o.open/Office_Networks
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update ANW-URB.

Browse Source
This commit is contained in:
Christoph
2018-07-01 16:58:11 +02:00
parent 100d1297e6
commit a8ad08b139
107 changed files with 6107 additions and 89 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
ANW-URB/openvpn/gw-ckubu/ccd/server-gw-ckubu/VPN-ANW-URB-gw-ckubu Normal file
View File

@ -0,0 +1,6 @@
ifconfig-push 10.1.132.2 255.255.255.0
push "route 192.168.132.0 255.255.255.0 10.1.132.1"
push "route 192.168.133.0 255.255.255.0 10.1.132.1"
push "route 172.16.132.0 255.255.255.0 10.1.132.1"
iroute 192.168.63.0 255.255.255.0
iroute 192.168.64.0 255.255.255.0

270
ANW-URB/openvpn/gw-ckubu/client-configs/gw-ckubu.conf Normal file
View File

@ -0,0 +1,270 @@
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote gw-urban.oopen.de 1195
topology subnet
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Try to preserve some state across restarts.
persist-key
persist-tun
# Server CA
<ca>
-----BEGIN CERTIFICATE-----
MIIG5DCCBMygAwIBAgIJALp/KJ1jL7feMA0GCSqGSIb3DQEBCwUAMIGmMQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEUMBIGA1UEAxML
VlBOLUFOVy1VUkIxFDASBgNVBCkTC1ZQTiBBTlctVVJCMR0wGwYJKoZIhvcNAQkB
Fg5hcmd1c0Bvb3Blbi5kZTAgFw0xODA3MDExMjAxMTBaGA8yMDUwMDcwMTEyMDEx
MFowgaYxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJl
cmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2Vz
MRQwEgYDVQQDEwtWUE4tQU5XLVVSQjEUMBIGA1UEKRMLVlBOIEFOVy1VUkIxHTAb
BgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOC
Ag8AMIICCgKCAgEAwqxYiLmI2l30o0GJ0tFrt8G8pHrhuIUbgmaKpv+nvkDVZlYi
x7e36iGcswVwFrCRMkDSZk3assH95zr+psTDDpcsLeXg6t/P8m4Fa+nRpGAnJiRG
kC5C1gi6mzQq2exkyK/N8uEN1i1uRSm6bg5SYoY2kYid9t2wzkvw/oRpee3orrGX
T0L0V7gQsBXRQMPkDdcsXiS6yMC/BiucNZ7aTNm0ZFJW/FrtFK2fq+zhfKMffe0q
ZEBC9kpJvo12u1TVE6udnBqEa7SdDTgZdIJt2bWeI700WQd/wbxX2+pn+mMvzwnz
ArIkMkAEg8XKRvvyTTZFXgLjNie03mfT3Rhdaren7SW0Y9ZP5f9RWiqaUVPwbc4L
Y0rHuxDOn26GM5lcMUcDH5mqhe/7jOeGFNWNjvMzfwud1lGNVWjM9RLLhvQnZmJn
RCuCiP4egh9eZ537XYvnf9tEfZibeDZQbeJ+RXHfcPb4QZbTXfyah8A6tw4SN3DY
BA5S0f/5RJ58K/HqUk63zTMLDTQ5xxnh9H6t0dj0d1hKZdBGJ4J+h94aSBWd1yDj
0ihEtuMlkmXlb6WuMCu7WfVjveq+Y0cbyP7j8Eydr4mKNUGSLSr36OxBaaj84MqN
/SxgR/WC6cd2sIfI2arqBfs6Ofh6SnwY7QthrolPGBkVltemHIFOXNPRFakCAwEA
AaOCAQ8wggELMB0GA1UdDgQWBBSDzgWqdk1v9fZT1ZAGuJmamsq/yjCB2wYDVR0j
BIHTMIHQgBSDzgWqdk1v9fZT1ZAGuJmamsq/yqGBrKSBqTCBpjELMAkGA1UEBhMC
REUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZv
Lm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1B
TlctVVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJn
dXNAb29wZW4uZGWCCQC6fyidYy+33jAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEB
CwUAA4ICAQCpZ/wJ4P99jqlzsvxt/xr9vmaseN40KRUiVhNMI4NArL6cxNw++MX/
yYIw4lk4BtBtMxidcgBnubtck5wuCeLco4HBYnXcLOJT6kJkZQ7ruM9Q5gwaYZFq
HWNJFDQhMO8x1sbf7QzENmg9UsZu+9ugA+MZ30gnWBLWW4BfB6YuHQkRmE/i9gYn
AGwiokUCem4hKUiN+K4rOmPFgtJN5rY9Tv0cu4dvY93lz+e9kvBj2qHTydTBvLM5
YdxuZ5YN4dLEvpI+PIlJCS78Z5fISake3oQliy7sTs77cYihQ4AgWTo4JO/sX6Z0
VyV0Y8qGkMhcWJ9p/6y4XpatBIDmzuvauRUFR8U6qLknWDgFpEeppqUOU43y1Kmq
brVBRFjqfiJfYSOOr6lUkiJkLOHNAbHsNrtQLFnr4PHsegIwPLC4hRjmZjlrkUiW
GV/+QUeNahFkZ6PhaELXAzmwi2oDkoszssMIXbwgtzq0T8svlJXZUEfzY+O/tVOB
uQ7qgA2fKzGI1/F0Qzm5TV/bxhP8IzHPUiEWHaQbJkTzUW8oe9l63KxtEysw99to
mgxxeMVvxuRxswkp77j/he8B95VHIvYBtVzTRPLfXwhSSeGgZsriqORXqhInNGi8
+yEXH4slS8QSBi7fLkgk7Fkl4HLNSUqstdOyJuMPr9yfgTg4Mhb16g==
-----END CERTIFICATE-----
</ca>
# Client Certificate
<cert>
-----BEGIN CERTIFICATE-----
MIIHRjCCBS6gAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1BTlct
VVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
b29wZW4uZGUwHhcNMTgwNzAxMTIxOTU5WhcNMzgwNzAxMTIxOTU5WjCBrzELMAkG
A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxHTAbBgNVBAMT
FFZQTi1BTlctVVJCLWd3LWNrdWJ1MRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsG
CSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4IC
DwAwggIKAoICAQDP0fPI9wEQUjhMSG908UI1fMjhpdaFsoaZZpFHJtbNbdIoGw7s
pLt4MDHoTlxX+wQNRyE+ISKTcBcna57LhLiukdPXrJlF/ETr6vo/lnA7PGa9hnJv
hzJinSG5DdP1KMpEGAbtWb6T4FFFWzE7r7lPrch3ZnEqhxdvug+MKXCtV2uZQy18
k52ddaRTFAjVr9wSir/e2rwxD+7+448L+ZHs839zxQkCgw2hzCbrCaMPO/RQ5Cwf
jrHN7pyVt0nCead80Fx/drh0xPk8bF38YcKGFwPI2lC+P7A4IkImJ4e/lOt+Lz57
6xXMq31qkvi8MIYSMiA+2Ou9UWsj/mNulGzUqp2wtOxbaA2oE9KMGQw3C8HkX4l/
g1wOZoWfb4whURTrM8pBd2UvS//7FUG23yoFtyD0kzERFvTT2Es3whKineUtHxAp
Dhf0mXT5aiS45Gpue8Eh4Lzl/SBan+WtbYiGsMUXcdyC7aoXMGuRveEV0BjO5hgm
K4vTpgdXfM2vtIj//eWERsm3SBtk7B/MEqIS9Xkz9ELIObcBSxlPGhnaJAHLrVcl
bRm7DNZqN1euWAnQaJyRtNEyXUx1heWzCECUY5L5vxLqQo0GJ67oA5VFV2duMTDI
chMBB8UlWNoyNDBlfWxRgH9I136xkZplNk/cSVaZw7RL/sQNz7gVrfwOaQIDAQAB
o4IBcjCCAW4wCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2Vu
ZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBTkCKWUHjo6HlsxCDXAVDI4N7kw
EzCB2wYDVR0jBIHTMIHQgBSDzgWqdk1v9fZT1ZAGuJmamsq/yqGBrKSBqTCBpjEL
MAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8w
DQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNV
BAMTC1ZQTi1BTlctVVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3
DQEJARYOYXJndXNAb29wZW4uZGWCCQC6fyidYy+33jATBgNVHSUEDDAKBggrBgEF
BQcDAjALBgNVHQ8EBAMCB4AwEwYDVR0RBAwwCoIIZ3ctY2t1YnUwDQYJKoZIhvcN
AQELBQADggIBAGSLlF/gaiE1+iVDbpLaWSASfGuZfxjXOemN+czikzy9nO5RDqkh
17oJIavuj5ROf+wBMUBqTPUiVKlfr1zMkXbm3V69zmssAMOhMyobg0hk0E2GXtrw
Tb6vxwFqaUukOcjX3u9PlGezewo/WuQJYH66efsAmgkqUgPLxN/SXCSbK/HC+l67
YuQfXoHqZQDZ3Ew4F1m61QnQJcUVKOQVotLWeKBy9QauP2GTpYqMmqbKXSogr975
SdapRTQccsaTrWHd1mgsFn2XZlcIkfq9/w1oILS+uptg8aG9NeZRJoSRZQnyfhfV
ZISXever73fqVUfh0ee5rPVdqzdUiY5f0R4rW+Y8MTjo6d1YuvPJYxrtKtn6ZlLN
uYwNZHjC0yPpo5tX7QXlUhtrMtg3nPrilO07opRKm89OkM78FTbgpSw/x/oDwQY3
RVYMQ0wJulAgUmwy80jgYB+HwkIaIROW2abd8XX4qBXCwV2N6MH6PePl1ttx0Spm
pVevqkOLIi0zpyjR0qh/pnGnbRWFhztgkvaIfStAk08KMNFgRekx3omHE2/KmRDf
azsDLHjw9SxMb3Tx9gMnmkV0rxM24VuRbWNh4KPNQaO7jeDf6it84y53rT34olcL
lF5jjfmPMuHiPJauPOw/wWRwFrh/hF99ncdO8c8JNJwOibrXvjidhzAC
-----END CERTIFICATE-----
</cert>
# Client Key
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIJjjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIVPXPy9FjUjECAggA
MBQGCCqGSIb3DQMHBAgeJeDimzYzlwSCCUg6NduONv8wnwx1hQtK24FFJF3dsFN9
sH3ar+oS9CBXyKKKz+Kj2QQcPuEHyD/Ex2KKaxrBLCIh4iHNo23ZoQTvdXpYvAsH
AJLeknvhYFI68hGWj69cGMS+huY/+8Pk2C5ZQZdl4vbClSIa5syHqAuufaWiRQy7
1jrlz8aWq/vx2IJE/OUw6kY6GVsp5/PJSjHS6bHpNM5r938IJeP7sbOvI3aSfqdh
QMATUhMEmmfMIJ5Qo9bgSfowcEPe1LPbg0zr2RbXJmd04vi3+m1AKSd3wG9PpNuh
fwQZGBES4HFdQeNwymfe4YPL7poxQsHqaffSauTxV0dMM3jfnL0O1kzYwYr7TvLN
a7hClcikUnOFHEO0JZm3uKvgFOsNrpPZHQ541BvHwumu9ATO9U8QvCVidZ4O8Ewh
xqXYS0Ugc3M5/jwJwlXKY8rZESM05ea2XdS3OzREQs6sHjnhBZqHB7yIOut3ENjI
sd0V+m2X/AJnxYDCkmfaXAWYdjzmNzWBrQ/2jGsLtvOz25o0BCr2s0Tds16s6ijy
PrnY+RljHd2xz+8VKIjmIRZAfSUj5bPA+5rlWNE17EqNVkE0Drq3ESFyOkOhIxv5
zWLNTJT9GLn8BOz8dt9iH1SXceiBQAAEjKohtihokF8WNFckXcYP8PIZxgT2gNSZ
9vldNzC7tT4/UviFMUJVE7fUQgYf0XgVPcDVvmvfs7xbJVG+cmdckL4qfZsV6xY+
bIyK4Y5fB0J4bQzIva6W96Nne0Lytf++y+sqgY4llpcFibKgYN7M3KfsM5A7k+wc
uKoGy5+2/dZrcF8rS87MPdeeIRKpYFKpxz1/VvugprAXfjDV2eKSULG1fEpsfVOx
u1FE7EIwDnYmue7MpA9OYvLOJXQrHbdnwlvjyRDmR2Pmll6rjEGX/yn9yBltVCal
7NCZHfwlQm4h16bUmWvUSBdTF80pCy6eOaBz77K/2v1V9vWzi1ZAyKy/aVhPtMS4
Jyh3Eg2fh5WHVlH6zkju7Oqz+vfLQS1XVoz5dabbnCgHzWk6MccVyE3D4G+0ti/R
6waRrBhIPazitKQTi7wnK6eZ1CVBCkbRkxu4EcBfq7R4TfV6ijVRK5T/LsYG3TzU
tSx6Z2VAdPDIl78usVOqirrw/Q68s6w3xLm/WxV0a3f80afGHj0p1Pxx9IIb+4fB
B13tAJ8RTCtwXSFf09hFnSKYJc9iS2opUHFm79TUpDR220VznMdjZiLAbYb+lGDm
GNhshIBbaMrBi5oguZ2c9aP+FKUXooYQzpFfSPduU1oO0WoesJDbxbPrzyX6VFy2
d//WWCsGo3l7nF7gAsHJeR0gTaBhnuciR6VLOKuE7rQdoRFovtT/+u0/jUuztss0
P/cH0wZm2jye5y3A8yIsGIyoxJjwAEhCdgBK0ChHarpQ4owwgFWb2gif6T2wTi+j
8ng7r/LnqJZkWHwuttLXX7fpQLmOj6ybG3ytFf3t8A3MQJp2pTY/el7bf0xYz0x+
ll8BSHvGqTRZe3fImzcY03deOrKSPlWUQ0haiT3bcz6EJnWuul6/sCMmxIZbZaEc
qV/orXMaEm/nMd5+e7AVhDo9Q5nBVtTT+BZSABb8YEHY62g26FtEo8cvnFTNfOR7
gSfyBkS1YAttqdQ8UvB4TkjE3cmepy0bo1Uu0h+1XfQqTducPV6AmFu2snbnyys9
8KJgkV0qc+biK8ROPUQBKjE2Mi6jO3wLYVIr8PA2Gl/mv1TjdDOecFnsyyAcjNkX
Ol02fKSMl8nYVKnVKnTffLM6fYs2bKJwjEoYOkLDFmpO+fCnq1IFwg/CBkn7AL0s
chBVisDNUV9MGbDZVIiYUSEtaY7cgyAJqBfRbMtlvC2mQFzMI2L/+J/4ZUGRqJ8K
LsiJ+aCvwgHoOTpuxC7sH3LiAoDejOa8qMRWKqklO1LtNfvTV/APAACjhQ1N484R
/uzmLnKY6QPCFnK1zmo6NwvcSy/8vD3YZMxV3T54kqooMraJrVB62YJe/KsCTCbb
7bUkeNiqxT9jbUf9Lu4Wy91i9XRh9Kakxfl1/oM5E/cuzX+r7hz6AUSLgZ0ibgdJ
wXDCCcdxw6Ne+zw1ME5XfZ+3DhGvFb4LXZuTd5lGzNn01+5sTPMXEDbSaVUcuLc0
qxGNS/Eqs4qAy7FJK9sTMjPvfiPNSp40DOKfKO3dEyGawp3yKOlTNU+fLJT8qsPX
KjUghx2VTtZGOZVijB/VGdx0ecfqWK+FNR7ppU2+370PmDmCdWjlDF2S8CdROMCf
K90VEdvyXKi5NMxM6yRHgRgJTDhCqdKgWQE+NQ/pYqDYt8m2dJAupYKXrnddv5nz
0D9kxRylYi53LigGdDwwAq/R4fjOzZ1trstB4heMx9uMK9YsntOtMzTbOWpYxkqC
klAk7q70TPn8jj8JFYa5UhhDso2EwsfJJXQMReVk3Fs0Kg8hWJLsYyVwJjgAnSNH
1Cu9PvsC1diytKY63+pCJyzxql4ITqgHuVaC8lF/UsxSeTNqQSShviPmSV0V1a8h
W9iTH3oWwLkFp/yczJwLIfkCqMnYpBXE1RmnZfwOu38uWLizo4nVKIbN0Ak7dKX5
4knFkMeqig76Sz059sj1J4V3RwdEaa2do9wzD7893V80NfNWulEqMYG/ZWo8ibXf
gw4EAEyfIC1EldSoWbolhg/wrqqRN2yAij7UjHXDDFbGROyArc746HmkDIvS/RyA
4kGN/8Q5rYZnhoMh3lz1C5HfI0adSmZpjPjeKez1Pknk5lcmkmeoQ/e1Lq2w8Vz6
PqdqbgdHgUE64N5suxrbczMYtXv4sa+sEbs008UoUFHWp1mMVvLqgHkxcMA6qgvo
JM6SPC8yo+di9OGCh92BKo13hbNK0dcs+5Eoq2ahz8e2LM5v4EPHjzqNpEoXTbHw
YepbkgUClp0o8rrxbKQWGpG/x9Yjx8x3TJG2goAxQhjAMmovsbk+U/SuekthWU06
pVC5piI6oho/Tcz4EQsUQMW1lctUVoRuvRZEu7+OTaOUhyv3yXW12gOWM8oVusgh
LE2NaYGiiCun0FI3oJsmmzWn+6xJvYaQM9yFwEhzUFwBDw0BxmCKun8dJ212rvGd
AUVseiVNsR9f3hmHuAT0W+B3XMDq9mAX7rNBts83XfcKrspL5ovKJ2/Um2aOnJwY
rxE=
-----END ENCRYPTED PRIVATE KEY-----
</key>
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-server
# script in the easy-rsa folder will do this.
#
# Note!
# The option "ns-cert-type" has been deprecated since
# version 2.4 and will be removed from later distributions.
#
# Use the modern equivalent "remote-cert-tls"
#
;ns-cert-type server
remote-cert-tls server
# If a tls-auth key is used on the server
# then every client must also have the key.
#
# Don't forget to set the 'key-direction' Parameter if using
# Inline Key. Usualy , sever has key direction '0', while client
# has ke direction '1'.
#
key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
aea26f8f0a99ff84f7a6a6f426bef710
2998c49555c2770d954b9251a74b6e30
3859a0a8c086f3509c440c50bf3230e3
d5bc2b247119a4fdb59aefdd2376475d
f060a24165022d981ddee0704d580587
752e520d930b24580ae5ccbef266c471
6ef8dfdd6ba9de23e63823841086a151
90e146c1d085b274d3403de9bd827935
cd18fd2cb4005f3c133802ccc0c2f885
decd3b5fd4d6dd53dc478c59f3a84dc5
e9a3d51e805811af39647a9904605b99
2dbf311089315fcbafa70b89e2d49b1b
d425b598f7551a2cb21ef9315a97e36b
2152699cf9ec5fa90df659495575a935
bceb34f91889eda617d2c6b26573c6c1
ce620dd47a0b08e6da791cf979ed8c44
-----END OpenVPN Static key V1-----
</tls-auth>
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
cipher AES-256-CBC
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
;comp-lzo
# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 1
# Setting 'pull' on the client takes care to get the 'push' durectives
# from the server
pull

