diff --git a/ANW-URB/README.txt b/ANW-URB/README.txt
index 28651e4..6402914 100644
--- a/ANW-URB/README.txt
+++ b/ANW-URB/README.txt
@@ -1,5 +1,8 @@
 
+-------
 Notice:
+-------
+
    You have to change some configuration files becaus the because
    the configuration of network interfaces must not be equal.
 
@@ -21,5 +24,5 @@ Notice:
       interfaces.ANW-URB: see above
       default_isc-dhcp-server.ANW-URB
       ipt-firewall.ANW-URB: LAN device (mostly ) = eth1
-                                second LAN WLAN or what ever (if present) = eth0
+      second LAN WLAN or what ever (if present) = eth0
          
diff --git a/ANW-URB/bin/admin-stuff b/ANW-URB/bin/admin-stuff
index 6c91fc0..414ae04 160000
--- a/ANW-URB/bin/admin-stuff
+++ b/ANW-URB/bin/admin-stuff
@@ -1 +1 @@
-Subproject commit 6c91fc0987a1d4b55910523e167b3755ab1f6718
+Subproject commit 414ae04eada0ebc45643e82d8742de795e5c5a70
diff --git a/ANW-URB/bin/manage-gw-config b/ANW-URB/bin/manage-gw-config
index 2a96dfd..e0e37c2 160000
--- a/ANW-URB/bin/manage-gw-config
+++ b/ANW-URB/bin/manage-gw-config
@@ -1 +1 @@
-Subproject commit 2a96dfdc8f50605a84059b07e64b8ae6b41b5688
+Subproject commit e0e37c21b77b5876fb9b5b66204cfcb7eba3cffc
diff --git a/ANW-URB/bin/monitoring b/ANW-URB/bin/monitoring
index 0611d0a..9a02312 160000
--- a/ANW-URB/bin/monitoring
+++ b/ANW-URB/bin/monitoring
@@ -1 +1 @@
-Subproject commit 0611d0a2ad1eefa0a9a094887a76bc5bc8532653
+Subproject commit 9a02312bda7beec1b6d6f63d197f2dfd39254680
diff --git a/ANW-URB/bind/bind.keys b/ANW-URB/bind/bind.keys
index b003c53..db22d4b 100644
--- a/ANW-URB/bind/bind.keys
+++ b/ANW-URB/bind/bind.keys
@@ -1,49 +1,69 @@
-/* $Id: bind.keys,v 1.5.42.2 2011-01-04 19:14:48 each Exp $ */
-# The bind.keys file is used to override built-in DNSSEC trust anchors
-# which are included as part of BIND 9.  As of the current release (BIND
-# 9.7), the only trust anchor it sets is the one for the ISC DNSSEC
-# Lookaside Validation zone ("dlv.isc.org").  Trust anchors for any other
-# zones MUST be configured elsewhere; if they are configured here, they
-# will not be recognized or used by named.
+# The bind.keys file is used to override the built-in DNSSEC trust anchors
+# which are included as part of BIND 9.  As of the current release, the only
+# trust anchors it contains are those for the DNS root zone ("."), and for
+# the ISC DNSSEC Lookaside Validation zone ("dlv.isc.org").  Trust anchors
+# for any other zones MUST be configured elsewhere; if they are configured
+# here, they will not be recognized or used by named.
 #
-# This file also contains a copy of the trust anchor for the DNS root zone
-# (".").  However, named does not use it; it is provided here for
-# informational purposes only.  To switch on DNSSEC validation at the
-# root, the root key below can be copied into named.conf.
-#
-# The built-in DLV trust anchor in this file is used directly by named.
-# However, it is not activated unless specifically switched on.  To use
-# the DLV key, set "dnssec-lookaside auto;" in the named.conf options.
-# Without this option being set, the key in this file is ignored.
+# The built-in trust anchors are provided for convenience of configuration.
+# They are not activated within named.conf unless specifically switched on.
+# To use the built-in root key, set "dnssec-validation auto;" in
+# named.conf options.  To use the built-in DLV key, set
+# "dnssec-lookaside auto;".  Without these options being set,
+# the keys in this file are ignored.
 #
 # This file is NOT expected to be user-configured.
 #
-# These keys are current as of January 2011.  If any key fails to
+# These keys are current as of Feburary 2017.  If any key fails to
 # initialize correctly, it may have expired.  In that event you should
 # replace this file with a current version.  The latest version of
 # bind.keys can always be obtained from ISC at https://www.isc.org/bind-keys.
 
 managed-keys {
-	# ISC DLV: See https://www.isc.org/solutions/dlv for details.
-        # NOTE: This key is activated by setting "dnssec-lookaside auto;"
-        # in named.conf.
-	dlv.isc.org. initial-key 257 3 5 "BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2
-		brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+
-		1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5
-		ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk
-		Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM
-		QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt
-		TDN0YUuWrBNh";
+        # ISC DLV: See https://www.isc.org/solutions/dlv for details.
+        #
+        # NOTE: The ISC DLV zone is being phased out as of February 2017;
+        # the key will remain in place but the zone will be otherwise empty.
+        # Configuring "dnssec-lookaside auto;" to activate this key is
+        # harmless, but is no longer useful and is not recommended.
+        dlv.isc.org. initial-key 257 3 5 "BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2
+                brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+
+                1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5
+                ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk
+                Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM
+                QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt
+                TDN0YUuWrBNh";
 
