOT3TgY4cUjgquTTyZE3Q0WlOhRi
+rHFqWNUKMs4fji5vCFYU7NbEqiQqMwSOzirVTvDqTpMCAwEAAaOCAQkwggEFMB0G
+A1UdDgQWBBS0GaTbhypyt98E5gZmorH+Brmj+jCB1QYDVR0jBIHNMIHKgBS0GaTb
+hypyt98E5gZmorH+Brmj+qGBpqSBozCBoDELMAkGA1UEBhMCREUxDzANBgNVBAgT
+BkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNV
+BAsTEE5ldHdvcmsgU2VydmljZXMxETAPBgNVBAMTCFZQTi1CTEtSMREwDwYDVQQp
+EwhWUE4gQkxLUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQD5ktKv
+0j7vnTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQBMPRcUtDO57n8k
+F7XtxpKEBUsIorlBDp3H8G0bleWlLA013s4rAD90nG2F5g5WTQQ3hnRX0K/JllaT
+8u4M/Qr3HHlnZGQVt2aY6bLLN5TkqhMPGqxCIyWrxg0GyGZ55jgff34fj8WRAdl4
+ylKCK19QclctlkSKyFlVLd+w5IMA1rb75oN00klgmemXSA2tQ1YcydOleR9ar+FB
+8jZifx+DKGUP/n9HpSld5Q+/+zbPmQXItwm57odBeRPmyLgWCUKh5EvJ3Er5VR/k
+hUgNzih8vNZcjWYcahcncZ7O30JIX4UcDPlPHpLUKbir9BA4jgVeM8cyhpity8dU
+Jmnt9S7o8owBPXWtZ/Mg2kzY80LSocOrsh8TeVRdQ/3uexj1ytLuPNku9s5QiU04
+ziTVzGl805PypcfT+xqONUi5hBjAF3/V0w34CtzKn+icmu1xbdQL3iEj39fY9V3T
+mbxbcAxUkoYwXI67scVAEbgbxDwN7yA4ztKRDsIWC0hE1rc0Yt27w6Yf6Fk7BxXT
+4eL5te0j9145lc2S2vQGFHMq1yW55a4v3EW5qJIxy500IQvRBtpe0iWqO9TZamIk
+DD6m50VdZ0VyjrHcYenKXDqf6RBQjcK5fyOYXC0YAcMEj6s+Sy+VNIdsYFvYvaL/
+7oLu/GfpkhX92MNOQeIucACdcIwpeg==
+-----END CERTIFICATE-----
+</ca>
+
+# Client Certificate
+<cert>
+-----BEGIN CERTIFICATE-----
+MIIHNDCCBRygAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxETAPBgNVBAMTCFZQTi1CTEtS
+MREwDwYDVQQpEwhWUE4gQkxLUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4u
+ZGUwHhcNMTgxMDE0MjIwOTUyWhcNMzgxMDE0MjIwOTUyWjCBqTELMAkGA1UEBhMC
+REUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZv
+Lm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGjAYBgNVBAMTEVZQTi1C
+TEtSLWd3LWNrdWJ1MREwDwYDVQQpEwhWUE4gQkxLUjEdMBsGCSqGSIb3DQEJARYO
+YXJndXNAb29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDf
+OEi1vK7bOIinZlafM/w37W/h5zxMPFAi6ImYzceJUntiaR28KWeUicMtuFK5UdOw
+fKZ+qO//DisQRKVEC4iUCnDHfJeB3qrGw6UFvT6kTbEnupZF1TQQ1gr6eZTXSCA/
+cNqqBvhv5Mc3M4dT8wSqYfGZ2c8Ze1/pQyr3j74EwsltS0oLj7yYbJbQwyMX3Fpv