18
ANW-URB/openvpn/gw-ckubu/crl.pem Normal file
View File

@ -0,0 +1,18 @@
-----BEGIN X509 CRL-----
MIIC7zCB2DANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCREUxDzANBgNVBAgT
BkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNV
BAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1BTlctVVJCMRQwEgYD
VQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUX
DTE4MDcwMTEyMDgxOVoYDzIwNTAwNzAxMTIwODE5WjANBgkqhkiG9w0BAQsFAAOC
AgEAJSt0Nn+jtnoBtcYIMyn580t85fkd2h/8+5iwCdi1tAfHS1SAwP4OSbH6HKqJ
w9AXIJlkAuHjyOr/TxyoIns8DZIOPrvNoC1hRuym09IkvTnnqM69tTNZk/fbLYft
tEiW2Hnrnk9rHnHm0FFBKCWO1hM0nv896YVBgoo/Wh+Qm7afb96l2ifd4Ycgo5zA
NLTZ3p/S5fyKsXTyXpYP2qF2aMQntebxWmrwYUURswvJKo79d/fN9pPGPlBzRkvV
8NsJA2o4b3s2gKzMShkiJNm2PfoDFQ7bVRZNqMpyJ5rB6HXqUOQVbnlbYB1NW4DZ
2HYQrqeZpv1RRmS2vsRszB4Imp2gKaKAwcWy7ZSAyP70B9nSZN0HjzUpg99gDMFS
JbPWqejwr9b0lFAJAn6EwhMVO6e13SnrHmjDK3Lo4acGRZBbfxZDU0feBxVf0sHe
pWYe59AunQJY9l8H5OYhV8ilnTpe4amEsqGCYVQOmC9NwNJRRoxlJgysfhtI6fU1
p4Qab1RNlewzIZG3FGvFdyYLivvO0kk5U+QVK8wMrYfA4hQGS9I92BL91hiM3Vlc
fVrgZ+GZgOo3x5GjgSodmMPmi1FWmwEBrDns0kkBQvf/6j+i1MA/krRXHJFAW9Fs
POBVtkRCA7hPaZVXpmyywU8IHdL3ZLPVCefzpYE66oSCWPY=
-----END X509 CRL-----

1
ANW-URB/openvpn/gw-ckubu/easy-rsa/build-ca Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-ca

1
ANW-URB/openvpn/gw-ckubu/easy-rsa/build-dh Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-dh

1
ANW-URB/openvpn/gw-ckubu/easy-rsa/build-inter Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-inter

1
ANW-URB/openvpn/gw-ckubu/easy-rsa/build-key Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-key

1
ANW-URB/openvpn/gw-ckubu/easy-rsa/build-key-pass Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-key-pass

1
ANW-URB/openvpn/gw-ckubu/easy-rsa/build-key-pkcs12 Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-key-pkcs12

1
ANW-URB/openvpn/gw-ckubu/easy-rsa/build-key-server Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-key-server

1
ANW-URB/openvpn/gw-ckubu/easy-rsa/build-req Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-req

1
ANW-URB/openvpn/gw-ckubu/easy-rsa/build-req-pass Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-req-pass

1
ANW-URB/openvpn/gw-ckubu/easy-rsa/clean-all Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/clean-all

1
ANW-URB/openvpn/gw-ckubu/easy-rsa/inherit-inter Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/inherit-inter

1
ANW-URB/openvpn/gw-ckubu/easy-rsa/list-crl Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/list-crl

268
ANW-URB/openvpn/gw-ckubu/easy-rsa/openssl-0.9.6.cnf Normal file
View File

@ -0,0 +1,268 @@
# For use with easy-rsa version 2.0
#
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = $ENV::KEY_DIR # Where everything is kept
certs = $dir # Where the issued certs are kept
crl_dir = $dir # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir # default place for new certs.
certificate = $dir/ca.crt # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/ca.key # The private key
RANDFILE = $dir/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 3650 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = sha256 # which md to use.
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
####################################################################
[ req ]
default_bits = $ENV::KEY_SIZE
default_keyfile = privkey.pem
default_md = sha256
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString.
# utf8only: only UTF8Strings.
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
# so use this option with caution!
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = $ENV::KEY_COUNTRY
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = $ENV::KEY_PROVINCE
localityName = Locality Name (eg, city)
localityName_default = $ENV::KEY_CITY
0.organizationName = Organization Name (eg, company)
0.organizationName_default = $ENV::KEY_ORG
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
emailAddress = Email Address
emailAddress_default = $ENV::KEY_EMAIL
emailAddress_max = 40
# JY -- added for batch mode
organizationalUnitName_default = $ENV::KEY_OU
commonName_default = $ENV::KEY_CN
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "Easy-RSA Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=clientAuth
keyUsage = digitalSignature
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
subjectAltName=$ENV::KEY_ALTNAMES
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ server ]
# JY ADDED -- Make a cert with nsCertType set to "server"
basicConstraints=CA:FALSE
nsCertType = server
nsComment = "Easy-RSA Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=serverAuth
keyUsage = digitalSignature, keyEncipherment
subjectAltName=$ENV::KEY_ALTNAMES
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always

293
ANW-URB/openvpn/gw-ckubu/easy-rsa/openssl-0.9.8.cnf Normal file
View File

@ -0,0 +1,293 @@
# For use with easy-rsa version 2.0
#
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
openssl_conf = openssl_init
[ openssl_init ]
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
engines = engine_section
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = $ENV::KEY_DIR # Where everything is kept
certs = $dir # Where the issued certs are kept
crl_dir = $dir # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir # default place for new certs.
certificate = $dir/ca.crt # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/ca.key # The private key
RANDFILE = $dir/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 3650 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = sha256 # which md to use.
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
####################################################################
[ req ]
default_bits = $ENV::KEY_SIZE
default_keyfile = privkey.pem
default_md = sha256
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString.
# utf8only: only UTF8Strings.
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
# so use this option with caution!
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = $ENV::KEY_COUNTRY
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = $ENV::KEY_PROVINCE
localityName = Locality Name (eg, city)
localityName_default = $ENV::KEY_CITY
0.organizationName = Organization Name (eg, company)
0.organizationName_default = $ENV::KEY_ORG
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
name = Name
name_max = 64
emailAddress = Email Address
emailAddress_default = $ENV::KEY_EMAIL
emailAddress_max = 40
# JY -- added for batch mode
organizationalUnitName_default = $ENV::KEY_OU
commonName_default = $ENV::KEY_CN
name_default = $ENV::KEY_NAME
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "Easy-RSA Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=clientAuth
keyUsage = digitalSignature
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
subjectAltName=$ENV::KEY_ALTNAMES
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ server ]
# JY ADDED -- Make a cert with nsCertType set to "server"
basicConstraints=CA:FALSE
nsCertType = server
nsComment = "Easy-RSA Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=serverAuth
keyUsage = digitalSignature, keyEncipherment
subjectAltName=$ENV::KEY_ALTNAMES
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always
[ engine_section ]
#
# If you are using PKCS#11
# Install engine_pkcs11 of opensc (www.opensc.org)
# And uncomment the following
# verify that dynamic_path points to the correct location
#
#pkcs11 = pkcs11_section
[ pkcs11_section ]
engine_id = pkcs11
dynamic_path = /usr/lib/engines/engine_pkcs11.so
MODULE_PATH = $ENV::PKCS11_MODULE_PATH
PIN = $ENV::PKCS11_PIN
init = 0

290
ANW-URB/openvpn/gw-ckubu/easy-rsa/openssl-1.0.0.cnf Normal file
View File

@ -0,0 +1,290 @@
# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
openssl_conf = openssl_init
[ openssl_init ]
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
engines = engine_section
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = $ENV::KEY_DIR # Where everything is kept
certs = $dir # Where the issued certs are kept
crl_dir = $dir # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir # default place for new certs.
certificate = $dir/ca.crt # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/ca.key # The private key
RANDFILE = $dir/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
#default_days = 3650 # how long to certify for
default_days = 11688
#default_crl_days= 30 # how long before next CRL
default_crl_days = 11688
default_md = sha256 # use public key default MD
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
####################################################################
[ req ]
default_bits = $ENV::KEY_SIZE
default_keyfile = privkey.pem
default_md = sha256
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString (PKIX recommendation after 2004).
# utf8only: only UTF8Strings (PKIX recommendation after 2004).
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = $ENV::KEY_COUNTRY
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = $ENV::KEY_PROVINCE
localityName = Locality Name (eg, city)
localityName_default = $ENV::KEY_CITY
0.organizationName = Organization Name (eg, company)
0.organizationName_default = $ENV::KEY_ORG
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
name = Name
name_max = 64
emailAddress = Email Address
emailAddress_default = $ENV::KEY_EMAIL
emailAddress_max = 40
# JY -- added for batch mode
organizationalUnitName_default = $ENV::KEY_OU
commonName_default = $ENV::KEY_CN
name_default = $ENV::KEY_NAME
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "Easy-RSA Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=clientAuth
keyUsage = digitalSignature
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
subjectAltName=$ENV::KEY_ALTNAMES
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ server ]
# JY ADDED -- Make a cert with nsCertType set to "server"
basicConstraints=CA:FALSE
nsCertType = server
nsComment = "Easy-RSA Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=serverAuth
keyUsage = digitalSignature, keyEncipherment
subjectAltName=$ENV::KEY_ALTNAMES
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always
[ engine_section ]
#
# If you are using PKCS#11
# Install engine_pkcs11 of opensc (www.opensc.org)
# And uncomment the following
# verify that dynamic_path points to the correct location
#
#pkcs11 = pkcs11_section
[ pkcs11_section ]
engine_id = pkcs11
dynamic_path = /usr/lib/engines/engine_pkcs11.so
MODULE_PATH = $ENV::PKCS11_MODULE_PATH
PIN = $ENV::PKCS11_PIN
init = 0

288
ANW-URB/openvpn/gw-ckubu/easy-rsa/openssl-1.0.0.cnf.ORIG Normal file
View File

@ -0,0 +1,288 @@
# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
openssl_conf = openssl_init
[ openssl_init ]
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
engines = engine_section
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = $ENV::KEY_DIR # Where everything is kept
certs = $dir # Where the issued certs are kept
crl_dir = $dir # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir # default place for new certs.
certificate = $dir/ca.crt # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/ca.key # The private key
RANDFILE = $dir/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 3650 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = sha256 # use public key default MD
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
####################################################################
[ req ]
default_bits = $ENV::KEY_SIZE
default_keyfile = privkey.pem
default_md = sha256
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString (PKIX recommendation after 2004).
# utf8only: only UTF8Strings (PKIX recommendation after 2004).
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = $ENV::KEY_COUNTRY
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = $ENV::KEY_PROVINCE
localityName = Locality Name (eg, city)
localityName_default = $ENV::KEY_CITY
0.organizationName = Organization Name (eg, company)
0.organizationName_default = $ENV::KEY_ORG
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
name = Name
name_max = 64
emailAddress = Email Address
emailAddress_default = $ENV::KEY_EMAIL
emailAddress_max = 40
# JY -- added for batch mode
organizationalUnitName_default = $ENV::KEY_OU
commonName_default = $ENV::KEY_CN
name_default = $ENV::KEY_NAME
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "Easy-RSA Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=clientAuth
keyUsage = digitalSignature
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
subjectAltName=$ENV::KEY_ALTNAMES
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ server ]
# JY ADDED -- Make a cert with nsCertType set to "server"
basicConstraints=CA:FALSE
nsCertType = server
nsComment = "Easy-RSA Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=serverAuth
keyUsage = digitalSignature, keyEncipherment
subjectAltName=$ENV::KEY_ALTNAMES
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always
[ engine_section ]
#
# If you are using PKCS#11
# Install engine_pkcs11 of opensc (www.opensc.org)
# And uncomment the following
# verify that dynamic_path points to the correct location
#
#pkcs11 = pkcs11_section
[ pkcs11_section ]
engine_id = pkcs11
dynamic_path = /usr/lib/engines/engine_pkcs11.so
MODULE_PATH = $ENV::PKCS11_MODULE_PATH
PIN = $ENV::PKCS11_PIN
init = 0

