o.open/Office_Networks
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update ANW-URB.

Browse Source
This commit is contained in:
Christoph 2018-07-01 16:58:11 +02:00
parent 100d1297e6
commit a8ad08b139
107 changed files with 6107 additions and 89 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ANW-URB/README.txt
View File

@ -1,5 +1,8 @@
-------
Notice: Notice:
-------
You have to change some configuration files becaus the because You have to change some configuration files becaus the because
the configuration of network interfaces must not be equal. the configuration of network interfaces must not be equal.

2
ANW-URB/bin/admin-stuff

@ -1 +1 @@
Subproject commit 6c91fc0987a1d4b55910523e167b3755ab1f6718 Subproject commit 414ae04eada0ebc45643e82d8742de795e5c5a70

2
ANW-URB/bin/manage-gw-config

@ -1 +1 @@
Subproject commit 2a96dfdc8f50605a84059b07e64b8ae6b41b5688 Subproject commit e0e37c21b77b5876fb9b5b66204cfcb7eba3cffc

2
ANW-URB/bin/monitoring

@ -1 +1 @@
Subproject commit 0611d0a2ad1eefa0a9a094887a76bc5bc8532653 Subproject commit 9a02312bda7beec1b6d6f63d197f2dfd39254680

62
ANW-URB/bind/bind.keys
View File

@ -1,32 +1,31 @@
/* $Id: bind.keys,v 1.5.42.2 2011-01-04 19:14:48 each Exp $ */ # The bind.keys file is used to override the built-in DNSSEC trust anchors
# The bind.keys file is used to override built-in DNSSEC trust anchors # which are included as part of BIND 9. As of the current release, the only
# which are included as part of BIND 9. As of the current release (BIND # trust anchors it contains are those for the DNS root zone ("."), and for
# 9.7), the only trust anchor it sets is the one for the ISC DNSSEC # the ISC DNSSEC Lookaside Validation zone ("dlv.isc.org"). Trust anchors
# Lookaside Validation zone ("dlv.isc.org"). Trust anchors for any other # for any other zones MUST be configured elsewhere; if they are configured
# zones MUST be configured elsewhere; if they are configured here, they # here, they will not be recognized or used by named.
# will not be recognized or used by named.
# #
# This file also contains a copy of the trust anchor for the DNS root zone # The built-in trust anchors are provided for convenience of configuration.
# ("."). However, named does not use it; it is provided here for # They are not activated within named.conf unless specifically switched on.
# informational purposes only. To switch on DNSSEC validation at the # To use the built-in root key, set "dnssec-validation auto;" in
# root, the root key below can be copied into named.conf. # named.conf options. To use the built-in DLV key, set
# # "dnssec-lookaside auto;". Without these options being set,
# The built-in DLV trust anchor in this file is used directly by named. # the keys in this file are ignored.
# However, it is not activated unless specifically switched on. To use
# the DLV key, set "dnssec-lookaside auto;" in the named.conf options.
# Without this option being set, the key in this file is ignored.
# #
# This file is NOT expected to be user-configured. # This file is NOT expected to be user-configured.
# #
# These keys are current as of January 2011. If any key fails to # These keys are current as of Feburary 2017. If any key fails to
# initialize correctly, it may have expired. In that event you should # initialize correctly, it may have expired. In that event you should
# replace this file with a current version. The latest version of # replace this file with a current version. The latest version of
# bind.keys can always be obtained from ISC at https://www.isc.org/bind-keys. # bind.keys can always be obtained from ISC at https://www.isc.org/bind-keys.
managed-keys { managed-keys {
# ISC DLV: See https://www.isc.org/solutions/dlv for details. # ISC DLV: See https://www.isc.org/solutions/dlv for details.
# NOTE: This key is activated by setting "dnssec-lookaside auto;" #
# in named.conf. # NOTE: The ISC DLV zone is being phased out as of February 2017;
# the key will remain in place but the zone will be otherwise empty.
# Configuring "dnssec-lookaside auto;" to activate this key is
# harmless, but is no longer useful and is not recommended.
dlv.isc.org. initial-key 257 3 5 "BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2 dlv.isc.org. initial-key 257 3 5 "BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2
brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+ brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+
1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5 1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5
@ -35,10 +34,16 @@ managed-keys {
QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt
TDN0YUuWrBNh"; TDN0YUuWrBNh";
# ROOT KEY: See https://data.iana.org/root-anchors/root-anchors.xml # ROOT KEYS: See https://data.iana.org/root-anchors/root-anchors.xml
# for current trust anchor information. # for current trust anchor information.
# NOTE: This key is activated by setting "dnssec-validation auto;" #
# These keys are activated by setting "dnssec-validation auto;"
# in named.conf. # in named.conf.
#
# This key (19036) is to be phased out starting in 2017. It will
# remain in the root zone for some time after its successor key
# has been added. It will remain this file until it is removed from
# the root zone.
. initial-key 257 3 8 "AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF . initial-key 257 3 8 "AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF
FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX
bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD
@ -46,4 +51,19 @@ managed-keys {
W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS
Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq
QxA+Uk1ihz0="; QxA+Uk1ihz0=";
# This key (20326) is to be published in the root zone in 2017.
# Servers which were already using the old key (19036) should
# roll seamlessly to this new one via RFC 5011 rollover. Servers
# being set up for the first time can use the contents of this
# file as initializing keys; thereafter, the keys in the
# managed key database will be trusted and maintained
# automatically.
. initial-key 257 3 8 "AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3
+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kv
ArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF
0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+e
oZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfd
RUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwN
R1AkUTV74bU=";
}; };

49
ANW-URB/bind/bind.keys.dpkg-old Normal file
View File

@ -0,0 +1,49 @@
/* $Id: bind.keys,v 1.5.42.2 2011-01-04 19:14:48 each Exp $ */
# The bind.keys file is used to override built-in DNSSEC trust anchors
# which are included as part of BIND 9. As of the current release (BIND
# 9.7), the only trust anchor it sets is the one for the ISC DNSSEC
# Lookaside Validation zone ("dlv.isc.org"). Trust anchors for any other
# zones MUST be configured elsewhere; if they are configured here, they
# will not be recognized or used by named.
#
# This file also contains a copy of the trust anchor for the DNS root zone
# ("."). However, named does not use it; it is provided here for
# informational purposes only. To switch on DNSSEC validation at the
# root, the root key below can be copied into named.conf.
#
# The built-in DLV trust anchor in this file is used directly by named.
# However, it is not activated unless specifically switched on. To use
# the DLV key, set "dnssec-lookaside auto;" in the named.conf options.
# Without this option being set, the key in this file is ignored.
#
# This file is NOT expected to be user-configured.
#
# These keys are current as of January 2011. If any key fails to
# initialize correctly, it may have expired. In that event you should
# replace this file with a current version. The latest version of
# bind.keys can always be obtained from ISC at https://www.isc.org/bind-keys.
managed-keys {
# ISC DLV: See https://www.isc.org/solutions/dlv for details.
# NOTE: This key is activated by setting "dnssec-lookaside auto;"
# in named.conf.
dlv.isc.org. initial-key 257 3 5 "BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2
brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+
1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5
ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk
Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM
QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt
TDN0YUuWrBNh";
# ROOT KEY: See https://data.iana.org/root-anchors/root-anchors.xml
# for current trust anchor information.
# NOTE: This key is activated by setting "dnssec-validation auto;"
# in named.conf.
. initial-key 257 3 8 "AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF
FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX
bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD
X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz
W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS
Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq
QxA+Uk1ihz0=";
};

4
ANW-URB/openvpn/anwaeltinnen/ccd/server-anwaeltinnen/VPN-ANW-URB-chris Normal file
View File

@ -0,0 +1,4 @@
ifconfig-push 10.0.132.3 255.255.255.0
push "route 172.16.132.0 255.255.255.0"
#push "route 192.168.1.0 255.255.255.0"

2
ANW-URB/openvpn/anwaeltinnen/ccd/server-anwaeltinnen/VPN-ANW-URB-undine Normal file
View File

@ -0,0 +1,2 @@
ifconfig-push 10.0.132.4 255.255.255.0
#push "route 192.168.1.0 255.255.255.0"

270
ANW-URB/openvpn/anwaeltinnen/client-configs/chris.conf Normal file
View File

@ -0,0 +1,270 @@
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote gw-urban.oopen.de 1194
topology subnet
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Try to preserve some state across restarts.
persist-key
persist-tun
# Server CA
<ca>
-----BEGIN CERTIFICATE-----
MIIG5DCCBMygAwIBAgIJAN1fphZLnTfpMA0GCSqGSIb3DQEBCwUAMIGmMQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEUMBIGA1UEAxML
VlBOLUFOVy1VUkIxFDASBgNVBCkTC1ZQTiBBTlctVVJCMR0wGwYJKoZIhvcNAQkB
Fg5hcmd1c0Bvb3Blbi5kZTAgFw0xODA3MDExMTM2NTVaGA8yMDUwMDcwMTExMzY1
NVowgaYxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJl
cmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2Vz
MRQwEgYDVQQDEwtWUE4tQU5XLVVSQjEUMBIGA1UEKRMLVlBOIEFOVy1VUkIxHTAb
BgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOC
Ag8AMIICCgKCAgEA0Eg3kuQNQbERkNaYwBm4/Q1FAnFg5p9kPFDoYrx+/Sm1XCAp
dO4Ufs0ZqyGFhUMtKU2nNeKy21lPMR3sRIADlqX767FmNahMHsG6iJ87y2cEZKTD
CWK15jNEwP54DzxTqSEO3VnmMnZqOrahPTyAsrT/HGnaair40FG3JKj1VzbERuaD
u9OGKzGLFfZLTisGURAiU0yWKt9t6EbunXVheMmCv1n0ReKWF8W4lzPl7XNZnrN+
uVr6PFYwgwWW9iyJF5gwBuWnk6gCMZ4dk7NJGX00rPn9tL9gj4OpSq4ab9B9iUTM
9qtJRw859i8255TzyjGLrFxjdSVcr6jkKZXBqfPCc52PFsdtdi0Z3TaixY6q33NH
QPjLwacFHqKqjmURYmEJ6SCQh+gy88ns+q1F6iGW/RJcYAr5aSfHCujvcqzWx7kQ
Cm+M0e2or52GF7rni2RxuwN5VB+Rg8odDblXFJz8+Re2ogIjVJH3+SGO5THmWb2U
vcQfZG8HS9qo/M7AfFAX8rJ9SGUE8IXd+ToLChNQQ+ve0BtELVxepb9Sa+qNrd1y
KMgfexkCaI0FE8nrXyW/RcDuvczQu3Z4gUyimbGGR7OjCh0sbW/YKu/3Fa9TM5zB
Y4ftr7hy3ZnHbJN+19n2UHfmtTr+ZgeAs7JwMynInof8BHhGv+kUum3crJsCAwEA
AaOCAQ8wggELMB0GA1UdDgQWBBTF9OUo3n/o7JvzICYiUlEjKHRepDCB2wYDVR0j
BIHTMIHQgBTF9OUo3n/o7JvzICYiUlEjKHRepKGBrKSBqTCBpjELMAkGA1UEBhMC
REUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZv
Lm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1B
TlctVVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJn
dXNAb29wZW4uZGWCCQDdX6YWS5036TAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEB
CwUAA4ICAQCsVsSGmADWXv/lcH9sG+dIfQzq1b+gwlbdFPUX2Cc8zOnKwwKlG31k
dupsmTz6e7kXNMbcaWkZmhC20SxnuVzuT0BxoCAplTZ64FxK+Z3ezjIj0UxEVS83
m9uDUJ8Cqdcb/0sv05pPqvw3NL+VvNElyZKYsE8YqzlxNcM0GYpFlbO4mH9g1Oc/
FChyxW0j1tdo/DDUypxOJni/nFETudequpeEAFI5rhOTu34uG2KZCXvKrPwO/NG9
EmgTZJhEA2QLKBfBwfiWFIlFc1EOx9ZyjmIxt/iA2nQAB6nN7mp/RxuzHuLfqJcN
+4LpD/gl2vdmgTSgSWPsFthRZALW7U4pJew4vJeQZjhn/0KjSPCCkoLaAIW/xQrs
4HgieQxO56ejaUzU+FdzU4MgWpZrl7i0OiZ6KiSH56PlutZhLyQha/P03IeXpSDs
WdRVE6iQ24CLjIJ+B3C/T/YtAGEnm5L+Rw5bVcL4cIjkoQx0tVHE1OOcquYY78aA
o1/oMkW/HRx7rGfbxykcnVOYyEegklSu4uSBIw2qrlA1Ug3wWpK+226+s2Rprpbs
Y44VQIZ0c2ZFG2nrddoG1N+Uzse/577orfsXeMyEbShgnao4If13DKqPCNfayxmp
4phyU0hy3UUIEc92FBH/GlOBbbxAozfH39GICmeFO6xTJDajKG0OTA==
-----END CERTIFICATE-----
</ca>
# Client Certificate
<cert>
-----BEGIN CERTIFICATE-----
MIIHQDCCBSigAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1BTlct
VVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
b29wZW4uZGUwHhcNMTgwNzAxMTIxMzQ1WhcNMzgwNzAxMTIxMzQ1WjCBrDELMAkG
A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGjAYBgNVBAMT
EVZQTi1BTlctVVJCLWNocmlzMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqG
SIb3DQEJARYOYXJndXNAb29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
ggIKAoICAQCmaF8/xuke0DJtb9o+YbTcavESM+LsNxT4WNKymiE8Ai0ABVUxZq8E
52XYnYNcaiavt/3ijmdDxQBOuMqU87dEke37mEh6Rqi5V7fwJ5kXPHNlhxDGDuHW
dYXjD60IYrw1HYoI7QPYUUS0MsRX3oQtFknRmQZbHKQODToEMvsSE9ZiZGrioVxh
5X8bcB0kIhN7vxD8P6Z4dPHcA6LXKuBfzt//LXMt3RK65a5i01S1SFM57nBj/e6n
vhpBIbyEcap0FjXduNfI08QVuIxKkq1eHAOGTA5LbRixjYWSxO4B5AHIoBmQrbq8
aVzDVn0RgvUd3dQVuYPNDvneJOrrSEYuneD8yl998+luSvE9JvhltzxHHsyyNvTD
30B2WsNxRgIYrUxq6lPgoAzpwEy/NhmUAx3RfCAyZnsKOBAkGwhkYdisT5DByvru
IR8tXz2EoYEOZ0lbdulVTIGrH7isdJSXGQiOXbLZIhr3/eTcFv9gNqbI4PvpCwPG
UP8hg8O8aUiWcoxrEArLL3tpxlp5JlS4BSXJj725m/CCuaZN6hl6cEUFttKmIoKW
KzCt9h8okGLEJVJKJtza05+U3sT02wKKJwyXRdfvfF8Z+k/yQcvPGMHxuGbdgSNP
sKx6BBE5VWPlF5CxfZGadogRnA4J3SG/MNgeMJv5UZ2rDjqZoubuYQIDAQABo4IB
bzCCAWswCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2VuZXJh
dGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBTRPLXyUmqvwwPUbLmzUYaOMxr4WDCB
2wYDVR0jBIHTMIHQgBTF9OUo3n/o7JvzICYiUlEjKHRepKGBrKSBqTCBpjELMAkG
A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMT
C1ZQTi1BTlctVVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJ
ARYOYXJndXNAb29wZW4uZGWCCQDdX6YWS5036TATBgNVHSUEDDAKBggrBgEFBQcD
AjALBgNVHQ8EBAMCB4AwEAYDVR0RBAkwB4IFY2hyaXMwDQYJKoZIhvcNAQELBQAD
ggIBAI67FjgkmJlI0/bie4kSEb1orEKzCGmA1q9FxJAD+DnWEpQcE+SYrtgJH//T
aH37a5siyjfFtLsQqf+4mv1lG9jONeqQvr9g/vNI0GR7fefjl2GxzaiOlONqiiAO
PZG4GabB524T90/szbFuGn3ri+A+40qRCEKJzOYG6NI/IpNdO7VunbY5NdRIqdEl
9BfYt1ROmhQba2srFSRsuClmdwQixl1Qh7b/97DN9wVqn+PHIwPYppqD002bxYBb
LZaKsbVoHy+nZdyrOhjPe+FVxPYBDd9BxeXDBwoVfgww8Y2V/6eqnJ0nHyo77n+a
sVF0Nej+36/VMBrPaB4chwIVcwudRCsrNsSKsinL7JzBhry423CfK57kTsqDQ0Ib
481tqr7CH3kSmTSbAdDX+3NG8W3NWzKlSprll8SSi/b7xX17yv6xc3AnBcngLlvG
DLOiCDAgX0iwgho1to+rnyZ8/IlxWe+5BhBJMyHfPZuyphPhD7KqxBjKb6K4y1at
wUxI8YSBEKM5mcdmjrkYVZVyHZB0tK2UsbkJC/gzJaVMOmbLRIHTkdx93rNAewEU
8JopTqHv84Z1yFiL8n6sI5XTwqdcCvj9Q/lJ3mh1UBogmtStr6OSUMDiWmsOLD/9
9QhHpvTC376/9OwD78wpPRBmCHdmpthXvryCE1eVOszDcapr
-----END CERTIFICATE-----
</cert>
# Client Key
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIJljBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIwgpZYNPhKv4CAggA
MBQGCCqGSIb3DQMHBAhMWcosg1DkggSCCVBPbBDQJAZKMbPsp1qwJQL09RpZgtpp
y93DH+BlfoqK8Yvn2P1FUUSK7gtHtg7dL7MJyXzQSusx7rd62wMTPDPOCf2p5S50
EngLGOwuS6mQtYXHSxl1+RIJxkTJzCOkeiFYZ2eXwhC1iTCZzAMuRNoY7dSQWMtP
mkJEcjA5xlSXGc9YZHE9T9TtKPHF3l6QJk9y7iT0CUF1PjAoSijGreuUMvK6t7FM
Bv+yurbXC03v7Bmsb+m3zDUSOzsDtDGWChP4v9kAGjv+wDNY44fI4nD3B2oJrGzu
QRqmuv/LqYJc5/4M2MoasJD7mc7JxNqf4CiY01exgVnALEb8mm1GLu3b0dyf0H08
N4tJl+6kctl7nIxux943o5CXSenBjRbiTys/Hsv5iUhlzLKBxrAiVACIDnOy6LLE
Z1xpWw+kGPNk95v61wxrO+k7wie3rAjLGwSjlgE/ukmBoF+t/huyB/5Uax0OMMQU
ju50r7HGaKiNLGi97pdr56fmRquFzxfbAoToZckwBHd4ga0DMFoHylnOo4fzwmL6
BAJg/kBDfn16rjGCwg90CF9hLyEnOyppAqTwqXQyDAWOFJaXSArea/Tvvo6sTK92
maKSLXhu9wHOWgti7IE3/tz/DUkXeTMvAms+C7ho24E9VgRi+1l6r92A9eeSAO6L
/d13e5jOfQ0NUvNpn0VyzwgKJK+LB4br7DveehUtTr4RVgH5x2ulzmsEeDEvlH4a
RYV7uDCG+f2IHieNsn4jI2yxZTVv1VhtPWQJdsFFJ2wmTHwnU+wDmeTBAaucB6E9
8swykBViLQwWzy3prBonDz2+1jAzMTvCeasZwEovSxgVtrMCOH/vobotMW/YVHtC
TBYNtX+1Sc3er06LdhsXn6BpmNiGck3jqOYPZDihX38viOfzFg0vy60r39TyLBX9
VFTepVPNDvG4NdLoqibbt70ik2L9y2igL60jb4hPIjWhN7kgmA033PkhPUb/FR0P
c7vGAtKpZ8OWWlGMMzURYchspfkMfeZ8fPyyk8kHm8nKQ0+sICy8IqNqK0bitS95
nIkGrohRasxBN0eqth4aofP+uLwsUagrd+ceFWNr0+F4xoqtyLVy/iq6XJytZniW
8cth2X/U1GwZ/6F0SdylXLbPhVHCcPvlowCVVBR0wScxRH3WjDj5lk9uHX0bPYTA
Sl1cuheFGMUSA/77t64yiSEHewW0H/DRSuNPMOS1zLMQ/L5c+kPPHLKRFqJCkPc2
rvsqKxKgvlmwCziMVgJQ0ndfET7m7UY8xUhlja3tsDG9bvPey6b2ZzZUpuRCAcck
MfTZeHkUhONkI8WLooedSjMO/mavwO8wqotCdHnO2FDvYZhFeEoQYqtT5jCD5kJC
D0RA/mCN0HMntedYZb+1N8GTIFnNwqCZzh4+QD8Am/iKd3HqO1SgxAbEAAkxyK7O
pMo/pzQQW22+Th+yOLBeKRMOL6jdy3di/mId6XXq4DNn3kRsHFsRSVXaWfAabzxB
Lr4qGlv2cIOlxjWcaSI8ldeoazDKmA8vzeQzbK6fGu9QgAKh+i7443blPp8J5Ms6
6hz7NK/H39CRNK4B+WIMswHSokSn99SfiC+3sOGgHXXNlqlRwvp7r5OUQ1uP8wLm
D6g22sO1BzYZOVbocyeVyrLEBjpY3kzaQDR2h/Ts8Y3urH3crY5IB4ZEf7CT4XdI
Qu8cYJNM87ifrrKNC6ZyenVtmAGMjpu6yXAxyEb+qDQnBioCOdX5knYnsOpWHBWG
lBpdL5SSbXxH0UWlLbMiIdO9NhNKZ27OtjXp2rlxOJMVryYdWtgDp4phmvI1cgV5
Qo6cUxS4IG0nHFsEfOHO56xnQGyt5tKHTjg9xtDjgLz2gBknjK1KcUfdZ1PZshef
08Y0DeubeFAi95JwB8NcZYEf3P01JH4c55Z9fVfWzhb04mX1fdHz9O/XqCMymiIv
C39gqMk96mPGamaN2wVt2twbnUtoA83E3m1dxk94sKxmFugkvlN1w4XjPEw2Wwba
cQj3Or3E6CtWsAo/5wlQZypvVkknjfyFZRYWb4dGX0tCPdNLrkArkpABTi7XrgYC
MFw1FX/Q2axEYFYUAb3XjDULlqa6ot3HDfJLll2Tqt65dj7sf/655n/oMU6deV/d
VKJzHvTwRmYFQyMYYA4LB6pVuSAL7r4L0ObHolt+Lq7KQpShjZwzL9GGzsD8nA6B
YRczfnTJRp+KZ4Nxgm5vm/UDhvUmGavqhkCnAHfPEj6wgrMsc0vyujbOo50lXH87
YbscsJqDFsnB+Ym5K+bD8X6cgO66PC2qQIngDuHyPm57l/FdbdAFbWQaDiv8Yojo
PnU8LisFXOv0h4ESa83zSUw9YRhMFcPR5yh28iYlVDWJjd9VoXgOoR6YGwTkV/wy
4CkQVIFznftkZXaZYrsfU/GaR1LjGxwu9TlLzt8hAqbgvzbGXvUn0zF7HF2OrMoX
OTUr/ptuF8qzq2JMzBlCla7tp1cmBR8NFd1ZUQVat95OEG5U9aMvHjHIZGpw0gcx
3PavXizCvjgsl8aHSeTRPBxS1ajzXont/RjRO5SOVj1y8jzvd8suCWCjkB6XeJI7
1kZAz2STCxq7k2uwpYmFMcyu3RCISoyWFAvpNY298RtsvJexyj3iWiVNPRgEDfSy
mncxifB/TZKofpHe3+ZM6uEbiKE3eivIZVFRTC3p3qN+WTMrgzQinADQZTwzBnJz
/BzO3iejgI6URhx62F3OVJOaG16pYNJ+RT1gHFl/icozVOPXjSDgtjztDVKMhqd/
0oRCCCt5RBy5T6ufUpoJJ6rZsRRITthb+u7YhFZuuYcPCPcC1UF43SjXXitf00Av
ImlNi6F9FyQU8HZ8nMuOzcDv2E109g1nyisPnUTuBd5tPzVwHI5+ZdAWTYyGurDR
P+s+56COnfo68wcmPuEHSBqQjBD+8Tlkf0NS0g55uYiszULvWO74i0UEi0TXyd1b
sFXDbiUk7fIW5kWCzwaEgECTWAHNr52IpoF/5WEHCNaV2uDg7t5QLDMwVk3bJe2z
CODdkX5frI/HNkZwn7Ywq7uu+T2ADFSqRmjputFp/VjOuQICyJ0xL3vl51vn11FL
lj3hkBwxfHPZyugbwD9OkXInyr1du0h/aOoCauf2DX9IzAb48Xt0E0P0TiCUZJY0
WO3Ph1v2Ieg0Vg==
-----END ENCRYPTED PRIVATE KEY-----
</key>
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-server
# script in the easy-rsa folder will do this.
#
# Note!
# The option "ns-cert-type" has been deprecated since
# version 2.4 and will be removed from later distributions.
#
# Use the modern equivalent "remote-cert-tls"
#
;ns-cert-type server
remote-cert-tls server
# If a tls-auth key is used on the server
# then every client must also have the key.
#
# Don't forget to set the 'key-direction' Parameter if using
# Inline Key. Usualy , sever has key direction '0', while client
# has ke direction '1'.
#
key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
b5fff06e622a9b746f5f7496e4995abb
cdb1504b21d4f6937f4f455358831fa9
d9e6c2ff64229b53be1f5ee86865cd9b
6076ee9a55c4ec534d52ee6715b4bdee
993eab28f394fbb3843b6c4e4e2c71a8
75b2bf33e58457ad6d8e35c6adeafe13
ffc25ce4c6b7883311f40e6040e3a89d
7442612f008190286768cad399da95c7
1ada651b830a9ce00ed0c7397eb8d25e
efdac1ea41e70ab1c466d8e2a7d5ea61
6dc519f0561ffe874dd731da4de6b5e0
16d445c20133139d775e8eb4287a8a15
9f01cf7d7fa91ad6ec7c5fb876ccd181
0c100ac5dfd28f9bfe2fcc02c84f9d95
5c94571f02a6b9032f8f7fff07c29c9c
4cfbf4bcb2dd45e9659506e1b5c5b745
-----END OpenVPN Static key V1-----
</tls-auth>
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
cipher AES-256-CBC
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
;comp-lzo
# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 1
# Setting 'pull' on the client takes care to get the 'push' durectives
# from the server
pull