+pGTFN4rvRCvqRR6Y0ZGxuZNkU0mFv/k3+XPcRthCpouNQw3iMaAg9k8dBsN0Mi28
+KWwGsWwTYXG976FtI1QOW4HhQLb0VeDIyv1qA0rsohe6+NePPdgm4GRIk2j+IG2H
+/MfpVe5Obl0HPcFSJPR84GgbVZDLsPEWVBvhhheCr+PZuZ/tKcqoNNZis6pC5KQu
+Vsc5tdV+ZPsonq0RSjZXxzhsegVfJ+OuHlJfmHFbV75ERE2FYDSfEL9tQKs9ZaGX
+cyBKzSV4zQwA8tRKYX6kQP+duIA0MkgahL3gTtlYgGh6liRugSahIZGRltKJiDYG
+/zhyFETDd9cc5hsp1AttbNmCNlnGu45MfE4KTz/0JxdaG50pWsj6TDbV0vrx3EBS
+aQ5tahDSCoCyI2SNh0qfvkIxjsnU39XC6Dl1wo+mepBllB3R0RTe0QpiZGGUPEDg
+5nVODCENoU5CYlSRC2ldhx7AFwYCRptmyr5qBYYHJQIDAQABo4IBbDCCAWgwCQYD
+VR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2VuZXJhdGVkIENlcnRp
+ZmljYXRlMB0GA1UdDgQWBBR/WxfMH2sbgHx9eESrgPskIQkQojCB1QYDVR0jBIHN
+MIHKgBS0GaTbhypyt98E5gZmorH+Brmj+qGBpqSBozCBoDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxETAPBgNVBAMTCFZQTi1CTEtS
+MREwDwYDVQQpEwhWUE4gQkxLUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4u
+ZGWCCQD5ktKv0j7vnTATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4Aw
+EwYDVR0RBAwwCoIIZ3ctY2t1YnUwDQYJKoZIhvcNAQELBQADggIBACb7NjUyyb9B
+ofe1d38OTZBK7YC9mAq9ZgDuskXaqTlfQpX6NxMx0KviBj45DncPPYT+mVsYBJGU
+TZeAOUFyuaqDrAAxFl5cSJdD3Ix3FuYp6Wsz61mqLNqbI/JvSY45XhiLH1Fp9aDA
+pA6a7ACO2p9ZkjXE+TeK/JVcwmWX+ah3gvAOEFWUEnb3ZO+NkiGEoFSo4jY5rxiA
+K/kvaccTjukTqmtjGYmcGHVam896FTilSYsW+Jz0ORIP7CbeK9EPdhi7JSoTzAhn
+lOg6C2TVIrHDGNIyUNIadC0uSVmzHH5szpUMYECfILEkebj1Tv1qx9RnqdXSu4KI
+uR+K/kI7OY1KuPhSFGMmEDTIF6tg2HTTeEdGSrgTCDbi5Bqr73aCHGyCvFkdJEkW
+AjsDaA7wVe6j+PRgZhzZf7wA5LAfMO7to9xweI6ZDR4MglH34BcLIPOEewteiArh
+XY3XvUQkOJRr7tnGHi6h9rG8WlThF2JTSUO4Rhbhb5hfWEPyC/e5Mr7zVXFSd07Y
+fEuG/ppln0xtKsYLZMt7U/mzM7A4qLPpGIaWziojEMaxvbDpv1rZawajsoozT5X5
+zDF+VNFnwMEyaRu46zhbouhEcWU5FD8ux6II3aPYH1Bf8ZJ9btfkynHZorh2vFMg
+oBRLp3OUAKaJS3sZtH9cLAmCrlTPoCVk
+-----END CERTIFICATE-----
+</cert>
+
+# Client Key
+<key>
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIhPf7U8+0luwCAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECEbFHS/M/mH2BIIJSLS6wTEg0/zk
+yRDTLJUeb2b/p7Yr819WamxkEraj1NY4f9bi04i75UKt2oKQHav5clCXQVSwmaZn