1
ANW-URB/openvpn/gw-ckubu/easy-rsa/pkitool Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/pkitool

1
ANW-URB/openvpn/gw-ckubu/easy-rsa/revoke-full Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/revoke-full

1
ANW-URB/openvpn/gw-ckubu/easy-rsa/sign-req Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/sign-req

96
ANW-URB/openvpn/gw-ckubu/easy-rsa/vars Normal file
View File

@ -0,0 +1,96 @@
# easy-rsa parameter settings
# NOTE: If you installed from an RPM,
# don't edit this file in place in
# /usr/share/openvpn/easy-rsa --
# instead, you should copy the whole
# easy-rsa directory to another location
# (such as /etc/openvpn) so that your
# edits will not be wiped out by a future
# OpenVPN package upgrade.
# This variable should point to
# the top level of the easy-rsa
# tree.
##export EASY_RSA="`pwd`"
export BASE_DIR="/etc/openvpn/gw-ckubu"
export EASY_RSA="$BASE_DIR/easy-rsa"
#
# This variable should point to
# the requested executables
#
export OPENSSL="openssl"
export PKCS11TOOL="pkcs11-tool"
export GREP="grep"
# This variable should point to
# the openssl.cnf file included
# with easy-rsa.
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
# Edit this variable to point to
# your soon-to-be-created key
# directory.
#
# WARNING: clean-all will do
# a rm -rf on this directory
# so make sure you define
# it correctly!
##export KEY_DIR="$EASY_RSA/keys"
export KEY_DIR="$BASE_DIR/keys"
# Issue rm -rf warning
echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
# PKCS11 fixes
export PKCS11_MODULE_PATH="dummy"
export PKCS11_PIN="dummy"
# Increase this to 2048 if you
# are paranoid. This will slow
# down TLS negotiation performance
# as well as the one-time DH parms
# generation process.
##export KEY_SIZE=2048
export KEY_SIZE=4096
# In how many days should the root CA key expire?
##export CA_EXPIRE=3650
export CA_EXPIRE=11688
# In how many days should certificates expire?
##export KEY_EXPIRE=3650
export KEY_EXPIRE=7305
# These are the default values for fields
# which will be placed in the certificate.
# Don't leave any of these fields blank.
##export KEY_COUNTRY="US"
export KEY_COUNTRY="DE"
##export KEY_PROVINCE="CA"
export KEY_PROVINCE="Berlin"
##export KEY_CITY="SanFrancisco"
export KEY_CITY="Berlin"
##export KEY_ORG="Fort-Funston"
export KEY_ORG="o.open"
##export KEY_EMAIL="me@myhost.mydomain"
export KEY_EMAIL="argus@oopen.de"
##export KEY_OU="MyOrganizationalUnit"
export KEY_OU="Network Services"
# X509 Subject Field
##export KEY_NAME="EasyRSA"
export KEY_NAME="VPN ANW-URB"
# PKCS11 Smart Card
# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
# export PKCS11_PIN=1234
# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
## export KEY_CN="CommonName"
export KEY_CN="VPN-ANW-URB"
export KEY_ALTNAMES="VPN-ANW-URB"

80
ANW-URB/openvpn/gw-ckubu/easy-rsa/vars.2018-07-01-1354 Normal file
View File

@ -0,0 +1,80 @@
# easy-rsa parameter settings
# NOTE: If you installed from an RPM,
# don't edit this file in place in
# /usr/share/openvpn/easy-rsa --
# instead, you should copy the whole
# easy-rsa directory to another location
# (such as /etc/openvpn) so that your
# edits will not be wiped out by a future
# OpenVPN package upgrade.
# This variable should point to
# the top level of the easy-rsa
# tree.
export EASY_RSA="`pwd`"
#
# This variable should point to
# the requested executables
#
export OPENSSL="openssl"
export PKCS11TOOL="pkcs11-tool"
export GREP="grep"
# This variable should point to
# the openssl.cnf file included
# with easy-rsa.
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
# Edit this variable to point to
# your soon-to-be-created key
# directory.
#
# WARNING: clean-all will do
# a rm -rf on this directory
# so make sure you define
# it correctly!
export KEY_DIR="$EASY_RSA/keys"
# Issue rm -rf warning
echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
# PKCS11 fixes
export PKCS11_MODULE_PATH="dummy"
export PKCS11_PIN="dummy"
# Increase this to 2048 if you
# are paranoid. This will slow
# down TLS negotiation performance
# as well as the one-time DH parms
# generation process.
export KEY_SIZE=2048
# In how many days should the root CA key expire?
export CA_EXPIRE=3650
# In how many days should certificates expire?
export KEY_EXPIRE=3650
# These are the default values for fields
# which will be placed in the certificate.
# Don't leave any of these fields blank.
export KEY_COUNTRY="US"
export KEY_PROVINCE="CA"
export KEY_CITY="SanFrancisco"
export KEY_ORG="Fort-Funston"
export KEY_EMAIL="me@myhost.mydomain"
export KEY_OU="MyOrganizationalUnit"
# X509 Subject Field
export KEY_NAME="EasyRSA"
# PKCS11 Smart Card
# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
# export PKCS11_PIN=1234
# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
# export KEY_CN="CommonName"

1
ANW-URB/openvpn/gw-ckubu/easy-rsa/whichopensslcnf Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/whichopensslcnf

4
ANW-URB/openvpn/gw-ckubu/keys-created.txt Normal file
View File

@ -0,0 +1,4 @@
key...............: gw-ckubu.key
common name.......: VPN-ANW-URB-gw-ckubu
password..........: iBeiGo4she3oorae3ualuj4seegaiwih

142
ANW-URB/openvpn/gw-ckubu/keys/01.pem Normal file
View File

@ -0,0 +1,142 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-ANW-URB/name=VPN ANW-URB/emailAddress=argus@oopen.de
Validity
Not Before: Jul 1 12:08:00 2018 GMT
Not After : Jul 1 12:08:00 2038 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-ANW-URB-server/name=VPN ANW-URB/emailAddress=argus@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:dc:d8:37:7c:82:5d:f7:52:61:1a:64:5e:4e:4c:
66:8f:81:4a:70:de:4f:ed:ab:7e:8c:dc:aa:6d:77:
2d:53:b6:7e:80:e7:54:e0:98:81:cf:f2:e7:bf:2c:
62:5e:31:54:aa:e5:ce:8f:b3:86:31:22:6c:0e:bd:
bd:c6:df:a8:1e:90:4c:aa:6b:af:85:85:e8:37:db:
13:fa:83:40:7f:5d:2f:d5:4b:35:8b:36:7e:ae:50:
a5:b1:7d:dc:d2:db:d1:20:5a:7b:ec:fb:b9:04:54:
d5:b9:13:7a:cd:50:7b:f8:68:f2:03:4b:34:92:5d:
65:dc:99:2b:03:f0:93:a7:5b:df:5b:be:f1:c8:c7:
d0:03:c3:fa:f5:27:3e:1d:87:9c:af:22:3a:c5:12:
f1:7e:52:ed:73:db:a7:a3:01:e4:ab:7b:34:a4:30:
8c:c4:9f:bf:f6:0b:5f:31:eb:15:90:d9:b1:c1:00:
e2:22:50:d8:91:1a:d5:49:fe:bd:1d:48:41:1a:1c:
54:cc:50:88:a3:4d:b4:24:6b:54:d1:e5:f9:6d:88:
a5:cb:8d:1d:29:50:2d:01:8e:41:2a:ce:57:08:c9:
96:4e:27:7a:74:6f:ed:99:cf:c4:e5:f2:9a:d8:1d:
ec:24:f1:2d:8e:48:ec:60:6f:d0:96:fc:dd:87:98:
b2:b6:92:e4:eb:f6:22:9a:ed:63:c2:ba:a7:f2:87:
1d:50:d0:ee:cd:93:47:a6:d3:db:5d:f7:af:58:cc:
13:e8:dd:1b:73:20:1c:66:b8:ca:91:fb:96:80:7d:
93:fd:e9:80:2a:9b:17:41:24:6b:ea:fa:65:5f:17:
47:99:0a:c2:93:67:e9:11:6c:fb:84:b7:f2:4a:15:
46:19:13:d3:6f:94:93:06:57:b6:44:77:8f:c1:0e:
38:6f:1a:98:15:87:f6:91:c8:ac:38:f6:78:44:dd:
8f:e2:6e:da:72:0e:81:61:d3:cd:61:cd:fa:3c:9c:
6f:0c:fa:cd:91:5b:b2:98:65:cd:ed:19:34:d7:2f:
53:fa:a4:c2:4c:bb:39:2d:b7:fc:db:0d:b7:a9:38:
2c:15:ff:24:78:e1:66:d4:4b:22:95:87:da:6d:1e:
81:73:93:45:13:5e:7a:b1:a6:3c:a2:41:96:e2:ec:
bb:5d:1e:d2:33:8f:1e:05:7f:a9:ef:b0:59:45:d2:
9d:06:fc:ba:84:24:3a:0c:8c:a2:fd:d9:8a:91:21:
a4:47:c3:a9:ca:07:7a:9d:4c:67:f0:de:29:9b:2c:
4f:4b:fc:d6:91:78:44:52:41:a8:9d:4c:c1:15:90:
93:2c:1b:91:28:7c:4e:3d:f6:a8:3a:e0:fc:05:de:
a3:ec:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Server
Netscape Comment:
Easy-RSA Generated Server Certificate
X509v3 Subject Key Identifier:
8D:6F:B4:C0:CA:39:8E:D1:BC:31:63:A4:32:BB:B0:C8:66:6C:7E:A3
X509v3 Authority Key Identifier:
keyid:83:CE:05:AA:76:4D:6F:F5:F6:53:D5:90:06:B8:99:9A:9A:CA:BF:CA
DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-ANW-URB/name=VPN ANW-URB/emailAddress=argus@oopen.de
serial:BA:7F:28:9D:63:2F:B7:DE
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Subject Alternative Name:
DNS:server
Signature Algorithm: sha256WithRSAEncryption
14:4f:8a:df:e6:49:a2:f4:59:cd:15:11:38:ee:de:80:07:0f:
52:87:d2:46:af:32:87:83:17:8e:e7:98:fb:f2:75:8d:85:32:
92:2d:df:41:eb:f9:74:7f:46:64:d2:1b:3b:60:2b:4c:c9:f3:
8a:50:91:04:ef:dc:aa:fd:03:ed:7b:9e:d8:d8:b5:df:ce:22:
d3:93:ea:92:50:d2:89:e2:a8:41:d9:19:13:d7:ab:3e:57:22:
54:73:cb:b4:03:30:be:c8:ea:fb:2f:96:30:74:29:d1:c1:4e:
9f:f6:c4:42:cd:67:b0:12:15:99:0b:58:d5:9c:0b:a0:65:6d:
44:b9:65:a4:f3:fd:d8:87:dd:f9:da:1c:0b:3d:96:1c:d1:29:
68:30:73:89:83:b8:3d:f5:f9:51:3c:c6:32:17:3a:c7:f8:1f:
81:09:9e:cd:87:27:3d:f6:62:57:0d:75:62:60:65:34:13:5d:
09:19:be:f5:57:23:c7:be:6b:0c:b5:67:a0:ec:8d:c1:0d:9c:
1f:e2:78:58:83:f8:30:a4:3e:72:e7:31:62:0e:d0:da:84:ce:
95:6c:1e:69:62:ee:c8:b0:61:55:1c:15:5e:69:7c:5c:c4:95:
91:28:7a:63:66:65:66:8f:0c:4e:cd:38:aa:94:11:d0:a0:cf:
2a:d5:fb:e1:3a:6b:b9:6c:13:cd:b9:e0:2e:8b:cd:c7:06:cf:
12:17:32:0e:ae:50:cf:7f:04:df:8f:c9:bb:eb:5f:72:b7:63:
ec:31:e8:1a:a2:94:93:43:64:17:69:ab:26:61:1d:fd:85:e3:
c1:60:ed:c2:9d:f6:04:11:a5:ff:77:e0:d3:ef:75:90:99:36:
ab:62:59:fd:75:df:95:be:c7:1a:e0:eb:92:07:f9:a7:6b:a3:
3c:30:14:99:60:e3:04:3c:ba:45:91:fd:bf:1d:6a:d8:26:61:
eb:8d:76:7e:74:7c:d5:a3:50:0a:ab:cf:c8:f1:85:65:e4:6c:
10:11:91:f8:68:54:05:37:11:9e:ee:1c:5d:60:f7:b3:40:cf:
9c:c1:f4:3a:26:6c:d2:72:19:20:3c:da:27:9d:17:dd:75:f1:
b8:b3:9e:bc:92:4f:18:26:ad:38:a6:27:2a:92:b1:8e:23:96:
ff:0b:b1:96:ed:40:b6:da:3c:52:49:09:07:1d:6d:ed:02:78:
fd:55:95:db:8c:6c:85:2b:5d:4b:56:0f:ea:49:6d:2d:10:c7:
df:a8:3f:dd:b5:c5:be:ba:69:b0:a5:b0:c7:06:71:be:af:33:
c3:4e:71:aa:ce:1b:51:2f:dd:bc:c7:a0:8e:92:b1:ff:3b:cf:
a7:62:fd:35:c6:01:64:66
-----BEGIN CERTIFICATE-----
MIIHXDCCBUSgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1BTlct
VVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
b29wZW4uZGUwHhcNMTgwNzAxMTIwODAwWhcNMzgwNzAxMTIwODAwWjCBrTELMAkG
A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGzAZBgNVBAMT
ElZQTi1BTlctVVJCLXNlcnZlcjEUMBIGA1UEKRMLVlBOIEFOVy1VUkIxHTAbBgkq
hkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
MIICCgKCAgEA3Ng3fIJd91JhGmReTkxmj4FKcN5P7at+jNyqbXctU7Z+gOdU4JiB
z/LnvyxiXjFUquXOj7OGMSJsDr29xt+oHpBMqmuvhYXoN9sT+oNAf10v1Us1izZ+
rlClsX3c0tvRIFp77Pu5BFTVuRN6zVB7+GjyA0s0kl1l3JkrA/CTp1vfW77xyMfQ
A8P69Sc+HYecryI6xRLxflLtc9unowHkq3s0pDCMxJ+/9gtfMesVkNmxwQDiIlDY
kRrVSf69HUhBGhxUzFCIo020JGtU0eX5bYily40dKVAtAY5BKs5XCMmWTid6dG/t
mc/E5fKa2B3sJPEtjkjsYG/Qlvzdh5iytpLk6/Yimu1jwrqn8ocdUNDuzZNHptPb
XfevWMwT6N0bcyAcZrjKkfuWgH2T/emAKpsXQSRr6vplXxdHmQrCk2fpEWz7hLfy
ShVGGRPTb5STBle2RHePwQ44bxqYFYf2kcisOPZ4RN2P4m7acg6BYdPNYc36PJxv
DPrNkVuymGXN7Rk01y9T+qTCTLs5Lbf82w23qTgsFf8keOFm1EsilYfabR6Bc5NF
E156saY8okGW4uy7XR7SM48eBX+p77BZRdKdBvy6hCQ6DIyi/dmKkSGkR8Opygd6
nUxn8N4pmyxPS/zWkXhEUkGonUzBFZCTLBuRKHxOPfaoOuD8Bd6j7FECAwEAAaOC
AYowggGGMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMDQGCWCGSAGG+EIB
DQQnFiVFYXN5LVJTQSBHZW5lcmF0ZWQgU2VydmVyIENlcnRpZmljYXRlMB0GA1Ud
DgQWBBSNb7TAyjmO0bwxY6Qyu7DIZmx+ozCB2wYDVR0jBIHTMIHQgBSDzgWqdk1v
9fZT1ZAGuJmamsq/yqGBrKSBqTCBpjELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJl
cmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsT
EE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1BTlctVVJCMRQwEgYDVQQp
EwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQC6
fyidYy+33jATBgNVHSUEDDAKBggrBgEFBQcDATALBgNVHQ8EBAMCBaAwEQYDVR0R
BAowCIIGc2VydmVyMA0GCSqGSIb3DQEBCwUAA4ICAQAUT4rf5kmi9FnNFRE47t6A
Bw9Sh9JGrzKHgxeO55j78nWNhTKSLd9B6/l0f0Zk0hs7YCtMyfOKUJEE79yq/QPt
e57Y2LXfziLTk+qSUNKJ4qhB2RkT16s+VyJUc8u0AzC+yOr7L5YwdCnRwU6f9sRC
zWewEhWZC1jVnAugZW1EuWWk8/3Yh9352hwLPZYc0SloMHOJg7g99flRPMYyFzrH
+B+BCZ7Nhyc99mJXDXViYGU0E10JGb71VyPHvmsMtWeg7I3BDZwf4nhYg/gwpD5y
5zFiDtDahM6VbB5pYu7IsGFVHBVeaXxcxJWRKHpjZmVmjwxOzTiqlBHQoM8q1fvh
Omu5bBPNueAui83HBs8SFzIOrlDPfwTfj8m7619yt2PsMegaopSTQ2QXaasmYR39
hePBYO3CnfYEEaX/d+DT73WQmTarYln9dd+Vvsca4OuSB/mna6M8MBSZYOMEPLpF
kf2/HWrYJmHrjXZ+dHzVo1AKq8/I8YVl5GwQEZH4aFQFNxGe7hxdYPezQM+cwfQ6
JmzSchkgPNonnRfddfG4s568kk8YJq04picqkrGOI5b/C7GW7UC22jxSSQkHHW3t
Anj9VZXbjGyFK11LVg/qSW0tEMffqD/dtcW+ummwpbDHBnG+rzPDTnGqzhtRL928
x6COkrH/O8+nYv01xgFkZg==
-----END CERTIFICATE-----