270
ANW-URB/openvpn/anwaeltinnen/client-configs/undine.conf Normal file
View File

@ -0,0 +1,270 @@
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote gw-urban.oopen.de 1194
topology subnet
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Try to preserve some state across restarts.
persist-key
persist-tun
# Server CA
<ca>
-----BEGIN CERTIFICATE-----
MIIG5DCCBMygAwIBAgIJAN1fphZLnTfpMA0GCSqGSIb3DQEBCwUAMIGmMQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEUMBIGA1UEAxML
VlBOLUFOVy1VUkIxFDASBgNVBCkTC1ZQTiBBTlctVVJCMR0wGwYJKoZIhvcNAQkB
Fg5hcmd1c0Bvb3Blbi5kZTAgFw0xODA3MDExMTM2NTVaGA8yMDUwMDcwMTExMzY1
NVowgaYxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJl
cmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2Vz
MRQwEgYDVQQDEwtWUE4tQU5XLVVSQjEUMBIGA1UEKRMLVlBOIEFOVy1VUkIxHTAb
BgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOC
Ag8AMIICCgKCAgEA0Eg3kuQNQbERkNaYwBm4/Q1FAnFg5p9kPFDoYrx+/Sm1XCAp
dO4Ufs0ZqyGFhUMtKU2nNeKy21lPMR3sRIADlqX767FmNahMHsG6iJ87y2cEZKTD
CWK15jNEwP54DzxTqSEO3VnmMnZqOrahPTyAsrT/HGnaair40FG3JKj1VzbERuaD
u9OGKzGLFfZLTisGURAiU0yWKt9t6EbunXVheMmCv1n0ReKWF8W4lzPl7XNZnrN+
uVr6PFYwgwWW9iyJF5gwBuWnk6gCMZ4dk7NJGX00rPn9tL9gj4OpSq4ab9B9iUTM
9qtJRw859i8255TzyjGLrFxjdSVcr6jkKZXBqfPCc52PFsdtdi0Z3TaixY6q33NH
QPjLwacFHqKqjmURYmEJ6SCQh+gy88ns+q1F6iGW/RJcYAr5aSfHCujvcqzWx7kQ
Cm+M0e2or52GF7rni2RxuwN5VB+Rg8odDblXFJz8+Re2ogIjVJH3+SGO5THmWb2U
vcQfZG8HS9qo/M7AfFAX8rJ9SGUE8IXd+ToLChNQQ+ve0BtELVxepb9Sa+qNrd1y
KMgfexkCaI0FE8nrXyW/RcDuvczQu3Z4gUyimbGGR7OjCh0sbW/YKu/3Fa9TM5zB
Y4ftr7hy3ZnHbJN+19n2UHfmtTr+ZgeAs7JwMynInof8BHhGv+kUum3crJsCAwEA
AaOCAQ8wggELMB0GA1UdDgQWBBTF9OUo3n/o7JvzICYiUlEjKHRepDCB2wYDVR0j
BIHTMIHQgBTF9OUo3n/o7JvzICYiUlEjKHRepKGBrKSBqTCBpjELMAkGA1UEBhMC
REUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZv
Lm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1B
TlctVVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJn
dXNAb29wZW4uZGWCCQDdX6YWS5036TAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEB
CwUAA4ICAQCsVsSGmADWXv/lcH9sG+dIfQzq1b+gwlbdFPUX2Cc8zOnKwwKlG31k
dupsmTz6e7kXNMbcaWkZmhC20SxnuVzuT0BxoCAplTZ64FxK+Z3ezjIj0UxEVS83
m9uDUJ8Cqdcb/0sv05pPqvw3NL+VvNElyZKYsE8YqzlxNcM0GYpFlbO4mH9g1Oc/
FChyxW0j1tdo/DDUypxOJni/nFETudequpeEAFI5rhOTu34uG2KZCXvKrPwO/NG9
EmgTZJhEA2QLKBfBwfiWFIlFc1EOx9ZyjmIxt/iA2nQAB6nN7mp/RxuzHuLfqJcN
+4LpD/gl2vdmgTSgSWPsFthRZALW7U4pJew4vJeQZjhn/0KjSPCCkoLaAIW/xQrs
4HgieQxO56ejaUzU+FdzU4MgWpZrl7i0OiZ6KiSH56PlutZhLyQha/P03IeXpSDs
WdRVE6iQ24CLjIJ+B3C/T/YtAGEnm5L+Rw5bVcL4cIjkoQx0tVHE1OOcquYY78aA
o1/oMkW/HRx7rGfbxykcnVOYyEegklSu4uSBIw2qrlA1Ug3wWpK+226+s2Rprpbs
Y44VQIZ0c2ZFG2nrddoG1N+Uzse/577orfsXeMyEbShgnao4If13DKqPCNfayxmp
4phyU0hy3UUIEc92FBH/GlOBbbxAozfH39GICmeFO6xTJDajKG0OTA==
-----END CERTIFICATE-----
</ca>
# Client Certificate
<cert>
-----BEGIN CERTIFICATE-----
MIIHQjCCBSqgAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1BTlct
VVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
b29wZW4uZGUwHhcNMTgwNzAxMTIxODE3WhcNMzgwNzAxMTIxODE3WjCBrTELMAkG
A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGzAZBgNVBAMT
ElZQTi1BTlctVVJCLXVuZGluZTEUMBIGA1UEKRMLVlBOIEFOVy1VUkIxHTAbBgkq
hkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
MIICCgKCAgEA1+izZ4w/cMKITssRbMM1d/POW3HvZN9M/tYuJX1S0fUPF3NL9u/W
Zeeh2H5DNv32BnTbFFJP1ky+wPBtvDixDvOkSYPTUKdp0lwsFtutzMfznNWQkcet
ads+Lruagmd/TfTJiAigQoo9S7CpiMwCtg4kDGpkpbTZx70DEKU6/RfhMoLx+8xn
S0hbQa8BtVj7MSIVhC/kWwV6+RuN2XMY7S1BBx0S1BQlkpuPSDkMTENUqiDa9TZK
186kWmgD8qj2rXDxNAPsNnTpdi9W1zcCoQA7kGk9pgkcle2jowIE+4zns9uf/6gQ
jKHwKVT9PTUhTYXCQcvoB9LO0ln4C3eh+Ud8N70EpL4qlyvJ4BJ5fIm+hPCrQ7Lw
w1ekuW6uhX89QSCC0NXWsScHhiimH9gxw1lGHcJek60dL7suEaK7WUV1ubffCiHS
9IKKd20XmpjXiQppx/Yr7MnVyTMYvzhYtPjGAFdlb/Ch5TW88BCBvXNMeEg/ceuW
YuMDRKIZQX6Q/LKgcrgoaoNmu0h12FbR88cBordV5rl2qT1qvezTLOC9zwfeAm3y
PEFgIfIttIVbEaLLcrTBgDtG8IGSxEJvC4XE5leC+qwKjd4O5a4X5PbUYGi0WbSt
jQDSNIB9qjOWU7/7VEIrUGOvsuL4unoSGLnVgUtnttLE3Iqc7h7mPFsCAwEAAaOC
AXAwggFsMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVy
YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU23oijcFi4NLk/l994E61OdufmOkw
gdsGA1UdIwSB0zCB0IAUxfTlKN5/6Oyb8yAmIlJRIyh0XqShgaykgakwgaYxCzAJ
BgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0G
A1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRQwEgYDVQQD
EwtWUE4tQU5XLVVSQjEUMBIGA1UEKRMLVlBOIEFOVy1VUkIxHTAbBgkqhkiG9w0B
CQEWDmFyZ3VzQG9vcGVuLmRlggkA3V+mFkudN+kwEwYDVR0lBAwwCgYIKwYBBQUH
AwIwCwYDVR0PBAQDAgeAMBEGA1UdEQQKMAiCBnVuZGluZTANBgkqhkiG9w0BAQsF
AAOCAgEAOJ9G1p+NGb2mdklY2pa/MmHsHAYtwFYVOMT5HscWyminX8GLhnucA+ZH
LLasngyHULn0TZt0HLzTbcmU2SwqFzYLOXfBbT0lIvrPLrEwEaFqaiWvuDET+TLB
UUiXrIwujUSlFv9bqd+u/l4Lim+Jtz5/y65amBzlAHLW/xXFfTq8yrHkD/Mb8bgi
yds7E/11PwOEg6JlT+Z7ui8m4bJ+aVWQ4mYqEhwFQlgpu+PgHG4+mrw5P9b951X7
f2femU0mQzk5JLXaFOnA3xx7k1UHFNTb3u+QWXmVxQdy1MojWt1unmtHTwEgadL6
dq+DRzoy7QAE6erNVXpOxl+0EapJydWz232Om+YfrWvBS0cIOlVudKlCi/ECHJbC
xnPXRYVARggFvJsZFC6NKQyyJKLKYhJYbX4fuP7CXCe3y0apB8bA73rpWcDI4Agr
9VndtYjf4VLWvQXV1PBcLY0d90Qdj3rY6nKxSBDYYxqyVRgYwg/aLDU2zHDLfjFn
pdJq4IVy4BQrUPpShVh84MIxt6ffJYtVT7ZI8mZmDRFQ2E2GAODsPuw5DxZwdsKG
aeg0JrrV/K9r+uHhKWERq5/h4Q7c71gxWABbk1O/sWDQsD1T6L79i1D1YdyZTxdq
XTJiDKsid5St9kxRoAPXA/7Ohb/rDCRcHR8oEJ+8E4a0xJ0SVCw=
-----END CERTIFICATE-----
</cert>
# Client Key
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIJjjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIBY2tP0fElaECAggA
MBQGCCqGSIb3DQMHBAh7JbT/FCqcYQSCCUgqNTx9aaElX8D0drs3YD6CNzNIyCKj
SvKpLe4PVMdtBJIwPG6SLdsI+rXyo0l27MJSnb0/6LOySVxXKHzherGq5PcaJym3
DU9cRA89zIM4wK3mTaGps8CWS7uaG1nRxKlvBD+5JA4HNMpQ9ALvUEnyjD1xpZXo
eJCirMUPL5SswUYmagIzAfVvqPNNEYlA0ljL3phtA9dR2S/E/YmuUPFc1raV/wG8
eRUC9oZy9zZUjNm9LT5F5cM7C0rwhUbcFviIi/EFaZEYqkR23iwDl7BhM3ULBLED
0qLGIHDFPnkF3rXiuvLEykr+bMUdzxiq3Yqz9kEG3RTBdjtKXplg1fJSqD2dbUiA
bSI9BU0o9+J0TdtpofDr+LAjWENsUJQ98EtdSNweaINt0q4CLiJ1ckQ61/Oz2IN7
hkE0e4eVWMb28vyVo17QhwRPxpe6SwFlfqM7i+G5nUqhzHpEYvAh4IO9aPWW9NCo
W/miI/7z5pM/+gvhfOco1JCaebpn6HdXlPhM/osuyffGE7XDnIKzSm8ucA8VmmIh
g7G9J6N1N54uqXwTBFZ1FMuHhtHNVN2yLOrwmlQeUItMREUgXHdoAfKqA4OC500Q
tCfR9cFEzyfRGgs56THpIv1YxsshNW7tfVQhOuQNBulrPJBceAq5JtfyVlV+EWo+
iaQ+l2WQhAV1VtLqq2tRrTX5949Tsj+sW9DsZ4LNGNlAOPh8x3WeJNCaCFIX6lcj
ltECknZEdzYPAxQAOvnNsCMI23Ak4Si+SkxWearZ1NXepLxqYQH2bmhIeayjjfBz
66uElG2WmhfQ2vxAVWh52paVDHAFDV92UG2H68dLaIDzJasvRZ1Lihx9ncDgx4uN
v7yGnXzq0rdWfiidYJS8AMpB46Pyh8/HWolW21vyzsr+OaxAaOOllcf5x8JtBcpi
2MKCUXq/AfgCYv8PSUdam4amFhBxR2C27PnFUxyrBTqgWsJtXffOBoN/okvwEDr2
cJb7Urk78VZP+QsgzwMsRsMJw0wRh4wFxFMAp+iNuSH1IWoKte04fMLrAX/J34pJ
0xUpyngX/Wbp2lkffhQwtM+hagLMV233sYmOAo0hHH9LhL/RFAQw1Ls/X+Y3caSU
oD4KSBReQG60xYX2S0DaK2WSvN1mPJYraxuWwmnLsX5mhk4Uk8n1ObOvx7paTQI1
KlC3lQU+e8bAhnbYFjIHvNbLdWtYsF7vQqRwTnX4ePm34PHjq9ZWHkY7RS21DQ6b
Wg2SMzHrsbnnL1YdcIXgkw74dfDBM3n2lZPmdnKPeDZYxHbrm50ZuBEr0FH3+rfb
OJEx/mIUg/Pul2ikFAsFJ22kqtmhZLn2iy6V2ECJKfdlrXwYTC8GtyEcSHRyCihg
8rpuMJrPmP0RltAEHrahOHtVkoOgUnGgPU7NXFHd4Y4DYYmsIbjFr13skPgPpJS3
yzB0gsQxTh7iw4y7XVYkt0LycorCvS/GR5tXt51EkOqWvrH4qVBglbdnxxQfeMC1
wRgkL8G2jjPYNySBc2Xdp8gyt/uBy/uRVpSFWsiuKyVcr6685kY6Sy+K8hqvAvNv
WkOkGpW1CQJh5uxcgdd0H50tFZHJ8TXWibbXKY+0Mn2HeML+J8dRPHDFcQUOYgmz
gd4ASzl0lGp3huWvSWMGgJHqCT0G9hRf6j/sFJRqpUBPXc0Jp3yf+TjWlMa0c0ld
8XStDL3bE5tq7zixreIIYlXPZIoKa8OWz+/1GVXgA2Z0FPr1dvy8hgNuC+Iy1DIZ
wbRp/SA78JOfvp45XnFwqkBpB3PCU0810++r9jTHJmkynmgZXfJv9Qcs8KLNEgAm
4WtCuuc4KVtlJ9e5ycdv/w0h/keYN6gVL1naLBIU4aT3YWU/g8Z/6cT6/daHZK5B
xpW6tIco+UA8JOh1MeLWR0nU5HGwFGVn78W32wgAhRNoXfJl//+2bQSy3fYQwSvN
ZpUNLjblZZ+P7KR95BV1yw2BmhaFIgl4NMLEWOSBD45hnuTdGVMogLb+mjROzWyg
mRWngVRCCauBkptDHbSjxFtCzcwZ8HfYKl/QHVFzmGlkTf/yJ40EtpWbmjjiE6D1
chkulZUt0HjR4hChJ+fsUAjHt85YXFibwpP4lwkLWReexZZVgPkVfg5iXWU+7h+m
+5kunxOx/XspEbRzueBrLyrUE3+t9aCCboOFar7JQPy3vAN06+Eb+xBpJWgGb1ah
RwXFhDFmdj6OXASxOKxQraKYy6/IeWlI0LprOqwmv8A+RF16CWaqDGV0Ow9tU2ui
mo4JInITTKFJUgzhlvzk7AMkQngJPcCYcnfxkhthCS2F6zjI0q1C6y3x6rnYHSiA
/u4qiZ0VY3id9R9kgyKdlddG0Rlw8U1x3tO3ZYedQsEcSHb9fFy5mh/3LDs6qhMp
3Lt7ezyt8JfmPDnXG5VJ+clAasdy/z7cILXuq6SLeNJZc3pFSLXMkejW4uRzgMGf
BVLwGYMA33RKPdDzBAjbxEF3nbR3CoEDbmxTyyxczM8N0bMQHHgu200QBn8v9pKj
CZy3fxTm8faNqZAqYOBP9iyc5NUhcGt7yfwPP8DiQDNfrngzNazAP64MfI1zzUxb
lKTiLqjH+FsrxuG6zFtX3Rg+GbjFz0uOFrk/WraJhE52k4DYQsHeYQDa4f8xOQA+
MJhSqEqRwP6KLKMrTBb+o7NYTyjM++8Q6/wiTbzp3dFfo/wju1NccUUjfQwd2QaP
KUQyXw4sIv+s1jBaPuw48XwZa3ETLAYWGSdz0dLoS8jWsiiM0oTor8lF4cluQAAa
MBaeFL7TpI6FwK9Si0XV5o/BDsumsx38ecnvWvSjB9BrmUXz9TEfVTFqgLN91Ohj
Eh3247DqWbQw9n1WF5cM85xuLFYVI+i+XBMZouqPOZih0nHnjyUndKaYSQLvcY4S
mnwNIY7N+LspPVsRCAg/ElRZc32HemCzID5oYjlfKpjt+pw5XylK63UXSw//jq78
2d9O103xb8AyQhLO5G+7VXia/68BiLQzSm5AoKqPERSmqalVRRtg5BQ4Ewe+o354
+ZD4dGiazIpG8j7HqN13k8Wzm9kOWZm97m64cNc+nhvdPPkoHyjWtSFoyVDlABT/
Qc9NJLBa4TofNOLZMeQNqGtHjXTdmrwxxe7MJaXGhUUB3zKhPoJyooLECLYUAPmA
T1U=
-----END ENCRYPTED PRIVATE KEY-----
</key>
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-server
# script in the easy-rsa folder will do this.
#
# Note!
# The option "ns-cert-type" has been deprecated since
# version 2.4 and will be removed from later distributions.
#
# Use the modern equivalent "remote-cert-tls"
#
;ns-cert-type server
remote-cert-tls server
# If a tls-auth key is used on the server
# then every client must also have the key.
#
# Don't forget to set the 'key-direction' Parameter if using
# Inline Key. Usualy , sever has key direction '0', while client
# has ke direction '1'.
#
key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
b5fff06e622a9b746f5f7496e4995abb
cdb1504b21d4f6937f4f455358831fa9
d9e6c2ff64229b53be1f5ee86865cd9b
6076ee9a55c4ec534d52ee6715b4bdee
993eab28f394fbb3843b6c4e4e2c71a8
75b2bf33e58457ad6d8e35c6adeafe13
ffc25ce4c6b7883311f40e6040e3a89d
7442612f008190286768cad399da95c7
1ada651b830a9ce00ed0c7397eb8d25e
efdac1ea41e70ab1c466d8e2a7d5ea61
6dc519f0561ffe874dd731da4de6b5e0
16d445c20133139d775e8eb4287a8a15
9f01cf7d7fa91ad6ec7c5fb876ccd181
0c100ac5dfd28f9bfe2fcc02c84f9d95
5c94571f02a6b9032f8f7fff07c29c9c
4cfbf4bcb2dd45e9659506e1b5c5b745
-----END OpenVPN Static key V1-----
</tls-auth>
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
cipher AES-256-CBC
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
;comp-lzo
# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 1
# Setting 'pull' on the client takes care to get the 'push' durectives
# from the server
pull

18
ANW-URB/openvpn/anwaeltinnen/crl.pem Normal file
View File

@ -0,0 +1,18 @@
-----BEGIN X509 CRL-----
MIIC7zCB2DANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCREUxDzANBgNVBAgT
BkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNV
BAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1BTlctVVJCMRQwEgYD
VQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUX
DTE4MDcwMTExNTAyMloYDzIwNTAwNzAxMTE1MDIyWjANBgkqhkiG9w0BAQsFAAOC
AgEANbwrI+TgGLoDlVTPqekHN6v6GYH84gXowpenqlPLERIEK+hpb0Kj4th7qr4d
6ekP/+7aasrr5ZR5ZCFGUDznfHegyP1YGTtCEtv1Gh8Etn1ZkjsrWL9YAxN2i4s3
iMKP3e1+Y3c/ai8RYW6ZuBbpxyTJUpQQjwGHb3iccFAOq9wnBuAZyDOJCvP6Jici
0dcXzWartfXlwipqduMNyyNQhNoZkb/Sv72wKP/K0XratZG+utV1W8Aonbp47hSA
Os/obxQTMsWL1sfcNqlZVEklc42YevOGFnxTzuim5JYehdzjqR8tutj31Qs0jRcq
ojWZiF7nTphiAdeZA5FBPkyeiEGX3IIxgEH2Miu5Jc3h6QIoGU64q9Qb2J3mu7D6
EcyOl3+BXGKSHYHorNb3Ti6g7dOyg4ng4sVeG6R/SwlhJbNYsM4S2vsGFI5kxT5x
4AJ0ShV2n75JCzySKUYlwre8X1/CBdHefyuXHl9wLlOOcAeyHx6yJUiYrdWZ0gu5
0aKSGPTkzPt41bo9zNojBRNW+UDW4EubY+F+Mac6y9Gn+ix2dm3k1CAoMSchGiUE
I8kiiZ4SNRUYJrnNYu2XiwhYMMI7knUkTTVqf4QF3ouvcKgTfyD7RQ4vQzaA6A6S
ar6C56aNPEbffN6tthtyKkI8T9aSXpr9hIvkYOCV7ajSwc8=
-----END X509 CRL-----

1
ANW-URB/openvpn/anwaeltinnen/easy-rsa/build-ca Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-ca

1
ANW-URB/openvpn/anwaeltinnen/easy-rsa/build-dh Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-dh

1
ANW-URB/openvpn/anwaeltinnen/easy-rsa/build-inter Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-inter

1
ANW-URB/openvpn/anwaeltinnen/easy-rsa/build-key Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-key

1
ANW-URB/openvpn/anwaeltinnen/easy-rsa/build-key-pass Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-key-pass

1
ANW-URB/openvpn/anwaeltinnen/easy-rsa/build-key-pkcs12 Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-key-pkcs12

1
ANW-URB/openvpn/anwaeltinnen/easy-rsa/build-key-server Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-key-server

1
ANW-URB/openvpn/anwaeltinnen/easy-rsa/build-req Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-req

1
ANW-URB/openvpn/anwaeltinnen/easy-rsa/build-req-pass Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-req-pass

1
ANW-URB/openvpn/anwaeltinnen/easy-rsa/clean-all Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/clean-all

1
ANW-URB/openvpn/anwaeltinnen/easy-rsa/inherit-inter Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/inherit-inter

1
ANW-URB/openvpn/anwaeltinnen/easy-rsa/list-crl Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/list-crl

268
ANW-URB/openvpn/anwaeltinnen/easy-rsa/openssl-0.9.6.cnf Normal file
View File

@ -0,0 +1,268 @@
# For use with easy-rsa version 2.0
#
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = $ENV::KEY_DIR # Where everything is kept
certs = $dir # Where the issued certs are kept
crl_dir = $dir # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir # default place for new certs.
certificate = $dir/ca.crt # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/ca.key # The private key
RANDFILE = $dir/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 3650 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = sha256 # which md to use.
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
####################################################################
[ req ]
default_bits = $ENV::KEY_SIZE
default_keyfile = privkey.pem
default_md = sha256
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString.
# utf8only: only UTF8Strings.
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
# so use this option with caution!
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = $ENV::KEY_COUNTRY
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = $ENV::KEY_PROVINCE
localityName = Locality Name (eg, city)
localityName_default = $ENV::KEY_CITY
0.organizationName = Organization Name (eg, company)
0.organizationName_default = $ENV::KEY_ORG
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
emailAddress = Email Address
emailAddress_default = $ENV::KEY_EMAIL
emailAddress_max = 40
# JY -- added for batch mode
organizationalUnitName_default = $ENV::KEY_OU
commonName_default = $ENV::KEY_CN
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "Easy-RSA Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=clientAuth
keyUsage = digitalSignature
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
subjectAltName=$ENV::KEY_ALTNAMES
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ server ]
# JY ADDED -- Make a cert with nsCertType set to "server"
basicConstraints=CA:FALSE
nsCertType = server
nsComment = "Easy-RSA Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=serverAuth
keyUsage = digitalSignature, keyEncipherment
subjectAltName=$ENV::KEY_ALTNAMES
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always

293
ANW-URB/openvpn/anwaeltinnen/easy-rsa/openssl-0.9.8.cnf Normal file
View File

@ -0,0 +1,293 @@
# For use with easy-rsa version 2.0
#
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
openssl_conf = openssl_init
[ openssl_init ]
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
engines = engine_section
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = $ENV::KEY_DIR # Where everything is kept
certs = $dir # Where the issued certs are kept
crl_dir = $dir # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir # default place for new certs.
certificate = $dir/ca.crt # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/ca.key # The private key
RANDFILE = $dir/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 3650 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = sha256 # which md to use.
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
####################################################################
[ req ]
default_bits = $ENV::KEY_SIZE
default_keyfile = privkey.pem
default_md = sha256
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString.
# utf8only: only UTF8Strings.
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
# so use this option with caution!
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = $ENV::KEY_COUNTRY
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = $ENV::KEY_PROVINCE
localityName = Locality Name (eg, city)
localityName_default = $ENV::KEY_CITY
0.organizationName = Organization Name (eg, company)
0.organizationName_default = $ENV::KEY_ORG
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
name = Name
name_max = 64
emailAddress = Email Address
emailAddress_default = $ENV::KEY_EMAIL
emailAddress_max = 40
# JY -- added for batch mode
organizationalUnitName_default = $ENV::KEY_OU
commonName_default = $ENV::KEY_CN
name_default = $ENV::KEY_NAME
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "Easy-RSA Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=clientAuth
keyUsage = digitalSignature
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
subjectAltName=$ENV::KEY_ALTNAMES
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ server ]
# JY ADDED -- Make a cert with nsCertType set to "server"
basicConstraints=CA:FALSE
nsCertType = server
nsComment = "Easy-RSA Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=serverAuth
keyUsage = digitalSignature, keyEncipherment
subjectAltName=$ENV::KEY_ALTNAMES
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always
[ engine_section ]
#
# If you are using PKCS#11
# Install engine_pkcs11 of opensc (www.opensc.org)
# And uncomment the following
# verify that dynamic_path points to the correct location
#
#pkcs11 = pkcs11_section
[ pkcs11_section ]
engine_id = pkcs11
dynamic_path = /usr/lib/engines/engine_pkcs11.so
MODULE_PATH = $ENV::PKCS11_MODULE_PATH
PIN = $ENV::PKCS11_PIN
init = 0