+rpOTpom42KPEzFcrpztWlwnje/MRSxt80SBEoA68mvPGWR9o2o9t0D7Rl8G+L8HK
+VUqGu+t9XKUnr2h6hFtP0gfTz2nOkRp5sQ1wlrPADYlyjOxdvM4bP4c5pLSmCrwV
+7vait4Lh7mQ7R9t7FJQSNnb3G90+9yjkbWh5ht7s4gyi6cSlwcWcCU/cZg4q1NdG
+TH2gnMe2AWX2TQg8gSypaJV3T6zL2HJhjNA6vRAIbCbWD66LvtVdVOeM+nrNSpHT
+HiqEEDNCCen+Xhz8sai/mwx+oUUx3VvXUtDrve3H3dhpqPHAhIhUNeAaWSv0f1tb
+jPN3He6oB+dZwmPnVgFRzfU8AJIE/vIneDUywYNdgJH9nb3piSiVcHG3/y+6q3fJ
+3f55YbtI4zW4io5o9aXeL7yLhoDA7DrHfNxI9ANTPlL+xvaUz6sUKd3NfOKA5tL4
+h6KgDlWrlVakLhkf8sQMHbvVa91CJYiBwEJbVsd3kITOpRD4JDUu8sN1OZqcC+89
+yRlJ8Xsb09UcARAc4ZmidBbo6bd5smIlcCsOOxO2A/xVzgy2IxoRgN25XIyoxj+S
+NOIXcARHZeU1HBbeoUEXq8TqB6iJWWVszEBEt25UMQDLYsLh/XBp+IlYHvnPu5Os
+D1gktNW1ZNl9NxVXjMlhBVbT7bqeoU4IvMNxFLUMTYMltl+PNeBLKe0Qa33kZGCm
+bICe+aMHEKaxSTdxNQSQAmYkkcuQRaMybnHO4TN+IZ+w5BIcdUgDvumKTQWG5/Kc
+oPPGkYMzT/gQ/JED3HOuaihS6f/jy72Tr4NrVJH2243Xo6NlgNy4bYPMsO/lnLsl
+d60XBDifUrbw7gAxcyisHRJD4DqXFW8y8HAcbGJMBF6O7nbmb/GXYSmSw35//ABf
+drQtMOib4R5rlq/drK+aAYOEy45AKSojydfrpPIW4lZj9R6z6Utq8ckp4TRT7Ev
+jKf9CRW74pBjm8edfLgo3SNuyIolJwag1+PK+vCTtNXm8XX9et3clAE1pRUCJ4tA
+mUlJwSVpyG2PfhA+Y4XnRLDYoAdK92f+k2TW8vh5jt7wIpfyimFPfA1fnv/tLw+d
+Lr6mQGovAVlMgGW6S45yrp6buxUVVH5wdKtK1XpX/ktTHLD+XuUIERlJ3Iu0hysC
+IW/3R62pWzDnsEdMt2W5RItwwMkPzf74fOh0W5TGJLg4CAbc1NtzZ7PiPFPGecWU
+4DqKlb8+wQKwrOwkSokksxzPneVqg9Cq4ksXNYkdm4tK2lXAqUvS4ZpQM3w5AaoF
+otbx7fME5Y3CmV1mPlO+ENE7++qEHI61XheGphBBO06hD1vGG663WERhHE1CMXGu
+rOot+nUF4lomZhFzQUWLB4cc7bGdbljbXCAGnitTS0xZDl49B6XXMuZp2R+IRPg8
+CKVZynzp2JXjWEx+OzAqic9nGpe5HrDuUjnsnaKvhLvJzkNXg5ryufVOTr2LG2yV
+cKWzUJSDMKFbcyIgbAIHnn1z3wMJqLWNx7RXWUJbHIaO5cpLqPL6njdFq8wqe8LM
+CuYVBH4G7a57B1opNP2Unwe0YlNSH6YGkYO+HfpTubvQB4/lR2CThZvq+9llg9Rv
+7mE6ioSUuh4nGSpY5XKoc1PsZ1E95HnM2p7csKh7vvEws33rGQBD+o4azUqZA5Hz
+G8BHVMiUIZ+cc5vOJvKfgxevocI7yzL38FmploA5tp2HvyoU0KbuAMnZryLVfHuW
+vaoa5OjMcOMf+VZTitl/L+6gSW54VyUsgOacfvfPXXMifuN74v+E+KuUFHaLzPQ0
+exHenaWrN1/C2PcuORiCmqqjhfE1+ku1Ii7wv40zBycFC8pb4NNfTHMvhuGzw9Rq
+8aX+UMp9DsZzRQQDQa9gotzSbr0HEN+SZlnU05yorBvf4CtpV2Q42oYlpRnX5vsx
+wCxdSQFWiVYaL1dEYHa2RmEB2RXhuMuyugqZyPbVNgGLFWb925VgA0WwRMg3N56U