139
ANW-URB/openvpn/gw-ckubu/keys/02.pem Normal file
View File

@ -0,0 +1,139 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-ANW-URB/name=VPN ANW-URB/emailAddress=argus@oopen.de
Validity
Not Before: Jul 1 12:19:59 2018 GMT
Not After : Jul 1 12:19:59 2038 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-ANW-URB-gw-ckubu/name=VPN ANW-URB/emailAddress=argus@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:cf:d1:f3:c8:f7:01:10:52:38:4c:48:6f:74:f1:
42:35:7c:c8:e1:a5:d6:85:b2:86:99:66:91:47:26:
d6:cd:6d:d2:28:1b:0e:ec:a4:bb:78:30:31:e8:4e:
5c:57:fb:04:0d:47:21:3e:21:22:93:70:17:27:6b:
9e:cb:84:b8:ae:91:d3:d7:ac:99:45:fc:44:eb:ea:
fa:3f:96:70:3b:3c:66:bd:86:72:6f:87:32:62:9d:
21:b9:0d:d3:f5:28:ca:44:18:06:ed:59:be:93:e0:
51:45:5b:31:3b:af:b9:4f:ad:c8:77:66:71:2a:87:
17:6f:ba:0f:8c:29:70:ad:57:6b:99:43:2d:7c:93:
9d:9d:75:a4:53:14:08:d5:af:dc:12:8a:bf:de:da:
bc:31:0f:ee:fe:e3:8f:0b:f9:91:ec:f3:7f:73:c5:
09:02:83:0d:a1:cc:26:eb:09:a3:0f:3b:f4:50:e4:
2c:1f:8e:b1:cd:ee:9c:95:b7:49:c2:79:a7:7c:d0:
5c:7f:76:b8:74:c4:f9:3c:6c:5d:fc:61:c2:86:17:
03:c8:da:50:be:3f:b0:38:22:42:26:27:87:bf:94:
eb:7e:2f:3e:7b:eb:15:cc:ab:7d:6a:92:f8:bc:30:
86:12:32:20:3e:d8:eb:bd:51:6b:23:fe:63:6e:94:
6c:d4:aa:9d:b0:b4:ec:5b:68:0d:a8:13:d2:8c:19:
0c:37:0b:c1:e4:5f:89:7f:83:5c:0e:66:85:9f:6f:
8c:21:51:14:eb:33:ca:41:77:65:2f:4b:ff:fb:15:
41:b6:df:2a:05:b7:20:f4:93:31:11:16:f4:d3:d8:
4b:37:c2:12:a2:9d:e5:2d:1f:10:29:0e:17:f4:99:
74:f9:6a:24:b8:e4:6a:6e:7b:c1:21:e0:bc:e5:fd:
20:5a:9f:e5:ad:6d:88:86:b0:c5:17:71:dc:82:ed:
aa:17:30:6b:91:bd:e1:15:d0:18:ce:e6:18:26:2b:
8b:d3:a6:07:57:7c:cd:af:b4:88:ff:fd:e5:84:46:
c9:b7:48:1b:64:ec:1f:cc:12:a2:12:f5:79:33:f4:
42:c8:39:b7:01:4b:19:4f:1a:19:da:24:01:cb:ad:
57:25:6d:19:bb:0c:d6:6a:37:57:ae:58:09:d0:68:
9c:91:b4:d1:32:5d:4c:75:85:e5:b3:08:40:94:63:
92:f9:bf:12:ea:42:8d:06:27:ae:e8:03:95:45:57:
67:6e:31:30:c8:72:13:01:07:c5:25:58:da:32:34:
30:65:7d:6c:51:80:7f:48:d7:7e:b1:91:9a:65:36:
4f:dc:49:56:99:c3:b4:4b:fe:c4:0d:cf:b8:15:ad:
fc:0e:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
E4:08:A5:94:1E:3A:3A:1E:5B:31:08:35:C0:54:32:38:37:B9:30:13
X509v3 Authority Key Identifier:
keyid:83:CE:05:AA:76:4D:6F:F5:F6:53:D5:90:06:B8:99:9A:9A:CA:BF:CA
DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-ANW-URB/name=VPN ANW-URB/emailAddress=argus@oopen.de
serial:BA:7F:28:9D:63:2F:B7:DE
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:gw-ckubu
Signature Algorithm: sha256WithRSAEncryption
64:8b:94:5f:e0:6a:21:35:fa:25:43:6e:92:da:59:20:12:7c:
6b:99:7f:18:d7:39:e9:8d:f9:cc:e2:93:3c:bd:9c:ee:51:0e:
a9:21:d7:ba:09:21:ab:ee:8f:94:4e:7f:ec:01:31:40:6a:4c:
f5:22:54:a9:5f:af:5c:cc:91:76:e6:dd:5e:bd:ce:6b:2c:00:
c3:a1:33:2a:1b:83:48:64:d0:4d:86:5e:da:f0:4d:be:af:c7:
01:6a:69:4b:a4:39:c8:d7:de:ef:4f:94:67:b3:7b:0a:3f:5a:
e4:09:60:7e:ba:79:fb:00:9a:09:2a:52:03:cb:c4:df:d2:5c:
24:9b:2b:f1:c2:fa:5e:bb:62:e4:1f:5e:81:ea:65:00:d9:dc:
4c:38:17:59:ba:d5:09:d0:25:c5:15:28:e4:15:a2:d2:d6:78:
a0:72:f5:06:ae:3f:61:93:a5:8a:8c:9a:a6:ca:5d:2a:20:af:
de:f9:49:d6:a9:45:34:1c:72:c6:93:ad:61:dd:d6:68:2c:16:
7d:97:66:57:08:91:fa:bd:ff:0d:68:20:b4:be:ba:9b:60:f1:
a1:bd:35:e6:51:26:84:91:65:09:f2:7e:17:d5:64:84:97:7a:
f7:ab:ef:77:ea:55:47:e1:d1:e7:b9:ac:f5:5d:ab:37:54:89:
8e:5f:d1:1e:2b:5b:e6:3c:31:38:e8:e9:dd:58:ba:f3:c9:63:
1a:ed:2a:d9:fa:66:52:cd:b9:8c:0d:64:78:c2:d3:23:e9:a3:
9b:57:ed:05:e5:52:1b:6b:32:d8:37:9c:fa:e2:94:ed:3b:a2:
94:4a:9b:cf:4e:90:ce:fc:15:36:e0:a5:2c:3f:c7:fa:03:c1:
06:37:45:56:0c:43:4c:09:ba:50:20:52:6c:32:f3:48:e0:60:
1f:87:c2:42:1a:21:13:96:d9:a6:dd:f1:75:f8:a8:15:c2:c1:
5d:8d:e8:c1:fa:3d:e3:e5:d6:db:71:d1:2a:66:a5:57:af:aa:
43:8b:22:2d:33:a7:28:d1:d2:a8:7f:a6:71:a7:6d:15:85:87:
3b:60:92:f6:88:7d:2b:40:93:4f:0a:30:d1:60:45:e9:31:de:
89:87:13:6f:ca:99:10:df:6b:3b:03:2c:78:f0:f5:2c:4c:6f:
74:f1:f6:03:27:9a:45:74:af:13:36:e1:5b:91:6d:63:61:e0:
a3:cd:41:a3:bb:8d:e0:df:ea:2b:7c:e3:2e:77:ad:3d:f8:a2:
57:0b:94:5e:63:8d:f9:8f:32:e1:e2:3c:96:ae:3c:ec:3f:c1:
64:70:16:b8:7f:84:5f:7d:9d:c7:4e:f1:cf:09:34:9c:0e:89:
ba:d7:be:38:9d:87:30:02
-----BEGIN CERTIFICATE-----
MIIHRjCCBS6gAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1BTlct
VVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
b29wZW4uZGUwHhcNMTgwNzAxMTIxOTU5WhcNMzgwNzAxMTIxOTU5WjCBrzELMAkG
A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxHTAbBgNVBAMT
FFZQTi1BTlctVVJCLWd3LWNrdWJ1MRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsG
CSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4IC
DwAwggIKAoICAQDP0fPI9wEQUjhMSG908UI1fMjhpdaFsoaZZpFHJtbNbdIoGw7s
pLt4MDHoTlxX+wQNRyE+ISKTcBcna57LhLiukdPXrJlF/ETr6vo/lnA7PGa9hnJv
hzJinSG5DdP1KMpEGAbtWb6T4FFFWzE7r7lPrch3ZnEqhxdvug+MKXCtV2uZQy18
k52ddaRTFAjVr9wSir/e2rwxD+7+448L+ZHs839zxQkCgw2hzCbrCaMPO/RQ5Cwf
jrHN7pyVt0nCead80Fx/drh0xPk8bF38YcKGFwPI2lC+P7A4IkImJ4e/lOt+Lz57
6xXMq31qkvi8MIYSMiA+2Ou9UWsj/mNulGzUqp2wtOxbaA2oE9KMGQw3C8HkX4l/
g1wOZoWfb4whURTrM8pBd2UvS//7FUG23yoFtyD0kzERFvTT2Es3whKineUtHxAp
Dhf0mXT5aiS45Gpue8Eh4Lzl/SBan+WtbYiGsMUXcdyC7aoXMGuRveEV0BjO5hgm
K4vTpgdXfM2vtIj//eWERsm3SBtk7B/MEqIS9Xkz9ELIObcBSxlPGhnaJAHLrVcl
bRm7DNZqN1euWAnQaJyRtNEyXUx1heWzCECUY5L5vxLqQo0GJ67oA5VFV2duMTDI
chMBB8UlWNoyNDBlfWxRgH9I136xkZplNk/cSVaZw7RL/sQNz7gVrfwOaQIDAQAB
o4IBcjCCAW4wCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2Vu
ZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBTkCKWUHjo6HlsxCDXAVDI4N7kw
EzCB2wYDVR0jBIHTMIHQgBSDzgWqdk1v9fZT1ZAGuJmamsq/yqGBrKSBqTCBpjEL
MAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8w
DQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNV
BAMTC1ZQTi1BTlctVVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3
DQEJARYOYXJndXNAb29wZW4uZGWCCQC6fyidYy+33jATBgNVHSUEDDAKBggrBgEF
BQcDAjALBgNVHQ8EBAMCB4AwEwYDVR0RBAwwCoIIZ3ctY2t1YnUwDQYJKoZIhvcN
AQELBQADggIBAGSLlF/gaiE1+iVDbpLaWSASfGuZfxjXOemN+czikzy9nO5RDqkh
17oJIavuj5ROf+wBMUBqTPUiVKlfr1zMkXbm3V69zmssAMOhMyobg0hk0E2GXtrw
Tb6vxwFqaUukOcjX3u9PlGezewo/WuQJYH66efsAmgkqUgPLxN/SXCSbK/HC+l67
YuQfXoHqZQDZ3Ew4F1m61QnQJcUVKOQVotLWeKBy9QauP2GTpYqMmqbKXSogr975
SdapRTQccsaTrWHd1mgsFn2XZlcIkfq9/w1oILS+uptg8aG9NeZRJoSRZQnyfhfV
ZISXever73fqVUfh0ee5rPVdqzdUiY5f0R4rW+Y8MTjo6d1YuvPJYxrtKtn6ZlLN
uYwNZHjC0yPpo5tX7QXlUhtrMtg3nPrilO07opRKm89OkM78FTbgpSw/x/oDwQY3
RVYMQ0wJulAgUmwy80jgYB+HwkIaIROW2abd8XX4qBXCwV2N6MH6PePl1ttx0Spm
pVevqkOLIi0zpyjR0qh/pnGnbRWFhztgkvaIfStAk08KMNFgRekx3omHE2/KmRDf
azsDLHjw9SxMb3Tx9gMnmkV0rxM24VuRbWNh4KPNQaO7jeDf6it84y53rT34olcL
lF5jjfmPMuHiPJauPOw/wWRwFrh/hF99ncdO8c8JNJwOibrXvjidhzAC
-----END CERTIFICATE-----