-	# ROOT KEY: See https://data.iana.org/root-anchors/root-anchors.xml
-	# for current trust anchor information.
-        # NOTE: This key is activated by setting "dnssec-validation auto;"
+        # ROOT KEYS: See https://data.iana.org/root-anchors/root-anchors.xml
+        # for current trust anchor information.
+        #
+        # These keys are activated by setting "dnssec-validation auto;"
         # in named.conf.
-	. initial-key 257 3 8 "AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF
-		FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX
-		bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD
-		X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz
-		W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS
-		Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq
-		QxA+Uk1ihz0=";
+        #
+        # This key (19036) is to be phased out starting in 2017. It will
+        # remain in the root zone for some time after its successor key
+        # has been added. It will remain this file until it is removed from
+        # the root zone.
+        . initial-key 257 3 8 "AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF
+                FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX
+                bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD
+                X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz
+                W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS
+                Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq
+                QxA+Uk1ihz0=";
+
+        # This key (20326) is to be published in the root zone in 2017.
+        # Servers which were already using the old key (19036) should
+        # roll seamlessly to this new one via RFC 5011 rollover. Servers
+        # being set up for the first time can use the contents of this
+        # file as initializing keys; thereafter, the keys in the
+        # managed key database will be trusted and maintained
+        # automatically.
+        . initial-key 257 3 8 "AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3
+                +/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kv
+                ArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF
+                0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+e
+                oZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfd
+                RUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwN
+                R1AkUTV74bU=";
 };
diff --git a/ANW-URB/bind/bind.keys.dpkg-old b/ANW-URB/bind/bind.keys.dpkg-old
new file mode 100644
index 0000000..b003c53
--- /dev/null
+++ b/ANW-URB/bind/bind.keys.dpkg-old
@@ -0,0 +1,49 @@
+/* $Id: bind.keys,v 1.5.42.2 2011-01-04 19:14:48 each Exp $ */
+# The bind.keys file is used to override built-in DNSSEC trust anchors
+# which are included as part of BIND 9.  As of the current release (BIND
+# 9.7), the only trust anchor it sets is the one for the ISC DNSSEC
+# Lookaside Validation zone ("dlv.isc.org").  Trust anchors for any other
+# zones MUST be configured elsewhere; if they are configured here, they
+# will not be recognized or used by named.
+#
+# This file also contains a copy of the trust anchor for the DNS root zone
+# (".").  However, named does not use it; it is provided here for
+# informational purposes only.  To switch on DNSSEC validation at the
+# root, the root key below can be copied into named.conf.
+#
+# The built-in DLV trust anchor in this file is used directly by named.
+# However, it is not activated unless specifically switched on.  To use
+# the DLV key, set "dnssec-lookaside auto;" in the named.conf options.
+# Without this option being set, the key in this file is ignored.
+#
+# This file is NOT expected to be user-configured.
+#
+# These keys are current as of January 2011.  If any key fails to
+# initialize correctly, it may have expired.  In that event you should
+# replace this file with a current version.  The latest version of
+# bind.keys can always be obtained from ISC at https://www.isc.org/bind-keys.
+
+managed-keys {
+	# ISC DLV: See https://www.isc.org/solutions/dlv for details.
+        # NOTE: This key is activated by setting "dnssec-lookaside auto;"
+        # in named.conf.
+	dlv.isc.org. initial-key 257 3 5 "BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2
+		brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+
+		1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5
+		ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk
+		Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM
+		QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt
+		TDN0YUuWrBNh";
+
+	# ROOT KEY: See https://data.iana.org/root-anchors/root-anchors.xml
+	# for current trust anchor information.
+        # NOTE: This key is activated by setting "dnssec-validation auto;"
+        # in named.conf.
+	. initial-key 257 3 8 "AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF
+		FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX
+		bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD
+		X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz
+		W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS
+		Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq
+		QxA+Uk1ihz0=";
+};
diff --git a/ANW-URB/openvpn/anwaeltinnen/ccd/server-anwaeltinnen/VPN-ANW-URB-chris b/ANW-URB/openvpn/anwaeltinnen/ccd/server-anwaeltinnen/VPN-ANW-URB-chris
new file mode 100644
index 0000000..a4db4ae
--- /dev/null
+++ b/ANW-URB/openvpn/anwaeltinnen/ccd/server-anwaeltinnen/VPN-ANW-URB-chris
@@ -0,0 +1,4 @@
+ifconfig-push 10.0.132.3 255.255.255.0
+push "route 172.16.132.0 255.255.255.0"
+#push "route 192.168.1.0 255.255.255.0"
+
diff --git a/ANW-URB/openvpn/anwaeltinnen/ccd/server-anwaeltinnen/VPN-ANW-URB-undine b/ANW-URB/openvpn/anwaeltinnen/ccd/server-anwaeltinnen/VPN-ANW-URB-undine
new file mode 100644
index 0000000..d0aacae
--- /dev/null
+++ b/ANW-URB/openvpn/anwaeltinnen/ccd/server-anwaeltinnen/VPN-ANW-URB-undine
@@ -0,0 +1,2 @@
+ifconfig-push 10.0.132.4 255.255.255.0
+#push "route 192.168.1.0 255.255.255.0"
diff --git a/ANW-URB/openvpn/anwaeltinnen/client-configs/chris.conf b/ANW-URB/openvpn/anwaeltinnen/client-configs/chris.conf
new file mode 100644
index 0000000..0f3322c
--- /dev/null
+++ b/ANW-URB/openvpn/anwaeltinnen/client-configs/chris.conf
@@ -0,0 +1,270 @@
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server.     #
+#                                            #
+# This configuration can be used by multiple #
+# clients, however each client should have   #
+# its own cert and key files.                #
+#                                            #
+# On Windows, you might want to rename this  #
+# file so it has a .ovpn extension           #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Are we connecting to a TCP or
+# UDP server?  Use the same setting as
+# on the server
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote gw-urban.oopen.de 1194
+
+topology subnet
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server.  Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# Server CA
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIG5DCCBMygAwIBAgIJAN1fphZLnTfpMA0GCSqGSIb3DQEBCwUAMIGmMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEUMBIGA1UEAxML
+VlBOLUFOVy1VUkIxFDASBgNVBCkTC1ZQTiBBTlctVVJCMR0wGwYJKoZIhvcNAQkB
+Fg5hcmd1c0Bvb3Blbi5kZTAgFw0xODA3MDExMTM2NTVaGA8yMDUwMDcwMTExMzY1
+NVowgaYxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJl
+cmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2Vz
+MRQwEgYDVQQDEwtWUE4tQU5XLVVSQjEUMBIGA1UEKRMLVlBOIEFOVy1VUkIxHTAb
+BgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOC
+Ag8AMIICCgKCAgEA0Eg3kuQNQbERkNaYwBm4/Q1FAnFg5p9kPFDoYrx+/Sm1XCAp
+dO4Ufs0ZqyGFhUMtKU2nNeKy21lPMR3sRIADlqX767FmNahMHsG6iJ87y2cEZKTD
+CWK15jNEwP54DzxTqSEO3VnmMnZqOrahPTyAsrT/HGnaair40FG3JKj1VzbERuaD
+u9OGKzGLFfZLTisGURAiU0yWKt9t6EbunXVheMmCv1n0ReKWF8W4lzPl7XNZnrN+
+uVr6PFYwgwWW9iyJF5gwBuWnk6gCMZ4dk7NJGX00rPn9tL9gj4OpSq4ab9B9iUTM
+9qtJRw859i8255TzyjGLrFxjdSVcr6jkKZXBqfPCc52PFsdtdi0Z3TaixY6q33NH
+QPjLwacFHqKqjmURYmEJ6SCQh+gy88ns+q1F6iGW/RJcYAr5aSfHCujvcqzWx7kQ
+Cm+M0e2or52GF7rni2RxuwN5VB+Rg8odDblXFJz8+Re2ogIjVJH3+SGO5THmWb2U
+vcQfZG8HS9qo/M7AfFAX8rJ9SGUE8IXd+ToLChNQQ+ve0BtELVxepb9Sa+qNrd1y
+KMgfexkCaI0FE8nrXyW/RcDuvczQu3Z4gUyimbGGR7OjCh0sbW/YKu/3Fa9TM5zB
+Y4ftr7hy3ZnHbJN+19n2UHfmtTr+ZgeAs7JwMynInof8BHhGv+kUum3crJsCAwEA
+AaOCAQ8wggELMB0GA1UdDgQWBBTF9OUo3n/o7JvzICYiUlEjKHRepDCB2wYDVR0j
+BIHTMIHQgBTF9OUo3n/o7JvzICYiUlEjKHRepKGBrKSBqTCBpjELMAkGA1UEBhMC
+REUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZv
+Lm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1B
+TlctVVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJn
+dXNAb29wZW4uZGWCCQDdX6YWS5036TAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEB
+CwUAA4ICAQCsVsSGmADWXv/lcH9sG+dIfQzq1b+gwlbdFPUX2Cc8zOnKwwKlG31k
+dupsmTz6e7kXNMbcaWkZmhC20SxnuVzuT0BxoCAplTZ64FxK+Z3ezjIj0UxEVS83
+m9uDUJ8Cqdcb/0sv05pPqvw3NL+VvNElyZKYsE8YqzlxNcM0GYpFlbO4mH9g1Oc/
+FChyxW0j1tdo/DDUypxOJni/nFETudequpeEAFI5rhOTu34uG2KZCXvKrPwO/NG9
+EmgTZJhEA2QLKBfBwfiWFIlFc1EOx9ZyjmIxt/iA2nQAB6nN7mp/RxuzHuLfqJcN
++4LpD/gl2vdmgTSgSWPsFthRZALW7U4pJew4vJeQZjhn/0KjSPCCkoLaAIW/xQrs
+4HgieQxO56ejaUzU+FdzU4MgWpZrl7i0OiZ6KiSH56PlutZhLyQha/P03IeXpSDs
+WdRVE6iQ24CLjIJ+B3C/T/YtAGEnm5L+Rw5bVcL4cIjkoQx0tVHE1OOcquYY78aA
+o1/oMkW/HRx7rGfbxykcnVOYyEegklSu4uSBIw2qrlA1Ug3wWpK+226+s2Rprpbs
+Y44VQIZ0c2ZFG2nrddoG1N+Uzse/577orfsXeMyEbShgnao4If13DKqPCNfayxmp
+4phyU0hy3UUIEc92FBH/GlOBbbxAozfH39GICmeFO6xTJDajKG0OTA==
+-----END CERTIFICATE-----
+</ca>
+
+# Client Certificate
+<cert>
+-----BEGIN CERTIFICATE-----
+MIIHQDCCBSigAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1BTlct
+VVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
+b29wZW4uZGUwHhcNMTgwNzAxMTIxMzQ1WhcNMzgwNzAxMTIxMzQ1WjCBrDELMAkG
+A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
+VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGjAYBgNVBAMT
+EVZQTi1BTlctVVJCLWNocmlzMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqG
+SIb3DQEJARYOYXJndXNAb29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
+ggIKAoICAQCmaF8/xuke0DJtb9o+YbTcavESM+LsNxT4WNKymiE8Ai0ABVUxZq8E
+52XYnYNcaiavt/3ijmdDxQBOuMqU87dEke37mEh6Rqi5V7fwJ5kXPHNlhxDGDuHW
+dYXjD60IYrw1HYoI7QPYUUS0MsRX3oQtFknRmQZbHKQODToEMvsSE9ZiZGrioVxh
+5X8bcB0kIhN7vxD8P6Z4dPHcA6LXKuBfzt//LXMt3RK65a5i01S1SFM57nBj/e6n
+vhpBIbyEcap0FjXduNfI08QVuIxKkq1eHAOGTA5LbRixjYWSxO4B5AHIoBmQrbq8
+aVzDVn0RgvUd3dQVuYPNDvneJOrrSEYuneD8yl998+luSvE9JvhltzxHHsyyNvTD
+30B2WsNxRgIYrUxq6lPgoAzpwEy/NhmUAx3RfCAyZnsKOBAkGwhkYdisT5DByvru
+IR8tXz2EoYEOZ0lbdulVTIGrH7isdJSXGQiOXbLZIhr3/eTcFv9gNqbI4PvpCwPG
+UP8hg8O8aUiWcoxrEArLL3tpxlp5JlS4BSXJj725m/CCuaZN6hl6cEUFttKmIoKW
+KzCt9h8okGLEJVJKJtza05+U3sT02wKKJwyXRdfvfF8Z+k/yQcvPGMHxuGbdgSNP
+sKx6BBE5VWPlF5CxfZGadogRnA4J3SG/MNgeMJv5UZ2rDjqZoubuYQIDAQABo4IB
+bzCCAWswCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2VuZXJh
+dGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBTRPLXyUmqvwwPUbLmzUYaOMxr4WDCB
+2wYDVR0jBIHTMIHQgBTF9OUo3n/o7JvzICYiUlEjKHRepKGBrKSBqTCBpjELMAkG
+A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
+VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMT
+C1ZQTi1BTlctVVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJ
+ARYOYXJndXNAb29wZW4uZGWCCQDdX6YWS5036TATBgNVHSUEDDAKBggrBgEFBQcD
+AjALBgNVHQ8EBAMCB4AwEAYDVR0RBAkwB4IFY2hyaXMwDQYJKoZIhvcNAQELBQAD
+ggIBAI67FjgkmJlI0/bie4kSEb1orEKzCGmA1q9FxJAD+DnWEpQcE+SYrtgJH//T
+aH37a5siyjfFtLsQqf+4mv1lG9jONeqQvr9g/vNI0GR7fefjl2GxzaiOlONqiiAO
+PZG4GabB524T90/szbFuGn3ri+A+40qRCEKJzOYG6NI/IpNdO7VunbY5NdRIqdEl
+9BfYt1ROmhQba2srFSRsuClmdwQixl1Qh7b/97DN9wVqn+PHIwPYppqD002bxYBb
+LZaKsbVoHy+nZdyrOhjPe+FVxPYBDd9BxeXDBwoVfgww8Y2V/6eqnJ0nHyo77n+a
+sVF0Nej+36/VMBrPaB4chwIVcwudRCsrNsSKsinL7JzBhry423CfK57kTsqDQ0Ib
+481tqr7CH3kSmTSbAdDX+3NG8W3NWzKlSprll8SSi/b7xX17yv6xc3AnBcngLlvG
+DLOiCDAgX0iwgho1to+rnyZ8/IlxWe+5BhBJMyHfPZuyphPhD7KqxBjKb6K4y1at
+wUxI8YSBEKM5mcdmjrkYVZVyHZB0tK2UsbkJC/gzJaVMOmbLRIHTkdx93rNAewEU
+8JopTqHv84Z1yFiL8n6sI5XTwqdcCvj9Q/lJ3mh1UBogmtStr6OSUMDiWmsOLD/9
+9QhHpvTC376/9OwD78wpPRBmCHdmpthXvryCE1eVOszDcapr
+-----END CERTIFICATE-----
+</cert>
+
+# Client Key
+<key>
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJljBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIwgpZYNPhKv4CAggA
+MBQGCCqGSIb3DQMHBAhMWcosg1DkggSCCVBPbBDQJAZKMbPsp1qwJQL09RpZgtpp
+y93DH+BlfoqK8Yvn2P1FUUSK7gtHtg7dL7MJyXzQSusx7rd62wMTPDPOCf2p5S50
+EngLGOwuS6mQtYXHSxl1+RIJxkTJzCOkeiFYZ2eXwhC1iTCZzAMuRNoY7dSQWMtP
+mkJEcjA5xlSXGc9YZHE9T9TtKPHF3l6QJk9y7iT0CUF1PjAoSijGreuUMvK6t7FM
+Bv+yurbXC03v7Bmsb+m3zDUSOzsDtDGWChP4v9kAGjv+wDNY44fI4nD3B2oJrGzu
+QRqmuv/LqYJc5/4M2MoasJD7mc7JxNqf4CiY01exgVnALEb8mm1GLu3b0dyf0H08
+N4tJl+6kctl7nIxux943o5CXSenBjRbiTys/Hsv5iUhlzLKBxrAiVACIDnOy6LLE
+Z1xpWw+kGPNk95v61wxrO+k7wie3rAjLGwSjlgE/ukmBoF+t/huyB/5Uax0OMMQU
+ju50r7HGaKiNLGi97pdr56fmRquFzxfbAoToZckwBHd4ga0DMFoHylnOo4fzwmL6
+BAJg/kBDfn16rjGCwg90CF9hLyEnOyppAqTwqXQyDAWOFJaXSArea/Tvvo6sTK92
+maKSLXhu9wHOWgti7IE3/tz/DUkXeTMvAms+C7ho24E9VgRi+1l6r92A9eeSAO6L
+/d13e5jOfQ0NUvNpn0VyzwgKJK+LB4br7DveehUtTr4RVgH5x2ulzmsEeDEvlH4a
+RYV7uDCG+f2IHieNsn4jI2yxZTVv1VhtPWQJdsFFJ2wmTHwnU+wDmeTBAaucB6E9
+8swykBViLQwWzy3prBonDz2+1jAzMTvCeasZwEovSxgVtrMCOH/vobotMW/YVHtC
+TBYNtX+1Sc3er06LdhsXn6BpmNiGck3jqOYPZDihX38viOfzFg0vy60r39TyLBX9
+VFTepVPNDvG4NdLoqibbt70ik2L9y2igL60jb4hPIjWhN7kgmA033PkhPUb/FR0P
+c7vGAtKpZ8OWWlGMMzURYchspfkMfeZ8fPyyk8kHm8nKQ0+sICy8IqNqK0bitS95
+nIkGrohRasxBN0eqth4aofP+uLwsUagrd+ceFWNr0+F4xoqtyLVy/iq6XJytZniW
+8cth2X/U1GwZ/6F0SdylXLbPhVHCcPvlowCVVBR0wScxRH3WjDj5lk9uHX0bPYTA
+Sl1cuheFGMUSA/77t64yiSEHewW0H/DRSuNPMOS1zLMQ/L5c+kPPHLKRFqJCkPc2
+rvsqKxKgvlmwCziMVgJQ0ndfET7m7UY8xUhlja3tsDG9bvPey6b2ZzZUpuRCAcck
+MfTZeHkUhONkI8WLooedSjMO/mavwO8wqotCdHnO2FDvYZhFeEoQYqtT5jCD5kJC
+D0RA/mCN0HMntedYZb+1N8GTIFnNwqCZzh4+QD8Am/iKd3HqO1SgxAbEAAkxyK7O
+pMo/pzQQW22+Th+yOLBeKRMOL6jdy3di/mId6XXq4DNn3kRsHFsRSVXaWfAabzxB
+Lr4qGlv2cIOlxjWcaSI8ldeoazDKmA8vzeQzbK6fGu9QgAKh+i7443blPp8J5Ms6
+6hz7NK/H39CRNK4B+WIMswHSokSn99SfiC+3sOGgHXXNlqlRwvp7r5OUQ1uP8wLm
+D6g22sO1BzYZOVbocyeVyrLEBjpY3kzaQDR2h/Ts8Y3urH3crY5IB4ZEf7CT4XdI
+Qu8cYJNM87ifrrKNC6ZyenVtmAGMjpu6yXAxyEb+qDQnBioCOdX5knYnsOpWHBWG
+lBpdL5SSbXxH0UWlLbMiIdO9NhNKZ27OtjXp2rlxOJMVryYdWtgDp4phmvI1cgV5
+Qo6cUxS4IG0nHFsEfOHO56xnQGyt5tKHTjg9xtDjgLz2gBknjK1KcUfdZ1PZshef
+08Y0DeubeFAi95JwB8NcZYEf3P01JH4c55Z9fVfWzhb04mX1fdHz9O/XqCMymiIv
+C39gqMk96mPGamaN2wVt2twbnUtoA83E3m1dxk94sKxmFugkvlN1w4XjPEw2Wwba
+cQj3Or3E6CtWsAo/5wlQZypvVkknjfyFZRYWb4dGX0tCPdNLrkArkpABTi7XrgYC
+MFw1FX/Q2axEYFYUAb3XjDULlqa6ot3HDfJLll2Tqt65dj7sf/655n/oMU6deV/d
+VKJzHvTwRmYFQyMYYA4LB6pVuSAL7r4L0ObHolt+Lq7KQpShjZwzL9GGzsD8nA6B
+YRczfnTJRp+KZ4Nxgm5vm/UDhvUmGavqhkCnAHfPEj6wgrMsc0vyujbOo50lXH87
+YbscsJqDFsnB+Ym5K+bD8X6cgO66PC2qQIngDuHyPm57l/FdbdAFbWQaDiv8Yojo
+PnU8LisFXOv0h4ESa83zSUw9YRhMFcPR5yh28iYlVDWJjd9VoXgOoR6YGwTkV/wy
+4CkQVIFznftkZXaZYrsfU/GaR1LjGxwu9TlLzt8hAqbgvzbGXvUn0zF7HF2OrMoX
+OTUr/ptuF8qzq2JMzBlCla7tp1cmBR8NFd1ZUQVat95OEG5U9aMvHjHIZGpw0gcx
+3PavXizCvjgsl8aHSeTRPBxS1ajzXont/RjRO5SOVj1y8jzvd8suCWCjkB6XeJI7
+1kZAz2STCxq7k2uwpYmFMcyu3RCISoyWFAvpNY298RtsvJexyj3iWiVNPRgEDfSy
+mncxifB/TZKofpHe3+ZM6uEbiKE3eivIZVFRTC3p3qN+WTMrgzQinADQZTwzBnJz
+/BzO3iejgI6URhx62F3OVJOaG16pYNJ+RT1gHFl/icozVOPXjSDgtjztDVKMhqd/
+0oRCCCt5RBy5T6ufUpoJJ6rZsRRITthb+u7YhFZuuYcPCPcC1UF43SjXXitf00Av
+ImlNi6F9FyQU8HZ8nMuOzcDv2E109g1nyisPnUTuBd5tPzVwHI5+ZdAWTYyGurDR
+P+s+56COnfo68wcmPuEHSBqQjBD+8Tlkf0NS0g55uYiszULvWO74i0UEi0TXyd1b
+sFXDbiUk7fIW5kWCzwaEgECTWAHNr52IpoF/5WEHCNaV2uDg7t5QLDMwVk3bJe2z
+CODdkX5frI/HNkZwn7Ywq7uu+T2ADFSqRmjputFp/VjOuQICyJ0xL3vl51vn11FL
+lj3hkBwxfHPZyugbwD9OkXInyr1du0h/aOoCauf2DX9IzAb48Xt0E0P0TiCUZJY0
+WO3Ph1v2Ieg0Vg==
+-----END ENCRYPTED PRIVATE KEY-----
+</key>
+
+# Verify server certificate by checking
+# that the certicate has the nsCertType
+# field set to "server".  This is an
+# important precaution to protect against
+# a potential attack discussed here:
+#  http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the nsCertType
+# field set to "server".  The build-key-server
+# script in the easy-rsa folder will do this.
+#
+# Note!
+# The option "ns-cert-type" has been deprecated since 
+# version 2.4 and will be removed from later distributions.
+#
+# Use the modern equivalent "remote-cert-tls"
+# 
+;ns-cert-type server
+remote-cert-tls server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+#
+# Don't forget to set the 'key-direction' Parameter if using
+# Inline Key. Usualy , sever has key direction '0', while client
+# has ke direction '1'.
+#
+key-direction 1
+<tls-auth>
+-----BEGIN OpenVPN Static key V1-----
+b5fff06e622a9b746f5f7496e4995abb
+cdb1504b21d4f6937f4f455358831fa9
+d9e6c2ff64229b53be1f5ee86865cd9b
+6076ee9a55c4ec534d52ee6715b4bdee
+993eab28f394fbb3843b6c4e4e2c71a8
+75b2bf33e58457ad6d8e35c6adeafe13
+ffc25ce4c6b7883311f40e6040e3a89d
+7442612f008190286768cad399da95c7
+1ada651b830a9ce00ed0c7397eb8d25e
+efdac1ea41e70ab1c466d8e2a7d5ea61
+6dc519f0561ffe874dd731da4de6b5e0
+16d445c20133139d775e8eb4287a8a15
+9f01cf7d7fa91ad6ec7c5fb876ccd181
+0c100ac5dfd28f9bfe2fcc02c84f9d95
+5c94571f02a6b9032f8f7fff07c29c9c
+4cfbf4bcb2dd45e9659506e1b5c5b745
+-----END OpenVPN Static key V1-----
+</tls-auth>
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+;cipher BF-CBC        # Blowfish (default)
+;cipher AES-128-CBC   # AES
+;cipher DES-EDE3-CBC  # Triple-DES
+cipher AES-256-CBC
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+;comp-lzo
+
+# Verbosity level.
+# 0 -- quiet except for fatal errors.
+# 1 -- mostly quiet, but display non-fatal network errors.
+# 3 -- medium output, good for normal operation.
+# 9 -- verbose, good for troubleshooting
+verb 1
+
+# Setting 'pull' on the client takes care to get the 'push' durectives
+# from the server
+pull
diff --git a/ANW-URB/openvpn/anwaeltinnen/client-configs/undine.conf b/ANW-URB/openvpn/anwaeltinnen/client-configs/undine.conf
new file mode 100644
index 0000000..d54e53b
--- /dev/null
+++ b/ANW-URB/openvpn/anwaeltinnen/client-configs/undine.conf
@@ -0,0 +1,270 @@
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server.     #
+#                                            #
+# This configuration can be used by multiple #
+# clients, however each client should have   #
+# its own cert and key files.                #
+#                                            #
+# On Windows, you might want to rename this  #
+# file so it has a .ovpn extension           #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Are we connecting to a TCP or
+# UDP server?  Use the same setting as
+# on the server
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote gw-urban.oopen.de 1194
+
+topology subnet
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server.  Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# Server CA
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIG5DCCBMygAwIBAgIJAN1fphZLnTfpMA0GCSqGSIb3DQEBCwUAMIGmMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEUMBIGA1UEAxML
+VlBOLUFOVy1VUkIxFDASBgNVBCkTC1ZQTiBBTlctVVJCMR0wGwYJKoZIhvcNAQkB
+Fg5hcmd1c0Bvb3Blbi5kZTAgFw0xODA3MDExMTM2NTVaGA8yMDUwMDcwMTExMzY1
+NVowgaYxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJl
+cmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2Vz
+MRQwEgYDVQQDEwtWUE4tQU5XLVVSQjEUMBIGA1UEKRMLVlBOIEFOVy1VUkIxHTAb
+BgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOC
+Ag8AMIICCgKCAgEA0Eg3kuQNQbERkNaYwBm4/Q1FAnFg5p9kPFDoYrx+/Sm1XCAp
+dO4Ufs0ZqyGFhUMtKU2nNeKy21lPMR3sRIADlqX767FmNahMHsG6iJ87y2cEZKTD
+CWK15jNEwP54DzxTqSEO3VnmMnZqOrahPTyAsrT/HGnaair40FG3JKj1VzbERuaD
+u9OGKzGLFfZLTisGURAiU0yWKt9t6EbunXVheMmCv1n0ReKWF8W4lzPl7XNZnrN+
+uVr6PFYwgwWW9iyJF5gwBuWnk6gCMZ4dk7NJGX00rPn9tL9gj4OpSq4ab9B9iUTM
+9qtJRw859i8255TzyjGLrFxjdSVcr6jkKZXBqfPCc52PFsdtdi0Z3TaixY6q33NH
+QPjLwacFHqKqjmURYmEJ6SCQh+gy88ns+q1F6iGW/RJcYAr5aSfHCujvcqzWx7kQ
+Cm+M0e2or52GF7rni2RxuwN5VB+Rg8odDblXFJz8+Re2ogIjVJH3+SGO5THmWb2U
+vcQfZG8HS9qo/M7AfFAX8rJ9SGUE8IXd+ToLChNQQ+ve0BtELVxepb9Sa+qNrd1y
+KMgfexkCaI0FE8nrXyW/RcDuvczQu3Z4gUyimbGGR7OjCh0sbW/YKu/3Fa9TM5zB
+Y4ftr7hy3ZnHbJN+19n2UHfmtTr+ZgeAs7JwMynInof8BHhGv+kUum3crJsCAwEA
+AaOCAQ8wggELMB0GA1UdDgQWBBTF9OUo3n/o7JvzICYiUlEjKHRepDCB2wYDVR0j
+BIHTMIHQgBTF9OUo3n/o7JvzICYiUlEjKHRepKGBrKSBqTCBpjELMAkGA1UEBhMC
+REUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZv
+Lm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1B
+TlctVVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJn
+dXNAb29wZW4uZGWCCQDdX6YWS5036TAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEB
+CwUAA4ICAQCsVsSGmADWXv/lcH9sG+dIfQzq1b+gwlbdFPUX2Cc8zOnKwwKlG31k
+dupsmTz6e7kXNMbcaWkZmhC20SxnuVzuT0BxoCAplTZ64FxK+Z3ezjIj0UxEVS83
+m9uDUJ8Cqdcb/0sv05pPqvw3NL+VvNElyZKYsE8YqzlxNcM0GYpFlbO4mH9g1Oc/
+FChyxW0j1tdo/DDUypxOJni/nFETudequpeEAFI5rhOTu34uG2KZCXvKrPwO/NG9
+EmgTZJhEA2QLKBfBwfiWFIlFc1EOx9ZyjmIxt/iA2nQAB6nN7mp/RxuzHuLfqJcN
++4LpD/gl2vdmgTSgSWPsFthRZALW7U4pJew4vJeQZjhn/0KjSPCCkoLaAIW/xQrs
+4HgieQxO56ejaUzU+FdzU4MgWpZrl7i0OiZ6KiSH56PlutZhLyQha/P03IeXpSDs
+WdRVE6iQ24CLjIJ+B3C/T/YtAGEnm5L+Rw5bVcL4cIjkoQx0tVHE1OOcquYY78aA
+o1/oMkW/HRx7rGfbxykcnVOYyEegklSu4uSBIw2qrlA1Ug3wWpK+226+s2Rprpbs
+Y44VQIZ0c2ZFG2nrddoG1N+Uzse/577orfsXeMyEbShgnao4If13DKqPCNfayxmp
+4phyU0hy3UUIEc92FBH/GlOBbbxAozfH39GICmeFO6xTJDajKG0OTA==
+-----END CERTIFICATE-----
+</ca>
+
+# Client Certificate
+<cert>
+-----BEGIN CERTIFICATE-----
+MIIHQjCCBSqgAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1BTlct
+VVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
+b29wZW4uZGUwHhcNMTgwNzAxMTIxODE3WhcNMzgwNzAxMTIxODE3WjCBrTELMAkG
+A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
+VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGzAZBgNVBAMT
+ElZQTi1BTlctVVJCLXVuZGluZTEUMBIGA1UEKRMLVlBOIEFOVy1VUkIxHTAbBgkq
+hkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
+MIICCgKCAgEA1+izZ4w/cMKITssRbMM1d/POW3HvZN9M/tYuJX1S0fUPF3NL9u/W
+Zeeh2H5DNv32BnTbFFJP1ky+wPBtvDixDvOkSYPTUKdp0lwsFtutzMfznNWQkcet
+ads+Lruagmd/TfTJiAigQoo9S7CpiMwCtg4kDGpkpbTZx70DEKU6/RfhMoLx+8xn
+S0hbQa8BtVj7MSIVhC/kWwV6+RuN2XMY7S1BBx0S1BQlkpuPSDkMTENUqiDa9TZK
+186kWmgD8qj2rXDxNAPsNnTpdi9W1zcCoQA7kGk9pgkcle2jowIE+4zns9uf/6gQ
+jKHwKVT9PTUhTYXCQcvoB9LO0ln4C3eh+Ud8N70EpL4qlyvJ4BJ5fIm+hPCrQ7Lw
+w1ekuW6uhX89QSCC0NXWsScHhiimH9gxw1lGHcJek60dL7suEaK7WUV1ubffCiHS
+9IKKd20XmpjXiQppx/Yr7MnVyTMYvzhYtPjGAFdlb/Ch5TW88BCBvXNMeEg/ceuW
+YuMDRKIZQX6Q/LKgcrgoaoNmu0h12FbR88cBordV5rl2qT1qvezTLOC9zwfeAm3y
+PEFgIfIttIVbEaLLcrTBgDtG8IGSxEJvC4XE5leC+qwKjd4O5a4X5PbUYGi0WbSt
+jQDSNIB9qjOWU7/7VEIrUGOvsuL4unoSGLnVgUtnttLE3Iqc7h7mPFsCAwEAAaOC
+AXAwggFsMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVy
+YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU23oijcFi4NLk/l994E61OdufmOkw
+gdsGA1UdIwSB0zCB0IAUxfTlKN5/6Oyb8yAmIlJRIyh0XqShgaykgakwgaYxCzAJ
+BgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0G
+A1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRQwEgYDVQQD
+EwtWUE4tQU5XLVVSQjEUMBIGA1UEKRMLVlBOIEFOVy1VUkIxHTAbBgkqhkiG9w0B
+CQEWDmFyZ3VzQG9vcGVuLmRlggkA3V+mFkudN+kwEwYDVR0lBAwwCgYIKwYBBQUH
+AwIwCwYDVR0PBAQDAgeAMBEGA1UdEQQKMAiCBnVuZGluZTANBgkqhkiG9w0BAQsF
+AAOCAgEAOJ9G1p+NGb2mdklY2pa/MmHsHAYtwFYVOMT5HscWyminX8GLhnucA+ZH
+LLasngyHULn0TZt0HLzTbcmU2SwqFzYLOXfBbT0lIvrPLrEwEaFqaiWvuDET+TLB
+UUiXrIwujUSlFv9bqd+u/l4Lim+Jtz5/y65amBzlAHLW/xXFfTq8yrHkD/Mb8bgi
+yds7E/11PwOEg6JlT+Z7ui8m4bJ+aVWQ4mYqEhwFQlgpu+PgHG4+mrw5P9b951X7
+f2femU0mQzk5JLXaFOnA3xx7k1UHFNTb3u+QWXmVxQdy1MojWt1unmtHTwEgadL6
+dq+DRzoy7QAE6erNVXpOxl+0EapJydWz232Om+YfrWvBS0cIOlVudKlCi/ECHJbC
+xnPXRYVARggFvJsZFC6NKQyyJKLKYhJYbX4fuP7CXCe3y0apB8bA73rpWcDI4Agr
+9VndtYjf4VLWvQXV1PBcLY0d90Qdj3rY6nKxSBDYYxqyVRgYwg/aLDU2zHDLfjFn
+pdJq4IVy4BQrUPpShVh84MIxt6ffJYtVT7ZI8mZmDRFQ2E2GAODsPuw5DxZwdsKG
+aeg0JrrV/K9r+uHhKWERq5/h4Q7c71gxWABbk1O/sWDQsD1T6L79i1D1YdyZTxdq
+XTJiDKsid5St9kxRoAPXA/7Ohb/rDCRcHR8oEJ+8E4a0xJ0SVCw=
+-----END CERTIFICATE-----
+</cert>
+
+# Client Key
+<key>
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJjjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIBY2tP0fElaECAggA
+MBQGCCqGSIb3DQMHBAh7JbT/FCqcYQSCCUgqNTx9aaElX8D0drs3YD6CNzNIyCKj
+SvKpLe4PVMdtBJIwPG6SLdsI+rXyo0l27MJSnb0/6LOySVxXKHzherGq5PcaJym3
+DU9cRA89zIM4wK3mTaGps8CWS7uaG1nRxKlvBD+5JA4HNMpQ9ALvUEnyjD1xpZXo
+eJCirMUPL5SswUYmagIzAfVvqPNNEYlA0ljL3phtA9dR2S/E/YmuUPFc1raV/wG8
+eRUC9oZy9zZUjNm9LT5F5cM7C0rwhUbcFviIi/EFaZEYqkR23iwDl7BhM3ULBLED
+0qLGIHDFPnkF3rXiuvLEykr+bMUdzxiq3Yqz9kEG3RTBdjtKXplg1fJSqD2dbUiA
+bSI9BU0o9+J0TdtpofDr+LAjWENsUJQ98EtdSNweaINt0q4CLiJ1ckQ61/Oz2IN7
+hkE0e4eVWMb28vyVo17QhwRPxpe6SwFlfqM7i+G5nUqhzHpEYvAh4IO9aPWW9NCo
+W/miI/7z5pM/+gvhfOco1JCaebpn6HdXlPhM/osuyffGE7XDnIKzSm8ucA8VmmIh
+g7G9J6N1N54uqXwTBFZ1FMuHhtHNVN2yLOrwmlQeUItMREUgXHdoAfKqA4OC500Q
+tCfR9cFEzyfRGgs56THpIv1YxsshNW7tfVQhOuQNBulrPJBceAq5JtfyVlV+EWo+
+iaQ+l2WQhAV1VtLqq2tRrTX5949Tsj+sW9DsZ4LNGNlAOPh8x3WeJNCaCFIX6lcj
+ltECknZEdzYPAxQAOvnNsCMI23Ak4Si+SkxWearZ1NXepLxqYQH2bmhIeayjjfBz
+66uElG2WmhfQ2vxAVWh52paVDHAFDV92UG2H68dLaIDzJasvRZ1Lihx9ncDgx4uN
+v7yGnXzq0rdWfiidYJS8AMpB46Pyh8/HWolW21vyzsr+OaxAaOOllcf5x8JtBcpi
+2MKCUXq/AfgCYv8PSUdam4amFhBxR2C27PnFUxyrBTqgWsJtXffOBoN/okvwEDr2
+cJb7Urk78VZP+QsgzwMsRsMJw0wRh4wFxFMAp+iNuSH1IWoKte04fMLrAX/J34pJ
+0xUpyngX/Wbp2lkffhQwtM+hagLMV233sYmOAo0hHH9LhL/RFAQw1Ls/X+Y3caSU
+oD4KSBReQG60xYX2S0DaK2WSvN1mPJYraxuWwmnLsX5mhk4Uk8n1ObOvx7paTQI1
+KlC3lQU+e8bAhnbYFjIHvNbLdWtYsF7vQqRwTnX4ePm34PHjq9ZWHkY7RS21DQ6b
+Wg2SMzHrsbnnL1YdcIXgkw74dfDBM3n2lZPmdnKPeDZYxHbrm50ZuBEr0FH3+rfb
+OJEx/mIUg/Pul2ikFAsFJ22kqtmhZLn2iy6V2ECJKfdlrXwYTC8GtyEcSHRyCihg
+8rpuMJrPmP0RltAEHrahOHtVkoOgUnGgPU7NXFHd4Y4DYYmsIbjFr13skPgPpJS3
+yzB0gsQxTh7iw4y7XVYkt0LycorCvS/GR5tXt51EkOqWvrH4qVBglbdnxxQfeMC1
+wRgkL8G2jjPYNySBc2Xdp8gyt/uBy/uRVpSFWsiuKyVcr6685kY6Sy+K8hqvAvNv
+WkOkGpW1CQJh5uxcgdd0H50tFZHJ8TXWibbXKY+0Mn2HeML+J8dRPHDFcQUOYgmz
+gd4ASzl0lGp3huWvSWMGgJHqCT0G9hRf6j/sFJRqpUBPXc0Jp3yf+TjWlMa0c0ld
+8XStDL3bE5tq7zixreIIYlXPZIoKa8OWz+/1GVXgA2Z0FPr1dvy8hgNuC+Iy1DIZ
+wbRp/SA78JOfvp45XnFwqkBpB3PCU0810++r9jTHJmkynmgZXfJv9Qcs8KLNEgAm
+4WtCuuc4KVtlJ9e5ycdv/w0h/keYN6gVL1naLBIU4aT3YWU/g8Z/6cT6/daHZK5B
+xpW6tIco+UA8JOh1MeLWR0nU5HGwFGVn78W32wgAhRNoXfJl//+2bQSy3fYQwSvN
+ZpUNLjblZZ+P7KR95BV1yw2BmhaFIgl4NMLEWOSBD45hnuTdGVMogLb+mjROzWyg
+mRWngVRCCauBkptDHbSjxFtCzcwZ8HfYKl/QHVFzmGlkTf/yJ40EtpWbmjjiE6D1
+chkulZUt0HjR4hChJ+fsUAjHt85YXFibwpP4lwkLWReexZZVgPkVfg5iXWU+7h+m
++5kunxOx/XspEbRzueBrLyrUE3+t9aCCboOFar7JQPy3vAN06+Eb+xBpJWgGb1ah
+RwXFhDFmdj6OXASxOKxQraKYy6/IeWlI0LprOqwmv8A+RF16CWaqDGV0Ow9tU2ui
+mo4JInITTKFJUgzhlvzk7AMkQngJPcCYcnfxkhthCS2F6zjI0q1C6y3x6rnYHSiA
+/u4qiZ0VY3id9R9kgyKdlddG0Rlw8U1x3tO3ZYedQsEcSHb9fFy5mh/3LDs6qhMp
+3Lt7ezyt8JfmPDnXG5VJ+clAasdy/z7cILXuq6SLeNJZc3pFSLXMkejW4uRzgMGf
+BVLwGYMA33RKPdDzBAjbxEF3nbR3CoEDbmxTyyxczM8N0bMQHHgu200QBn8v9pKj
+CZy3fxTm8faNqZAqYOBP9iyc5NUhcGt7yfwPP8DiQDNfrngzNazAP64MfI1zzUxb
+lKTiLqjH+FsrxuG6zFtX3Rg+GbjFz0uOFrk/WraJhE52k4DYQsHeYQDa4f8xOQA+
+MJhSqEqRwP6KLKMrTBb+o7NYTyjM++8Q6/wiTbzp3dFfo/wju1NccUUjfQwd2QaP
+KUQyXw4sIv+s1jBaPuw48XwZa3ETLAYWGSdz0dLoS8jWsiiM0oTor8lF4cluQAAa
+MBaeFL7TpI6FwK9Si0XV5o/BDsumsx38ecnvWvSjB9BrmUXz9TEfVTFqgLN91Ohj
+Eh3247DqWbQw9n1WF5cM85xuLFYVI+i+XBMZouqPOZih0nHnjyUndKaYSQLvcY4S
+mnwNIY7N+LspPVsRCAg/ElRZc32HemCzID5oYjlfKpjt+pw5XylK63UXSw//jq78
+2d9O103xb8AyQhLO5G+7VXia/68BiLQzSm5AoKqPERSmqalVRRtg5BQ4Ewe+o354
++ZD4dGiazIpG8j7HqN13k8Wzm9kOWZm97m64cNc+nhvdPPkoHyjWtSFoyVDlABT/
+Qc9NJLBa4TofNOLZMeQNqGtHjXTdmrwxxe7MJaXGhUUB3zKhPoJyooLECLYUAPmA
+T1U=
+-----END ENCRYPTED PRIVATE KEY-----
+</key>
+
+# Verify server certificate by checking
+# that the certicate has the nsCertType
+# field set to "server".  This is an
+# important precaution to protect against
+# a potential attack discussed here:
+#  http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the nsCertType
+# field set to "server".  The build-key-server
+# script in the easy-rsa folder will do this.
+#
+# Note!
+# The option "ns-cert-type" has been deprecated since 
+# version 2.4 and will be removed from later distributions.
+#
+# Use the modern equivalent "remote-cert-tls"
+# 
+;ns-cert-type server
+remote-cert-tls server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+#
+# Don't forget to set the 'key-direction' Parameter if using
+# Inline Key. Usualy , sever has key direction '0', while client
+# has ke direction '1'.
+#
+key-direction 1
+<tls-auth>
+-----BEGIN OpenVPN Static key V1-----
+b5fff06e622a9b746f5f7496e4995abb
+cdb1504b21d4f6937f4f455358831fa9
+d9e6c2ff64229b53be1f5ee86865cd9b
+6076ee9a55c4ec534d52ee6715b4bdee
+993eab28f394fbb3843b6c4e4e2c71a8
+75b2bf33e58457ad6d8e35c6adeafe13
+ffc25ce4c6b7883311f40e6040e3a89d
+7442612f008190286768cad399da95c7
+1ada651b830a9ce00ed0c7397eb8d25e
+efdac1ea41e70ab1c466d8e2a7d5ea61
+6dc519f0561ffe874dd731da4de6b5e0
+16d445c20133139d775e8eb4287a8a15
+9f01cf7d7fa91ad6ec7c5fb876ccd181
+0c100ac5dfd28f9bfe2fcc02c84f9d95
+5c94571f02a6b9032f8f7fff07c29c9c
+4cfbf4bcb2dd45e9659506e1b5c5b745
+-----END OpenVPN Static key V1-----
+</tls-auth>
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+;cipher BF-CBC        # Blowfish (default)
+;cipher AES-128-CBC   # AES
+;cipher DES-EDE3-CBC  # Triple-DES
+cipher AES-256-CBC
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+;comp-lzo
+
+# Verbosity level.
+# 0 -- quiet except for fatal errors.
+# 1 -- mostly quiet, but display non-fatal network errors.
+# 3 -- medium output, good for normal operation.
+# 9 -- verbose, good for troubleshooting
+verb 1
+
+# Setting 'pull' on the client takes care to get the 'push' durectives
+# from the server
+pull
diff --git a/ANW-URB/openvpn/anwaeltinnen/crl.pem b/ANW-URB/openvpn/anwaeltinnen/crl.pem
new file mode 100644
index 0000000..49eb941
--- /dev/null
+++ b/ANW-URB/openvpn/anwaeltinnen/crl.pem
@@ -0,0 +1,18 @@
+-----BEGIN X509 CRL-----
+MIIC7zCB2DANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCREUxDzANBgNVBAgT
+BkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNV
+BAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1BTlctVVJCMRQwEgYD
+VQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUX
+DTE4MDcwMTExNTAyMloYDzIwNTAwNzAxMTE1MDIyWjANBgkqhkiG9w0BAQsFAAOC
+AgEANbwrI+TgGLoDlVTPqekHN6v6GYH84gXowpenqlPLERIEK+hpb0Kj4th7qr4d
+6ekP/+7aasrr5ZR5ZCFGUDznfHegyP1YGTtCEtv1Gh8Etn1ZkjsrWL9YAxN2i4s3
+iMKP3e1+Y3c/ai8RYW6ZuBbpxyTJUpQQjwGHb3iccFAOq9wnBuAZyDOJCvP6Jici
+0dcXzWartfXlwipqduMNyyNQhNoZkb/Sv72wKP/K0XratZG+utV1W8Aonbp47hSA
+Os/obxQTMsWL1sfcNqlZVEklc42YevOGFnxTzuim5JYehdzjqR8tutj31Qs0jRcq
+ojWZiF7nTphiAdeZA5FBPkyeiEGX3IIxgEH2Miu5Jc3h6QIoGU64q9Qb2J3mu7D6
+EcyOl3+BXGKSHYHorNb3Ti6g7dOyg4ng4sVeG6R/SwlhJbNYsM4S2vsGFI5kxT5x
+4AJ0ShV2n75JCzySKUYlwre8X1/CBdHefyuXHl9wLlOOcAeyHx6yJUiYrdWZ0gu5
+0aKSGPTkzPt41bo9zNojBRNW+UDW4EubY+F+Mac6y9Gn+ix2dm3k1CAoMSchGiUE
+I8kiiZ4SNRUYJrnNYu2XiwhYMMI7knUkTTVqf4QF3ouvcKgTfyD7RQ4vQzaA6A6S
+ar6C56aNPEbffN6tthtyKkI8T9aSXpr9hIvkYOCV7ajSwc8=
+-----END X509 CRL-----
diff --git a/ANW-URB/openvpn/anwaeltinnen/easy-rsa/build-ca b/ANW-URB/openvpn/anwaeltinnen/easy-rsa/build-ca
new file mode 120000
index 0000000..b76c6bc
--- /dev/null
+++ b/ANW-URB/openvpn/anwaeltinnen/easy-rsa/build-ca
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-ca
\ No newline at end of file
diff --git a/ANW-URB/openvpn/anwaeltinnen/easy-rsa/build-dh b/ANW-URB/openvpn/anwaeltinnen/easy-rsa/build-dh
new file mode 120000
index 0000000..2baa885
--- /dev/null
+++ b/ANW-URB/openvpn/anwaeltinnen/easy-rsa/build-dh
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-dh
\ No newline at end of file
diff --git a/ANW-URB/openvpn/anwaeltinnen/easy-rsa/build-inter b/ANW-URB/openvpn/anwaeltinnen/easy-rsa/build-inter
new file mode 120000
index 0000000..cada729
--- /dev/null
+++ b/ANW-URB/openvpn/anwaeltinnen/easy-rsa/build-inter
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-inter
\ No newline at end of file
diff --git a/ANW-URB/openvpn/anwaeltinnen/easy-rsa/build-key b/ANW-URB/openvpn/anwaeltinnen/easy-rsa/build-key
new file mode 120000
index 0000000..715432c
--- /dev/null
+++ b/ANW-URB/openvpn/anwaeltinnen/easy-rsa/build-key
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key
\ No newline at end of file
diff --git a/ANW-URB/openvpn/anwaeltinnen/easy-rsa/build-key-pass b/ANW-URB/openvpn/anwaeltinnen/easy-rsa/build-key-pass
new file mode 120000
index 0000000..49d0356
--- /dev/null
+++ b/ANW-URB/openvpn/anwaeltinnen/easy-rsa/build-key-pass
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-pass
\ No newline at end of file
diff --git a/ANW-URB/openvpn/anwaeltinnen/easy-rsa/build-key-pkcs12 b/ANW-URB/openvpn/anwaeltinnen/easy-rsa/build-key-pkcs12
new file mode 120000
index 0000000..cf8e73e
--- /dev/null
+++ b/ANW-URB/openvpn/anwaeltinnen/easy-rsa/build-key-pkcs12
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-pkcs12
\ No newline at end of file
diff --git a/ANW-URB/openvpn/anwaeltinnen/easy-rsa/build-key-server b/ANW-URB/openvpn/anwaeltinnen/easy-rsa/build-key-server
new file mode 120000
index 0000000..528087d
--- /dev/null
+++ b/ANW-URB/openvpn/anwaeltinnen/easy-rsa/build-key-server
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-server
\ No newline at end of file
diff --git a/ANW-URB/openvpn/anwaeltinnen/easy-rsa/build-req b/ANW-URB/openvpn/anwaeltinnen/easy-rsa/build-req
new file mode 120000
index 0000000..870d885
--- /dev/null
+++ b/ANW-URB/openvpn/anwaeltinnen/easy-rsa/build-req
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-req
\ No newline at end of file
diff --git a/ANW-URB/openvpn/anwaeltinnen/easy-rsa/build-req-pass b/ANW-URB/openvpn/anwaeltinnen/easy-rsa/build-req-pass
new file mode 120000
index 0000000..d35daa8
--- /dev/null
+++ b/ANW-URB/openvpn/anwaeltinnen/easy-rsa/build-req-pass
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-req-pass
\ No newline at end of file
diff --git a/ANW-URB/openvpn/anwaeltinnen/easy-rsa/clean-all b/ANW-URB/openvpn/anwaeltinnen/easy-rsa/clean-all
new file mode 120000
index 0000000..c9f2970
--- /dev/null
+++ b/ANW-URB/openvpn/anwaeltinnen/easy-rsa/clean-all
@@ -0,0 +1 @@
+/usr/share/easy-rsa/clean-all
\ No newline at end of file
diff --git a/ANW-URB/openvpn/anwaeltinnen/easy-rsa/inherit-inter b/ANW-URB/openvpn/anwaeltinnen/easy-rsa/inherit-inter
new file mode 120000
index 0000000..87736c6
--- /dev/null
+++ b/ANW-URB/openvpn/anwaeltinnen/easy-rsa/inherit-inter
@@ -0,0 +1 @@
+/usr/share/easy-rsa/inherit-inter
\ No newline at end of file
diff --git a/ANW-URB/openvpn/anwaeltinnen/easy-rsa/list-crl b/ANW-URB/openvpn/anwaeltinnen/easy-rsa/list-crl
new file mode 120000
index 0000000..dfe3fa0
--- /dev/null
+++ b/ANW-URB/openvpn/anwaeltinnen/easy-rsa/list-crl
@@ -0,0 +1 @@
+/usr/share/easy-rsa/list-crl
\ No newline at end of file
diff --git a/ANW-URB/openvpn/anwaeltinnen/easy-rsa/openssl-0.9.6.cnf b/ANW-URB/openvpn/anwaeltinnen/easy-rsa/openssl-0.9.6.cnf
new file mode 100644
index 0000000..fb08fea
--- /dev/null
+++ b/ANW-URB/openvpn/anwaeltinnen/easy-rsa/openssl-0.9.6.cnf
@@ -0,0 +1,268 @@
+# For use with easy-rsa version 2.0
+
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		= 
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key	 	# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha256		# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options. 
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType			= server
+nsComment			= "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
diff --git a/ANW-URB/openvpn/anwaeltinnen/easy-rsa/openssl-0.9.8.cnf b/ANW-URB/openvpn/anwaeltinnen/easy-rsa/openssl-0.9.8.cnf
new file mode 100644
index 0000000..90331a0
--- /dev/null
+++ b/ANW-URB/openvpn/anwaeltinnen/easy-rsa/openssl-0.9.8.cnf
@@ -0,0 +1,293 @@
+# For use with easy-rsa version 2.0
+
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines                 = engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key	 	# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha256		# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType			= server
+nsComment			= "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0
diff --git a/ANW-URB/openvpn/anwaeltinnen/easy-rsa/openssl-1.0.0.cnf b/ANW-URB/openvpn/anwaeltinnen/easy-rsa/openssl-1.0.0.cnf
new file mode 100644
index 0000000..30689ad
--- /dev/null
+++ b/ANW-URB/openvpn/anwaeltinnen/easy-rsa/openssl-1.0.0.cnf
@@ -0,0 +1,290 @@
+# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines			= engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key		# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+#default_days	= 3650			# how long to certify for
+default_days   = 11688
+#default_crl_days= 30			# how long before next CRL
+default_crl_days   = 11688
+default_md	= sha256		# use public key default MD
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString (PKIX recommendation after 2004).
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType                     = server
+nsComment                      = "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0
diff --git a/ANW-URB/openvpn/anwaeltinnen/easy-rsa/openssl-1.0.0.cnf.ORIG b/ANW-URB/openvpn/anwaeltinnen/easy-rsa/openssl-1.0.0.cnf.ORIG
new file mode 100644
index 0000000..c301e44
--- /dev/null
+++ b/ANW-URB/openvpn/anwaeltinnen/easy-rsa/openssl-1.0.0.cnf.ORIG
@@ -0,0 +1,288 @@
+# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines			= engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key		# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha256		# use public key default MD
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString (PKIX recommendation after 2004).
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType                     = server
+nsComment                      = "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0
diff --git a/ANW-URB/openvpn/anwaeltinnen/easy-rsa/pkitool b/ANW-URB/openvpn/anwaeltinnen/easy-rsa/pkitool
new file mode 120000
index 0000000..2f7047b
--- /dev/null
+++ b/ANW-URB/openvpn/anwaeltinnen/easy-rsa/pkitool
@@ -0,0 +1 @@
+/usr/share/easy-rsa/pkitool
\ No newline at end of file
diff --git a/ANW-URB/openvpn/anwaeltinnen/easy-rsa/revoke-full b/ANW-URB/openvpn/anwaeltinnen/easy-rsa/revoke-full
new file mode 120000
index 0000000..5612776
--- /dev/null
+++ b/ANW-URB/openvpn/anwaeltinnen/easy-rsa/revoke-full
@@ -0,0 +1 @@
+/usr/share/easy-rsa/revoke-full
\ No newline at end of file
diff --git a/ANW-URB/openvpn/anwaeltinnen/easy-rsa/sign-req b/ANW-URB/openvpn/anwaeltinnen/easy-rsa/sign-req
new file mode 120000
index 0000000..aad0401
--- /dev/null
+++ b/ANW-URB/openvpn/anwaeltinnen/easy-rsa/sign-req
@@ -0,0 +1 @@
+/usr/share/easy-rsa/sign-req
\ No newline at end of file
diff --git a/ANW-URB/openvpn/anwaeltinnen/easy-rsa/vars b/ANW-URB/openvpn/anwaeltinnen/easy-rsa/vars
new file mode 100644
index 0000000..7a88e3b
--- /dev/null
+++ b/ANW-URB/openvpn/anwaeltinnen/easy-rsa/vars
@@ -0,0 +1,96 @@
+# easy-rsa parameter settings
+
+# NOTE: If you installed from an RPM,
+# don't edit this file in place in
+# /usr/share/openvpn/easy-rsa --
+# instead, you should copy the whole
+# easy-rsa directory to another location
+# (such as /etc/openvpn) so that your
+# edits will not be wiped out by a future
+# OpenVPN package upgrade.
+
+# This variable should point to
+# the top level of the easy-rsa
+# tree.
+##export EASY_RSA="`pwd`"
+export BASE_DIR="/etc/openvpn/anwaeltinnen"
+export EASY_RSA="$BASE_DIR/easy-rsa"
+
+#
+# This variable should point to
+# the requested executables
+#
+export OPENSSL="openssl"
+export PKCS11TOOL="pkcs11-tool"
+export GREP="grep"
+
+
+# This variable should point to
+# the openssl.cnf file included
+# with easy-rsa.
+export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
+
+# Edit this variable to point to
+# your soon-to-be-created key
+# directory.
+#
+# WARNING: clean-all will do
+# a rm -rf on this directory
+# so make sure you define
+# it correctly!
+##export KEY_DIR="$EASY_RSA/keys"
+export KEY_DIR="$BASE_DIR/keys"
+
+# Issue rm -rf warning
+echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
+
+# PKCS11 fixes
+export PKCS11_MODULE_PATH="dummy"
+export PKCS11_PIN="dummy"
+
+# Increase this to 2048 if you
+# are paranoid.  This will slow
+# down TLS negotiation performance
+# as well as the one-time DH parms
+# generation process.
+##export KEY_SIZE=2048
+export KEY_SIZE=4096
+
+# In how many days should the root CA key expire?
+##export CA_EXPIRE=3650
+export CA_EXPIRE=11688
+
+# In how many days should certificates expire?
+##export KEY_EXPIRE=3650
+export KEY_EXPIRE=7305
+
+# These are the default values for fields
+# which will be placed in the certificate.
+# Don't leave any of these fields blank.
+##export KEY_COUNTRY="US"
+export KEY_COUNTRY="DE"
+##export KEY_PROVINCE="CA"
+export KEY_PROVINCE="Berlin"
+##export KEY_CITY="SanFrancisco"
+export KEY_CITY="Berlin"
+##export KEY_ORG="Fort-Funston"
+export KEY_ORG="o.open"
+##export KEY_EMAIL="me@myhost.mydomain"
+export KEY_EMAIL="argus@oopen.de"
+##export KEY_OU="MyOrganizationalUnit"
+export KEY_OU="Network Services"
+
+# X509 Subject Field
+##export KEY_NAME="EasyRSA"
+export KEY_NAME="VPN ANW-URB"
+
+# PKCS11 Smart Card
+# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
+# export PKCS11_PIN=1234
+
+# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
+# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
+## export KEY_CN="CommonName"
+export KEY_CN="VPN-ANW-URB"
+
+export KEY_ALTNAMES="VPN-ANW-URB"
diff --git a/ANW-URB/openvpn/anwaeltinnen/easy-rsa/vars.2018-07-01-1326 b/ANW-URB/openvpn/anwaeltinnen/easy-rsa/vars.2018-07-01-1326
new file mode 100644
index 0000000..e60420c
--- /dev/null
+++ b/ANW-URB/openvpn/anwaeltinnen/easy-rsa/vars.2018-07-01-1326
@@ -0,0 +1,80 @@
+# easy-rsa parameter settings
+
+# NOTE: If you installed from an RPM,
+# don't edit this file in place in
+# /usr/share/openvpn/easy-rsa --
+# instead, you should copy the whole
+# easy-rsa directory to another location
+# (such as /etc/openvpn) so that your
+# edits will not be wiped out by a future
+# OpenVPN package upgrade.
+
+# This variable should point to
+# the top level of the easy-rsa
+# tree.
+export EASY_RSA="`pwd`"
+
+#
+# This variable should point to
+# the requested executables
+#
+export OPENSSL="openssl"
+export PKCS11TOOL="pkcs11-tool"