+6YgKyag1yzaxQbYPKs2c/iT+i5QMU6kx7Y6QPVs6zT7/DJvatRViogF1IQDiOS8o
+xtFbbCtQ7NGUsmgz6tsX8mo0oiCUZds1h/NBVUOY58EOYbOKs9Ywaui9ck+cKfGF
+X4dcPQz1sPEHgv4h5q1SpPNY3E2kuF8NSpV/KYznwxGiBV/Ui4rGH2/HmQUXNNQn
+VE3IqqbZs5/exZvdcWquKcTU9xNrclq5BgTkHI5QbGXXK+f3WmNR5rBQbd35UZQC
+cTn4pNSAM3iPJdMEO25ScsIQh8OkmIYvBnmpdMZxexnSpJx6HmOEF/Sf2mfvhz91
+Ah93E0ZF9ciN+6UQ697r3T97cXOeba+w4OhA1kw5Z75c0uOBomK8cfOzaG+vMOwf
+1uXkit13S5O234qzBcGoj3FLUprtooSmWj8f8sCtGK3qDCjZkyMoXWPu54V3jgXT
+IYmQ1Ps9QtMuXOqlN3itwu9BS0eFdQ/tKAQ33HoTMeHQ873Jhn67F9aPFzA+jnH5
+DWZlj/gV0HgZ9GYFLvzVZtjy1BDMTn3CscG9NkwXcu7YEXZANZ2YIeHcS/JwxOva
+DtQdERC0sHT9TSXLM7uL47UaIUoz7Pi6yYn3vJ/4cr2eLRLkfZuDD33gD4EBN/Oe
+DqmkycyrSdhIX6KfFG0sFxCNnkerUVhlxyrrnVP8JHRrfmRb+JV/mMLRv6MpGV8E
+Q/Y4AvkyhS2TJpJo3If7JjYTeihR3Lhq1KkAGoEBY0xkf0MApgq/TTjjU5BT2fD3
+k1Ywd0NzX4y3UmRoXb4+MV9/U0NkcYwhUSEPXgmuAj0vRRoC7sY7zbA7xcR9Gqlk
+0EJESYThFBBHJwKYJ1yEN8E3Ba1fQUKpwrb5sX+2UmniAx+KgLonPaQFcsaT1mFT
+98uJuvO+gMyLHDXv18DBTEsgFkR8lsjs27z1CnouHC9vFDho32Lwsfrpy8ty9p+r
+5WE/h3yOk95IAuX6OmhMPOlmNKskLyO1e0B/rYvksY0K3lf3J0+hUctKmX6e7XjM
+g81V0EyjjYQKhalzUDfHyTrPnNGuMOZOJ0eBmhavSSDGvENdp8lrz6vgjj0o5qaO
+IStU3QrW1Tcg8pvykyA/Lw==
+-----END ENCRYPTED PRIVATE KEY-----
+</key>
+
+# Verify server certificate by checking
+# that the certicate has the nsCertType
+# field set to "server".  This is an
+# important precaution to protect against
+# a potential attack discussed here:
+#  http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the nsCertType
+# field set to "server".  The build-key-server
+# script in the easy-rsa folder will do this.
+#
+# Note!
+# The option "ns-cert-type" has been deprecated since 
+# version 2.4 and will be removed from later distributions.
+#
+# Use the modern equivalent "remote-cert-tls"
+# 
+;ns-cert-type server
+remote-cert-tls server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+#
+# Don't forget to set the 'key-direction' Parameter if using
+# Inline Key. Usualy , sever has key direction '0', while client
+# has ke direction '1'.