39
ANW-URB/openvpn/gw-ckubu/keys/ca.crt Normal file
View File

@ -0,0 +1,39 @@
-----BEGIN CERTIFICATE-----
MIIG5DCCBMygAwIBAgIJALp/KJ1jL7feMA0GCSqGSIb3DQEBCwUAMIGmMQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEUMBIGA1UEAxML
VlBOLUFOVy1VUkIxFDASBgNVBCkTC1ZQTiBBTlctVVJCMR0wGwYJKoZIhvcNAQkB
Fg5hcmd1c0Bvb3Blbi5kZTAgFw0xODA3MDExMjAxMTBaGA8yMDUwMDcwMTEyMDEx
MFowgaYxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJl
cmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2Vz
MRQwEgYDVQQDEwtWUE4tQU5XLVVSQjEUMBIGA1UEKRMLVlBOIEFOVy1VUkIxHTAb
BgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOC
Ag8AMIICCgKCAgEAwqxYiLmI2l30o0GJ0tFrt8G8pHrhuIUbgmaKpv+nvkDVZlYi
x7e36iGcswVwFrCRMkDSZk3assH95zr+psTDDpcsLeXg6t/P8m4Fa+nRpGAnJiRG
kC5C1gi6mzQq2exkyK/N8uEN1i1uRSm6bg5SYoY2kYid9t2wzkvw/oRpee3orrGX
T0L0V7gQsBXRQMPkDdcsXiS6yMC/BiucNZ7aTNm0ZFJW/FrtFK2fq+zhfKMffe0q
ZEBC9kpJvo12u1TVE6udnBqEa7SdDTgZdIJt2bWeI700WQd/wbxX2+pn+mMvzwnz
ArIkMkAEg8XKRvvyTTZFXgLjNie03mfT3Rhdaren7SW0Y9ZP5f9RWiqaUVPwbc4L
Y0rHuxDOn26GM5lcMUcDH5mqhe/7jOeGFNWNjvMzfwud1lGNVWjM9RLLhvQnZmJn
RCuCiP4egh9eZ537XYvnf9tEfZibeDZQbeJ+RXHfcPb4QZbTXfyah8A6tw4SN3DY
BA5S0f/5RJ58K/HqUk63zTMLDTQ5xxnh9H6t0dj0d1hKZdBGJ4J+h94aSBWd1yDj
0ihEtuMlkmXlb6WuMCu7WfVjveq+Y0cbyP7j8Eydr4mKNUGSLSr36OxBaaj84MqN
/SxgR/WC6cd2sIfI2arqBfs6Ofh6SnwY7QthrolPGBkVltemHIFOXNPRFakCAwEA
AaOCAQ8wggELMB0GA1UdDgQWBBSDzgWqdk1v9fZT1ZAGuJmamsq/yjCB2wYDVR0j
BIHTMIHQgBSDzgWqdk1v9fZT1ZAGuJmamsq/yqGBrKSBqTCBpjELMAkGA1UEBhMC
REUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZv
Lm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1B
TlctVVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJn
dXNAb29wZW4uZGWCCQC6fyidYy+33jAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEB
CwUAA4ICAQCpZ/wJ4P99jqlzsvxt/xr9vmaseN40KRUiVhNMI4NArL6cxNw++MX/
yYIw4lk4BtBtMxidcgBnubtck5wuCeLco4HBYnXcLOJT6kJkZQ7ruM9Q5gwaYZFq
HWNJFDQhMO8x1sbf7QzENmg9UsZu+9ugA+MZ30gnWBLWW4BfB6YuHQkRmE/i9gYn
AGwiokUCem4hKUiN+K4rOmPFgtJN5rY9Tv0cu4dvY93lz+e9kvBj2qHTydTBvLM5
YdxuZ5YN4dLEvpI+PIlJCS78Z5fISake3oQliy7sTs77cYihQ4AgWTo4JO/sX6Z0
VyV0Y8qGkMhcWJ9p/6y4XpatBIDmzuvauRUFR8U6qLknWDgFpEeppqUOU43y1Kmq
brVBRFjqfiJfYSOOr6lUkiJkLOHNAbHsNrtQLFnr4PHsegIwPLC4hRjmZjlrkUiW
GV/+QUeNahFkZ6PhaELXAzmwi2oDkoszssMIXbwgtzq0T8svlJXZUEfzY+O/tVOB
uQ7qgA2fKzGI1/F0Qzm5TV/bxhP8IzHPUiEWHaQbJkTzUW8oe9l63KxtEysw99to
mgxxeMVvxuRxswkp77j/he8B95VHIvYBtVzTRPLfXwhSSeGgZsriqORXqhInNGi8
+yEXH4slS8QSBi7fLkgk7Fkl4HLNSUqstdOyJuMPr9yfgTg4Mhb16g==
-----END CERTIFICATE-----

52
ANW-URB/openvpn/gw-ckubu/keys/ca.key Normal file
View File

@ -0,0 +1,52 @@
-----BEGIN PRIVATE KEY-----
MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDCrFiIuYjaXfSj
QYnS0Wu3wbykeuG4hRuCZoqm/6e+QNVmViLHt7fqIZyzBXAWsJEyQNJmTdqywf3n
Ov6mxMMOlywt5eDq38/ybgVr6dGkYCcmJEaQLkLWCLqbNCrZ7GTIr83y4Q3WLW5F
KbpuDlJihjaRiJ323bDOS/D+hGl57eiusZdPQvRXuBCwFdFAw+QN1yxeJLrIwL8G
K5w1ntpM2bRkUlb8Wu0UrZ+r7OF8ox997SpkQEL2Skm+jXa7VNUTq52cGoRrtJ0N
OBl0gm3ZtZ4jvTRZB3/BvFfb6mf6Yy/PCfMCsiQyQASDxcpG+/JNNkVeAuM2J7Te
Z9PdGF1qt6ftJbRj1k/l/1FaKppRU/BtzgtjSse7EM6fboYzmVwxRwMfmaqF7/uM
54YU1Y2O8zN/C53WUY1VaMz1EsuG9CdmYmdEK4KI/h6CH15nnftdi+d/20R9mJt4
NlBt4n5Fcd9w9vhBltNd/JqHwDq3DhI3cNgEDlLR//lEnnwr8epSTrfNMwsNNDnH
GeH0fq3R2PR3WEpl0EYngn6H3hpIFZ3XIOPSKES24yWSZeVvpa4wK7tZ9WO96r5j
RxvI/uPwTJ2viYo1QZItKvfo7EFpqPzgyo39LGBH9YLpx3awh8jZquoF+zo5+HpK
fBjtC2GuiU8YGRWW16YcgU5c09EVqQIDAQABAoICAH/S2m8sJAf+GVv49J5QlAIc
W9lENmIKRH3jBreQtnvd5kFD3aJ1p3U8jL+fmnHLjgsJNR2nkSo+5pCl0/98wvcZ
nBCnGIAgZVIxm6234cekuw/4UbzqI0iWgrDWGCzvY13C0d/glk1Dl1wigh8xmDbJ
GZuFsPMfrbBHfP4hw4AkDtxmD4wj0nymh46XRMbZ2SydVKycQWj/5m4OxIsQuxYq
/J/C0QrySSmCt40UBRrpoQv2ZhddepptPO65xHRMx3wa+2o8nyZ5eYXsiApQegCx
mByvZ2ft3J1BJg9oYs2twv6W8dGbVtkH3+8GOENTu02njPSlwLsWZ1SBqENMdEkv
MWKWX13XFz9TErwywDUbgh7/PAlItwXdQAnkBc+OnbDat+We5P98kSfGWb4q+sxv
A95H2alTaKZrA7bbcUWdvVISDydhrmyNt1yMMhC4BjKOL2FOSM7qDQ1IogpIgq0U
GCd9hYeERBbk+PSQBjgIgjzhhhxLdgC9pWHMhJ7XmpBIiDTMbC1A35Hu0e+l6Rr/
vqdCKQERXQm7etXSRGPuEtuDYc8UnZWPIMu5hgSVuh707z91O2fvytKouIMuIuNx
gBb9PviLSmn7cMGeExRs/KUZh5khf5rFhGre0rYr9pxXIx0J+sMPZs/EFG93VBFg
ZYRs9c2Tw6JSaM5voOPhAoIBAQD6BUFo3XYpKHJeScBCSZfZ2LNFhze5MeKCKkAK
v0s+++i8HNLL2ypnxo1ZDd4r2KSHttjiWJxXWj9I7wIYMHS8X5vg2B/yHXFJCiha
msrCL8zJBpVkLCdoMCzz7CcScVs1kgiN3aoJd2KMzM6KIQOTB0Ovyt4Lvquua986
h6ItXXse8Ac0N5pcaqkdWD3wuULMTWXn8jgI9TMm1pRh21Nh0bZFZi0VHXBL86vS
VDTiYHddSB3M9BesUW61TaSYisip2tvYXkMUtfbrj5yDIW4mPyoL3V30JGvB2QwY
Ijk60J1qwcLyFMOJ11BcorgUA6/+AuZVeatfwh0xEb8MHLBHAoIBAQDHVDpTgXmP
VLi4MepOYACnNweT00QM8XhMvSxk35Y6yoNRHivsusJ3HhSYaEpu7Jo3OoL33qhc
m+v7u0ppThuZeGhr8eMpCT/l+zVW1W5Ayvqg4tKWcikN8EV3gkpFkwuCkLraxcCQ
9HMgInoAr2EO2f65wH1tmb2X57ra8iN3ZPVv4nDri5LwGaFZ8GEUTe6cLoWz1Du1
hyTaCNd4eRO3zWdmYbGBfh59XKtbimMxudL86Tz862gd2x4MkzMQ+pRDaYpeLrgx
snEh4j948f5FSvS4niPmp+rUb5AXADKVwfplYLqzVph+2sKpEwDIUyOXlUSMY3XD
RRjuCO0E3XKPAoIBAQCnrbiljMl/Zvn1FH9Vtaea2cO5oKsVkEg6Rf23d34OmsIG
z0nsoGs7OCV6EVvsihomTtH8U7Nevk7tKiZ8dJsF7xVK4YfjSC2+74oK4f+T5pzw
QXMVwKsZLB4p5Tp7Gv0x22PTSVONj7zPc1gduXB9PgT+NA9hTxozG3OV/Hse86/s
GsyqD5R94KbU4GaCOK18+Xeb7I36LACHTqgrTP4J/6y/tHwNyjWTKrQUlpb1L/89
12ztFNN/pQmbnJwEFifoCrkgzm8sx7D3YNR1+Yi3K+uWE3u8jmSamGeNE/7P3DOG
8rY8xwIxQu9JgXP1MFfrAqTZtITj7vrG+wDnLaJnAoIBACZZlTM1yO6DrVp6+AqG
O/nwA3w0fHZFCxEwoFb0EZJUHjnAJVFRiVKjrfC4uAFpci5ICqSn6RqQQTHYkfN6
vKKlYOnLyxm9FtcnotaHD8RViSzlFwEtC6sL3EGnBqUmKmO/dsPaojcBYRkAqRpy
o6jY1kJkv30TxD9yrSesyJgTC4mwNmuLGgUp2TpVnkfqyoqwBLdZkPdW/gcZBmO+
X8XQNiGjkCRK4JDcAHgHQxhxGR/hvAMpQ4ni+4AN3hhZLadeqel+8Z9WJqAPSIj7
fiFUz4qpmlypV+vxXvad6h2YCZXxq1oPwh0994/SASeJn2JtrJeaFzEvnSFHBFsY
RA8CggEAZiNUmy5gRHKqP3W//HQseO3n8t8KbeNnIZvvnUMwDH1uf0HqQSgrlJfr
O1EKf2JpxPC4Nl2LrnW314mwwW79gR2jF3jYlf6p6afPCV0bdlQZ0fuFskcGRPXl
oql8FA82xC4DHgJ8inSn9hcen17ksvUQxRz0cv3H4YKf+kPs3JscZ2rX7CIOr4Qb
lWRk8DHc2QdhcWBIPH9TH/2njoFBVIbbvDNiBnQbRZ7d9KM/OAuXWxTHYRxLyRR6
lrf4O7rxTh4CyvmeqGxwYBrU1ecJTigu0dPKJQSn1rhZt5ukOvjypf7iBKzgAeW8
5CgRf72B8KP9wr6piE2BHvjWudE4TQ==
-----END PRIVATE KEY-----

1
ANW-URB/openvpn/gw-ckubu/keys/crl.pem Symbolic link
View File

@ -0,0 +1 @@
../crl.pem

13
ANW-URB/openvpn/gw-ckubu/keys/dh4096.pem Normal file
View File

@ -0,0 +1,13 @@
-----BEGIN DH PARAMETERS-----
MIICCAKCAgEAkb98/ZYPH87EHpUo6LatlbDgwe/tquFxg8EnrgAGaHrQMWDnSOvm
A1rXnnpql+avwnloGIqrQ+HjWMLq7KEBYc2W0KN37/qTQw0X7NPixQgDfaeainjQ
TpcAdjKcLCVeHd7J0aiKC/C1u1vRBCf14+wd0NZK7PXCRY8Ggft7hc0ya//riD+s
R4v1A1XXdMkns/YJMKzvvGEvV6IOlFuLUbbU6kYCUjVWDqsvNaRZpGuIiMis1e1l
PRtmIHGlhw/phKgK42ct5OIv2fjTkgg+u31ljptBBr6524HePx8ArifYySHIkk66
O6NeTQpX0VSqs4gpSgAQYAZS5M8DwMrMykmZml1PJkotevBP2YswNvTxwDRosaVu
1u0vJknjPyXnf+BvB9mbcZBVLqJ9YwdjxfVT5biIFVty7V5Oavxkn0zGdH+72eTT
t2FdyTx36Xwl/cRxeXENpVa4xsd7b1zxLLHP9gVHadrTsScplsiZcYZaxrMufuIp
r/I3W9FAgG8zxvnwNRPEjvqLEwuvgo0Ab3bQcl/Sz7Z36lo6TRS8y4V7uZdmdJ+w
92VxbVPFCb27veqrXooZJY5wVAkxdeG7NyS/MScC1JjpmqMK/fTcwfWzA0EH/k8Y
rEv324x/7ZK7gf9mNw21CcXHfBidZhyaU0imHQ5KhUOQS11xHQDqN4MCAQI=
-----END DH PARAMETERS-----