+export GREP="grep"
+
+
+# This variable should point to
+# the openssl.cnf file included
+# with easy-rsa.
+export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
+
+# Edit this variable to point to
+# your soon-to-be-created key
+# directory.
+#
+# WARNING: clean-all will do
+# a rm -rf on this directory
+# so make sure you define
+# it correctly!
+export KEY_DIR="$EASY_RSA/keys"
+
+# Issue rm -rf warning
+echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
+
+# PKCS11 fixes
+export PKCS11_MODULE_PATH="dummy"
+export PKCS11_PIN="dummy"
+
+# Increase this to 2048 if you
+# are paranoid.  This will slow
+# down TLS negotiation performance
+# as well as the one-time DH parms
+# generation process.
+export KEY_SIZE=2048
+
+# In how many days should the root CA key expire?
+export CA_EXPIRE=3650
+
+# In how many days should certificates expire?
+export KEY_EXPIRE=3650
+
+# These are the default values for fields
+# which will be placed in the certificate.
+# Don't leave any of these fields blank.
+export KEY_COUNTRY="US"
+export KEY_PROVINCE="CA"
+export KEY_CITY="SanFrancisco"
+export KEY_ORG="Fort-Funston"
+export KEY_EMAIL="me@myhost.mydomain"
+export KEY_OU="MyOrganizationalUnit"
+
+# X509 Subject Field
+export KEY_NAME="EasyRSA"
+
+# PKCS11 Smart Card
+# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
+# export PKCS11_PIN=1234
+
+# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
+# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
+# export KEY_CN="CommonName"
diff --git a/ANW-URB/openvpn/anwaeltinnen/easy-rsa/whichopensslcnf b/ANW-URB/openvpn/anwaeltinnen/easy-rsa/whichopensslcnf
new file mode 120000
index 0000000..d1d4acf
--- /dev/null
+++ b/ANW-URB/openvpn/anwaeltinnen/easy-rsa/whichopensslcnf
@@ -0,0 +1 @@
+/usr/share/easy-rsa/whichopensslcnf
\ No newline at end of file
diff --git a/ANW-URB/openvpn/anwaeltinnen/keys-created.txt b/ANW-URB/openvpn/anwaeltinnen/keys-created.txt
new file mode 100644
index 0000000..4cde12e
--- /dev/null
+++ b/ANW-URB/openvpn/anwaeltinnen/keys-created.txt
@@ -0,0 +1,8 @@
+
+key...............: chris.key
+common name.......: VPN-ANW-URB-chris
+password..........: dbddhkpuka.&EadGl15E.
+
+key...............: undine.key
+common name.......: VPN-ANW-URB-undine
+password..........: JH334nmXPdsw
diff --git a/ANW-URB/openvpn/anwaeltinnen/keys/01.pem b/ANW-URB/openvpn/anwaeltinnen/keys/01.pem
new file mode 100644
index 0000000..a8277fd
--- /dev/null
+++ b/ANW-URB/openvpn/anwaeltinnen/keys/01.pem
@@ -0,0 +1,142 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-ANW-URB/name=VPN ANW-URB/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Jul  1 11:50:13 2018 GMT
+            Not After : Jul  1 11:50:13 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-ANW-URB-server/name=VPN ANW-URB/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:9a:fc:0b:94:9f:83:ea:2d:cc:b3:5a:74:89:c9:
+                    b0:32:ce:38:07:f1:1f:47:04:a1:0c:b1:b9:c3:2f:
+                    e8:31:a9:0b:df:ca:59:16:5f:13:40:c2:89:56:47:
+                    90:b3:b8:d8:06:92:df:ae:05:70:d7:c1:95:57:9c:
+                    2d:d6:2a:77:28:40:5b:80:45:4d:dc:79:02:18:14:
+                    97:b7:83:26:b5:37:ab:85:b6:a1:4a:3e:87:9c:c4:
+                    0e:ab:54:e2:99:f3:11:52:50:89:40:6f:79:e3:12:
+                    40:5e:b6:ea:08:53:68:6a:21:7a:24:20:f9:89:c1:
+                    e0:5b:9c:3f:16:80:f1:d6:d2:6e:e5:85:02:e6:79:
+                    18:27:d2:26:f0:e3:30:94:0d:f9:72:d0:f8:c6:18:
+                    d2:4d:a9:b8:64:ab:35:8b:1b:35:5e:0f:9c:2a:d4:
+                    6e:23:34:fa:e2:35:e5:7e:fc:6c:2c:3a:d1:79:cf:
+                    2c:a1:c5:da:a6:f9:ea:26:49:76:09:40:fd:0d:e2:
+                    9b:89:47:ab:ce:5d:a5:a7:ec:d3:14:15:be:b9:e0:
+                    67:25:7d:fa:0d:8a:f8:b0:02:92:2a:f6:80:f1:ac:
+                    e3:d5:41:11:c2:53:e5:a5:8e:28:03:b7:76:ba:94:
+                    28:53:52:fa:58:ad:ad:d2:3d:2d:b0:b2:94:8d:75:
+                    42:a3:97:3b:e1:89:19:e0:f8:46:04:79:17:6b:59:
+                    7c:fa:9a:0a:da:59:1b:a2:f5:bb:45:04:0f:f1:d5:
+                    2e:7b:57:b9:ee:d5:5c:f1:88:75:12:d6:73:1e:6a:
+                    dc:94:e0:0b:e6:0b:5a:1e:74:e8:65:1e:0a:10:ef:
+                    b8:81:3a:58:3f:fe:19:af:1b:cd:93:98:70:f5:22:
+                    ea:7a:d2:30:b1:0d:cb:76:44:14:9e:fa:19:1b:2a:
+                    d3:67:1f:55:8a:39:c5:5d:d7:a4:67:3b:31:ee:19:
+                    4e:d0:6c:7d:26:18:e4:14:a8:70:f8:a1:14:1d:e3:
+                    7e:27:0d:ad:38:39:79:7a:73:94:fd:ae:c4:70:6e:
+                    82:a1:f6:a0:b2:2d:54:cc:56:d4:76:5d:36:40:19:
+                    32:ab:58:23:1e:0e:a5:b0:3f:87:7a:59:4a:f6:2d:
+                    3c:0a:64:8b:a8:1e:54:12:3d:34:bf:33:6b:78:a7:
+                    0c:38:dd:78:6f:e3:97:ad:bd:c9:89:69:50:3a:e9:
+                    ff:2e:0e:93:5d:73:80:22:e1:33:e0:a6:9e:95:cc:
+                    d6:a2:93:19:37:0f:40:95:c1:27:6d:1c:0d:5c:84:
+                    7b:29:d0:ab:1d:63:fc:87:cf:74:01:df:b4:9f:82:
+                    6b:2a:8e:1c:c0:9d:ff:c7:24:ee:fb:c3:a1:54:98:
+                    8c:b6:3f
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Server
+            Netscape Comment: 
+                Easy-RSA Generated Server Certificate
+            X509v3 Subject Key Identifier: 
+                6D:8B:55:0E:DB:C6:58:D5:DD:1B:1F:2F:BA:81:09:D0:C0:3C:36:AC
+            X509v3 Authority Key Identifier: 
+                keyid:C5:F4:E5:28:DE:7F:E8:EC:9B:F3:20:26:22:52:51:23:28:74:5E:A4
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-ANW-URB/name=VPN ANW-URB/emailAddress=argus@oopen.de
+                serial:DD:5F:A6:16:4B:9D:37:E9
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+            X509v3 Subject Alternative Name: 
+                DNS:server
+    Signature Algorithm: sha256WithRSAEncryption
+         75:3e:fb:6f:7e:2d:18:5f:3d:09:31:66:b2:75:25:cd:bd:72:
+         2f:61:17:87:4a:f9:d4:ac:15:f2:9f:75:0d:fd:90:0f:b4:d6:
+         aa:79:d8:6a:44:86:e2:ab:5e:3c:1b:22:79:52:a3:da:8c:41:
+         c5:17:b6:e3:07:78:04:06:1e:4b:d0:cf:96:50:4c:07:67:df:
+         5b:8f:77:e9:6b:7a:c4:8a:4f:d5:81:69:b5:01:d6:42:34:69:
+         be:d4:6d:40:39:62:6d:49:31:ff:b7:86:95:31:b1:95:52:ae:
+         98:c2:fa:9e:b4:1e:90:2e:8e:29:6e:e9:01:e7:83:56:4d:49:
+         3f:52:2e:b4:9b:a2:72:1b:1b:fd:19:a5:03:ca:01:d0:95:9f:
+         56:fd:4e:a0:d8:58:c3:b4:f7:1f:ba:79:21:ab:5b:a0:35:d8:
+         af:a7:2e:41:b7:ab:1b:e1:63:88:ed:fb:2b:f8:4f:49:b5:b2:
+         07:94:92:59:dd:db:c2:d6:53:fc:27:3f:0b:09:25:17:53:76:
+         ee:60:77:d7:b5:4e:46:41:f0:a3:cd:9c:71:16:b4:f2:c4:85:
+         20:43:e0:37:b2:8d:fb:ce:85:07:44:f8:0d:05:a5:5b:68:85:
+         31:7b:0e:1c:7e:03:f4:13:a1:2e:3f:1f:18:71:b4:36:7a:d6:
+         f3:ba:5b:32:67:aa:05:d2:00:fd:dc:4f:9e:83:cc:81:9b:e9:
+         ad:57:7e:b5:ec:53:63:7f:7e:59:e7:0c:98:14:e6:2b:2a:c1:
+         de:f7:3a:c3:14:8b:5f:3a:d3:07:6d:bb:61:09:53:b9:77:17:
+         30:c5:91:7a:c4:94:38:0a:27:c2:20:80:8c:03:b4:95:1e:e1:
+         81:7c:99:d8:dd:79:94:ae:84:2f:6f:35:6a:67:3d:fc:3a:c4:
+         d3:77:ca:85:5d:7a:be:12:e9:a7:c9:e7:bf:25:82:69:a0:06:
+         18:12:b0:e1:84:2b:94:b6:2a:48:0c:93:19:b5:cf:09:13:72:
+         ff:cc:9e:e4:b5:56:f7:b4:c8:93:6d:bd:0c:0c:1b:42:34:2c:
+         59:7a:21:c0:3c:cb:4f:4f:f3:0c:29:d0:56:05:1a:46:58:93:
+         0e:d3:40:e3:b1:9c:04:58:84:e0:cc:bd:0e:fa:99:15:09:b0:
+         c5:50:aa:1f:8a:70:fb:2d:ac:c6:b6:7b:00:4c:07:ab:b0:00:
+         0b:2e:2c:0e:e2:0c:99:cb:c1:9f:9c:a1:53:95:9c:d1:5e:31:
+         af:ee:79:b8:22:62:2c:c1:de:0c:f1:7f:6e:c3:c7:ad:76:c1:
+         0b:74:05:13:7b:1a:97:90:27:0a:e3:3f:ae:4a:c2:d4:04:30:
+         2c:bb:ac:fe:00:f7:e8:e1
+-----BEGIN CERTIFICATE-----
+MIIHXDCCBUSgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1BTlct
+VVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
+b29wZW4uZGUwHhcNMTgwNzAxMTE1MDEzWhcNMzgwNzAxMTE1MDEzWjCBrTELMAkG
+A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
+VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGzAZBgNVBAMT
+ElZQTi1BTlctVVJCLXNlcnZlcjEUMBIGA1UEKRMLVlBOIEFOVy1VUkIxHTAbBgkq
+hkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
+MIICCgKCAgEAmvwLlJ+D6i3Ms1p0icmwMs44B/EfRwShDLG5wy/oMakL38pZFl8T
+QMKJVkeQs7jYBpLfrgVw18GVV5wt1ip3KEBbgEVN3HkCGBSXt4MmtTerhbahSj6H
+nMQOq1TimfMRUlCJQG954xJAXrbqCFNoaiF6JCD5icHgW5w/FoDx1tJu5YUC5nkY
+J9Im8OMwlA35ctD4xhjSTam4ZKs1ixs1Xg+cKtRuIzT64jXlfvxsLDrRec8socXa
+pvnqJkl2CUD9DeKbiUerzl2lp+zTFBW+ueBnJX36DYr4sAKSKvaA8azj1UERwlPl
+pY4oA7d2upQoU1L6WK2t0j0tsLKUjXVCo5c74YkZ4PhGBHkXa1l8+poK2lkbovW7
+RQQP8dUue1e57tVc8Yh1EtZzHmrclOAL5gtaHnToZR4KEO+4gTpYP/4ZrxvNk5hw
+9SLqetIwsQ3LdkQUnvoZGyrTZx9VijnFXdekZzsx7hlO0Gx9JhjkFKhw+KEUHeN+
+Jw2tODl5enOU/a7EcG6Cofagsi1UzFbUdl02QBkyq1gjHg6lsD+HellK9i08CmSL
+qB5UEj00vzNreKcMON14b+OXrb3JiWlQOun/Lg6TXXOAIuEz4KaelczWopMZNw9A
+lcEnbRwNXIR7KdCrHWP8h890Ad+0n4JrKo4cwJ3/xyTu+8OhVJiMtj8CAwEAAaOC
+AYowggGGMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMDQGCWCGSAGG+EIB
+DQQnFiVFYXN5LVJTQSBHZW5lcmF0ZWQgU2VydmVyIENlcnRpZmljYXRlMB0GA1Ud
+DgQWBBRti1UO28ZY1d0bHy+6gQnQwDw2rDCB2wYDVR0jBIHTMIHQgBTF9OUo3n/o
+7JvzICYiUlEjKHRepKGBrKSBqTCBpjELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJl
+cmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsT
+EE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1BTlctVVJCMRQwEgYDVQQp
+EwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDd
+X6YWS5036TATBgNVHSUEDDAKBggrBgEFBQcDATALBgNVHQ8EBAMCBaAwEQYDVR0R
+BAowCIIGc2VydmVyMA0GCSqGSIb3DQEBCwUAA4ICAQB1Pvtvfi0YXz0JMWaydSXN
+vXIvYReHSvnUrBXyn3UN/ZAPtNaqedhqRIbiq148GyJ5UqPajEHFF7bjB3gEBh5L
+0M+WUEwHZ99bj3fpa3rEik/VgWm1AdZCNGm+1G1AOWJtSTH/t4aVMbGVUq6Ywvqe
+tB6QLo4pbukB54NWTUk/Ui60m6JyGxv9GaUDygHQlZ9W/U6g2FjDtPcfunkhq1ug
+Ndivpy5Bt6sb4WOI7fsr+E9JtbIHlJJZ3dvC1lP8Jz8LCSUXU3buYHfXtU5GQfCj
+zZxxFrTyxIUgQ+A3so37zoUHRPgNBaVbaIUxew4cfgP0E6EuPx8YcbQ2etbzulsy
+Z6oF0gD93E+eg8yBm+mtV3617FNjf35Z5wyYFOYrKsHe9zrDFItfOtMHbbthCVO5
+dxcwxZF6xJQ4CifCIICMA7SVHuGBfJnY3XmUroQvbzVqZz38OsTTd8qFXXq+Eumn
+yee/JYJpoAYYErDhhCuUtipIDJMZtc8JE3L/zJ7ktVb3tMiTbb0MDBtCNCxZeiHA
+PMtPT/MMKdBWBRpGWJMO00DjsZwEWITgzL0O+pkVCbDFUKofinD7LazGtnsATAer
+sAALLiwO4gyZy8GfnKFTlZzRXjGv7nm4ImIswd4M8X9uw8etdsELdAUTexqXkCcK
+4z+uSsLUBDAsu6z+APfo4Q==
+-----END CERTIFICATE-----
diff --git a/ANW-URB/openvpn/anwaeltinnen/keys/02.pem b/ANW-URB/openvpn/anwaeltinnen/keys/02.pem
new file mode 100644
index 0000000..050ef44
--- /dev/null
+++ b/ANW-URB/openvpn/anwaeltinnen/keys/02.pem
@@ -0,0 +1,139 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-ANW-URB/name=VPN ANW-URB/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Jul  1 12:13:45 2018 GMT
+            Not After : Jul  1 12:13:45 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-ANW-URB-chris/name=VPN ANW-URB/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:a6:68:5f:3f:c6:e9:1e:d0:32:6d:6f:da:3e:61:
+                    b4:dc:6a:f1:12:33:e2:ec:37:14:f8:58:d2:b2:9a:
+                    21:3c:02:2d:00:05:55:31:66:af:04:e7:65:d8:9d:
+                    83:5c:6a:26:af:b7:fd:e2:8e:67:43:c5:00:4e:b8:
+                    ca:94:f3:b7:44:91:ed:fb:98:48:7a:46:a8:b9:57:
+                    b7:f0:27:99:17:3c:73:65:87:10:c6:0e:e1:d6:75:
+                    85:e3:0f:ad:08:62:bc:35:1d:8a:08:ed:03:d8:51:
+                    44:b4:32:c4:57:de:84:2d:16:49:d1:99:06:5b:1c:
+                    a4:0e:0d:3a:04:32:fb:12:13:d6:62:64:6a:e2:a1:
+                    5c:61:e5:7f:1b:70:1d:24:22:13:7b:bf:10:fc:3f:
+                    a6:78:74:f1:dc:03:a2:d7:2a:e0:5f:ce:df:ff:2d:
+                    73:2d:dd:12:ba:e5:ae:62:d3:54:b5:48:53:39:ee:
+                    70:63:fd:ee:a7:be:1a:41:21:bc:84:71:aa:74:16:
+                    35:dd:b8:d7:c8:d3:c4:15:b8:8c:4a:92:ad:5e:1c:
+                    03:86:4c:0e:4b:6d:18:b1:8d:85:92:c4:ee:01:e4:
+                    01:c8:a0:19:90:ad:ba:bc:69:5c:c3:56:7d:11:82:
+                    f5:1d:dd:d4:15:b9:83:cd:0e:f9:de:24:ea:eb:48:
+                    46:2e:9d:e0:fc:ca:5f:7d:f3:e9:6e:4a:f1:3d:26:
+                    f8:65:b7:3c:47:1e:cc:b2:36:f4:c3:df:40:76:5a:
+                    c3:71:46:02:18:ad:4c:6a:ea:53:e0:a0:0c:e9:c0:
+                    4c:bf:36:19:94:03:1d:d1:7c:20:32:66:7b:0a:38:
+                    10:24:1b:08:64:61:d8:ac:4f:90:c1:ca:fa:ee:21:
+                    1f:2d:5f:3d:84:a1:81:0e:67:49:5b:76:e9:55:4c:
+                    81:ab:1f:b8:ac:74:94:97:19:08:8e:5d:b2:d9:22:
+                    1a:f7:fd:e4:dc:16:ff:60:36:a6:c8:e0:fb:e9:0b:
+                    03:c6:50:ff:21:83:c3:bc:69:48:96:72:8c:6b:10:
+                    0a:cb:2f:7b:69:c6:5a:79:26:54:b8:05:25:c9:8f:
+                    bd:b9:9b:f0:82:b9:a6:4d:ea:19:7a:70:45:05:b6:
+                    d2:a6:22:82:96:2b:30:ad:f6:1f:28:90:62:c4:25:
+                    52:4a:26:dc:da:d3:9f:94:de:c4:f4:db:02:8a:27:
+                    0c:97:45:d7:ef:7c:5f:19:fa:4f:f2:41:cb:cf:18:
+                    c1:f1:b8:66:dd:81:23:4f:b0:ac:7a:04:11:39:55:
+                    63:e5:17:90:b1:7d:91:9a:76:88:11:9c:0e:09:dd:
+                    21:bf:30:d8:1e:30:9b:f9:51:9d:ab:0e:3a:99:a2:
+                    e6:ee:61
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                D1:3C:B5:F2:52:6A:AF:C3:03:D4:6C:B9:B3:51:86:8E:33:1A:F8:58
+            X509v3 Authority Key Identifier: 
+                keyid:C5:F4:E5:28:DE:7F:E8:EC:9B:F3:20:26:22:52:51:23:28:74:5E:A4
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-ANW-URB/name=VPN ANW-URB/emailAddress=argus@oopen.de
+                serial:DD:5F:A6:16:4B:9D:37:E9
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:chris
+    Signature Algorithm: sha256WithRSAEncryption
+         8e:bb:16:38:24:98:99:48:d3:f6:e2:7b:89:12:11:bd:68:ac:
+         42:b3:08:69:80:d6:af:45:c4:90:03:f8:39:d6:12:94:1c:13:
+         e4:98:ae:d8:09:1f:ff:d3:68:7d:fb:6b:9b:22:ca:37:c5:b4:
+         bb:10:a9:ff:b8:9a:fd:65:1b:d8:ce:35:ea:90:be:bf:60:fe:
+         f3:48:d0:64:7b:7d:e7:e3:97:61:b1:cd:a8:8e:94:e3:6a:8a:
+         20:0e:3d:91:b8:19:a6:c1:e7:6e:13:f7:4f:ec:cd:b1:6e:1a:
+         7d:eb:8b:e0:3e:e3:4a:91:08:42:89:cc:e6:06:e8:d2:3f:22:
+         93:5d:3b:b5:6e:9d:b6:39:35:d4:48:a9:d1:25:f4:17:d8:b7:
+         54:4e:9a:14:1b:6b:6b:2b:15:24:6c:b8:29:66:77:04:22:c6:
+         5d:50:87:b6:ff:f7:b0:cd:f7:05:6a:9f:e3:c7:23:03:d8:a6:
+         9a:83:d3:4d:9b:c5:80:5b:2d:96:8a:b1:b5:68:1f:2f:a7:65:
+         dc:ab:3a:18:cf:7b:e1:55:c4:f6:01:0d:df:41:c5:e5:c3:07:
+         0a:15:7e:0c:30:f1:8d:95:ff:a7:aa:9c:9d:27:1f:2a:3b:ee:
+         7f:9a:b1:51:74:35:e8:fe:df:af:d5:30:1a:cf:68:1e:1c:87:
+         02:15:73:0b:9d:44:2b:2b:36:c4:8a:b2:29:cb:ec:9c:c1:86:
+         bc:b8:db:70:9f:2b:9e:e4:4e:ca:83:43:42:1b:e3:cd:6d:aa:
+         be:c2:1f:79:12:99:34:9b:01:d0:d7:fb:73:46:f1:6d:cd:5b:
+         32:a5:4a:9a:e5:97:c4:92:8b:f6:fb:c5:7d:7b:ca:fe:b1:73:
+         70:27:05:c9:e0:2e:5b:c6:0c:b3:a2:08:30:20:5f:48:b0:82:
+         1a:35:b6:8f:ab:9f:26:7c:fc:89:71:59:ef:b9:06:10:49:33:
+         21:df:3d:9b:b2:a6:13:e1:0f:b2:aa:c4:18:ca:6f:a2:b8:cb:
+         56:ad:c1:4c:48:f1:84:81:10:a3:39:99:c7:66:8e:b9:18:55:
+         95:72:1d:90:74:b4:ad:94:b1:b9:09:0b:f8:33:25:a5:4c:3a:
+         66:cb:44:81:d3:91:dc:7d:de:b3:40:7b:01:14:f0:9a:29:4e:
+         a1:ef:f3:86:75:c8:58:8b:f2:7e:ac:23:95:d3:c2:a7:5c:0a:
+         f8:fd:43:f9:49:de:68:75:50:1a:20:9a:d4:ad:af:a3:92:50:
+         c0:e2:5a:6b:0e:2c:3f:fd:f5:08:47:a6:f4:c2:df:be:bf:f4:
+         ec:03:ef:cc:29:3d:10:66:08:77:66:a6:d8:57:be:bc:82:13:
+         57:95:3a:cc:c3:71:aa:6b
+-----BEGIN CERTIFICATE-----
+MIIHQDCCBSigAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1BTlct
+VVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
+b29wZW4uZGUwHhcNMTgwNzAxMTIxMzQ1WhcNMzgwNzAxMTIxMzQ1WjCBrDELMAkG
+A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
+VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGjAYBgNVBAMT
+EVZQTi1BTlctVVJCLWNocmlzMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqG
+SIb3DQEJARYOYXJndXNAb29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
+ggIKAoICAQCmaF8/xuke0DJtb9o+YbTcavESM+LsNxT4WNKymiE8Ai0ABVUxZq8E
+52XYnYNcaiavt/3ijmdDxQBOuMqU87dEke37mEh6Rqi5V7fwJ5kXPHNlhxDGDuHW
+dYXjD60IYrw1HYoI7QPYUUS0MsRX3oQtFknRmQZbHKQODToEMvsSE9ZiZGrioVxh
+5X8bcB0kIhN7vxD8P6Z4dPHcA6LXKuBfzt//LXMt3RK65a5i01S1SFM57nBj/e6n
+vhpBIbyEcap0FjXduNfI08QVuIxKkq1eHAOGTA5LbRixjYWSxO4B5AHIoBmQrbq8
+aVzDVn0RgvUd3dQVuYPNDvneJOrrSEYuneD8yl998+luSvE9JvhltzxHHsyyNvTD
+30B2WsNxRgIYrUxq6lPgoAzpwEy/NhmUAx3RfCAyZnsKOBAkGwhkYdisT5DByvru
+IR8tXz2EoYEOZ0lbdulVTIGrH7isdJSXGQiOXbLZIhr3/eTcFv9gNqbI4PvpCwPG
+UP8hg8O8aUiWcoxrEArLL3tpxlp5JlS4BSXJj725m/CCuaZN6hl6cEUFttKmIoKW
+KzCt9h8okGLEJVJKJtza05+U3sT02wKKJwyXRdfvfF8Z+k/yQcvPGMHxuGbdgSNP
+sKx6BBE5VWPlF5CxfZGadogRnA4J3SG/MNgeMJv5UZ2rDjqZoubuYQIDAQABo4IB
+bzCCAWswCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2VuZXJh
+dGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBTRPLXyUmqvwwPUbLmzUYaOMxr4WDCB
+2wYDVR0jBIHTMIHQgBTF9OUo3n/o7JvzICYiUlEjKHRepKGBrKSBqTCBpjELMAkG
+A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
+VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMT
+C1ZQTi1BTlctVVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJ
+ARYOYXJndXNAb29wZW4uZGWCCQDdX6YWS5036TATBgNVHSUEDDAKBggrBgEFBQcD
+AjALBgNVHQ8EBAMCB4AwEAYDVR0RBAkwB4IFY2hyaXMwDQYJKoZIhvcNAQELBQAD
+ggIBAI67FjgkmJlI0/bie4kSEb1orEKzCGmA1q9FxJAD+DnWEpQcE+SYrtgJH//T
+aH37a5siyjfFtLsQqf+4mv1lG9jONeqQvr9g/vNI0GR7fefjl2GxzaiOlONqiiAO
+PZG4GabB524T90/szbFuGn3ri+A+40qRCEKJzOYG6NI/IpNdO7VunbY5NdRIqdEl
+9BfYt1ROmhQba2srFSRsuClmdwQixl1Qh7b/97DN9wVqn+PHIwPYppqD002bxYBb
+LZaKsbVoHy+nZdyrOhjPe+FVxPYBDd9BxeXDBwoVfgww8Y2V/6eqnJ0nHyo77n+a
+sVF0Nej+36/VMBrPaB4chwIVcwudRCsrNsSKsinL7JzBhry423CfK57kTsqDQ0Ib
+481tqr7CH3kSmTSbAdDX+3NG8W3NWzKlSprll8SSi/b7xX17yv6xc3AnBcngLlvG
+DLOiCDAgX0iwgho1to+rnyZ8/IlxWe+5BhBJMyHfPZuyphPhD7KqxBjKb6K4y1at
+wUxI8YSBEKM5mcdmjrkYVZVyHZB0tK2UsbkJC/gzJaVMOmbLRIHTkdx93rNAewEU
+8JopTqHv84Z1yFiL8n6sI5XTwqdcCvj9Q/lJ3mh1UBogmtStr6OSUMDiWmsOLD/9
+9QhHpvTC376/9OwD78wpPRBmCHdmpthXvryCE1eVOszDcapr
+-----END CERTIFICATE-----
diff --git a/ANW-URB/openvpn/anwaeltinnen/keys/03.pem b/ANW-URB/openvpn/anwaeltinnen/keys/03.pem
new file mode 100644
index 0000000..a4c914a
--- /dev/null
+++ b/ANW-URB/openvpn/anwaeltinnen/keys/03.pem
@@ -0,0 +1,139 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 3 (0x3)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-ANW-URB/name=VPN ANW-URB/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Jul  1 12:18:17 2018 GMT
+            Not After : Jul  1 12:18:17 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-ANW-URB-undine/name=VPN ANW-URB/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:d7:e8:b3:67:8c:3f:70:c2:88:4e:cb:11:6c:c3:
+                    35:77:f3:ce:5b:71:ef:64:df:4c:fe:d6:2e:25:7d:
+                    52:d1:f5:0f:17:73:4b:f6:ef:d6:65:e7:a1:d8:7e:
+                    43:36:fd:f6:06:74:db:14:52:4f:d6:4c:be:c0:f0:
+                    6d:bc:38:b1:0e:f3:a4:49:83:d3:50:a7:69:d2:5c:
+                    2c:16:db:ad:cc:c7:f3:9c:d5:90:91:c7:ad:69:db:
+                    3e:2e:bb:9a:82:67:7f:4d:f4:c9:88:08:a0:42:8a:
+                    3d:4b:b0:a9:88:cc:02:b6:0e:24:0c:6a:64:a5:b4:
+                    d9:c7:bd:03:10:a5:3a:fd:17:e1:32:82:f1:fb:cc:
+                    67:4b:48:5b:41:af:01:b5:58:fb:31:22:15:84:2f:
+                    e4:5b:05:7a:f9:1b:8d:d9:73:18:ed:2d:41:07:1d:
+                    12:d4:14:25:92:9b:8f:48:39:0c:4c:43:54:aa:20:
+                    da:f5:36:4a:d7:ce:a4:5a:68:03:f2:a8:f6:ad:70:
+                    f1:34:03:ec:36:74:e9:76:2f:56:d7:37:02:a1:00:
+                    3b:90:69:3d:a6:09:1c:95:ed:a3:a3:02:04:fb:8c:
+                    e7:b3:db:9f:ff:a8:10:8c:a1:f0:29:54:fd:3d:35:
+                    21:4d:85:c2:41:cb:e8:07:d2:ce:d2:59:f8:0b:77:
+                    a1:f9:47:7c:37:bd:04:a4:be:2a:97:2b:c9:e0:12:
+                    79:7c:89:be:84:f0:ab:43:b2:f0:c3:57:a4:b9:6e:
+                    ae:85:7f:3d:41:20:82:d0:d5:d6:b1:27:07:86:28:
+                    a6:1f:d8:31:c3:59:46:1d:c2:5e:93:ad:1d:2f:bb:
+                    2e:11:a2:bb:59:45:75:b9:b7:df:0a:21:d2:f4:82:
+                    8a:77:6d:17:9a:98:d7:89:0a:69:c7:f6:2b:ec:c9:
+                    d5:c9:33:18:bf:38:58:b4:f8:c6:00:57:65:6f:f0:
+                    a1:e5:35:bc:f0:10:81:bd:73:4c:78:48:3f:71:eb:
+                    96:62:e3:03:44:a2:19:41:7e:90:fc:b2:a0:72:b8:
+                    28:6a:83:66:bb:48:75:d8:56:d1:f3:c7:01:a2:b7:
+                    55:e6:b9:76:a9:3d:6a:bd:ec:d3:2c:e0:bd:cf:07:
+                    de:02:6d:f2:3c:41:60:21:f2:2d:b4:85:5b:11:a2:
+                    cb:72:b4:c1:80:3b:46:f0:81:92:c4:42:6f:0b:85:
+                    c4:e6:57:82:fa:ac:0a:8d:de:0e:e5:ae:17:e4:f6:
+                    d4:60:68:b4:59:b4:ad:8d:00:d2:34:80:7d:aa:33:
+                    96:53:bf:fb:54:42:2b:50:63:af:b2:e2:f8:ba:7a:
+                    12:18:b9:d5:81:4b:67:b6:d2:c4:dc:8a:9c:ee:1e:
+                    e6:3c:5b
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                DB:7A:22:8D:C1:62:E0:D2:E4:FE:5F:7D:E0:4E:B5:39:DB:9F:98:E9
+            X509v3 Authority Key Identifier: 
+                keyid:C5:F4:E5:28:DE:7F:E8:EC:9B:F3:20:26:22:52:51:23:28:74:5E:A4
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-ANW-URB/name=VPN ANW-URB/emailAddress=argus@oopen.de
+                serial:DD:5F:A6:16:4B:9D:37:E9
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:undine
+    Signature Algorithm: sha256WithRSAEncryption
+         38:9f:46:d6:9f:8d:19:bd:a6:76:49:58:da:96:bf:32:61:ec:
+         1c:06:2d:c0:56:15:38:c4:f9:1e:c7:16:ca:68:a7:5f:c1:8b:
+         86:7b:9c:03:e6:47:2c:b6:ac:9e:0c:87:50:b9:f4:4d:9b:74:
+         1c:bc:d3:6d:c9:94:d9:2c:2a:17:36:0b:39:77:c1:6d:3d:25:
+         22:fa:cf:2e:b1:30:11:a1:6a:6a:25:af:b8:31:13:f9:32:c1:
+         51:48:97:ac:8c:2e:8d:44:a5:16:ff:5b:a9:df:ae:fe:5e:0b:
+         8a:6f:89:b7:3e:7f:cb:ae:5a:98:1c:e5:00:72:d6:ff:15:c5:
+         7d:3a:bc:ca:b1:e4:0f:f3:1b:f1:b8:22:c9:db:3b:13:fd:75:
+         3f:03:84:83:a2:65:4f:e6:7b:ba:2f:26:e1:b2:7e:69:55:90:
+         e2:66:2a:12:1c:05:42:58:29:bb:e3:e0:1c:6e:3e:9a:bc:39:
+         3f:d6:fd:e7:55:fb:7f:67:de:99:4d:26:43:39:39:24:b5:da:
+         14:e9:c0:df:1c:7b:93:55:07:14:d4:db:de:ef:90:59:79:95:
+         c5:07:72:d4:ca:23:5a:dd:6e:9e:6b:47:4f:01:20:69:d2:fa:
+         76:af:83:47:3a:32:ed:00:04:e9:ea:cd:55:7a:4e:c6:5f:b4:
+         11:aa:49:c9:d5:b3:db:7d:8e:9b:e6:1f:ad:6b:c1:4b:47:08:
+         3a:55:6e:74:a9:42:8b:f1:02:1c:96:c2:c6:73:d7:45:85:40:
+         46:08:05:bc:9b:19:14:2e:8d:29:0c:b2:24:a2:ca:62:12:58:
+         6d:7e:1f:b8:fe:c2:5c:27:b7:cb:46:a9:07:c6:c0:ef:7a:e9:
+         59:c0:c8:e0:08:2b:f5:59:dd:b5:88:df:e1:52:d6:bd:05:d5:
+         d4:f0:5c:2d:8d:1d:f7:44:1d:8f:7a:d8:ea:72:b1:48:10:d8:
+         63:1a:b2:55:18:18:c2:0f:da:2c:35:36:cc:70:cb:7e:31:67:
+         a5:d2:6a:e0:85:72:e0:14:2b:50:fa:52:85:58:7c:e0:c2:31:
+         b7:a7:df:25:8b:55:4f:b6:48:f2:66:66:0d:11:50:d8:4d:86:
+         00:e0:ec:3e:ec:39:0f:16:70:76:c2:86:69:e8:34:26:ba:d5:
+         fc:af:6b:fa:e1:e1:29:61:11:ab:9f:e1:e1:0e:dc:ef:58:31:
+         58:00:5b:93:53:bf:b1:60:d0:b0:3d:53:e8:be:fd:8b:50:f5:
+         61:dc:99:4f:17:6a:5d:32:62:0c:ab:22:77:94:ad:f6:4c:51:
+         a0:03:d7:03:fe:ce:85:bf:eb:0c:24:5c:1d:1f:28:10:9f:bc:
+         13:86:b4:c4:9d:12:54:2c
+-----BEGIN CERTIFICATE-----
+MIIHQjCCBSqgAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1BTlct
+VVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
+b29wZW4uZGUwHhcNMTgwNzAxMTIxODE3WhcNMzgwNzAxMTIxODE3WjCBrTELMAkG
+A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
+VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGzAZBgNVBAMT
+ElZQTi1BTlctVVJCLXVuZGluZTEUMBIGA1UEKRMLVlBOIEFOVy1VUkIxHTAbBgkq
+hkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
+MIICCgKCAgEA1+izZ4w/cMKITssRbMM1d/POW3HvZN9M/tYuJX1S0fUPF3NL9u/W
+Zeeh2H5DNv32BnTbFFJP1ky+wPBtvDixDvOkSYPTUKdp0lwsFtutzMfznNWQkcet
+ads+Lruagmd/TfTJiAigQoo9S7CpiMwCtg4kDGpkpbTZx70DEKU6/RfhMoLx+8xn
+S0hbQa8BtVj7MSIVhC/kWwV6+RuN2XMY7S1BBx0S1BQlkpuPSDkMTENUqiDa9TZK
+186kWmgD8qj2rXDxNAPsNnTpdi9W1zcCoQA7kGk9pgkcle2jowIE+4zns9uf/6gQ
+jKHwKVT9PTUhTYXCQcvoB9LO0ln4C3eh+Ud8N70EpL4qlyvJ4BJ5fIm+hPCrQ7Lw
+w1ekuW6uhX89QSCC0NXWsScHhiimH9gxw1lGHcJek60dL7suEaK7WUV1ubffCiHS
+9IKKd20XmpjXiQppx/Yr7MnVyTMYvzhYtPjGAFdlb/Ch5TW88BCBvXNMeEg/ceuW
+YuMDRKIZQX6Q/LKgcrgoaoNmu0h12FbR88cBordV5rl2qT1qvezTLOC9zwfeAm3y
+PEFgIfIttIVbEaLLcrTBgDtG8IGSxEJvC4XE5leC+qwKjd4O5a4X5PbUYGi0WbSt
+jQDSNIB9qjOWU7/7VEIrUGOvsuL4unoSGLnVgUtnttLE3Iqc7h7mPFsCAwEAAaOC
+AXAwggFsMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVy
+YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU23oijcFi4NLk/l994E61OdufmOkw
+gdsGA1UdIwSB0zCB0IAUxfTlKN5/6Oyb8yAmIlJRIyh0XqShgaykgakwgaYxCzAJ
+BgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0G
+A1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRQwEgYDVQQD
+EwtWUE4tQU5XLVVSQjEUMBIGA1UEKRMLVlBOIEFOVy1VUkIxHTAbBgkqhkiG9w0B
+CQEWDmFyZ3VzQG9vcGVuLmRlggkA3V+mFkudN+kwEwYDVR0lBAwwCgYIKwYBBQUH
+AwIwCwYDVR0PBAQDAgeAMBEGA1UdEQQKMAiCBnVuZGluZTANBgkqhkiG9w0BAQsF
+AAOCAgEAOJ9G1p+NGb2mdklY2pa/MmHsHAYtwFYVOMT5HscWyminX8GLhnucA+ZH
+LLasngyHULn0TZt0HLzTbcmU2SwqFzYLOXfBbT0lIvrPLrEwEaFqaiWvuDET+TLB
+UUiXrIwujUSlFv9bqd+u/l4Lim+Jtz5/y65amBzlAHLW/xXFfTq8yrHkD/Mb8bgi
+yds7E/11PwOEg6JlT+Z7ui8m4bJ+aVWQ4mYqEhwFQlgpu+PgHG4+mrw5P9b951X7
+f2femU0mQzk5JLXaFOnA3xx7k1UHFNTb3u+QWXmVxQdy1MojWt1unmtHTwEgadL6
+dq+DRzoy7QAE6erNVXpOxl+0EapJydWz232Om+YfrWvBS0cIOlVudKlCi/ECHJbC
+xnPXRYVARggFvJsZFC6NKQyyJKLKYhJYbX4fuP7CXCe3y0apB8bA73rpWcDI4Agr
+9VndtYjf4VLWvQXV1PBcLY0d90Qdj3rY6nKxSBDYYxqyVRgYwg/aLDU2zHDLfjFn
+pdJq4IVy4BQrUPpShVh84MIxt6ffJYtVT7ZI8mZmDRFQ2E2GAODsPuw5DxZwdsKG
+aeg0JrrV/K9r+uHhKWERq5/h4Q7c71gxWABbk1O/sWDQsD1T6L79i1D1YdyZTxdq
+XTJiDKsid5St9kxRoAPXA/7Ohb/rDCRcHR8oEJ+8E4a0xJ0SVCw=
+-----END CERTIFICATE-----
diff --git a/ANW-URB/openvpn/anwaeltinnen/keys/ca.crt b/ANW-URB/openvpn/anwaeltinnen/keys/ca.crt
new file mode 100644
index 0000000..ce142c8
--- /dev/null
+++ b/ANW-URB/openvpn/anwaeltinnen/keys/ca.crt
@@ -0,0 +1,39 @@
+-----BEGIN CERTIFICATE-----
+MIIG5DCCBMygAwIBAgIJAN1fphZLnTfpMA0GCSqGSIb3DQEBCwUAMIGmMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEUMBIGA1UEAxML
+VlBOLUFOVy1VUkIxFDASBgNVBCkTC1ZQTiBBTlctVVJCMR0wGwYJKoZIhvcNAQkB
+Fg5hcmd1c0Bvb3Blbi5kZTAgFw0xODA3MDExMTM2NTVaGA8yMDUwMDcwMTExMzY1
+NVowgaYxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJl
+cmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2Vz
+MRQwEgYDVQQDEwtWUE4tQU5XLVVSQjEUMBIGA1UEKRMLVlBOIEFOVy1VUkIxHTAb
+BgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOC
+Ag8AMIICCgKCAgEA0Eg3kuQNQbERkNaYwBm4/Q1FAnFg5p9kPFDoYrx+/Sm1XCAp
+dO4Ufs0ZqyGFhUMtKU2nNeKy21lPMR3sRIADlqX767FmNahMHsG6iJ87y2cEZKTD
+CWK15jNEwP54DzxTqSEO3VnmMnZqOrahPTyAsrT/HGnaair40FG3JKj1VzbERuaD
+u9OGKzGLFfZLTisGURAiU0yWKt9t6EbunXVheMmCv1n0ReKWF8W4lzPl7XNZnrN+
+uVr6PFYwgwWW9iyJF5gwBuWnk6gCMZ4dk7NJGX00rPn9tL9gj4OpSq4ab9B9iUTM
+9qtJRw859i8255TzyjGLrFxjdSVcr6jkKZXBqfPCc52PFsdtdi0Z3TaixY6q33NH
+QPjLwacFHqKqjmURYmEJ6SCQh+gy88ns+q1F6iGW/RJcYAr5aSfHCujvcqzWx7kQ
+Cm+M0e2or52GF7rni2RxuwN5VB+Rg8odDblXFJz8+Re2ogIjVJH3+SGO5THmWb2U
+vcQfZG8HS9qo/M7AfFAX8rJ9SGUE8IXd+ToLChNQQ+ve0BtELVxepb9Sa+qNrd1y
+KMgfexkCaI0FE8nrXyW/RcDuvczQu3Z4gUyimbGGR7OjCh0sbW/YKu/3Fa9TM5zB
+Y4ftr7hy3ZnHbJN+19n2UHfmtTr+ZgeAs7JwMynInof8BHhGv+kUum3crJsCAwEA
+AaOCAQ8wggELMB0GA1UdDgQWBBTF9OUo3n/o7JvzICYiUlEjKHRepDCB2wYDVR0j
+BIHTMIHQgBTF9OUo3n/o7JvzICYiUlEjKHRepKGBrKSBqTCBpjELMAkGA1UEBhMC
+REUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZv
+Lm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1B
+TlctVVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJn
+dXNAb29wZW4uZGWCCQDdX6YWS5036TAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEB
+CwUAA4ICAQCsVsSGmADWXv/lcH9sG+dIfQzq1b+gwlbdFPUX2Cc8zOnKwwKlG31k
+dupsmTz6e7kXNMbcaWkZmhC20SxnuVzuT0BxoCAplTZ64FxK+Z3ezjIj0UxEVS83
+m9uDUJ8Cqdcb/0sv05pPqvw3NL+VvNElyZKYsE8YqzlxNcM0GYpFlbO4mH9g1Oc/
+FChyxW0j1tdo/DDUypxOJni/nFETudequpeEAFI5rhOTu34uG2KZCXvKrPwO/NG9
+EmgTZJhEA2QLKBfBwfiWFIlFc1EOx9ZyjmIxt/iA2nQAB6nN7mp/RxuzHuLfqJcN
++4LpD/gl2vdmgTSgSWPsFthRZALW7U4pJew4vJeQZjhn/0KjSPCCkoLaAIW/xQrs
+4HgieQxO56ejaUzU+FdzU4MgWpZrl7i0OiZ6KiSH56PlutZhLyQha/P03IeXpSDs
+WdRVE6iQ24CLjIJ+B3C/T/YtAGEnm5L+Rw5bVcL4cIjkoQx0tVHE1OOcquYY78aA
+o1/oMkW/HRx7rGfbxykcnVOYyEegklSu4uSBIw2qrlA1Ug3wWpK+226+s2Rprpbs
+Y44VQIZ0c2ZFG2nrddoG1N+Uzse/577orfsXeMyEbShgnao4If13DKqPCNfayxmp
+4phyU0hy3UUIEc92FBH/GlOBbbxAozfH39GICmeFO6xTJDajKG0OTA==
+-----END CERTIFICATE-----
diff --git a/ANW-URB/openvpn/anwaeltinnen/keys/ca.key b/ANW-URB/openvpn/anwaeltinnen/keys/ca.key
new file mode 100644
index 0000000..2f9b498
--- /dev/null
+++ b/ANW-URB/openvpn/anwaeltinnen/keys/ca.key
@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDQSDeS5A1BsRGQ
+1pjAGbj9DUUCcWDmn2Q8UOhivH79KbVcICl07hR+zRmrIYWFQy0pTac14rLbWU8x
+HexEgAOWpfvrsWY1qEwewbqInzvLZwRkpMMJYrXmM0TA/ngPPFOpIQ7dWeYydmo6
+tqE9PICytP8cadpqKvjQUbckqPVXNsRG5oO704YrMYsV9ktOKwZRECJTTJYq323o
+Ru6ddWF4yYK/WfRF4pYXxbiXM+Xtc1mes365Wvo8VjCDBZb2LIkXmDAG5aeTqAIx
+nh2Ts0kZfTSs+f20v2CPg6lKrhpv0H2JRMz2q0lHDzn2LzbnlPPKMYusXGN1JVyv
+qOQplcGp88JznY8Wx212LRndNqLFjqrfc0dA+MvBpwUeoqqOZRFiYQnpIJCH6DLz
+yez6rUXqIZb9ElxgCvlpJ8cK6O9yrNbHuRAKb4zR7aivnYYXuueLZHG7A3lUH5GD
+yh0NuVcUnPz5F7aiAiNUkff5IY7lMeZZvZS9xB9kbwdL2qj8zsB8UBfysn1IZQTw
+hd35OgsKE1BD697QG0QtXF6lv1Jr6o2t3XIoyB97GQJojQUTyetfJb9FwO69zNC7
+dniBTKKZsYZHs6MKHSxtb9gq7/cVr1MznMFjh+2vuHLdmcdsk37X2fZQd+a1Ov5m
+B4CzsnAzKcieh/wEeEa/6RS6bdysmwIDAQABAoICAQCONbDUN6ehgc/Xj95t02JO
+TWAgAd/Ct3POBwQUXlVqb67nvwHvV5tg1JNBGDs9ORe9yspvbWDnibwbci3eu3U3
+yA8Q52g9HLMUkPvWyrod8DG8sg6E+wPtsHWyPE0nQe5xXSP0GKynKdjwS8AdupC4
+9AH3mYLK2JpYSmL8wev552fubPfnJ87E8SfhD/Bs582BTb3SGEmz7ifx33SOyBWM
+TjJaioXRrZsDkjmt636DOS4owK+2yRpwVfz7iLaBUPktxfiMzQM1OxJ8ZFQXg+NW
+ZvmvXWVPoxfABYpydhuQ2s7MCdDUXzFCNnBB2gzn4/jsxhVy0wYJd0Aoo+1dQ2Yd
+c+dYHEWjPM2k88ptNLJbEOjjoRwup8GhGe/8ERiUmEVcN9ugS+2mwpN6g2GV6wxl
+WTaRRUh/Pa0tTHux4w6oqffnyZwGAjwaa0coACbu9JQ1r2Oi8jFUBHPCCtQrY0uU
++F4mMACN8sndfeV+kTpaA1d8EkY8cRJbOVAIzBwcasenPzck1tZYE2nxZPXiQqBo
+oeOPM3RkCAi/BqvFMtIk2WJdoVS1pVLdRAWuXwEv4Y9XTvEq1T7MxTJJlWm2pi7n
+h/vGSEutGaPXalId7bH41D7bYzr5etuMJEaL+PoFl87EMJAS6+rPEtUiKdpILXPV
+AcxzmAjtup9i7QjMMiw3YQKCAQEA7N4fLi3nJ1vD+TGrzexU/jNP8mc/4Wf1YyRt
+tMIm+amHp74TGZFXXkilSD+v0Yopah+FCME7leSPNMZPTPlIveRqYxVciM6hxbJr
+k2+WBSi5rF32M4+/zrj1dYSneMB/yVdICK/i2pJdXuiWsblFdhYlkGH+n36VOUV+
+wLl7nZJ9Rejgeta+WuAEE+bmh/mIlCfRFuUIN0zZn5gx3ddjP0ZTpodzL9J7wtiF
+5wicqx9y9RWWYQUHSMo6r0qeW20DjX12Bx7zgPWhCveugqq6PzxeADitqjaiWrAj
+ZZwq2R12Bzf91/lIA4DgVYce1TV1+y4+whcv3spkrV/uH7dRqwKCAQEA4RsC9rfk
+M7xlhtZU9vUtmoTpEQeMrgGjCq2Yq+3OcfTgJWhq5EarlIPXkoZdWdLaJiQU7rxN
+6rWrmtvOmsND4t8/CMHsQ9uwFo+bCDBcCKvOgBnASDUbhdGFoBhH6TAWT8gvuNKv
+dbGtUDtZIVp/8YlwD2mkTFJt5ZG7dO3wll4XzpXd4xM9X4fmITMNIb1Rra42RkWm
+kZKhZ292++MULrlz+PHGZcCZcIVUE2dkeJq6YBCUWg0LzKvHopATmylYVjwllY1J
+F0qauRITIFVgU/6xlGtkRIQ585F3uN5s6tGJpUVgfKQ7RK6QKjHRvNqceJ6QvhH4
+jxcHFHBCLpkA0QKCAQB8B8+R8c1hiaazvPO2j3Lt7NaHGtOTZ0lSEcg0Z5nbD4+O
+IXSE5ds27plFnLum4E7RWBHkRLK7yYPHYbQynTIe5RVkLtJWfMSu7b9w43RN3UZk
+YItD8pjAWY+GauD61OnU9xQsIFWMmCm2Qdpu05HwxKYE1Ztrzu+6no5Bwp5dI1Df
+o5KwH/RrR3Q7K6Q5PUvsMHFHKMTFmEM4U4yBGoDIqD2zLKf/OZs+qvxqvtKytHQQ
+q64jvWtUDTjvgwYq34mFtFVyYx2kwHoEcS97EoUWCbk7KnKdd6BKFoNieITjTY75
+NrOAPPMdioVto6RchnLyBQQtw9B4O8i+FEZvayGjAoIBADkH+uw/EtX4uVA8JTKc
+U31+hv4Fh6LeT0x5RuDoUxGUFOXlWo+TSA1MieVZnXUQcqyPH66MjsEUXfHSFron
+Fp/4J6Q0XYOjuS0+HO0qM2cPADZ8T7b7nYl91/kDrdRqlnyIH28YEdQju+FD6AUH
+RLsRMw70mOetSqKLFY8+aWHvXOC+H4VUbowxhiCLKpyNto/mP2H2a4keOT5XgzG2
+Cnr8CWHc/4LwFO/pF7AC1fWoXefQy4U1IPQt4VpSXmVFSFgwzOTi8s2v3RtedPIQ
+L2OYd60+uByT04reJBL2Z2nmxJTWyudJRKrV/zhxfs32JQZ6Rfmh2/OExgprlpjv
+ssECggEBALQDTtW6rlIKde6C/STWWyOBqY7bw7z6ECdvqC5ZzSIfs7eBxUhL7ahe
+G/U0P5Jcw/sUo3xB2QnmCpSVYeiShpaPu6XC4JaxImF0GCGAtDitfCT7aKeYX16g
+uQ2AQn/cXb9sI5c+tG4ollurrigPoJCZSAZu23hNURofb/AalYUZMvtg+udi7x6d
+bQ2DT1Zy0B5X+cJm0/hTpkLa7NIyAkhAhMgvzdXq5WscX+y7MQFekWaXdJO4Fieh
+WJLOyxmwKiW9NnE9J7KAq/YDzrbhIu/mfeDlQk9Cm8jZEvQul6ND/fby8kRMxAPq
+9HcXkHjCoQ8f2pZaZZ36Q0XYt4gLoV4=
+-----END PRIVATE KEY-----
diff --git a/ANW-URB/openvpn/anwaeltinnen/keys/chris.crt b/ANW-URB/openvpn/anwaeltinnen/keys/chris.crt
new file mode 100644
index 0000000..050ef44
--- /dev/null
+++ b/ANW-URB/openvpn/anwaeltinnen/keys/chris.crt
@@ -0,0 +1,139 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-ANW-URB/name=VPN ANW-URB/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Jul  1 12:13:45 2018 GMT
+            Not After : Jul  1 12:13:45 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-ANW-URB-chris/name=VPN ANW-URB/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:a6:68:5f:3f:c6:e9:1e:d0:32:6d:6f:da:3e:61:
+                    b4:dc:6a:f1:12:33:e2:ec:37:14:f8:58:d2:b2:9a:
+                    21:3c:02:2d:00:05:55:31:66:af:04:e7:65:d8:9d:
+                    83:5c:6a:26:af:b7:fd:e2:8e:67:43:c5:00:4e:b8:
+                    ca:94:f3:b7:44:91:ed:fb:98:48:7a:46:a8:b9:57:
+                    b7:f0:27:99:17:3c:73:65:87:10:c6:0e:e1:d6:75:
+                    85:e3:0f:ad:08:62:bc:35:1d:8a:08:ed:03:d8:51:
+                    44:b4:32:c4:57:de:84:2d:16:49:d1:99:06:5b:1c:
+                    a4:0e:0d:3a:04:32:fb:12:13:d6:62:64:6a:e2:a1:
+                    5c:61:e5:7f:1b:70:1d:24:22:13:7b:bf:10:fc:3f:
+                    a6:78:74:f1:dc:03:a2:d7:2a:e0:5f:ce:df:ff:2d:
+                    73:2d:dd:12:ba:e5:ae:62:d3:54:b5:48:53:39:ee:
+                    70:63:fd:ee:a7:be:1a:41:21:bc:84:71:aa:74:16:
+                    35:dd:b8:d7:c8:d3:c4:15:b8:8c:4a:92:ad:5e:1c:
+                    03:86:4c:0e:4b:6d:18:b1:8d:85:92:c4:ee:01:e4:
+                    01:c8:a0:19:90:ad:ba:bc:69:5c:c3:56:7d:11:82:
+                    f5:1d:dd:d4:15:b9:83:cd:0e:f9:de:24:ea:eb:48:
+                    46:2e:9d:e0:fc:ca:5f:7d:f3:e9:6e:4a:f1:3d:26:
+                    f8:65:b7:3c:47:1e:cc:b2:36:f4:c3:df:40:76:5a:
+                    c3:71:46:02:18:ad:4c:6a:ea:53:e0:a0:0c:e9:c0:
+                    4c:bf:36:19:94:03:1d:d1:7c:20:32:66:7b:0a:38:
+                    10:24:1b:08:64:61:d8:ac:4f:90:c1:ca:fa:ee:21:
+                    1f:2d:5f:3d:84:a1:81:0e:67:49:5b:76:e9:55:4c:
+                    81:ab:1f:b8:ac:74:94:97:19:08:8e:5d:b2:d9:22:
+                    1a:f7:fd:e4:dc:16:ff:60:36:a6:c8:e0:fb:e9:0b:
+                    03:c6:50:ff:21:83:c3:bc:69:48:96:72:8c:6b:10:
+                    0a:cb:2f:7b:69:c6:5a:79:26:54:b8:05:25:c9:8f:
+                    bd:b9:9b:f0:82:b9:a6:4d:ea:19:7a:70:45:05:b6:
+                    d2:a6:22:82:96:2b:30:ad:f6:1f:28:90:62:c4:25:
+                    52:4a:26:dc:da:d3:9f:94:de:c4:f4:db:02:8a:27:
+                    0c:97:45:d7:ef:7c:5f:19:fa:4f:f2:41:cb:cf:18:
+                    c1:f1:b8:66:dd:81:23:4f:b0:ac:7a:04:11:39:55:
+                    63:e5:17:90:b1:7d:91:9a:76:88:11:9c:0e:09:dd:
+                    21:bf:30:d8:1e:30:9b:f9:51:9d:ab:0e:3a:99:a2:
+                    e6:ee:61
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                D1:3C:B5:F2:52:6A:AF:C3:03:D4:6C:B9:B3:51:86:8E:33:1A:F8:58
+            X509v3 Authority Key Identifier: 
+                keyid:C5:F4:E5:28:DE:7F:E8:EC:9B:F3:20:26:22:52:51:23:28:74:5E:A4
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-ANW-URB/name=VPN ANW-URB/emailAddress=argus@oopen.de
+                serial:DD:5F:A6:16:4B:9D:37:E9
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:chris
+    Signature Algorithm: sha256WithRSAEncryption
+         8e:bb:16:38:24:98:99:48:d3:f6:e2:7b:89:12:11:bd:68:ac:
+         42:b3:08:69:80:d6:af:45:c4:90:03:f8:39:d6:12:94:1c:13:
+         e4:98:ae:d8:09:1f:ff:d3:68:7d:fb:6b:9b:22:ca:37:c5:b4:
+         bb:10:a9:ff:b8:9a:fd:65:1b:d8:ce:35:ea:90:be:bf:60:fe:
+         f3:48:d0:64:7b:7d:e7:e3:97:61:b1:cd:a8:8e:94:e3:6a:8a:
+         20:0e:3d:91:b8:19:a6:c1:e7:6e:13:f7:4f:ec:cd:b1:6e:1a:
+         7d:eb:8b:e0:3e:e3:4a:91:08:42:89:cc:e6:06:e8:d2:3f:22:
+         93:5d:3b:b5:6e:9d:b6:39:35:d4:48:a9:d1:25:f4:17:d8:b7:
+         54:4e:9a:14:1b:6b:6b:2b:15:24:6c:b8:29:66:77:04:22:c6:
+         5d:50:87:b6:ff:f7:b0:cd:f7:05:6a:9f:e3:c7:23:03:d8:a6:
+         9a:83:d3:4d:9b:c5:80:5b:2d:96:8a:b1:b5:68:1f:2f:a7:65:
+         dc:ab:3a:18:cf:7b:e1:55:c4:f6:01:0d:df:41:c5:e5:c3:07:
+         0a:15:7e:0c:30:f1:8d:95:ff:a7:aa:9c:9d:27:1f:2a:3b:ee:
+         7f:9a:b1:51:74:35:e8:fe:df:af:d5:30:1a:cf:68:1e:1c:87:
+         02:15:73:0b:9d:44:2b:2b:36:c4:8a:b2:29:cb:ec:9c:c1:86:
+         bc:b8:db:70:9f:2b:9e:e4:4e:ca:83:43:42:1b:e3:cd:6d:aa:
+         be:c2:1f:79:12:99:34:9b:01:d0:d7:fb:73:46:f1:6d:cd:5b:
+         32:a5:4a:9a:e5:97:c4:92:8b:f6:fb:c5:7d:7b:ca:fe:b1:73:
+         70:27:05:c9:e0:2e:5b:c6:0c:b3:a2:08:30:20:5f:48:b0:82:
+         1a:35:b6:8f:ab:9f:26:7c:fc:89:71:59:ef:b9:06:10:49:33:
+         21:df:3d:9b:b2:a6:13:e1:0f:b2:aa:c4:18:ca:6f:a2:b8:cb:
+         56:ad:c1:4c:48:f1:84:81:10:a3:39:99:c7:66:8e:b9:18:55:
+         95:72:1d:90:74:b4:ad:94:b1:b9:09:0b:f8:33:25:a5:4c:3a:
+         66:cb:44:81:d3:91:dc:7d:de:b3:40:7b:01:14:f0:9a:29:4e:
+         a1:ef:f3:86:75:c8:58:8b:f2:7e:ac:23:95:d3:c2:a7:5c:0a:
+         f8:fd:43:f9:49:de:68:75:50:1a:20:9a:d4:ad:af:a3:92:50:
+         c0:e2:5a:6b:0e:2c:3f:fd:f5:08:47:a6:f4:c2:df:be:bf:f4:
+         ec:03:ef:cc:29:3d:10:66:08:77:66:a6:d8:57:be:bc:82:13:
+         57:95:3a:cc:c3:71:aa:6b
+-----BEGIN CERTIFICATE-----
+MIIHQDCCBSigAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1BTlct
+VVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
+b29wZW4uZGUwHhcNMTgwNzAxMTIxMzQ1WhcNMzgwNzAxMTIxMzQ1WjCBrDELMAkG
+A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
+VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGjAYBgNVBAMT
+EVZQTi1BTlctVVJCLWNocmlzMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqG
+SIb3DQEJARYOYXJndXNAb29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
+ggIKAoICAQCmaF8/xuke0DJtb9o+YbTcavESM+LsNxT4WNKymiE8Ai0ABVUxZq8E
+52XYnYNcaiavt/3ijmdDxQBOuMqU87dEke37mEh6Rqi5V7fwJ5kXPHNlhxDGDuHW
+dYXjD60IYrw1HYoI7QPYUUS0MsRX3oQtFknRmQZbHKQODToEMvsSE9ZiZGrioVxh
+5X8bcB0kIhN7vxD8P6Z4dPHcA6LXKuBfzt//LXMt3RK65a5i01S1SFM57nBj/e6n
+vhpBIbyEcap0FjXduNfI08QVuIxKkq1eHAOGTA5LbRixjYWSxO4B5AHIoBmQrbq8
+aVzDVn0RgvUd3dQVuYPNDvneJOrrSEYuneD8yl998+luSvE9JvhltzxHHsyyNvTD
+30B2WsNxRgIYrUxq6lPgoAzpwEy/NhmUAx3RfCAyZnsKOBAkGwhkYdisT5DByvru
+IR8tXz2EoYEOZ0lbdulVTIGrH7isdJSXGQiOXbLZIhr3/eTcFv9gNqbI4PvpCwPG
+UP8hg8O8aUiWcoxrEArLL3tpxlp5JlS4BSXJj725m/CCuaZN6hl6cEUFttKmIoKW
+KzCt9h8okGLEJVJKJtza05+U3sT02wKKJwyXRdfvfF8Z+k/yQcvPGMHxuGbdgSNP
+sKx6BBE5VWPlF5CxfZGadogRnA4J3SG/MNgeMJv5UZ2rDjqZoubuYQIDAQABo4IB
+bzCCAWswCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2VuZXJh
+dGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBTRPLXyUmqvwwPUbLmzUYaOMxr4WDCB
+2wYDVR0jBIHTMIHQgBTF9OUo3n/o7JvzICYiUlEjKHRepKGBrKSBqTCBpjELMAkG
+A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
+VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMT
+C1ZQTi1BTlctVVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJ
+ARYOYXJndXNAb29wZW4uZGWCCQDdX6YWS5036TATBgNVHSUEDDAKBggrBgEFBQcD
+AjALBgNVHQ8EBAMCB4AwEAYDVR0RBAkwB4IFY2hyaXMwDQYJKoZIhvcNAQELBQAD
+ggIBAI67FjgkmJlI0/bie4kSEb1orEKzCGmA1q9FxJAD+DnWEpQcE+SYrtgJH//T
+aH37a5siyjfFtLsQqf+4mv1lG9jONeqQvr9g/vNI0GR7fefjl2GxzaiOlONqiiAO
+PZG4GabB524T90/szbFuGn3ri+A+40qRCEKJzOYG6NI/IpNdO7VunbY5NdRIqdEl
+9BfYt1ROmhQba2srFSRsuClmdwQixl1Qh7b/97DN9wVqn+PHIwPYppqD002bxYBb
+LZaKsbVoHy+nZdyrOhjPe+FVxPYBDd9BxeXDBwoVfgww8Y2V/6eqnJ0nHyo77n+a
+sVF0Nej+36/VMBrPaB4chwIVcwudRCsrNsSKsinL7JzBhry423CfK57kTsqDQ0Ib
+481tqr7CH3kSmTSbAdDX+3NG8W3NWzKlSprll8SSi/b7xX17yv6xc3AnBcngLlvG
+DLOiCDAgX0iwgho1to+rnyZ8/IlxWe+5BhBJMyHfPZuyphPhD7KqxBjKb6K4y1at
+wUxI8YSBEKM5mcdmjrkYVZVyHZB0tK2UsbkJC/gzJaVMOmbLRIHTkdx93rNAewEU
+8JopTqHv84Z1yFiL8n6sI5XTwqdcCvj9Q/lJ3mh1UBogmtStr6OSUMDiWmsOLD/9
+9QhHpvTC376/9OwD78wpPRBmCHdmpthXvryCE1eVOszDcapr
+-----END CERTIFICATE-----
diff --git a/ANW-URB/openvpn/anwaeltinnen/keys/chris.csr b/ANW-URB/openvpn/anwaeltinnen/keys/chris.csr
new file mode 100644
index 0000000..f83d184
--- /dev/null
+++ b/ANW-URB/openvpn/anwaeltinnen/keys/chris.csr
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIE8jCCAtoCAQAwgawxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMRowGAYDVQQDExFWUE4tQU5XLVVSQi1jaHJpczEUMBIGA1UEKRML
+VlBOIEFOVy1VUkIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIICIjAN
+BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEApmhfP8bpHtAybW/aPmG03GrxEjPi
+7DcU+FjSspohPAItAAVVMWavBOdl2J2DXGomr7f94o5nQ8UATrjKlPO3RJHt+5hI
+ekaouVe38CeZFzxzZYcQxg7h1nWF4w+tCGK8NR2KCO0D2FFEtDLEV96ELRZJ0ZkG
+WxykDg06BDL7EhPWYmRq4qFcYeV/G3AdJCITe78Q/D+meHTx3AOi1yrgX87f/y1z
+Ld0SuuWuYtNUtUhTOe5wY/3up74aQSG8hHGqdBY13bjXyNPEFbiMSpKtXhwDhkwO
+S20YsY2FksTuAeQByKAZkK26vGlcw1Z9EYL1Hd3UFbmDzQ753iTq60hGLp3g/Mpf
+ffPpbkrxPSb4Zbc8Rx7Msjb0w99AdlrDcUYCGK1MaupT4KAM6cBMvzYZlAMd0Xwg
+MmZ7CjgQJBsIZGHYrE+Qwcr67iEfLV89hKGBDmdJW3bpVUyBqx+4rHSUlxkIjl2y
+2SIa9/3k3Bb/YDamyOD76QsDxlD/IYPDvGlIlnKMaxAKyy97acZaeSZUuAUlyY+9
+uZvwgrmmTeoZenBFBbbSpiKCliswrfYfKJBixCVSSibc2tOflN7E9NsCiicMl0XX
+73xfGfpP8kHLzxjB8bhm3YEjT7CsegQROVVj5ReQsX2RmnaIEZwOCd0hvzDYHjCb
++VGdqw46maLm7mECAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4ICAQAJQJ250AtBCmWI
+rrPA+q86l6SoYbQ2LAIsz8rKGikQNOUReXMVp8Skt/GdTYLNKLxoq4Tv6dSjNJtK
+lEQf/HjqYlXx/plE43Bg/WRGNfkjr2OcYdhDdXg9UHoj6bkOzETHlorUH4Lwqx6B
+ODXyYCsiT3m/ofbZjOwzj1a76rMfpZEn0l56S27eQDpsIAhGHzO1w9rkIuYXRWTU
+GcwAOIGzepjsvev5JB7BYq/qkCIwxQqc6GLS1XHr0op8+VMh75QN2deds3kxmab+
+lJBMce6OAZ4fmB7zZrQ3zjGjZPGnJMdap2ywHp/xjpHm57PEaltq8RUACh/dr9VN
+8q0/EKjQElzwqkxqKC6c41KZa1eNM/gON9BTcZBLaZKVQKTyUAQ8v+BeQ17MCrD9
+jWZfCENVSESdLlspb7uiciLJI0HwL7cKBzP5204LElroxDOqayZ4RA/Z49yMw4jd
+EZHtWabs+xg1MWv/+1hBbRbjf5acB1YGkOLoxCEq7l8z6mYgwgxN5jp5JqPKFj/P
+QMCLKXGPXZKyxIcMs+GdfxXun900pu/BMgO6Y+uHKdIVV7uGZbtQjqwTU8j/kNa6
+7Ikr1RQCr9uZ/tNt61K5IZnT6bxIwSxdk1YVp8+3FVTZkHGor4Sk15Mvs8uZ5GL2
+x3A4ageabACHGXCnVHH9xF6gPnkO+Q==
+-----END CERTIFICATE REQUEST-----
diff --git a/ANW-URB/openvpn/anwaeltinnen/keys/chris.key b/ANW-URB/openvpn/anwaeltinnen/keys/chris.key
new file mode 100644
index 0000000..b330ee1