+#
+key-direction 1
+<tls-auth>
+-----BEGIN OpenVPN Static key V1-----
+3cf6285cea0c09098e2fd9c4f0b77e10
+17f36672d5dbdfc5c076dcfb15996950
+23483097039a2bd0ed987ec31a2deb2c
+6bc987cebd37dd435e4b591763375f1a
+af3b13a09680897fa379e952948e5c07
+8e314f92317b6ec2b347e80fffaa4371
+998b30ed33ad0570746bc9467434a4c5
+92850f34fb15de8385bb2aade5665048
+2cb73c00d4941411981bdc2c33e4e064
+03a1893991bdd08e645b94e9f959edb0
+397a71dc39558126f3aa83e09748873b
+5035c46ab289a548602e5b9f308562ab
+6ec9a6822b7db0e4641b42764a97ff20
+bd71debf42514513311779410f995974
+e5984887c5e43393cceccf2ddf7191c1
+a49f80dd24d79fc3d9409e9f42cae925
+-----END OpenVPN Static key V1-----
+</tls-auth>
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+;cipher BF-CBC        # Blowfish (default)
+;cipher AES-128-CBC   # AES
+;cipher DES-EDE3-CBC  # Triple-DES
+cipher AES-128-CBC
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+;comp-lzo
+
+# --auth-nocache
+# 
+# Don't cache --askpass or --auth-user-pass username/passwords in 
+# virtual memory. 
+# If specified, this directive will cause OpenVPN to immediately forget 
+# username/password inputs after they are used. As a result, when OpenVPN 
+# needs a username/password, it will prompt for input from stdin, which may 
+# be multiple times during the duration of an OpenVPN session. 
+#
+# When using --auth-nocache in combination with a user/password file 
+# and --chroot or --daemon, make sure to use an absolute path. 
+#
+# 
+auth-nocache
+
+# Verbosity level.
+# 0 -- quiet except for fatal errors.
+# 1 -- mostly quiet, but display non-fatal network errors.
+# 3 -- medium output, good for normal operation.
+# 9 -- verbose, good for troubleshooting
+verb 1
+
+# Setting 'pull' on the client takes care to get the 'push' durectives
+# from the server
+pull
--- a/BLKR/openvpn/gw-ckubu/crl.pem
+++ b/BLKR/openvpn/gw-ckubu/crl.pem
@ -0,0 +1,18 @@
+-----BEGIN X509 CRL-----
+MIIC6TCB0jANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCREUxDzANBgNVBAgT
+BkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNV
+BAsTEE5ldHdvcmsgU2VydmljZXMxETAPBgNVBAMTCFZQTi1CTEtSMREwDwYDVQQp
+EwhWUE4gQkxLUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUXDTE4MTAx
+NDIxNTMyMFoYDzIwNTAxMDE0MjE1MzIwWjANBgkqhkiG9w0BAQsFAAOCAgEADrVw
+HJ3D+lF2Sq5uJch0iqU/edvzn9Y9pWH9sd2PSRhd8qbOXsbta73nTEahaBlb1qbp
+uTMWkq+k54dmw5Ig2QzBSU6u4zVDhTlOS9aP6wwdVXq9230zxaialYGh2mRgr2/C
+fG+aI+XWGY4/Qof6Aekd2CDVhBDnTWAuDTgoAxW1MdaMaAyafTAQjaQ+ibJGKmoZ
+4z0VFYVyDhhuML8uo1c1O0tSXlmTeifeE1vNS2se0d4h4CPMVDRS0bRwu3CmPC5r
+UsIqOr97ShAKcpDp9IQWyUr+HurJSl19Q0oK0kDNO2WqrEf0p2VpgX3/5HcdXV1a
+6Zd9ogJ+nqyl75QgtcVTazGDGl2Fxy6IW6eIHMeVcB+v4ViU0ltMFzz79p3WKJfq
+K680DnFS3RYsxx4t+v3OkDBC+hFUzaxD/GwjhciLiRNg0OTjtIQ/jjctEJnOdENw
+8dYMMnys1K7xU4qcCDYvJIFycrUYGJLydQ0I9368HyLkXX/esS4fL3+RQTPkCoFk
+gNeIsVAp2Uz1mDrXEJw6eCHbwPCZ2zzONJo+xJTz3FY3sHFSwqKmrqQpWi0DNSS2
+gZS5SUIFLU0MWe5UrHew1bF4SdANvH8HDbb0iwSVLnUg41MNa4M1Qv5tj+CZVt9O
+rSHjlEFQuGHixms6mp6B56eLKiwHjMZSSPKTP7s=
+-----END X509 CRL-----
--- a/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/build-ca
+++ b/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/build-ca
@ -0,0 +1 @@
+/usr/share/easy-rsa/build-ca
--- a/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/build-dh
+++ b/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/build-dh
@ -0,0 +1 @@
+/usr/share/easy-rsa/build-dh
--- a/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/build-inter
+++ b/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/build-inter
@ -0,0 +1 @@
+/usr/share/easy-rsa/build-inter
--- a/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/build-key
+++ b/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/build-key
@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key
--- a/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/build-key-pass
+++ b/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/build-key-pass
@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-pass
--- a/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/build-key-pkcs12
+++ b/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/build-key-pkcs12
@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-pkcs12
--- a/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/build-key-server
+++ b/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/build-key-server
@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-server
--- a/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/build-req
+++ b/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/build-req
@ -0,0 +1 @@
+/usr/share/easy-rsa/build-req
--- a/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/build-req-pass