139
ANW-URB/openvpn/gw-ckubu/keys/gw-ckubu.crt Normal file
View File

@ -0,0 +1,139 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-ANW-URB/name=VPN ANW-URB/emailAddress=argus@oopen.de
Validity
Not Before: Jul 1 12:19:59 2018 GMT
Not After : Jul 1 12:19:59 2038 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-ANW-URB-gw-ckubu/name=VPN ANW-URB/emailAddress=argus@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:cf:d1:f3:c8:f7:01:10:52:38:4c:48:6f:74:f1:
42:35:7c:c8:e1:a5:d6:85:b2:86:99:66:91:47:26:
d6:cd:6d:d2:28:1b:0e:ec:a4:bb:78:30:31:e8:4e:
5c:57:fb:04:0d:47:21:3e:21:22:93:70:17:27:6b:
9e:cb:84:b8:ae:91:d3:d7:ac:99:45:fc:44:eb:ea:
fa:3f:96:70:3b:3c:66:bd:86:72:6f:87:32:62:9d:
21:b9:0d:d3:f5:28:ca:44:18:06:ed:59:be:93:e0:
51:45:5b:31:3b:af:b9:4f:ad:c8:77:66:71:2a:87:
17:6f:ba:0f:8c:29:70:ad:57:6b:99:43:2d:7c:93:
9d:9d:75:a4:53:14:08:d5:af:dc:12:8a:bf:de:da:
bc:31:0f:ee:fe:e3:8f:0b:f9:91:ec:f3:7f:73:c5:
09:02:83:0d:a1:cc:26:eb:09:a3:0f:3b:f4:50:e4:
2c:1f:8e:b1:cd:ee:9c:95:b7:49:c2:79:a7:7c:d0:
5c:7f:76:b8:74:c4:f9:3c:6c:5d:fc:61:c2:86:17:
03:c8:da:50:be:3f:b0:38:22:42:26:27:87:bf:94:
eb:7e:2f:3e:7b:eb:15:cc:ab:7d:6a:92:f8:bc:30:
86:12:32:20:3e:d8:eb:bd:51:6b:23:fe:63:6e:94:
6c:d4:aa:9d:b0:b4:ec:5b:68:0d:a8:13:d2:8c:19:
0c:37:0b:c1:e4:5f:89:7f:83:5c:0e:66:85:9f:6f:
8c:21:51:14:eb:33:ca:41:77:65:2f:4b:ff:fb:15:
41:b6:df:2a:05:b7:20:f4:93:31:11:16:f4:d3:d8:
4b:37:c2:12:a2:9d:e5:2d:1f:10:29:0e:17:f4:99:
74:f9:6a:24:b8:e4:6a:6e:7b:c1:21:e0:bc:e5:fd:
20:5a:9f:e5:ad:6d:88:86:b0:c5:17:71:dc:82:ed:
aa:17:30:6b:91:bd:e1:15:d0:18:ce:e6:18:26:2b:
8b:d3:a6:07:57:7c:cd:af:b4:88:ff:fd:e5:84:46:
c9:b7:48:1b:64:ec:1f:cc:12:a2:12:f5:79:33:f4:
42:c8:39:b7:01:4b:19:4f:1a:19:da:24:01:cb:ad:
57:25:6d:19:bb:0c:d6:6a:37:57:ae:58:09:d0:68:
9c:91:b4:d1:32:5d:4c:75:85:e5:b3:08:40:94:63:
92:f9:bf:12:ea:42:8d:06:27:ae:e8:03:95:45:57:
67:6e:31:30:c8:72:13:01:07:c5:25:58:da:32:34:
30:65:7d:6c:51:80:7f:48:d7:7e:b1:91:9a:65:36:
4f:dc:49:56:99:c3:b4:4b:fe:c4:0d:cf:b8:15:ad:
fc:0e:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
E4:08:A5:94:1E:3A:3A:1E:5B:31:08:35:C0:54:32:38:37:B9:30:13
X509v3 Authority Key Identifier:
keyid:83:CE:05:AA:76:4D:6F:F5:F6:53:D5:90:06:B8:99:9A:9A:CA:BF:CA
DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-ANW-URB/name=VPN ANW-URB/emailAddress=argus@oopen.de
serial:BA:7F:28:9D:63:2F:B7:DE
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:gw-ckubu
Signature Algorithm: sha256WithRSAEncryption
64:8b:94:5f:e0:6a:21:35:fa:25:43:6e:92:da:59:20:12:7c:
6b:99:7f:18:d7:39:e9:8d:f9:cc:e2:93:3c:bd:9c:ee:51:0e:
a9:21:d7:ba:09:21:ab:ee:8f:94:4e:7f:ec:01:31:40:6a:4c:
f5:22:54:a9:5f:af:5c:cc:91:76:e6:dd:5e:bd:ce:6b:2c:00:
c3:a1:33:2a:1b:83:48:64:d0:4d:86:5e:da:f0:4d:be:af:c7:
01:6a:69:4b:a4:39:c8:d7:de:ef:4f:94:67:b3:7b:0a:3f:5a:
e4:09:60:7e:ba:79:fb:00:9a:09:2a:52:03:cb:c4:df:d2:5c:
24:9b:2b:f1:c2:fa:5e:bb:62:e4:1f:5e:81:ea:65:00:d9:dc:
4c:38:17:59:ba:d5:09:d0:25:c5:15:28:e4:15:a2:d2:d6:78:
a0:72:f5:06:ae:3f:61:93:a5:8a:8c:9a:a6:ca:5d:2a:20:af:
de:f9:49:d6:a9:45:34:1c:72:c6:93:ad:61:dd:d6:68:2c:16:
7d:97:66:57:08:91:fa:bd:ff:0d:68:20:b4:be:ba:9b:60:f1:
a1:bd:35:e6:51:26:84:91:65:09:f2:7e:17:d5:64:84:97:7a:
f7:ab:ef:77:ea:55:47:e1:d1:e7:b9:ac:f5:5d:ab:37:54:89:
8e:5f:d1:1e:2b:5b:e6:3c:31:38:e8:e9:dd:58:ba:f3:c9:63:
1a:ed:2a:d9:fa:66:52:cd:b9:8c:0d:64:78:c2:d3:23:e9:a3:
9b:57:ed:05:e5:52:1b:6b:32:d8:37:9c:fa:e2:94:ed:3b:a2:
94:4a:9b:cf:4e:90:ce:fc:15:36:e0:a5:2c:3f:c7:fa:03:c1:
06:37:45:56:0c:43:4c:09:ba:50:20:52:6c:32:f3:48:e0:60:
1f:87:c2:42:1a:21:13:96:d9:a6:dd:f1:75:f8:a8:15:c2:c1:
5d:8d:e8:c1:fa:3d:e3:e5:d6:db:71:d1:2a:66:a5:57:af:aa:
43:8b:22:2d:33:a7:28:d1:d2:a8:7f:a6:71:a7:6d:15:85:87:
3b:60:92:f6:88:7d:2b:40:93:4f:0a:30:d1:60:45:e9:31:de:
89:87:13:6f:ca:99:10:df:6b:3b:03:2c:78:f0:f5:2c:4c:6f:
74:f1:f6:03:27:9a:45:74:af:13:36:e1:5b:91:6d:63:61:e0:
a3:cd:41:a3:bb:8d:e0:df:ea:2b:7c:e3:2e:77:ad:3d:f8:a2:
57:0b:94:5e:63:8d:f9:8f:32:e1:e2:3c:96:ae:3c:ec:3f:c1:
64:70:16:b8:7f:84:5f:7d:9d:c7:4e:f1:cf:09:34:9c:0e:89:
ba:d7:be:38:9d:87:30:02
-----BEGIN CERTIFICATE-----
MIIHRjCCBS6gAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1BTlct
VVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
b29wZW4uZGUwHhcNMTgwNzAxMTIxOTU5WhcNMzgwNzAxMTIxOTU5WjCBrzELMAkG
A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxHTAbBgNVBAMT
FFZQTi1BTlctVVJCLWd3LWNrdWJ1MRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsG
CSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4IC
DwAwggIKAoICAQDP0fPI9wEQUjhMSG908UI1fMjhpdaFsoaZZpFHJtbNbdIoGw7s
pLt4MDHoTlxX+wQNRyE+ISKTcBcna57LhLiukdPXrJlF/ETr6vo/lnA7PGa9hnJv
hzJinSG5DdP1KMpEGAbtWb6T4FFFWzE7r7lPrch3ZnEqhxdvug+MKXCtV2uZQy18
k52ddaRTFAjVr9wSir/e2rwxD+7+448L+ZHs839zxQkCgw2hzCbrCaMPO/RQ5Cwf
jrHN7pyVt0nCead80Fx/drh0xPk8bF38YcKGFwPI2lC+P7A4IkImJ4e/lOt+Lz57
6xXMq31qkvi8MIYSMiA+2Ou9UWsj/mNulGzUqp2wtOxbaA2oE9KMGQw3C8HkX4l/
g1wOZoWfb4whURTrM8pBd2UvS//7FUG23yoFtyD0kzERFvTT2Es3whKineUtHxAp
Dhf0mXT5aiS45Gpue8Eh4Lzl/SBan+WtbYiGsMUXcdyC7aoXMGuRveEV0BjO5hgm
K4vTpgdXfM2vtIj//eWERsm3SBtk7B/MEqIS9Xkz9ELIObcBSxlPGhnaJAHLrVcl
bRm7DNZqN1euWAnQaJyRtNEyXUx1heWzCECUY5L5vxLqQo0GJ67oA5VFV2duMTDI
chMBB8UlWNoyNDBlfWxRgH9I136xkZplNk/cSVaZw7RL/sQNz7gVrfwOaQIDAQAB
o4IBcjCCAW4wCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2Vu
ZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBTkCKWUHjo6HlsxCDXAVDI4N7kw
EzCB2wYDVR0jBIHTMIHQgBSDzgWqdk1v9fZT1ZAGuJmamsq/yqGBrKSBqTCBpjEL
MAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8w
DQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNV
BAMTC1ZQTi1BTlctVVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3
DQEJARYOYXJndXNAb29wZW4uZGWCCQC6fyidYy+33jATBgNVHSUEDDAKBggrBgEF
BQcDAjALBgNVHQ8EBAMCB4AwEwYDVR0RBAwwCoIIZ3ctY2t1YnUwDQYJKoZIhvcN
AQELBQADggIBAGSLlF/gaiE1+iVDbpLaWSASfGuZfxjXOemN+czikzy9nO5RDqkh
17oJIavuj5ROf+wBMUBqTPUiVKlfr1zMkXbm3V69zmssAMOhMyobg0hk0E2GXtrw
Tb6vxwFqaUukOcjX3u9PlGezewo/WuQJYH66efsAmgkqUgPLxN/SXCSbK/HC+l67
YuQfXoHqZQDZ3Ew4F1m61QnQJcUVKOQVotLWeKBy9QauP2GTpYqMmqbKXSogr975
SdapRTQccsaTrWHd1mgsFn2XZlcIkfq9/w1oILS+uptg8aG9NeZRJoSRZQnyfhfV
ZISXever73fqVUfh0ee5rPVdqzdUiY5f0R4rW+Y8MTjo6d1YuvPJYxrtKtn6ZlLN
uYwNZHjC0yPpo5tX7QXlUhtrMtg3nPrilO07opRKm89OkM78FTbgpSw/x/oDwQY3
RVYMQ0wJulAgUmwy80jgYB+HwkIaIROW2abd8XX4qBXCwV2N6MH6PePl1ttx0Spm
pVevqkOLIi0zpyjR0qh/pnGnbRWFhztgkvaIfStAk08KMNFgRekx3omHE2/KmRDf
azsDLHjw9SxMb3Tx9gMnmkV0rxM24VuRbWNh4KPNQaO7jeDf6it84y53rT34olcL
lF5jjfmPMuHiPJauPOw/wWRwFrh/hF99ncdO8c8JNJwOibrXvjidhzAC
-----END CERTIFICATE-----

29
ANW-URB/openvpn/gw-ckubu/keys/gw-ckubu.csr Normal file
View File

@ -0,0 +1,29 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIE9TCCAt0CAQAwga8xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3Jr
IFNlcnZpY2VzMR0wGwYDVQQDExRWUE4tQU5XLVVSQi1ndy1ja3VidTEUMBIGA1UE
KRMLVlBOIEFOVy1VUkIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIIC
IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAz9HzyPcBEFI4TEhvdPFCNXzI
4aXWhbKGmWaRRybWzW3SKBsO7KS7eDAx6E5cV/sEDUchPiEik3AXJ2uey4S4rpHT
16yZRfxE6+r6P5ZwOzxmvYZyb4cyYp0huQ3T9SjKRBgG7Vm+k+BRRVsxO6+5T63I
d2ZxKocXb7oPjClwrVdrmUMtfJOdnXWkUxQI1a/cEoq/3tq8MQ/u/uOPC/mR7PN/
c8UJAoMNocwm6wmjDzv0UOQsH46xze6clbdJwnmnfNBcf3a4dMT5PGxd/GHChhcD
yNpQvj+wOCJCJieHv5Trfi8+e+sVzKt9apL4vDCGEjIgPtjrvVFrI/5jbpRs1Kqd
sLTsW2gNqBPSjBkMNwvB5F+Jf4NcDmaFn2+MIVEU6zPKQXdlL0v/+xVBtt8qBbcg
9JMxERb009hLN8ISop3lLR8QKQ4X9Jl0+WokuORqbnvBIeC85f0gWp/lrW2IhrDF
F3Hcgu2qFzBrkb3hFdAYzuYYJiuL06YHV3zNr7SI//3lhEbJt0gbZOwfzBKiEvV5
M/RCyDm3AUsZTxoZ2iQBy61XJW0ZuwzWajdXrlgJ0GickbTRMl1MdYXlswhAlGOS
+b8S6kKNBieu6AOVRVdnbjEwyHITAQfFJVjaMjQwZX1sUYB/SNd+sZGaZTZP3ElW
mcO0S/7EDc+4Fa38DmkCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4ICAQAfQvUcdiK1
ykZKin31+ghZftAniK/ZQPOg/fFq1AjjNM349iiEBJRK/9N8upCqiXppJ4xmQESG
d80MAzj392a1zMMvWR6j2beNqrVyC8Vced/p1qMov+mR1PHtF9uelyHtrFNT5AWw
h5pd9wvFG7XXbPMQYeUIOesoNc80E1/PY9+3OqlRVPHCFqOxdmMR1kOTIq6z8xeB
Dah7QBgtEF6QkPU3wqtnis6hsr0q4gGPF4+apAX5S+OX7UVjsBOc2JwPSa8o0fJB
EJGzPVNFYxbL15ZasT34ajQJydJ7iT+E4oFtphN6VmlhYeK75OEA0Lb8x9Mzzm/h
dMgEDzhdqHZc3REEpK5hcvYk8PKGlkKY0j8QoqpaFN9gG1qsuzlhoRAs7zf1YY1I
H3eVnA5tPuPfVXawKY1JNSWR+zBFH5eb6qytmkovyGAbT2UYi6v4JyZFKpCUJYP5
DmKBL2vLVgDu1QjA6uFghWV3VBPkvyw0kDpvYOGD+PzryRsjYZYB0gHobW0hKYuS
8TCWUBPmtRoVg2+z0IkXL68Ajc0oyNo+M4Ihr6YQB1XYYOhv3bqHRhRQpNCIhbRA
D68WPzLFYNCjqMMXH1Q+mIbRDyT6ja5OKVX9uvVk9i2QJd0Vyf+N1d/xALNsijwf
UGoSG+FjZRFV3lEC12vdOOmK7FNlLvHjrQ==
-----END CERTIFICATE REQUEST-----