290
ANW-URB/openvpn/anwaeltinnen/easy-rsa/openssl-1.0.0.cnf Normal file
View File

@ -0,0 +1,290 @@
# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
openssl_conf = openssl_init
[ openssl_init ]
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
engines = engine_section
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = $ENV::KEY_DIR # Where everything is kept
certs = $dir # Where the issued certs are kept
crl_dir = $dir # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir # default place for new certs.
certificate = $dir/ca.crt # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/ca.key # The private key
RANDFILE = $dir/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
#default_days = 3650 # how long to certify for
default_days = 11688
#default_crl_days= 30 # how long before next CRL
default_crl_days = 11688
default_md = sha256 # use public key default MD
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
####################################################################
[ req ]
default_bits = $ENV::KEY_SIZE
default_keyfile = privkey.pem
default_md = sha256
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString (PKIX recommendation after 2004).
# utf8only: only UTF8Strings (PKIX recommendation after 2004).
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = $ENV::KEY_COUNTRY
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = $ENV::KEY_PROVINCE
localityName = Locality Name (eg, city)
localityName_default = $ENV::KEY_CITY
0.organizationName = Organization Name (eg, company)
0.organizationName_default = $ENV::KEY_ORG
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
name = Name
name_max = 64
emailAddress = Email Address
emailAddress_default = $ENV::KEY_EMAIL
emailAddress_max = 40
# JY -- added for batch mode
organizationalUnitName_default = $ENV::KEY_OU
commonName_default = $ENV::KEY_CN
name_default = $ENV::KEY_NAME
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "Easy-RSA Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=clientAuth
keyUsage = digitalSignature
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
subjectAltName=$ENV::KEY_ALTNAMES
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ server ]
# JY ADDED -- Make a cert with nsCertType set to "server"
basicConstraints=CA:FALSE
nsCertType = server
nsComment = "Easy-RSA Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=serverAuth
keyUsage = digitalSignature, keyEncipherment
subjectAltName=$ENV::KEY_ALTNAMES
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always
[ engine_section ]
#
# If you are using PKCS#11
# Install engine_pkcs11 of opensc (www.opensc.org)
# And uncomment the following
# verify that dynamic_path points to the correct location
#
#pkcs11 = pkcs11_section
[ pkcs11_section ]
engine_id = pkcs11
dynamic_path = /usr/lib/engines/engine_pkcs11.so
MODULE_PATH = $ENV::PKCS11_MODULE_PATH
PIN = $ENV::PKCS11_PIN
init = 0

288
ANW-URB/openvpn/anwaeltinnen/easy-rsa/openssl-1.0.0.cnf.ORIG Normal file
View File

@ -0,0 +1,288 @@
# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
openssl_conf = openssl_init
[ openssl_init ]
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
engines = engine_section
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = $ENV::KEY_DIR # Where everything is kept
certs = $dir # Where the issued certs are kept
crl_dir = $dir # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir # default place for new certs.
certificate = $dir/ca.crt # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/ca.key # The private key
RANDFILE = $dir/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 3650 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = sha256 # use public key default MD
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
####################################################################
[ req ]
default_bits = $ENV::KEY_SIZE
default_keyfile = privkey.pem
default_md = sha256
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString (PKIX recommendation after 2004).
# utf8only: only UTF8Strings (PKIX recommendation after 2004).
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = $ENV::KEY_COUNTRY
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = $ENV::KEY_PROVINCE
localityName = Locality Name (eg, city)
localityName_default = $ENV::KEY_CITY
0.organizationName = Organization Name (eg, company)
0.organizationName_default = $ENV::KEY_ORG
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
name = Name
name_max = 64
emailAddress = Email Address
emailAddress_default = $ENV::KEY_EMAIL
emailAddress_max = 40
# JY -- added for batch mode
organizationalUnitName_default = $ENV::KEY_OU
commonName_default = $ENV::KEY_CN
name_default = $ENV::KEY_NAME
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "Easy-RSA Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=clientAuth
keyUsage = digitalSignature
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
subjectAltName=$ENV::KEY_ALTNAMES
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ server ]
# JY ADDED -- Make a cert with nsCertType set to "server"
basicConstraints=CA:FALSE
nsCertType = server
nsComment = "Easy-RSA Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=serverAuth
keyUsage = digitalSignature, keyEncipherment
subjectAltName=$ENV::KEY_ALTNAMES
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always
[ engine_section ]
#
# If you are using PKCS#11
# Install engine_pkcs11 of opensc (www.opensc.org)
# And uncomment the following
# verify that dynamic_path points to the correct location
#
#pkcs11 = pkcs11_section
[ pkcs11_section ]
engine_id = pkcs11
dynamic_path = /usr/lib/engines/engine_pkcs11.so
MODULE_PATH = $ENV::PKCS11_MODULE_PATH
PIN = $ENV::PKCS11_PIN
init = 0

1
ANW-URB/openvpn/anwaeltinnen/easy-rsa/pkitool Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/pkitool

1
ANW-URB/openvpn/anwaeltinnen/easy-rsa/revoke-full Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/revoke-full

1
ANW-URB/openvpn/anwaeltinnen/easy-rsa/sign-req Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/sign-req

96
ANW-URB/openvpn/anwaeltinnen/easy-rsa/vars Normal file
View File

@ -0,0 +1,96 @@
# easy-rsa parameter settings
# NOTE: If you installed from an RPM,
# don't edit this file in place in
# /usr/share/openvpn/easy-rsa --
# instead, you should copy the whole
# easy-rsa directory to another location
# (such as /etc/openvpn) so that your
# edits will not be wiped out by a future
# OpenVPN package upgrade.
# This variable should point to
# the top level of the easy-rsa
# tree.
##export EASY_RSA="`pwd`"
export BASE_DIR="/etc/openvpn/anwaeltinnen"
export EASY_RSA="$BASE_DIR/easy-rsa"
#
# This variable should point to
# the requested executables
#
export OPENSSL="openssl"
export PKCS11TOOL="pkcs11-tool"
export GREP="grep"
# This variable should point to
# the openssl.cnf file included
# with easy-rsa.
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
# Edit this variable to point to
# your soon-to-be-created key
# directory.
#
# WARNING: clean-all will do
# a rm -rf on this directory
# so make sure you define
# it correctly!
##export KEY_DIR="$EASY_RSA/keys"
export KEY_DIR="$BASE_DIR/keys"
# Issue rm -rf warning
echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
# PKCS11 fixes
export PKCS11_MODULE_PATH="dummy"
export PKCS11_PIN="dummy"
# Increase this to 2048 if you
# are paranoid. This will slow
# down TLS negotiation performance
# as well as the one-time DH parms
# generation process.
##export KEY_SIZE=2048
export KEY_SIZE=4096
# In how many days should the root CA key expire?
##export CA_EXPIRE=3650
export CA_EXPIRE=11688
# In how many days should certificates expire?
##export KEY_EXPIRE=3650
export KEY_EXPIRE=7305
# These are the default values for fields
# which will be placed in the certificate.
# Don't leave any of these fields blank.
##export KEY_COUNTRY="US"
export KEY_COUNTRY="DE"
##export KEY_PROVINCE="CA"
export KEY_PROVINCE="Berlin"
##export KEY_CITY="SanFrancisco"
export KEY_CITY="Berlin"
##export KEY_ORG="Fort-Funston"
export KEY_ORG="o.open"
##export KEY_EMAIL="me@myhost.mydomain"
export KEY_EMAIL="argus@oopen.de"
##export KEY_OU="MyOrganizationalUnit"
export KEY_OU="Network Services"
# X509 Subject Field
##export KEY_NAME="EasyRSA"
export KEY_NAME="VPN ANW-URB"
# PKCS11 Smart Card
# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
# export PKCS11_PIN=1234
# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
## export KEY_CN="CommonName"
export KEY_CN="VPN-ANW-URB"
export KEY_ALTNAMES="VPN-ANW-URB"

80
ANW-URB/openvpn/anwaeltinnen/easy-rsa/vars.2018-07-01-1326 Normal file
View File

@ -0,0 +1,80 @@
# easy-rsa parameter settings
# NOTE: If you installed from an RPM,
# don't edit this file in place in
# /usr/share/openvpn/easy-rsa --
# instead, you should copy the whole
# easy-rsa directory to another location
# (such as /etc/openvpn) so that your
# edits will not be wiped out by a future
# OpenVPN package upgrade.
# This variable should point to
# the top level of the easy-rsa
# tree.
export EASY_RSA="`pwd`"
#
# This variable should point to
# the requested executables
#
export OPENSSL="openssl"
export PKCS11TOOL="pkcs11-tool"
export GREP="grep"
# This variable should point to
# the openssl.cnf file included
# with easy-rsa.
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
# Edit this variable to point to
# your soon-to-be-created key
# directory.
#
# WARNING: clean-all will do
# a rm -rf on this directory
# so make sure you define
# it correctly!
export KEY_DIR="$EASY_RSA/keys"
# Issue rm -rf warning
echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
# PKCS11 fixes
export PKCS11_MODULE_PATH="dummy"
export PKCS11_PIN="dummy"
# Increase this to 2048 if you
# are paranoid. This will slow
# down TLS negotiation performance
# as well as the one-time DH parms
# generation process.
export KEY_SIZE=2048
# In how many days should the root CA key expire?
export CA_EXPIRE=3650
# In how many days should certificates expire?
export KEY_EXPIRE=3650
# These are the default values for fields
# which will be placed in the certificate.
# Don't leave any of these fields blank.
export KEY_COUNTRY="US"
export KEY_PROVINCE="CA"
export KEY_CITY="SanFrancisco"
export KEY_ORG="Fort-Funston"
export KEY_EMAIL="me@myhost.mydomain"
export KEY_OU="MyOrganizationalUnit"
# X509 Subject Field
export KEY_NAME="EasyRSA"
# PKCS11 Smart Card
# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
# export PKCS11_PIN=1234
# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
# export KEY_CN="CommonName"

1
ANW-URB/openvpn/anwaeltinnen/easy-rsa/whichopensslcnf Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/whichopensslcnf

8
ANW-URB/openvpn/anwaeltinnen/keys-created.txt Normal file
View File

@ -0,0 +1,8 @@
key...............: chris.key
common name.......: VPN-ANW-URB-chris
password..........: dbddhkpuka.&EadGl15E.
key...............: undine.key
common name.......: VPN-ANW-URB-undine
password..........: JH334nmXPdsw

142
ANW-URB/openvpn/anwaeltinnen/keys/01.pem Normal file
View File

@ -0,0 +1,142 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-ANW-URB/name=VPN ANW-URB/emailAddress=argus@oopen.de
Validity
Not Before: Jul 1 11:50:13 2018 GMT
Not After : Jul 1 11:50:13 2038 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-ANW-URB-server/name=VPN ANW-URB/emailAddress=argus@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:9a:fc:0b:94:9f:83:ea:2d:cc:b3:5a:74:89:c9:
b0:32:ce:38:07:f1:1f:47:04:a1:0c:b1:b9:c3:2f:
e8:31:a9:0b:df:ca:59:16:5f:13:40:c2:89:56:47:
90:b3:b8:d8:06:92:df:ae:05:70:d7:c1:95:57:9c:
2d:d6:2a:77:28:40:5b:80:45:4d:dc:79:02:18:14:
97:b7:83:26:b5:37:ab:85:b6:a1:4a:3e:87:9c:c4:
0e:ab:54:e2:99:f3:11:52:50:89:40:6f:79:e3:12:
40:5e:b6:ea:08:53:68:6a:21:7a:24:20:f9:89:c1:
e0:5b:9c:3f:16:80:f1:d6:d2:6e:e5:85:02:e6:79:
18:27:d2:26:f0:e3:30:94:0d:f9:72:d0:f8:c6:18:
d2:4d:a9:b8:64:ab:35:8b:1b:35:5e:0f:9c:2a:d4:
6e:23:34:fa:e2:35:e5:7e:fc:6c:2c:3a:d1:79:cf:
2c:a1:c5:da:a6:f9:ea:26:49:76:09:40:fd:0d:e2:
9b:89:47:ab:ce:5d:a5:a7:ec:d3:14:15:be:b9:e0:
67:25:7d:fa:0d:8a:f8:b0:02:92:2a:f6:80:f1:ac:
e3:d5:41:11:c2:53:e5:a5:8e:28:03:b7:76:ba:94:
28:53:52:fa:58:ad:ad:d2:3d:2d:b0:b2:94:8d:75:
42:a3:97:3b:e1:89:19:e0:f8:46:04:79:17:6b:59:
7c:fa:9a:0a:da:59:1b:a2:f5:bb:45:04:0f:f1:d5:
2e:7b:57:b9:ee:d5:5c:f1:88:75:12:d6:73:1e:6a:
dc:94:e0:0b:e6:0b:5a:1e:74:e8:65:1e:0a:10:ef:
b8:81:3a:58:3f:fe:19:af:1b:cd:93:98:70:f5:22:
ea:7a:d2:30:b1:0d:cb:76:44:14:9e:fa:19:1b:2a:
d3:67:1f:55:8a:39:c5:5d:d7:a4:67:3b:31:ee:19:
4e:d0:6c:7d:26:18:e4:14:a8:70:f8:a1:14:1d:e3:
7e:27:0d:ad:38:39:79:7a:73:94:fd:ae:c4:70:6e:
82:a1:f6:a0:b2:2d:54:cc:56:d4:76:5d:36:40:19:
32:ab:58:23:1e:0e:a5:b0:3f:87:7a:59:4a:f6:2d:
3c:0a:64:8b:a8:1e:54:12:3d:34:bf:33:6b:78:a7:
0c:38:dd:78:6f:e3:97:ad:bd:c9:89:69:50:3a:e9:
ff:2e:0e:93:5d:73:80:22:e1:33:e0:a6:9e:95:cc:
d6:a2:93:19:37:0f:40:95:c1:27:6d:1c:0d:5c:84:
7b:29:d0:ab:1d:63:fc:87:cf:74:01:df:b4:9f:82:
6b:2a:8e:1c:c0:9d:ff:c7:24:ee:fb:c3:a1:54:98:
8c:b6:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Server
Netscape Comment:
Easy-RSA Generated Server Certificate
X509v3 Subject Key Identifier:
6D:8B:55:0E:DB:C6:58:D5:DD:1B:1F:2F:BA:81:09:D0:C0:3C:36:AC
X509v3 Authority Key Identifier:
keyid:C5:F4:E5:28:DE:7F:E8:EC:9B:F3:20:26:22:52:51:23:28:74:5E:A4
DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-ANW-URB/name=VPN ANW-URB/emailAddress=argus@oopen.de
serial:DD:5F:A6:16:4B:9D:37:E9
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Subject Alternative Name:
DNS:server
Signature Algorithm: sha256WithRSAEncryption
75:3e:fb:6f:7e:2d:18:5f:3d:09:31:66:b2:75:25:cd:bd:72:
2f:61:17:87:4a:f9:d4:ac:15:f2:9f:75:0d:fd:90:0f:b4:d6:
aa:79:d8:6a:44:86:e2:ab:5e:3c:1b:22:79:52:a3:da:8c:41:
c5:17:b6:e3:07:78:04:06:1e:4b:d0:cf:96:50:4c:07:67:df:
5b:8f:77:e9:6b:7a:c4:8a:4f:d5:81:69:b5:01:d6:42:34:69:
be:d4:6d:40:39:62:6d:49:31:ff:b7:86:95:31:b1:95:52:ae:
98:c2:fa:9e:b4:1e:90:2e:8e:29:6e:e9:01:e7:83:56:4d:49:
3f:52:2e:b4:9b:a2:72:1b:1b:fd:19:a5:03:ca:01:d0:95:9f:
56:fd:4e:a0:d8:58:c3:b4:f7:1f:ba:79:21:ab:5b:a0:35:d8:
af:a7:2e:41:b7:ab:1b:e1:63:88:ed:fb:2b:f8:4f:49:b5:b2:
07:94:92:59:dd:db:c2:d6:53:fc:27:3f:0b:09:25:17:53:76:
ee:60:77:d7:b5:4e:46:41:f0:a3:cd:9c:71:16:b4:f2:c4:85:
20:43:e0:37:b2:8d:fb:ce:85:07:44:f8:0d:05:a5:5b:68:85:
31:7b:0e:1c:7e:03:f4:13:a1:2e:3f:1f:18:71:b4:36:7a:d6:
f3:ba:5b:32:67:aa:05:d2:00:fd:dc:4f:9e:83:cc:81:9b:e9:
ad:57:7e:b5:ec:53:63:7f:7e:59:e7:0c:98:14:e6:2b:2a:c1:
de:f7:3a:c3:14:8b:5f:3a:d3:07:6d:bb:61:09:53:b9:77:17:
30:c5:91:7a:c4:94:38:0a:27:c2:20:80:8c:03:b4:95:1e:e1:
81:7c:99:d8:dd:79:94:ae:84:2f:6f:35:6a:67:3d:fc:3a:c4:
d3:77:ca:85:5d:7a:be:12:e9:a7:c9:e7:bf:25:82:69:a0:06:
18:12:b0:e1:84:2b:94:b6:2a:48:0c:93:19:b5:cf:09:13:72:
ff:cc:9e:e4:b5:56:f7:b4:c8:93:6d:bd:0c:0c:1b:42:34:2c:
59:7a:21:c0:3c:cb:4f:4f:f3:0c:29:d0:56:05:1a:46:58:93:
0e:d3:40:e3:b1:9c:04:58:84:e0:cc:bd:0e:fa:99:15:09:b0:
c5:50:aa:1f:8a:70:fb:2d:ac:c6:b6:7b:00:4c:07:ab:b0:00:
0b:2e:2c:0e:e2:0c:99:cb:c1:9f:9c:a1:53:95:9c:d1:5e:31:
af:ee:79:b8:22:62:2c:c1:de:0c:f1:7f:6e:c3:c7:ad:76:c1:
0b:74:05:13:7b:1a:97:90:27:0a:e3:3f:ae:4a:c2:d4:04:30:
2c:bb:ac:fe:00:f7:e8:e1
-----BEGIN CERTIFICATE-----
MIIHXDCCBUSgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1BTlct
VVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
b29wZW4uZGUwHhcNMTgwNzAxMTE1MDEzWhcNMzgwNzAxMTE1MDEzWjCBrTELMAkG
A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGzAZBgNVBAMT
ElZQTi1BTlctVVJCLXNlcnZlcjEUMBIGA1UEKRMLVlBOIEFOVy1VUkIxHTAbBgkq
hkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
MIICCgKCAgEAmvwLlJ+D6i3Ms1p0icmwMs44B/EfRwShDLG5wy/oMakL38pZFl8T
QMKJVkeQs7jYBpLfrgVw18GVV5wt1ip3KEBbgEVN3HkCGBSXt4MmtTerhbahSj6H
nMQOq1TimfMRUlCJQG954xJAXrbqCFNoaiF6JCD5icHgW5w/FoDx1tJu5YUC5nkY
J9Im8OMwlA35ctD4xhjSTam4ZKs1ixs1Xg+cKtRuIzT64jXlfvxsLDrRec8socXa
pvnqJkl2CUD9DeKbiUerzl2lp+zTFBW+ueBnJX36DYr4sAKSKvaA8azj1UERwlPl
pY4oA7d2upQoU1L6WK2t0j0tsLKUjXVCo5c74YkZ4PhGBHkXa1l8+poK2lkbovW7
RQQP8dUue1e57tVc8Yh1EtZzHmrclOAL5gtaHnToZR4KEO+4gTpYP/4ZrxvNk5hw
9SLqetIwsQ3LdkQUnvoZGyrTZx9VijnFXdekZzsx7hlO0Gx9JhjkFKhw+KEUHeN+
Jw2tODl5enOU/a7EcG6Cofagsi1UzFbUdl02QBkyq1gjHg6lsD+HellK9i08CmSL
qB5UEj00vzNreKcMON14b+OXrb3JiWlQOun/Lg6TXXOAIuEz4KaelczWopMZNw9A
lcEnbRwNXIR7KdCrHWP8h890Ad+0n4JrKo4cwJ3/xyTu+8OhVJiMtj8CAwEAAaOC
AYowggGGMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMDQGCWCGSAGG+EIB
DQQnFiVFYXN5LVJTQSBHZW5lcmF0ZWQgU2VydmVyIENlcnRpZmljYXRlMB0GA1Ud
DgQWBBRti1UO28ZY1d0bHy+6gQnQwDw2rDCB2wYDVR0jBIHTMIHQgBTF9OUo3n/o
7JvzICYiUlEjKHRepKGBrKSBqTCBpjELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJl
cmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsT
EE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1BTlctVVJCMRQwEgYDVQQp
EwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDd
X6YWS5036TATBgNVHSUEDDAKBggrBgEFBQcDATALBgNVHQ8EBAMCBaAwEQYDVR0R
BAowCIIGc2VydmVyMA0GCSqGSIb3DQEBCwUAA4ICAQB1Pvtvfi0YXz0JMWaydSXN
vXIvYReHSvnUrBXyn3UN/ZAPtNaqedhqRIbiq148GyJ5UqPajEHFF7bjB3gEBh5L
0M+WUEwHZ99bj3fpa3rEik/VgWm1AdZCNGm+1G1AOWJtSTH/t4aVMbGVUq6Ywvqe
tB6QLo4pbukB54NWTUk/Ui60m6JyGxv9GaUDygHQlZ9W/U6g2FjDtPcfunkhq1ug
Ndivpy5Bt6sb4WOI7fsr+E9JtbIHlJJZ3dvC1lP8Jz8LCSUXU3buYHfXtU5GQfCj
zZxxFrTyxIUgQ+A3so37zoUHRPgNBaVbaIUxew4cfgP0E6EuPx8YcbQ2etbzulsy
Z6oF0gD93E+eg8yBm+mtV3617FNjf35Z5wyYFOYrKsHe9zrDFItfOtMHbbthCVO5
dxcwxZF6xJQ4CifCIICMA7SVHuGBfJnY3XmUroQvbzVqZz38OsTTd8qFXXq+Eumn
yee/JYJpoAYYErDhhCuUtipIDJMZtc8JE3L/zJ7ktVb3tMiTbb0MDBtCNCxZeiHA
PMtPT/MMKdBWBRpGWJMO00DjsZwEWITgzL0O+pkVCbDFUKofinD7LazGtnsATAer
sAALLiwO4gyZy8GfnKFTlZzRXjGv7nm4ImIswd4M8X9uw8etdsELdAUTexqXkCcK
4z+uSsLUBDAsu6z+APfo4Q==
-----END CERTIFICATE-----