+++ b/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/build-req-pass
@ -0,0 +1 @@
+/usr/share/easy-rsa/build-req-pass
--- a/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/clean-all
+++ b/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/clean-all
@ -0,0 +1 @@
+/usr/share/easy-rsa/clean-all
--- a/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/inherit-inter
+++ b/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/inherit-inter
@ -0,0 +1 @@
+/usr/share/easy-rsa/inherit-inter
--- a/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/list-crl
+++ b/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/list-crl
@ -0,0 +1 @@
+/usr/share/easy-rsa/list-crl
--- a/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/openssl-0.9.6.cnf
+++ b/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/openssl-0.9.6.cnf
@ -0,0 +1,268 @@
+# For use with easy-rsa version 2.0
+
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		= 
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key	 	# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha256		# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options. 
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType			= server
+nsComment			= "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
--- a/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/openssl-0.9.8.cnf
+++ b/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/openssl-0.9.8.cnf
@ -0,0 +1,293 @@
+# For use with easy-rsa version 2.0
+
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines                 = engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key	 	# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha256		# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType			= server
+nsComment			= "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0
--- a/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/openssl-1.0.0.cnf
+++ b/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/openssl-1.0.0.cnf
@ -0,0 +1,290 @@
+# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines			= engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key		# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+#default_days	= 3650			# how long to certify for
+default_days   = 11688
+#default_crl_days= 30			# how long before next CRL
+default_crl_days   = 11688
+default_md	= sha256		# use public key default MD
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString (PKIX recommendation after 2004).
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType                     = server
+nsComment                      = "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0
--- a/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/openssl-1.0.0.cnf.ORIG
+++ b/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/openssl-1.0.0.cnf.ORIG
@ -0,0 +1,288 @@
+# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines			= engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key		# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha256		# use public key default MD
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString (PKIX recommendation after 2004).
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType                     = server
+nsComment                      = "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0
--- a/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/openssl.cnf
+++ b/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/openssl.cnf
@ -0,0 +1 @@
+/etc/openvpn/gw-ckubu/easy-rsa/openssl-1.0.0.cnf
--- a/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/pkitool
+++ b/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/pkitool
@ -0,0 +1 @@
+/usr/share/easy-rsa/pkitool
--- a/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/revoke-full
+++ b/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/revoke-full
@ -0,0 +1 @@
+/usr/share/easy-rsa/revoke-full
--- a/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/sign-req
+++ b/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/sign-req
@ -0,0 +1 @@
+/usr/share/easy-rsa/sign-req
--- a/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/vars
+++ b/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/vars
@ -0,0 +1,96 @@
+# easy-rsa parameter settings
+
+# NOTE: If you installed from an RPM,
+# don't edit this file in place in
+# /usr/share/openvpn/easy-rsa --
+# instead, you should copy the whole
+# easy-rsa directory to another location
+# (such as /etc/openvpn) so that your
+# edits will not be wiped out by a future
+# OpenVPN package upgrade.
+
+# This variable should point to
+# the top level of the easy-rsa
+# tree.