--- /dev/null
+++ b/ANW-URB/openvpn/anwaeltinnen/keys/chris.key
@@ -0,0 +1,54 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJljBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIwgpZYNPhKv4CAggA
+MBQGCCqGSIb3DQMHBAhMWcosg1DkggSCCVBPbBDQJAZKMbPsp1qwJQL09RpZgtpp
+y93DH+BlfoqK8Yvn2P1FUUSK7gtHtg7dL7MJyXzQSusx7rd62wMTPDPOCf2p5S50
+EngLGOwuS6mQtYXHSxl1+RIJxkTJzCOkeiFYZ2eXwhC1iTCZzAMuRNoY7dSQWMtP
+mkJEcjA5xlSXGc9YZHE9T9TtKPHF3l6QJk9y7iT0CUF1PjAoSijGreuUMvK6t7FM
+Bv+yurbXC03v7Bmsb+m3zDUSOzsDtDGWChP4v9kAGjv+wDNY44fI4nD3B2oJrGzu
+QRqmuv/LqYJc5/4M2MoasJD7mc7JxNqf4CiY01exgVnALEb8mm1GLu3b0dyf0H08
+N4tJl+6kctl7nIxux943o5CXSenBjRbiTys/Hsv5iUhlzLKBxrAiVACIDnOy6LLE
+Z1xpWw+kGPNk95v61wxrO+k7wie3rAjLGwSjlgE/ukmBoF+t/huyB/5Uax0OMMQU
+ju50r7HGaKiNLGi97pdr56fmRquFzxfbAoToZckwBHd4ga0DMFoHylnOo4fzwmL6
+BAJg/kBDfn16rjGCwg90CF9hLyEnOyppAqTwqXQyDAWOFJaXSArea/Tvvo6sTK92
+maKSLXhu9wHOWgti7IE3/tz/DUkXeTMvAms+C7ho24E9VgRi+1l6r92A9eeSAO6L
+/d13e5jOfQ0NUvNpn0VyzwgKJK+LB4br7DveehUtTr4RVgH5x2ulzmsEeDEvlH4a
+RYV7uDCG+f2IHieNsn4jI2yxZTVv1VhtPWQJdsFFJ2wmTHwnU+wDmeTBAaucB6E9
+8swykBViLQwWzy3prBonDz2+1jAzMTvCeasZwEovSxgVtrMCOH/vobotMW/YVHtC
+TBYNtX+1Sc3er06LdhsXn6BpmNiGck3jqOYPZDihX38viOfzFg0vy60r39TyLBX9
+VFTepVPNDvG4NdLoqibbt70ik2L9y2igL60jb4hPIjWhN7kgmA033PkhPUb/FR0P
+c7vGAtKpZ8OWWlGMMzURYchspfkMfeZ8fPyyk8kHm8nKQ0+sICy8IqNqK0bitS95
+nIkGrohRasxBN0eqth4aofP+uLwsUagrd+ceFWNr0+F4xoqtyLVy/iq6XJytZniW
+8cth2X/U1GwZ/6F0SdylXLbPhVHCcPvlowCVVBR0wScxRH3WjDj5lk9uHX0bPYTA
+Sl1cuheFGMUSA/77t64yiSEHewW0H/DRSuNPMOS1zLMQ/L5c+kPPHLKRFqJCkPc2
+rvsqKxKgvlmwCziMVgJQ0ndfET7m7UY8xUhlja3tsDG9bvPey6b2ZzZUpuRCAcck
+MfTZeHkUhONkI8WLooedSjMO/mavwO8wqotCdHnO2FDvYZhFeEoQYqtT5jCD5kJC
+D0RA/mCN0HMntedYZb+1N8GTIFnNwqCZzh4+QD8Am/iKd3HqO1SgxAbEAAkxyK7O
+pMo/pzQQW22+Th+yOLBeKRMOL6jdy3di/mId6XXq4DNn3kRsHFsRSVXaWfAabzxB
+Lr4qGlv2cIOlxjWcaSI8ldeoazDKmA8vzeQzbK6fGu9QgAKh+i7443blPp8J5Ms6
+6hz7NK/H39CRNK4B+WIMswHSokSn99SfiC+3sOGgHXXNlqlRwvp7r5OUQ1uP8wLm
+D6g22sO1BzYZOVbocyeVyrLEBjpY3kzaQDR2h/Ts8Y3urH3crY5IB4ZEf7CT4XdI
+Qu8cYJNM87ifrrKNC6ZyenVtmAGMjpu6yXAxyEb+qDQnBioCOdX5knYnsOpWHBWG
+lBpdL5SSbXxH0UWlLbMiIdO9NhNKZ27OtjXp2rlxOJMVryYdWtgDp4phmvI1cgV5
+Qo6cUxS4IG0nHFsEfOHO56xnQGyt5tKHTjg9xtDjgLz2gBknjK1KcUfdZ1PZshef
+08Y0DeubeFAi95JwB8NcZYEf3P01JH4c55Z9fVfWzhb04mX1fdHz9O/XqCMymiIv
+C39gqMk96mPGamaN2wVt2twbnUtoA83E3m1dxk94sKxmFugkvlN1w4XjPEw2Wwba
+cQj3Or3E6CtWsAo/5wlQZypvVkknjfyFZRYWb4dGX0tCPdNLrkArkpABTi7XrgYC
+MFw1FX/Q2axEYFYUAb3XjDULlqa6ot3HDfJLll2Tqt65dj7sf/655n/oMU6deV/d
+VKJzHvTwRmYFQyMYYA4LB6pVuSAL7r4L0ObHolt+Lq7KQpShjZwzL9GGzsD8nA6B
+YRczfnTJRp+KZ4Nxgm5vm/UDhvUmGavqhkCnAHfPEj6wgrMsc0vyujbOo50lXH87
+YbscsJqDFsnB+Ym5K+bD8X6cgO66PC2qQIngDuHyPm57l/FdbdAFbWQaDiv8Yojo
+PnU8LisFXOv0h4ESa83zSUw9YRhMFcPR5yh28iYlVDWJjd9VoXgOoR6YGwTkV/wy
+4CkQVIFznftkZXaZYrsfU/GaR1LjGxwu9TlLzt8hAqbgvzbGXvUn0zF7HF2OrMoX
+OTUr/ptuF8qzq2JMzBlCla7tp1cmBR8NFd1ZUQVat95OEG5U9aMvHjHIZGpw0gcx
+3PavXizCvjgsl8aHSeTRPBxS1ajzXont/RjRO5SOVj1y8jzvd8suCWCjkB6XeJI7
+1kZAz2STCxq7k2uwpYmFMcyu3RCISoyWFAvpNY298RtsvJexyj3iWiVNPRgEDfSy
+mncxifB/TZKofpHe3+ZM6uEbiKE3eivIZVFRTC3p3qN+WTMrgzQinADQZTwzBnJz
+/BzO3iejgI6URhx62F3OVJOaG16pYNJ+RT1gHFl/icozVOPXjSDgtjztDVKMhqd/
+0oRCCCt5RBy5T6ufUpoJJ6rZsRRITthb+u7YhFZuuYcPCPcC1UF43SjXXitf00Av
+ImlNi6F9FyQU8HZ8nMuOzcDv2E109g1nyisPnUTuBd5tPzVwHI5+ZdAWTYyGurDR
+P+s+56COnfo68wcmPuEHSBqQjBD+8Tlkf0NS0g55uYiszULvWO74i0UEi0TXyd1b
+sFXDbiUk7fIW5kWCzwaEgECTWAHNr52IpoF/5WEHCNaV2uDg7t5QLDMwVk3bJe2z
+CODdkX5frI/HNkZwn7Ywq7uu+T2ADFSqRmjputFp/VjOuQICyJ0xL3vl51vn11FL
+lj3hkBwxfHPZyugbwD9OkXInyr1du0h/aOoCauf2DX9IzAb48Xt0E0P0TiCUZJY0
+WO3Ph1v2Ieg0Vg==
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/ANW-URB/openvpn/anwaeltinnen/keys/crl.pem b/ANW-URB/openvpn/anwaeltinnen/keys/crl.pem
new file mode 120000
index 0000000..d00f007
--- /dev/null
+++ b/ANW-URB/openvpn/anwaeltinnen/keys/crl.pem
@@ -0,0 +1 @@
+../crl.pem
\ No newline at end of file
diff --git a/ANW-URB/openvpn/anwaeltinnen/keys/dh4096.pem b/ANW-URB/openvpn/anwaeltinnen/keys/dh4096.pem
new file mode 100644
index 0000000..6b79efe
--- /dev/null
+++ b/ANW-URB/openvpn/anwaeltinnen/keys/dh4096.pem
@@ -0,0 +1,13 @@
+-----BEGIN DH PARAMETERS-----
+MIICCAKCAgEAkb98/ZYPH87EHpUo6LatlbDgwe/tquFxg8EnrgAGaHrQMWDnSOvm
+A1rXnnpql+avwnloGIqrQ+HjWMLq7KEBYc2W0KN37/qTQw0X7NPixQgDfaeainjQ
+TpcAdjKcLCVeHd7J0aiKC/C1u1vRBCf14+wd0NZK7PXCRY8Ggft7hc0ya//riD+s
+R4v1A1XXdMkns/YJMKzvvGEvV6IOlFuLUbbU6kYCUjVWDqsvNaRZpGuIiMis1e1l
+PRtmIHGlhw/phKgK42ct5OIv2fjTkgg+u31ljptBBr6524HePx8ArifYySHIkk66
+O6NeTQpX0VSqs4gpSgAQYAZS5M8DwMrMykmZml1PJkotevBP2YswNvTxwDRosaVu
+1u0vJknjPyXnf+BvB9mbcZBVLqJ9YwdjxfVT5biIFVty7V5Oavxkn0zGdH+72eTT
+t2FdyTx36Xwl/cRxeXENpVa4xsd7b1zxLLHP9gVHadrTsScplsiZcYZaxrMufuIp
+r/I3W9FAgG8zxvnwNRPEjvqLEwuvgo0Ab3bQcl/Sz7Z36lo6TRS8y4V7uZdmdJ+w
+92VxbVPFCb27veqrXooZJY5wVAkxdeG7NyS/MScC1JjpmqMK/fTcwfWzA0EH/k8Y
+rEv324x/7ZK7gf9mNw21CcXHfBidZhyaU0imHQ5KhUOQS11xHQDqN4MCAQI=
+-----END DH PARAMETERS-----
diff --git a/ANW-URB/openvpn/anwaeltinnen/keys/index.txt b/ANW-URB/openvpn/anwaeltinnen/keys/index.txt
new file mode 100644
index 0000000..747904e
--- /dev/null
+++ b/ANW-URB/openvpn/anwaeltinnen/keys/index.txt
@@ -0,0 +1,3 @@
+V	380701115013Z		01	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-ANW-URB-server/name=VPN ANW-URB/emailAddress=argus@oopen.de
+V	380701121345Z		02	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-ANW-URB-chris/name=VPN ANW-URB/emailAddress=argus@oopen.de
+V	380701121817Z		03	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-ANW-URB-undine/name=VPN ANW-URB/emailAddress=argus@oopen.de
diff --git a/ANW-URB/openvpn/anwaeltinnen/keys/index.txt.attr b/ANW-URB/openvpn/anwaeltinnen/keys/index.txt.attr
new file mode 100644
index 0000000..8f7e63a
--- /dev/null
+++ b/ANW-URB/openvpn/anwaeltinnen/keys/index.txt.attr
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/ANW-URB/openvpn/anwaeltinnen/keys/index.txt.attr.old b/ANW-URB/openvpn/anwaeltinnen/keys/index.txt.attr.old
new file mode 100644
index 0000000..8f7e63a
--- /dev/null
+++ b/ANW-URB/openvpn/anwaeltinnen/keys/index.txt.attr.old
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/ANW-URB/openvpn/anwaeltinnen/keys/index.txt.old b/ANW-URB/openvpn/anwaeltinnen/keys/index.txt.old
new file mode 100644
index 0000000..1247928
--- /dev/null
+++ b/ANW-URB/openvpn/anwaeltinnen/keys/index.txt.old
@@ -0,0 +1,2 @@
+V	380701115013Z		01	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-ANW-URB-server/name=VPN ANW-URB/emailAddress=argus@oopen.de
+V	380701121345Z		02	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-ANW-URB-chris/name=VPN ANW-URB/emailAddress=argus@oopen.de
diff --git a/ANW-URB/openvpn/anwaeltinnen/keys/serial b/ANW-URB/openvpn/anwaeltinnen/keys/serial
new file mode 100644
index 0000000..6496923
--- /dev/null
+++ b/ANW-URB/openvpn/anwaeltinnen/keys/serial
@@ -0,0 +1 @@
+04
diff --git a/ANW-URB/openvpn/anwaeltinnen/keys/serial.old b/ANW-URB/openvpn/anwaeltinnen/keys/serial.old
new file mode 100644
index 0000000..75016ea
--- /dev/null
+++ b/ANW-URB/openvpn/anwaeltinnen/keys/serial.old
@@ -0,0 +1 @@
+03
diff --git a/ANW-URB/openvpn/anwaeltinnen/keys/server.crt b/ANW-URB/openvpn/anwaeltinnen/keys/server.crt
new file mode 100644
index 0000000..a8277fd
--- /dev/null
+++ b/ANW-URB/openvpn/anwaeltinnen/keys/server.crt
@@ -0,0 +1,142 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-ANW-URB/name=VPN ANW-URB/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Jul  1 11:50:13 2018 GMT
+            Not After : Jul  1 11:50:13 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-ANW-URB-server/name=VPN ANW-URB/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:9a:fc:0b:94:9f:83:ea:2d:cc:b3:5a:74:89:c9:
+                    b0:32:ce:38:07:f1:1f:47:04:a1:0c:b1:b9:c3:2f:
+                    e8:31:a9:0b:df:ca:59:16:5f:13:40:c2:89:56:47:
+                    90:b3:b8:d8:06:92:df:ae:05:70:d7:c1:95:57:9c:
+                    2d:d6:2a:77:28:40:5b:80:45:4d:dc:79:02:18:14:
+                    97:b7:83:26:b5:37:ab:85:b6:a1:4a:3e:87:9c:c4:
+                    0e:ab:54:e2:99:f3:11:52:50:89:40:6f:79:e3:12:
+                    40:5e:b6:ea:08:53:68:6a:21:7a:24:20:f9:89:c1:
+                    e0:5b:9c:3f:16:80:f1:d6:d2:6e:e5:85:02:e6:79:
+                    18:27:d2:26:f0:e3:30:94:0d:f9:72:d0:f8:c6:18:
+                    d2:4d:a9:b8:64:ab:35:8b:1b:35:5e:0f:9c:2a:d4:
+                    6e:23:34:fa:e2:35:e5:7e:fc:6c:2c:3a:d1:79:cf:
+                    2c:a1:c5:da:a6:f9:ea:26:49:76:09:40:fd:0d:e2:
+                    9b:89:47:ab:ce:5d:a5:a7:ec:d3:14:15:be:b9:e0:
+                    67:25:7d:fa:0d:8a:f8:b0:02:92:2a:f6:80:f1:ac:
+                    e3:d5:41:11:c2:53:e5:a5:8e:28:03:b7:76:ba:94:
+                    28:53:52:fa:58:ad:ad:d2:3d:2d:b0:b2:94:8d:75:
+                    42:a3:97:3b:e1:89:19:e0:f8:46:04:79:17:6b:59:
+                    7c:fa:9a:0a:da:59:1b:a2:f5:bb:45:04:0f:f1:d5:
+                    2e:7b:57:b9:ee:d5:5c:f1:88:75:12:d6:73:1e:6a:
+                    dc:94:e0:0b:e6:0b:5a:1e:74:e8:65:1e:0a:10:ef:
+                    b8:81:3a:58:3f:fe:19:af:1b:cd:93:98:70:f5:22:
+                    ea:7a:d2:30:b1:0d:cb:76:44:14:9e:fa:19:1b:2a:
+                    d3:67:1f:55:8a:39:c5:5d:d7:a4:67:3b:31:ee:19:
+                    4e:d0:6c:7d:26:18:e4:14:a8:70:f8:a1:14:1d:e3:
+                    7e:27:0d:ad:38:39:79:7a:73:94:fd:ae:c4:70:6e:
+                    82:a1:f6:a0:b2:2d:54:cc:56:d4:76:5d:36:40:19:
+                    32:ab:58:23:1e:0e:a5:b0:3f:87:7a:59:4a:f6:2d:
+                    3c:0a:64:8b:a8:1e:54:12:3d:34:bf:33:6b:78:a7:
+                    0c:38:dd:78:6f:e3:97:ad:bd:c9:89:69:50:3a:e9:
+                    ff:2e:0e:93:5d:73:80:22:e1:33:e0:a6:9e:95:cc:
+                    d6:a2:93:19:37:0f:40:95:c1:27:6d:1c:0d:5c:84:
+                    7b:29:d0:ab:1d:63:fc:87:cf:74:01:df:b4:9f:82:
+                    6b:2a:8e:1c:c0:9d:ff:c7:24:ee:fb:c3:a1:54:98:
+                    8c:b6:3f
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Server
+            Netscape Comment: 
+                Easy-RSA Generated Server Certificate
+            X509v3 Subject Key Identifier: 
+                6D:8B:55:0E:DB:C6:58:D5:DD:1B:1F:2F:BA:81:09:D0:C0:3C:36:AC
+            X509v3 Authority Key Identifier: 
+                keyid:C5:F4:E5:28:DE:7F:E8:EC:9B:F3:20:26:22:52:51:23:28:74:5E:A4
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-ANW-URB/name=VPN ANW-URB/emailAddress=argus@oopen.de
+                serial:DD:5F:A6:16:4B:9D:37:E9
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+            X509v3 Subject Alternative Name: 
+                DNS:server
+    Signature Algorithm: sha256WithRSAEncryption
+         75:3e:fb:6f:7e:2d:18:5f:3d:09:31:66:b2:75:25:cd:bd:72:
+         2f:61:17:87:4a:f9:d4:ac:15:f2:9f:75:0d:fd:90:0f:b4:d6:
+         aa:79:d8:6a:44:86:e2:ab:5e:3c:1b:22:79:52:a3:da:8c:41:
+         c5:17:b6:e3:07:78:04:06:1e:4b:d0:cf:96:50:4c:07:67:df:
+         5b:8f:77:e9:6b:7a:c4:8a:4f:d5:81:69:b5:01:d6:42:34:69:
+         be:d4:6d:40:39:62:6d:49:31:ff:b7:86:95:31:b1:95:52:ae:
+         98:c2:fa:9e:b4:1e:90:2e:8e:29:6e:e9:01:e7:83:56:4d:49:
+         3f:52:2e:b4:9b:a2:72:1b:1b:fd:19:a5:03:ca:01:d0:95:9f:
+         56:fd:4e:a0:d8:58:c3:b4:f7:1f:ba:79:21:ab:5b:a0:35:d8:
+         af:a7:2e:41:b7:ab:1b:e1:63:88:ed:fb:2b:f8:4f:49:b5:b2:
+         07:94:92:59:dd:db:c2:d6:53:fc:27:3f:0b:09:25:17:53:76:
+         ee:60:77:d7:b5:4e:46:41:f0:a3:cd:9c:71:16:b4:f2:c4:85:
+         20:43:e0:37:b2:8d:fb:ce:85:07:44:f8:0d:05:a5:5b:68:85:
+         31:7b:0e:1c:7e:03:f4:13:a1:2e:3f:1f:18:71:b4:36:7a:d6:
+         f3:ba:5b:32:67:aa:05:d2:00:fd:dc:4f:9e:83:cc:81:9b:e9:
+         ad:57:7e:b5:ec:53:63:7f:7e:59:e7:0c:98:14:e6:2b:2a:c1:
+         de:f7:3a:c3:14:8b:5f:3a:d3:07:6d:bb:61:09:53:b9:77:17:
+         30:c5:91:7a:c4:94:38:0a:27:c2:20:80:8c:03:b4:95:1e:e1:
+         81:7c:99:d8:dd:79:94:ae:84:2f:6f:35:6a:67:3d:fc:3a:c4:
+         d3:77:ca:85:5d:7a:be:12:e9:a7:c9:e7:bf:25:82:69:a0:06:
+         18:12:b0:e1:84:2b:94:b6:2a:48:0c:93:19:b5:cf:09:13:72:
+         ff:cc:9e:e4:b5:56:f7:b4:c8:93:6d:bd:0c:0c:1b:42:34:2c:
+         59:7a:21:c0:3c:cb:4f:4f:f3:0c:29:d0:56:05:1a:46:58:93:
+         0e:d3:40:e3:b1:9c:04:58:84:e0:cc:bd:0e:fa:99:15:09:b0:
+         c5:50:aa:1f:8a:70:fb:2d:ac:c6:b6:7b:00:4c:07:ab:b0:00:
+         0b:2e:2c:0e:e2:0c:99:cb:c1:9f:9c:a1:53:95:9c:d1:5e:31:
+         af:ee:79:b8:22:62:2c:c1:de:0c:f1:7f:6e:c3:c7:ad:76:c1:
+         0b:74:05:13:7b:1a:97:90:27:0a:e3:3f:ae:4a:c2:d4:04:30:
+         2c:bb:ac:fe:00:f7:e8:e1
+-----BEGIN CERTIFICATE-----
+MIIHXDCCBUSgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1BTlct
+VVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
+b29wZW4uZGUwHhcNMTgwNzAxMTE1MDEzWhcNMzgwNzAxMTE1MDEzWjCBrTELMAkG
+A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
+VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGzAZBgNVBAMT
+ElZQTi1BTlctVVJCLXNlcnZlcjEUMBIGA1UEKRMLVlBOIEFOVy1VUkIxHTAbBgkq
+hkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
+MIICCgKCAgEAmvwLlJ+D6i3Ms1p0icmwMs44B/EfRwShDLG5wy/oMakL38pZFl8T
+QMKJVkeQs7jYBpLfrgVw18GVV5wt1ip3KEBbgEVN3HkCGBSXt4MmtTerhbahSj6H
+nMQOq1TimfMRUlCJQG954xJAXrbqCFNoaiF6JCD5icHgW5w/FoDx1tJu5YUC5nkY
+J9Im8OMwlA35ctD4xhjSTam4ZKs1ixs1Xg+cKtRuIzT64jXlfvxsLDrRec8socXa
+pvnqJkl2CUD9DeKbiUerzl2lp+zTFBW+ueBnJX36DYr4sAKSKvaA8azj1UERwlPl
+pY4oA7d2upQoU1L6WK2t0j0tsLKUjXVCo5c74YkZ4PhGBHkXa1l8+poK2lkbovW7
+RQQP8dUue1e57tVc8Yh1EtZzHmrclOAL5gtaHnToZR4KEO+4gTpYP/4ZrxvNk5hw
+9SLqetIwsQ3LdkQUnvoZGyrTZx9VijnFXdekZzsx7hlO0Gx9JhjkFKhw+KEUHeN+
+Jw2tODl5enOU/a7EcG6Cofagsi1UzFbUdl02QBkyq1gjHg6lsD+HellK9i08CmSL
+qB5UEj00vzNreKcMON14b+OXrb3JiWlQOun/Lg6TXXOAIuEz4KaelczWopMZNw9A
+lcEnbRwNXIR7KdCrHWP8h890Ad+0n4JrKo4cwJ3/xyTu+8OhVJiMtj8CAwEAAaOC
+AYowggGGMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMDQGCWCGSAGG+EIB
+DQQnFiVFYXN5LVJTQSBHZW5lcmF0ZWQgU2VydmVyIENlcnRpZmljYXRlMB0GA1Ud
+DgQWBBRti1UO28ZY1d0bHy+6gQnQwDw2rDCB2wYDVR0jBIHTMIHQgBTF9OUo3n/o
+7JvzICYiUlEjKHRepKGBrKSBqTCBpjELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJl
+cmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsT
+EE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1BTlctVVJCMRQwEgYDVQQp
+EwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDd
+X6YWS5036TATBgNVHSUEDDAKBggrBgEFBQcDATALBgNVHQ8EBAMCBaAwEQYDVR0R
+BAowCIIGc2VydmVyMA0GCSqGSIb3DQEBCwUAA4ICAQB1Pvtvfi0YXz0JMWaydSXN
+vXIvYReHSvnUrBXyn3UN/ZAPtNaqedhqRIbiq148GyJ5UqPajEHFF7bjB3gEBh5L
+0M+WUEwHZ99bj3fpa3rEik/VgWm1AdZCNGm+1G1AOWJtSTH/t4aVMbGVUq6Ywvqe
+tB6QLo4pbukB54NWTUk/Ui60m6JyGxv9GaUDygHQlZ9W/U6g2FjDtPcfunkhq1ug
+Ndivpy5Bt6sb4WOI7fsr+E9JtbIHlJJZ3dvC1lP8Jz8LCSUXU3buYHfXtU5GQfCj
+zZxxFrTyxIUgQ+A3so37zoUHRPgNBaVbaIUxew4cfgP0E6EuPx8YcbQ2etbzulsy
+Z6oF0gD93E+eg8yBm+mtV3617FNjf35Z5wyYFOYrKsHe9zrDFItfOtMHbbthCVO5
+dxcwxZF6xJQ4CifCIICMA7SVHuGBfJnY3XmUroQvbzVqZz38OsTTd8qFXXq+Eumn
+yee/JYJpoAYYErDhhCuUtipIDJMZtc8JE3L/zJ7ktVb3tMiTbb0MDBtCNCxZeiHA
+PMtPT/MMKdBWBRpGWJMO00DjsZwEWITgzL0O+pkVCbDFUKofinD7LazGtnsATAer
+sAALLiwO4gyZy8GfnKFTlZzRXjGv7nm4ImIswd4M8X9uw8etdsELdAUTexqXkCcK
+4z+uSsLUBDAsu6z+APfo4Q==
+-----END CERTIFICATE-----
diff --git a/ANW-URB/openvpn/anwaeltinnen/keys/server.csr b/ANW-URB/openvpn/anwaeltinnen/keys/server.csr
new file mode 100644
index 0000000..73cb807
--- /dev/null
+++ b/ANW-URB/openvpn/anwaeltinnen/keys/server.csr
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIE8zCCAtsCAQAwga0xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMRswGQYDVQQDExJWUE4tQU5XLVVSQi1zZXJ2ZXIxFDASBgNVBCkT
+C1ZQTiBBTlctVVJCMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCCAiIw
+DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJr8C5Sfg+otzLNadInJsDLOOAfx
+H0cEoQyxucMv6DGpC9/KWRZfE0DCiVZHkLO42AaS364FcNfBlVecLdYqdyhAW4BF
+Tdx5AhgUl7eDJrU3q4W2oUo+h5zEDqtU4pnzEVJQiUBveeMSQF626ghTaGoheiQg
++YnB4FucPxaA8dbSbuWFAuZ5GCfSJvDjMJQN+XLQ+MYY0k2puGSrNYsbNV4PnCrU
+biM0+uI15X78bCw60XnPLKHF2qb56iZJdglA/Q3im4lHq85dpafs0xQVvrngZyV9
++g2K+LACkir2gPGs49VBEcJT5aWOKAO3drqUKFNS+litrdI9LbCylI11QqOXO+GJ
+GeD4RgR5F2tZfPqaCtpZG6L1u0UED/HVLntXue7VXPGIdRLWcx5q3JTgC+YLWh50
+6GUeChDvuIE6WD/+Ga8bzZOYcPUi6nrSMLENy3ZEFJ76GRsq02cfVYo5xV3XpGc7
+Me4ZTtBsfSYY5BSocPihFB3jficNrTg5eXpzlP2uxHBugqH2oLItVMxW1HZdNkAZ
+MqtYIx4OpbA/h3pZSvYtPApki6geVBI9NL8za3inDDjdeG/jl629yYlpUDrp/y4O
+k11zgCLhM+CmnpXM1qKTGTcPQJXBJ20cDVyEeynQqx1j/IfPdAHftJ+CayqOHMCd
+/8ck7vvDoVSYjLY/AgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAgEAhAQde2HMtUL6
+wObBMV3qUouJseC4mwlVyR0mMNqc5EPcs3otg6bpQ/buCZQ2gADXgfplU32/hbjx
+V3aTT74s2sFYI2dRUDIR9h8BZlTbqn52WmW2IA6RgAyllyamdX/dEplyHqymRtOD
+77+ZGRki3EHSBFX1JTLofFqWF452/60GTRuTmga0MH3yJDv6LWdUjUAA0sBOYTKA
+Iohd+a47VV02Vd73EF4r77AW8ASDhrRSMHhKdq+o2ebulbZRl6qGPtVomcq0TQWw
+rR5Ce47ckgv2SAXZ+KkYQpIVU3ThIzeSe0QgDxoHB5e0F6mjoOQkVZ0MKIhbzTfm
+7IgdDXt3Mn0hHQcP7QWhZB+DSAyjDD1/CRnHhgcWQW5i3/fPjlhCP4BLeCLLJUfP
+SJ84omiFuNUHZfZdcIagj9tKaA80DpKTBDtl8WT0olNk++c+Gd24JBucrxznMK1h
+xNBHJElHMBwRCiZPm2Ify+OU658PXwg/LRW5Q/vlSGtESKWGhPSn/PA9t3BN2ag5
+NzLaclmpjUOQk2qhy3fNjrW28MGl3fyeYrm04p3pGYyvOenQV5q57MfR8OiNxUpg
+6zdh0Or2T6fMOvwJFsJWZBCYOoTmMhjgHu4Bw0aIfkI4o4xEz6qvoUugAhvNx9g7
+UQd+f3P3C7My1z7h/axibCIBpjhlmaA=
+-----END CERTIFICATE REQUEST-----
diff --git a/ANW-URB/openvpn/anwaeltinnen/keys/server.key b/ANW-URB/openvpn/anwaeltinnen/keys/server.key
new file mode 100644
index 0000000..c1a4541
--- /dev/null
+++ b/ANW-URB/openvpn/anwaeltinnen/keys/server.key
@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQCa/AuUn4PqLcyz
+WnSJybAyzjgH8R9HBKEMsbnDL+gxqQvfylkWXxNAwolWR5CzuNgGkt+uBXDXwZVX
+nC3WKncoQFuARU3ceQIYFJe3gya1N6uFtqFKPoecxA6rVOKZ8xFSUIlAb3njEkBe
+tuoIU2hqIXokIPmJweBbnD8WgPHW0m7lhQLmeRgn0ibw4zCUDfly0PjGGNJNqbhk
+qzWLGzVeD5wq1G4jNPriNeV+/GwsOtF5zyyhxdqm+eomSXYJQP0N4puJR6vOXaWn
+7NMUFb654GclffoNiviwApIq9oDxrOPVQRHCU+WljigDt3a6lChTUvpYra3SPS2w
+spSNdUKjlzvhiRng+EYEeRdrWXz6mgraWRui9btFBA/x1S57V7nu1VzxiHUS1nMe
+atyU4AvmC1oedOhlHgoQ77iBOlg//hmvG82TmHD1Iup60jCxDct2RBSe+hkbKtNn
+H1WKOcVd16RnOzHuGU7QbH0mGOQUqHD4oRQd434nDa04OXl6c5T9rsRwboKh9qCy
+LVTMVtR2XTZAGTKrWCMeDqWwP4d6WUr2LTwKZIuoHlQSPTS/M2t4pww43Xhv45et
+vcmJaVA66f8uDpNdc4Ai4TPgpp6VzNaikxk3D0CVwSdtHA1chHsp0KsdY/yHz3QB
+37SfgmsqjhzAnf/HJO77w6FUmIy2PwIDAQABAoICACxZp+613wfqZ0ODxQmQ/6zq
+Ojp7k5m9B2Eckq36TZW4bD90Jh4yws2rXaWlARGM+bSX3w5rXClBqjzR4oQAzuxj
+zktcibVno2PEsM3A6Bi/f4PaCTm3vxLrP89jkRzA49oMVdpsjBKgrG7uJPaQ97Y3
+Mj6YeRAkvNE6WwtThuEUgsuHTpcpW/I5Pw970/DqNtHWXvpBLB0xTiTwoXfXJ2Rt
+TyEqfQHyLUECb1PxY/scMcmLsZfxiGpz5b9jEjX/tOp+SEf2jIGXZsoxCQ4cUuHa
+B2pBLIcnl5a2haFpvOhrsx7Zaf2UCIlhrq2xmHY343pEqoMp4C3jd+mykLQSNCku
+E9d0r+I8xTWR1Msrep7CfG1RDguC4IhqfNrRb0G3w0cKZOs+D3Dj+DUsFTr814Kb
+LqVB83rN6y+f5spQph8HmKCs9m3xKOvbcugIceO2meWGs8nvbL0PdyYdCMursqj8
+/nCZJVWUB5+Sweoo4JhmSF2sMSeQrsEdewF9wQuAEJT79j9SO2ub2MoF0XTrj7XY
+1UsFmVJD2SqGrnwLwdz3owGNc1MM56873ApjGdHPDxCLHVJD2+Hc9zYtDw2D5DWW
+uHd2ofojOB4B01XvtwmdlseKRn10liTdBs/pfuQmhxtGmlgH7kBHD2pFxe53RRrH
+T7ytXCLNTVkDS3YChk/xAoIBAQDN2yt3lRaC8XDDeACArTfCl5NaejjmDE+HHZkU
+J34mTN2x3q8Fe0vkxEonskJe3zvs52cYGRridYaqTkfzjagUF7J8jfQYsp7BbuKn
+ZtVrVhETl3NAXgZGcM9zzf55QbgeuKMtG3LxyQMOMeXx9A5gXblDuBYcPJn2es5F
+7xPA+4dccxHMsSIAZVoQ+HwSxZYDDWO8Qfnnv/ZLOD1RtEZCqauqlxGMMz1lSqCq
+XfHwhRy1/G1MQ2+hVMHTMQUo47qLAC+GbA5k9pZyQtRbSGRCWV0gA9BkbTQK6dVx
+XIQXTxEm3C3tuB5O83rYY8y7cZBEoHRMGpgxPiUKgvVErR1bAoIBAQDAvJy53V6V
+cZfYUS/Rm2UTTgqqt2k6ynXltb+QpjEa+J4t5TdcCQ14Xst3r8gPn5vNyMoxJUb9
+/Vqyv8gYSsZ3RFn4H/8Ou8jZIcgdxF5KLEgpEo1kMCQYjd67TAU76NebD8f99DVo
+z1QsuPzKRKrB05Ui5ahBQlh6iwTmicGRJ6FzD+J9Fq6u/5yZrbbuMDgB/Vhg6+PZ
+Aw0erjJU+AW9B29AQ5xDyp1KSYrrpVj5nMnvLgaTVaEalCA/mARxirQJ9ARN+6vq
+/PW0yT8kM4fUlBRSKIroefqboG+cuqa4NIH3dQZrEe4VkaB76jI7XUcDiKNlBaRT
+bssxgkaQ4uvtAoIBADR2TKeXKTuJyJEoPgiNHI7NDlKan3GRZZsrod2PCwk7wawY
+8kXVXEwa8kMXnO6MubrwZkev7jgUd5Nji9a4HUOxnl072B+LNgZZ+g1rmaxXLNbv
+XAHldHfzPAtpThcc9o1txLg0LKEN92dgtBdreVZ5zEND4O6lSx+TwIn2GfSupZqc
+AMdHxUCQk9mLWiN2k3qHqQlLTyMOuvgEhywRY26NyyAYi/JNBLKRyExi0MvZQK3o
+fPpYnVRiQ1tNPOFk2B+glnwNgcWdSk4oVfJFireWCrOkBTHy2raFTU4so8VE8zwS
+FOpmZ+L7Di2jkYObt4al1b2ncW3rRoldQqCT9c0CggEAR7RkIooHLFYshd/+iF7l
+xb7dHRJLZgH4xtNNR8Vss3oXbz+9ztHXXxb1X7vYFGfvESpIfuw9czUUzzeme9Ml
+7y1Qw40z2Qln+dAloV1zLuk2l4E9dS6r3y641Lm9oMJJpHjEkOiQDkRELrdL5PyT
+ArVy4J7McCr8u+qIkjRh/VzfJe2c96i+qICUhGAqlIb/702P2c8o343RDb8FHrN/
+fwoLC7+bnWT+C6s8sdq8NXFtdzyKWboby8WcEcy+qndN7/4Gs/STy0L9LptIkHFT
+cXT98mr+8uqen9OacpbGe/Wc/LFfB+qNxxx8tl00/vz+9IObNnRY5Glt0yeClVi3
+KQKCAQAaAfcMO79R5UKLFMPvHjlYJxQ/2NvIAkS6v9Skd0j1HU2Cw8PQBE8PsRLn
+QrkKFIPZm/nqZpHz5d/HFgxfuP0XOhJEsTNZFyjySQIpIWp++r6pzOkJWp7OeXsw
+Nu7vHLc4y/Esjh/wZ7qdzHakNoOpMyG0NsE3HYGWGDcITndfPiQrPIO/jk9TtEh4
+WdzR0nybx9fx5piKkr6A2DnRonMvROn+v9Qn6hIDwXRNffJ1Ouu1PlO36hlJvb/4
+kDvtsLsDCb5uoX1cZ5sKNDKpakzOMwU53qBsHK5zgJn1iXKokLbnmP36cpMj0a5o
+ZD9M+HEJBhESvgoDaP6Xr7lSxwKd
+-----END PRIVATE KEY-----
diff --git a/ANW-URB/openvpn/anwaeltinnen/keys/ta.key b/ANW-URB/openvpn/anwaeltinnen/keys/ta.key
new file mode 100644
index 0000000..a1659f5
--- /dev/null
+++ b/ANW-URB/openvpn/anwaeltinnen/keys/ta.key
@@ -0,0 +1,21 @@
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+b5fff06e622a9b746f5f7496e4995abb
+cdb1504b21d4f6937f4f455358831fa9
+d9e6c2ff64229b53be1f5ee86865cd9b
+6076ee9a55c4ec534d52ee6715b4bdee
+993eab28f394fbb3843b6c4e4e2c71a8
+75b2bf33e58457ad6d8e35c6adeafe13
+ffc25ce4c6b7883311f40e6040e3a89d
+7442612f008190286768cad399da95c7
+1ada651b830a9ce00ed0c7397eb8d25e
+efdac1ea41e70ab1c466d8e2a7d5ea61
+6dc519f0561ffe874dd731da4de6b5e0
+16d445c20133139d775e8eb4287a8a15
+9f01cf7d7fa91ad6ec7c5fb876ccd181
+0c100ac5dfd28f9bfe2fcc02c84f9d95
+5c94571f02a6b9032f8f7fff07c29c9c
+4cfbf4bcb2dd45e9659506e1b5c5b745
+-----END OpenVPN Static key V1-----
diff --git a/ANW-URB/openvpn/anwaeltinnen/keys/undine.crt b/ANW-URB/openvpn/anwaeltinnen/keys/undine.crt
new file mode 100644
index 0000000..a4c914a
--- /dev/null
+++ b/ANW-URB/openvpn/anwaeltinnen/keys/undine.crt
@@ -0,0 +1,139 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 3 (0x3)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-ANW-URB/name=VPN ANW-URB/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Jul  1 12:18:17 2018 GMT
+            Not After : Jul  1 12:18:17 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-ANW-URB-undine/name=VPN ANW-URB/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:d7:e8:b3:67:8c:3f:70:c2:88:4e:cb:11:6c:c3:
+                    35:77:f3:ce:5b:71:ef:64:df:4c:fe:d6:2e:25:7d:
+                    52:d1:f5:0f:17:73:4b:f6:ef:d6:65:e7:a1:d8:7e:
+                    43:36:fd:f6:06:74:db:14:52:4f:d6:4c:be:c0:f0:
+                    6d:bc:38:b1:0e:f3:a4:49:83:d3:50:a7:69:d2:5c:
+                    2c:16:db:ad:cc:c7:f3:9c:d5:90:91:c7:ad:69:db:
+                    3e:2e:bb:9a:82:67:7f:4d:f4:c9:88:08:a0:42:8a:
+                    3d:4b:b0:a9:88:cc:02:b6:0e:24:0c:6a:64:a5:b4:
+                    d9:c7:bd:03:10:a5:3a:fd:17:e1:32:82:f1:fb:cc:
+                    67:4b:48:5b:41:af:01:b5:58:fb:31:22:15:84:2f:
+                    e4:5b:05:7a:f9:1b:8d:d9:73:18:ed:2d:41:07:1d:
+                    12:d4:14:25:92:9b:8f:48:39:0c:4c:43:54:aa:20:
+                    da:f5:36:4a:d7:ce:a4:5a:68:03:f2:a8:f6:ad:70:
+                    f1:34:03:ec:36:74:e9:76:2f:56:d7:37:02:a1:00:
+                    3b:90:69:3d:a6:09:1c:95:ed:a3:a3:02:04:fb:8c:
+                    e7:b3:db:9f:ff:a8:10:8c:a1:f0:29:54:fd:3d:35:
+                    21:4d:85:c2:41:cb:e8:07:d2:ce:d2:59:f8:0b:77:
+                    a1:f9:47:7c:37:bd:04:a4:be:2a:97:2b:c9:e0:12:
+                    79:7c:89:be:84:f0:ab:43:b2:f0:c3:57:a4:b9:6e:
+                    ae:85:7f:3d:41:20:82:d0:d5:d6:b1:27:07:86:28:
+                    a6:1f:d8:31:c3:59:46:1d:c2:5e:93:ad:1d:2f:bb:
+                    2e:11:a2:bb:59:45:75:b9:b7:df:0a:21:d2:f4:82:
+                    8a:77:6d:17:9a:98:d7:89:0a:69:c7:f6:2b:ec:c9:
+                    d5:c9:33:18:bf:38:58:b4:f8:c6:00:57:65:6f:f0:
+                    a1:e5:35:bc:f0:10:81:bd:73:4c:78:48:3f:71:eb:
+                    96:62:e3:03:44:a2:19:41:7e:90:fc:b2:a0:72:b8:
+                    28:6a:83:66:bb:48:75:d8:56:d1:f3:c7:01:a2:b7:
+                    55:e6:b9:76:a9:3d:6a:bd:ec:d3:2c:e0:bd:cf:07:
+                    de:02:6d:f2:3c:41:60:21:f2:2d:b4:85:5b:11:a2:
+                    cb:72:b4:c1:80:3b:46:f0:81:92:c4:42:6f:0b:85:
+                    c4:e6:57:82:fa:ac:0a:8d:de:0e:e5:ae:17:e4:f6:
+                    d4:60:68:b4:59:b4:ad:8d:00:d2:34:80:7d:aa:33:
+                    96:53:bf:fb:54:42:2b:50:63:af:b2:e2:f8:ba:7a:
+                    12:18:b9:d5:81:4b:67:b6:d2:c4:dc:8a:9c:ee:1e:
+                    e6:3c:5b
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                DB:7A:22:8D:C1:62:E0:D2:E4:FE:5F:7D:E0:4E:B5:39:DB:9F:98:E9
+            X509v3 Authority Key Identifier: 
+                keyid:C5:F4:E5:28:DE:7F:E8:EC:9B:F3:20:26:22:52:51:23:28:74:5E:A4
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-ANW-URB/name=VPN ANW-URB/emailAddress=argus@oopen.de
+                serial:DD:5F:A6:16:4B:9D:37:E9
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:undine
+    Signature Algorithm: sha256WithRSAEncryption
+         38:9f:46:d6:9f:8d:19:bd:a6:76:49:58:da:96:bf:32:61:ec:
+         1c:06:2d:c0:56:15:38:c4:f9:1e:c7:16:ca:68:a7:5f:c1:8b:
+         86:7b:9c:03:e6:47:2c:b6:ac:9e:0c:87:50:b9:f4:4d:9b:74:
+         1c:bc:d3:6d:c9:94:d9:2c:2a:17:36:0b:39:77:c1:6d:3d:25:
+         22:fa:cf:2e:b1:30:11:a1:6a:6a:25:af:b8:31:13:f9:32:c1:
+         51:48:97:ac:8c:2e:8d:44:a5:16:ff:5b:a9:df:ae:fe:5e:0b:
+         8a:6f:89:b7:3e:7f:cb:ae:5a:98:1c:e5:00:72:d6:ff:15:c5:
+         7d:3a:bc:ca:b1:e4:0f:f3:1b:f1:b8:22:c9:db:3b:13:fd:75:
+         3f:03:84:83:a2:65:4f:e6:7b:ba:2f:26:e1:b2:7e:69:55:90:
+         e2:66:2a:12:1c:05:42:58:29:bb:e3:e0:1c:6e:3e:9a:bc:39:
+         3f:d6:fd:e7:55:fb:7f:67:de:99:4d:26:43:39:39:24:b5:da:
+         14:e9:c0:df:1c:7b:93:55:07:14:d4:db:de:ef:90:59:79:95:
+         c5:07:72:d4:ca:23:5a:dd:6e:9e:6b:47:4f:01:20:69:d2:fa:
+         76:af:83:47:3a:32:ed:00:04:e9:ea:cd:55:7a:4e:c6:5f:b4:
+         11:aa:49:c9:d5:b3:db:7d:8e:9b:e6:1f:ad:6b:c1:4b:47:08:
+         3a:55:6e:74:a9:42:8b:f1:02:1c:96:c2:c6:73:d7:45:85:40:
+         46:08:05:bc:9b:19:14:2e:8d:29:0c:b2:24:a2:ca:62:12:58:
+         6d:7e:1f:b8:fe:c2:5c:27:b7:cb:46:a9:07:c6:c0:ef:7a:e9:
+         59:c0:c8:e0:08:2b:f5:59:dd:b5:88:df:e1:52:d6:bd:05:d5:
+         d4:f0:5c:2d:8d:1d:f7:44:1d:8f:7a:d8:ea:72:b1:48:10:d8:
+         63:1a:b2:55:18:18:c2:0f:da:2c:35:36:cc:70:cb:7e:31:67:
+         a5:d2:6a:e0:85:72:e0:14:2b:50:fa:52:85:58:7c:e0:c2:31:
+         b7:a7:df:25:8b:55:4f:b6:48:f2:66:66:0d:11:50:d8:4d:86:
+         00:e0:ec:3e:ec:39:0f:16:70:76:c2:86:69:e8:34:26:ba:d5:
+         fc:af:6b:fa:e1:e1:29:61:11:ab:9f:e1:e1:0e:dc:ef:58:31:
+         58:00:5b:93:53:bf:b1:60:d0:b0:3d:53:e8:be:fd:8b:50:f5:
+         61:dc:99:4f:17:6a:5d:32:62:0c:ab:22:77:94:ad:f6:4c:51:
+         a0:03:d7:03:fe:ce:85:bf:eb:0c:24:5c:1d:1f:28:10:9f:bc:
+         13:86:b4:c4:9d:12:54:2c
+-----BEGIN CERTIFICATE-----
+MIIHQjCCBSqgAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1BTlct
+VVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
+b29wZW4uZGUwHhcNMTgwNzAxMTIxODE3WhcNMzgwNzAxMTIxODE3WjCBrTELMAkG
+A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
+VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGzAZBgNVBAMT
+ElZQTi1BTlctVVJCLXVuZGluZTEUMBIGA1UEKRMLVlBOIEFOVy1VUkIxHTAbBgkq
+hkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
+MIICCgKCAgEA1+izZ4w/cMKITssRbMM1d/POW3HvZN9M/tYuJX1S0fUPF3NL9u/W
+Zeeh2H5DNv32BnTbFFJP1ky+wPBtvDixDvOkSYPTUKdp0lwsFtutzMfznNWQkcet
+ads+Lruagmd/TfTJiAigQoo9S7CpiMwCtg4kDGpkpbTZx70DEKU6/RfhMoLx+8xn
+S0hbQa8BtVj7MSIVhC/kWwV6+RuN2XMY7S1BBx0S1BQlkpuPSDkMTENUqiDa9TZK
+186kWmgD8qj2rXDxNAPsNnTpdi9W1zcCoQA7kGk9pgkcle2jowIE+4zns9uf/6gQ
+jKHwKVT9PTUhTYXCQcvoB9LO0ln4C3eh+Ud8N70EpL4qlyvJ4BJ5fIm+hPCrQ7Lw
+w1ekuW6uhX89QSCC0NXWsScHhiimH9gxw1lGHcJek60dL7suEaK7WUV1ubffCiHS
+9IKKd20XmpjXiQppx/Yr7MnVyTMYvzhYtPjGAFdlb/Ch5TW88BCBvXNMeEg/ceuW
+YuMDRKIZQX6Q/LKgcrgoaoNmu0h12FbR88cBordV5rl2qT1qvezTLOC9zwfeAm3y
+PEFgIfIttIVbEaLLcrTBgDtG8IGSxEJvC4XE5leC+qwKjd4O5a4X5PbUYGi0WbSt
+jQDSNIB9qjOWU7/7VEIrUGOvsuL4unoSGLnVgUtnttLE3Iqc7h7mPFsCAwEAAaOC
+AXAwggFsMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVy
+YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU23oijcFi4NLk/l994E61OdufmOkw
+gdsGA1UdIwSB0zCB0IAUxfTlKN5/6Oyb8yAmIlJRIyh0XqShgaykgakwgaYxCzAJ
+BgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0G
+A1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRQwEgYDVQQD
+EwtWUE4tQU5XLVVSQjEUMBIGA1UEKRMLVlBOIEFOVy1VUkIxHTAbBgkqhkiG9w0B
+CQEWDmFyZ3VzQG9vcGVuLmRlggkA3V+mFkudN+kwEwYDVR0lBAwwCgYIKwYBBQUH
+AwIwCwYDVR0PBAQDAgeAMBEGA1UdEQQKMAiCBnVuZGluZTANBgkqhkiG9w0BAQsF
+AAOCAgEAOJ9G1p+NGb2mdklY2pa/MmHsHAYtwFYVOMT5HscWyminX8GLhnucA+ZH
+LLasngyHULn0TZt0HLzTbcmU2SwqFzYLOXfBbT0lIvrPLrEwEaFqaiWvuDET+TLB
+UUiXrIwujUSlFv9bqd+u/l4Lim+Jtz5/y65amBzlAHLW/xXFfTq8yrHkD/Mb8bgi
+yds7E/11PwOEg6JlT+Z7ui8m4bJ+aVWQ4mYqEhwFQlgpu+PgHG4+mrw5P9b951X7
+f2femU0mQzk5JLXaFOnA3xx7k1UHFNTb3u+QWXmVxQdy1MojWt1unmtHTwEgadL6
+dq+DRzoy7QAE6erNVXpOxl+0EapJydWz232Om+YfrWvBS0cIOlVudKlCi/ECHJbC
+xnPXRYVARggFvJsZFC6NKQyyJKLKYhJYbX4fuP7CXCe3y0apB8bA73rpWcDI4Agr
+9VndtYjf4VLWvQXV1PBcLY0d90Qdj3rY6nKxSBDYYxqyVRgYwg/aLDU2zHDLfjFn
+pdJq4IVy4BQrUPpShVh84MIxt6ffJYtVT7ZI8mZmDRFQ2E2GAODsPuw5DxZwdsKG
+aeg0JrrV/K9r+uHhKWERq5/h4Q7c71gxWABbk1O/sWDQsD1T6L79i1D1YdyZTxdq
+XTJiDKsid5St9kxRoAPXA/7Ohb/rDCRcHR8oEJ+8E4a0xJ0SVCw=
+-----END CERTIFICATE-----
diff --git a/ANW-URB/openvpn/anwaeltinnen/keys/undine.csr b/ANW-URB/openvpn/anwaeltinnen/keys/undine.csr
new file mode 100644
index 0000000..c910e15
--- /dev/null
+++ b/ANW-URB/openvpn/anwaeltinnen/keys/undine.csr
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIE8zCCAtsCAQAwga0xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMRswGQYDVQQDExJWUE4tQU5XLVVSQi11bmRpbmUxFDASBgNVBCkT
+C1ZQTiBBTlctVVJCMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCCAiIw
+DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANfos2eMP3DCiE7LEWzDNXfzzltx
+72TfTP7WLiV9UtH1DxdzS/bv1mXnodh+Qzb99gZ02xRST9ZMvsDwbbw4sQ7zpEmD
+01CnadJcLBbbrczH85zVkJHHrWnbPi67moJnf030yYgIoEKKPUuwqYjMArYOJAxq
+ZKW02ce9AxClOv0X4TKC8fvMZ0tIW0GvAbVY+zEiFYQv5FsFevkbjdlzGO0tQQcd
+EtQUJZKbj0g5DExDVKog2vU2StfOpFpoA/Ko9q1w8TQD7DZ06XYvVtc3AqEAO5Bp
+PaYJHJXto6MCBPuM57Pbn/+oEIyh8ClU/T01IU2FwkHL6AfSztJZ+At3oflHfDe9
+BKS+KpcryeASeXyJvoTwq0Oy8MNXpLluroV/PUEggtDV1rEnB4Yoph/YMcNZRh3C
+XpOtHS+7LhGiu1lFdbm33woh0vSCindtF5qY14kKacf2K+zJ1ckzGL84WLT4xgBX
+ZW/woeU1vPAQgb1zTHhIP3HrlmLjA0SiGUF+kPyyoHK4KGqDZrtIddhW0fPHAaK3
+Vea5dqk9ar3s0yzgvc8H3gJt8jxBYCHyLbSFWxGiy3K0wYA7RvCBksRCbwuFxOZX
+gvqsCo3eDuWuF+T21GBotFm0rY0A0jSAfaozllO/+1RCK1Bjr7Li+Lp6Ehi51YFL
+Z7bSxNyKnO4e5jxbAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAgEAJ0Hktze0RTOc
+DKWmnmFGL3LCwymcob8TsW6e33vr5zEIBt3VooOvNeFMuwfL6JIISlVilzSnH1K/
+wxBNv6PGiGhNiUSIE8w+XlwtTSAhe4lkENbR6GnHi2N6sh2f33mBL1XbpX149OQt
+xLr6Ywdq9kvj72KqYoOUm5HiWM4Rw2nhlJFthtWIoWQlPSyNM4XXsexP30c/dOGZ
+pNWgNLKnbDO9FZ3LEDVvWg90fYqXGuHcNix9JtwyeW5haWE2PNRkVa11jzG4kU/F
+Q26F1XT6yixMikwSq1sLaNIgwx4ULG3a3dCpUW0j19UhLjTu3bJ5xwGg0b0k87t3
+TvlVMRPlRTHrgbAMCPxjVhWIa4ydTGytHYJUx4cfLsoWy5VHmJpSDl+/YbDJ2Xu0
+As9/wCunCpXRMrtEpk7UJ+vy+8bh530oV72c5jdPs5eeXJVrLi+HfSA+por07vYX
+32CHUsXTK167blmgsRHyU+plraq/iftfpZ+rxUfmCnPqzHXu9oApPLWM/ccXnttu
+tEz80YCN6Dww+WD+08xC9Fal+cy4o4uKUKCv5Gqv+mJDrd89mfloYJgptnqIDVRL
+K3nx3wMVLNgGeh9pLBD29yXxAswoFB2gdBAgykK7PMeM5u3ONFO8DEQxoWdY5S19
+akU4JQm/ZAORROntImddUr32iXGUMAc=
+-----END CERTIFICATE REQUEST-----
diff --git a/ANW-URB/openvpn/anwaeltinnen/keys/undine.key b/ANW-URB/openvpn/anwaeltinnen/keys/undine.key
new file mode 100644
index 0000000..1ce4498
--- /dev/null
+++ b/ANW-URB/openvpn/anwaeltinnen/keys/undine.key
@@ -0,0 +1,54 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJjjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIBY2tP0fElaECAggA
+MBQGCCqGSIb3DQMHBAh7JbT/FCqcYQSCCUgqNTx9aaElX8D0drs3YD6CNzNIyCKj
+SvKpLe4PVMdtBJIwPG6SLdsI+rXyo0l27MJSnb0/6LOySVxXKHzherGq5PcaJym3
+DU9cRA89zIM4wK3mTaGps8CWS7uaG1nRxKlvBD+5JA4HNMpQ9ALvUEnyjD1xpZXo
+eJCirMUPL5SswUYmagIzAfVvqPNNEYlA0ljL3phtA9dR2S/E/YmuUPFc1raV/wG8
+eRUC9oZy9zZUjNm9LT5F5cM7C0rwhUbcFviIi/EFaZEYqkR23iwDl7BhM3ULBLED
+0qLGIHDFPnkF3rXiuvLEykr+bMUdzxiq3Yqz9kEG3RTBdjtKXplg1fJSqD2dbUiA
+bSI9BU0o9+J0TdtpofDr+LAjWENsUJQ98EtdSNweaINt0q4CLiJ1ckQ61/Oz2IN7
+hkE0e4eVWMb28vyVo17QhwRPxpe6SwFlfqM7i+G5nUqhzHpEYvAh4IO9aPWW9NCo
+W/miI/7z5pM/+gvhfOco1JCaebpn6HdXlPhM/osuyffGE7XDnIKzSm8ucA8VmmIh
+g7G9J6N1N54uqXwTBFZ1FMuHhtHNVN2yLOrwmlQeUItMREUgXHdoAfKqA4OC500Q
+tCfR9cFEzyfRGgs56THpIv1YxsshNW7tfVQhOuQNBulrPJBceAq5JtfyVlV+EWo+
+iaQ+l2WQhAV1VtLqq2tRrTX5949Tsj+sW9DsZ4LNGNlAOPh8x3WeJNCaCFIX6lcj
+ltECknZEdzYPAxQAOvnNsCMI23Ak4Si+SkxWearZ1NXepLxqYQH2bmhIeayjjfBz
+66uElG2WmhfQ2vxAVWh52paVDHAFDV92UG2H68dLaIDzJasvRZ1Lihx9ncDgx4uN
+v7yGnXzq0rdWfiidYJS8AMpB46Pyh8/HWolW21vyzsr+OaxAaOOllcf5x8JtBcpi
+2MKCUXq/AfgCYv8PSUdam4amFhBxR2C27PnFUxyrBTqgWsJtXffOBoN/okvwEDr2
+cJb7Urk78VZP+QsgzwMsRsMJw0wRh4wFxFMAp+iNuSH1IWoKte04fMLrAX/J34pJ
+0xUpyngX/Wbp2lkffhQwtM+hagLMV233sYmOAo0hHH9LhL/RFAQw1Ls/X+Y3caSU
+oD4KSBReQG60xYX2S0DaK2WSvN1mPJYraxuWwmnLsX5mhk4Uk8n1ObOvx7paTQI1
+KlC3lQU+e8bAhnbYFjIHvNbLdWtYsF7vQqRwTnX4ePm34PHjq9ZWHkY7RS21DQ6b
+Wg2SMzHrsbnnL1YdcIXgkw74dfDBM3n2lZPmdnKPeDZYxHbrm50ZuBEr0FH3+rfb
+OJEx/mIUg/Pul2ikFAsFJ22kqtmhZLn2iy6V2ECJKfdlrXwYTC8GtyEcSHRyCihg
+8rpuMJrPmP0RltAEHrahOHtVkoOgUnGgPU7NXFHd4Y4DYYmsIbjFr13skPgPpJS3
+yzB0gsQxTh7iw4y7XVYkt0LycorCvS/GR5tXt51EkOqWvrH4qVBglbdnxxQfeMC1
+wRgkL8G2jjPYNySBc2Xdp8gyt/uBy/uRVpSFWsiuKyVcr6685kY6Sy+K8hqvAvNv
+WkOkGpW1CQJh5uxcgdd0H50tFZHJ8TXWibbXKY+0Mn2HeML+J8dRPHDFcQUOYgmz
+gd4ASzl0lGp3huWvSWMGgJHqCT0G9hRf6j/sFJRqpUBPXc0Jp3yf+TjWlMa0c0ld
+8XStDL3bE5tq7zixreIIYlXPZIoKa8OWz+/1GVXgA2Z0FPr1dvy8hgNuC+Iy1DIZ
+wbRp/SA78JOfvp45XnFwqkBpB3PCU0810++r9jTHJmkynmgZXfJv9Qcs8KLNEgAm
+4WtCuuc4KVtlJ9e5ycdv/w0h/keYN6gVL1naLBIU4aT3YWU/g8Z/6cT6/daHZK5B
+xpW6tIco+UA8JOh1MeLWR0nU5HGwFGVn78W32wgAhRNoXfJl//+2bQSy3fYQwSvN
+ZpUNLjblZZ+P7KR95BV1yw2BmhaFIgl4NMLEWOSBD45hnuTdGVMogLb+mjROzWyg
+mRWngVRCCauBkptDHbSjxFtCzcwZ8HfYKl/QHVFzmGlkTf/yJ40EtpWbmjjiE6D1
+chkulZUt0HjR4hChJ+fsUAjHt85YXFibwpP4lwkLWReexZZVgPkVfg5iXWU+7h+m
++5kunxOx/XspEbRzueBrLyrUE3+t9aCCboOFar7JQPy3vAN06+Eb+xBpJWgGb1ah
+RwXFhDFmdj6OXASxOKxQraKYy6/IeWlI0LprOqwmv8A+RF16CWaqDGV0Ow9tU2ui
+mo4JInITTKFJUgzhlvzk7AMkQngJPcCYcnfxkhthCS2F6zjI0q1C6y3x6rnYHSiA
+/u4qiZ0VY3id9R9kgyKdlddG0Rlw8U1x3tO3ZYedQsEcSHb9fFy5mh/3LDs6qhMp
+3Lt7ezyt8JfmPDnXG5VJ+clAasdy/z7cILXuq6SLeNJZc3pFSLXMkejW4uRzgMGf
+BVLwGYMA33RKPdDzBAjbxEF3nbR3CoEDbmxTyyxczM8N0bMQHHgu200QBn8v9pKj
+CZy3fxTm8faNqZAqYOBP9iyc5NUhcGt7yfwPP8DiQDNfrngzNazAP64MfI1zzUxb
+lKTiLqjH+FsrxuG6zFtX3Rg+GbjFz0uOFrk/WraJhE52k4DYQsHeYQDa4f8xOQA+
+MJhSqEqRwP6KLKMrTBb+o7NYTyjM++8Q6/wiTbzp3dFfo/wju1NccUUjfQwd2QaP
+KUQyXw4sIv+s1jBaPuw48XwZa3ETLAYWGSdz0dLoS8jWsiiM0oTor8lF4cluQAAa
+MBaeFL7TpI6FwK9Si0XV5o/BDsumsx38ecnvWvSjB9BrmUXz9TEfVTFqgLN91Ohj
+Eh3247DqWbQw9n1WF5cM85xuLFYVI+i+XBMZouqPOZih0nHnjyUndKaYSQLvcY4S
+mnwNIY7N+LspPVsRCAg/ElRZc32HemCzID5oYjlfKpjt+pw5XylK63UXSw//jq78
+2d9O103xb8AyQhLO5G+7VXia/68BiLQzSm5AoKqPERSmqalVRRtg5BQ4Ewe+o354
++ZD4dGiazIpG8j7HqN13k8Wzm9kOWZm97m64cNc+nhvdPPkoHyjWtSFoyVDlABT/
+Qc9NJLBa4TofNOLZMeQNqGtHjXTdmrwxxe7MJaXGhUUB3zKhPoJyooLECLYUAPmA
+T1U=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/ANW-URB/openvpn/gw-ckubu/ccd/server-gw-ckubu/VPN-ANW-URB-gw-ckubu b/ANW-URB/openvpn/gw-ckubu/ccd/server-gw-ckubu/VPN-ANW-URB-gw-ckubu
new file mode 100644
index 0000000..d5bf6f6
--- /dev/null
+++ b/ANW-URB/openvpn/gw-ckubu/ccd/server-gw-ckubu/VPN-ANW-URB-gw-ckubu
@@ -0,0 +1,6 @@
+ifconfig-push 10.1.132.2 255.255.255.0
+push "route 192.168.132.0 255.255.255.0 10.1.132.1"
+push "route 192.168.133.0 255.255.255.0 10.1.132.1"
+push "route 172.16.132.0 255.255.255.0 10.1.132.1"
+iroute 192.168.63.0 255.255.255.0
+iroute 192.168.64.0 255.255.255.0
diff --git a/ANW-URB/openvpn/gw-ckubu/client-configs/gw-ckubu.conf b/ANW-URB/openvpn/gw-ckubu/client-configs/gw-ckubu.conf
new file mode 100644
index 0000000..de2c07a
--- /dev/null
+++ b/ANW-URB/openvpn/gw-ckubu/client-configs/gw-ckubu.conf
@@ -0,0 +1,270 @@
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server.     #
+#                                            #
+# This configuration can be used by multiple #
+# clients, however each client should have   #
+# its own cert and key files.                #
+#                                            #
+# On Windows, you might want to rename this  #
+# file so it has a .ovpn extension           #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Are we connecting to a TCP or
+# UDP server?  Use the same setting as
+# on the server
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote gw-urban.oopen.de 1195
+
+topology subnet
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server.  Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# Server CA
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIG5DCCBMygAwIBAgIJALp/KJ1jL7feMA0GCSqGSIb3DQEBCwUAMIGmMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEUMBIGA1UEAxML
+VlBOLUFOVy1VUkIxFDASBgNVBCkTC1ZQTiBBTlctVVJCMR0wGwYJKoZIhvcNAQkB
+Fg5hcmd1c0Bvb3Blbi5kZTAgFw0xODA3MDExMjAxMTBaGA8yMDUwMDcwMTEyMDEx
+MFowgaYxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJl
+cmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2Vz
+MRQwEgYDVQQDEwtWUE4tQU5XLVVSQjEUMBIGA1UEKRMLVlBOIEFOVy1VUkIxHTAb
+BgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOC
+Ag8AMIICCgKCAgEAwqxYiLmI2l30o0GJ0tFrt8G8pHrhuIUbgmaKpv+nvkDVZlYi
+x7e36iGcswVwFrCRMkDSZk3assH95zr+psTDDpcsLeXg6t/P8m4Fa+nRpGAnJiRG
+kC5C1gi6mzQq2exkyK/N8uEN1i1uRSm6bg5SYoY2kYid9t2wzkvw/oRpee3orrGX
+T0L0V7gQsBXRQMPkDdcsXiS6yMC/BiucNZ7aTNm0ZFJW/FrtFK2fq+zhfKMffe0q
+ZEBC9kpJvo12u1TVE6udnBqEa7SdDTgZdIJt2bWeI700WQd/wbxX2+pn+mMvzwnz
+ArIkMkAEg8XKRvvyTTZFXgLjNie03mfT3Rhdaren7SW0Y9ZP5f9RWiqaUVPwbc4L
+Y0rHuxDOn26GM5lcMUcDH5mqhe/7jOeGFNWNjvMzfwud1lGNVWjM9RLLhvQnZmJn
+RCuCiP4egh9eZ537XYvnf9tEfZibeDZQbeJ+RXHfcPb4QZbTXfyah8A6tw4SN3DY
+BA5S0f/5RJ58K/HqUk63zTMLDTQ5xxnh9H6t0dj0d1hKZdBGJ4J+h94aSBWd1yDj
+0ihEtuMlkmXlb6WuMCu7WfVjveq+Y0cbyP7j8Eydr4mKNUGSLSr36OxBaaj84MqN
+/SxgR/WC6cd2sIfI2arqBfs6Ofh6SnwY7QthrolPGBkVltemHIFOXNPRFakCAwEA
+AaOCAQ8wggELMB0GA1UdDgQWBBSDzgWqdk1v9fZT1ZAGuJmamsq/yjCB2wYDVR0j
+BIHTMIHQgBSDzgWqdk1v9fZT1ZAGuJmamsq/yqGBrKSBqTCBpjELMAkGA1UEBhMC
+REUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZv
+Lm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1B
+TlctVVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJn
+dXNAb29wZW4uZGWCCQC6fyidYy+33jAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEB
+CwUAA4ICAQCpZ/wJ4P99jqlzsvxt/xr9vmaseN40KRUiVhNMI4NArL6cxNw++MX/
+yYIw4lk4BtBtMxidcgBnubtck5wuCeLco4HBYnXcLOJT6kJkZQ7ruM9Q5gwaYZFq
+HWNJFDQhMO8x1sbf7QzENmg9UsZu+9ugA+MZ30gnWBLWW4BfB6YuHQkRmE/i9gYn
+AGwiokUCem4hKUiN+K4rOmPFgtJN5rY9Tv0cu4dvY93lz+e9kvBj2qHTydTBvLM5
+YdxuZ5YN4dLEvpI+PIlJCS78Z5fISake3oQliy7sTs77cYihQ4AgWTo4JO/sX6Z0
+VyV0Y8qGkMhcWJ9p/6y4XpatBIDmzuvauRUFR8U6qLknWDgFpEeppqUOU43y1Kmq
+brVBRFjqfiJfYSOOr6lUkiJkLOHNAbHsNrtQLFnr4PHsegIwPLC4hRjmZjlrkUiW
+GV/+QUeNahFkZ6PhaELXAzmwi2oDkoszssMIXbwgtzq0T8svlJXZUEfzY+O/tVOB
+uQ7qgA2fKzGI1/F0Qzm5TV/bxhP8IzHPUiEWHaQbJkTzUW8oe9l63KxtEysw99to
+mgxxeMVvxuRxswkp77j/he8B95VHIvYBtVzTRPLfXwhSSeGgZsriqORXqhInNGi8
++yEXH4slS8QSBi7fLkgk7Fkl4HLNSUqstdOyJuMPr9yfgTg4Mhb16g==
+-----END CERTIFICATE-----
+</ca>
+
+# Client Certificate
+<cert>
+-----BEGIN CERTIFICATE-----
+MIIHRjCCBS6gAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1BTlct
+VVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
+b29wZW4uZGUwHhcNMTgwNzAxMTIxOTU5WhcNMzgwNzAxMTIxOTU5WjCBrzELMAkG
+A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
+VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxHTAbBgNVBAMT
+FFZQTi1BTlctVVJCLWd3LWNrdWJ1MRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsG
+CSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4IC
+DwAwggIKAoICAQDP0fPI9wEQUjhMSG908UI1fMjhpdaFsoaZZpFHJtbNbdIoGw7s
+pLt4MDHoTlxX+wQNRyE+ISKTcBcna57LhLiukdPXrJlF/ETr6vo/lnA7PGa9hnJv
+hzJinSG5DdP1KMpEGAbtWb6T4FFFWzE7r7lPrch3ZnEqhxdvug+MKXCtV2uZQy18
+k52ddaRTFAjVr9wSir/e2rwxD+7+448L+ZHs839zxQkCgw2hzCbrCaMPO/RQ5Cwf
+jrHN7pyVt0nCead80Fx/drh0xPk8bF38YcKGFwPI2lC+P7A4IkImJ4e/lOt+Lz57
+6xXMq31qkvi8MIYSMiA+2Ou9UWsj/mNulGzUqp2wtOxbaA2oE9KMGQw3C8HkX4l/
+g1wOZoWfb4whURTrM8pBd2UvS//7FUG23yoFtyD0kzERFvTT2Es3whKineUtHxAp
+Dhf0mXT5aiS45Gpue8Eh4Lzl/SBan+WtbYiGsMUXcdyC7aoXMGuRveEV0BjO5hgm
+K4vTpgdXfM2vtIj//eWERsm3SBtk7B/MEqIS9Xkz9ELIObcBSxlPGhnaJAHLrVcl
+bRm7DNZqN1euWAnQaJyRtNEyXUx1heWzCECUY5L5vxLqQo0GJ67oA5VFV2duMTDI
+chMBB8UlWNoyNDBlfWxRgH9I136xkZplNk/cSVaZw7RL/sQNz7gVrfwOaQIDAQAB
+o4IBcjCCAW4wCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2Vu
+ZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBTkCKWUHjo6HlsxCDXAVDI4N7kw
+EzCB2wYDVR0jBIHTMIHQgBSDzgWqdk1v9fZT1ZAGuJmamsq/yqGBrKSBqTCBpjEL
+MAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8w
+DQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNV
+BAMTC1ZQTi1BTlctVVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3
+DQEJARYOYXJndXNAb29wZW4uZGWCCQC6fyidYy+33jATBgNVHSUEDDAKBggrBgEF
+BQcDAjALBgNVHQ8EBAMCB4AwEwYDVR0RBAwwCoIIZ3ctY2t1YnUwDQYJKoZIhvcN
+AQELBQADggIBAGSLlF/gaiE1+iVDbpLaWSASfGuZfxjXOemN+czikzy9nO5RDqkh
+17oJIavuj5ROf+wBMUBqTPUiVKlfr1zMkXbm3V69zmssAMOhMyobg0hk0E2GXtrw
+Tb6vxwFqaUukOcjX3u9PlGezewo/WuQJYH66efsAmgkqUgPLxN/SXCSbK/HC+l67
+YuQfXoHqZQDZ3Ew4F1m61QnQJcUVKOQVotLWeKBy9QauP2GTpYqMmqbKXSogr975
+SdapRTQccsaTrWHd1mgsFn2XZlcIkfq9/w1oILS+uptg8aG9NeZRJoSRZQnyfhfV
+ZISXever73fqVUfh0ee5rPVdqzdUiY5f0R4rW+Y8MTjo6d1YuvPJYxrtKtn6ZlLN
+uYwNZHjC0yPpo5tX7QXlUhtrMtg3nPrilO07opRKm89OkM78FTbgpSw/x/oDwQY3
+RVYMQ0wJulAgUmwy80jgYB+HwkIaIROW2abd8XX4qBXCwV2N6MH6PePl1ttx0Spm
+pVevqkOLIi0zpyjR0qh/pnGnbRWFhztgkvaIfStAk08KMNFgRekx3omHE2/KmRDf
+azsDLHjw9SxMb3Tx9gMnmkV0rxM24VuRbWNh4KPNQaO7jeDf6it84y53rT34olcL
+lF5jjfmPMuHiPJauPOw/wWRwFrh/hF99ncdO8c8JNJwOibrXvjidhzAC
+-----END CERTIFICATE-----
+</cert>
+
+# Client Key
+<key>
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJjjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIVPXPy9FjUjECAggA
+MBQGCCqGSIb3DQMHBAgeJeDimzYzlwSCCUg6NduONv8wnwx1hQtK24FFJF3dsFN9
+sH3ar+oS9CBXyKKKz+Kj2QQcPuEHyD/Ex2KKaxrBLCIh4iHNo23ZoQTvdXpYvAsH
+AJLeknvhYFI68hGWj69cGMS+huY/+8Pk2C5ZQZdl4vbClSIa5syHqAuufaWiRQy7