139
ANW-URB/openvpn/anwaeltinnen/keys/02.pem Normal file
View File

@ -0,0 +1,139 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-ANW-URB/name=VPN ANW-URB/emailAddress=argus@oopen.de
Validity
Not Before: Jul 1 12:13:45 2018 GMT
Not After : Jul 1 12:13:45 2038 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-ANW-URB-chris/name=VPN ANW-URB/emailAddress=argus@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:a6:68:5f:3f:c6:e9:1e:d0:32:6d:6f:da:3e:61:
b4:dc:6a:f1:12:33:e2:ec:37:14:f8:58:d2:b2:9a:
21:3c:02:2d:00:05:55:31:66:af:04:e7:65:d8:9d:
83:5c:6a:26:af:b7:fd:e2:8e:67:43:c5:00:4e:b8:
ca:94:f3:b7:44:91:ed:fb:98:48:7a:46:a8:b9:57:
b7:f0:27:99:17:3c:73:65:87:10:c6:0e:e1:d6:75:
85:e3:0f:ad:08:62:bc:35:1d:8a:08:ed:03:d8:51:
44:b4:32:c4:57:de:84:2d:16:49:d1:99:06:5b:1c:
a4:0e:0d:3a:04:32:fb:12:13:d6:62:64:6a:e2:a1:
5c:61:e5:7f:1b:70:1d:24:22:13:7b:bf:10:fc:3f:
a6:78:74:f1:dc:03:a2:d7:2a:e0:5f:ce:df:ff:2d:
73:2d:dd:12:ba:e5:ae:62:d3:54:b5:48:53:39:ee:
70:63:fd:ee:a7:be:1a:41:21:bc:84:71:aa:74:16:
35:dd:b8:d7:c8:d3:c4:15:b8:8c:4a:92:ad:5e:1c:
03:86:4c:0e:4b:6d:18:b1:8d:85:92:c4:ee:01:e4:
01:c8:a0:19:90:ad:ba:bc:69:5c:c3:56:7d:11:82:
f5:1d:dd:d4:15:b9:83:cd:0e:f9:de:24:ea:eb:48:
46:2e:9d:e0:fc:ca:5f:7d:f3:e9:6e:4a:f1:3d:26:
f8:65:b7:3c:47:1e:cc:b2:36:f4:c3:df:40:76:5a:
c3:71:46:02:18:ad:4c:6a:ea:53:e0:a0:0c:e9:c0:
4c:bf:36:19:94:03:1d:d1:7c:20:32:66:7b:0a:38:
10:24:1b:08:64:61:d8:ac:4f:90:c1:ca:fa:ee:21:
1f:2d:5f:3d:84:a1:81:0e:67:49:5b:76:e9:55:4c:
81:ab:1f:b8:ac:74:94:97:19:08:8e:5d:b2:d9:22:
1a:f7:fd:e4:dc:16:ff:60:36:a6:c8:e0:fb:e9:0b:
03:c6:50:ff:21:83:c3:bc:69:48:96:72:8c:6b:10:
0a:cb:2f:7b:69:c6:5a:79:26:54:b8:05:25:c9:8f:
bd:b9:9b:f0:82:b9:a6:4d:ea:19:7a:70:45:05:b6:
d2:a6:22:82:96:2b:30:ad:f6:1f:28:90:62:c4:25:
52:4a:26:dc:da:d3:9f:94:de:c4:f4:db:02:8a:27:
0c:97:45:d7:ef:7c:5f:19:fa:4f:f2:41:cb:cf:18:
c1:f1:b8:66:dd:81:23:4f:b0:ac:7a:04:11:39:55:
63:e5:17:90:b1:7d:91:9a:76:88:11:9c:0e:09:dd:
21:bf:30:d8:1e:30:9b:f9:51:9d:ab:0e:3a:99:a2:
e6:ee:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
D1:3C:B5:F2:52:6A:AF:C3:03:D4:6C:B9:B3:51:86:8E:33:1A:F8:58
X509v3 Authority Key Identifier:
keyid:C5:F4:E5:28:DE:7F:E8:EC:9B:F3:20:26:22:52:51:23:28:74:5E:A4
DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-ANW-URB/name=VPN ANW-URB/emailAddress=argus@oopen.de
serial:DD:5F:A6:16:4B:9D:37:E9
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:chris
Signature Algorithm: sha256WithRSAEncryption
8e:bb:16:38:24:98:99:48:d3:f6:e2:7b:89:12:11:bd:68:ac:
42:b3:08:69:80:d6:af:45:c4:90:03:f8:39:d6:12:94:1c:13:
e4:98:ae:d8:09:1f:ff:d3:68:7d:fb:6b:9b:22:ca:37:c5:b4:
bb:10:a9:ff:b8:9a:fd:65:1b:d8:ce:35:ea:90:be:bf:60:fe:
f3:48:d0:64:7b:7d:e7:e3:97:61:b1:cd:a8:8e:94:e3:6a:8a:
20:0e:3d:91:b8:19:a6:c1:e7:6e:13:f7:4f:ec:cd:b1:6e:1a:
7d:eb:8b:e0:3e:e3:4a:91:08:42:89:cc:e6:06:e8:d2:3f:22:
93:5d:3b:b5:6e:9d:b6:39:35:d4:48:a9:d1:25:f4:17:d8:b7:
54:4e:9a:14:1b:6b:6b:2b:15:24:6c:b8:29:66:77:04:22:c6:
5d:50:87:b6:ff:f7:b0:cd:f7:05:6a:9f:e3:c7:23:03:d8:a6:
9a:83:d3:4d:9b:c5:80:5b:2d:96:8a:b1:b5:68:1f:2f:a7:65:
dc:ab:3a:18:cf:7b:e1:55:c4:f6:01:0d:df:41:c5:e5:c3:07:
0a:15:7e:0c:30:f1:8d:95:ff:a7:aa:9c:9d:27:1f:2a:3b:ee:
7f:9a:b1:51:74:35:e8:fe:df:af:d5:30:1a:cf:68:1e:1c:87:
02:15:73:0b:9d:44:2b:2b:36:c4:8a:b2:29:cb:ec:9c:c1:86:
bc:b8:db:70:9f:2b:9e:e4:4e:ca:83:43:42:1b:e3:cd:6d:aa:
be:c2:1f:79:12:99:34:9b:01:d0:d7:fb:73:46:f1:6d:cd:5b:
32:a5:4a:9a:e5:97:c4:92:8b:f6:fb:c5:7d:7b:ca:fe:b1:73:
70:27:05:c9:e0:2e:5b:c6:0c:b3:a2:08:30:20:5f:48:b0:82:
1a:35:b6:8f:ab:9f:26:7c:fc:89:71:59:ef:b9:06:10:49:33:
21:df:3d:9b:b2:a6:13:e1:0f:b2:aa:c4:18:ca:6f:a2:b8:cb:
56:ad:c1:4c:48:f1:84:81:10:a3:39:99:c7:66:8e:b9:18:55:
95:72:1d:90:74:b4:ad:94:b1:b9:09:0b:f8:33:25:a5:4c:3a:
66:cb:44:81:d3:91:dc:7d:de:b3:40:7b:01:14:f0:9a:29:4e:
a1:ef:f3:86:75:c8:58:8b:f2:7e:ac:23:95:d3:c2:a7:5c:0a:
f8:fd:43:f9:49:de:68:75:50:1a:20:9a:d4:ad:af:a3:92:50:
c0:e2:5a:6b:0e:2c:3f:fd:f5:08:47:a6:f4:c2:df:be:bf:f4:
ec:03:ef:cc:29:3d:10:66:08:77:66:a6:d8:57:be:bc:82:13:
57:95:3a:cc:c3:71:aa:6b
-----BEGIN CERTIFICATE-----
MIIHQDCCBSigAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1BTlct
VVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
b29wZW4uZGUwHhcNMTgwNzAxMTIxMzQ1WhcNMzgwNzAxMTIxMzQ1WjCBrDELMAkG
A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGjAYBgNVBAMT
EVZQTi1BTlctVVJCLWNocmlzMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqG
SIb3DQEJARYOYXJndXNAb29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
ggIKAoICAQCmaF8/xuke0DJtb9o+YbTcavESM+LsNxT4WNKymiE8Ai0ABVUxZq8E
52XYnYNcaiavt/3ijmdDxQBOuMqU87dEke37mEh6Rqi5V7fwJ5kXPHNlhxDGDuHW
dYXjD60IYrw1HYoI7QPYUUS0MsRX3oQtFknRmQZbHKQODToEMvsSE9ZiZGrioVxh
5X8bcB0kIhN7vxD8P6Z4dPHcA6LXKuBfzt//LXMt3RK65a5i01S1SFM57nBj/e6n
vhpBIbyEcap0FjXduNfI08QVuIxKkq1eHAOGTA5LbRixjYWSxO4B5AHIoBmQrbq8
aVzDVn0RgvUd3dQVuYPNDvneJOrrSEYuneD8yl998+luSvE9JvhltzxHHsyyNvTD
30B2WsNxRgIYrUxq6lPgoAzpwEy/NhmUAx3RfCAyZnsKOBAkGwhkYdisT5DByvru
IR8tXz2EoYEOZ0lbdulVTIGrH7isdJSXGQiOXbLZIhr3/eTcFv9gNqbI4PvpCwPG
UP8hg8O8aUiWcoxrEArLL3tpxlp5JlS4BSXJj725m/CCuaZN6hl6cEUFttKmIoKW
KzCt9h8okGLEJVJKJtza05+U3sT02wKKJwyXRdfvfF8Z+k/yQcvPGMHxuGbdgSNP
sKx6BBE5VWPlF5CxfZGadogRnA4J3SG/MNgeMJv5UZ2rDjqZoubuYQIDAQABo4IB
bzCCAWswCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2VuZXJh
dGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBTRPLXyUmqvwwPUbLmzUYaOMxr4WDCB
2wYDVR0jBIHTMIHQgBTF9OUo3n/o7JvzICYiUlEjKHRepKGBrKSBqTCBpjELMAkG
A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMT
C1ZQTi1BTlctVVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJ
ARYOYXJndXNAb29wZW4uZGWCCQDdX6YWS5036TATBgNVHSUEDDAKBggrBgEFBQcD
AjALBgNVHQ8EBAMCB4AwEAYDVR0RBAkwB4IFY2hyaXMwDQYJKoZIhvcNAQELBQAD
ggIBAI67FjgkmJlI0/bie4kSEb1orEKzCGmA1q9FxJAD+DnWEpQcE+SYrtgJH//T
aH37a5siyjfFtLsQqf+4mv1lG9jONeqQvr9g/vNI0GR7fefjl2GxzaiOlONqiiAO
PZG4GabB524T90/szbFuGn3ri+A+40qRCEKJzOYG6NI/IpNdO7VunbY5NdRIqdEl
9BfYt1ROmhQba2srFSRsuClmdwQixl1Qh7b/97DN9wVqn+PHIwPYppqD002bxYBb
LZaKsbVoHy+nZdyrOhjPe+FVxPYBDd9BxeXDBwoVfgww8Y2V/6eqnJ0nHyo77n+a
sVF0Nej+36/VMBrPaB4chwIVcwudRCsrNsSKsinL7JzBhry423CfK57kTsqDQ0Ib
481tqr7CH3kSmTSbAdDX+3NG8W3NWzKlSprll8SSi/b7xX17yv6xc3AnBcngLlvG
DLOiCDAgX0iwgho1to+rnyZ8/IlxWe+5BhBJMyHfPZuyphPhD7KqxBjKb6K4y1at
wUxI8YSBEKM5mcdmjrkYVZVyHZB0tK2UsbkJC/gzJaVMOmbLRIHTkdx93rNAewEU
8JopTqHv84Z1yFiL8n6sI5XTwqdcCvj9Q/lJ3mh1UBogmtStr6OSUMDiWmsOLD/9
9QhHpvTC376/9OwD78wpPRBmCHdmpthXvryCE1eVOszDcapr
-----END CERTIFICATE-----

139
ANW-URB/openvpn/anwaeltinnen/keys/03.pem Normal file
View File

@ -0,0 +1,139 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3 (0x3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-ANW-URB/name=VPN ANW-URB/emailAddress=argus@oopen.de
Validity
Not Before: Jul 1 12:18:17 2018 GMT
Not After : Jul 1 12:18:17 2038 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-ANW-URB-undine/name=VPN ANW-URB/emailAddress=argus@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:d7:e8:b3:67:8c:3f:70:c2:88:4e:cb:11:6c:c3:
35:77:f3:ce:5b:71:ef:64:df:4c:fe:d6:2e:25:7d:
52:d1:f5:0f:17:73:4b:f6:ef:d6:65:e7:a1:d8:7e:
43:36:fd:f6:06:74:db:14:52:4f:d6:4c:be:c0:f0:
6d:bc:38:b1:0e:f3:a4:49:83:d3:50:a7:69:d2:5c:
2c:16:db:ad:cc:c7:f3:9c:d5:90:91:c7:ad:69:db:
3e:2e:bb:9a:82:67:7f:4d:f4:c9:88:08:a0:42:8a:
3d:4b:b0:a9:88:cc:02:b6:0e:24:0c:6a:64:a5:b4:
d9:c7:bd:03:10:a5:3a:fd:17:e1:32:82:f1:fb:cc:
67:4b:48:5b:41:af:01:b5:58:fb:31:22:15:84:2f:
e4:5b:05:7a:f9:1b:8d:d9:73:18:ed:2d:41:07:1d:
12:d4:14:25:92:9b:8f:48:39:0c:4c:43:54:aa:20:
da:f5:36:4a:d7:ce:a4:5a:68:03:f2:a8:f6:ad:70:
f1:34:03:ec:36:74:e9:76:2f:56:d7:37:02:a1:00:
3b:90:69:3d:a6:09:1c:95:ed:a3:a3:02:04:fb:8c:
e7:b3:db:9f:ff:a8:10:8c:a1:f0:29:54:fd:3d:35:
21:4d:85:c2:41:cb:e8:07:d2:ce:d2:59:f8:0b:77:
a1:f9:47:7c:37:bd:04:a4:be:2a:97:2b:c9:e0:12:
79:7c:89:be:84:f0:ab:43:b2:f0:c3:57:a4:b9:6e:
ae:85:7f:3d:41:20:82:d0:d5:d6:b1:27:07:86:28:
a6:1f:d8:31:c3:59:46:1d:c2:5e:93:ad:1d:2f:bb:
2e:11:a2:bb:59:45:75:b9:b7:df:0a:21:d2:f4:82:
8a:77:6d:17:9a:98:d7:89:0a:69:c7:f6:2b:ec:c9:
d5:c9:33:18:bf:38:58:b4:f8:c6:00:57:65:6f:f0:
a1:e5:35:bc:f0:10:81:bd:73:4c:78:48:3f:71:eb:
96:62:e3:03:44:a2:19:41:7e:90:fc:b2:a0:72:b8:
28:6a:83:66:bb:48:75:d8:56:d1:f3:c7:01:a2:b7:
55:e6:b9:76:a9:3d:6a:bd:ec:d3:2c:e0:bd:cf:07:
de:02:6d:f2:3c:41:60:21:f2:2d:b4:85:5b:11:a2:
cb:72:b4:c1:80:3b:46:f0:81:92:c4:42:6f:0b:85:
c4:e6:57:82:fa:ac:0a:8d:de:0e:e5:ae:17:e4:f6:
d4:60:68:b4:59:b4:ad:8d:00:d2:34:80:7d:aa:33:
96:53:bf:fb:54:42:2b:50:63:af:b2:e2:f8:ba:7a:
12:18:b9:d5:81:4b:67:b6:d2:c4:dc:8a:9c:ee:1e:
e6:3c:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
DB:7A:22:8D:C1:62:E0:D2:E4:FE:5F:7D:E0:4E:B5:39:DB:9F:98:E9
X509v3 Authority Key Identifier:
keyid:C5:F4:E5:28:DE:7F:E8:EC:9B:F3:20:26:22:52:51:23:28:74:5E:A4
DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-ANW-URB/name=VPN ANW-URB/emailAddress=argus@oopen.de
serial:DD:5F:A6:16:4B:9D:37:E9
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:undine
Signature Algorithm: sha256WithRSAEncryption
38:9f:46:d6:9f:8d:19:bd:a6:76:49:58:da:96:bf:32:61:ec:
1c:06:2d:c0:56:15:38:c4:f9:1e:c7:16:ca:68:a7:5f:c1:8b:
86:7b:9c:03:e6:47:2c:b6:ac:9e:0c:87:50:b9:f4:4d:9b:74:
1c:bc:d3:6d:c9:94:d9:2c:2a:17:36:0b:39:77:c1:6d:3d:25:
22:fa:cf:2e:b1:30:11:a1:6a:6a:25:af:b8:31:13:f9:32:c1:
51:48:97:ac:8c:2e:8d:44:a5:16:ff:5b:a9:df:ae:fe:5e:0b:
8a:6f:89:b7:3e:7f:cb:ae:5a:98:1c:e5:00:72:d6:ff:15:c5:
7d:3a:bc:ca:b1:e4:0f:f3:1b:f1:b8:22:c9:db:3b:13:fd:75:
3f:03:84:83:a2:65:4f:e6:7b:ba:2f:26:e1:b2:7e:69:55:90:
e2:66:2a:12:1c:05:42:58:29:bb:e3:e0:1c:6e:3e:9a:bc:39:
3f:d6:fd:e7:55:fb:7f:67:de:99:4d:26:43:39:39:24:b5:da:
14:e9:c0:df:1c:7b:93:55:07:14:d4:db:de:ef:90:59:79:95:
c5:07:72:d4:ca:23:5a:dd:6e:9e:6b:47:4f:01:20:69:d2:fa:
76:af:83:47:3a:32:ed:00:04:e9:ea:cd:55:7a:4e:c6:5f:b4:
11:aa:49:c9:d5:b3:db:7d:8e:9b:e6:1f:ad:6b:c1:4b:47:08:
3a:55:6e:74:a9:42:8b:f1:02:1c:96:c2:c6:73:d7:45:85:40:
46:08:05:bc:9b:19:14:2e:8d:29:0c:b2:24:a2:ca:62:12:58:
6d:7e:1f:b8:fe:c2:5c:27:b7:cb:46:a9:07:c6:c0:ef:7a:e9:
59:c0:c8:e0:08:2b:f5:59:dd:b5:88:df:e1:52:d6:bd:05:d5:
d4:f0:5c:2d:8d:1d:f7:44:1d:8f:7a:d8:ea:72:b1:48:10:d8:
63:1a:b2:55:18:18:c2:0f:da:2c:35:36:cc:70:cb:7e:31:67:
a5:d2:6a:e0:85:72:e0:14:2b:50:fa:52:85:58:7c:e0:c2:31:
b7:a7:df:25:8b:55:4f:b6:48:f2:66:66:0d:11:50:d8:4d:86:
00:e0:ec:3e:ec:39:0f:16:70:76:c2:86:69:e8:34:26:ba:d5:
fc:af:6b:fa:e1:e1:29:61:11:ab:9f:e1:e1:0e:dc:ef:58:31:
58:00:5b:93:53:bf:b1:60:d0:b0:3d:53:e8:be:fd:8b:50:f5:
61:dc:99:4f:17:6a:5d:32:62:0c:ab:22:77:94:ad:f6:4c:51:
a0:03:d7:03:fe:ce:85:bf:eb:0c:24:5c:1d:1f:28:10:9f:bc:
13:86:b4:c4:9d:12:54:2c
-----BEGIN CERTIFICATE-----
MIIHQjCCBSqgAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1BTlct
VVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
b29wZW4uZGUwHhcNMTgwNzAxMTIxODE3WhcNMzgwNzAxMTIxODE3WjCBrTELMAkG
A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGzAZBgNVBAMT
ElZQTi1BTlctVVJCLXVuZGluZTEUMBIGA1UEKRMLVlBOIEFOVy1VUkIxHTAbBgkq
hkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
MIICCgKCAgEA1+izZ4w/cMKITssRbMM1d/POW3HvZN9M/tYuJX1S0fUPF3NL9u/W
Zeeh2H5DNv32BnTbFFJP1ky+wPBtvDixDvOkSYPTUKdp0lwsFtutzMfznNWQkcet
ads+Lruagmd/TfTJiAigQoo9S7CpiMwCtg4kDGpkpbTZx70DEKU6/RfhMoLx+8xn
S0hbQa8BtVj7MSIVhC/kWwV6+RuN2XMY7S1BBx0S1BQlkpuPSDkMTENUqiDa9TZK
186kWmgD8qj2rXDxNAPsNnTpdi9W1zcCoQA7kGk9pgkcle2jowIE+4zns9uf/6gQ
jKHwKVT9PTUhTYXCQcvoB9LO0ln4C3eh+Ud8N70EpL4qlyvJ4BJ5fIm+hPCrQ7Lw
w1ekuW6uhX89QSCC0NXWsScHhiimH9gxw1lGHcJek60dL7suEaK7WUV1ubffCiHS
9IKKd20XmpjXiQppx/Yr7MnVyTMYvzhYtPjGAFdlb/Ch5TW88BCBvXNMeEg/ceuW
YuMDRKIZQX6Q/LKgcrgoaoNmu0h12FbR88cBordV5rl2qT1qvezTLOC9zwfeAm3y
PEFgIfIttIVbEaLLcrTBgDtG8IGSxEJvC4XE5leC+qwKjd4O5a4X5PbUYGi0WbSt
jQDSNIB9qjOWU7/7VEIrUGOvsuL4unoSGLnVgUtnttLE3Iqc7h7mPFsCAwEAAaOC
AXAwggFsMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVy
YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU23oijcFi4NLk/l994E61OdufmOkw
gdsGA1UdIwSB0zCB0IAUxfTlKN5/6Oyb8yAmIlJRIyh0XqShgaykgakwgaYxCzAJ
BgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0G
A1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRQwEgYDVQQD
EwtWUE4tQU5XLVVSQjEUMBIGA1UEKRMLVlBOIEFOVy1VUkIxHTAbBgkqhkiG9w0B
CQEWDmFyZ3VzQG9vcGVuLmRlggkA3V+mFkudN+kwEwYDVR0lBAwwCgYIKwYBBQUH
AwIwCwYDVR0PBAQDAgeAMBEGA1UdEQQKMAiCBnVuZGluZTANBgkqhkiG9w0BAQsF
AAOCAgEAOJ9G1p+NGb2mdklY2pa/MmHsHAYtwFYVOMT5HscWyminX8GLhnucA+ZH
LLasngyHULn0TZt0HLzTbcmU2SwqFzYLOXfBbT0lIvrPLrEwEaFqaiWvuDET+TLB
UUiXrIwujUSlFv9bqd+u/l4Lim+Jtz5/y65amBzlAHLW/xXFfTq8yrHkD/Mb8bgi
yds7E/11PwOEg6JlT+Z7ui8m4bJ+aVWQ4mYqEhwFQlgpu+PgHG4+mrw5P9b951X7
f2femU0mQzk5JLXaFOnA3xx7k1UHFNTb3u+QWXmVxQdy1MojWt1unmtHTwEgadL6
dq+DRzoy7QAE6erNVXpOxl+0EapJydWz232Om+YfrWvBS0cIOlVudKlCi/ECHJbC
xnPXRYVARggFvJsZFC6NKQyyJKLKYhJYbX4fuP7CXCe3y0apB8bA73rpWcDI4Agr
9VndtYjf4VLWvQXV1PBcLY0d90Qdj3rY6nKxSBDYYxqyVRgYwg/aLDU2zHDLfjFn
pdJq4IVy4BQrUPpShVh84MIxt6ffJYtVT7ZI8mZmDRFQ2E2GAODsPuw5DxZwdsKG
aeg0JrrV/K9r+uHhKWERq5/h4Q7c71gxWABbk1O/sWDQsD1T6L79i1D1YdyZTxdq
XTJiDKsid5St9kxRoAPXA/7Ohb/rDCRcHR8oEJ+8E4a0xJ0SVCw=
-----END CERTIFICATE-----

39
ANW-URB/openvpn/anwaeltinnen/keys/ca.crt Normal file
View File

@ -0,0 +1,39 @@
-----BEGIN CERTIFICATE-----
MIIG5DCCBMygAwIBAgIJAN1fphZLnTfpMA0GCSqGSIb3DQEBCwUAMIGmMQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEUMBIGA1UEAxML
VlBOLUFOVy1VUkIxFDASBgNVBCkTC1ZQTiBBTlctVVJCMR0wGwYJKoZIhvcNAQkB
Fg5hcmd1c0Bvb3Blbi5kZTAgFw0xODA3MDExMTM2NTVaGA8yMDUwMDcwMTExMzY1
NVowgaYxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJl
cmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2Vz
MRQwEgYDVQQDEwtWUE4tQU5XLVVSQjEUMBIGA1UEKRMLVlBOIEFOVy1VUkIxHTAb
BgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOC
Ag8AMIICCgKCAgEA0Eg3kuQNQbERkNaYwBm4/Q1FAnFg5p9kPFDoYrx+/Sm1XCAp
dO4Ufs0ZqyGFhUMtKU2nNeKy21lPMR3sRIADlqX767FmNahMHsG6iJ87y2cEZKTD
CWK15jNEwP54DzxTqSEO3VnmMnZqOrahPTyAsrT/HGnaair40FG3JKj1VzbERuaD
u9OGKzGLFfZLTisGURAiU0yWKt9t6EbunXVheMmCv1n0ReKWF8W4lzPl7XNZnrN+
uVr6PFYwgwWW9iyJF5gwBuWnk6gCMZ4dk7NJGX00rPn9tL9gj4OpSq4ab9B9iUTM
9qtJRw859i8255TzyjGLrFxjdSVcr6jkKZXBqfPCc52PFsdtdi0Z3TaixY6q33NH
QPjLwacFHqKqjmURYmEJ6SCQh+gy88ns+q1F6iGW/RJcYAr5aSfHCujvcqzWx7kQ
Cm+M0e2or52GF7rni2RxuwN5VB+Rg8odDblXFJz8+Re2ogIjVJH3+SGO5THmWb2U
vcQfZG8HS9qo/M7AfFAX8rJ9SGUE8IXd+ToLChNQQ+ve0BtELVxepb9Sa+qNrd1y
KMgfexkCaI0FE8nrXyW/RcDuvczQu3Z4gUyimbGGR7OjCh0sbW/YKu/3Fa9TM5zB
Y4ftr7hy3ZnHbJN+19n2UHfmtTr+ZgeAs7JwMynInof8BHhGv+kUum3crJsCAwEA
AaOCAQ8wggELMB0GA1UdDgQWBBTF9OUo3n/o7JvzICYiUlEjKHRepDCB2wYDVR0j
BIHTMIHQgBTF9OUo3n/o7JvzICYiUlEjKHRepKGBrKSBqTCBpjELMAkGA1UEBhMC
REUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZv
Lm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1B
TlctVVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJn
dXNAb29wZW4uZGWCCQDdX6YWS5036TAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEB
CwUAA4ICAQCsVsSGmADWXv/lcH9sG+dIfQzq1b+gwlbdFPUX2Cc8zOnKwwKlG31k
dupsmTz6e7kXNMbcaWkZmhC20SxnuVzuT0BxoCAplTZ64FxK+Z3ezjIj0UxEVS83
m9uDUJ8Cqdcb/0sv05pPqvw3NL+VvNElyZKYsE8YqzlxNcM0GYpFlbO4mH9g1Oc/
FChyxW0j1tdo/DDUypxOJni/nFETudequpeEAFI5rhOTu34uG2KZCXvKrPwO/NG9
EmgTZJhEA2QLKBfBwfiWFIlFc1EOx9ZyjmIxt/iA2nQAB6nN7mp/RxuzHuLfqJcN
+4LpD/gl2vdmgTSgSWPsFthRZALW7U4pJew4vJeQZjhn/0KjSPCCkoLaAIW/xQrs
4HgieQxO56ejaUzU+FdzU4MgWpZrl7i0OiZ6KiSH56PlutZhLyQha/P03IeXpSDs
WdRVE6iQ24CLjIJ+B3C/T/YtAGEnm5L+Rw5bVcL4cIjkoQx0tVHE1OOcquYY78aA
o1/oMkW/HRx7rGfbxykcnVOYyEegklSu4uSBIw2qrlA1Ug3wWpK+226+s2Rprpbs
Y44VQIZ0c2ZFG2nrddoG1N+Uzse/577orfsXeMyEbShgnao4If13DKqPCNfayxmp
4phyU0hy3UUIEc92FBH/GlOBbbxAozfH39GICmeFO6xTJDajKG0OTA==
-----END CERTIFICATE-----