54
ANW-URB/openvpn/gw-ckubu/keys/gw-ckubu.key Normal file
View File

@ -0,0 +1,54 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIJjjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIVPXPy9FjUjECAggA
MBQGCCqGSIb3DQMHBAgeJeDimzYzlwSCCUg6NduONv8wnwx1hQtK24FFJF3dsFN9
sH3ar+oS9CBXyKKKz+Kj2QQcPuEHyD/Ex2KKaxrBLCIh4iHNo23ZoQTvdXpYvAsH
AJLeknvhYFI68hGWj69cGMS+huY/+8Pk2C5ZQZdl4vbClSIa5syHqAuufaWiRQy7
1jrlz8aWq/vx2IJE/OUw6kY6GVsp5/PJSjHS6bHpNM5r938IJeP7sbOvI3aSfqdh
QMATUhMEmmfMIJ5Qo9bgSfowcEPe1LPbg0zr2RbXJmd04vi3+m1AKSd3wG9PpNuh
fwQZGBES4HFdQeNwymfe4YPL7poxQsHqaffSauTxV0dMM3jfnL0O1kzYwYr7TvLN
a7hClcikUnOFHEO0JZm3uKvgFOsNrpPZHQ541BvHwumu9ATO9U8QvCVidZ4O8Ewh
xqXYS0Ugc3M5/jwJwlXKY8rZESM05ea2XdS3OzREQs6sHjnhBZqHB7yIOut3ENjI
sd0V+m2X/AJnxYDCkmfaXAWYdjzmNzWBrQ/2jGsLtvOz25o0BCr2s0Tds16s6ijy
PrnY+RljHd2xz+8VKIjmIRZAfSUj5bPA+5rlWNE17EqNVkE0Drq3ESFyOkOhIxv5
zWLNTJT9GLn8BOz8dt9iH1SXceiBQAAEjKohtihokF8WNFckXcYP8PIZxgT2gNSZ
9vldNzC7tT4/UviFMUJVE7fUQgYf0XgVPcDVvmvfs7xbJVG+cmdckL4qfZsV6xY+
bIyK4Y5fB0J4bQzIva6W96Nne0Lytf++y+sqgY4llpcFibKgYN7M3KfsM5A7k+wc
uKoGy5+2/dZrcF8rS87MPdeeIRKpYFKpxz1/VvugprAXfjDV2eKSULG1fEpsfVOx
u1FE7EIwDnYmue7MpA9OYvLOJXQrHbdnwlvjyRDmR2Pmll6rjEGX/yn9yBltVCal
7NCZHfwlQm4h16bUmWvUSBdTF80pCy6eOaBz77K/2v1V9vWzi1ZAyKy/aVhPtMS4
Jyh3Eg2fh5WHVlH6zkju7Oqz+vfLQS1XVoz5dabbnCgHzWk6MccVyE3D4G+0ti/R
6waRrBhIPazitKQTi7wnK6eZ1CVBCkbRkxu4EcBfq7R4TfV6ijVRK5T/LsYG3TzU
tSx6Z2VAdPDIl78usVOqirrw/Q68s6w3xLm/WxV0a3f80afGHj0p1Pxx9IIb+4fB
B13tAJ8RTCtwXSFf09hFnSKYJc9iS2opUHFm79TUpDR220VznMdjZiLAbYb+lGDm
GNhshIBbaMrBi5oguZ2c9aP+FKUXooYQzpFfSPduU1oO0WoesJDbxbPrzyX6VFy2
d//WWCsGo3l7nF7gAsHJeR0gTaBhnuciR6VLOKuE7rQdoRFovtT/+u0/jUuztss0
P/cH0wZm2jye5y3A8yIsGIyoxJjwAEhCdgBK0ChHarpQ4owwgFWb2gif6T2wTi+j
8ng7r/LnqJZkWHwuttLXX7fpQLmOj6ybG3ytFf3t8A3MQJp2pTY/el7bf0xYz0x+
ll8BSHvGqTRZe3fImzcY03deOrKSPlWUQ0haiT3bcz6EJnWuul6/sCMmxIZbZaEc
qV/orXMaEm/nMd5+e7AVhDo9Q5nBVtTT+BZSABb8YEHY62g26FtEo8cvnFTNfOR7
gSfyBkS1YAttqdQ8UvB4TkjE3cmepy0bo1Uu0h+1XfQqTducPV6AmFu2snbnyys9
8KJgkV0qc+biK8ROPUQBKjE2Mi6jO3wLYVIr8PA2Gl/mv1TjdDOecFnsyyAcjNkX
Ol02fKSMl8nYVKnVKnTffLM6fYs2bKJwjEoYOkLDFmpO+fCnq1IFwg/CBkn7AL0s
chBVisDNUV9MGbDZVIiYUSEtaY7cgyAJqBfRbMtlvC2mQFzMI2L/+J/4ZUGRqJ8K
LsiJ+aCvwgHoOTpuxC7sH3LiAoDejOa8qMRWKqklO1LtNfvTV/APAACjhQ1N484R
/uzmLnKY6QPCFnK1zmo6NwvcSy/8vD3YZMxV3T54kqooMraJrVB62YJe/KsCTCbb
7bUkeNiqxT9jbUf9Lu4Wy91i9XRh9Kakxfl1/oM5E/cuzX+r7hz6AUSLgZ0ibgdJ
wXDCCcdxw6Ne+zw1ME5XfZ+3DhGvFb4LXZuTd5lGzNn01+5sTPMXEDbSaVUcuLc0
qxGNS/Eqs4qAy7FJK9sTMjPvfiPNSp40DOKfKO3dEyGawp3yKOlTNU+fLJT8qsPX
KjUghx2VTtZGOZVijB/VGdx0ecfqWK+FNR7ppU2+370PmDmCdWjlDF2S8CdROMCf
K90VEdvyXKi5NMxM6yRHgRgJTDhCqdKgWQE+NQ/pYqDYt8m2dJAupYKXrnddv5nz
0D9kxRylYi53LigGdDwwAq/R4fjOzZ1trstB4heMx9uMK9YsntOtMzTbOWpYxkqC
klAk7q70TPn8jj8JFYa5UhhDso2EwsfJJXQMReVk3Fs0Kg8hWJLsYyVwJjgAnSNH
1Cu9PvsC1diytKY63+pCJyzxql4ITqgHuVaC8lF/UsxSeTNqQSShviPmSV0V1a8h
W9iTH3oWwLkFp/yczJwLIfkCqMnYpBXE1RmnZfwOu38uWLizo4nVKIbN0Ak7dKX5
4knFkMeqig76Sz059sj1J4V3RwdEaa2do9wzD7893V80NfNWulEqMYG/ZWo8ibXf
gw4EAEyfIC1EldSoWbolhg/wrqqRN2yAij7UjHXDDFbGROyArc746HmkDIvS/RyA
4kGN/8Q5rYZnhoMh3lz1C5HfI0adSmZpjPjeKez1Pknk5lcmkmeoQ/e1Lq2w8Vz6
PqdqbgdHgUE64N5suxrbczMYtXv4sa+sEbs008UoUFHWp1mMVvLqgHkxcMA6qgvo
JM6SPC8yo+di9OGCh92BKo13hbNK0dcs+5Eoq2ahz8e2LM5v4EPHjzqNpEoXTbHw
YepbkgUClp0o8rrxbKQWGpG/x9Yjx8x3TJG2goAxQhjAMmovsbk+U/SuekthWU06
pVC5piI6oho/Tcz4EQsUQMW1lctUVoRuvRZEu7+OTaOUhyv3yXW12gOWM8oVusgh
LE2NaYGiiCun0FI3oJsmmzWn+6xJvYaQM9yFwEhzUFwBDw0BxmCKun8dJ212rvGd
AUVseiVNsR9f3hmHuAT0W+B3XMDq9mAX7rNBts83XfcKrspL5ovKJ2/Um2aOnJwY
rxE=
-----END ENCRYPTED PRIVATE KEY-----

2
ANW-URB/openvpn/gw-ckubu/keys/index.txt Normal file
View File

@ -0,0 +1,2 @@
V 380701120800Z 01 unknown /C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-ANW-URB-server/name=VPN ANW-URB/emailAddress=argus@oopen.de
V 380701121959Z 02 unknown /C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-ANW-URB-gw-ckubu/name=VPN ANW-URB/emailAddress=argus@oopen.de

1
ANW-URB/openvpn/gw-ckubu/keys/index.txt.attr Normal file
View File

@ -0,0 +1 @@
unique_subject = yes

1
ANW-URB/openvpn/gw-ckubu/keys/index.txt.attr.old Normal file
View File

@ -0,0 +1 @@
unique_subject = yes

1
ANW-URB/openvpn/gw-ckubu/keys/index.txt.old Normal file
View File

@ -0,0 +1 @@
V 380701120800Z 01 unknown /C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-ANW-URB-server/name=VPN ANW-URB/emailAddress=argus@oopen.de

1
ANW-URB/openvpn/gw-ckubu/keys/serial Normal file
View File

@ -0,0 +1 @@
03

1
ANW-URB/openvpn/gw-ckubu/keys/serial.old Normal file
View File

@ -0,0 +1 @@
02

142
ANW-URB/openvpn/gw-ckubu/keys/server.crt Normal file
View File

@ -0,0 +1,142 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-ANW-URB/name=VPN ANW-URB/emailAddress=argus@oopen.de
Validity
Not Before: Jul 1 12:08:00 2018 GMT
Not After : Jul 1 12:08:00 2038 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-ANW-URB-server/name=VPN ANW-URB/emailAddress=argus@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:dc:d8:37:7c:82:5d:f7:52:61:1a:64:5e:4e:4c:
66:8f:81:4a:70:de:4f:ed:ab:7e:8c:dc:aa:6d:77:
2d:53:b6:7e:80:e7:54:e0:98:81:cf:f2:e7:bf:2c:
62:5e:31:54:aa:e5:ce:8f:b3:86:31:22:6c:0e:bd:
bd:c6:df:a8:1e:90:4c:aa:6b:af:85:85:e8:37:db:
13:fa:83:40:7f:5d:2f:d5:4b:35:8b:36:7e:ae:50:
a5:b1:7d:dc:d2:db:d1:20:5a:7b:ec:fb:b9:04:54:
d5:b9:13:7a:cd:50:7b:f8:68:f2:03:4b:34:92:5d:
65:dc:99:2b:03:f0:93:a7:5b:df:5b:be:f1:c8:c7:
d0:03:c3:fa:f5:27:3e:1d:87:9c:af:22:3a:c5:12:
f1:7e:52:ed:73:db:a7:a3:01:e4:ab:7b:34:a4:30:
8c:c4:9f:bf:f6:0b:5f:31:eb:15:90:d9:b1:c1:00:
e2:22:50:d8:91:1a:d5:49:fe:bd:1d:48:41:1a:1c:
54:cc:50:88:a3:4d:b4:24:6b:54:d1:e5:f9:6d:88:
a5:cb:8d:1d:29:50:2d:01:8e:41:2a:ce:57:08:c9:
96:4e:27:7a:74:6f:ed:99:cf:c4:e5:f2:9a:d8:1d:
ec:24:f1:2d:8e:48:ec:60:6f:d0:96:fc:dd:87:98:
b2:b6:92:e4:eb:f6:22:9a:ed:63:c2:ba:a7:f2:87:
1d:50:d0:ee:cd:93:47:a6:d3:db:5d:f7:af:58:cc:
13:e8:dd:1b:73:20:1c:66:b8:ca:91:fb:96:80:7d:
93:fd:e9:80:2a:9b:17:41:24:6b:ea:fa:65:5f:17:
47:99:0a:c2:93:67:e9:11:6c:fb:84:b7:f2:4a:15:
46:19:13:d3:6f:94:93:06:57:b6:44:77:8f:c1:0e:
38:6f:1a:98:15:87:f6:91:c8:ac:38:f6:78:44:dd:
8f:e2:6e:da:72:0e:81:61:d3:cd:61:cd:fa:3c:9c:
6f:0c:fa:cd:91:5b:b2:98:65:cd:ed:19:34:d7:2f:
53:fa:a4:c2:4c:bb:39:2d:b7:fc:db:0d:b7:a9:38:
2c:15:ff:24:78:e1:66:d4:4b:22:95:87:da:6d:1e:
81:73:93:45:13:5e:7a:b1:a6:3c:a2:41:96:e2:ec:
bb:5d:1e:d2:33:8f:1e:05:7f:a9:ef:b0:59:45:d2:
9d:06:fc:ba:84:24:3a:0c:8c:a2:fd:d9:8a:91:21:
a4:47:c3:a9:ca:07:7a:9d:4c:67:f0:de:29:9b:2c:
4f:4b:fc:d6:91:78:44:52:41:a8:9d:4c:c1:15:90:
93:2c:1b:91:28:7c:4e:3d:f6:a8:3a:e0:fc:05:de:
a3:ec:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Server
Netscape Comment:
Easy-RSA Generated Server Certificate
X509v3 Subject Key Identifier:
8D:6F:B4:C0:CA:39:8E:D1:BC:31:63:A4:32:BB:B0:C8:66:6C:7E:A3
X509v3 Authority Key Identifier:
keyid:83:CE:05:AA:76:4D:6F:F5:F6:53:D5:90:06:B8:99:9A:9A:CA:BF:CA
DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-ANW-URB/name=VPN ANW-URB/emailAddress=argus@oopen.de
serial:BA:7F:28:9D:63:2F:B7:DE
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Subject Alternative Name:
DNS:server
Signature Algorithm: sha256WithRSAEncryption
14:4f:8a:df:e6:49:a2:f4:59:cd:15:11:38:ee:de:80:07:0f:
52:87:d2:46:af:32:87:83:17:8e:e7:98:fb:f2:75:8d:85:32:
92:2d:df:41:eb:f9:74:7f:46:64:d2:1b:3b:60:2b:4c:c9:f3:
8a:50:91:04:ef:dc:aa:fd:03:ed:7b:9e:d8:d8:b5:df:ce:22:
d3:93:ea:92:50:d2:89:e2:a8:41:d9:19:13:d7:ab:3e:57:22:
54:73:cb:b4:03:30:be:c8:ea:fb:2f:96:30:74:29:d1:c1:4e:
9f:f6:c4:42:cd:67:b0:12:15:99:0b:58:d5:9c:0b:a0:65:6d:
44:b9:65:a4:f3:fd:d8:87:dd:f9:da:1c:0b:3d:96:1c:d1:29:
68:30:73:89:83:b8:3d:f5:f9:51:3c:c6:32:17:3a:c7:f8:1f:
81:09:9e:cd:87:27:3d:f6:62:57:0d:75:62:60:65:34:13:5d:
09:19:be:f5:57:23:c7:be:6b:0c:b5:67:a0:ec:8d:c1:0d:9c:
1f:e2:78:58:83:f8:30:a4:3e:72:e7:31:62:0e:d0:da:84:ce:
95:6c:1e:69:62:ee:c8:b0:61:55:1c:15:5e:69:7c:5c:c4:95:
91:28:7a:63:66:65:66:8f:0c:4e:cd:38:aa:94:11:d0:a0:cf:
2a:d5:fb:e1:3a:6b:b9:6c:13:cd:b9:e0:2e:8b:cd:c7:06:cf:
12:17:32:0e:ae:50:cf:7f:04:df:8f:c9:bb:eb:5f:72:b7:63:
ec:31:e8:1a:a2:94:93:43:64:17:69:ab:26:61:1d:fd:85:e3:
c1:60:ed:c2:9d:f6:04:11:a5:ff:77:e0:d3:ef:75:90:99:36:
ab:62:59:fd:75:df:95:be:c7:1a:e0:eb:92:07:f9:a7:6b:a3:
3c:30:14:99:60:e3:04:3c:ba:45:91:fd:bf:1d:6a:d8:26:61:
eb:8d:76:7e:74:7c:d5:a3:50:0a:ab:cf:c8:f1:85:65:e4:6c:
10:11:91:f8:68:54:05:37:11:9e:ee:1c:5d:60:f7:b3:40:cf:
9c:c1:f4:3a:26:6c:d2:72:19:20:3c:da:27:9d:17:dd:75:f1:
b8:b3:9e:bc:92:4f:18:26:ad:38:a6:27:2a:92:b1:8e:23:96:
ff:0b:b1:96:ed:40:b6:da:3c:52:49:09:07:1d:6d:ed:02:78:
fd:55:95:db:8c:6c:85:2b:5d:4b:56:0f:ea:49:6d:2d:10:c7:
df:a8:3f:dd:b5:c5:be:ba:69:b0:a5:b0:c7:06:71:be:af:33:
c3:4e:71:aa:ce:1b:51:2f:dd:bc:c7:a0:8e:92:b1:ff:3b:cf:
a7:62:fd:35:c6:01:64:66
-----BEGIN CERTIFICATE-----
MIIHXDCCBUSgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1BTlct
VVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
b29wZW4uZGUwHhcNMTgwNzAxMTIwODAwWhcNMzgwNzAxMTIwODAwWjCBrTELMAkG
A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGzAZBgNVBAMT
ElZQTi1BTlctVVJCLXNlcnZlcjEUMBIGA1UEKRMLVlBOIEFOVy1VUkIxHTAbBgkq
hkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
MIICCgKCAgEA3Ng3fIJd91JhGmReTkxmj4FKcN5P7at+jNyqbXctU7Z+gOdU4JiB
z/LnvyxiXjFUquXOj7OGMSJsDr29xt+oHpBMqmuvhYXoN9sT+oNAf10v1Us1izZ+
rlClsX3c0tvRIFp77Pu5BFTVuRN6zVB7+GjyA0s0kl1l3JkrA/CTp1vfW77xyMfQ
A8P69Sc+HYecryI6xRLxflLtc9unowHkq3s0pDCMxJ+/9gtfMesVkNmxwQDiIlDY
kRrVSf69HUhBGhxUzFCIo020JGtU0eX5bYily40dKVAtAY5BKs5XCMmWTid6dG/t
mc/E5fKa2B3sJPEtjkjsYG/Qlvzdh5iytpLk6/Yimu1jwrqn8ocdUNDuzZNHptPb
XfevWMwT6N0bcyAcZrjKkfuWgH2T/emAKpsXQSRr6vplXxdHmQrCk2fpEWz7hLfy
ShVGGRPTb5STBle2RHePwQ44bxqYFYf2kcisOPZ4RN2P4m7acg6BYdPNYc36PJxv
DPrNkVuymGXN7Rk01y9T+qTCTLs5Lbf82w23qTgsFf8keOFm1EsilYfabR6Bc5NF
E156saY8okGW4uy7XR7SM48eBX+p77BZRdKdBvy6hCQ6DIyi/dmKkSGkR8Opygd6
nUxn8N4pmyxPS/zWkXhEUkGonUzBFZCTLBuRKHxOPfaoOuD8Bd6j7FECAwEAAaOC
AYowggGGMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMDQGCWCGSAGG+EIB
DQQnFiVFYXN5LVJTQSBHZW5lcmF0ZWQgU2VydmVyIENlcnRpZmljYXRlMB0GA1Ud
DgQWBBSNb7TAyjmO0bwxY6Qyu7DIZmx+ozCB2wYDVR0jBIHTMIHQgBSDzgWqdk1v
9fZT1ZAGuJmamsq/yqGBrKSBqTCBpjELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJl
cmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsT
EE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1BTlctVVJCMRQwEgYDVQQp
EwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQC6
fyidYy+33jATBgNVHSUEDDAKBggrBgEFBQcDATALBgNVHQ8EBAMCBaAwEQYDVR0R
BAowCIIGc2VydmVyMA0GCSqGSIb3DQEBCwUAA4ICAQAUT4rf5kmi9FnNFRE47t6A
Bw9Sh9JGrzKHgxeO55j78nWNhTKSLd9B6/l0f0Zk0hs7YCtMyfOKUJEE79yq/QPt
e57Y2LXfziLTk+qSUNKJ4qhB2RkT16s+VyJUc8u0AzC+yOr7L5YwdCnRwU6f9sRC
zWewEhWZC1jVnAugZW1EuWWk8/3Yh9352hwLPZYc0SloMHOJg7g99flRPMYyFzrH
+B+BCZ7Nhyc99mJXDXViYGU0E10JGb71VyPHvmsMtWeg7I3BDZwf4nhYg/gwpD5y
5zFiDtDahM6VbB5pYu7IsGFVHBVeaXxcxJWRKHpjZmVmjwxOzTiqlBHQoM8q1fvh
Omu5bBPNueAui83HBs8SFzIOrlDPfwTfj8m7619yt2PsMegaopSTQ2QXaasmYR39
hePBYO3CnfYEEaX/d+DT73WQmTarYln9dd+Vvsca4OuSB/mna6M8MBSZYOMEPLpF
kf2/HWrYJmHrjXZ+dHzVo1AKq8/I8YVl5GwQEZH4aFQFNxGe7hxdYPezQM+cwfQ6
JmzSchkgPNonnRfddfG4s568kk8YJq04picqkrGOI5b/C7GW7UC22jxSSQkHHW3t
Anj9VZXbjGyFK11LVg/qSW0tEMffqD/dtcW+ummwpbDHBnG+rzPDTnGqzhtRL928
x6COkrH/O8+nYv01xgFkZg==
-----END CERTIFICATE-----