+1jrlz8aWq/vx2IJE/OUw6kY6GVsp5/PJSjHS6bHpNM5r938IJeP7sbOvI3aSfqdh
+QMATUhMEmmfMIJ5Qo9bgSfowcEPe1LPbg0zr2RbXJmd04vi3+m1AKSd3wG9PpNuh
+fwQZGBES4HFdQeNwymfe4YPL7poxQsHqaffSauTxV0dMM3jfnL0O1kzYwYr7TvLN
+a7hClcikUnOFHEO0JZm3uKvgFOsNrpPZHQ541BvHwumu9ATO9U8QvCVidZ4O8Ewh
+xqXYS0Ugc3M5/jwJwlXKY8rZESM05ea2XdS3OzREQs6sHjnhBZqHB7yIOut3ENjI
+sd0V+m2X/AJnxYDCkmfaXAWYdjzmNzWBrQ/2jGsLtvOz25o0BCr2s0Tds16s6ijy
+PrnY+RljHd2xz+8VKIjmIRZAfSUj5bPA+5rlWNE17EqNVkE0Drq3ESFyOkOhIxv5
+zWLNTJT9GLn8BOz8dt9iH1SXceiBQAAEjKohtihokF8WNFckXcYP8PIZxgT2gNSZ
+9vldNzC7tT4/UviFMUJVE7fUQgYf0XgVPcDVvmvfs7xbJVG+cmdckL4qfZsV6xY+
+bIyK4Y5fB0J4bQzIva6W96Nne0Lytf++y+sqgY4llpcFibKgYN7M3KfsM5A7k+wc
+uKoGy5+2/dZrcF8rS87MPdeeIRKpYFKpxz1/VvugprAXfjDV2eKSULG1fEpsfVOx
+u1FE7EIwDnYmue7MpA9OYvLOJXQrHbdnwlvjyRDmR2Pmll6rjEGX/yn9yBltVCal
+7NCZHfwlQm4h16bUmWvUSBdTF80pCy6eOaBz77K/2v1V9vWzi1ZAyKy/aVhPtMS4
+Jyh3Eg2fh5WHVlH6zkju7Oqz+vfLQS1XVoz5dabbnCgHzWk6MccVyE3D4G+0ti/R
+6waRrBhIPazitKQTi7wnK6eZ1CVBCkbRkxu4EcBfq7R4TfV6ijVRK5T/LsYG3TzU
+tSx6Z2VAdPDIl78usVOqirrw/Q68s6w3xLm/WxV0a3f80afGHj0p1Pxx9IIb+4fB
+B13tAJ8RTCtwXSFf09hFnSKYJc9iS2opUHFm79TUpDR220VznMdjZiLAbYb+lGDm
+GNhshIBbaMrBi5oguZ2c9aP+FKUXooYQzpFfSPduU1oO0WoesJDbxbPrzyX6VFy2
+d//WWCsGo3l7nF7gAsHJeR0gTaBhnuciR6VLOKuE7rQdoRFovtT/+u0/jUuztss0
+P/cH0wZm2jye5y3A8yIsGIyoxJjwAEhCdgBK0ChHarpQ4owwgFWb2gif6T2wTi+j
+8ng7r/LnqJZkWHwuttLXX7fpQLmOj6ybG3ytFf3t8A3MQJp2pTY/el7bf0xYz0x+
+ll8BSHvGqTRZe3fImzcY03deOrKSPlWUQ0haiT3bcz6EJnWuul6/sCMmxIZbZaEc
+qV/orXMaEm/nMd5+e7AVhDo9Q5nBVtTT+BZSABb8YEHY62g26FtEo8cvnFTNfOR7
+gSfyBkS1YAttqdQ8UvB4TkjE3cmepy0bo1Uu0h+1XfQqTducPV6AmFu2snbnyys9
+8KJgkV0qc+biK8ROPUQBKjE2Mi6jO3wLYVIr8PA2Gl/mv1TjdDOecFnsyyAcjNkX
+Ol02fKSMl8nYVKnVKnTffLM6fYs2bKJwjEoYOkLDFmpO+fCnq1IFwg/CBkn7AL0s
+chBVisDNUV9MGbDZVIiYUSEtaY7cgyAJqBfRbMtlvC2mQFzMI2L/+J/4ZUGRqJ8K
+LsiJ+aCvwgHoOTpuxC7sH3LiAoDejOa8qMRWKqklO1LtNfvTV/APAACjhQ1N484R
+/uzmLnKY6QPCFnK1zmo6NwvcSy/8vD3YZMxV3T54kqooMraJrVB62YJe/KsCTCbb
+7bUkeNiqxT9jbUf9Lu4Wy91i9XRh9Kakxfl1/oM5E/cuzX+r7hz6AUSLgZ0ibgdJ
+wXDCCcdxw6Ne+zw1ME5XfZ+3DhGvFb4LXZuTd5lGzNn01+5sTPMXEDbSaVUcuLc0
+qxGNS/Eqs4qAy7FJK9sTMjPvfiPNSp40DOKfKO3dEyGawp3yKOlTNU+fLJT8qsPX
+KjUghx2VTtZGOZVijB/VGdx0ecfqWK+FNR7ppU2+370PmDmCdWjlDF2S8CdROMCf
+K90VEdvyXKi5NMxM6yRHgRgJTDhCqdKgWQE+NQ/pYqDYt8m2dJAupYKXrnddv5nz
+0D9kxRylYi53LigGdDwwAq/R4fjOzZ1trstB4heMx9uMK9YsntOtMzTbOWpYxkqC
+klAk7q70TPn8jj8JFYa5UhhDso2EwsfJJXQMReVk3Fs0Kg8hWJLsYyVwJjgAnSNH
+1Cu9PvsC1diytKY63+pCJyzxql4ITqgHuVaC8lF/UsxSeTNqQSShviPmSV0V1a8h
+W9iTH3oWwLkFp/yczJwLIfkCqMnYpBXE1RmnZfwOu38uWLizo4nVKIbN0Ak7dKX5
+4knFkMeqig76Sz059sj1J4V3RwdEaa2do9wzD7893V80NfNWulEqMYG/ZWo8ibXf
+gw4EAEyfIC1EldSoWbolhg/wrqqRN2yAij7UjHXDDFbGROyArc746HmkDIvS/RyA
+4kGN/8Q5rYZnhoMh3lz1C5HfI0adSmZpjPjeKez1Pknk5lcmkmeoQ/e1Lq2w8Vz6
+PqdqbgdHgUE64N5suxrbczMYtXv4sa+sEbs008UoUFHWp1mMVvLqgHkxcMA6qgvo
+JM6SPC8yo+di9OGCh92BKo13hbNK0dcs+5Eoq2ahz8e2LM5v4EPHjzqNpEoXTbHw
+YepbkgUClp0o8rrxbKQWGpG/x9Yjx8x3TJG2goAxQhjAMmovsbk+U/SuekthWU06
+pVC5piI6oho/Tcz4EQsUQMW1lctUVoRuvRZEu7+OTaOUhyv3yXW12gOWM8oVusgh
+LE2NaYGiiCun0FI3oJsmmzWn+6xJvYaQM9yFwEhzUFwBDw0BxmCKun8dJ212rvGd
+AUVseiVNsR9f3hmHuAT0W+B3XMDq9mAX7rNBts83XfcKrspL5ovKJ2/Um2aOnJwY
+rxE=
+-----END ENCRYPTED PRIVATE KEY-----
+</key>
+
+# Verify server certificate by checking
+# that the certicate has the nsCertType
+# field set to "server".  This is an
+# important precaution to protect against
+# a potential attack discussed here:
+#  http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the nsCertType
+# field set to "server".  The build-key-server
+# script in the easy-rsa folder will do this.
+#
+# Note!
+# The option "ns-cert-type" has been deprecated since 
+# version 2.4 and will be removed from later distributions.
+#
+# Use the modern equivalent "remote-cert-tls"
+# 
+;ns-cert-type server
+remote-cert-tls server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+#
+# Don't forget to set the 'key-direction' Parameter if using
+# Inline Key. Usualy , sever has key direction '0', while client
+# has ke direction '1'.
+#
+key-direction 1
+<tls-auth>
+-----BEGIN OpenVPN Static key V1-----
+aea26f8f0a99ff84f7a6a6f426bef710
+2998c49555c2770d954b9251a74b6e30
+3859a0a8c086f3509c440c50bf3230e3
+d5bc2b247119a4fdb59aefdd2376475d
+f060a24165022d981ddee0704d580587
+752e520d930b24580ae5ccbef266c471
+6ef8dfdd6ba9de23e63823841086a151
+90e146c1d085b274d3403de9bd827935
+cd18fd2cb4005f3c133802ccc0c2f885
+decd3b5fd4d6dd53dc478c59f3a84dc5
+e9a3d51e805811af39647a9904605b99
+2dbf311089315fcbafa70b89e2d49b1b
+d425b598f7551a2cb21ef9315a97e36b
+2152699cf9ec5fa90df659495575a935
+bceb34f91889eda617d2c6b26573c6c1
+ce620dd47a0b08e6da791cf979ed8c44
+-----END OpenVPN Static key V1-----
+</tls-auth>
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+;cipher BF-CBC        # Blowfish (default)
+;cipher AES-128-CBC   # AES
+;cipher DES-EDE3-CBC  # Triple-DES
+cipher AES-256-CBC
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+;comp-lzo
+
+# Verbosity level.
+# 0 -- quiet except for fatal errors.
+# 1 -- mostly quiet, but display non-fatal network errors.
+# 3 -- medium output, good for normal operation.
+# 9 -- verbose, good for troubleshooting
+verb 1
+
+# Setting 'pull' on the client takes care to get the 'push' durectives
+# from the server
+pull
diff --git a/ANW-URB/openvpn/gw-ckubu/crl.pem b/ANW-URB/openvpn/gw-ckubu/crl.pem
new file mode 100644
index 0000000..63ade8a
--- /dev/null
+++ b/ANW-URB/openvpn/gw-ckubu/crl.pem
@@ -0,0 +1,18 @@
+-----BEGIN X509 CRL-----
+MIIC7zCB2DANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCREUxDzANBgNVBAgT
+BkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNV
+BAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1BTlctVVJCMRQwEgYD
+VQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUX
+DTE4MDcwMTEyMDgxOVoYDzIwNTAwNzAxMTIwODE5WjANBgkqhkiG9w0BAQsFAAOC
+AgEAJSt0Nn+jtnoBtcYIMyn580t85fkd2h/8+5iwCdi1tAfHS1SAwP4OSbH6HKqJ
+w9AXIJlkAuHjyOr/TxyoIns8DZIOPrvNoC1hRuym09IkvTnnqM69tTNZk/fbLYft
+tEiW2Hnrnk9rHnHm0FFBKCWO1hM0nv896YVBgoo/Wh+Qm7afb96l2ifd4Ycgo5zA
+NLTZ3p/S5fyKsXTyXpYP2qF2aMQntebxWmrwYUURswvJKo79d/fN9pPGPlBzRkvV
+8NsJA2o4b3s2gKzMShkiJNm2PfoDFQ7bVRZNqMpyJ5rB6HXqUOQVbnlbYB1NW4DZ
+2HYQrqeZpv1RRmS2vsRszB4Imp2gKaKAwcWy7ZSAyP70B9nSZN0HjzUpg99gDMFS
+JbPWqejwr9b0lFAJAn6EwhMVO6e13SnrHmjDK3Lo4acGRZBbfxZDU0feBxVf0sHe
+pWYe59AunQJY9l8H5OYhV8ilnTpe4amEsqGCYVQOmC9NwNJRRoxlJgysfhtI6fU1
+p4Qab1RNlewzIZG3FGvFdyYLivvO0kk5U+QVK8wMrYfA4hQGS9I92BL91hiM3Vlc
+fVrgZ+GZgOo3x5GjgSodmMPmi1FWmwEBrDns0kkBQvf/6j+i1MA/krRXHJFAW9Fs
+POBVtkRCA7hPaZVXpmyywU8IHdL3ZLPVCefzpYE66oSCWPY=
+-----END X509 CRL-----
diff --git a/ANW-URB/openvpn/gw-ckubu/easy-rsa/build-ca b/ANW-URB/openvpn/gw-ckubu/easy-rsa/build-ca
new file mode 120000
index 0000000..b76c6bc
--- /dev/null
+++ b/ANW-URB/openvpn/gw-ckubu/easy-rsa/build-ca
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-ca
\ No newline at end of file
diff --git a/ANW-URB/openvpn/gw-ckubu/easy-rsa/build-dh b/ANW-URB/openvpn/gw-ckubu/easy-rsa/build-dh
new file mode 120000
index 0000000..2baa885
--- /dev/null
+++ b/ANW-URB/openvpn/gw-ckubu/easy-rsa/build-dh
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-dh
\ No newline at end of file
diff --git a/ANW-URB/openvpn/gw-ckubu/easy-rsa/build-inter b/ANW-URB/openvpn/gw-ckubu/easy-rsa/build-inter
new file mode 120000
index 0000000..cada729
--- /dev/null
+++ b/ANW-URB/openvpn/gw-ckubu/easy-rsa/build-inter
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-inter
\ No newline at end of file
diff --git a/ANW-URB/openvpn/gw-ckubu/easy-rsa/build-key b/ANW-URB/openvpn/gw-ckubu/easy-rsa/build-key
new file mode 120000
index 0000000..715432c
--- /dev/null
+++ b/ANW-URB/openvpn/gw-ckubu/easy-rsa/build-key
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key
\ No newline at end of file
diff --git a/ANW-URB/openvpn/gw-ckubu/easy-rsa/build-key-pass b/ANW-URB/openvpn/gw-ckubu/easy-rsa/build-key-pass
new file mode 120000
index 0000000..49d0356
--- /dev/null
+++ b/ANW-URB/openvpn/gw-ckubu/easy-rsa/build-key-pass
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-pass
\ No newline at end of file
diff --git a/ANW-URB/openvpn/gw-ckubu/easy-rsa/build-key-pkcs12 b/ANW-URB/openvpn/gw-ckubu/easy-rsa/build-key-pkcs12
new file mode 120000
index 0000000..cf8e73e
--- /dev/null
+++ b/ANW-URB/openvpn/gw-ckubu/easy-rsa/build-key-pkcs12
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-pkcs12
\ No newline at end of file
diff --git a/ANW-URB/openvpn/gw-ckubu/easy-rsa/build-key-server b/ANW-URB/openvpn/gw-ckubu/easy-rsa/build-key-server
new file mode 120000
index 0000000..528087d
--- /dev/null
+++ b/ANW-URB/openvpn/gw-ckubu/easy-rsa/build-key-server
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-server
\ No newline at end of file
diff --git a/ANW-URB/openvpn/gw-ckubu/easy-rsa/build-req b/ANW-URB/openvpn/gw-ckubu/easy-rsa/build-req
new file mode 120000
index 0000000..870d885
--- /dev/null
+++ b/ANW-URB/openvpn/gw-ckubu/easy-rsa/build-req
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-req
\ No newline at end of file
diff --git a/ANW-URB/openvpn/gw-ckubu/easy-rsa/build-req-pass b/ANW-URB/openvpn/gw-ckubu/easy-rsa/build-req-pass
new file mode 120000
index 0000000..d35daa8
--- /dev/null
+++ b/ANW-URB/openvpn/gw-ckubu/easy-rsa/build-req-pass
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-req-pass
\ No newline at end of file
diff --git a/ANW-URB/openvpn/gw-ckubu/easy-rsa/clean-all b/ANW-URB/openvpn/gw-ckubu/easy-rsa/clean-all
new file mode 120000
index 0000000..c9f2970
--- /dev/null
+++ b/ANW-URB/openvpn/gw-ckubu/easy-rsa/clean-all
@@ -0,0 +1 @@
+/usr/share/easy-rsa/clean-all
\ No newline at end of file
diff --git a/ANW-URB/openvpn/gw-ckubu/easy-rsa/inherit-inter b/ANW-URB/openvpn/gw-ckubu/easy-rsa/inherit-inter
new file mode 120000
index 0000000..87736c6
--- /dev/null
+++ b/ANW-URB/openvpn/gw-ckubu/easy-rsa/inherit-inter
@@ -0,0 +1 @@
+/usr/share/easy-rsa/inherit-inter
\ No newline at end of file
diff --git a/ANW-URB/openvpn/gw-ckubu/easy-rsa/list-crl b/ANW-URB/openvpn/gw-ckubu/easy-rsa/list-crl
new file mode 120000
index 0000000..dfe3fa0
--- /dev/null
+++ b/ANW-URB/openvpn/gw-ckubu/easy-rsa/list-crl
@@ -0,0 +1 @@
+/usr/share/easy-rsa/list-crl
\ No newline at end of file
diff --git a/ANW-URB/openvpn/gw-ckubu/easy-rsa/openssl-0.9.6.cnf b/ANW-URB/openvpn/gw-ckubu/easy-rsa/openssl-0.9.6.cnf
new file mode 100644
index 0000000..fb08fea
--- /dev/null
+++ b/ANW-URB/openvpn/gw-ckubu/easy-rsa/openssl-0.9.6.cnf
@@ -0,0 +1,268 @@
+# For use with easy-rsa version 2.0
+
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		= 
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key	 	# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha256		# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options. 
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType			= server
+nsComment			= "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
diff --git a/ANW-URB/openvpn/gw-ckubu/easy-rsa/openssl-0.9.8.cnf b/ANW-URB/openvpn/gw-ckubu/easy-rsa/openssl-0.9.8.cnf
new file mode 100644
index 0000000..90331a0
--- /dev/null
+++ b/ANW-URB/openvpn/gw-ckubu/easy-rsa/openssl-0.9.8.cnf
@@ -0,0 +1,293 @@
+# For use with easy-rsa version 2.0
+
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines                 = engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key	 	# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha256		# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType			= server
+nsComment			= "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0
diff --git a/ANW-URB/openvpn/gw-ckubu/easy-rsa/openssl-1.0.0.cnf b/ANW-URB/openvpn/gw-ckubu/easy-rsa/openssl-1.0.0.cnf
new file mode 100644
index 0000000..30689ad
--- /dev/null
+++ b/ANW-URB/openvpn/gw-ckubu/easy-rsa/openssl-1.0.0.cnf
@@ -0,0 +1,290 @@
+# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines			= engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key		# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+#default_days	= 3650			# how long to certify for
+default_days   = 11688
+#default_crl_days= 30			# how long before next CRL
+default_crl_days   = 11688
+default_md	= sha256		# use public key default MD
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString (PKIX recommendation after 2004).
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType                     = server
+nsComment                      = "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0
diff --git a/ANW-URB/openvpn/gw-ckubu/easy-rsa/openssl-1.0.0.cnf.ORIG b/ANW-URB/openvpn/gw-ckubu/easy-rsa/openssl-1.0.0.cnf.ORIG
new file mode 100644
index 0000000..c301e44
--- /dev/null
+++ b/ANW-URB/openvpn/gw-ckubu/easy-rsa/openssl-1.0.0.cnf.ORIG
@@ -0,0 +1,288 @@
+# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines			= engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key		# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha256		# use public key default MD
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString (PKIX recommendation after 2004).
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType                     = server
+nsComment                      = "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0
diff --git a/ANW-URB/openvpn/gw-ckubu/easy-rsa/pkitool b/ANW-URB/openvpn/gw-ckubu/easy-rsa/pkitool
new file mode 120000
index 0000000..2f7047b
--- /dev/null
+++ b/ANW-URB/openvpn/gw-ckubu/easy-rsa/pkitool
@@ -0,0 +1 @@
+/usr/share/easy-rsa/pkitool
\ No newline at end of file
diff --git a/ANW-URB/openvpn/gw-ckubu/easy-rsa/revoke-full b/ANW-URB/openvpn/gw-ckubu/easy-rsa/revoke-full
new file mode 120000
index 0000000..5612776
--- /dev/null
+++ b/ANW-URB/openvpn/gw-ckubu/easy-rsa/revoke-full
@@ -0,0 +1 @@
+/usr/share/easy-rsa/revoke-full
\ No newline at end of file
diff --git a/ANW-URB/openvpn/gw-ckubu/easy-rsa/sign-req b/ANW-URB/openvpn/gw-ckubu/easy-rsa/sign-req
new file mode 120000
index 0000000..aad0401
--- /dev/null
+++ b/ANW-URB/openvpn/gw-ckubu/easy-rsa/sign-req
@@ -0,0 +1 @@
+/usr/share/easy-rsa/sign-req
\ No newline at end of file
diff --git a/ANW-URB/openvpn/gw-ckubu/easy-rsa/vars b/ANW-URB/openvpn/gw-ckubu/easy-rsa/vars
new file mode 100644
index 0000000..2c6f5e4
--- /dev/null
+++ b/ANW-URB/openvpn/gw-ckubu/easy-rsa/vars
@@ -0,0 +1,96 @@
+# easy-rsa parameter settings
+
+# NOTE: If you installed from an RPM,
+# don't edit this file in place in
+# /usr/share/openvpn/easy-rsa --
+# instead, you should copy the whole
+# easy-rsa directory to another location
+# (such as /etc/openvpn) so that your
+# edits will not be wiped out by a future
+# OpenVPN package upgrade.
+
+# This variable should point to
+# the top level of the easy-rsa
+# tree.
+##export EASY_RSA="`pwd`"
+export BASE_DIR="/etc/openvpn/gw-ckubu"
+export EASY_RSA="$BASE_DIR/easy-rsa"
+
+#
+# This variable should point to
+# the requested executables
+#
+export OPENSSL="openssl"
+export PKCS11TOOL="pkcs11-tool"
+export GREP="grep"
+
+
+# This variable should point to
+# the openssl.cnf file included
+# with easy-rsa.
+export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
+
+# Edit this variable to point to
+# your soon-to-be-created key
+# directory.
+#
+# WARNING: clean-all will do
+# a rm -rf on this directory
+# so make sure you define
+# it correctly!
+##export KEY_DIR="$EASY_RSA/keys"
+export KEY_DIR="$BASE_DIR/keys"
+
+# Issue rm -rf warning
+echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
+
+# PKCS11 fixes
+export PKCS11_MODULE_PATH="dummy"
+export PKCS11_PIN="dummy"
+
+# Increase this to 2048 if you
+# are paranoid.  This will slow
+# down TLS negotiation performance
+# as well as the one-time DH parms
+# generation process.
+##export KEY_SIZE=2048
+export KEY_SIZE=4096
+
+# In how many days should the root CA key expire?
+##export CA_EXPIRE=3650
+export CA_EXPIRE=11688
+
+# In how many days should certificates expire?
+##export KEY_EXPIRE=3650
+export KEY_EXPIRE=7305
+
+# These are the default values for fields
+# which will be placed in the certificate.
+# Don't leave any of these fields blank.
+##export KEY_COUNTRY="US"
+export KEY_COUNTRY="DE"
+##export KEY_PROVINCE="CA"
+export KEY_PROVINCE="Berlin"
+##export KEY_CITY="SanFrancisco"
+export KEY_CITY="Berlin"
+##export KEY_ORG="Fort-Funston"
+export KEY_ORG="o.open"
+##export KEY_EMAIL="me@myhost.mydomain"
+export KEY_EMAIL="argus@oopen.de"
+##export KEY_OU="MyOrganizationalUnit"
+export KEY_OU="Network Services"
+
+# X509 Subject Field
+##export KEY_NAME="EasyRSA"
+export KEY_NAME="VPN ANW-URB"
+
+# PKCS11 Smart Card
+# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
+# export PKCS11_PIN=1234
+
+# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
+# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
+## export KEY_CN="CommonName"
+export KEY_CN="VPN-ANW-URB"
+
+export KEY_ALTNAMES="VPN-ANW-URB"
diff --git a/ANW-URB/openvpn/gw-ckubu/easy-rsa/vars.2018-07-01-1354 b/ANW-URB/openvpn/gw-ckubu/easy-rsa/vars.2018-07-01-1354
new file mode 100644
index 0000000..e60420c
--- /dev/null
+++ b/ANW-URB/openvpn/gw-ckubu/easy-rsa/vars.2018-07-01-1354
@@ -0,0 +1,80 @@
+# easy-rsa parameter settings
+
+# NOTE: If you installed from an RPM,
+# don't edit this file in place in
+# /usr/share/openvpn/easy-rsa --
+# instead, you should copy the whole
+# easy-rsa directory to another location
+# (such as /etc/openvpn) so that your
+# edits will not be wiped out by a future
+# OpenVPN package upgrade.
+
+# This variable should point to
+# the top level of the easy-rsa
+# tree.
+export EASY_RSA="`pwd`"
+
+#
+# This variable should point to
+# the requested executables
+#
+export OPENSSL="openssl"
+export PKCS11TOOL="pkcs11-tool"
+export GREP="grep"
+
+
+# This variable should point to
+# the openssl.cnf file included
+# with easy-rsa.
+export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
+
+# Edit this variable to point to
+# your soon-to-be-created key
+# directory.
+#
+# WARNING: clean-all will do
+# a rm -rf on this directory
+# so make sure you define
+# it correctly!
+export KEY_DIR="$EASY_RSA/keys"
+
+# Issue rm -rf warning
+echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
+
+# PKCS11 fixes
+export PKCS11_MODULE_PATH="dummy"
+export PKCS11_PIN="dummy"
+
+# Increase this to 2048 if you
+# are paranoid.  This will slow
+# down TLS negotiation performance
+# as well as the one-time DH parms
+# generation process.
+export KEY_SIZE=2048
+
+# In how many days should the root CA key expire?
+export CA_EXPIRE=3650
+
+# In how many days should certificates expire?
+export KEY_EXPIRE=3650
+
+# These are the default values for fields
+# which will be placed in the certificate.
+# Don't leave any of these fields blank.
+export KEY_COUNTRY="US"
+export KEY_PROVINCE="CA"
+export KEY_CITY="SanFrancisco"
+export KEY_ORG="Fort-Funston"
+export KEY_EMAIL="me@myhost.mydomain"
+export KEY_OU="MyOrganizationalUnit"
+
+# X509 Subject Field
+export KEY_NAME="EasyRSA"
+
+# PKCS11 Smart Card
+# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
+# export PKCS11_PIN=1234
+
+# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
+# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
+# export KEY_CN="CommonName"
diff --git a/ANW-URB/openvpn/gw-ckubu/easy-rsa/whichopensslcnf b/ANW-URB/openvpn/gw-ckubu/easy-rsa/whichopensslcnf
new file mode 120000
index 0000000..d1d4acf
--- /dev/null
+++ b/ANW-URB/openvpn/gw-ckubu/easy-rsa/whichopensslcnf
@@ -0,0 +1 @@
+/usr/share/easy-rsa/whichopensslcnf
\ No newline at end of file
diff --git a/ANW-URB/openvpn/gw-ckubu/keys-created.txt b/ANW-URB/openvpn/gw-ckubu/keys-created.txt
new file mode 100644
index 0000000..50c9624
--- /dev/null
+++ b/ANW-URB/openvpn/gw-ckubu/keys-created.txt
@@ -0,0 +1,4 @@
+
+key...............: gw-ckubu.key
+common name.......: VPN-ANW-URB-gw-ckubu
+password..........: iBeiGo4she3oorae3ualuj4seegaiwih
diff --git a/ANW-URB/openvpn/gw-ckubu/keys/01.pem b/ANW-URB/openvpn/gw-ckubu/keys/01.pem
new file mode 100644
index 0000000..41cdfcf
--- /dev/null
+++ b/ANW-URB/openvpn/gw-ckubu/keys/01.pem
@@ -0,0 +1,142 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-ANW-URB/name=VPN ANW-URB/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Jul  1 12:08:00 2018 GMT
+            Not After : Jul  1 12:08:00 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-ANW-URB-server/name=VPN ANW-URB/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:dc:d8:37:7c:82:5d:f7:52:61:1a:64:5e:4e:4c:
+                    66:8f:81:4a:70:de:4f:ed:ab:7e:8c:dc:aa:6d:77:
+                    2d:53:b6:7e:80:e7:54:e0:98:81:cf:f2:e7:bf:2c:
+                    62:5e:31:54:aa:e5:ce:8f:b3:86:31:22:6c:0e:bd:
+                    bd:c6:df:a8:1e:90:4c:aa:6b:af:85:85:e8:37:db:
+                    13:fa:83:40:7f:5d:2f:d5:4b:35:8b:36:7e:ae:50:
+                    a5:b1:7d:dc:d2:db:d1:20:5a:7b:ec:fb:b9:04:54:
+                    d5:b9:13:7a:cd:50:7b:f8:68:f2:03:4b:34:92:5d:
+                    65:dc:99:2b:03:f0:93:a7:5b:df:5b:be:f1:c8:c7:
+                    d0:03:c3:fa:f5:27:3e:1d:87:9c:af:22:3a:c5:12:
+                    f1:7e:52:ed:73:db:a7:a3:01:e4:ab:7b:34:a4:30:
+                    8c:c4:9f:bf:f6:0b:5f:31:eb:15:90:d9:b1:c1:00:
+                    e2:22:50:d8:91:1a:d5:49:fe:bd:1d:48:41:1a:1c:
+                    54:cc:50:88:a3:4d:b4:24:6b:54:d1:e5:f9:6d:88:
+                    a5:cb:8d:1d:29:50:2d:01:8e:41:2a:ce:57:08:c9:
+                    96:4e:27:7a:74:6f:ed:99:cf:c4:e5:f2:9a:d8:1d:
+                    ec:24:f1:2d:8e:48:ec:60:6f:d0:96:fc:dd:87:98:
+                    b2:b6:92:e4:eb:f6:22:9a:ed:63:c2:ba:a7:f2:87:
+                    1d:50:d0:ee:cd:93:47:a6:d3:db:5d:f7:af:58:cc:
+                    13:e8:dd:1b:73:20:1c:66:b8:ca:91:fb:96:80:7d:
+                    93:fd:e9:80:2a:9b:17:41:24:6b:ea:fa:65:5f:17:
+                    47:99:0a:c2:93:67:e9:11:6c:fb:84:b7:f2:4a:15:
+                    46:19:13:d3:6f:94:93:06:57:b6:44:77:8f:c1:0e:
+                    38:6f:1a:98:15:87:f6:91:c8:ac:38:f6:78:44:dd:
+                    8f:e2:6e:da:72:0e:81:61:d3:cd:61:cd:fa:3c:9c:
+                    6f:0c:fa:cd:91:5b:b2:98:65:cd:ed:19:34:d7:2f:
+                    53:fa:a4:c2:4c:bb:39:2d:b7:fc:db:0d:b7:a9:38:
+                    2c:15:ff:24:78:e1:66:d4:4b:22:95:87:da:6d:1e:
+                    81:73:93:45:13:5e:7a:b1:a6:3c:a2:41:96:e2:ec:
+                    bb:5d:1e:d2:33:8f:1e:05:7f:a9:ef:b0:59:45:d2:
+                    9d:06:fc:ba:84:24:3a:0c:8c:a2:fd:d9:8a:91:21:
+                    a4:47:c3:a9:ca:07:7a:9d:4c:67:f0:de:29:9b:2c:
+                    4f:4b:fc:d6:91:78:44:52:41:a8:9d:4c:c1:15:90:
+                    93:2c:1b:91:28:7c:4e:3d:f6:a8:3a:e0:fc:05:de:
+                    a3:ec:51
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Server
+            Netscape Comment: 
+                Easy-RSA Generated Server Certificate
+            X509v3 Subject Key Identifier: 
+                8D:6F:B4:C0:CA:39:8E:D1:BC:31:63:A4:32:BB:B0:C8:66:6C:7E:A3
+            X509v3 Authority Key Identifier: 
+                keyid:83:CE:05:AA:76:4D:6F:F5:F6:53:D5:90:06:B8:99:9A:9A:CA:BF:CA
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-ANW-URB/name=VPN ANW-URB/emailAddress=argus@oopen.de
+                serial:BA:7F:28:9D:63:2F:B7:DE
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+            X509v3 Subject Alternative Name: 
+                DNS:server
+    Signature Algorithm: sha256WithRSAEncryption
+         14:4f:8a:df:e6:49:a2:f4:59:cd:15:11:38:ee:de:80:07:0f:
+         52:87:d2:46:af:32:87:83:17:8e:e7:98:fb:f2:75:8d:85:32:
+         92:2d:df:41:eb:f9:74:7f:46:64:d2:1b:3b:60:2b:4c:c9:f3:
+         8a:50:91:04:ef:dc:aa:fd:03:ed:7b:9e:d8:d8:b5:df:ce:22:
+         d3:93:ea:92:50:d2:89:e2:a8:41:d9:19:13:d7:ab:3e:57:22:
+         54:73:cb:b4:03:30:be:c8:ea:fb:2f:96:30:74:29:d1:c1:4e:
+         9f:f6:c4:42:cd:67:b0:12:15:99:0b:58:d5:9c:0b:a0:65:6d:
+         44:b9:65:a4:f3:fd:d8:87:dd:f9:da:1c:0b:3d:96:1c:d1:29:
+         68:30:73:89:83:b8:3d:f5:f9:51:3c:c6:32:17:3a:c7:f8:1f:
+         81:09:9e:cd:87:27:3d:f6:62:57:0d:75:62:60:65:34:13:5d:
+         09:19:be:f5:57:23:c7:be:6b:0c:b5:67:a0:ec:8d:c1:0d:9c:
+         1f:e2:78:58:83:f8:30:a4:3e:72:e7:31:62:0e:d0:da:84:ce:
+         95:6c:1e:69:62:ee:c8:b0:61:55:1c:15:5e:69:7c:5c:c4:95:
+         91:28:7a:63:66:65:66:8f:0c:4e:cd:38:aa:94:11:d0:a0:cf:
+         2a:d5:fb:e1:3a:6b:b9:6c:13:cd:b9:e0:2e:8b:cd:c7:06:cf:
+         12:17:32:0e:ae:50:cf:7f:04:df:8f:c9:bb:eb:5f:72:b7:63:
+         ec:31:e8:1a:a2:94:93:43:64:17:69:ab:26:61:1d:fd:85:e3:
+         c1:60:ed:c2:9d:f6:04:11:a5:ff:77:e0:d3:ef:75:90:99:36:
+         ab:62:59:fd:75:df:95:be:c7:1a:e0:eb:92:07:f9:a7:6b:a3:
+         3c:30:14:99:60:e3:04:3c:ba:45:91:fd:bf:1d:6a:d8:26:61:
+         eb:8d:76:7e:74:7c:d5:a3:50:0a:ab:cf:c8:f1:85:65:e4:6c:
+         10:11:91:f8:68:54:05:37:11:9e:ee:1c:5d:60:f7:b3:40:cf:
+         9c:c1:f4:3a:26:6c:d2:72:19:20:3c:da:27:9d:17:dd:75:f1:
+         b8:b3:9e:bc:92:4f:18:26:ad:38:a6:27:2a:92:b1:8e:23:96:
+         ff:0b:b1:96:ed:40:b6:da:3c:52:49:09:07:1d:6d:ed:02:78:
+         fd:55:95:db:8c:6c:85:2b:5d:4b:56:0f:ea:49:6d:2d:10:c7:
+         df:a8:3f:dd:b5:c5:be:ba:69:b0:a5:b0:c7:06:71:be:af:33:
+         c3:4e:71:aa:ce:1b:51:2f:dd:bc:c7:a0:8e:92:b1:ff:3b:cf:
+         a7:62:fd:35:c6:01:64:66
+-----BEGIN CERTIFICATE-----
+MIIHXDCCBUSgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1BTlct
+VVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
+b29wZW4uZGUwHhcNMTgwNzAxMTIwODAwWhcNMzgwNzAxMTIwODAwWjCBrTELMAkG
+A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
+VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGzAZBgNVBAMT
+ElZQTi1BTlctVVJCLXNlcnZlcjEUMBIGA1UEKRMLVlBOIEFOVy1VUkIxHTAbBgkq
+hkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
+MIICCgKCAgEA3Ng3fIJd91JhGmReTkxmj4FKcN5P7at+jNyqbXctU7Z+gOdU4JiB
+z/LnvyxiXjFUquXOj7OGMSJsDr29xt+oHpBMqmuvhYXoN9sT+oNAf10v1Us1izZ+
+rlClsX3c0tvRIFp77Pu5BFTVuRN6zVB7+GjyA0s0kl1l3JkrA/CTp1vfW77xyMfQ
+A8P69Sc+HYecryI6xRLxflLtc9unowHkq3s0pDCMxJ+/9gtfMesVkNmxwQDiIlDY
+kRrVSf69HUhBGhxUzFCIo020JGtU0eX5bYily40dKVAtAY5BKs5XCMmWTid6dG/t
+mc/E5fKa2B3sJPEtjkjsYG/Qlvzdh5iytpLk6/Yimu1jwrqn8ocdUNDuzZNHptPb
+XfevWMwT6N0bcyAcZrjKkfuWgH2T/emAKpsXQSRr6vplXxdHmQrCk2fpEWz7hLfy
+ShVGGRPTb5STBle2RHePwQ44bxqYFYf2kcisOPZ4RN2P4m7acg6BYdPNYc36PJxv
+DPrNkVuymGXN7Rk01y9T+qTCTLs5Lbf82w23qTgsFf8keOFm1EsilYfabR6Bc5NF
+E156saY8okGW4uy7XR7SM48eBX+p77BZRdKdBvy6hCQ6DIyi/dmKkSGkR8Opygd6
+nUxn8N4pmyxPS/zWkXhEUkGonUzBFZCTLBuRKHxOPfaoOuD8Bd6j7FECAwEAAaOC
+AYowggGGMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMDQGCWCGSAGG+EIB
+DQQnFiVFYXN5LVJTQSBHZW5lcmF0ZWQgU2VydmVyIENlcnRpZmljYXRlMB0GA1Ud
+DgQWBBSNb7TAyjmO0bwxY6Qyu7DIZmx+ozCB2wYDVR0jBIHTMIHQgBSDzgWqdk1v
+9fZT1ZAGuJmamsq/yqGBrKSBqTCBpjELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJl
+cmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsT
+EE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1BTlctVVJCMRQwEgYDVQQp
+EwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQC6
+fyidYy+33jATBgNVHSUEDDAKBggrBgEFBQcDATALBgNVHQ8EBAMCBaAwEQYDVR0R
+BAowCIIGc2VydmVyMA0GCSqGSIb3DQEBCwUAA4ICAQAUT4rf5kmi9FnNFRE47t6A
+Bw9Sh9JGrzKHgxeO55j78nWNhTKSLd9B6/l0f0Zk0hs7YCtMyfOKUJEE79yq/QPt
+e57Y2LXfziLTk+qSUNKJ4qhB2RkT16s+VyJUc8u0AzC+yOr7L5YwdCnRwU6f9sRC
+zWewEhWZC1jVnAugZW1EuWWk8/3Yh9352hwLPZYc0SloMHOJg7g99flRPMYyFzrH
++B+BCZ7Nhyc99mJXDXViYGU0E10JGb71VyPHvmsMtWeg7I3BDZwf4nhYg/gwpD5y
+5zFiDtDahM6VbB5pYu7IsGFVHBVeaXxcxJWRKHpjZmVmjwxOzTiqlBHQoM8q1fvh
+Omu5bBPNueAui83HBs8SFzIOrlDPfwTfj8m7619yt2PsMegaopSTQ2QXaasmYR39
+hePBYO3CnfYEEaX/d+DT73WQmTarYln9dd+Vvsca4OuSB/mna6M8MBSZYOMEPLpF
+kf2/HWrYJmHrjXZ+dHzVo1AKq8/I8YVl5GwQEZH4aFQFNxGe7hxdYPezQM+cwfQ6
+JmzSchkgPNonnRfddfG4s568kk8YJq04picqkrGOI5b/C7GW7UC22jxSSQkHHW3t
+Anj9VZXbjGyFK11LVg/qSW0tEMffqD/dtcW+ummwpbDHBnG+rzPDTnGqzhtRL928
+x6COkrH/O8+nYv01xgFkZg==
+-----END CERTIFICATE-----
diff --git a/ANW-URB/openvpn/gw-ckubu/keys/02.pem b/ANW-URB/openvpn/gw-ckubu/keys/02.pem
new file mode 100644
index 0000000..0480575
--- /dev/null
+++ b/ANW-URB/openvpn/gw-ckubu/keys/02.pem
@@ -0,0 +1,139 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-ANW-URB/name=VPN ANW-URB/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Jul  1 12:19:59 2018 GMT
+            Not After : Jul  1 12:19:59 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-ANW-URB-gw-ckubu/name=VPN ANW-URB/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:cf:d1:f3:c8:f7:01:10:52:38:4c:48:6f:74:f1:
+                    42:35:7c:c8:e1:a5:d6:85:b2:86:99:66:91:47:26:
+                    d6:cd:6d:d2:28:1b:0e:ec:a4:bb:78:30:31:e8:4e:
+                    5c:57:fb:04:0d:47:21:3e:21:22:93:70:17:27:6b:
+                    9e:cb:84:b8:ae:91:d3:d7:ac:99:45:fc:44:eb:ea:
+                    fa:3f:96:70:3b:3c:66:bd:86:72:6f:87:32:62:9d:
+                    21:b9:0d:d3:f5:28:ca:44:18:06:ed:59:be:93:e0:
+                    51:45:5b:31:3b:af:b9:4f:ad:c8:77:66:71:2a:87:
+                    17:6f:ba:0f:8c:29:70:ad:57:6b:99:43:2d:7c:93:
+                    9d:9d:75:a4:53:14:08:d5:af:dc:12:8a:bf:de:da:
+                    bc:31:0f:ee:fe:e3:8f:0b:f9:91:ec:f3:7f:73:c5:
+                    09:02:83:0d:a1:cc:26:eb:09:a3:0f:3b:f4:50:e4:
+                    2c:1f:8e:b1:cd:ee:9c:95:b7:49:c2:79:a7:7c:d0:
+                    5c:7f:76:b8:74:c4:f9:3c:6c:5d:fc:61:c2:86:17:
+                    03:c8:da:50:be:3f:b0:38:22:42:26:27:87:bf:94:
+                    eb:7e:2f:3e:7b:eb:15:cc:ab:7d:6a:92:f8:bc:30:
+                    86:12:32:20:3e:d8:eb:bd:51:6b:23:fe:63:6e:94:
+                    6c:d4:aa:9d:b0:b4:ec:5b:68:0d:a8:13:d2:8c:19:
+                    0c:37:0b:c1:e4:5f:89:7f:83:5c:0e:66:85:9f:6f:
+                    8c:21:51:14:eb:33:ca:41:77:65:2f:4b:ff:fb:15:
+                    41:b6:df:2a:05:b7:20:f4:93:31:11:16:f4:d3:d8:
+                    4b:37:c2:12:a2:9d:e5:2d:1f:10:29:0e:17:f4:99:
+                    74:f9:6a:24:b8:e4:6a:6e:7b:c1:21:e0:bc:e5:fd:
+                    20:5a:9f:e5:ad:6d:88:86:b0:c5:17:71:dc:82:ed:
+                    aa:17:30:6b:91:bd:e1:15:d0:18:ce:e6:18:26:2b:
+                    8b:d3:a6:07:57:7c:cd:af:b4:88:ff:fd:e5:84:46:
+                    c9:b7:48:1b:64:ec:1f:cc:12:a2:12:f5:79:33:f4:
+                    42:c8:39:b7:01:4b:19:4f:1a:19:da:24:01:cb:ad:
+                    57:25:6d:19:bb:0c:d6:6a:37:57:ae:58:09:d0:68:
+                    9c:91:b4:d1:32:5d:4c:75:85:e5:b3:08:40:94:63:
+                    92:f9:bf:12:ea:42:8d:06:27:ae:e8:03:95:45:57:
+                    67:6e:31:30:c8:72:13:01:07:c5:25:58:da:32:34:
+                    30:65:7d:6c:51:80:7f:48:d7:7e:b1:91:9a:65:36:
+                    4f:dc:49:56:99:c3:b4:4b:fe:c4:0d:cf:b8:15:ad:
+                    fc:0e:69
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                E4:08:A5:94:1E:3A:3A:1E:5B:31:08:35:C0:54:32:38:37:B9:30:13
+            X509v3 Authority Key Identifier: 
+                keyid:83:CE:05:AA:76:4D:6F:F5:F6:53:D5:90:06:B8:99:9A:9A:CA:BF:CA
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-ANW-URB/name=VPN ANW-URB/emailAddress=argus@oopen.de
+                serial:BA:7F:28:9D:63:2F:B7:DE
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:gw-ckubu
+    Signature Algorithm: sha256WithRSAEncryption
+         64:8b:94:5f:e0:6a:21:35:fa:25:43:6e:92:da:59:20:12:7c:
+         6b:99:7f:18:d7:39:e9:8d:f9:cc:e2:93:3c:bd:9c:ee:51:0e:
+         a9:21:d7:ba:09:21:ab:ee:8f:94:4e:7f:ec:01:31:40:6a:4c:
+         f5:22:54:a9:5f:af:5c:cc:91:76:e6:dd:5e:bd:ce:6b:2c:00:
+         c3:a1:33:2a:1b:83:48:64:d0:4d:86:5e:da:f0:4d:be:af:c7:
+         01:6a:69:4b:a4:39:c8:d7:de:ef:4f:94:67:b3:7b:0a:3f:5a:
+         e4:09:60:7e:ba:79:fb:00:9a:09:2a:52:03:cb:c4:df:d2:5c:
+         24:9b:2b:f1:c2:fa:5e:bb:62:e4:1f:5e:81:ea:65:00:d9:dc:
+         4c:38:17:59:ba:d5:09:d0:25:c5:15:28:e4:15:a2:d2:d6:78:
+         a0:72:f5:06:ae:3f:61:93:a5:8a:8c:9a:a6:ca:5d:2a:20:af:
+         de:f9:49:d6:a9:45:34:1c:72:c6:93:ad:61:dd:d6:68:2c:16:
+         7d:97:66:57:08:91:fa:bd:ff:0d:68:20:b4:be:ba:9b:60:f1:
+         a1:bd:35:e6:51:26:84:91:65:09:f2:7e:17:d5:64:84:97:7a:
+         f7:ab:ef:77:ea:55:47:e1:d1:e7:b9:ac:f5:5d:ab:37:54:89:
+         8e:5f:d1:1e:2b:5b:e6:3c:31:38:e8:e9:dd:58:ba:f3:c9:63:
+         1a:ed:2a:d9:fa:66:52:cd:b9:8c:0d:64:78:c2:d3:23:e9:a3:
+         9b:57:ed:05:e5:52:1b:6b:32:d8:37:9c:fa:e2:94:ed:3b:a2:
+         94:4a:9b:cf:4e:90:ce:fc:15:36:e0:a5:2c:3f:c7:fa:03:c1:
+         06:37:45:56:0c:43:4c:09:ba:50:20:52:6c:32:f3:48:e0:60:
+         1f:87:c2:42:1a:21:13:96:d9:a6:dd:f1:75:f8:a8:15:c2:c1:
+         5d:8d:e8:c1:fa:3d:e3:e5:d6:db:71:d1:2a:66:a5:57:af:aa:
+         43:8b:22:2d:33:a7:28:d1:d2:a8:7f:a6:71:a7:6d:15:85:87:
+         3b:60:92:f6:88:7d:2b:40:93:4f:0a:30:d1:60:45:e9:31:de:
+         89:87:13:6f:ca:99:10:df:6b:3b:03:2c:78:f0:f5:2c:4c:6f:
+         74:f1:f6:03:27:9a:45:74:af:13:36:e1:5b:91:6d:63:61:e0:
+         a3:cd:41:a3:bb:8d:e0:df:ea:2b:7c:e3:2e:77:ad:3d:f8:a2:
+         57:0b:94:5e:63:8d:f9:8f:32:e1:e2:3c:96:ae:3c:ec:3f:c1:
+         64:70:16:b8:7f:84:5f:7d:9d:c7:4e:f1:cf:09:34:9c:0e:89:
+         ba:d7:be:38:9d:87:30:02
+-----BEGIN CERTIFICATE-----
+MIIHRjCCBS6gAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1BTlct
+VVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
+b29wZW4uZGUwHhcNMTgwNzAxMTIxOTU5WhcNMzgwNzAxMTIxOTU5WjCBrzELMAkG
+A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
+VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxHTAbBgNVBAMT
+FFZQTi1BTlctVVJCLWd3LWNrdWJ1MRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsG
+CSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4IC
+DwAwggIKAoICAQDP0fPI9wEQUjhMSG908UI1fMjhpdaFsoaZZpFHJtbNbdIoGw7s
+pLt4MDHoTlxX+wQNRyE+ISKTcBcna57LhLiukdPXrJlF/ETr6vo/lnA7PGa9hnJv
+hzJinSG5DdP1KMpEGAbtWb6T4FFFWzE7r7lPrch3ZnEqhxdvug+MKXCtV2uZQy18
+k52ddaRTFAjVr9wSir/e2rwxD+7+448L+ZHs839zxQkCgw2hzCbrCaMPO/RQ5Cwf
+jrHN7pyVt0nCead80Fx/drh0xPk8bF38YcKGFwPI2lC+P7A4IkImJ4e/lOt+Lz57
+6xXMq31qkvi8MIYSMiA+2Ou9UWsj/mNulGzUqp2wtOxbaA2oE9KMGQw3C8HkX4l/
+g1wOZoWfb4whURTrM8pBd2UvS//7FUG23yoFtyD0kzERFvTT2Es3whKineUtHxAp
+Dhf0mXT5aiS45Gpue8Eh4Lzl/SBan+WtbYiGsMUXcdyC7aoXMGuRveEV0BjO5hgm
+K4vTpgdXfM2vtIj//eWERsm3SBtk7B/MEqIS9Xkz9ELIObcBSxlPGhnaJAHLrVcl
+bRm7DNZqN1euWAnQaJyRtNEyXUx1heWzCECUY5L5vxLqQo0GJ67oA5VFV2duMTDI
+chMBB8UlWNoyNDBlfWxRgH9I136xkZplNk/cSVaZw7RL/sQNz7gVrfwOaQIDAQAB
+o4IBcjCCAW4wCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2Vu
+ZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBTkCKWUHjo6HlsxCDXAVDI4N7kw
+EzCB2wYDVR0jBIHTMIHQgBSDzgWqdk1v9fZT1ZAGuJmamsq/yqGBrKSBqTCBpjEL
+MAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8w
+DQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNV
+BAMTC1ZQTi1BTlctVVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3
+DQEJARYOYXJndXNAb29wZW4uZGWCCQC6fyidYy+33jATBgNVHSUEDDAKBggrBgEF
+BQcDAjALBgNVHQ8EBAMCB4AwEwYDVR0RBAwwCoIIZ3ctY2t1YnUwDQYJKoZIhvcN
+AQELBQADggIBAGSLlF/gaiE1+iVDbpLaWSASfGuZfxjXOemN+czikzy9nO5RDqkh
+17oJIavuj5ROf+wBMUBqTPUiVKlfr1zMkXbm3V69zmssAMOhMyobg0hk0E2GXtrw
+Tb6vxwFqaUukOcjX3u9PlGezewo/WuQJYH66efsAmgkqUgPLxN/SXCSbK/HC+l67
+YuQfXoHqZQDZ3Ew4F1m61QnQJcUVKOQVotLWeKBy9QauP2GTpYqMmqbKXSogr975
+SdapRTQccsaTrWHd1mgsFn2XZlcIkfq9/w1oILS+uptg8aG9NeZRJoSRZQnyfhfV
+ZISXever73fqVUfh0ee5rPVdqzdUiY5f0R4rW+Y8MTjo6d1YuvPJYxrtKtn6ZlLN
+uYwNZHjC0yPpo5tX7QXlUhtrMtg3nPrilO07opRKm89OkM78FTbgpSw/x/oDwQY3
+RVYMQ0wJulAgUmwy80jgYB+HwkIaIROW2abd8XX4qBXCwV2N6MH6PePl1ttx0Spm
+pVevqkOLIi0zpyjR0qh/pnGnbRWFhztgkvaIfStAk08KMNFgRekx3omHE2/KmRDf
+azsDLHjw9SxMb3Tx9gMnmkV0rxM24VuRbWNh4KPNQaO7jeDf6it84y53rT34olcL
+lF5jjfmPMuHiPJauPOw/wWRwFrh/hF99ncdO8c8JNJwOibrXvjidhzAC
+-----END CERTIFICATE-----
diff --git a/ANW-URB/openvpn/gw-ckubu/keys/ca.crt b/ANW-URB/openvpn/gw-ckubu/keys/ca.crt
new file mode 100644
index 0000000..4bc6c83
--- /dev/null
+++ b/ANW-URB/openvpn/gw-ckubu/keys/ca.crt
@@ -0,0 +1,39 @@
+-----BEGIN CERTIFICATE-----
+MIIG5DCCBMygAwIBAgIJALp/KJ1jL7feMA0GCSqGSIb3DQEBCwUAMIGmMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEUMBIGA1UEAxML
+VlBOLUFOVy1VUkIxFDASBgNVBCkTC1ZQTiBBTlctVVJCMR0wGwYJKoZIhvcNAQkB
+Fg5hcmd1c0Bvb3Blbi5kZTAgFw0xODA3MDExMjAxMTBaGA8yMDUwMDcwMTEyMDEx
+MFowgaYxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJl
+cmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2Vz
+MRQwEgYDVQQDEwtWUE4tQU5XLVVSQjEUMBIGA1UEKRMLVlBOIEFOVy1VUkIxHTAb
+BgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOC
+Ag8AMIICCgKCAgEAwqxYiLmI2l30o0GJ0tFrt8G8pHrhuIUbgmaKpv+nvkDVZlYi
+x7e36iGcswVwFrCRMkDSZk3assH95zr+psTDDpcsLeXg6t/P8m4Fa+nRpGAnJiRG
+kC5C1gi6mzQq2exkyK/N8uEN1i1uRSm6bg5SYoY2kYid9t2wzkvw/oRpee3orrGX
+T0L0V7gQsBXRQMPkDdcsXiS6yMC/BiucNZ7aTNm0ZFJW/FrtFK2fq+zhfKMffe0q
+ZEBC9kpJvo12u1TVE6udnBqEa7SdDTgZdIJt2bWeI700WQd/wbxX2+pn+mMvzwnz
+ArIkMkAEg8XKRvvyTTZFXgLjNie03mfT3Rhdaren7SW0Y9ZP5f9RWiqaUVPwbc4L
+Y0rHuxDOn26GM5lcMUcDH5mqhe/7jOeGFNWNjvMzfwud1lGNVWjM9RLLhvQnZmJn
+RCuCiP4egh9eZ537XYvnf9tEfZibeDZQbeJ+RXHfcPb4QZbTXfyah8A6tw4SN3DY
+BA5S0f/5RJ58K/HqUk63zTMLDTQ5xxnh9H6t0dj0d1hKZdBGJ4J+h94aSBWd1yDj
+0ihEtuMlkmXlb6WuMCu7WfVjveq+Y0cbyP7j8Eydr4mKNUGSLSr36OxBaaj84MqN
+/SxgR/WC6cd2sIfI2arqBfs6Ofh6SnwY7QthrolPGBkVltemHIFOXNPRFakCAwEA
+AaOCAQ8wggELMB0GA1UdDgQWBBSDzgWqdk1v9fZT1ZAGuJmamsq/yjCB2wYDVR0j
+BIHTMIHQgBSDzgWqdk1v9fZT1ZAGuJmamsq/yqGBrKSBqTCBpjELMAkGA1UEBhMC
+REUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZv
+Lm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1B
+TlctVVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJn
+dXNAb29wZW4uZGWCCQC6fyidYy+33jAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEB
+CwUAA4ICAQCpZ/wJ4P99jqlzsvxt/xr9vmaseN40KRUiVhNMI4NArL6cxNw++MX/
+yYIw4lk4BtBtMxidcgBnubtck5wuCeLco4HBYnXcLOJT6kJkZQ7ruM9Q5gwaYZFq
+HWNJFDQhMO8x1sbf7QzENmg9UsZu+9ugA+MZ30gnWBLWW4BfB6YuHQkRmE/i9gYn
+AGwiokUCem4hKUiN+K4rOmPFgtJN5rY9Tv0cu4dvY93lz+e9kvBj2qHTydTBvLM5
+YdxuZ5YN4dLEvpI+PIlJCS78Z5fISake3oQliy7sTs77cYihQ4AgWTo4JO/sX6Z0
+VyV0Y8qGkMhcWJ9p/6y4XpatBIDmzuvauRUFR8U6qLknWDgFpEeppqUOU43y1Kmq
+brVBRFjqfiJfYSOOr6lUkiJkLOHNAbHsNrtQLFnr4PHsegIwPLC4hRjmZjlrkUiW
+GV/+QUeNahFkZ6PhaELXAzmwi2oDkoszssMIXbwgtzq0T8svlJXZUEfzY+O/tVOB
+uQ7qgA2fKzGI1/F0Qzm5TV/bxhP8IzHPUiEWHaQbJkTzUW8oe9l63KxtEysw99to
+mgxxeMVvxuRxswkp77j/he8B95VHIvYBtVzTRPLfXwhSSeGgZsriqORXqhInNGi8
++yEXH4slS8QSBi7fLkgk7Fkl4HLNSUqstdOyJuMPr9yfgTg4Mhb16g==
+-----END CERTIFICATE-----
diff --git a/ANW-URB/openvpn/gw-ckubu/keys/ca.key b/ANW-URB/openvpn/gw-ckubu/keys/ca.key
new file mode 100644
index 0000000..1bc16b9
--- /dev/null
+++ b/ANW-URB/openvpn/gw-ckubu/keys/ca.key
@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDCrFiIuYjaXfSj
+QYnS0Wu3wbykeuG4hRuCZoqm/6e+QNVmViLHt7fqIZyzBXAWsJEyQNJmTdqywf3n
+Ov6mxMMOlywt5eDq38/ybgVr6dGkYCcmJEaQLkLWCLqbNCrZ7GTIr83y4Q3WLW5F
+KbpuDlJihjaRiJ323bDOS/D+hGl57eiusZdPQvRXuBCwFdFAw+QN1yxeJLrIwL8G
+K5w1ntpM2bRkUlb8Wu0UrZ+r7OF8ox997SpkQEL2Skm+jXa7VNUTq52cGoRrtJ0N
+OBl0gm3ZtZ4jvTRZB3/BvFfb6mf6Yy/PCfMCsiQyQASDxcpG+/JNNkVeAuM2J7Te
+Z9PdGF1qt6ftJbRj1k/l/1FaKppRU/BtzgtjSse7EM6fboYzmVwxRwMfmaqF7/uM
+54YU1Y2O8zN/C53WUY1VaMz1EsuG9CdmYmdEK4KI/h6CH15nnftdi+d/20R9mJt4
+NlBt4n5Fcd9w9vhBltNd/JqHwDq3DhI3cNgEDlLR//lEnnwr8epSTrfNMwsNNDnH
+GeH0fq3R2PR3WEpl0EYngn6H3hpIFZ3XIOPSKES24yWSZeVvpa4wK7tZ9WO96r5j
+RxvI/uPwTJ2viYo1QZItKvfo7EFpqPzgyo39LGBH9YLpx3awh8jZquoF+zo5+HpK
+fBjtC2GuiU8YGRWW16YcgU5c09EVqQIDAQABAoICAH/S2m8sJAf+GVv49J5QlAIc
+W9lENmIKRH3jBreQtnvd5kFD3aJ1p3U8jL+fmnHLjgsJNR2nkSo+5pCl0/98wvcZ
+nBCnGIAgZVIxm6234cekuw/4UbzqI0iWgrDWGCzvY13C0d/glk1Dl1wigh8xmDbJ
+GZuFsPMfrbBHfP4hw4AkDtxmD4wj0nymh46XRMbZ2SydVKycQWj/5m4OxIsQuxYq
+/J/C0QrySSmCt40UBRrpoQv2ZhddepptPO65xHRMx3wa+2o8nyZ5eYXsiApQegCx
+mByvZ2ft3J1BJg9oYs2twv6W8dGbVtkH3+8GOENTu02njPSlwLsWZ1SBqENMdEkv
+MWKWX13XFz9TErwywDUbgh7/PAlItwXdQAnkBc+OnbDat+We5P98kSfGWb4q+sxv
+A95H2alTaKZrA7bbcUWdvVISDydhrmyNt1yMMhC4BjKOL2FOSM7qDQ1IogpIgq0U
+GCd9hYeERBbk+PSQBjgIgjzhhhxLdgC9pWHMhJ7XmpBIiDTMbC1A35Hu0e+l6Rr/
+vqdCKQERXQm7etXSRGPuEtuDYc8UnZWPIMu5hgSVuh707z91O2fvytKouIMuIuNx
+gBb9PviLSmn7cMGeExRs/KUZh5khf5rFhGre0rYr9pxXIx0J+sMPZs/EFG93VBFg
+ZYRs9c2Tw6JSaM5voOPhAoIBAQD6BUFo3XYpKHJeScBCSZfZ2LNFhze5MeKCKkAK
+v0s+++i8HNLL2ypnxo1ZDd4r2KSHttjiWJxXWj9I7wIYMHS8X5vg2B/yHXFJCiha
+msrCL8zJBpVkLCdoMCzz7CcScVs1kgiN3aoJd2KMzM6KIQOTB0Ovyt4Lvquua986
+h6ItXXse8Ac0N5pcaqkdWD3wuULMTWXn8jgI9TMm1pRh21Nh0bZFZi0VHXBL86vS
+VDTiYHddSB3M9BesUW61TaSYisip2tvYXkMUtfbrj5yDIW4mPyoL3V30JGvB2QwY
+Ijk60J1qwcLyFMOJ11BcorgUA6/+AuZVeatfwh0xEb8MHLBHAoIBAQDHVDpTgXmP
+VLi4MepOYACnNweT00QM8XhMvSxk35Y6yoNRHivsusJ3HhSYaEpu7Jo3OoL33qhc
+m+v7u0ppThuZeGhr8eMpCT/l+zVW1W5Ayvqg4tKWcikN8EV3gkpFkwuCkLraxcCQ
+9HMgInoAr2EO2f65wH1tmb2X57ra8iN3ZPVv4nDri5LwGaFZ8GEUTe6cLoWz1Du1
+hyTaCNd4eRO3zWdmYbGBfh59XKtbimMxudL86Tz862gd2x4MkzMQ+pRDaYpeLrgx
+snEh4j948f5FSvS4niPmp+rUb5AXADKVwfplYLqzVph+2sKpEwDIUyOXlUSMY3XD
+RRjuCO0E3XKPAoIBAQCnrbiljMl/Zvn1FH9Vtaea2cO5oKsVkEg6Rf23d34OmsIG
+z0nsoGs7OCV6EVvsihomTtH8U7Nevk7tKiZ8dJsF7xVK4YfjSC2+74oK4f+T5pzw
+QXMVwKsZLB4p5Tp7Gv0x22PTSVONj7zPc1gduXB9PgT+NA9hTxozG3OV/Hse86/s
+GsyqD5R94KbU4GaCOK18+Xeb7I36LACHTqgrTP4J/6y/tHwNyjWTKrQUlpb1L/89
+12ztFNN/pQmbnJwEFifoCrkgzm8sx7D3YNR1+Yi3K+uWE3u8jmSamGeNE/7P3DOG
+8rY8xwIxQu9JgXP1MFfrAqTZtITj7vrG+wDnLaJnAoIBACZZlTM1yO6DrVp6+AqG
+O/nwA3w0fHZFCxEwoFb0EZJUHjnAJVFRiVKjrfC4uAFpci5ICqSn6RqQQTHYkfN6
+vKKlYOnLyxm9FtcnotaHD8RViSzlFwEtC6sL3EGnBqUmKmO/dsPaojcBYRkAqRpy
+o6jY1kJkv30TxD9yrSesyJgTC4mwNmuLGgUp2TpVnkfqyoqwBLdZkPdW/gcZBmO+
+X8XQNiGjkCRK4JDcAHgHQxhxGR/hvAMpQ4ni+4AN3hhZLadeqel+8Z9WJqAPSIj7
+fiFUz4qpmlypV+vxXvad6h2YCZXxq1oPwh0994/SASeJn2JtrJeaFzEvnSFHBFsY
+RA8CggEAZiNUmy5gRHKqP3W//HQseO3n8t8KbeNnIZvvnUMwDH1uf0HqQSgrlJfr
+O1EKf2JpxPC4Nl2LrnW314mwwW79gR2jF3jYlf6p6afPCV0bdlQZ0fuFskcGRPXl
+oql8FA82xC4DHgJ8inSn9hcen17ksvUQxRz0cv3H4YKf+kPs3JscZ2rX7CIOr4Qb
+lWRk8DHc2QdhcWBIPH9TH/2njoFBVIbbvDNiBnQbRZ7d9KM/OAuXWxTHYRxLyRR6
+lrf4O7rxTh4CyvmeqGxwYBrU1ecJTigu0dPKJQSn1rhZt5ukOvjypf7iBKzgAeW8
+5CgRf72B8KP9wr6piE2BHvjWudE4TQ==
+-----END PRIVATE KEY-----
diff --git a/ANW-URB/openvpn/gw-ckubu/keys/crl.pem b/ANW-URB/openvpn/gw-ckubu/keys/crl.pem
new file mode 120000
index 0000000..d00f007
--- /dev/null
+++ b/ANW-URB/openvpn/gw-ckubu/keys/crl.pem
@@ -0,0 +1 @@
+../crl.pem
\ No newline at end of file
diff --git a/ANW-URB/openvpn/gw-ckubu/keys/dh4096.pem b/ANW-URB/openvpn/gw-ckubu/keys/dh4096.pem
new file mode 100644