52
ANW-URB/openvpn/anwaeltinnen/keys/ca.key Normal file
View File

@ -0,0 +1,52 @@
-----BEGIN PRIVATE KEY-----
MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDQSDeS5A1BsRGQ
1pjAGbj9DUUCcWDmn2Q8UOhivH79KbVcICl07hR+zRmrIYWFQy0pTac14rLbWU8x
HexEgAOWpfvrsWY1qEwewbqInzvLZwRkpMMJYrXmM0TA/ngPPFOpIQ7dWeYydmo6
tqE9PICytP8cadpqKvjQUbckqPVXNsRG5oO704YrMYsV9ktOKwZRECJTTJYq323o
Ru6ddWF4yYK/WfRF4pYXxbiXM+Xtc1mes365Wvo8VjCDBZb2LIkXmDAG5aeTqAIx
nh2Ts0kZfTSs+f20v2CPg6lKrhpv0H2JRMz2q0lHDzn2LzbnlPPKMYusXGN1JVyv
qOQplcGp88JznY8Wx212LRndNqLFjqrfc0dA+MvBpwUeoqqOZRFiYQnpIJCH6DLz
yez6rUXqIZb9ElxgCvlpJ8cK6O9yrNbHuRAKb4zR7aivnYYXuueLZHG7A3lUH5GD
yh0NuVcUnPz5F7aiAiNUkff5IY7lMeZZvZS9xB9kbwdL2qj8zsB8UBfysn1IZQTw
hd35OgsKE1BD697QG0QtXF6lv1Jr6o2t3XIoyB97GQJojQUTyetfJb9FwO69zNC7
dniBTKKZsYZHs6MKHSxtb9gq7/cVr1MznMFjh+2vuHLdmcdsk37X2fZQd+a1Ov5m
B4CzsnAzKcieh/wEeEa/6RS6bdysmwIDAQABAoICAQCONbDUN6ehgc/Xj95t02JO
TWAgAd/Ct3POBwQUXlVqb67nvwHvV5tg1JNBGDs9ORe9yspvbWDnibwbci3eu3U3
yA8Q52g9HLMUkPvWyrod8DG8sg6E+wPtsHWyPE0nQe5xXSP0GKynKdjwS8AdupC4
9AH3mYLK2JpYSmL8wev552fubPfnJ87E8SfhD/Bs582BTb3SGEmz7ifx33SOyBWM
TjJaioXRrZsDkjmt636DOS4owK+2yRpwVfz7iLaBUPktxfiMzQM1OxJ8ZFQXg+NW
ZvmvXWVPoxfABYpydhuQ2s7MCdDUXzFCNnBB2gzn4/jsxhVy0wYJd0Aoo+1dQ2Yd
c+dYHEWjPM2k88ptNLJbEOjjoRwup8GhGe/8ERiUmEVcN9ugS+2mwpN6g2GV6wxl
WTaRRUh/Pa0tTHux4w6oqffnyZwGAjwaa0coACbu9JQ1r2Oi8jFUBHPCCtQrY0uU
+F4mMACN8sndfeV+kTpaA1d8EkY8cRJbOVAIzBwcasenPzck1tZYE2nxZPXiQqBo
oeOPM3RkCAi/BqvFMtIk2WJdoVS1pVLdRAWuXwEv4Y9XTvEq1T7MxTJJlWm2pi7n
h/vGSEutGaPXalId7bH41D7bYzr5etuMJEaL+PoFl87EMJAS6+rPEtUiKdpILXPV
AcxzmAjtup9i7QjMMiw3YQKCAQEA7N4fLi3nJ1vD+TGrzexU/jNP8mc/4Wf1YyRt
tMIm+amHp74TGZFXXkilSD+v0Yopah+FCME7leSPNMZPTPlIveRqYxVciM6hxbJr
k2+WBSi5rF32M4+/zrj1dYSneMB/yVdICK/i2pJdXuiWsblFdhYlkGH+n36VOUV+
wLl7nZJ9Rejgeta+WuAEE+bmh/mIlCfRFuUIN0zZn5gx3ddjP0ZTpodzL9J7wtiF
5wicqx9y9RWWYQUHSMo6r0qeW20DjX12Bx7zgPWhCveugqq6PzxeADitqjaiWrAj
ZZwq2R12Bzf91/lIA4DgVYce1TV1+y4+whcv3spkrV/uH7dRqwKCAQEA4RsC9rfk
M7xlhtZU9vUtmoTpEQeMrgGjCq2Yq+3OcfTgJWhq5EarlIPXkoZdWdLaJiQU7rxN
6rWrmtvOmsND4t8/CMHsQ9uwFo+bCDBcCKvOgBnASDUbhdGFoBhH6TAWT8gvuNKv
dbGtUDtZIVp/8YlwD2mkTFJt5ZG7dO3wll4XzpXd4xM9X4fmITMNIb1Rra42RkWm
kZKhZ292++MULrlz+PHGZcCZcIVUE2dkeJq6YBCUWg0LzKvHopATmylYVjwllY1J
F0qauRITIFVgU/6xlGtkRIQ585F3uN5s6tGJpUVgfKQ7RK6QKjHRvNqceJ6QvhH4
jxcHFHBCLpkA0QKCAQB8B8+R8c1hiaazvPO2j3Lt7NaHGtOTZ0lSEcg0Z5nbD4+O
IXSE5ds27plFnLum4E7RWBHkRLK7yYPHYbQynTIe5RVkLtJWfMSu7b9w43RN3UZk
YItD8pjAWY+GauD61OnU9xQsIFWMmCm2Qdpu05HwxKYE1Ztrzu+6no5Bwp5dI1Df
o5KwH/RrR3Q7K6Q5PUvsMHFHKMTFmEM4U4yBGoDIqD2zLKf/OZs+qvxqvtKytHQQ
q64jvWtUDTjvgwYq34mFtFVyYx2kwHoEcS97EoUWCbk7KnKdd6BKFoNieITjTY75
NrOAPPMdioVto6RchnLyBQQtw9B4O8i+FEZvayGjAoIBADkH+uw/EtX4uVA8JTKc
U31+hv4Fh6LeT0x5RuDoUxGUFOXlWo+TSA1MieVZnXUQcqyPH66MjsEUXfHSFron
Fp/4J6Q0XYOjuS0+HO0qM2cPADZ8T7b7nYl91/kDrdRqlnyIH28YEdQju+FD6AUH
RLsRMw70mOetSqKLFY8+aWHvXOC+H4VUbowxhiCLKpyNto/mP2H2a4keOT5XgzG2
Cnr8CWHc/4LwFO/pF7AC1fWoXefQy4U1IPQt4VpSXmVFSFgwzOTi8s2v3RtedPIQ
L2OYd60+uByT04reJBL2Z2nmxJTWyudJRKrV/zhxfs32JQZ6Rfmh2/OExgprlpjv
ssECggEBALQDTtW6rlIKde6C/STWWyOBqY7bw7z6ECdvqC5ZzSIfs7eBxUhL7ahe
G/U0P5Jcw/sUo3xB2QnmCpSVYeiShpaPu6XC4JaxImF0GCGAtDitfCT7aKeYX16g
uQ2AQn/cXb9sI5c+tG4ollurrigPoJCZSAZu23hNURofb/AalYUZMvtg+udi7x6d
bQ2DT1Zy0B5X+cJm0/hTpkLa7NIyAkhAhMgvzdXq5WscX+y7MQFekWaXdJO4Fieh
WJLOyxmwKiW9NnE9J7KAq/YDzrbhIu/mfeDlQk9Cm8jZEvQul6ND/fby8kRMxAPq
9HcXkHjCoQ8f2pZaZZ36Q0XYt4gLoV4=
-----END PRIVATE KEY-----

139
ANW-URB/openvpn/anwaeltinnen/keys/chris.crt Normal file
View File

@ -0,0 +1,139 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-ANW-URB/name=VPN ANW-URB/emailAddress=argus@oopen.de
Validity
Not Before: Jul 1 12:13:45 2018 GMT
Not After : Jul 1 12:13:45 2038 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-ANW-URB-chris/name=VPN ANW-URB/emailAddress=argus@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:a6:68:5f:3f:c6:e9:1e:d0:32:6d:6f:da:3e:61:
b4:dc:6a:f1:12:33:e2:ec:37:14:f8:58:d2:b2:9a:
21:3c:02:2d:00:05:55:31:66:af:04:e7:65:d8:9d:
83:5c:6a:26:af:b7:fd:e2:8e:67:43:c5:00:4e:b8:
ca:94:f3:b7:44:91:ed:fb:98:48:7a:46:a8:b9:57:
b7:f0:27:99:17:3c:73:65:87:10:c6:0e:e1:d6:75:
85:e3:0f:ad:08:62:bc:35:1d:8a:08:ed:03:d8:51:
44:b4:32:c4:57:de:84:2d:16:49:d1:99:06:5b:1c:
a4:0e:0d:3a:04:32:fb:12:13:d6:62:64:6a:e2:a1:
5c:61:e5:7f:1b:70:1d:24:22:13:7b:bf:10:fc:3f:
a6:78:74:f1:dc:03:a2:d7:2a:e0:5f:ce:df:ff:2d:
73:2d:dd:12:ba:e5:ae:62:d3:54:b5:48:53:39:ee:
70:63:fd:ee:a7:be:1a:41:21:bc:84:71:aa:74:16:
35:dd:b8:d7:c8:d3:c4:15:b8:8c:4a:92:ad:5e:1c:
03:86:4c:0e:4b:6d:18:b1:8d:85:92:c4:ee:01:e4:
01:c8:a0:19:90:ad:ba:bc:69:5c:c3:56:7d:11:82:
f5:1d:dd:d4:15:b9:83:cd:0e:f9:de:24:ea:eb:48:
46:2e:9d:e0:fc:ca:5f:7d:f3:e9:6e:4a:f1:3d:26:
f8:65:b7:3c:47:1e:cc:b2:36:f4:c3:df:40:76:5a:
c3:71:46:02:18:ad:4c:6a:ea:53:e0:a0:0c:e9:c0:
4c:bf:36:19:94:03:1d:d1:7c:20:32:66:7b:0a:38:
10:24:1b:08:64:61:d8:ac:4f:90:c1:ca:fa:ee:21:
1f:2d:5f:3d:84:a1:81:0e:67:49:5b:76:e9:55:4c:
81:ab:1f:b8:ac:74:94:97:19:08:8e:5d:b2:d9:22:
1a:f7:fd:e4:dc:16:ff:60:36:a6:c8:e0:fb:e9:0b:
03:c6:50:ff:21:83:c3:bc:69:48:96:72:8c:6b:10:
0a:cb:2f:7b:69:c6:5a:79:26:54:b8:05:25:c9:8f:
bd:b9:9b:f0:82:b9:a6:4d:ea:19:7a:70:45:05:b6:
d2:a6:22:82:96:2b:30:ad:f6:1f:28:90:62:c4:25:
52:4a:26:dc:da:d3:9f:94:de:c4:f4:db:02:8a:27:
0c:97:45:d7:ef:7c:5f:19:fa:4f:f2:41:cb:cf:18:
c1:f1:b8:66:dd:81:23:4f:b0:ac:7a:04:11:39:55:
63:e5:17:90:b1:7d:91:9a:76:88:11:9c:0e:09:dd:
21:bf:30:d8:1e:30:9b:f9:51:9d:ab:0e:3a:99:a2:
e6:ee:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
D1:3C:B5:F2:52:6A:AF:C3:03:D4:6C:B9:B3:51:86:8E:33:1A:F8:58
X509v3 Authority Key Identifier:
keyid:C5:F4:E5:28:DE:7F:E8:EC:9B:F3:20:26:22:52:51:23:28:74:5E:A4
DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-ANW-URB/name=VPN ANW-URB/emailAddress=argus@oopen.de
serial:DD:5F:A6:16:4B:9D:37:E9
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:chris
Signature Algorithm: sha256WithRSAEncryption
8e:bb:16:38:24:98:99:48:d3:f6:e2:7b:89:12:11:bd:68:ac:
42:b3:08:69:80:d6:af:45:c4:90:03:f8:39:d6:12:94:1c:13:
e4:98:ae:d8:09:1f:ff:d3:68:7d:fb:6b:9b:22:ca:37:c5:b4:
bb:10:a9:ff:b8:9a:fd:65:1b:d8:ce:35:ea:90:be:bf:60:fe:
f3:48:d0:64:7b:7d:e7:e3:97:61:b1:cd:a8:8e:94:e3:6a:8a:
20:0e:3d:91:b8:19:a6:c1:e7:6e:13:f7:4f:ec:cd:b1:6e:1a:
7d:eb:8b:e0:3e:e3:4a:91:08:42:89:cc:e6:06:e8:d2:3f:22:
93:5d:3b:b5:6e:9d:b6:39:35:d4:48:a9:d1:25:f4:17:d8:b7:
54:4e:9a:14:1b:6b:6b:2b:15:24:6c:b8:29:66:77:04:22:c6:
5d:50:87:b6:ff:f7:b0:cd:f7:05:6a:9f:e3:c7:23:03:d8:a6:
9a:83:d3:4d:9b:c5:80:5b:2d:96:8a:b1:b5:68:1f:2f:a7:65:
dc:ab:3a:18:cf:7b:e1:55:c4:f6:01:0d:df:41:c5:e5:c3:07:
0a:15:7e:0c:30:f1:8d:95:ff:a7:aa:9c:9d:27:1f:2a:3b:ee:
7f:9a:b1:51:74:35:e8:fe:df:af:d5:30:1a:cf:68:1e:1c:87:
02:15:73:0b:9d:44:2b:2b:36:c4:8a:b2:29:cb:ec:9c:c1:86:
bc:b8:db:70:9f:2b:9e:e4:4e:ca:83:43:42:1b:e3:cd:6d:aa:
be:c2:1f:79:12:99:34:9b:01:d0:d7:fb:73:46:f1:6d:cd:5b:
32:a5:4a:9a:e5:97:c4:92:8b:f6:fb:c5:7d:7b:ca:fe:b1:73:
70:27:05:c9:e0:2e:5b:c6:0c:b3:a2:08:30:20:5f:48:b0:82:
1a:35:b6:8f:ab:9f:26:7c:fc:89:71:59:ef:b9:06:10:49:33:
21:df:3d:9b:b2:a6:13:e1:0f:b2:aa:c4:18:ca:6f:a2:b8:cb:
56:ad:c1:4c:48:f1:84:81:10:a3:39:99:c7:66:8e:b9:18:55:
95:72:1d:90:74:b4:ad:94:b1:b9:09:0b:f8:33:25:a5:4c:3a:
66:cb:44:81:d3:91:dc:7d:de:b3:40:7b:01:14:f0:9a:29:4e:
a1:ef:f3:86:75:c8:58:8b:f2:7e:ac:23:95:d3:c2:a7:5c:0a:
f8:fd:43:f9:49:de:68:75:50:1a:20:9a:d4:ad:af:a3:92:50:
c0:e2:5a:6b:0e:2c:3f:fd:f5:08:47:a6:f4:c2:df:be:bf:f4:
ec:03:ef:cc:29:3d:10:66:08:77:66:a6:d8:57:be:bc:82:13:
57:95:3a:cc:c3:71:aa:6b
-----BEGIN CERTIFICATE-----
MIIHQDCCBSigAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1BTlct
VVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
b29wZW4uZGUwHhcNMTgwNzAxMTIxMzQ1WhcNMzgwNzAxMTIxMzQ1WjCBrDELMAkG
A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGjAYBgNVBAMT
EVZQTi1BTlctVVJCLWNocmlzMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqG
SIb3DQEJARYOYXJndXNAb29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
ggIKAoICAQCmaF8/xuke0DJtb9o+YbTcavESM+LsNxT4WNKymiE8Ai0ABVUxZq8E
52XYnYNcaiavt/3ijmdDxQBOuMqU87dEke37mEh6Rqi5V7fwJ5kXPHNlhxDGDuHW
dYXjD60IYrw1HYoI7QPYUUS0MsRX3oQtFknRmQZbHKQODToEMvsSE9ZiZGrioVxh
5X8bcB0kIhN7vxD8P6Z4dPHcA6LXKuBfzt//LXMt3RK65a5i01S1SFM57nBj/e6n
vhpBIbyEcap0FjXduNfI08QVuIxKkq1eHAOGTA5LbRixjYWSxO4B5AHIoBmQrbq8
aVzDVn0RgvUd3dQVuYPNDvneJOrrSEYuneD8yl998+luSvE9JvhltzxHHsyyNvTD
30B2WsNxRgIYrUxq6lPgoAzpwEy/NhmUAx3RfCAyZnsKOBAkGwhkYdisT5DByvru
IR8tXz2EoYEOZ0lbdulVTIGrH7isdJSXGQiOXbLZIhr3/eTcFv9gNqbI4PvpCwPG
UP8hg8O8aUiWcoxrEArLL3tpxlp5JlS4BSXJj725m/CCuaZN6hl6cEUFttKmIoKW
KzCt9h8okGLEJVJKJtza05+U3sT02wKKJwyXRdfvfF8Z+k/yQcvPGMHxuGbdgSNP
sKx6BBE5VWPlF5CxfZGadogRnA4J3SG/MNgeMJv5UZ2rDjqZoubuYQIDAQABo4IB
bzCCAWswCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2VuZXJh
dGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBTRPLXyUmqvwwPUbLmzUYaOMxr4WDCB
2wYDVR0jBIHTMIHQgBTF9OUo3n/o7JvzICYiUlEjKHRepKGBrKSBqTCBpjELMAkG
A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMT
C1ZQTi1BTlctVVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJ
ARYOYXJndXNAb29wZW4uZGWCCQDdX6YWS5036TATBgNVHSUEDDAKBggrBgEFBQcD
AjALBgNVHQ8EBAMCB4AwEAYDVR0RBAkwB4IFY2hyaXMwDQYJKoZIhvcNAQELBQAD
ggIBAI67FjgkmJlI0/bie4kSEb1orEKzCGmA1q9FxJAD+DnWEpQcE+SYrtgJH//T
aH37a5siyjfFtLsQqf+4mv1lG9jONeqQvr9g/vNI0GR7fefjl2GxzaiOlONqiiAO
PZG4GabB524T90/szbFuGn3ri+A+40qRCEKJzOYG6NI/IpNdO7VunbY5NdRIqdEl
9BfYt1ROmhQba2srFSRsuClmdwQixl1Qh7b/97DN9wVqn+PHIwPYppqD002bxYBb
LZaKsbVoHy+nZdyrOhjPe+FVxPYBDd9BxeXDBwoVfgww8Y2V/6eqnJ0nHyo77n+a
sVF0Nej+36/VMBrPaB4chwIVcwudRCsrNsSKsinL7JzBhry423CfK57kTsqDQ0Ib
481tqr7CH3kSmTSbAdDX+3NG8W3NWzKlSprll8SSi/b7xX17yv6xc3AnBcngLlvG
DLOiCDAgX0iwgho1to+rnyZ8/IlxWe+5BhBJMyHfPZuyphPhD7KqxBjKb6K4y1at
wUxI8YSBEKM5mcdmjrkYVZVyHZB0tK2UsbkJC/gzJaVMOmbLRIHTkdx93rNAewEU
8JopTqHv84Z1yFiL8n6sI5XTwqdcCvj9Q/lJ3mh1UBogmtStr6OSUMDiWmsOLD/9
9QhHpvTC376/9OwD78wpPRBmCHdmpthXvryCE1eVOszDcapr
-----END CERTIFICATE-----

29
ANW-URB/openvpn/anwaeltinnen/keys/chris.csr Normal file
View File

@ -0,0 +1,29 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIE8jCCAtoCAQAwgawxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3Jr
IFNlcnZpY2VzMRowGAYDVQQDExFWUE4tQU5XLVVSQi1jaHJpczEUMBIGA1UEKRML
VlBOIEFOVy1VUkIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEApmhfP8bpHtAybW/aPmG03GrxEjPi
7DcU+FjSspohPAItAAVVMWavBOdl2J2DXGomr7f94o5nQ8UATrjKlPO3RJHt+5hI
ekaouVe38CeZFzxzZYcQxg7h1nWF4w+tCGK8NR2KCO0D2FFEtDLEV96ELRZJ0ZkG
WxykDg06BDL7EhPWYmRq4qFcYeV/G3AdJCITe78Q/D+meHTx3AOi1yrgX87f/y1z
Ld0SuuWuYtNUtUhTOe5wY/3up74aQSG8hHGqdBY13bjXyNPEFbiMSpKtXhwDhkwO
S20YsY2FksTuAeQByKAZkK26vGlcw1Z9EYL1Hd3UFbmDzQ753iTq60hGLp3g/Mpf
ffPpbkrxPSb4Zbc8Rx7Msjb0w99AdlrDcUYCGK1MaupT4KAM6cBMvzYZlAMd0Xwg
MmZ7CjgQJBsIZGHYrE+Qwcr67iEfLV89hKGBDmdJW3bpVUyBqx+4rHSUlxkIjl2y
2SIa9/3k3Bb/YDamyOD76QsDxlD/IYPDvGlIlnKMaxAKyy97acZaeSZUuAUlyY+9
uZvwgrmmTeoZenBFBbbSpiKCliswrfYfKJBixCVSSibc2tOflN7E9NsCiicMl0XX
73xfGfpP8kHLzxjB8bhm3YEjT7CsegQROVVj5ReQsX2RmnaIEZwOCd0hvzDYHjCb
+VGdqw46maLm7mECAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4ICAQAJQJ250AtBCmWI
rrPA+q86l6SoYbQ2LAIsz8rKGikQNOUReXMVp8Skt/GdTYLNKLxoq4Tv6dSjNJtK
lEQf/HjqYlXx/plE43Bg/WRGNfkjr2OcYdhDdXg9UHoj6bkOzETHlorUH4Lwqx6B
ODXyYCsiT3m/ofbZjOwzj1a76rMfpZEn0l56S27eQDpsIAhGHzO1w9rkIuYXRWTU
GcwAOIGzepjsvev5JB7BYq/qkCIwxQqc6GLS1XHr0op8+VMh75QN2deds3kxmab+
lJBMce6OAZ4fmB7zZrQ3zjGjZPGnJMdap2ywHp/xjpHm57PEaltq8RUACh/dr9VN
8q0/EKjQElzwqkxqKC6c41KZa1eNM/gON9BTcZBLaZKVQKTyUAQ8v+BeQ17MCrD9
jWZfCENVSESdLlspb7uiciLJI0HwL7cKBzP5204LElroxDOqayZ4RA/Z49yMw4jd
EZHtWabs+xg1MWv/+1hBbRbjf5acB1YGkOLoxCEq7l8z6mYgwgxN5jp5JqPKFj/P
QMCLKXGPXZKyxIcMs+GdfxXun900pu/BMgO6Y+uHKdIVV7uGZbtQjqwTU8j/kNa6
7Ikr1RQCr9uZ/tNt61K5IZnT6bxIwSxdk1YVp8+3FVTZkHGor4Sk15Mvs8uZ5GL2
x3A4ageabACHGXCnVHH9xF6gPnkO+Q==
-----END CERTIFICATE REQUEST-----

54
ANW-URB/openvpn/anwaeltinnen/keys/chris.key Normal file
View File

@ -0,0 +1,54 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIJljBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIwgpZYNPhKv4CAggA
MBQGCCqGSIb3DQMHBAhMWcosg1DkggSCCVBPbBDQJAZKMbPsp1qwJQL09RpZgtpp
y93DH+BlfoqK8Yvn2P1FUUSK7gtHtg7dL7MJyXzQSusx7rd62wMTPDPOCf2p5S50
EngLGOwuS6mQtYXHSxl1+RIJxkTJzCOkeiFYZ2eXwhC1iTCZzAMuRNoY7dSQWMtP
mkJEcjA5xlSXGc9YZHE9T9TtKPHF3l6QJk9y7iT0CUF1PjAoSijGreuUMvK6t7FM
Bv+yurbXC03v7Bmsb+m3zDUSOzsDtDGWChP4v9kAGjv+wDNY44fI4nD3B2oJrGzu
QRqmuv/LqYJc5/4M2MoasJD7mc7JxNqf4CiY01exgVnALEb8mm1GLu3b0dyf0H08
N4tJl+6kctl7nIxux943o5CXSenBjRbiTys/Hsv5iUhlzLKBxrAiVACIDnOy6LLE
Z1xpWw+kGPNk95v61wxrO+k7wie3rAjLGwSjlgE/ukmBoF+t/huyB/5Uax0OMMQU
ju50r7HGaKiNLGi97pdr56fmRquFzxfbAoToZckwBHd4ga0DMFoHylnOo4fzwmL6
BAJg/kBDfn16rjGCwg90CF9hLyEnOyppAqTwqXQyDAWOFJaXSArea/Tvvo6sTK92
maKSLXhu9wHOWgti7IE3/tz/DUkXeTMvAms+C7ho24E9VgRi+1l6r92A9eeSAO6L
/d13e5jOfQ0NUvNpn0VyzwgKJK+LB4br7DveehUtTr4RVgH5x2ulzmsEeDEvlH4a
RYV7uDCG+f2IHieNsn4jI2yxZTVv1VhtPWQJdsFFJ2wmTHwnU+wDmeTBAaucB6E9
8swykBViLQwWzy3prBonDz2+1jAzMTvCeasZwEovSxgVtrMCOH/vobotMW/YVHtC
TBYNtX+1Sc3er06LdhsXn6BpmNiGck3jqOYPZDihX38viOfzFg0vy60r39TyLBX9
VFTepVPNDvG4NdLoqibbt70ik2L9y2igL60jb4hPIjWhN7kgmA033PkhPUb/FR0P
c7vGAtKpZ8OWWlGMMzURYchspfkMfeZ8fPyyk8kHm8nKQ0+sICy8IqNqK0bitS95
nIkGrohRasxBN0eqth4aofP+uLwsUagrd+ceFWNr0+F4xoqtyLVy/iq6XJytZniW
8cth2X/U1GwZ/6F0SdylXLbPhVHCcPvlowCVVBR0wScxRH3WjDj5lk9uHX0bPYTA
Sl1cuheFGMUSA/77t64yiSEHewW0H/DRSuNPMOS1zLMQ/L5c+kPPHLKRFqJCkPc2
rvsqKxKgvlmwCziMVgJQ0ndfET7m7UY8xUhlja3tsDG9bvPey6b2ZzZUpuRCAcck
MfTZeHkUhONkI8WLooedSjMO/mavwO8wqotCdHnO2FDvYZhFeEoQYqtT5jCD5kJC
D0RA/mCN0HMntedYZb+1N8GTIFnNwqCZzh4+QD8Am/iKd3HqO1SgxAbEAAkxyK7O
pMo/pzQQW22+Th+yOLBeKRMOL6jdy3di/mId6XXq4DNn3kRsHFsRSVXaWfAabzxB
Lr4qGlv2cIOlxjWcaSI8ldeoazDKmA8vzeQzbK6fGu9QgAKh+i7443blPp8J5Ms6
6hz7NK/H39CRNK4B+WIMswHSokSn99SfiC+3sOGgHXXNlqlRwvp7r5OUQ1uP8wLm
D6g22sO1BzYZOVbocyeVyrLEBjpY3kzaQDR2h/Ts8Y3urH3crY5IB4ZEf7CT4XdI
Qu8cYJNM87ifrrKNC6ZyenVtmAGMjpu6yXAxyEb+qDQnBioCOdX5knYnsOpWHBWG
lBpdL5SSbXxH0UWlLbMiIdO9NhNKZ27OtjXp2rlxOJMVryYdWtgDp4phmvI1cgV5
Qo6cUxS4IG0nHFsEfOHO56xnQGyt5tKHTjg9xtDjgLz2gBknjK1KcUfdZ1PZshef
08Y0DeubeFAi95JwB8NcZYEf3P01JH4c55Z9fVfWzhb04mX1fdHz9O/XqCMymiIv
C39gqMk96mPGamaN2wVt2twbnUtoA83E3m1dxk94sKxmFugkvlN1w4XjPEw2Wwba
cQj3Or3E6CtWsAo/5wlQZypvVkknjfyFZRYWb4dGX0tCPdNLrkArkpABTi7XrgYC
MFw1FX/Q2axEYFYUAb3XjDULlqa6ot3HDfJLll2Tqt65dj7sf/655n/oMU6deV/d
VKJzHvTwRmYFQyMYYA4LB6pVuSAL7r4L0ObHolt+Lq7KQpShjZwzL9GGzsD8nA6B
YRczfnTJRp+KZ4Nxgm5vm/UDhvUmGavqhkCnAHfPEj6wgrMsc0vyujbOo50lXH87
YbscsJqDFsnB+Ym5K+bD8X6cgO66PC2qQIngDuHyPm57l/FdbdAFbWQaDiv8Yojo
PnU8LisFXOv0h4ESa83zSUw9YRhMFcPR5yh28iYlVDWJjd9VoXgOoR6YGwTkV/wy
4CkQVIFznftkZXaZYrsfU/GaR1LjGxwu9TlLzt8hAqbgvzbGXvUn0zF7HF2OrMoX
OTUr/ptuF8qzq2JMzBlCla7tp1cmBR8NFd1ZUQVat95OEG5U9aMvHjHIZGpw0gcx
3PavXizCvjgsl8aHSeTRPBxS1ajzXont/RjRO5SOVj1y8jzvd8suCWCjkB6XeJI7
1kZAz2STCxq7k2uwpYmFMcyu3RCISoyWFAvpNY298RtsvJexyj3iWiVNPRgEDfSy
mncxifB/TZKofpHe3+ZM6uEbiKE3eivIZVFRTC3p3qN+WTMrgzQinADQZTwzBnJz
/BzO3iejgI6URhx62F3OVJOaG16pYNJ+RT1gHFl/icozVOPXjSDgtjztDVKMhqd/
0oRCCCt5RBy5T6ufUpoJJ6rZsRRITthb+u7YhFZuuYcPCPcC1UF43SjXXitf00Av
ImlNi6F9FyQU8HZ8nMuOzcDv2E109g1nyisPnUTuBd5tPzVwHI5+ZdAWTYyGurDR
P+s+56COnfo68wcmPuEHSBqQjBD+8Tlkf0NS0g55uYiszULvWO74i0UEi0TXyd1b
sFXDbiUk7fIW5kWCzwaEgECTWAHNr52IpoF/5WEHCNaV2uDg7t5QLDMwVk3bJe2z
CODdkX5frI/HNkZwn7Ywq7uu+T2ADFSqRmjputFp/VjOuQICyJ0xL3vl51vn11FL
lj3hkBwxfHPZyugbwD9OkXInyr1du0h/aOoCauf2DX9IzAb48Xt0E0P0TiCUZJY0
WO3Ph1v2Ieg0Vg==
-----END ENCRYPTED PRIVATE KEY-----