+##export EASY_RSA="`pwd`"
+export BASE_DIR="/etc/openvpn/gw-ckubu"
+export EASY_RSA="$BASE_DIR/easy-rsa"
+
+#
+# This variable should point to
+# the requested executables
+#
+export OPENSSL="openssl"
+export PKCS11TOOL="pkcs11-tool"
+export GREP="grep"
+
+
+# This variable should point to
+# the openssl.cnf file included
+# with easy-rsa.
+export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
+
+# Edit this variable to point to
+# your soon-to-be-created key
+# directory.
+#
+# WARNING: clean-all will do
+# a rm -rf on this directory
+# so make sure you define
+# it correctly!
+##export KEY_DIR="$EASY_RSA/keys"
+export KEY_DIR="$BASE_DIR/keys"
+
+# Issue rm -rf warning
+echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
+
+# PKCS11 fixes
+export PKCS11_MODULE_PATH="dummy"
+export PKCS11_PIN="dummy"
+
+# Increase this to 2048 if you
+# are paranoid.  This will slow
+# down TLS negotiation performance
+# as well as the one-time DH parms
+# generation process.
+##export KEY_SIZE=2048
+export KEY_SIZE=4096
+
+# In how many days should the root CA key expire?
+##export CA_EXPIRE=3650
+export CA_EXPIRE=11688
+
+# In how many days should certificates expire?
+##export KEY_EXPIRE=3650
+export KEY_EXPIRE=7305
+
+# These are the default values for fields
+# which will be placed in the certificate.
+# Don't leave any of these fields blank.
+##export KEY_COUNTRY="US"
+export KEY_COUNTRY="DE"
+##export KEY_PROVINCE="CA"
+export KEY_PROVINCE="Berlin"
+##export KEY_CITY="SanFrancisco"
+export KEY_CITY="Berlin"
+##export KEY_ORG="Fort-Funston"
+export KEY_ORG="o.open"
+##export KEY_EMAIL="me@myhost.mydomain"
+export KEY_EMAIL="argus@oopen.de"
+##export KEY_OU="MyOrganizationalUnit"
+export KEY_OU="Network Services"
+
+# X509 Subject Field
+##export KEY_NAME="EasyRSA"
+export KEY_NAME="VPN BLKR"
+
+# PKCS11 Smart Card
+# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
+# export PKCS11_PIN=1234
+
+# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
+# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
+## export KEY_CN="CommonName"
+export KEY_CN="VPN-BLKR"
+
+export KEY_ALTNAMES="VPN-BLKR"
--- a/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/vars.2018-10-14-2324
+++ b/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/vars.2018-10-14-2324
@ -0,0 +1,80 @@
+# easy-rsa parameter settings
+
+# NOTE: If you installed from an RPM,
+# don't edit this file in place in
+# /usr/share/openvpn/easy-rsa --
+# instead, you should copy the whole
+# easy-rsa directory to another location
+# (such as /etc/openvpn) so that your
+# edits will not be wiped out by a future
+# OpenVPN package upgrade.
+
+# This variable should point to
+# the top level of the easy-rsa
+# tree.
+export EASY_RSA="`pwd`"
+
+#
+# This variable should point to
+# the requested executables
+#
+export OPENSSL="openssl"
+export PKCS11TOOL="pkcs11-tool"
+export GREP="grep"
+
+
+# This variable should point to
+# the openssl.cnf file included
+# with easy-rsa.
+export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
+
+# Edit this variable to point to
+# your soon-to-be-created key
+# directory.
+#
+# WARNING: clean-all will do
+# a rm -rf on this directory
+# so make sure you define
+# it correctly!
+export KEY_DIR="$EASY_RSA/keys"
+
+# Issue rm -rf warning
+echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
+
+# PKCS11 fixes
+export PKCS11_MODULE_PATH="dummy"
+export PKCS11_PIN="dummy"
+
+# Increase this to 2048 if you
+# are paranoid.  This will slow
+# down TLS negotiation performance
+# as well as the one-time DH parms
+# generation process.
+export KEY_SIZE=2048
+
+# In how many days should the root CA key expire?
+export CA_EXPIRE=3650
+
+# In how many days should certificates expire?
+export KEY_EXPIRE=3650
+
+# These are the default values for fields
+# which will be placed in the certificate.
+# Don't leave any of these fields blank.