index 0000000..6b79efe
--- /dev/null
+++ b/ANW-URB/openvpn/gw-ckubu/keys/dh4096.pem
@@ -0,0 +1,13 @@
+-----BEGIN DH PARAMETERS-----
+MIICCAKCAgEAkb98/ZYPH87EHpUo6LatlbDgwe/tquFxg8EnrgAGaHrQMWDnSOvm
+A1rXnnpql+avwnloGIqrQ+HjWMLq7KEBYc2W0KN37/qTQw0X7NPixQgDfaeainjQ
+TpcAdjKcLCVeHd7J0aiKC/C1u1vRBCf14+wd0NZK7PXCRY8Ggft7hc0ya//riD+s
+R4v1A1XXdMkns/YJMKzvvGEvV6IOlFuLUbbU6kYCUjVWDqsvNaRZpGuIiMis1e1l
+PRtmIHGlhw/phKgK42ct5OIv2fjTkgg+u31ljptBBr6524HePx8ArifYySHIkk66
+O6NeTQpX0VSqs4gpSgAQYAZS5M8DwMrMykmZml1PJkotevBP2YswNvTxwDRosaVu
+1u0vJknjPyXnf+BvB9mbcZBVLqJ9YwdjxfVT5biIFVty7V5Oavxkn0zGdH+72eTT
+t2FdyTx36Xwl/cRxeXENpVa4xsd7b1zxLLHP9gVHadrTsScplsiZcYZaxrMufuIp
+r/I3W9FAgG8zxvnwNRPEjvqLEwuvgo0Ab3bQcl/Sz7Z36lo6TRS8y4V7uZdmdJ+w
+92VxbVPFCb27veqrXooZJY5wVAkxdeG7NyS/MScC1JjpmqMK/fTcwfWzA0EH/k8Y
+rEv324x/7ZK7gf9mNw21CcXHfBidZhyaU0imHQ5KhUOQS11xHQDqN4MCAQI=
+-----END DH PARAMETERS-----
diff --git a/ANW-URB/openvpn/gw-ckubu/keys/gw-ckubu.crt b/ANW-URB/openvpn/gw-ckubu/keys/gw-ckubu.crt
new file mode 100644
index 0000000..0480575
--- /dev/null
+++ b/ANW-URB/openvpn/gw-ckubu/keys/gw-ckubu.crt
@@ -0,0 +1,139 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-ANW-URB/name=VPN ANW-URB/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Jul  1 12:19:59 2018 GMT
+            Not After : Jul  1 12:19:59 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-ANW-URB-gw-ckubu/name=VPN ANW-URB/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:cf:d1:f3:c8:f7:01:10:52:38:4c:48:6f:74:f1:
+                    42:35:7c:c8:e1:a5:d6:85:b2:86:99:66:91:47:26:
+                    d6:cd:6d:d2:28:1b:0e:ec:a4:bb:78:30:31:e8:4e:
+                    5c:57:fb:04:0d:47:21:3e:21:22:93:70:17:27:6b:
+                    9e:cb:84:b8:ae:91:d3:d7:ac:99:45:fc:44:eb:ea:
+                    fa:3f:96:70:3b:3c:66:bd:86:72:6f:87:32:62:9d:
+                    21:b9:0d:d3:f5:28:ca:44:18:06:ed:59:be:93:e0:
+                    51:45:5b:31:3b:af:b9:4f:ad:c8:77:66:71:2a:87:
+                    17:6f:ba:0f:8c:29:70:ad:57:6b:99:43:2d:7c:93:
+                    9d:9d:75:a4:53:14:08:d5:af:dc:12:8a:bf:de:da:
+                    bc:31:0f:ee:fe:e3:8f:0b:f9:91:ec:f3:7f:73:c5:
+                    09:02:83:0d:a1:cc:26:eb:09:a3:0f:3b:f4:50:e4:
+                    2c:1f:8e:b1:cd:ee:9c:95:b7:49:c2:79:a7:7c:d0:
+                    5c:7f:76:b8:74:c4:f9:3c:6c:5d:fc:61:c2:86:17:
+                    03:c8:da:50:be:3f:b0:38:22:42:26:27:87:bf:94:
+                    eb:7e:2f:3e:7b:eb:15:cc:ab:7d:6a:92:f8:bc:30:
+                    86:12:32:20:3e:d8:eb:bd:51:6b:23:fe:63:6e:94:
+                    6c:d4:aa:9d:b0:b4:ec:5b:68:0d:a8:13:d2:8c:19:
+                    0c:37:0b:c1:e4:5f:89:7f:83:5c:0e:66:85:9f:6f:
+                    8c:21:51:14:eb:33:ca:41:77:65:2f:4b:ff:fb:15:
+                    41:b6:df:2a:05:b7:20:f4:93:31:11:16:f4:d3:d8:
+                    4b:37:c2:12:a2:9d:e5:2d:1f:10:29:0e:17:f4:99:
+                    74:f9:6a:24:b8:e4:6a:6e:7b:c1:21:e0:bc:e5:fd:
+                    20:5a:9f:e5:ad:6d:88:86:b0:c5:17:71:dc:82:ed:
+                    aa:17:30:6b:91:bd:e1:15:d0:18:ce:e6:18:26:2b:
+                    8b:d3:a6:07:57:7c:cd:af:b4:88:ff:fd:e5:84:46:
+                    c9:b7:48:1b:64:ec:1f:cc:12:a2:12:f5:79:33:f4:
+                    42:c8:39:b7:01:4b:19:4f:1a:19:da:24:01:cb:ad:
+                    57:25:6d:19:bb:0c:d6:6a:37:57:ae:58:09:d0:68:
+                    9c:91:b4:d1:32:5d:4c:75:85:e5:b3:08:40:94:63:
+                    92:f9:bf:12:ea:42:8d:06:27:ae:e8:03:95:45:57:
+                    67:6e:31:30:c8:72:13:01:07:c5:25:58:da:32:34:
+                    30:65:7d:6c:51:80:7f:48:d7:7e:b1:91:9a:65:36:
+                    4f:dc:49:56:99:c3:b4:4b:fe:c4:0d:cf:b8:15:ad:
+                    fc:0e:69
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                E4:08:A5:94:1E:3A:3A:1E:5B:31:08:35:C0:54:32:38:37:B9:30:13
+            X509v3 Authority Key Identifier: 
+                keyid:83:CE:05:AA:76:4D:6F:F5:F6:53:D5:90:06:B8:99:9A:9A:CA:BF:CA
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-ANW-URB/name=VPN ANW-URB/emailAddress=argus@oopen.de
+                serial:BA:7F:28:9D:63:2F:B7:DE
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:gw-ckubu
+    Signature Algorithm: sha256WithRSAEncryption
+         64:8b:94:5f:e0:6a:21:35:fa:25:43:6e:92:da:59:20:12:7c:
+         6b:99:7f:18:d7:39:e9:8d:f9:cc:e2:93:3c:bd:9c:ee:51:0e:
+         a9:21:d7:ba:09:21:ab:ee:8f:94:4e:7f:ec:01:31:40:6a:4c:
+         f5:22:54:a9:5f:af:5c:cc:91:76:e6:dd:5e:bd:ce:6b:2c:00:
+         c3:a1:33:2a:1b:83:48:64:d0:4d:86:5e:da:f0:4d:be:af:c7:
+         01:6a:69:4b:a4:39:c8:d7:de:ef:4f:94:67:b3:7b:0a:3f:5a:
+         e4:09:60:7e:ba:79:fb:00:9a:09:2a:52:03:cb:c4:df:d2:5c:
+         24:9b:2b:f1:c2:fa:5e:bb:62:e4:1f:5e:81:ea:65:00:d9:dc:
+         4c:38:17:59:ba:d5:09:d0:25:c5:15:28:e4:15:a2:d2:d6:78:
+         a0:72:f5:06:ae:3f:61:93:a5:8a:8c:9a:a6:ca:5d:2a:20:af:
+         de:f9:49:d6:a9:45:34:1c:72:c6:93:ad:61:dd:d6:68:2c:16:
+         7d:97:66:57:08:91:fa:bd:ff:0d:68:20:b4:be:ba:9b:60:f1:
+         a1:bd:35:e6:51:26:84:91:65:09:f2:7e:17:d5:64:84:97:7a:
+         f7:ab:ef:77:ea:55:47:e1:d1:e7:b9:ac:f5:5d:ab:37:54:89:
+         8e:5f:d1:1e:2b:5b:e6:3c:31:38:e8:e9:dd:58:ba:f3:c9:63:
+         1a:ed:2a:d9:fa:66:52:cd:b9:8c:0d:64:78:c2:d3:23:e9:a3:
+         9b:57:ed:05:e5:52:1b:6b:32:d8:37:9c:fa:e2:94:ed:3b:a2:
+         94:4a:9b:cf:4e:90:ce:fc:15:36:e0:a5:2c:3f:c7:fa:03:c1:
+         06:37:45:56:0c:43:4c:09:ba:50:20:52:6c:32:f3:48:e0:60:
+         1f:87:c2:42:1a:21:13:96:d9:a6:dd:f1:75:f8:a8:15:c2:c1:
+         5d:8d:e8:c1:fa:3d:e3:e5:d6:db:71:d1:2a:66:a5:57:af:aa:
+         43:8b:22:2d:33:a7:28:d1:d2:a8:7f:a6:71:a7:6d:15:85:87:
+         3b:60:92:f6:88:7d:2b:40:93:4f:0a:30:d1:60:45:e9:31:de:
+         89:87:13:6f:ca:99:10:df:6b:3b:03:2c:78:f0:f5:2c:4c:6f:
+         74:f1:f6:03:27:9a:45:74:af:13:36:e1:5b:91:6d:63:61:e0:
+         a3:cd:41:a3:bb:8d:e0:df:ea:2b:7c:e3:2e:77:ad:3d:f8:a2:
+         57:0b:94:5e:63:8d:f9:8f:32:e1:e2:3c:96:ae:3c:ec:3f:c1:
+         64:70:16:b8:7f:84:5f:7d:9d:c7:4e:f1:cf:09:34:9c:0e:89:
+         ba:d7:be:38:9d:87:30:02
+-----BEGIN CERTIFICATE-----
+MIIHRjCCBS6gAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1BTlct
+VVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
+b29wZW4uZGUwHhcNMTgwNzAxMTIxOTU5WhcNMzgwNzAxMTIxOTU5WjCBrzELMAkG
+A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
+VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxHTAbBgNVBAMT
+FFZQTi1BTlctVVJCLWd3LWNrdWJ1MRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsG
+CSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4IC
+DwAwggIKAoICAQDP0fPI9wEQUjhMSG908UI1fMjhpdaFsoaZZpFHJtbNbdIoGw7s
+pLt4MDHoTlxX+wQNRyE+ISKTcBcna57LhLiukdPXrJlF/ETr6vo/lnA7PGa9hnJv
+hzJinSG5DdP1KMpEGAbtWb6T4FFFWzE7r7lPrch3ZnEqhxdvug+MKXCtV2uZQy18
+k52ddaRTFAjVr9wSir/e2rwxD+7+448L+ZHs839zxQkCgw2hzCbrCaMPO/RQ5Cwf
+jrHN7pyVt0nCead80Fx/drh0xPk8bF38YcKGFwPI2lC+P7A4IkImJ4e/lOt+Lz57
+6xXMq31qkvi8MIYSMiA+2Ou9UWsj/mNulGzUqp2wtOxbaA2oE9KMGQw3C8HkX4l/
+g1wOZoWfb4whURTrM8pBd2UvS//7FUG23yoFtyD0kzERFvTT2Es3whKineUtHxAp
+Dhf0mXT5aiS45Gpue8Eh4Lzl/SBan+WtbYiGsMUXcdyC7aoXMGuRveEV0BjO5hgm
+K4vTpgdXfM2vtIj//eWERsm3SBtk7B/MEqIS9Xkz9ELIObcBSxlPGhnaJAHLrVcl
+bRm7DNZqN1euWAnQaJyRtNEyXUx1heWzCECUY5L5vxLqQo0GJ67oA5VFV2duMTDI
+chMBB8UlWNoyNDBlfWxRgH9I136xkZplNk/cSVaZw7RL/sQNz7gVrfwOaQIDAQAB
+o4IBcjCCAW4wCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2Vu
+ZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBTkCKWUHjo6HlsxCDXAVDI4N7kw
+EzCB2wYDVR0jBIHTMIHQgBSDzgWqdk1v9fZT1ZAGuJmamsq/yqGBrKSBqTCBpjEL
+MAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8w
+DQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNV
+BAMTC1ZQTi1BTlctVVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3
+DQEJARYOYXJndXNAb29wZW4uZGWCCQC6fyidYy+33jATBgNVHSUEDDAKBggrBgEF
+BQcDAjALBgNVHQ8EBAMCB4AwEwYDVR0RBAwwCoIIZ3ctY2t1YnUwDQYJKoZIhvcN
+AQELBQADggIBAGSLlF/gaiE1+iVDbpLaWSASfGuZfxjXOemN+czikzy9nO5RDqkh
+17oJIavuj5ROf+wBMUBqTPUiVKlfr1zMkXbm3V69zmssAMOhMyobg0hk0E2GXtrw
+Tb6vxwFqaUukOcjX3u9PlGezewo/WuQJYH66efsAmgkqUgPLxN/SXCSbK/HC+l67
+YuQfXoHqZQDZ3Ew4F1m61QnQJcUVKOQVotLWeKBy9QauP2GTpYqMmqbKXSogr975
+SdapRTQccsaTrWHd1mgsFn2XZlcIkfq9/w1oILS+uptg8aG9NeZRJoSRZQnyfhfV
+ZISXever73fqVUfh0ee5rPVdqzdUiY5f0R4rW+Y8MTjo6d1YuvPJYxrtKtn6ZlLN
+uYwNZHjC0yPpo5tX7QXlUhtrMtg3nPrilO07opRKm89OkM78FTbgpSw/x/oDwQY3
+RVYMQ0wJulAgUmwy80jgYB+HwkIaIROW2abd8XX4qBXCwV2N6MH6PePl1ttx0Spm
+pVevqkOLIi0zpyjR0qh/pnGnbRWFhztgkvaIfStAk08KMNFgRekx3omHE2/KmRDf
+azsDLHjw9SxMb3Tx9gMnmkV0rxM24VuRbWNh4KPNQaO7jeDf6it84y53rT34olcL
+lF5jjfmPMuHiPJauPOw/wWRwFrh/hF99ncdO8c8JNJwOibrXvjidhzAC
+-----END CERTIFICATE-----
diff --git a/ANW-URB/openvpn/gw-ckubu/keys/gw-ckubu.csr b/ANW-URB/openvpn/gw-ckubu/keys/gw-ckubu.csr
new file mode 100644
index 0000000..55d5cc2
--- /dev/null
+++ b/ANW-URB/openvpn/gw-ckubu/keys/gw-ckubu.csr
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIE9TCCAt0CAQAwga8xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMR0wGwYDVQQDExRWUE4tQU5XLVVSQi1ndy1ja3VidTEUMBIGA1UE
+KRMLVlBOIEFOVy1VUkIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIIC
+IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAz9HzyPcBEFI4TEhvdPFCNXzI
+4aXWhbKGmWaRRybWzW3SKBsO7KS7eDAx6E5cV/sEDUchPiEik3AXJ2uey4S4rpHT
+16yZRfxE6+r6P5ZwOzxmvYZyb4cyYp0huQ3T9SjKRBgG7Vm+k+BRRVsxO6+5T63I
+d2ZxKocXb7oPjClwrVdrmUMtfJOdnXWkUxQI1a/cEoq/3tq8MQ/u/uOPC/mR7PN/
+c8UJAoMNocwm6wmjDzv0UOQsH46xze6clbdJwnmnfNBcf3a4dMT5PGxd/GHChhcD
+yNpQvj+wOCJCJieHv5Trfi8+e+sVzKt9apL4vDCGEjIgPtjrvVFrI/5jbpRs1Kqd
+sLTsW2gNqBPSjBkMNwvB5F+Jf4NcDmaFn2+MIVEU6zPKQXdlL0v/+xVBtt8qBbcg
+9JMxERb009hLN8ISop3lLR8QKQ4X9Jl0+WokuORqbnvBIeC85f0gWp/lrW2IhrDF
+F3Hcgu2qFzBrkb3hFdAYzuYYJiuL06YHV3zNr7SI//3lhEbJt0gbZOwfzBKiEvV5
+M/RCyDm3AUsZTxoZ2iQBy61XJW0ZuwzWajdXrlgJ0GickbTRMl1MdYXlswhAlGOS
++b8S6kKNBieu6AOVRVdnbjEwyHITAQfFJVjaMjQwZX1sUYB/SNd+sZGaZTZP3ElW
+mcO0S/7EDc+4Fa38DmkCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4ICAQAfQvUcdiK1
+ykZKin31+ghZftAniK/ZQPOg/fFq1AjjNM349iiEBJRK/9N8upCqiXppJ4xmQESG
+d80MAzj392a1zMMvWR6j2beNqrVyC8Vced/p1qMov+mR1PHtF9uelyHtrFNT5AWw
+h5pd9wvFG7XXbPMQYeUIOesoNc80E1/PY9+3OqlRVPHCFqOxdmMR1kOTIq6z8xeB
+Dah7QBgtEF6QkPU3wqtnis6hsr0q4gGPF4+apAX5S+OX7UVjsBOc2JwPSa8o0fJB
+EJGzPVNFYxbL15ZasT34ajQJydJ7iT+E4oFtphN6VmlhYeK75OEA0Lb8x9Mzzm/h
+dMgEDzhdqHZc3REEpK5hcvYk8PKGlkKY0j8QoqpaFN9gG1qsuzlhoRAs7zf1YY1I
+H3eVnA5tPuPfVXawKY1JNSWR+zBFH5eb6qytmkovyGAbT2UYi6v4JyZFKpCUJYP5
+DmKBL2vLVgDu1QjA6uFghWV3VBPkvyw0kDpvYOGD+PzryRsjYZYB0gHobW0hKYuS
+8TCWUBPmtRoVg2+z0IkXL68Ajc0oyNo+M4Ihr6YQB1XYYOhv3bqHRhRQpNCIhbRA
+D68WPzLFYNCjqMMXH1Q+mIbRDyT6ja5OKVX9uvVk9i2QJd0Vyf+N1d/xALNsijwf
+UGoSG+FjZRFV3lEC12vdOOmK7FNlLvHjrQ==
+-----END CERTIFICATE REQUEST-----
diff --git a/ANW-URB/openvpn/gw-ckubu/keys/gw-ckubu.key b/ANW-URB/openvpn/gw-ckubu/keys/gw-ckubu.key
new file mode 100644
index 0000000..5747940
--- /dev/null
+++ b/ANW-URB/openvpn/gw-ckubu/keys/gw-ckubu.key
@@ -0,0 +1,54 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJjjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIVPXPy9FjUjECAggA
+MBQGCCqGSIb3DQMHBAgeJeDimzYzlwSCCUg6NduONv8wnwx1hQtK24FFJF3dsFN9
+sH3ar+oS9CBXyKKKz+Kj2QQcPuEHyD/Ex2KKaxrBLCIh4iHNo23ZoQTvdXpYvAsH
+AJLeknvhYFI68hGWj69cGMS+huY/+8Pk2C5ZQZdl4vbClSIa5syHqAuufaWiRQy7
+1jrlz8aWq/vx2IJE/OUw6kY6GVsp5/PJSjHS6bHpNM5r938IJeP7sbOvI3aSfqdh
+QMATUhMEmmfMIJ5Qo9bgSfowcEPe1LPbg0zr2RbXJmd04vi3+m1AKSd3wG9PpNuh
+fwQZGBES4HFdQeNwymfe4YPL7poxQsHqaffSauTxV0dMM3jfnL0O1kzYwYr7TvLN
+a7hClcikUnOFHEO0JZm3uKvgFOsNrpPZHQ541BvHwumu9ATO9U8QvCVidZ4O8Ewh
+xqXYS0Ugc3M5/jwJwlXKY8rZESM05ea2XdS3OzREQs6sHjnhBZqHB7yIOut3ENjI
+sd0V+m2X/AJnxYDCkmfaXAWYdjzmNzWBrQ/2jGsLtvOz25o0BCr2s0Tds16s6ijy
+PrnY+RljHd2xz+8VKIjmIRZAfSUj5bPA+5rlWNE17EqNVkE0Drq3ESFyOkOhIxv5
+zWLNTJT9GLn8BOz8dt9iH1SXceiBQAAEjKohtihokF8WNFckXcYP8PIZxgT2gNSZ
+9vldNzC7tT4/UviFMUJVE7fUQgYf0XgVPcDVvmvfs7xbJVG+cmdckL4qfZsV6xY+
+bIyK4Y5fB0J4bQzIva6W96Nne0Lytf++y+sqgY4llpcFibKgYN7M3KfsM5A7k+wc
+uKoGy5+2/dZrcF8rS87MPdeeIRKpYFKpxz1/VvugprAXfjDV2eKSULG1fEpsfVOx
+u1FE7EIwDnYmue7MpA9OYvLOJXQrHbdnwlvjyRDmR2Pmll6rjEGX/yn9yBltVCal
+7NCZHfwlQm4h16bUmWvUSBdTF80pCy6eOaBz77K/2v1V9vWzi1ZAyKy/aVhPtMS4
+Jyh3Eg2fh5WHVlH6zkju7Oqz+vfLQS1XVoz5dabbnCgHzWk6MccVyE3D4G+0ti/R
+6waRrBhIPazitKQTi7wnK6eZ1CVBCkbRkxu4EcBfq7R4TfV6ijVRK5T/LsYG3TzU
+tSx6Z2VAdPDIl78usVOqirrw/Q68s6w3xLm/WxV0a3f80afGHj0p1Pxx9IIb+4fB
+B13tAJ8RTCtwXSFf09hFnSKYJc9iS2opUHFm79TUpDR220VznMdjZiLAbYb+lGDm
+GNhshIBbaMrBi5oguZ2c9aP+FKUXooYQzpFfSPduU1oO0WoesJDbxbPrzyX6VFy2
+d//WWCsGo3l7nF7gAsHJeR0gTaBhnuciR6VLOKuE7rQdoRFovtT/+u0/jUuztss0
+P/cH0wZm2jye5y3A8yIsGIyoxJjwAEhCdgBK0ChHarpQ4owwgFWb2gif6T2wTi+j
+8ng7r/LnqJZkWHwuttLXX7fpQLmOj6ybG3ytFf3t8A3MQJp2pTY/el7bf0xYz0x+
+ll8BSHvGqTRZe3fImzcY03deOrKSPlWUQ0haiT3bcz6EJnWuul6/sCMmxIZbZaEc
+qV/orXMaEm/nMd5+e7AVhDo9Q5nBVtTT+BZSABb8YEHY62g26FtEo8cvnFTNfOR7
+gSfyBkS1YAttqdQ8UvB4TkjE3cmepy0bo1Uu0h+1XfQqTducPV6AmFu2snbnyys9
+8KJgkV0qc+biK8ROPUQBKjE2Mi6jO3wLYVIr8PA2Gl/mv1TjdDOecFnsyyAcjNkX
+Ol02fKSMl8nYVKnVKnTffLM6fYs2bKJwjEoYOkLDFmpO+fCnq1IFwg/CBkn7AL0s
+chBVisDNUV9MGbDZVIiYUSEtaY7cgyAJqBfRbMtlvC2mQFzMI2L/+J/4ZUGRqJ8K
+LsiJ+aCvwgHoOTpuxC7sH3LiAoDejOa8qMRWKqklO1LtNfvTV/APAACjhQ1N484R
+/uzmLnKY6QPCFnK1zmo6NwvcSy/8vD3YZMxV3T54kqooMraJrVB62YJe/KsCTCbb
+7bUkeNiqxT9jbUf9Lu4Wy91i9XRh9Kakxfl1/oM5E/cuzX+r7hz6AUSLgZ0ibgdJ
+wXDCCcdxw6Ne+zw1ME5XfZ+3DhGvFb4LXZuTd5lGzNn01+5sTPMXEDbSaVUcuLc0
+qxGNS/Eqs4qAy7FJK9sTMjPvfiPNSp40DOKfKO3dEyGawp3yKOlTNU+fLJT8qsPX
+KjUghx2VTtZGOZVijB/VGdx0ecfqWK+FNR7ppU2+370PmDmCdWjlDF2S8CdROMCf
+K90VEdvyXKi5NMxM6yRHgRgJTDhCqdKgWQE+NQ/pYqDYt8m2dJAupYKXrnddv5nz
+0D9kxRylYi53LigGdDwwAq/R4fjOzZ1trstB4heMx9uMK9YsntOtMzTbOWpYxkqC
+klAk7q70TPn8jj8JFYa5UhhDso2EwsfJJXQMReVk3Fs0Kg8hWJLsYyVwJjgAnSNH
+1Cu9PvsC1diytKY63+pCJyzxql4ITqgHuVaC8lF/UsxSeTNqQSShviPmSV0V1a8h
+W9iTH3oWwLkFp/yczJwLIfkCqMnYpBXE1RmnZfwOu38uWLizo4nVKIbN0Ak7dKX5
+4knFkMeqig76Sz059sj1J4V3RwdEaa2do9wzD7893V80NfNWulEqMYG/ZWo8ibXf
+gw4EAEyfIC1EldSoWbolhg/wrqqRN2yAij7UjHXDDFbGROyArc746HmkDIvS/RyA
+4kGN/8Q5rYZnhoMh3lz1C5HfI0adSmZpjPjeKez1Pknk5lcmkmeoQ/e1Lq2w8Vz6
+PqdqbgdHgUE64N5suxrbczMYtXv4sa+sEbs008UoUFHWp1mMVvLqgHkxcMA6qgvo
+JM6SPC8yo+di9OGCh92BKo13hbNK0dcs+5Eoq2ahz8e2LM5v4EPHjzqNpEoXTbHw
+YepbkgUClp0o8rrxbKQWGpG/x9Yjx8x3TJG2goAxQhjAMmovsbk+U/SuekthWU06
+pVC5piI6oho/Tcz4EQsUQMW1lctUVoRuvRZEu7+OTaOUhyv3yXW12gOWM8oVusgh
+LE2NaYGiiCun0FI3oJsmmzWn+6xJvYaQM9yFwEhzUFwBDw0BxmCKun8dJ212rvGd
+AUVseiVNsR9f3hmHuAT0W+B3XMDq9mAX7rNBts83XfcKrspL5ovKJ2/Um2aOnJwY
+rxE=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/ANW-URB/openvpn/gw-ckubu/keys/index.txt b/ANW-URB/openvpn/gw-ckubu/keys/index.txt
new file mode 100644
index 0000000..89e2657
--- /dev/null
+++ b/ANW-URB/openvpn/gw-ckubu/keys/index.txt
@@ -0,0 +1,2 @@
+V	380701120800Z		01	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-ANW-URB-server/name=VPN ANW-URB/emailAddress=argus@oopen.de
+V	380701121959Z		02	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-ANW-URB-gw-ckubu/name=VPN ANW-URB/emailAddress=argus@oopen.de
diff --git a/ANW-URB/openvpn/gw-ckubu/keys/index.txt.attr b/ANW-URB/openvpn/gw-ckubu/keys/index.txt.attr
new file mode 100644
index 0000000..8f7e63a
--- /dev/null
+++ b/ANW-URB/openvpn/gw-ckubu/keys/index.txt.attr
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/ANW-URB/openvpn/gw-ckubu/keys/index.txt.attr.old b/ANW-URB/openvpn/gw-ckubu/keys/index.txt.attr.old
new file mode 100644
index 0000000..8f7e63a
--- /dev/null
+++ b/ANW-URB/openvpn/gw-ckubu/keys/index.txt.attr.old
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/ANW-URB/openvpn/gw-ckubu/keys/index.txt.old b/ANW-URB/openvpn/gw-ckubu/keys/index.txt.old
new file mode 100644
index 0000000..51844a2
--- /dev/null
+++ b/ANW-URB/openvpn/gw-ckubu/keys/index.txt.old
@@ -0,0 +1 @@
+V	380701120800Z		01	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-ANW-URB-server/name=VPN ANW-URB/emailAddress=argus@oopen.de
diff --git a/ANW-URB/openvpn/gw-ckubu/keys/serial b/ANW-URB/openvpn/gw-ckubu/keys/serial
new file mode 100644
index 0000000..75016ea
--- /dev/null
+++ b/ANW-URB/openvpn/gw-ckubu/keys/serial
@@ -0,0 +1 @@
+03
diff --git a/ANW-URB/openvpn/gw-ckubu/keys/serial.old b/ANW-URB/openvpn/gw-ckubu/keys/serial.old
new file mode 100644
index 0000000..9e22bcb
--- /dev/null
+++ b/ANW-URB/openvpn/gw-ckubu/keys/serial.old
@@ -0,0 +1 @@
+02
diff --git a/ANW-URB/openvpn/gw-ckubu/keys/server.crt b/ANW-URB/openvpn/gw-ckubu/keys/server.crt
new file mode 100644
index 0000000..41cdfcf
--- /dev/null
+++ b/ANW-URB/openvpn/gw-ckubu/keys/server.crt
@@ -0,0 +1,142 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-ANW-URB/name=VPN ANW-URB/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Jul  1 12:08:00 2018 GMT
+            Not After : Jul  1 12:08:00 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-ANW-URB-server/name=VPN ANW-URB/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:dc:d8:37:7c:82:5d:f7:52:61:1a:64:5e:4e:4c:
+                    66:8f:81:4a:70:de:4f:ed:ab:7e:8c:dc:aa:6d:77:
+                    2d:53:b6:7e:80:e7:54:e0:98:81:cf:f2:e7:bf:2c:
+                    62:5e:31:54:aa:e5:ce:8f:b3:86:31:22:6c:0e:bd:
+                    bd:c6:df:a8:1e:90:4c:aa:6b:af:85:85:e8:37:db:
+                    13:fa:83:40:7f:5d:2f:d5:4b:35:8b:36:7e:ae:50:
+                    a5:b1:7d:dc:d2:db:d1:20:5a:7b:ec:fb:b9:04:54:
+                    d5:b9:13:7a:cd:50:7b:f8:68:f2:03:4b:34:92:5d:
+                    65:dc:99:2b:03:f0:93:a7:5b:df:5b:be:f1:c8:c7:
+                    d0:03:c3:fa:f5:27:3e:1d:87:9c:af:22:3a:c5:12:
+                    f1:7e:52:ed:73:db:a7:a3:01:e4:ab:7b:34:a4:30:
+                    8c:c4:9f:bf:f6:0b:5f:31:eb:15:90:d9:b1:c1:00:
+                    e2:22:50:d8:91:1a:d5:49:fe:bd:1d:48:41:1a:1c:
+                    54:cc:50:88:a3:4d:b4:24:6b:54:d1:e5:f9:6d:88:
+                    a5:cb:8d:1d:29:50:2d:01:8e:41:2a:ce:57:08:c9:
+                    96:4e:27:7a:74:6f:ed:99:cf:c4:e5:f2:9a:d8:1d:
+                    ec:24:f1:2d:8e:48:ec:60:6f:d0:96:fc:dd:87:98:
+                    b2:b6:92:e4:eb:f6:22:9a:ed:63:c2:ba:a7:f2:87:
+                    1d:50:d0:ee:cd:93:47:a6:d3:db:5d:f7:af:58:cc:
+                    13:e8:dd:1b:73:20:1c:66:b8:ca:91:fb:96:80:7d:
+                    93:fd:e9:80:2a:9b:17:41:24:6b:ea:fa:65:5f:17:
+                    47:99:0a:c2:93:67:e9:11:6c:fb:84:b7:f2:4a:15:
+                    46:19:13:d3:6f:94:93:06:57:b6:44:77:8f:c1:0e:
+                    38:6f:1a:98:15:87:f6:91:c8:ac:38:f6:78:44:dd:
+                    8f:e2:6e:da:72:0e:81:61:d3:cd:61:cd:fa:3c:9c:
+                    6f:0c:fa:cd:91:5b:b2:98:65:cd:ed:19:34:d7:2f:
+                    53:fa:a4:c2:4c:bb:39:2d:b7:fc:db:0d:b7:a9:38:
+                    2c:15:ff:24:78:e1:66:d4:4b:22:95:87:da:6d:1e:
+                    81:73:93:45:13:5e:7a:b1:a6:3c:a2:41:96:e2:ec:
+                    bb:5d:1e:d2:33:8f:1e:05:7f:a9:ef:b0:59:45:d2:
+                    9d:06:fc:ba:84:24:3a:0c:8c:a2:fd:d9:8a:91:21:
+                    a4:47:c3:a9:ca:07:7a:9d:4c:67:f0:de:29:9b:2c:
+                    4f:4b:fc:d6:91:78:44:52:41:a8:9d:4c:c1:15:90:
+                    93:2c:1b:91:28:7c:4e:3d:f6:a8:3a:e0:fc:05:de:
+                    a3:ec:51
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Server
+            Netscape Comment: 
+                Easy-RSA Generated Server Certificate
+            X509v3 Subject Key Identifier: 
+                8D:6F:B4:C0:CA:39:8E:D1:BC:31:63:A4:32:BB:B0:C8:66:6C:7E:A3
+            X509v3 Authority Key Identifier: 
+                keyid:83:CE:05:AA:76:4D:6F:F5:F6:53:D5:90:06:B8:99:9A:9A:CA:BF:CA
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-ANW-URB/name=VPN ANW-URB/emailAddress=argus@oopen.de
+                serial:BA:7F:28:9D:63:2F:B7:DE
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+            X509v3 Subject Alternative Name: 
+                DNS:server
+    Signature Algorithm: sha256WithRSAEncryption
+         14:4f:8a:df:e6:49:a2:f4:59:cd:15:11:38:ee:de:80:07:0f:
+         52:87:d2:46:af:32:87:83:17:8e:e7:98:fb:f2:75:8d:85:32:
+         92:2d:df:41:eb:f9:74:7f:46:64:d2:1b:3b:60:2b:4c:c9:f3:
+         8a:50:91:04:ef:dc:aa:fd:03:ed:7b:9e:d8:d8:b5:df:ce:22:
+         d3:93:ea:92:50:d2:89:e2:a8:41:d9:19:13:d7:ab:3e:57:22:
+         54:73:cb:b4:03:30:be:c8:ea:fb:2f:96:30:74:29:d1:c1:4e:
+         9f:f6:c4:42:cd:67:b0:12:15:99:0b:58:d5:9c:0b:a0:65:6d:
+         44:b9:65:a4:f3:fd:d8:87:dd:f9:da:1c:0b:3d:96:1c:d1:29:
+         68:30:73:89:83:b8:3d:f5:f9:51:3c:c6:32:17:3a:c7:f8:1f:
+         81:09:9e:cd:87:27:3d:f6:62:57:0d:75:62:60:65:34:13:5d:
+         09:19:be:f5:57:23:c7:be:6b:0c:b5:67:a0:ec:8d:c1:0d:9c:
+         1f:e2:78:58:83:f8:30:a4:3e:72:e7:31:62:0e:d0:da:84:ce:
+         95:6c:1e:69:62:ee:c8:b0:61:55:1c:15:5e:69:7c:5c:c4:95:
+         91:28:7a:63:66:65:66:8f:0c:4e:cd:38:aa:94:11:d0:a0:cf:
+         2a:d5:fb:e1:3a:6b:b9:6c:13:cd:b9:e0:2e:8b:cd:c7:06:cf:
+         12:17:32:0e:ae:50:cf:7f:04:df:8f:c9:bb:eb:5f:72:b7:63:
+         ec:31:e8:1a:a2:94:93:43:64:17:69:ab:26:61:1d:fd:85:e3:
+         c1:60:ed:c2:9d:f6:04:11:a5:ff:77:e0:d3:ef:75:90:99:36:
+         ab:62:59:fd:75:df:95:be:c7:1a:e0:eb:92:07:f9:a7:6b:a3:
+         3c:30:14:99:60:e3:04:3c:ba:45:91:fd:bf:1d:6a:d8:26:61:
+         eb:8d:76:7e:74:7c:d5:a3:50:0a:ab:cf:c8:f1:85:65:e4:6c:
+         10:11:91:f8:68:54:05:37:11:9e:ee:1c:5d:60:f7:b3:40:cf:
+         9c:c1:f4:3a:26:6c:d2:72:19:20:3c:da:27:9d:17:dd:75:f1:
+         b8:b3:9e:bc:92:4f:18:26:ad:38:a6:27:2a:92:b1:8e:23:96:
+         ff:0b:b1:96:ed:40:b6:da:3c:52:49:09:07:1d:6d:ed:02:78:
+         fd:55:95:db:8c:6c:85:2b:5d:4b:56:0f:ea:49:6d:2d:10:c7:
+         df:a8:3f:dd:b5:c5:be:ba:69:b0:a5:b0:c7:06:71:be:af:33:
+         c3:4e:71:aa:ce:1b:51:2f:dd:bc:c7:a0:8e:92:b1:ff:3b:cf:
+         a7:62:fd:35:c6:01:64:66
+-----BEGIN CERTIFICATE-----
+MIIHXDCCBUSgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1BTlct
+VVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
+b29wZW4uZGUwHhcNMTgwNzAxMTIwODAwWhcNMzgwNzAxMTIwODAwWjCBrTELMAkG
+A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
+VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGzAZBgNVBAMT
+ElZQTi1BTlctVVJCLXNlcnZlcjEUMBIGA1UEKRMLVlBOIEFOVy1VUkIxHTAbBgkq
+hkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
+MIICCgKCAgEA3Ng3fIJd91JhGmReTkxmj4FKcN5P7at+jNyqbXctU7Z+gOdU4JiB
+z/LnvyxiXjFUquXOj7OGMSJsDr29xt+oHpBMqmuvhYXoN9sT+oNAf10v1Us1izZ+
+rlClsX3c0tvRIFp77Pu5BFTVuRN6zVB7+GjyA0s0kl1l3JkrA/CTp1vfW77xyMfQ
+A8P69Sc+HYecryI6xRLxflLtc9unowHkq3s0pDCMxJ+/9gtfMesVkNmxwQDiIlDY
+kRrVSf69HUhBGhxUzFCIo020JGtU0eX5bYily40dKVAtAY5BKs5XCMmWTid6dG/t
+mc/E5fKa2B3sJPEtjkjsYG/Qlvzdh5iytpLk6/Yimu1jwrqn8ocdUNDuzZNHptPb
+XfevWMwT6N0bcyAcZrjKkfuWgH2T/emAKpsXQSRr6vplXxdHmQrCk2fpEWz7hLfy
+ShVGGRPTb5STBle2RHePwQ44bxqYFYf2kcisOPZ4RN2P4m7acg6BYdPNYc36PJxv
+DPrNkVuymGXN7Rk01y9T+qTCTLs5Lbf82w23qTgsFf8keOFm1EsilYfabR6Bc5NF
+E156saY8okGW4uy7XR7SM48eBX+p77BZRdKdBvy6hCQ6DIyi/dmKkSGkR8Opygd6
+nUxn8N4pmyxPS/zWkXhEUkGonUzBFZCTLBuRKHxOPfaoOuD8Bd6j7FECAwEAAaOC
+AYowggGGMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMDQGCWCGSAGG+EIB
+DQQnFiVFYXN5LVJTQSBHZW5lcmF0ZWQgU2VydmVyIENlcnRpZmljYXRlMB0GA1Ud
+DgQWBBSNb7TAyjmO0bwxY6Qyu7DIZmx+ozCB2wYDVR0jBIHTMIHQgBSDzgWqdk1v
+9fZT1ZAGuJmamsq/yqGBrKSBqTCBpjELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJl
+cmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsT
+EE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1BTlctVVJCMRQwEgYDVQQp
+EwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQC6
+fyidYy+33jATBgNVHSUEDDAKBggrBgEFBQcDATALBgNVHQ8EBAMCBaAwEQYDVR0R
+BAowCIIGc2VydmVyMA0GCSqGSIb3DQEBCwUAA4ICAQAUT4rf5kmi9FnNFRE47t6A
+Bw9Sh9JGrzKHgxeO55j78nWNhTKSLd9B6/l0f0Zk0hs7YCtMyfOKUJEE79yq/QPt
+e57Y2LXfziLTk+qSUNKJ4qhB2RkT16s+VyJUc8u0AzC+yOr7L5YwdCnRwU6f9sRC
+zWewEhWZC1jVnAugZW1EuWWk8/3Yh9352hwLPZYc0SloMHOJg7g99flRPMYyFzrH
++B+BCZ7Nhyc99mJXDXViYGU0E10JGb71VyPHvmsMtWeg7I3BDZwf4nhYg/gwpD5y
+5zFiDtDahM6VbB5pYu7IsGFVHBVeaXxcxJWRKHpjZmVmjwxOzTiqlBHQoM8q1fvh
+Omu5bBPNueAui83HBs8SFzIOrlDPfwTfj8m7619yt2PsMegaopSTQ2QXaasmYR39
+hePBYO3CnfYEEaX/d+DT73WQmTarYln9dd+Vvsca4OuSB/mna6M8MBSZYOMEPLpF
+kf2/HWrYJmHrjXZ+dHzVo1AKq8/I8YVl5GwQEZH4aFQFNxGe7hxdYPezQM+cwfQ6
+JmzSchkgPNonnRfddfG4s568kk8YJq04picqkrGOI5b/C7GW7UC22jxSSQkHHW3t
+Anj9VZXbjGyFK11LVg/qSW0tEMffqD/dtcW+ummwpbDHBnG+rzPDTnGqzhtRL928
+x6COkrH/O8+nYv01xgFkZg==
+-----END CERTIFICATE-----
diff --git a/ANW-URB/openvpn/gw-ckubu/keys/server.csr b/ANW-URB/openvpn/gw-ckubu/keys/server.csr
new file mode 100644
index 0000000..5a54eab
--- /dev/null
+++ b/ANW-URB/openvpn/gw-ckubu/keys/server.csr
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIE8zCCAtsCAQAwga0xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMRswGQYDVQQDExJWUE4tQU5XLVVSQi1zZXJ2ZXIxFDASBgNVBCkT
+C1ZQTiBBTlctVVJCMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCCAiIw
+DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANzYN3yCXfdSYRpkXk5MZo+BSnDe
+T+2rfozcqm13LVO2foDnVOCYgc/y578sYl4xVKrlzo+zhjEibA69vcbfqB6QTKpr
+r4WF6DfbE/qDQH9dL9VLNYs2fq5QpbF93NLb0SBae+z7uQRU1bkTes1Qe/ho8gNL
+NJJdZdyZKwPwk6db31u+8cjH0APD+vUnPh2HnK8iOsUS8X5S7XPbp6MB5Kt7NKQw
+jMSfv/YLXzHrFZDZscEA4iJQ2JEa1Un+vR1IQRocVMxQiKNNtCRrVNHl+W2IpcuN
+HSlQLQGOQSrOVwjJlk4nenRv7ZnPxOXymtgd7CTxLY5I7GBv0Jb83YeYsraS5Ov2
+IprtY8K6p/KHHVDQ7s2TR6bT2133r1jME+jdG3MgHGa4ypH7loB9k/3pgCqbF0Ek
+a+r6ZV8XR5kKwpNn6RFs+4S38koVRhkT02+UkwZXtkR3j8EOOG8amBWH9pHIrDj2
+eETdj+Ju2nIOgWHTzWHN+jycbwz6zZFbsphlze0ZNNcvU/qkwky7OS23/NsNt6k4
+LBX/JHjhZtRLIpWH2m0egXOTRRNeerGmPKJBluLsu10e0jOPHgV/qe+wWUXSnQb8
+uoQkOgyMov3ZipEhpEfDqcoHep1MZ/DeKZssT0v81pF4RFJBqJ1MwRWQkywbkSh8
+Tj32qDrg/AXeo+xRAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAgEAgGxSsGFaKEbn
+6p6vY7xAmnKrYMaMrEEdG2FrDzXUKhgKLEnNPT+5wk2/txxeLqSbVqKe+ig0cxTo
+kcJuylqD8l+QUVb1pt0nYtUmhLTqpZa2VRAnsayZ0FDdxv/s9NeOY0faC27YBMJs
+JTUb5J/YgbE72JdIMU4ZcUcNgLXkT4H6zhx6gMM8WKBdxtsoKg9+VG7eIB1lKQP1
+AfkSd5KCzBG8XrvInCPvjc7e9BW7sDMmkNwe8a9vO2trJxWxvfdhhREYXwKY/fI/
+heHZhO1PGfklrJvlX4Zdf5V1beiEjXKc3lammL5UN07mYPEDDXY5R5kxL55kD4Mp
+fVGc14rZZ//PPeClGKW9tiCOs3XQshHobJMJhMoxr0qghbh3hoW9LgM9EhIVL/xm
+D/Od19jVid9gX8lFtWgFFYHuOp19Ch/l96Q3NmsYDEXYAVn3OMrwudKdKbFynj/t
+DvJTm53DzKcyde4t8n9UWUVRpawg6NzK7TvmaoiN2ix+prWVSJNxqid02HLK3eA7
+FM65Kl9mHxMBhn4lvP0qsuFAop/BfgF53NoyzJ2XKtIRkt8+TfwdGc2R8x949UPR
+80r44MuR/z4AqJL5cO+rQoWSxWuxJHjlaQhvuhJCclUiR9js5GZWkCQI1hwkO9uf
+9dYzlA1J+jkyLAiKjGTgU4H6SslFMHg=
+-----END CERTIFICATE REQUEST-----
diff --git a/ANW-URB/openvpn/gw-ckubu/keys/server.key b/ANW-URB/openvpn/gw-ckubu/keys/server.key
new file mode 100644
index 0000000..ae68f59
--- /dev/null
+++ b/ANW-URB/openvpn/gw-ckubu/keys/server.key
@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDc2Dd8gl33UmEa
+ZF5OTGaPgUpw3k/tq36M3Kptdy1Ttn6A51TgmIHP8ue/LGJeMVSq5c6Ps4YxImwO
+vb3G36gekEyqa6+Fheg32xP6g0B/XS/VSzWLNn6uUKWxfdzS29EgWnvs+7kEVNW5
+E3rNUHv4aPIDSzSSXWXcmSsD8JOnW99bvvHIx9ADw/r1Jz4dh5yvIjrFEvF+Uu1z
+26ejAeSrezSkMIzEn7/2C18x6xWQ2bHBAOIiUNiRGtVJ/r0dSEEaHFTMUIijTbQk
+a1TR5fltiKXLjR0pUC0BjkEqzlcIyZZOJ3p0b+2Zz8Tl8prYHewk8S2OSOxgb9CW
+/N2HmLK2kuTr9iKa7WPCuqfyhx1Q0O7Nk0em09td969YzBPo3RtzIBxmuMqR+5aA
+fZP96YAqmxdBJGvq+mVfF0eZCsKTZ+kRbPuEt/JKFUYZE9NvlJMGV7ZEd4/BDjhv
+GpgVh/aRyKw49nhE3Y/ibtpyDoFh081hzfo8nG8M+s2RW7KYZc3tGTTXL1P6pMJM
+uzktt/zbDbepOCwV/yR44WbUSyKVh9ptHoFzk0UTXnqxpjyiQZbi7LtdHtIzjx4F
+f6nvsFlF0p0G/LqEJDoMjKL92YqRIaRHw6nKB3qdTGfw3imbLE9L/NaReERSQaid
+TMEVkJMsG5EofE499qg64PwF3qPsUQIDAQABAoICAQChHK/mCqmIm7WxblWKY5xS
+xuzKyLSg3AK3uuguccpEjxdc7Obz7u6NCVVeF4Av3Wc6Qere1QZp5AXW/z9qzZG1
+smnrziG/lEAkN5QspwIvqIkT3wlR5VCn1Lf8c6jcv3aiVsCf08hXS5ibq4VkMXov
+cEhWdNAGk1KTi75g4mqlppWdNgDoDDVJ+fikTpu3KU76SUt8qGQ7Vz5Zzn5Oojvz
+ii+ONMkNTMnbMtKg9TLHeLl/5ygSBs7nlR7TG59VtHeiF9cZMwtrr21jQFYhxtef
+vBfQFsOWdyJORzxtgRjnlUEtBQoF1f4NvxCS/NlQHww+qyAj9DlV5VzUOedXW+PL
+iMPxnJiawk6jpJ936KdWHrbqL5klCFB/r65FTZH5RxBJibrNgTwurN8+g89Lg5Aw
+MNS5qPCuKf2jb4L9B2mZPVXM6sg2L0y3YhZiMkvNbav8e4ZAf6NOEaTKGdPJ2P7L
+0X0wlXjtJ5eA8r3KpRiF2t3O8teZiq+QtiN8n5V4G6XBasiryhrA1JINRgIe6Una
+9DgOTmbOtRdJoqh13M40J8NNlUYvI/dxcX9JIG/xpIo9QOSA0eZhzVs1uiZ1IZmK
+Y6I/clUI9c/yTFp5md5Gwpf864EPKeyIbvuSDuGo7YTVImwKh3sg+k5bZMbD68VB
+D+J8zqKNUlvSbOE/Cm8y0QKCAQEA+ABk1/2Fr7LZmJOTRqXVBbJLTOHigg5buPpb
+q+QbkQ8zmhSi/21r/z49r8qwTAoyRBZnF7drx5wbuW9s7YJLdickPBw4lpNermGx
+rObBJxdEFri+A0odsbPi6rS8fjNHYuR9m+gSmxeI4wxeIUEE2KRwj/iPrQ9/0qkv
+aGJyULGId/1Poz0Im5N9ralY9EmqolnoOdMRHl3Vb+P+Db3T4ugUa7ZjQMqoUI2E
+gYcaXMdERq0G/LrH6bruWBZaFDnQGRisICr/a931q3hRDqCwXzh3fD3/DgcWtN8L
++zHjQZglumJ13fq4IuuKcLjwTL8EJTLBDWdKUXmNSaOZYELQNQKCAQEA4/eag4/L
+ai3D5ajlN/qKGyEh3bCtWLy/Vc/ADzjytql2Fx9a13D4jZ8IlyElYJ1lXcsNpYYN
+Vqav+Ymx8hzQs62fCOPgJoRTwrNFMGUpnTtdouRTw7dv5n8ZIieTVTQAiCkujOyW
+uiYEc9GPvi4KaJcGWIjk1sejnWRegdYg7O/9EoxKzBaLUgOlzr3hKGFbNiStqAM0
+B5GWnq+PPSQ9w+XpY0EuEgz83x1AE/4DXTHqzca/2/wrCSPI5HwTt322tdXKMV3c
+Kfhg+6q7P2pm6kEGERshX5VBtGEDoRVD3qBeRrAdcnlRcTdZRlOr1aqBR1XWr8Y7
+K4YcjAiFMKBnLQKCAQEAoQq4cV1qu14bWK2z/DNhchKGPUWNbcDfJO5GKwe0Mu05
+J/vwoIcwkw2axxWKh8YzP+2AQnFUJsmjYzYM+OocEHx4ViRJRtYprHk6BDnQAY9l
+IpASq1YslCFo39o/cH/iAkC3pE7+DgIpXK7CTTvIZtnZUlQpEEs5SNWeOF19OBMg
+uDIgzbKrbUNIYEXQwsk3abeSSkJaImryV3comUnEVts3r34/U2qGA9Dx056kqsym
+9HIVUHYFrSw6666QDgRAsptH4pepRyVaC1/U2vfTr/Gd/WrQvg4yW39fa13I4eZn
+0XFwcpYFjn9/ZZViTaPYkEM2A3soUmHpMoFu7ohUZQKCAQBK+XoV3sr1xstw0tVg
+TcPyHDl5IcxBLQJ4hHUUDJS2wpEWFbfYt0zntvAqVDpoxhs6d7erQqVMZFHn7gNa
+L2PsVCPD1r43rLmnhTIyMnM3RPkMw69Q5RmmYxKvCvkHwqySG4k1y/HekvZP6RIv
+aBEASPtLTuqEQPBsqT/zz6rQgjVnTkCjUp7LgGudzREqKKrI6dM7OKJ6AsXYtsCT
+SUIPFaRmgl9WjHL2JjaW3Knakro4py8eeJbm0KAXlT8ez/exYfi3t7jbDNdIreQb
+fTEPxgbqxVN6jion2uhIqCfEJlYbRXzJ02CXra5s1MPk58jQ30hWUwnOzLLC02KK
+lZaZAoIBAA4+RRTkvA6Yae0f4eCcOu93qfJU5Q/zdrsWarteRaiE21JajKks2Pn0
+ulzDfpOvCQ1siRjGAvHCKQf/bdlWgnd4q5bwrwg66EJ7F11o4yR3Ydj1k4v0aTo9
+/amGkoO0bm3keqSBwKJTpyvZGw5m7JgsjWgtP9P+Wv94T+5EUnMHHgKn5weGA+5J
+gcGuFoZDX6OoaUuDk9/XtIsI8gK8m0aMlkL/IaadhhRWfvt/E13asovjQO0KTiiQ
+5NWTx5t7feIm64AX0LAW5JmBVWdWNvOV7Cm1CQYnq0l6DQp+m3AinkkjcKC1VGBF
+LeMmqowsQXIl95AFVAtNdUU7uZNwlDg=
+-----END PRIVATE KEY-----
diff --git a/ANW-URB/openvpn/gw-ckubu/keys/ta.key b/ANW-URB/openvpn/gw-ckubu/keys/ta.key
new file mode 100644
index 0000000..c62d104
--- /dev/null
+++ b/ANW-URB/openvpn/gw-ckubu/keys/ta.key
@@ -0,0 +1,21 @@
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+aea26f8f0a99ff84f7a6a6f426bef710
+2998c49555c2770d954b9251a74b6e30
+3859a0a8c086f3509c440c50bf3230e3
+d5bc2b247119a4fdb59aefdd2376475d
+f060a24165022d981ddee0704d580587
+752e520d930b24580ae5ccbef266c471
+6ef8dfdd6ba9de23e63823841086a151
+90e146c1d085b274d3403de9bd827935
+cd18fd2cb4005f3c133802ccc0c2f885
+decd3b5fd4d6dd53dc478c59f3a84dc5
+e9a3d51e805811af39647a9904605b99
+2dbf311089315fcbafa70b89e2d49b1b
+d425b598f7551a2cb21ef9315a97e36b
+2152699cf9ec5fa90df659495575a935
+bceb34f91889eda617d2c6b26573c6c1
+ce620dd47a0b08e6da791cf979ed8c44
+-----END OpenVPN Static key V1-----
diff --git a/ANW-URB/openvpn/server-anwaeltinnen.conf b/ANW-URB/openvpn/server-anwaeltinnen.conf
new file mode 100644
index 0000000..650ab3c
--- /dev/null
+++ b/ANW-URB/openvpn/server-anwaeltinnen.conf
@@ -0,0 +1,315 @@
+#################################################
+# Sample OpenVPN 2.0 config file for            #
+# multi-client server.                          #
+#                                               #
+# This file is for the server side              #
+# of a many-clients <-> one-server              #
+# OpenVPN configuration.                        #
+#                                               #
+# OpenVPN also supports                         #
+# single-machine <-> single-machine             #
+# configurations (See the Examples page         #
+# on the web site for more info).               #
+#                                               #
+# This config should work on Windows            #
+# or Linux/BSD systems.  Remember on            #
+# Windows to quote pathnames and use            #
+# double backslashes, e.g.:                     #
+# "C:\\Program Files\\OpenVPN\\config\\foo.key" #
+#                                               #
+# Comments are preceded with '#' or ';'         #
+#################################################
+
+# Which local IP address should OpenVPN
+# listen on? (optional)
+;local a.b.c.d
+
+# Which TCP/UDP port should OpenVPN listen on?
+# If you want to run multiple OpenVPN instances
+# on the same machine, use a different port
+# number for each one.  You will need to
+# open up this port on your firewall.
+port 1194
+
+# TCP or UDP server?
+;proto tcp
+proto udp
+
+topology subnet
+
+# "dev tun" will create a routed IP tunnel,
+# "dev tap" will create an ethernet tunnel.
+# Use "dev tap" if you are ethernet bridging.
+# If you want to control access policies
+# over the VPN, you must create firewall
+# rules for the the TUN/TAP interface.
+# On non-Windows systems, you can give
+# an explicit unit number, such as tun0.
+# On Windows, use "dev-node" for this.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Enable TUN IPv6 module
+;tun-ipv6
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel if you
+# have more than one.  On XP SP2 or higher,
+# you may need to selectively disable the
+# Windows firewall for the TAP adapter.
+# Non-Windows systems usually don't need this.
+;dev-node MyTap
+
+# SSL/TLS root certificate (ca), certificate
+# (cert), and private key (key).  Each client
+# and the server must have their own cert and
+# key file.  The server and all clients will
+# use the same ca file.
+#
+# See the "easy-rsa" directory for a series
+# of scripts for generating RSA certificates
+# and private keys.  Remember to use
+# a unique Common Name for the server
+# and each of the client certificates.
+#
+# Any X509 key management system can be used.
+# OpenVPN can also use a PKCS #12 formatted key file
+# (see "pkcs12" directive in man page).
+ca /etc/openvpn/anwaeltinnen/keys/ca.crt
+cert /etc/openvpn/anwaeltinnen/keys/server.crt
+key /etc/openvpn/anwaeltinnen/keys/server.key  # This file should be kept secret
+
+# Diffie hellman parameters.
+# Generate your own with:
+#   openssl dhparam -out dh1024.pem 1024
+# Substitute 2048 for 1024 if you are using
+# 2048 bit keys.
+dh /etc/openvpn/anwaeltinnen/keys/dh4096.pem
+
+# Configure server mode and supply a VPN subnet
+# for OpenVPN to draw client addresses from.
+# The server will take 10.8.0.1 for itself,
+# the rest will be made available to clients.
+# Each client will be able to reach the server
+# on 10.8.0.1. Comment this line out if you are
+# ethernet bridging. See the man page for more info.
+;server 10.8.0.0 255.255.255.0
+;server-ipv6 2a01:30:1fff:fd00::/64
+server 10.0.132.0 255.255.255.0
+
+# Maintain a record of client <-> virtual IP address
+# associations in this file.  If OpenVPN goes down or
+# is restarted, reconnecting clients can be assigned
+# the same virtual IP address from the pool that was
+# previously assigned.
+ifconfig-pool-persist /etc/openvpn/anwaeltinnen/ipp.txt
+
+# Configure server mode for ethernet bridging.
+# You must first use your OS's bridging capability
+# to bridge the TAP interface with the ethernet
+# NIC interface.  Then you must manually set the
+# IP/netmask on the bridge interface, here we
+# assume 10.8.0.4/255.255.255.0.  Finally we
+# must set aside an IP range in this subnet
+# (start=10.8.0.50 end=10.8.0.100) to allocate
+# to connecting clients.  Leave this line commented
+# out unless you are ethernet bridging.
+;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
+
+# Push routes to the client to allow it
+# to reach other private subnets behind
+# the server.  Remember that these
+# private subnets will also need
+# to know to route the OpenVPN client
+# address pool (10.8.0.0/255.255.255.0)
+# back to the OpenVPN server.
+;push "route 10.8.0.0  255.255.255.0"
+push "route 192.168.132.0 255.255.255.0"
+
+# To assign specific IP addresses to specific
+# clients or if a connecting client has a private
+# subnet behind it that should also have VPN access,
+# use the subdirectory "ccd" for client-specific
+# configuration files (see man page for more info).
+client-config-dir /etc/openvpn/anwaeltinnen/ccd/server-anwaeltinnen
+
+# ---
+# EXAMPLE: Suppose the client
+# having the certificate common name "Thelonious"
+# also has a small subnet behind his connecting
+# machine, such as 192.168.40.128/255.255.255.248.
+# First, uncomment out these lines:
+;client-config-dir /etc/openvpn/ccd
+;route 192.168.40.128 255.255.255.248
+
+# Then create a file ccd/Thelonious with this line:
+#   iroute 192.168.40.128 255.255.255.248
+# This will allow Thelonious' private subnet to
+# access the VPN.  This example will only work
+# if you are routing, not bridging, i.e. you are
+# using "dev tun" and "server" directives.
+# ---
+
+# ---
+# EXAMPLE: Suppose you want to give
+# Thelonious a fixed VPN IP address of 10.9.0.1.
+# First uncomment out these lines:
+;client-config-dir ccd
+;route 10.9.0.0 255.255.255.252
+
+# Then add this line to ccd/Thelonious:
+#   ifconfig-push 10.9.0.1 10.9.0.2
+# ---
+
+# ---
+# Suppose that you want to enable different
+# firewall access policies for different groups
+# of clients.  There are two methods:
+# (1) Run multiple OpenVPN daemons, one for each
+#     group, and firewall the TUN/TAP interface
+#     for each group/daemon appropriately.
+# (2) (Advanced) Create a script to dynamically
+#     modify the firewall in response to access
+#     from different clients.  See man
+#     page for more info on learn-address script.
+;learn-address ./script
+# ---
+
+# If enabled, this directive will configure
+# all clients to redirect their default
+# network gateway through the VPN, causing
+# all IP traffic such as web browsing and
+# and DNS lookups to go through the VPN
+# (The OpenVPN server machine may need to NAT
+# the TUN/TAP interface to the internet in
+# order for this to work properly).
+# CAVEAT: May break client's network config if
+# client's local DHCP server packets get routed
+# through the tunnel.  Solution: make sure
+# client's local DHCP server is reachable via
+# a more specific route than the default route
+# of 0.0.0.0/0.0.0.0.
+;push "redirect-gateway"
+
+# Certain Windows-specific network settings
+# can be pushed to clients, such as DNS
+# or WINS server addresses.  CAVEAT:
+# http://openvpn.net/faq.html#dhcpcaveats
+;push "dhcp-option WINS 10.8.0.1"
+push "dhcp-option DNS 192.168.132.1"
+push "dhcp-option DOMAIN anwaeltinnen.netz"
+
+# Uncomment this directive to allow different
+# clients to be able to "see" each other.
+# By default, clients will only see the server.
+# To force clients to only see the server, you
+# will also need to appropriately firewall the
+# server's TUN/TAP interface.
+client-to-client
+
+# Uncomment this directive if multiple clients
+# might connect with the same certificate/key
+# files or common names.  This is recommended
+# only for testing purposes.  For production use,
+# each client should have its own certificate/key
+# pair.
+#
+# IF YOU HAVE NOT GENERATED INDIVIDUAL
+# CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
+# EACH HAVING ITS OWN UNIQUE "COMMON NAME",
+# UNCOMMENT THIS LINE OUT.
+;duplicate-cn
+
+# The keepalive directive causes ping-like
+# messages to be sent back and forth over
+# the link so that each side knows when
+# the other side has gone down.
+# Ping every 10 seconds, assume that remote
+# peer is down if no ping received during
+# a 120 second time period.
+keepalive 10 120
+
+# For extra security beyond that provided
+# by SSL/TLS, create an "HMAC firewall"
+# to help block DoS attacks and UDP port flooding.
+#
+# Generate with:
+#   openvpn --genkey --secret ta.key
+#
+# The server and each client must have
+# a copy of this key.
+# The second parameter should be '0'
+# on the server and '1' on the clients.
+;tls-auth ta.key 0 # This file is secret
+tls-auth /etc/openvpn/anwaeltinnen/keys/ta.key 0
+
+# Select a cryptographic cipher.
+# This config item must be copied to
+# the client config file as well.
+;cipher BF-CBC        # Blowfish (default)
+;cipher AES-128-CBC   # AES
+;cipher DES-EDE3-CBC  # Triple-DES
+cipher AES-256-CBC
+
+# Enable compression on the VPN link.
+# If you enable it here, you must also
+# enable it in the client config file.
+;comp-lzo
+
+# The maximum number of concurrently connected
+# clients we want to allow.
+;max-clients 100
+
+# It's a good idea to reduce the OpenVPN
+# daemon's privileges after initialization.
+#
+# You can uncomment this out on
+# non-Windows systems.
+user nobody
+group nogroup
+
+# The persist options will try to avoid
+# accessing certain resources on restart
+# that may no longer be accessible because
+# of the privilege downgrade.
+persist-key
+persist-tun
+persist-local-ip
+persist-remote-ip
+
+# Output a short status file showing
+# current connections, truncated
+# and rewritten every minute.
+;status openvpn-status.log
+status /var/log/openvpn/status-server-anwaeltinnen.log
+
+# By default, log messages will go to the syslog (or
+# on Windows, if running as a service, they will go to
+# the "\Program Files\OpenVPN\log" directory).
+# Use log or log-append to override this default.
+# "log" will truncate the log file on OpenVPN startup,
+# while "log-append" will append to it.  Use one
+# or the other (but not both).
+;log-append  openvpn.log
+;log         openvpn.log
+log         /var/log/openvpn/server-anwaeltinnen.log
+
+# Set the appropriate level of log
+# file verbosity.
+#
+# 0 is silent, except for fatal errors
+# 4 is reasonable for general usage
+# 5 and 6 can help to debug connection problems
+# 9 is extremely verbose
+verb 1
+
+# Silence repeating messages.  At most 20
+# sequential messages of the same message
+# category will be output to the log.
+;mute 20
+
+# CRL (certificate revocation list) verification
+crl-verify /etc/openvpn/anwaeltinnen/crl.pem
diff --git a/ANW-URB/openvpn/server-gw-ckubu.conf b/ANW-URB/openvpn/server-gw-ckubu.conf
index 1294747..08e25f7 100644
--- a/ANW-URB/openvpn/server-gw-ckubu.conf
+++ b/ANW-URB/openvpn/server-gw-ckubu.conf
@@ -54,6 +54,9 @@ route 192.168.64.0 255.255.255.0 10.1.132.1
 ;dev tap
 dev tun
 