1
ANW-URB/openvpn/anwaeltinnen/keys/crl.pem Symbolic link
View File

@ -0,0 +1 @@
../crl.pem

13
ANW-URB/openvpn/anwaeltinnen/keys/dh4096.pem Normal file
View File

@ -0,0 +1,13 @@
-----BEGIN DH PARAMETERS-----
MIICCAKCAgEAkb98/ZYPH87EHpUo6LatlbDgwe/tquFxg8EnrgAGaHrQMWDnSOvm
A1rXnnpql+avwnloGIqrQ+HjWMLq7KEBYc2W0KN37/qTQw0X7NPixQgDfaeainjQ
TpcAdjKcLCVeHd7J0aiKC/C1u1vRBCf14+wd0NZK7PXCRY8Ggft7hc0ya//riD+s
R4v1A1XXdMkns/YJMKzvvGEvV6IOlFuLUbbU6kYCUjVWDqsvNaRZpGuIiMis1e1l
PRtmIHGlhw/phKgK42ct5OIv2fjTkgg+u31ljptBBr6524HePx8ArifYySHIkk66
O6NeTQpX0VSqs4gpSgAQYAZS5M8DwMrMykmZml1PJkotevBP2YswNvTxwDRosaVu
1u0vJknjPyXnf+BvB9mbcZBVLqJ9YwdjxfVT5biIFVty7V5Oavxkn0zGdH+72eTT
t2FdyTx36Xwl/cRxeXENpVa4xsd7b1zxLLHP9gVHadrTsScplsiZcYZaxrMufuIp
r/I3W9FAgG8zxvnwNRPEjvqLEwuvgo0Ab3bQcl/Sz7Z36lo6TRS8y4V7uZdmdJ+w
92VxbVPFCb27veqrXooZJY5wVAkxdeG7NyS/MScC1JjpmqMK/fTcwfWzA0EH/k8Y
rEv324x/7ZK7gf9mNw21CcXHfBidZhyaU0imHQ5KhUOQS11xHQDqN4MCAQI=
-----END DH PARAMETERS-----

3
ANW-URB/openvpn/anwaeltinnen/keys/index.txt Normal file
View File

@ -0,0 +1,3 @@
V 380701115013Z 01 unknown /C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-ANW-URB-server/name=VPN ANW-URB/emailAddress=argus@oopen.de
V 380701121345Z 02 unknown /C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-ANW-URB-chris/name=VPN ANW-URB/emailAddress=argus@oopen.de
V 380701121817Z 03 unknown /C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-ANW-URB-undine/name=VPN ANW-URB/emailAddress=argus@oopen.de

1
ANW-URB/openvpn/anwaeltinnen/keys/index.txt.attr Normal file
View File

@ -0,0 +1 @@
unique_subject = yes

1
ANW-URB/openvpn/anwaeltinnen/keys/index.txt.attr.old Normal file
View File

@ -0,0 +1 @@
unique_subject = yes

2
ANW-URB/openvpn/anwaeltinnen/keys/index.txt.old Normal file
View File

@ -0,0 +1,2 @@
V 380701115013Z 01 unknown /C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-ANW-URB-server/name=VPN ANW-URB/emailAddress=argus@oopen.de
V 380701121345Z 02 unknown /C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-ANW-URB-chris/name=VPN ANW-URB/emailAddress=argus@oopen.de

1
ANW-URB/openvpn/anwaeltinnen/keys/serial Normal file
View File

@ -0,0 +1 @@
04

1
ANW-URB/openvpn/anwaeltinnen/keys/serial.old Normal file
View File

@ -0,0 +1 @@
03

142
ANW-URB/openvpn/anwaeltinnen/keys/server.crt Normal file
View File

@ -0,0 +1,142 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-ANW-URB/name=VPN ANW-URB/emailAddress=argus@oopen.de
Validity
Not Before: Jul 1 11:50:13 2018 GMT
Not After : Jul 1 11:50:13 2038 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-ANW-URB-server/name=VPN ANW-URB/emailAddress=argus@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:9a:fc:0b:94:9f:83:ea:2d:cc:b3:5a:74:89:c9:
b0:32:ce:38:07:f1:1f:47:04:a1:0c:b1:b9:c3:2f:
e8:31:a9:0b:df:ca:59:16:5f:13:40:c2:89:56:47:
90:b3:b8:d8:06:92:df:ae:05:70:d7:c1:95:57:9c:
2d:d6:2a:77:28:40:5b:80:45:4d:dc:79:02:18:14:
97:b7:83:26:b5:37:ab:85:b6:a1:4a:3e:87:9c:c4:
0e:ab:54:e2:99:f3:11:52:50:89:40:6f:79:e3:12:
40:5e:b6:ea:08:53:68:6a:21:7a:24:20:f9:89:c1:
e0:5b:9c:3f:16:80:f1:d6:d2:6e:e5:85:02:e6:79:
18:27:d2:26:f0:e3:30:94:0d:f9:72:d0:f8:c6:18:
d2:4d:a9:b8:64:ab:35:8b:1b:35:5e:0f:9c:2a:d4:
6e:23:34:fa:e2:35:e5:7e:fc:6c:2c:3a:d1:79:cf:
2c:a1:c5:da:a6:f9:ea:26:49:76:09:40:fd:0d:e2:
9b:89:47:ab:ce:5d:a5:a7:ec:d3:14:15:be:b9:e0:
67:25:7d:fa:0d:8a:f8:b0:02:92:2a:f6:80:f1:ac:
e3:d5:41:11:c2:53:e5:a5:8e:28:03:b7:76:ba:94:
28:53:52:fa:58:ad:ad:d2:3d:2d:b0:b2:94:8d:75:
42:a3:97:3b:e1:89:19:e0:f8:46:04:79:17:6b:59:
7c:fa:9a:0a:da:59:1b:a2:f5:bb:45:04:0f:f1:d5:
2e:7b:57:b9:ee:d5:5c:f1:88:75:12:d6:73:1e:6a:
dc:94:e0:0b:e6:0b:5a:1e:74:e8:65:1e:0a:10:ef:
b8:81:3a:58:3f:fe:19:af:1b:cd:93:98:70:f5:22:
ea:7a:d2:30:b1:0d:cb:76:44:14:9e:fa:19:1b:2a:
d3:67:1f:55:8a:39:c5:5d:d7:a4:67:3b:31:ee:19:
4e:d0:6c:7d:26:18:e4:14:a8:70:f8:a1:14:1d:e3:
7e:27:0d:ad:38:39:79:7a:73:94:fd:ae:c4:70:6e:
82:a1:f6:a0:b2:2d:54:cc:56:d4:76:5d:36:40:19:
32:ab:58:23:1e:0e:a5:b0:3f:87:7a:59:4a:f6:2d:
3c:0a:64:8b:a8:1e:54:12:3d:34:bf:33:6b:78:a7:
0c:38:dd:78:6f:e3:97:ad:bd:c9:89:69:50:3a:e9:
ff:2e:0e:93:5d:73:80:22:e1:33:e0:a6:9e:95:cc:
d6:a2:93:19:37:0f:40:95:c1:27:6d:1c:0d:5c:84:
7b:29:d0:ab:1d:63:fc:87:cf:74:01:df:b4:9f:82:
6b:2a:8e:1c:c0:9d:ff:c7:24:ee:fb:c3:a1:54:98:
8c:b6:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Server
Netscape Comment:
Easy-RSA Generated Server Certificate
X509v3 Subject Key Identifier:
6D:8B:55:0E:DB:C6:58:D5:DD:1B:1F:2F:BA:81:09:D0:C0:3C:36:AC
X509v3 Authority Key Identifier:
keyid:C5:F4:E5:28:DE:7F:E8:EC:9B:F3:20:26:22:52:51:23:28:74:5E:A4
DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-ANW-URB/name=VPN ANW-URB/emailAddress=argus@oopen.de
serial:DD:5F:A6:16:4B:9D:37:E9
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Subject Alternative Name:
DNS:server
Signature Algorithm: sha256WithRSAEncryption
75:3e:fb:6f:7e:2d:18:5f:3d:09:31:66:b2:75:25:cd:bd:72:
2f:61:17:87:4a:f9:d4:ac:15:f2:9f:75:0d:fd:90:0f:b4:d6:
aa:79:d8:6a:44:86:e2:ab:5e:3c:1b:22:79:52:a3:da:8c:41:
c5:17:b6:e3:07:78:04:06:1e:4b:d0:cf:96:50:4c:07:67:df:
5b:8f:77:e9:6b:7a:c4:8a:4f:d5:81:69:b5:01:d6:42:34:69:
be:d4:6d:40:39:62:6d:49:31:ff:b7:86:95:31:b1:95:52:ae:
98:c2:fa:9e:b4:1e:90:2e:8e:29:6e:e9:01:e7:83:56:4d:49:
3f:52:2e:b4:9b:a2:72:1b:1b:fd:19:a5:03:ca:01:d0:95:9f:
56:fd:4e:a0:d8:58:c3:b4:f7:1f:ba:79:21:ab:5b:a0:35:d8:
af:a7:2e:41:b7:ab:1b:e1:63:88:ed:fb:2b:f8:4f:49:b5:b2:
07:94:92:59:dd:db:c2:d6:53:fc:27:3f:0b:09:25:17:53:76:
ee:60:77:d7:b5:4e:46:41:f0:a3:cd:9c:71:16:b4:f2:c4:85:
20:43:e0:37:b2:8d:fb:ce:85:07:44:f8:0d:05:a5:5b:68:85:
31:7b:0e:1c:7e:03:f4:13:a1:2e:3f:1f:18:71:b4:36:7a:d6:
f3:ba:5b:32:67:aa:05:d2:00:fd:dc:4f:9e:83:cc:81:9b:e9:
ad:57:7e:b5:ec:53:63:7f:7e:59:e7:0c:98:14:e6:2b:2a:c1:
de:f7:3a:c3:14:8b:5f:3a:d3:07:6d:bb:61:09:53:b9:77:17:
30:c5:91:7a:c4:94:38:0a:27:c2:20:80:8c:03:b4:95:1e:e1:
81:7c:99:d8:dd:79:94:ae:84:2f:6f:35:6a:67:3d:fc:3a:c4:
d3:77:ca:85:5d:7a:be:12:e9:a7:c9:e7:bf:25:82:69:a0:06:
18:12:b0:e1:84:2b:94:b6:2a:48:0c:93:19:b5:cf:09:13:72:
ff:cc:9e:e4:b5:56:f7:b4:c8:93:6d:bd:0c:0c:1b:42:34:2c:
59:7a:21:c0:3c:cb:4f:4f:f3:0c:29:d0:56:05:1a:46:58:93:
0e:d3:40:e3:b1:9c:04:58:84:e0:cc:bd:0e:fa:99:15:09:b0:
c5:50:aa:1f:8a:70:fb:2d:ac:c6:b6:7b:00:4c:07:ab:b0:00:
0b:2e:2c:0e:e2:0c:99:cb:c1:9f:9c:a1:53:95:9c:d1:5e:31:
af:ee:79:b8:22:62:2c:c1:de:0c:f1:7f:6e:c3:c7:ad:76:c1:
0b:74:05:13:7b:1a:97:90:27:0a:e3:3f:ae:4a:c2:d4:04:30:
2c:bb:ac:fe:00:f7:e8:e1
-----BEGIN CERTIFICATE-----
MIIHXDCCBUSgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1BTlct
VVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
b29wZW4uZGUwHhcNMTgwNzAxMTE1MDEzWhcNMzgwNzAxMTE1MDEzWjCBrTELMAkG
A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGzAZBgNVBAMT
ElZQTi1BTlctVVJCLXNlcnZlcjEUMBIGA1UEKRMLVlBOIEFOVy1VUkIxHTAbBgkq
hkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
MIICCgKCAgEAmvwLlJ+D6i3Ms1p0icmwMs44B/EfRwShDLG5wy/oMakL38pZFl8T
QMKJVkeQs7jYBpLfrgVw18GVV5wt1ip3KEBbgEVN3HkCGBSXt4MmtTerhbahSj6H
nMQOq1TimfMRUlCJQG954xJAXrbqCFNoaiF6JCD5icHgW5w/FoDx1tJu5YUC5nkY
J9Im8OMwlA35ctD4xhjSTam4ZKs1ixs1Xg+cKtRuIzT64jXlfvxsLDrRec8socXa
pvnqJkl2CUD9DeKbiUerzl2lp+zTFBW+ueBnJX36DYr4sAKSKvaA8azj1UERwlPl
pY4oA7d2upQoU1L6WK2t0j0tsLKUjXVCo5c74YkZ4PhGBHkXa1l8+poK2lkbovW7
RQQP8dUue1e57tVc8Yh1EtZzHmrclOAL5gtaHnToZR4KEO+4gTpYP/4ZrxvNk5hw
9SLqetIwsQ3LdkQUnvoZGyrTZx9VijnFXdekZzsx7hlO0Gx9JhjkFKhw+KEUHeN+
Jw2tODl5enOU/a7EcG6Cofagsi1UzFbUdl02QBkyq1gjHg6lsD+HellK9i08CmSL
qB5UEj00vzNreKcMON14b+OXrb3JiWlQOun/Lg6TXXOAIuEz4KaelczWopMZNw9A
lcEnbRwNXIR7KdCrHWP8h890Ad+0n4JrKo4cwJ3/xyTu+8OhVJiMtj8CAwEAAaOC
AYowggGGMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMDQGCWCGSAGG+EIB
DQQnFiVFYXN5LVJTQSBHZW5lcmF0ZWQgU2VydmVyIENlcnRpZmljYXRlMB0GA1Ud
DgQWBBRti1UO28ZY1d0bHy+6gQnQwDw2rDCB2wYDVR0jBIHTMIHQgBTF9OUo3n/o
7JvzICYiUlEjKHRepKGBrKSBqTCBpjELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJl
cmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsT
EE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1BTlctVVJCMRQwEgYDVQQp
EwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDd
X6YWS5036TATBgNVHSUEDDAKBggrBgEFBQcDATALBgNVHQ8EBAMCBaAwEQYDVR0R
BAowCIIGc2VydmVyMA0GCSqGSIb3DQEBCwUAA4ICAQB1Pvtvfi0YXz0JMWaydSXN
vXIvYReHSvnUrBXyn3UN/ZAPtNaqedhqRIbiq148GyJ5UqPajEHFF7bjB3gEBh5L
0M+WUEwHZ99bj3fpa3rEik/VgWm1AdZCNGm+1G1AOWJtSTH/t4aVMbGVUq6Ywvqe
tB6QLo4pbukB54NWTUk/Ui60m6JyGxv9GaUDygHQlZ9W/U6g2FjDtPcfunkhq1ug
Ndivpy5Bt6sb4WOI7fsr+E9JtbIHlJJZ3dvC1lP8Jz8LCSUXU3buYHfXtU5GQfCj
zZxxFrTyxIUgQ+A3so37zoUHRPgNBaVbaIUxew4cfgP0E6EuPx8YcbQ2etbzulsy
Z6oF0gD93E+eg8yBm+mtV3617FNjf35Z5wyYFOYrKsHe9zrDFItfOtMHbbthCVO5
dxcwxZF6xJQ4CifCIICMA7SVHuGBfJnY3XmUroQvbzVqZz38OsTTd8qFXXq+Eumn
yee/JYJpoAYYErDhhCuUtipIDJMZtc8JE3L/zJ7ktVb3tMiTbb0MDBtCNCxZeiHA
PMtPT/MMKdBWBRpGWJMO00DjsZwEWITgzL0O+pkVCbDFUKofinD7LazGtnsATAer
sAALLiwO4gyZy8GfnKFTlZzRXjGv7nm4ImIswd4M8X9uw8etdsELdAUTexqXkCcK
4z+uSsLUBDAsu6z+APfo4Q==
-----END CERTIFICATE-----

29
ANW-URB/openvpn/anwaeltinnen/keys/server.csr Normal file
View File

@ -0,0 +1,29 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIE8zCCAtsCAQAwga0xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3Jr
IFNlcnZpY2VzMRswGQYDVQQDExJWUE4tQU5XLVVSQi1zZXJ2ZXIxFDASBgNVBCkT
C1ZQTiBBTlctVVJCMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCCAiIw
DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJr8C5Sfg+otzLNadInJsDLOOAfx
H0cEoQyxucMv6DGpC9/KWRZfE0DCiVZHkLO42AaS364FcNfBlVecLdYqdyhAW4BF
Tdx5AhgUl7eDJrU3q4W2oUo+h5zEDqtU4pnzEVJQiUBveeMSQF626ghTaGoheiQg
+YnB4FucPxaA8dbSbuWFAuZ5GCfSJvDjMJQN+XLQ+MYY0k2puGSrNYsbNV4PnCrU
biM0+uI15X78bCw60XnPLKHF2qb56iZJdglA/Q3im4lHq85dpafs0xQVvrngZyV9
+g2K+LACkir2gPGs49VBEcJT5aWOKAO3drqUKFNS+litrdI9LbCylI11QqOXO+GJ
GeD4RgR5F2tZfPqaCtpZG6L1u0UED/HVLntXue7VXPGIdRLWcx5q3JTgC+YLWh50
6GUeChDvuIE6WD/+Ga8bzZOYcPUi6nrSMLENy3ZEFJ76GRsq02cfVYo5xV3XpGc7
Me4ZTtBsfSYY5BSocPihFB3jficNrTg5eXpzlP2uxHBugqH2oLItVMxW1HZdNkAZ
MqtYIx4OpbA/h3pZSvYtPApki6geVBI9NL8za3inDDjdeG/jl629yYlpUDrp/y4O
k11zgCLhM+CmnpXM1qKTGTcPQJXBJ20cDVyEeynQqx1j/IfPdAHftJ+CayqOHMCd
/8ck7vvDoVSYjLY/AgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAgEAhAQde2HMtUL6
wObBMV3qUouJseC4mwlVyR0mMNqc5EPcs3otg6bpQ/buCZQ2gADXgfplU32/hbjx
V3aTT74s2sFYI2dRUDIR9h8BZlTbqn52WmW2IA6RgAyllyamdX/dEplyHqymRtOD
77+ZGRki3EHSBFX1JTLofFqWF452/60GTRuTmga0MH3yJDv6LWdUjUAA0sBOYTKA
Iohd+a47VV02Vd73EF4r77AW8ASDhrRSMHhKdq+o2ebulbZRl6qGPtVomcq0TQWw
rR5Ce47ckgv2SAXZ+KkYQpIVU3ThIzeSe0QgDxoHB5e0F6mjoOQkVZ0MKIhbzTfm
7IgdDXt3Mn0hHQcP7QWhZB+DSAyjDD1/CRnHhgcWQW5i3/fPjlhCP4BLeCLLJUfP
SJ84omiFuNUHZfZdcIagj9tKaA80DpKTBDtl8WT0olNk++c+Gd24JBucrxznMK1h
xNBHJElHMBwRCiZPm2Ify+OU658PXwg/LRW5Q/vlSGtESKWGhPSn/PA9t3BN2ag5
NzLaclmpjUOQk2qhy3fNjrW28MGl3fyeYrm04p3pGYyvOenQV5q57MfR8OiNxUpg
6zdh0Or2T6fMOvwJFsJWZBCYOoTmMhjgHu4Bw0aIfkI4o4xEz6qvoUugAhvNx9g7
UQd+f3P3C7My1z7h/axibCIBpjhlmaA=
-----END CERTIFICATE REQUEST-----

52
ANW-URB/openvpn/anwaeltinnen/keys/server.key Normal file
View File

@ -0,0 +1,52 @@
-----BEGIN PRIVATE KEY-----
MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQCa/AuUn4PqLcyz
WnSJybAyzjgH8R9HBKEMsbnDL+gxqQvfylkWXxNAwolWR5CzuNgGkt+uBXDXwZVX
nC3WKncoQFuARU3ceQIYFJe3gya1N6uFtqFKPoecxA6rVOKZ8xFSUIlAb3njEkBe
tuoIU2hqIXokIPmJweBbnD8WgPHW0m7lhQLmeRgn0ibw4zCUDfly0PjGGNJNqbhk
qzWLGzVeD5wq1G4jNPriNeV+/GwsOtF5zyyhxdqm+eomSXYJQP0N4puJR6vOXaWn
7NMUFb654GclffoNiviwApIq9oDxrOPVQRHCU+WljigDt3a6lChTUvpYra3SPS2w
spSNdUKjlzvhiRng+EYEeRdrWXz6mgraWRui9btFBA/x1S57V7nu1VzxiHUS1nMe
atyU4AvmC1oedOhlHgoQ77iBOlg//hmvG82TmHD1Iup60jCxDct2RBSe+hkbKtNn
H1WKOcVd16RnOzHuGU7QbH0mGOQUqHD4oRQd434nDa04OXl6c5T9rsRwboKh9qCy
LVTMVtR2XTZAGTKrWCMeDqWwP4d6WUr2LTwKZIuoHlQSPTS/M2t4pww43Xhv45et
vcmJaVA66f8uDpNdc4Ai4TPgpp6VzNaikxk3D0CVwSdtHA1chHsp0KsdY/yHz3QB
37SfgmsqjhzAnf/HJO77w6FUmIy2PwIDAQABAoICACxZp+613wfqZ0ODxQmQ/6zq
Ojp7k5m9B2Eckq36TZW4bD90Jh4yws2rXaWlARGM+bSX3w5rXClBqjzR4oQAzuxj
zktcibVno2PEsM3A6Bi/f4PaCTm3vxLrP89jkRzA49oMVdpsjBKgrG7uJPaQ97Y3
Mj6YeRAkvNE6WwtThuEUgsuHTpcpW/I5Pw970/DqNtHWXvpBLB0xTiTwoXfXJ2Rt
TyEqfQHyLUECb1PxY/scMcmLsZfxiGpz5b9jEjX/tOp+SEf2jIGXZsoxCQ4cUuHa
B2pBLIcnl5a2haFpvOhrsx7Zaf2UCIlhrq2xmHY343pEqoMp4C3jd+mykLQSNCku
E9d0r+I8xTWR1Msrep7CfG1RDguC4IhqfNrRb0G3w0cKZOs+D3Dj+DUsFTr814Kb
LqVB83rN6y+f5spQph8HmKCs9m3xKOvbcugIceO2meWGs8nvbL0PdyYdCMursqj8
/nCZJVWUB5+Sweoo4JhmSF2sMSeQrsEdewF9wQuAEJT79j9SO2ub2MoF0XTrj7XY
1UsFmVJD2SqGrnwLwdz3owGNc1MM56873ApjGdHPDxCLHVJD2+Hc9zYtDw2D5DWW
uHd2ofojOB4B01XvtwmdlseKRn10liTdBs/pfuQmhxtGmlgH7kBHD2pFxe53RRrH
T7ytXCLNTVkDS3YChk/xAoIBAQDN2yt3lRaC8XDDeACArTfCl5NaejjmDE+HHZkU
J34mTN2x3q8Fe0vkxEonskJe3zvs52cYGRridYaqTkfzjagUF7J8jfQYsp7BbuKn
ZtVrVhETl3NAXgZGcM9zzf55QbgeuKMtG3LxyQMOMeXx9A5gXblDuBYcPJn2es5F
7xPA+4dccxHMsSIAZVoQ+HwSxZYDDWO8Qfnnv/ZLOD1RtEZCqauqlxGMMz1lSqCq
XfHwhRy1/G1MQ2+hVMHTMQUo47qLAC+GbA5k9pZyQtRbSGRCWV0gA9BkbTQK6dVx
XIQXTxEm3C3tuB5O83rYY8y7cZBEoHRMGpgxPiUKgvVErR1bAoIBAQDAvJy53V6V
cZfYUS/Rm2UTTgqqt2k6ynXltb+QpjEa+J4t5TdcCQ14Xst3r8gPn5vNyMoxJUb9
/Vqyv8gYSsZ3RFn4H/8Ou8jZIcgdxF5KLEgpEo1kMCQYjd67TAU76NebD8f99DVo
z1QsuPzKRKrB05Ui5ahBQlh6iwTmicGRJ6FzD+J9Fq6u/5yZrbbuMDgB/Vhg6+PZ
Aw0erjJU+AW9B29AQ5xDyp1KSYrrpVj5nMnvLgaTVaEalCA/mARxirQJ9ARN+6vq
/PW0yT8kM4fUlBRSKIroefqboG+cuqa4NIH3dQZrEe4VkaB76jI7XUcDiKNlBaRT
bssxgkaQ4uvtAoIBADR2TKeXKTuJyJEoPgiNHI7NDlKan3GRZZsrod2PCwk7wawY
8kXVXEwa8kMXnO6MubrwZkev7jgUd5Nji9a4HUOxnl072B+LNgZZ+g1rmaxXLNbv
XAHldHfzPAtpThcc9o1txLg0LKEN92dgtBdreVZ5zEND4O6lSx+TwIn2GfSupZqc
AMdHxUCQk9mLWiN2k3qHqQlLTyMOuvgEhywRY26NyyAYi/JNBLKRyExi0MvZQK3o
fPpYnVRiQ1tNPOFk2B+glnwNgcWdSk4oVfJFireWCrOkBTHy2raFTU4so8VE8zwS
FOpmZ+L7Di2jkYObt4al1b2ncW3rRoldQqCT9c0CggEAR7RkIooHLFYshd/+iF7l
xb7dHRJLZgH4xtNNR8Vss3oXbz+9ztHXXxb1X7vYFGfvESpIfuw9czUUzzeme9Ml
7y1Qw40z2Qln+dAloV1zLuk2l4E9dS6r3y641Lm9oMJJpHjEkOiQDkRELrdL5PyT
ArVy4J7McCr8u+qIkjRh/VzfJe2c96i+qICUhGAqlIb/702P2c8o343RDb8FHrN/
fwoLC7+bnWT+C6s8sdq8NXFtdzyKWboby8WcEcy+qndN7/4Gs/STy0L9LptIkHFT
cXT98mr+8uqen9OacpbGe/Wc/LFfB+qNxxx8tl00/vz+9IObNnRY5Glt0yeClVi3
KQKCAQAaAfcMO79R5UKLFMPvHjlYJxQ/2NvIAkS6v9Skd0j1HU2Cw8PQBE8PsRLn
QrkKFIPZm/nqZpHz5d/HFgxfuP0XOhJEsTNZFyjySQIpIWp++r6pzOkJWp7OeXsw
Nu7vHLc4y/Esjh/wZ7qdzHakNoOpMyG0NsE3HYGWGDcITndfPiQrPIO/jk9TtEh4
WdzR0nybx9fx5piKkr6A2DnRonMvROn+v9Qn6hIDwXRNffJ1Ouu1PlO36hlJvb/4
kDvtsLsDCb5uoX1cZ5sKNDKpakzOMwU53qBsHK5zgJn1iXKokLbnmP36cpMj0a5o
ZD9M+HEJBhESvgoDaP6Xr7lSxwKd
-----END PRIVATE KEY-----