29
ANW-URB/openvpn/gw-ckubu/keys/server.csr Normal file
View File

@ -0,0 +1,29 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIE8zCCAtsCAQAwga0xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3Jr
IFNlcnZpY2VzMRswGQYDVQQDExJWUE4tQU5XLVVSQi1zZXJ2ZXIxFDASBgNVBCkT
C1ZQTiBBTlctVVJCMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCCAiIw
DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANzYN3yCXfdSYRpkXk5MZo+BSnDe
T+2rfozcqm13LVO2foDnVOCYgc/y578sYl4xVKrlzo+zhjEibA69vcbfqB6QTKpr
r4WF6DfbE/qDQH9dL9VLNYs2fq5QpbF93NLb0SBae+z7uQRU1bkTes1Qe/ho8gNL
NJJdZdyZKwPwk6db31u+8cjH0APD+vUnPh2HnK8iOsUS8X5S7XPbp6MB5Kt7NKQw
jMSfv/YLXzHrFZDZscEA4iJQ2JEa1Un+vR1IQRocVMxQiKNNtCRrVNHl+W2IpcuN
HSlQLQGOQSrOVwjJlk4nenRv7ZnPxOXymtgd7CTxLY5I7GBv0Jb83YeYsraS5Ov2
IprtY8K6p/KHHVDQ7s2TR6bT2133r1jME+jdG3MgHGa4ypH7loB9k/3pgCqbF0Ek
a+r6ZV8XR5kKwpNn6RFs+4S38koVRhkT02+UkwZXtkR3j8EOOG8amBWH9pHIrDj2
eETdj+Ju2nIOgWHTzWHN+jycbwz6zZFbsphlze0ZNNcvU/qkwky7OS23/NsNt6k4
LBX/JHjhZtRLIpWH2m0egXOTRRNeerGmPKJBluLsu10e0jOPHgV/qe+wWUXSnQb8
uoQkOgyMov3ZipEhpEfDqcoHep1MZ/DeKZssT0v81pF4RFJBqJ1MwRWQkywbkSh8
Tj32qDrg/AXeo+xRAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAgEAgGxSsGFaKEbn
6p6vY7xAmnKrYMaMrEEdG2FrDzXUKhgKLEnNPT+5wk2/txxeLqSbVqKe+ig0cxTo
kcJuylqD8l+QUVb1pt0nYtUmhLTqpZa2VRAnsayZ0FDdxv/s9NeOY0faC27YBMJs
JTUb5J/YgbE72JdIMU4ZcUcNgLXkT4H6zhx6gMM8WKBdxtsoKg9+VG7eIB1lKQP1
AfkSd5KCzBG8XrvInCPvjc7e9BW7sDMmkNwe8a9vO2trJxWxvfdhhREYXwKY/fI/
heHZhO1PGfklrJvlX4Zdf5V1beiEjXKc3lammL5UN07mYPEDDXY5R5kxL55kD4Mp
fVGc14rZZ//PPeClGKW9tiCOs3XQshHobJMJhMoxr0qghbh3hoW9LgM9EhIVL/xm
D/Od19jVid9gX8lFtWgFFYHuOp19Ch/l96Q3NmsYDEXYAVn3OMrwudKdKbFynj/t
DvJTm53DzKcyde4t8n9UWUVRpawg6NzK7TvmaoiN2ix+prWVSJNxqid02HLK3eA7
FM65Kl9mHxMBhn4lvP0qsuFAop/BfgF53NoyzJ2XKtIRkt8+TfwdGc2R8x949UPR
80r44MuR/z4AqJL5cO+rQoWSxWuxJHjlaQhvuhJCclUiR9js5GZWkCQI1hwkO9uf
9dYzlA1J+jkyLAiKjGTgU4H6SslFMHg=
-----END CERTIFICATE REQUEST-----

52
ANW-URB/openvpn/gw-ckubu/keys/server.key Normal file
View File

@ -0,0 +1,52 @@
-----BEGIN PRIVATE KEY-----
MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDc2Dd8gl33UmEa
ZF5OTGaPgUpw3k/tq36M3Kptdy1Ttn6A51TgmIHP8ue/LGJeMVSq5c6Ps4YxImwO
vb3G36gekEyqa6+Fheg32xP6g0B/XS/VSzWLNn6uUKWxfdzS29EgWnvs+7kEVNW5
E3rNUHv4aPIDSzSSXWXcmSsD8JOnW99bvvHIx9ADw/r1Jz4dh5yvIjrFEvF+Uu1z
26ejAeSrezSkMIzEn7/2C18x6xWQ2bHBAOIiUNiRGtVJ/r0dSEEaHFTMUIijTbQk
a1TR5fltiKXLjR0pUC0BjkEqzlcIyZZOJ3p0b+2Zz8Tl8prYHewk8S2OSOxgb9CW
/N2HmLK2kuTr9iKa7WPCuqfyhx1Q0O7Nk0em09td969YzBPo3RtzIBxmuMqR+5aA
fZP96YAqmxdBJGvq+mVfF0eZCsKTZ+kRbPuEt/JKFUYZE9NvlJMGV7ZEd4/BDjhv
GpgVh/aRyKw49nhE3Y/ibtpyDoFh081hzfo8nG8M+s2RW7KYZc3tGTTXL1P6pMJM
uzktt/zbDbepOCwV/yR44WbUSyKVh9ptHoFzk0UTXnqxpjyiQZbi7LtdHtIzjx4F
f6nvsFlF0p0G/LqEJDoMjKL92YqRIaRHw6nKB3qdTGfw3imbLE9L/NaReERSQaid
TMEVkJMsG5EofE499qg64PwF3qPsUQIDAQABAoICAQChHK/mCqmIm7WxblWKY5xS
xuzKyLSg3AK3uuguccpEjxdc7Obz7u6NCVVeF4Av3Wc6Qere1QZp5AXW/z9qzZG1
smnrziG/lEAkN5QspwIvqIkT3wlR5VCn1Lf8c6jcv3aiVsCf08hXS5ibq4VkMXov
cEhWdNAGk1KTi75g4mqlppWdNgDoDDVJ+fikTpu3KU76SUt8qGQ7Vz5Zzn5Oojvz
ii+ONMkNTMnbMtKg9TLHeLl/5ygSBs7nlR7TG59VtHeiF9cZMwtrr21jQFYhxtef
vBfQFsOWdyJORzxtgRjnlUEtBQoF1f4NvxCS/NlQHww+qyAj9DlV5VzUOedXW+PL
iMPxnJiawk6jpJ936KdWHrbqL5klCFB/r65FTZH5RxBJibrNgTwurN8+g89Lg5Aw
MNS5qPCuKf2jb4L9B2mZPVXM6sg2L0y3YhZiMkvNbav8e4ZAf6NOEaTKGdPJ2P7L
0X0wlXjtJ5eA8r3KpRiF2t3O8teZiq+QtiN8n5V4G6XBasiryhrA1JINRgIe6Una
9DgOTmbOtRdJoqh13M40J8NNlUYvI/dxcX9JIG/xpIo9QOSA0eZhzVs1uiZ1IZmK
Y6I/clUI9c/yTFp5md5Gwpf864EPKeyIbvuSDuGo7YTVImwKh3sg+k5bZMbD68VB
D+J8zqKNUlvSbOE/Cm8y0QKCAQEA+ABk1/2Fr7LZmJOTRqXVBbJLTOHigg5buPpb
q+QbkQ8zmhSi/21r/z49r8qwTAoyRBZnF7drx5wbuW9s7YJLdickPBw4lpNermGx
rObBJxdEFri+A0odsbPi6rS8fjNHYuR9m+gSmxeI4wxeIUEE2KRwj/iPrQ9/0qkv
aGJyULGId/1Poz0Im5N9ralY9EmqolnoOdMRHl3Vb+P+Db3T4ugUa7ZjQMqoUI2E
gYcaXMdERq0G/LrH6bruWBZaFDnQGRisICr/a931q3hRDqCwXzh3fD3/DgcWtN8L
+zHjQZglumJ13fq4IuuKcLjwTL8EJTLBDWdKUXmNSaOZYELQNQKCAQEA4/eag4/L
ai3D5ajlN/qKGyEh3bCtWLy/Vc/ADzjytql2Fx9a13D4jZ8IlyElYJ1lXcsNpYYN
Vqav+Ymx8hzQs62fCOPgJoRTwrNFMGUpnTtdouRTw7dv5n8ZIieTVTQAiCkujOyW
uiYEc9GPvi4KaJcGWIjk1sejnWRegdYg7O/9EoxKzBaLUgOlzr3hKGFbNiStqAM0
B5GWnq+PPSQ9w+XpY0EuEgz83x1AE/4DXTHqzca/2/wrCSPI5HwTt322tdXKMV3c
Kfhg+6q7P2pm6kEGERshX5VBtGEDoRVD3qBeRrAdcnlRcTdZRlOr1aqBR1XWr8Y7
K4YcjAiFMKBnLQKCAQEAoQq4cV1qu14bWK2z/DNhchKGPUWNbcDfJO5GKwe0Mu05
J/vwoIcwkw2axxWKh8YzP+2AQnFUJsmjYzYM+OocEHx4ViRJRtYprHk6BDnQAY9l
IpASq1YslCFo39o/cH/iAkC3pE7+DgIpXK7CTTvIZtnZUlQpEEs5SNWeOF19OBMg
uDIgzbKrbUNIYEXQwsk3abeSSkJaImryV3comUnEVts3r34/U2qGA9Dx056kqsym
9HIVUHYFrSw6666QDgRAsptH4pepRyVaC1/U2vfTr/Gd/WrQvg4yW39fa13I4eZn
0XFwcpYFjn9/ZZViTaPYkEM2A3soUmHpMoFu7ohUZQKCAQBK+XoV3sr1xstw0tVg
TcPyHDl5IcxBLQJ4hHUUDJS2wpEWFbfYt0zntvAqVDpoxhs6d7erQqVMZFHn7gNa
L2PsVCPD1r43rLmnhTIyMnM3RPkMw69Q5RmmYxKvCvkHwqySG4k1y/HekvZP6RIv
aBEASPtLTuqEQPBsqT/zz6rQgjVnTkCjUp7LgGudzREqKKrI6dM7OKJ6AsXYtsCT
SUIPFaRmgl9WjHL2JjaW3Knakro4py8eeJbm0KAXlT8ez/exYfi3t7jbDNdIreQb
fTEPxgbqxVN6jion2uhIqCfEJlYbRXzJ02CXra5s1MPk58jQ30hWUwnOzLLC02KK
lZaZAoIBAA4+RRTkvA6Yae0f4eCcOu93qfJU5Q/zdrsWarteRaiE21JajKks2Pn0
ulzDfpOvCQ1siRjGAvHCKQf/bdlWgnd4q5bwrwg66EJ7F11o4yR3Ydj1k4v0aTo9
/amGkoO0bm3keqSBwKJTpyvZGw5m7JgsjWgtP9P+Wv94T+5EUnMHHgKn5weGA+5J
gcGuFoZDX6OoaUuDk9/XtIsI8gK8m0aMlkL/IaadhhRWfvt/E13asovjQO0KTiiQ
5NWTx5t7feIm64AX0LAW5JmBVWdWNvOV7Cm1CQYnq0l6DQp+m3AinkkjcKC1VGBF
LeMmqowsQXIl95AFVAtNdUU7uZNwlDg=
-----END PRIVATE KEY-----

21
ANW-URB/openvpn/gw-ckubu/keys/ta.key Normal file
View File

@ -0,0 +1,21 @@
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
aea26f8f0a99ff84f7a6a6f426bef710
2998c49555c2770d954b9251a74b6e30
3859a0a8c086f3509c440c50bf3230e3
d5bc2b247119a4fdb59aefdd2376475d
f060a24165022d981ddee0704d580587
752e520d930b24580ae5ccbef266c471
6ef8dfdd6ba9de23e63823841086a151
90e146c1d085b274d3403de9bd827935
cd18fd2cb4005f3c133802ccc0c2f885
decd3b5fd4d6dd53dc478c59f3a84dc5
e9a3d51e805811af39647a9904605b99
2dbf311089315fcbafa70b89e2d49b1b
d425b598f7551a2cb21ef9315a97e36b
2152699cf9ec5fa90df659495575a935
bceb34f91889eda617d2c6b26573c6c1
ce620dd47a0b08e6da791cf979ed8c44
-----END OpenVPN Static key V1-----