+# Enable TUN IPv6 module
+;tun-ipv6
+
 # Windows needs the TAP-Win32 adapter name
 # from the Network Connections panel if you
 # have more than one.  On XP SP2 or higher,
@@ -77,16 +80,16 @@ dev tun
 # Any X509 key management system can be used.
 # OpenVPN can also use a PKCS #12 formatted key file
 # (see "pkcs12" directive in man page).
-ca keys/ca.crt
-cert keys/server.crt
-key keys/server.key  # This file should be kept secret
+ca /etc/openvpn/gw-ckubu/keys/ca.crt
+cert /etc/openvpn/gw-ckubu/keys/server.crt
+key /etc/openvpn/gw-ckubu/keys/server.key  # This file should be kept secret
 
 # Diffie hellman parameters.
 # Generate your own with:
 #   openssl dhparam -out dh1024.pem 1024
 # Substitute 2048 for 1024 if you are using
-# 2048 bit keys. 
-dh keys/dh1024.pem
+# 2048 bit keys.
+dh /etc/openvpn/gw-ckubu/keys/dh4096.pem
 
 # Configure server mode and supply a VPN subnet
 # for OpenVPN to draw client addresses from.
@@ -95,6 +98,8 @@ dh keys/dh1024.pem
 # Each client will be able to reach the server
 # on 10.8.0.1. Comment this line out if you are
 # ethernet bridging. See the man page for more info.
+;server 10.8.0.0 255.255.255.0
+;server-ipv6 2a01:30:1fff:fd00::/64
 server 10.1.132.0 255.255.255.0
 