21
ANW-URB/openvpn/anwaeltinnen/keys/ta.key Normal file
View File

@ -0,0 +1,21 @@
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
b5fff06e622a9b746f5f7496e4995abb
cdb1504b21d4f6937f4f455358831fa9
d9e6c2ff64229b53be1f5ee86865cd9b
6076ee9a55c4ec534d52ee6715b4bdee
993eab28f394fbb3843b6c4e4e2c71a8
75b2bf33e58457ad6d8e35c6adeafe13
ffc25ce4c6b7883311f40e6040e3a89d
7442612f008190286768cad399da95c7
1ada651b830a9ce00ed0c7397eb8d25e
efdac1ea41e70ab1c466d8e2a7d5ea61
6dc519f0561ffe874dd731da4de6b5e0
16d445c20133139d775e8eb4287a8a15
9f01cf7d7fa91ad6ec7c5fb876ccd181
0c100ac5dfd28f9bfe2fcc02c84f9d95
5c94571f02a6b9032f8f7fff07c29c9c
4cfbf4bcb2dd45e9659506e1b5c5b745
-----END OpenVPN Static key V1-----

139
ANW-URB/openvpn/anwaeltinnen/keys/undine.crt Normal file
View File

@ -0,0 +1,139 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3 (0x3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-ANW-URB/name=VPN ANW-URB/emailAddress=argus@oopen.de
Validity
Not Before: Jul 1 12:18:17 2018 GMT
Not After : Jul 1 12:18:17 2038 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-ANW-URB-undine/name=VPN ANW-URB/emailAddress=argus@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:d7:e8:b3:67:8c:3f:70:c2:88:4e:cb:11:6c:c3:
35:77:f3:ce:5b:71:ef:64:df:4c:fe:d6:2e:25:7d:
52:d1:f5:0f:17:73:4b:f6:ef:d6:65:e7:a1:d8:7e:
43:36:fd:f6:06:74:db:14:52:4f:d6:4c:be:c0:f0:
6d:bc:38:b1:0e:f3:a4:49:83:d3:50:a7:69:d2:5c:
2c:16:db:ad:cc:c7:f3:9c:d5:90:91:c7:ad:69:db:
3e:2e:bb:9a:82:67:7f:4d:f4:c9:88:08:a0:42:8a:
3d:4b:b0:a9:88:cc:02:b6:0e:24:0c:6a:64:a5:b4:
d9:c7:bd:03:10:a5:3a:fd:17:e1:32:82:f1:fb:cc:
67:4b:48:5b:41:af:01:b5:58:fb:31:22:15:84:2f:
e4:5b:05:7a:f9:1b:8d:d9:73:18:ed:2d:41:07:1d:
12:d4:14:25:92:9b:8f:48:39:0c:4c:43:54:aa:20:
da:f5:36:4a:d7:ce:a4:5a:68:03:f2:a8:f6:ad:70:
f1:34:03:ec:36:74:e9:76:2f:56:d7:37:02:a1:00:
3b:90:69:3d:a6:09:1c:95:ed:a3:a3:02:04:fb:8c:
e7:b3:db:9f:ff:a8:10:8c:a1:f0:29:54:fd:3d:35:
21:4d:85:c2:41:cb:e8:07:d2:ce:d2:59:f8:0b:77:
a1:f9:47:7c:37:bd:04:a4:be:2a:97:2b:c9:e0:12:
79:7c:89:be:84:f0:ab:43:b2:f0:c3:57:a4:b9:6e:
ae:85:7f:3d:41:20:82:d0:d5:d6:b1:27:07:86:28:
a6:1f:d8:31:c3:59:46:1d:c2:5e:93:ad:1d:2f:bb:
2e:11:a2:bb:59:45:75:b9:b7:df:0a:21:d2:f4:82:
8a:77:6d:17:9a:98:d7:89:0a:69:c7:f6:2b:ec:c9:
d5:c9:33:18:bf:38:58:b4:f8:c6:00:57:65:6f:f0:
a1:e5:35:bc:f0:10:81:bd:73:4c:78:48:3f:71:eb:
96:62:e3:03:44:a2:19:41:7e:90:fc:b2:a0:72:b8:
28:6a:83:66:bb:48:75:d8:56:d1:f3:c7:01:a2:b7:
55:e6:b9:76:a9:3d:6a:bd:ec:d3:2c:e0:bd:cf:07:
de:02:6d:f2:3c:41:60:21:f2:2d:b4:85:5b:11:a2:
cb:72:b4:c1:80:3b:46:f0:81:92:c4:42:6f:0b:85:
c4:e6:57:82:fa:ac:0a:8d:de:0e:e5:ae:17:e4:f6:
d4:60:68:b4:59:b4:ad:8d:00:d2:34:80:7d:aa:33:
96:53:bf:fb:54:42:2b:50:63:af:b2:e2:f8:ba:7a:
12:18:b9:d5:81:4b:67:b6:d2:c4:dc:8a:9c:ee:1e:
e6:3c:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
DB:7A:22:8D:C1:62:E0:D2:E4:FE:5F:7D:E0:4E:B5:39:DB:9F:98:E9
X509v3 Authority Key Identifier:
keyid:C5:F4:E5:28:DE:7F:E8:EC:9B:F3:20:26:22:52:51:23:28:74:5E:A4
DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-ANW-URB/name=VPN ANW-URB/emailAddress=argus@oopen.de
serial:DD:5F:A6:16:4B:9D:37:E9
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:undine
Signature Algorithm: sha256WithRSAEncryption
38:9f:46:d6:9f:8d:19:bd:a6:76:49:58:da:96:bf:32:61:ec:
1c:06:2d:c0:56:15:38:c4:f9:1e:c7:16:ca:68:a7:5f:c1:8b:
86:7b:9c:03:e6:47:2c:b6:ac:9e:0c:87:50:b9:f4:4d:9b:74:
1c:bc:d3:6d:c9:94:d9:2c:2a:17:36:0b:39:77:c1:6d:3d:25:
22:fa:cf:2e:b1:30:11:a1:6a:6a:25:af:b8:31:13:f9:32:c1:
51:48:97:ac:8c:2e:8d:44:a5:16:ff:5b:a9:df:ae:fe:5e:0b:
8a:6f:89:b7:3e:7f:cb:ae:5a:98:1c:e5:00:72:d6:ff:15:c5:
7d:3a:bc:ca:b1:e4:0f:f3:1b:f1:b8:22:c9:db:3b:13:fd:75:
3f:03:84:83:a2:65:4f:e6:7b:ba:2f:26:e1:b2:7e:69:55:90:
e2:66:2a:12:1c:05:42:58:29:bb:e3:e0:1c:6e:3e:9a:bc:39:
3f:d6:fd:e7:55:fb:7f:67:de:99:4d:26:43:39:39:24:b5:da:
14:e9:c0:df:1c:7b:93:55:07:14:d4:db:de:ef:90:59:79:95:
c5:07:72:d4:ca:23:5a:dd:6e:9e:6b:47:4f:01:20:69:d2:fa:
76:af:83:47:3a:32:ed:00:04:e9:ea:cd:55:7a:4e:c6:5f:b4:
11:aa:49:c9:d5:b3:db:7d:8e:9b:e6:1f:ad:6b:c1:4b:47:08:
3a:55:6e:74:a9:42:8b:f1:02:1c:96:c2:c6:73:d7:45:85:40:
46:08:05:bc:9b:19:14:2e:8d:29:0c:b2:24:a2:ca:62:12:58:
6d:7e:1f:b8:fe:c2:5c:27:b7:cb:46:a9:07:c6:c0:ef:7a:e9:
59:c0:c8:e0:08:2b:f5:59:dd:b5:88:df:e1:52:d6:bd:05:d5:
d4:f0:5c:2d:8d:1d:f7:44:1d:8f:7a:d8:ea:72:b1:48:10:d8:
63:1a:b2:55:18:18:c2:0f:da:2c:35:36:cc:70:cb:7e:31:67:
a5:d2:6a:e0:85:72:e0:14:2b:50:fa:52:85:58:7c:e0:c2:31:
b7:a7:df:25:8b:55:4f:b6:48:f2:66:66:0d:11:50:d8:4d:86:
00:e0:ec:3e:ec:39:0f:16:70:76:c2:86:69:e8:34:26:ba:d5:
fc:af:6b:fa:e1:e1:29:61:11:ab:9f:e1:e1:0e:dc:ef:58:31:
58:00:5b:93:53:bf:b1:60:d0:b0:3d:53:e8:be:fd:8b:50:f5:
61:dc:99:4f:17:6a:5d:32:62:0c:ab:22:77:94:ad:f6:4c:51:
a0:03:d7:03:fe:ce:85:bf:eb:0c:24:5c:1d:1f:28:10:9f:bc:
13:86:b4:c4:9d:12:54:2c
-----BEGIN CERTIFICATE-----
MIIHQjCCBSqgAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1BTlct
VVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
b29wZW4uZGUwHhcNMTgwNzAxMTIxODE3WhcNMzgwNzAxMTIxODE3WjCBrTELMAkG
A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGzAZBgNVBAMT
ElZQTi1BTlctVVJCLXVuZGluZTEUMBIGA1UEKRMLVlBOIEFOVy1VUkIxHTAbBgkq
hkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
MIICCgKCAgEA1+izZ4w/cMKITssRbMM1d/POW3HvZN9M/tYuJX1S0fUPF3NL9u/W
Zeeh2H5DNv32BnTbFFJP1ky+wPBtvDixDvOkSYPTUKdp0lwsFtutzMfznNWQkcet
ads+Lruagmd/TfTJiAigQoo9S7CpiMwCtg4kDGpkpbTZx70DEKU6/RfhMoLx+8xn
S0hbQa8BtVj7MSIVhC/kWwV6+RuN2XMY7S1BBx0S1BQlkpuPSDkMTENUqiDa9TZK
186kWmgD8qj2rXDxNAPsNnTpdi9W1zcCoQA7kGk9pgkcle2jowIE+4zns9uf/6gQ
jKHwKVT9PTUhTYXCQcvoB9LO0ln4C3eh+Ud8N70EpL4qlyvJ4BJ5fIm+hPCrQ7Lw
w1ekuW6uhX89QSCC0NXWsScHhiimH9gxw1lGHcJek60dL7suEaK7WUV1ubffCiHS
9IKKd20XmpjXiQppx/Yr7MnVyTMYvzhYtPjGAFdlb/Ch5TW88BCBvXNMeEg/ceuW
YuMDRKIZQX6Q/LKgcrgoaoNmu0h12FbR88cBordV5rl2qT1qvezTLOC9zwfeAm3y
PEFgIfIttIVbEaLLcrTBgDtG8IGSxEJvC4XE5leC+qwKjd4O5a4X5PbUYGi0WbSt
jQDSNIB9qjOWU7/7VEIrUGOvsuL4unoSGLnVgUtnttLE3Iqc7h7mPFsCAwEAAaOC
AXAwggFsMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVy
YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU23oijcFi4NLk/l994E61OdufmOkw
gdsGA1UdIwSB0zCB0IAUxfTlKN5/6Oyb8yAmIlJRIyh0XqShgaykgakwgaYxCzAJ
BgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0G
A1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRQwEgYDVQQD
EwtWUE4tQU5XLVVSQjEUMBIGA1UEKRMLVlBOIEFOVy1VUkIxHTAbBgkqhkiG9w0B
CQEWDmFyZ3VzQG9vcGVuLmRlggkA3V+mFkudN+kwEwYDVR0lBAwwCgYIKwYBBQUH
AwIwCwYDVR0PBAQDAgeAMBEGA1UdEQQKMAiCBnVuZGluZTANBgkqhkiG9w0BAQsF
AAOCAgEAOJ9G1p+NGb2mdklY2pa/MmHsHAYtwFYVOMT5HscWyminX8GLhnucA+ZH
LLasngyHULn0TZt0HLzTbcmU2SwqFzYLOXfBbT0lIvrPLrEwEaFqaiWvuDET+TLB
UUiXrIwujUSlFv9bqd+u/l4Lim+Jtz5/y65amBzlAHLW/xXFfTq8yrHkD/Mb8bgi
yds7E/11PwOEg6JlT+Z7ui8m4bJ+aVWQ4mYqEhwFQlgpu+PgHG4+mrw5P9b951X7
f2femU0mQzk5JLXaFOnA3xx7k1UHFNTb3u+QWXmVxQdy1MojWt1unmtHTwEgadL6
dq+DRzoy7QAE6erNVXpOxl+0EapJydWz232Om+YfrWvBS0cIOlVudKlCi/ECHJbC
xnPXRYVARggFvJsZFC6NKQyyJKLKYhJYbX4fuP7CXCe3y0apB8bA73rpWcDI4Agr
9VndtYjf4VLWvQXV1PBcLY0d90Qdj3rY6nKxSBDYYxqyVRgYwg/aLDU2zHDLfjFn
pdJq4IVy4BQrUPpShVh84MIxt6ffJYtVT7ZI8mZmDRFQ2E2GAODsPuw5DxZwdsKG
aeg0JrrV/K9r+uHhKWERq5/h4Q7c71gxWABbk1O/sWDQsD1T6L79i1D1YdyZTxdq
XTJiDKsid5St9kxRoAPXA/7Ohb/rDCRcHR8oEJ+8E4a0xJ0SVCw=
-----END CERTIFICATE-----

29
ANW-URB/openvpn/anwaeltinnen/keys/undine.csr Normal file
View File

@ -0,0 +1,29 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIE8zCCAtsCAQAwga0xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3Jr
IFNlcnZpY2VzMRswGQYDVQQDExJWUE4tQU5XLVVSQi11bmRpbmUxFDASBgNVBCkT
C1ZQTiBBTlctVVJCMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCCAiIw
DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANfos2eMP3DCiE7LEWzDNXfzzltx
72TfTP7WLiV9UtH1DxdzS/bv1mXnodh+Qzb99gZ02xRST9ZMvsDwbbw4sQ7zpEmD
01CnadJcLBbbrczH85zVkJHHrWnbPi67moJnf030yYgIoEKKPUuwqYjMArYOJAxq
ZKW02ce9AxClOv0X4TKC8fvMZ0tIW0GvAbVY+zEiFYQv5FsFevkbjdlzGO0tQQcd
EtQUJZKbj0g5DExDVKog2vU2StfOpFpoA/Ko9q1w8TQD7DZ06XYvVtc3AqEAO5Bp
PaYJHJXto6MCBPuM57Pbn/+oEIyh8ClU/T01IU2FwkHL6AfSztJZ+At3oflHfDe9
BKS+KpcryeASeXyJvoTwq0Oy8MNXpLluroV/PUEggtDV1rEnB4Yoph/YMcNZRh3C
XpOtHS+7LhGiu1lFdbm33woh0vSCindtF5qY14kKacf2K+zJ1ckzGL84WLT4xgBX
ZW/woeU1vPAQgb1zTHhIP3HrlmLjA0SiGUF+kPyyoHK4KGqDZrtIddhW0fPHAaK3
Vea5dqk9ar3s0yzgvc8H3gJt8jxBYCHyLbSFWxGiy3K0wYA7RvCBksRCbwuFxOZX
gvqsCo3eDuWuF+T21GBotFm0rY0A0jSAfaozllO/+1RCK1Bjr7Li+Lp6Ehi51YFL
Z7bSxNyKnO4e5jxbAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAgEAJ0Hktze0RTOc
DKWmnmFGL3LCwymcob8TsW6e33vr5zEIBt3VooOvNeFMuwfL6JIISlVilzSnH1K/
wxBNv6PGiGhNiUSIE8w+XlwtTSAhe4lkENbR6GnHi2N6sh2f33mBL1XbpX149OQt
xLr6Ywdq9kvj72KqYoOUm5HiWM4Rw2nhlJFthtWIoWQlPSyNM4XXsexP30c/dOGZ
pNWgNLKnbDO9FZ3LEDVvWg90fYqXGuHcNix9JtwyeW5haWE2PNRkVa11jzG4kU/F
Q26F1XT6yixMikwSq1sLaNIgwx4ULG3a3dCpUW0j19UhLjTu3bJ5xwGg0b0k87t3
TvlVMRPlRTHrgbAMCPxjVhWIa4ydTGytHYJUx4cfLsoWy5VHmJpSDl+/YbDJ2Xu0
As9/wCunCpXRMrtEpk7UJ+vy+8bh530oV72c5jdPs5eeXJVrLi+HfSA+por07vYX
32CHUsXTK167blmgsRHyU+plraq/iftfpZ+rxUfmCnPqzHXu9oApPLWM/ccXnttu
tEz80YCN6Dww+WD+08xC9Fal+cy4o4uKUKCv5Gqv+mJDrd89mfloYJgptnqIDVRL
K3nx3wMVLNgGeh9pLBD29yXxAswoFB2gdBAgykK7PMeM5u3ONFO8DEQxoWdY5S19
akU4JQm/ZAORROntImddUr32iXGUMAc=
-----END CERTIFICATE REQUEST-----

54
ANW-URB/openvpn/anwaeltinnen/keys/undine.key Normal file
View File

@ -0,0 +1,54 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIJjjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIBY2tP0fElaECAggA
MBQGCCqGSIb3DQMHBAh7JbT/FCqcYQSCCUgqNTx9aaElX8D0drs3YD6CNzNIyCKj
SvKpLe4PVMdtBJIwPG6SLdsI+rXyo0l27MJSnb0/6LOySVxXKHzherGq5PcaJym3
DU9cRA89zIM4wK3mTaGps8CWS7uaG1nRxKlvBD+5JA4HNMpQ9ALvUEnyjD1xpZXo
eJCirMUPL5SswUYmagIzAfVvqPNNEYlA0ljL3phtA9dR2S/E/YmuUPFc1raV/wG8
eRUC9oZy9zZUjNm9LT5F5cM7C0rwhUbcFviIi/EFaZEYqkR23iwDl7BhM3ULBLED
0qLGIHDFPnkF3rXiuvLEykr+bMUdzxiq3Yqz9kEG3RTBdjtKXplg1fJSqD2dbUiA
bSI9BU0o9+J0TdtpofDr+LAjWENsUJQ98EtdSNweaINt0q4CLiJ1ckQ61/Oz2IN7
hkE0e4eVWMb28vyVo17QhwRPxpe6SwFlfqM7i+G5nUqhzHpEYvAh4IO9aPWW9NCo
W/miI/7z5pM/+gvhfOco1JCaebpn6HdXlPhM/osuyffGE7XDnIKzSm8ucA8VmmIh
g7G9J6N1N54uqXwTBFZ1FMuHhtHNVN2yLOrwmlQeUItMREUgXHdoAfKqA4OC500Q
tCfR9cFEzyfRGgs56THpIv1YxsshNW7tfVQhOuQNBulrPJBceAq5JtfyVlV+EWo+
iaQ+l2WQhAV1VtLqq2tRrTX5949Tsj+sW9DsZ4LNGNlAOPh8x3WeJNCaCFIX6lcj
ltECknZEdzYPAxQAOvnNsCMI23Ak4Si+SkxWearZ1NXepLxqYQH2bmhIeayjjfBz
66uElG2WmhfQ2vxAVWh52paVDHAFDV92UG2H68dLaIDzJasvRZ1Lihx9ncDgx4uN
v7yGnXzq0rdWfiidYJS8AMpB46Pyh8/HWolW21vyzsr+OaxAaOOllcf5x8JtBcpi
2MKCUXq/AfgCYv8PSUdam4amFhBxR2C27PnFUxyrBTqgWsJtXffOBoN/okvwEDr2
cJb7Urk78VZP+QsgzwMsRsMJw0wRh4wFxFMAp+iNuSH1IWoKte04fMLrAX/J34pJ
0xUpyngX/Wbp2lkffhQwtM+hagLMV233sYmOAo0hHH9LhL/RFAQw1Ls/X+Y3caSU
oD4KSBReQG60xYX2S0DaK2WSvN1mPJYraxuWwmnLsX5mhk4Uk8n1ObOvx7paTQI1
KlC3lQU+e8bAhnbYFjIHvNbLdWtYsF7vQqRwTnX4ePm34PHjq9ZWHkY7RS21DQ6b
Wg2SMzHrsbnnL1YdcIXgkw74dfDBM3n2lZPmdnKPeDZYxHbrm50ZuBEr0FH3+rfb
OJEx/mIUg/Pul2ikFAsFJ22kqtmhZLn2iy6V2ECJKfdlrXwYTC8GtyEcSHRyCihg
8rpuMJrPmP0RltAEHrahOHtVkoOgUnGgPU7NXFHd4Y4DYYmsIbjFr13skPgPpJS3
yzB0gsQxTh7iw4y7XVYkt0LycorCvS/GR5tXt51EkOqWvrH4qVBglbdnxxQfeMC1
wRgkL8G2jjPYNySBc2Xdp8gyt/uBy/uRVpSFWsiuKyVcr6685kY6Sy+K8hqvAvNv
WkOkGpW1CQJh5uxcgdd0H50tFZHJ8TXWibbXKY+0Mn2HeML+J8dRPHDFcQUOYgmz
gd4ASzl0lGp3huWvSWMGgJHqCT0G9hRf6j/sFJRqpUBPXc0Jp3yf+TjWlMa0c0ld
8XStDL3bE5tq7zixreIIYlXPZIoKa8OWz+/1GVXgA2Z0FPr1dvy8hgNuC+Iy1DIZ
wbRp/SA78JOfvp45XnFwqkBpB3PCU0810++r9jTHJmkynmgZXfJv9Qcs8KLNEgAm
4WtCuuc4KVtlJ9e5ycdv/w0h/keYN6gVL1naLBIU4aT3YWU/g8Z/6cT6/daHZK5B
xpW6tIco+UA8JOh1MeLWR0nU5HGwFGVn78W32wgAhRNoXfJl//+2bQSy3fYQwSvN
ZpUNLjblZZ+P7KR95BV1yw2BmhaFIgl4NMLEWOSBD45hnuTdGVMogLb+mjROzWyg
mRWngVRCCauBkptDHbSjxFtCzcwZ8HfYKl/QHVFzmGlkTf/yJ40EtpWbmjjiE6D1
chkulZUt0HjR4hChJ+fsUAjHt85YXFibwpP4lwkLWReexZZVgPkVfg5iXWU+7h+m
+5kunxOx/XspEbRzueBrLyrUE3+t9aCCboOFar7JQPy3vAN06+Eb+xBpJWgGb1ah
RwXFhDFmdj6OXASxOKxQraKYy6/IeWlI0LprOqwmv8A+RF16CWaqDGV0Ow9tU2ui
mo4JInITTKFJUgzhlvzk7AMkQngJPcCYcnfxkhthCS2F6zjI0q1C6y3x6rnYHSiA
/u4qiZ0VY3id9R9kgyKdlddG0Rlw8U1x3tO3ZYedQsEcSHb9fFy5mh/3LDs6qhMp
3Lt7ezyt8JfmPDnXG5VJ+clAasdy/z7cILXuq6SLeNJZc3pFSLXMkejW4uRzgMGf
BVLwGYMA33RKPdDzBAjbxEF3nbR3CoEDbmxTyyxczM8N0bMQHHgu200QBn8v9pKj
CZy3fxTm8faNqZAqYOBP9iyc5NUhcGt7yfwPP8DiQDNfrngzNazAP64MfI1zzUxb
lKTiLqjH+FsrxuG6zFtX3Rg+GbjFz0uOFrk/WraJhE52k4DYQsHeYQDa4f8xOQA+
MJhSqEqRwP6KLKMrTBb+o7NYTyjM++8Q6/wiTbzp3dFfo/wju1NccUUjfQwd2QaP
KUQyXw4sIv+s1jBaPuw48XwZa3ETLAYWGSdz0dLoS8jWsiiM0oTor8lF4cluQAAa
MBaeFL7TpI6FwK9Si0XV5o/BDsumsx38ecnvWvSjB9BrmUXz9TEfVTFqgLN91Ohj
Eh3247DqWbQw9n1WF5cM85xuLFYVI+i+XBMZouqPOZih0nHnjyUndKaYSQLvcY4S
mnwNIY7N+LspPVsRCAg/ElRZc32HemCzID5oYjlfKpjt+pw5XylK63UXSw//jq78
2d9O103xb8AyQhLO5G+7VXia/68BiLQzSm5AoKqPERSmqalVRRtg5BQ4Ewe+o354
+ZD4dGiazIpG8j7HqN13k8Wzm9kOWZm97m64cNc+nhvdPPkoHyjWtSFoyVDlABT/
Qc9NJLBa4TofNOLZMeQNqGtHjXTdmrwxxe7MJaXGhUUB3zKhPoJyooLECLYUAPmA
T1U=
-----END ENCRYPTED PRIVATE KEY-----