+export KEY_COUNTRY="US"
+export KEY_PROVINCE="CA"
+export KEY_CITY="SanFrancisco"
+export KEY_ORG="Fort-Funston"
+export KEY_EMAIL="me@myhost.mydomain"
+export KEY_OU="MyOrganizationalUnit"
+
+# X509 Subject Field
+export KEY_NAME="EasyRSA"
+
+# PKCS11 Smart Card
+# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
+# export PKCS11_PIN=1234
+
+# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
+# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
+# export KEY_CN="CommonName"
--- a/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/whichopensslcnf
+++ b/BLKR/openvpn/gw-ckubu/easy-rsa.2018-10-14-2337/whichopensslcnf
@ -0,0 +1 @@
+/usr/share/easy-rsa/whichopensslcnf
--- a/BLKR/openvpn/gw-ckubu/easy-rsa/build-ca
+++ b/BLKR/openvpn/gw-ckubu/easy-rsa/build-ca
@ -0,0 +1 @@
+/usr/share/easy-rsa/build-ca
--- a/BLKR/openvpn/gw-ckubu/easy-rsa/build-dh
+++ b/BLKR/openvpn/gw-ckubu/easy-rsa/build-dh
@ -0,0 +1 @@
+/usr/share/easy-rsa/build-dh
--- a/BLKR/openvpn/gw-ckubu/easy-rsa/build-inter
+++ b/BLKR/openvpn/gw-ckubu/easy-rsa/build-inter
@ -0,0 +1 @@
+/usr/share/easy-rsa/build-inter
--- a/BLKR/openvpn/gw-ckubu/easy-rsa/build-key
+++ b/BLKR/openvpn/gw-ckubu/easy-rsa/build-key
@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key
--- a/BLKR/openvpn/gw-ckubu/easy-rsa/build-key-pass
+++ b/BLKR/openvpn/gw-ckubu/easy-rsa/build-key-pass
@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-pass
--- a/BLKR/openvpn/gw-ckubu/easy-rsa/build-key-pkcs12
+++ b/BLKR/openvpn/gw-ckubu/easy-rsa/build-key-pkcs12
@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-pkcs12
--- a/BLKR/openvpn/gw-ckubu/easy-rsa/build-key-server
+++ b/BLKR/openvpn/gw-ckubu/easy-rsa/build-key-server
@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-server
--- a/BLKR/openvpn/gw-ckubu/easy-rsa/build-req
+++ b/BLKR/openvpn/gw-ckubu/easy-rsa/build-req
@ -0,0 +1 @@
+/usr/share/easy-rsa/build-req
--- a/BLKR/openvpn/gw-ckubu/easy-rsa/build-req-pass
+++ b/BLKR/openvpn/gw-ckubu/easy-rsa/build-req-pass
@ -0,0 +1 @@
+/usr/share/easy-rsa/build-req-pass
--- a/BLKR/openvpn/gw-ckubu/easy-rsa/clean-all
+++ b/BLKR/openvpn/gw-ckubu/easy-rsa/clean-all
@ -0,0 +1 @@
+/usr/share/easy-rsa/clean-all
--- a/BLKR/openvpn/gw-ckubu/easy-rsa/inherit-inter
+++ b/BLKR/openvpn/gw-ckubu/easy-rsa/inherit-inter
@ -0,0 +1 @@
+/usr/share/easy-rsa/inherit-inter
--- a/BLKR/openvpn/gw-ckubu/easy-rsa/list-crl
+++ b/BLKR/openvpn/gw-ckubu/easy-rsa/list-crl
@ -0,0 +1 @@
+/usr/share/easy-rsa/list-crl
--- a/Show More
+++ b/Show More
				`@ -1 +0,0 @@`
				`Subproject commit f66029fe95ffc2010b0d3e435dbebf9ef7b7f849`
				`@ -0,0 +1 @@`
				`Subproject commit b497e297553ef92ccc80cfb774fa4a6f90284dc1`
				`@ -0,0 +1 @@`
				`/etc/openvpn/blkr/easy-rsa/openssl-1.0.0.cnf`
				`@ -0,0 +1 @@`
				`/etc/openvpn/gw-ckubu/easy-rsa/openssl-1.0.0.cnf`