 # Maintain a record of client <-> virtual IP address
@@ -102,7 +107,7 @@ server 10.1.132.0 255.255.255.0
 # is restarted, reconnecting clients can be assigned
 # the same virtual IP address from the pool that was
 # previously assigned.
-ifconfig-pool-persist /etc/openvpn/ipp.txt
+ifconfig-pool-persist /etc/openvpn/gw-ckubu/ipp.txt
 
 # Configure server mode for ethernet bridging.
 # You must first use your OS's bridging capability
@@ -123,39 +128,44 @@ ifconfig-pool-persist /etc/openvpn/ipp.txt
 # to know to route the OpenVPN client
 # address pool (10.8.0.0/255.255.255.0)
 # back to the OpenVPN server.
-;push "route 192.168.23.0 255.255.255.0"
-;push "route 192.168.82.0 255.255.255.0"
-;push "route 192.168.132.0 255.255.255.0"
-;push "route 192.168.133.0 255.255.255.0"
+;push "route 10.8.0.0  255.255.255.0"
 
 # To assign specific IP addresses to specific
 # clients or if a connecting client has a private
 # subnet behind it that should also have VPN access,
 # use the subdirectory "ccd" for client-specific
 # configuration files (see man page for more info).
+client-config-dir /etc/openvpn/gw-ckubu/ccd/server-gw-ckubu
 
+# ---
 # EXAMPLE: Suppose the client
 # having the certificate common name "Thelonious"
 # also has a small subnet behind his connecting
 # machine, such as 192.168.40.128/255.255.255.248.
 # First, uncomment out these lines:
-client-config-dir /etc/openvpn/ccd/server-gw-ckubu
+;client-config-dir /etc/openvpn/ccd
 ;route 192.168.40.128 255.255.255.248
+
 # Then create a file ccd/Thelonious with this line:
 #   iroute 192.168.40.128 255.255.255.248
 # This will allow Thelonious' private subnet to
 # access the VPN.  This example will only work
 # if you are routing, not bridging, i.e. you are
 # using "dev tun" and "server" directives.
+# ---
 
+# ---
 # EXAMPLE: Suppose you want to give
 # Thelonious a fixed VPN IP address of 10.9.0.1.
 # First uncomment out these lines:
 ;client-config-dir ccd
 ;route 10.9.0.0 255.255.255.252
+
 # Then add this line to ccd/Thelonious:
 #   ifconfig-push 10.9.0.1 10.9.0.2
+# ---
 
+# ---
 # Suppose that you want to enable different
 # firewall access policies for different groups
 # of clients.  There are two methods:
@@ -167,6 +177,7 @@ client-config-dir /etc/openvpn/ccd/server-gw-ckubu
 #     from different clients.  See man
 #     page for more info on learn-address script.
 ;learn-address ./script
+# ---
 
 # If enabled, this directive will configure
 # all clients to redirect their default
@@ -188,10 +199,7 @@ client-config-dir /etc/openvpn/ccd/server-gw-ckubu
 # can be pushed to clients, such as DNS
 # or WINS server addresses.  CAVEAT:
 # http://openvpn.net/faq.html#dhcpcaveats
-;push "dhcp-option DNS 10.8.0.1"
 ;push "dhcp-option WINS 10.8.0.1"
-;push "dhcp-option DNS 192.168.132.1"
-;push "dhcp-option DOMAIN anwaeltinnen.netz"
 
 # Uncomment this directive to allow different
 # clients to be able to "see" each other.
@@ -235,7 +243,7 @@ keepalive 10 120
 # The second parameter should be '0'
 # on the server and '1' on the clients.
 ;tls-auth ta.key 0 # This file is secret
-tls-auth keys/ta.key 0
+tls-auth /etc/openvpn/gw-ckubu/keys/ta.key 0
 
 # Select a cryptographic cipher.
 # This config item must be copied to
@@ -243,11 +251,12 @@ tls-auth keys/ta.key 0
 ;cipher BF-CBC        # Blowfish (default)
 ;cipher AES-128-CBC   # AES
 ;cipher DES-EDE3-CBC  # Triple-DES
+cipher AES-256-CBC
 
 # Enable compression on the VPN link.
 # If you enable it here, you must also
 # enable it in the client config file.
-comp-lzo
+;comp-lzo
 
 # The maximum number of concurrently connected
 # clients we want to allow.
@@ -269,9 +278,11 @@ persist-key
 persist-tun
 persist-local-ip
 persist-remote-ip
+
 # Output a short status file showing
 # current connections, truncated
 # and rewritten every minute.
+;status openvpn-status.log
 status /var/log/openvpn/status-server-gw-ckubu.log
 
 # By default, log messages will go to the syslog (or
@@ -281,8 +292,9 @@ status /var/log/openvpn/status-server-gw-ckubu.log
 # "log" will truncate the log file on OpenVPN startup,
 # while "log-append" will append to it.  Use one
 # or the other (but not both).
-log         /var/log/openvpn/server-gw-ckubu.log
 ;log-append  openvpn.log
+;log         openvpn.log
+log         /var/log/openvpn/server-gw-ckubu.log
 
 # Set the appropriate level of log
 # file verbosity.
@@ -291,11 +303,12 @@ log         /var/log/openvpn/server-gw-ckubu.log
 # 4 is reasonable for general usage
 # 5 and 6 can help to debug connection problems
 # 9 is extremely verbose
-verb 4
+verb 1
 
 # Silence repeating messages.  At most 20
 # sequential messages of the same message
 # category will be output to the log.
 ;mute 20
 
-#crl-verify /etc/openvpn/keys/crl.pem
+# CRL (certificate revocation list) verification
+crl-verify /etc/openvpn/gw-ckubu/crl.pem
diff --git a/ANW-URB/openvpn/update-resolv-conf b/ANW-URB/openvpn/update-resolv-conf
index 8306380..fc2f031 100755
--- a/ANW-URB/openvpn/update-resolv-conf
+++ b/ANW-URB/openvpn/update-resolv-conf
@@ -5,50 +5,54 @@
 # up /etc/openvpn/update-resolv-conf
 # down /etc/openvpn/update-resolv-conf
 #
-# Used snippets of resolvconf script by Thomas Hood <jdthood@yahoo.co.uk> 
-# and Chris Hanson
+# Used snippets of resolvconf script by Thomas Hood and Chris Hanson.
 # Licensed under the GNU GPL.  See /usr/share/common-licenses/GPL. 
-#
-# 05/2006 chlauber@bnc.ch
 # 
 # Example envs set from openvpn:
-# foreign_option_1='dhcp-option DNS 193.43.27.132'
-# foreign_option_2='dhcp-option DNS 193.43.27.133'
-# foreign_option_3='dhcp-option DOMAIN be.bnc.ch'
+#
+#     foreign_option_1='dhcp-option DNS 193.43.27.132'
+#     foreign_option_2='dhcp-option DNS 193.43.27.133'
+#     foreign_option_3='dhcp-option DOMAIN be.bnc.ch'
+#
 
 [ -x /sbin/resolvconf ] || exit 0
+[ "$script_type" ] || exit 0
+[ "$dev" ] || exit 0
 
-case $script_type in
+split_into_parts()
+{
+	part1="$1"
+	part2="$2"
+	part3="$3"
+}
 
-up)
-	for optionname in ${!foreign_option_*} ; do
-		option="${!optionname}"
-		echo $option
-		part1=$(echo "$option" | cut -d " " -f 1)
-		if [ "$part1" == "dhcp-option" ] ; then
-			part2=$(echo "$option" | cut -d " " -f 2)
-			part3=$(echo "$option" | cut -d " " -f 3)
-			if [ "$part2" == "DNS" ] ; then
-				IF_DNS_NAMESERVERS="$IF_DNS_NAMESERVERS $part3"
-			fi
-			if [ "$part2" == "DOMAIN" ] ; then
-				IF_DNS_SEARCH="$part3"
+case "$script_type" in
+  up)
+	NMSRVRS=""
+	SRCHS=""
+	for optionvarname in ${!foreign_option_*} ; do
+		option="${!optionvarname}"
+		echo "$option"
+		split_into_parts $option
+		if [ "$part1" = "dhcp-option" ] ; then
+			if [ "$part2" = "DNS" ] ; then
+				NMSRVRS="${NMSRVRS:+$NMSRVRS }$part3"
+			elif [ "$part2" = "DOMAIN" ] ; then
+				SRCHS="${SRCHS:+$SRCHS }$part3"
 			fi
 		fi
 	done
 	R=""
-	if [ "$IF_DNS_SEARCH" ] ; then
-        	R="${R}search $IF_DNS_SEARCH
+	[ "$SRCHS" ] && R="search $SRCHS
 "
-	fi
-	for NS in $IF_DNS_NAMESERVERS ; do
+	for NS in $NMSRVRS ; do
         	R="${R}nameserver $NS
 "
 	done
-	echo -n "$R" | /sbin/resolvconf -a "${dev}.inet"
+	echo -n "$R" | /sbin/resolvconf -a "${dev}.openvpn"
 	;;
-down)
-	/sbin/resolvconf -d "${dev}.inet"
+  down)
+	/sbin/resolvconf -d "${dev}.openvpn"
 	;;
 esac
 
diff --git a/ANW-URB/src/ipt-gateway b/ANW-URB/src/ipt-gateway
index de0ebb6..2affc44 160000
--- a/ANW-URB/src/ipt-gateway
+++ b/ANW-URB/src/ipt-gateway
@@ -1 +1 @@
-Subproject commit de0ebb616266e09c1ded3ae277b5b184093f9cc5
+Subproject commit 2affc448c28ff8f96152e418f1e5b8829fb4f13d
diff --git a/ANW-URB/src/openvpn b/ANW-URB/src/openvpn
new file mode 160000
index 0000000..8f2df22
--- /dev/null
+++ b/ANW-URB/src/openvpn
@@ -0,0 +1 @@
+Subproject commit 8f2df2215b864c298df2dd1816e9538d16e0d2de