6
ANW-URB/openvpn/gw-ckubu/ccd/server-gw-ckubu/VPN-ANW-URB-gw-ckubu Normal file
View File

@ -0,0 +1,6 @@
ifconfig-push 10.1.132.2 255.255.255.0
push "route 192.168.132.0 255.255.255.0 10.1.132.1"
push "route 192.168.133.0 255.255.255.0 10.1.132.1"
push "route 172.16.132.0 255.255.255.0 10.1.132.1"
iroute 192.168.63.0 255.255.255.0
iroute 192.168.64.0 255.255.255.0

270
ANW-URB/openvpn/gw-ckubu/client-configs/gw-ckubu.conf Normal file
View File

@ -0,0 +1,270 @@
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote gw-urban.oopen.de 1195
topology subnet
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Try to preserve some state across restarts.
persist-key
persist-tun
# Server CA
<ca>
-----BEGIN CERTIFICATE-----
MIIG5DCCBMygAwIBAgIJALp/KJ1jL7feMA0GCSqGSIb3DQEBCwUAMIGmMQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEUMBIGA1UEAxML
VlBOLUFOVy1VUkIxFDASBgNVBCkTC1ZQTiBBTlctVVJCMR0wGwYJKoZIhvcNAQkB
Fg5hcmd1c0Bvb3Blbi5kZTAgFw0xODA3MDExMjAxMTBaGA8yMDUwMDcwMTEyMDEx
MFowgaYxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJl
cmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2Vz
MRQwEgYDVQQDEwtWUE4tQU5XLVVSQjEUMBIGA1UEKRMLVlBOIEFOVy1VUkIxHTAb
BgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOC
Ag8AMIICCgKCAgEAwqxYiLmI2l30o0GJ0tFrt8G8pHrhuIUbgmaKpv+nvkDVZlYi
x7e36iGcswVwFrCRMkDSZk3assH95zr+psTDDpcsLeXg6t/P8m4Fa+nRpGAnJiRG
kC5C1gi6mzQq2exkyK/N8uEN1i1uRSm6bg5SYoY2kYid9t2wzkvw/oRpee3orrGX
T0L0V7gQsBXRQMPkDdcsXiS6yMC/BiucNZ7aTNm0ZFJW/FrtFK2fq+zhfKMffe0q
ZEBC9kpJvo12u1TVE6udnBqEa7SdDTgZdIJt2bWeI700WQd/wbxX2+pn+mMvzwnz
ArIkMkAEg8XKRvvyTTZFXgLjNie03mfT3Rhdaren7SW0Y9ZP5f9RWiqaUVPwbc4L
Y0rHuxDOn26GM5lcMUcDH5mqhe/7jOeGFNWNjvMzfwud1lGNVWjM9RLLhvQnZmJn
RCuCiP4egh9eZ537XYvnf9tEfZibeDZQbeJ+RXHfcPb4QZbTXfyah8A6tw4SN3DY
BA5S0f/5RJ58K/HqUk63zTMLDTQ5xxnh9H6t0dj0d1hKZdBGJ4J+h94aSBWd1yDj
0ihEtuMlkmXlb6WuMCu7WfVjveq+Y0cbyP7j8Eydr4mKNUGSLSr36OxBaaj84MqN
/SxgR/WC6cd2sIfI2arqBfs6Ofh6SnwY7QthrolPGBkVltemHIFOXNPRFakCAwEA
AaOCAQ8wggELMB0GA1UdDgQWBBSDzgWqdk1v9fZT1ZAGuJmamsq/yjCB2wYDVR0j
BIHTMIHQgBSDzgWqdk1v9fZT1ZAGuJmamsq/yqGBrKSBqTCBpjELMAkGA1UEBhMC
REUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZv
Lm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1B
TlctVVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJn
dXNAb29wZW4uZGWCCQC6fyidYy+33jAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEB
CwUAA4ICAQCpZ/wJ4P99jqlzsvxt/xr9vmaseN40KRUiVhNMI4NArL6cxNw++MX/
yYIw4lk4BtBtMxidcgBnubtck5wuCeLco4HBYnXcLOJT6kJkZQ7ruM9Q5gwaYZFq
HWNJFDQhMO8x1sbf7QzENmg9UsZu+9ugA+MZ30gnWBLWW4BfB6YuHQkRmE/i9gYn
AGwiokUCem4hKUiN+K4rOmPFgtJN5rY9Tv0cu4dvY93lz+e9kvBj2qHTydTBvLM5
YdxuZ5YN4dLEvpI+PIlJCS78Z5fISake3oQliy7sTs77cYihQ4AgWTo4JO/sX6Z0
VyV0Y8qGkMhcWJ9p/6y4XpatBIDmzuvauRUFR8U6qLknWDgFpEeppqUOU43y1Kmq
brVBRFjqfiJfYSOOr6lUkiJkLOHNAbHsNrtQLFnr4PHsegIwPLC4hRjmZjlrkUiW
GV/+QUeNahFkZ6PhaELXAzmwi2oDkoszssMIXbwgtzq0T8svlJXZUEfzY+O/tVOB
uQ7qgA2fKzGI1/F0Qzm5TV/bxhP8IzHPUiEWHaQbJkTzUW8oe9l63KxtEysw99to
mgxxeMVvxuRxswkp77j/he8B95VHIvYBtVzTRPLfXwhSSeGgZsriqORXqhInNGi8
+yEXH4slS8QSBi7fLkgk7Fkl4HLNSUqstdOyJuMPr9yfgTg4Mhb16g==
-----END CERTIFICATE-----
</ca>
# Client Certificate
<cert>
-----BEGIN CERTIFICATE-----
MIIHRjCCBS6gAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1BTlct
VVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
b29wZW4uZGUwHhcNMTgwNzAxMTIxOTU5WhcNMzgwNzAxMTIxOTU5WjCBrzELMAkG
A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxHTAbBgNVBAMT
FFZQTi1BTlctVVJCLWd3LWNrdWJ1MRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsG
CSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4IC
DwAwggIKAoICAQDP0fPI9wEQUjhMSG908UI1fMjhpdaFsoaZZpFHJtbNbdIoGw7s
pLt4MDHoTlxX+wQNRyE+ISKTcBcna57LhLiukdPXrJlF/ETr6vo/lnA7PGa9hnJv
hzJinSG5DdP1KMpEGAbtWb6T4FFFWzE7r7lPrch3ZnEqhxdvug+MKXCtV2uZQy18
k52ddaRTFAjVr9wSir/e2rwxD+7+448L+ZHs839zxQkCgw2hzCbrCaMPO/RQ5Cwf
jrHN7pyVt0nCead80Fx/drh0xPk8bF38YcKGFwPI2lC+P7A4IkImJ4e/lOt+Lz57
6xXMq31qkvi8MIYSMiA+2Ou9UWsj/mNulGzUqp2wtOxbaA2oE9KMGQw3C8HkX4l/
g1wOZoWfb4whURTrM8pBd2UvS//7FUG23yoFtyD0kzERFvTT2Es3whKineUtHxAp
Dhf0mXT5aiS45Gpue8Eh4Lzl/SBan+WtbYiGsMUXcdyC7aoXMGuRveEV0BjO5hgm
K4vTpgdXfM2vtIj//eWERsm3SBtk7B/MEqIS9Xkz9ELIObcBSxlPGhnaJAHLrVcl
bRm7DNZqN1euWAnQaJyRtNEyXUx1heWzCECUY5L5vxLqQo0GJ67oA5VFV2duMTDI
chMBB8UlWNoyNDBlfWxRgH9I136xkZplNk/cSVaZw7RL/sQNz7gVrfwOaQIDAQAB
o4IBcjCCAW4wCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2Vu
ZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBTkCKWUHjo6HlsxCDXAVDI4N7kw
EzCB2wYDVR0jBIHTMIHQgBSDzgWqdk1v9fZT1ZAGuJmamsq/yqGBrKSBqTCBpjEL
MAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8w
DQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNV
BAMTC1ZQTi1BTlctVVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3
DQEJARYOYXJndXNAb29wZW4uZGWCCQC6fyidYy+33jATBgNVHSUEDDAKBggrBgEF
BQcDAjALBgNVHQ8EBAMCB4AwEwYDVR0RBAwwCoIIZ3ctY2t1YnUwDQYJKoZIhvcN
AQELBQADggIBAGSLlF/gaiE1+iVDbpLaWSASfGuZfxjXOemN+czikzy9nO5RDqkh
17oJIavuj5ROf+wBMUBqTPUiVKlfr1zMkXbm3V69zmssAMOhMyobg0hk0E2GXtrw
Tb6vxwFqaUukOcjX3u9PlGezewo/WuQJYH66efsAmgkqUgPLxN/SXCSbK/HC+l67
YuQfXoHqZQDZ3Ew4F1m61QnQJcUVKOQVotLWeKBy9QauP2GTpYqMmqbKXSogr975
SdapRTQccsaTrWHd1mgsFn2XZlcIkfq9/w1oILS+uptg8aG9NeZRJoSRZQnyfhfV
ZISXever73fqVUfh0ee5rPVdqzdUiY5f0R4rW+Y8MTjo6d1YuvPJYxrtKtn6ZlLN
uYwNZHjC0yPpo5tX7QXlUhtrMtg3nPrilO07opRKm89OkM78FTbgpSw/x/oDwQY3
RVYMQ0wJulAgUmwy80jgYB+HwkIaIROW2abd8XX4qBXCwV2N6MH6PePl1ttx0Spm
pVevqkOLIi0zpyjR0qh/pnGnbRWFhztgkvaIfStAk08KMNFgRekx3omHE2/KmRDf
azsDLHjw9SxMb3Tx9gMnmkV0rxM24VuRbWNh4KPNQaO7jeDf6it84y53rT34olcL
lF5jjfmPMuHiPJauPOw/wWRwFrh/hF99ncdO8c8JNJwOibrXvjidhzAC
-----END CERTIFICATE-----
</cert>
# Client Key
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIJjjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIVPXPy9FjUjECAggA
MBQGCCqGSIb3DQMHBAgeJeDimzYzlwSCCUg6NduONv8wnwx1hQtK24FFJF3dsFN9
sH3ar+oS9CBXyKKKz+Kj2QQcPuEHyD/Ex2KKaxrBLCIh4iHNo23ZoQTvdXpYvAsH
AJLeknvhYFI68hGWj69cGMS+huY/+8Pk2C5ZQZdl4vbClSIa5syHqAuufaWiRQy7
1jrlz8aWq/vx2IJE/OUw6kY6GVsp5/PJSjHS6bHpNM5r938IJeP7sbOvI3aSfqdh
QMATUhMEmmfMIJ5Qo9bgSfowcEPe1LPbg0zr2RbXJmd04vi3+m1AKSd3wG9PpNuh
fwQZGBES4HFdQeNwymfe4YPL7poxQsHqaffSauTxV0dMM3jfnL0O1kzYwYr7TvLN
a7hClcikUnOFHEO0JZm3uKvgFOsNrpPZHQ541BvHwumu9ATO9U8QvCVidZ4O8Ewh
xqXYS0Ugc3M5/jwJwlXKY8rZESM05ea2XdS3OzREQs6sHjnhBZqHB7yIOut3ENjI
sd0V+m2X/AJnxYDCkmfaXAWYdjzmNzWBrQ/2jGsLtvOz25o0BCr2s0Tds16s6ijy
PrnY+RljHd2xz+8VKIjmIRZAfSUj5bPA+5rlWNE17EqNVkE0Drq3ESFyOkOhIxv5
zWLNTJT9GLn8BOz8dt9iH1SXceiBQAAEjKohtihokF8WNFckXcYP8PIZxgT2gNSZ
9vldNzC7tT4/UviFMUJVE7fUQgYf0XgVPcDVvmvfs7xbJVG+cmdckL4qfZsV6xY+
bIyK4Y5fB0J4bQzIva6W96Nne0Lytf++y+sqgY4llpcFibKgYN7M3KfsM5A7k+wc
uKoGy5+2/dZrcF8rS87MPdeeIRKpYFKpxz1/VvugprAXfjDV2eKSULG1fEpsfVOx
u1FE7EIwDnYmue7MpA9OYvLOJXQrHbdnwlvjyRDmR2Pmll6rjEGX/yn9yBltVCal
7NCZHfwlQm4h16bUmWvUSBdTF80pCy6eOaBz77K/2v1V9vWzi1ZAyKy/aVhPtMS4
Jyh3Eg2fh5WHVlH6zkju7Oqz+vfLQS1XVoz5dabbnCgHzWk6MccVyE3D4G+0ti/R
6waRrBhIPazitKQTi7wnK6eZ1CVBCkbRkxu4EcBfq7R4TfV6ijVRK5T/LsYG3TzU
tSx6Z2VAdPDIl78usVOqirrw/Q68s6w3xLm/WxV0a3f80afGHj0p1Pxx9IIb+4fB
B13tAJ8RTCtwXSFf09hFnSKYJc9iS2opUHFm79TUpDR220VznMdjZiLAbYb+lGDm
GNhshIBbaMrBi5oguZ2c9aP+FKUXooYQzpFfSPduU1oO0WoesJDbxbPrzyX6VFy2
d//WWCsGo3l7nF7gAsHJeR0gTaBhnuciR6VLOKuE7rQdoRFovtT/+u0/jUuztss0
P/cH0wZm2jye5y3A8yIsGIyoxJjwAEhCdgBK0ChHarpQ4owwgFWb2gif6T2wTi+j
8ng7r/LnqJZkWHwuttLXX7fpQLmOj6ybG3ytFf3t8A3MQJp2pTY/el7bf0xYz0x+
ll8BSHvGqTRZe3fImzcY03deOrKSPlWUQ0haiT3bcz6EJnWuul6/sCMmxIZbZaEc
qV/orXMaEm/nMd5+e7AVhDo9Q5nBVtTT+BZSABb8YEHY62g26FtEo8cvnFTNfOR7
gSfyBkS1YAttqdQ8UvB4TkjE3cmepy0bo1Uu0h+1XfQqTducPV6AmFu2snbnyys9
8KJgkV0qc+biK8ROPUQBKjE2Mi6jO3wLYVIr8PA2Gl/mv1TjdDOecFnsyyAcjNkX
Ol02fKSMl8nYVKnVKnTffLM6fYs2bKJwjEoYOkLDFmpO+fCnq1IFwg/CBkn7AL0s
chBVisDNUV9MGbDZVIiYUSEtaY7cgyAJqBfRbMtlvC2mQFzMI2L/+J/4ZUGRqJ8K
LsiJ+aCvwgHoOTpuxC7sH3LiAoDejOa8qMRWKqklO1LtNfvTV/APAACjhQ1N484R
/uzmLnKY6QPCFnK1zmo6NwvcSy/8vD3YZMxV3T54kqooMraJrVB62YJe/KsCTCbb
7bUkeNiqxT9jbUf9Lu4Wy91i9XRh9Kakxfl1/oM5E/cuzX+r7hz6AUSLgZ0ibgdJ
wXDCCcdxw6Ne+zw1ME5XfZ+3DhGvFb4LXZuTd5lGzNn01+5sTPMXEDbSaVUcuLc0
qxGNS/Eqs4qAy7FJK9sTMjPvfiPNSp40DOKfKO3dEyGawp3yKOlTNU+fLJT8qsPX
KjUghx2VTtZGOZVijB/VGdx0ecfqWK+FNR7ppU2+370PmDmCdWjlDF2S8CdROMCf
K90VEdvyXKi5NMxM6yRHgRgJTDhCqdKgWQE+NQ/pYqDYt8m2dJAupYKXrnddv5nz
0D9kxRylYi53LigGdDwwAq/R4fjOzZ1trstB4heMx9uMK9YsntOtMzTbOWpYxkqC
klAk7q70TPn8jj8JFYa5UhhDso2EwsfJJXQMReVk3Fs0Kg8hWJLsYyVwJjgAnSNH
1Cu9PvsC1diytKY63+pCJyzxql4ITqgHuVaC8lF/UsxSeTNqQSShviPmSV0V1a8h
W9iTH3oWwLkFp/yczJwLIfkCqMnYpBXE1RmnZfwOu38uWLizo4nVKIbN0Ak7dKX5
4knFkMeqig76Sz059sj1J4V3RwdEaa2do9wzD7893V80NfNWulEqMYG/ZWo8ibXf
gw4EAEyfIC1EldSoWbolhg/wrqqRN2yAij7UjHXDDFbGROyArc746HmkDIvS/RyA
4kGN/8Q5rYZnhoMh3lz1C5HfI0adSmZpjPjeKez1Pknk5lcmkmeoQ/e1Lq2w8Vz6
PqdqbgdHgUE64N5suxrbczMYtXv4sa+sEbs008UoUFHWp1mMVvLqgHkxcMA6qgvo
JM6SPC8yo+di9OGCh92BKo13hbNK0dcs+5Eoq2ahz8e2LM5v4EPHjzqNpEoXTbHw
YepbkgUClp0o8rrxbKQWGpG/x9Yjx8x3TJG2goAxQhjAMmovsbk+U/SuekthWU06
pVC5piI6oho/Tcz4EQsUQMW1lctUVoRuvRZEu7+OTaOUhyv3yXW12gOWM8oVusgh
LE2NaYGiiCun0FI3oJsmmzWn+6xJvYaQM9yFwEhzUFwBDw0BxmCKun8dJ212rvGd
AUVseiVNsR9f3hmHuAT0W+B3XMDq9mAX7rNBts83XfcKrspL5ovKJ2/Um2aOnJwY
rxE=
-----END ENCRYPTED PRIVATE KEY-----
</key>
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-server
# script in the easy-rsa folder will do this.
#
# Note!
# The option "ns-cert-type" has been deprecated since
# version 2.4 and will be removed from later distributions.
#
# Use the modern equivalent "remote-cert-tls"
#
;ns-cert-type server
remote-cert-tls server
# If a tls-auth key is used on the server
# then every client must also have the key.
#
# Don't forget to set the 'key-direction' Parameter if using
# Inline Key. Usualy , sever has key direction '0', while client
# has ke direction '1'.
#
key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
aea26f8f0a99ff84f7a6a6f426bef710
2998c49555c2770d954b9251a74b6e30
3859a0a8c086f3509c440c50bf3230e3
d5bc2b247119a4fdb59aefdd2376475d
f060a24165022d981ddee0704d580587
752e520d930b24580ae5ccbef266c471
6ef8dfdd6ba9de23e63823841086a151
90e146c1d085b274d3403de9bd827935
cd18fd2cb4005f3c133802ccc0c2f885
decd3b5fd4d6dd53dc478c59f3a84dc5
e9a3d51e805811af39647a9904605b99
2dbf311089315fcbafa70b89e2d49b1b
d425b598f7551a2cb21ef9315a97e36b
2152699cf9ec5fa90df659495575a935
bceb34f91889eda617d2c6b26573c6c1
ce620dd47a0b08e6da791cf979ed8c44
-----END OpenVPN Static key V1-----
</tls-auth>
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
cipher AES-256-CBC
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
;comp-lzo
# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 1
# Setting 'pull' on the client takes care to get the 'push' durectives
# from the server
pull

18
ANW-URB/openvpn/gw-ckubu/crl.pem Normal file
View File

@ -0,0 +1,18 @@
-----BEGIN X509 CRL-----
MIIC7zCB2DANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCREUxDzANBgNVBAgT
BkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNV
BAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1BTlctVVJCMRQwEgYD
VQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUX
DTE4MDcwMTEyMDgxOVoYDzIwNTAwNzAxMTIwODE5WjANBgkqhkiG9w0BAQsFAAOC
AgEAJSt0Nn+jtnoBtcYIMyn580t85fkd2h/8+5iwCdi1tAfHS1SAwP4OSbH6HKqJ
w9AXIJlkAuHjyOr/TxyoIns8DZIOPrvNoC1hRuym09IkvTnnqM69tTNZk/fbLYft
tEiW2Hnrnk9rHnHm0FFBKCWO1hM0nv896YVBgoo/Wh+Qm7afb96l2ifd4Ycgo5zA
NLTZ3p/S5fyKsXTyXpYP2qF2aMQntebxWmrwYUURswvJKo79d/fN9pPGPlBzRkvV
8NsJA2o4b3s2gKzMShkiJNm2PfoDFQ7bVRZNqMpyJ5rB6HXqUOQVbnlbYB1NW4DZ
2HYQrqeZpv1RRmS2vsRszB4Imp2gKaKAwcWy7ZSAyP70B9nSZN0HjzUpg99gDMFS
JbPWqejwr9b0lFAJAn6EwhMVO6e13SnrHmjDK3Lo4acGRZBbfxZDU0feBxVf0sHe
pWYe59AunQJY9l8H5OYhV8ilnTpe4amEsqGCYVQOmC9NwNJRRoxlJgysfhtI6fU1
p4Qab1RNlewzIZG3FGvFdyYLivvO0kk5U+QVK8wMrYfA4hQGS9I92BL91hiM3Vlc
fVrgZ+GZgOo3x5GjgSodmMPmi1FWmwEBrDns0kkBQvf/6j+i1MA/krRXHJFAW9Fs
POBVtkRCA7hPaZVXpmyywU8IHdL3ZLPVCefzpYE66oSCWPY=
-----END X509 CRL-----

1
ANW-URB/openvpn/gw-ckubu/easy-rsa/build-ca Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-ca

1
ANW-URB/openvpn/gw-ckubu/easy-rsa/build-dh Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-dh

1
ANW-URB/openvpn/gw-ckubu/easy-rsa/build-inter Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-inter

1
ANW-URB/openvpn/gw-ckubu/easy-rsa/build-key Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-key

1
ANW-URB/openvpn/gw-ckubu/easy-rsa/build-key-pass Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-key-pass

1
ANW-URB/openvpn/gw-ckubu/easy-rsa/build-key-pkcs12 Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-key-pkcs12

1
ANW-URB/openvpn/gw-ckubu/easy-rsa/build-key-server Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-key-server

1
ANW-URB/openvpn/gw-ckubu/easy-rsa/build-req Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-req

1
ANW-URB/openvpn/gw-ckubu/easy-rsa/build-req-pass Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-req-pass

1
ANW-URB/openvpn/gw-ckubu/easy-rsa/clean-all Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/clean-all

1
ANW-URB/openvpn/gw-ckubu/easy-rsa/inherit-inter Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/inherit-inter

1
ANW-URB/openvpn/gw-ckubu/easy-rsa/list-crl Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/list-crl

268
ANW-URB/openvpn/gw-ckubu/easy-rsa/openssl-0.9.6.cnf Normal file
View File

@ -0,0 +1,268 @@
# For use with easy-rsa version 2.0
#
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = $ENV::KEY_DIR # Where everything is kept
certs = $dir # Where the issued certs are kept
crl_dir = $dir # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir # default place for new certs.
certificate = $dir/ca.crt # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/ca.key # The private key
RANDFILE = $dir/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 3650 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = sha256 # which md to use.
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
####################################################################
[ req ]
default_bits = $ENV::KEY_SIZE
default_keyfile = privkey.pem
default_md = sha256
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString.
# utf8only: only UTF8Strings.
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
# so use this option with caution!
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = $ENV::KEY_COUNTRY
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = $ENV::KEY_PROVINCE
localityName = Locality Name (eg, city)
localityName_default = $ENV::KEY_CITY
0.organizationName = Organization Name (eg, company)
0.organizationName_default = $ENV::KEY_ORG
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
emailAddress = Email Address
emailAddress_default = $ENV::KEY_EMAIL
emailAddress_max = 40
# JY -- added for batch mode
organizationalUnitName_default = $ENV::KEY_OU
commonName_default = $ENV::KEY_CN
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "Easy-RSA Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=clientAuth
keyUsage = digitalSignature
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
subjectAltName=$ENV::KEY_ALTNAMES
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ server ]
# JY ADDED -- Make a cert with nsCertType set to "server"
basicConstraints=CA:FALSE
nsCertType = server
nsComment = "Easy-RSA Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=serverAuth
keyUsage = digitalSignature, keyEncipherment
subjectAltName=$ENV::KEY_ALTNAMES
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always

293
ANW-URB/openvpn/gw-ckubu/easy-rsa/openssl-0.9.8.cnf Normal file
View File

@ -0,0 +1,293 @@
# For use with easy-rsa version 2.0
#
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
openssl_conf = openssl_init
[ openssl_init ]
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
engines = engine_section
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = $ENV::KEY_DIR # Where everything is kept
certs = $dir # Where the issued certs are kept
crl_dir = $dir # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir # default place for new certs.
certificate = $dir/ca.crt # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/ca.key # The private key
RANDFILE = $dir/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 3650 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = sha256 # which md to use.
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
####################################################################
[ req ]
default_bits = $ENV::KEY_SIZE
default_keyfile = privkey.pem
default_md = sha256
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString.
# utf8only: only UTF8Strings.
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
# so use this option with caution!
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = $ENV::KEY_COUNTRY
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = $ENV::KEY_PROVINCE
localityName = Locality Name (eg, city)
localityName_default = $ENV::KEY_CITY
0.organizationName = Organization Name (eg, company)
0.organizationName_default = $ENV::KEY_ORG
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
name = Name
name_max = 64
emailAddress = Email Address
emailAddress_default = $ENV::KEY_EMAIL
emailAddress_max = 40
# JY -- added for batch mode
organizationalUnitName_default = $ENV::KEY_OU
commonName_default = $ENV::KEY_CN
name_default = $ENV::KEY_NAME
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "Easy-RSA Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=clientAuth
keyUsage = digitalSignature
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
subjectAltName=$ENV::KEY_ALTNAMES
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ server ]
# JY ADDED -- Make a cert with nsCertType set to "server"
basicConstraints=CA:FALSE
nsCertType = server
nsComment = "Easy-RSA Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=serverAuth
keyUsage = digitalSignature, keyEncipherment
subjectAltName=$ENV::KEY_ALTNAMES
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always
[ engine_section ]
#
# If you are using PKCS#11
# Install engine_pkcs11 of opensc (www.opensc.org)
# And uncomment the following
# verify that dynamic_path points to the correct location
#
#pkcs11 = pkcs11_section
[ pkcs11_section ]
engine_id = pkcs11
dynamic_path = /usr/lib/engines/engine_pkcs11.so
MODULE_PATH = $ENV::PKCS11_MODULE_PATH
PIN = $ENV::PKCS11_PIN
init = 0

290
ANW-URB/openvpn/gw-ckubu/easy-rsa/openssl-1.0.0.cnf Normal file
View File

@ -0,0 +1,290 @@
# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
openssl_conf = openssl_init
[ openssl_init ]
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
engines = engine_section
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = $ENV::KEY_DIR # Where everything is kept
certs = $dir # Where the issued certs are kept
crl_dir = $dir # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir # default place for new certs.
certificate = $dir/ca.crt # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/ca.key # The private key
RANDFILE = $dir/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
#default_days = 3650 # how long to certify for
default_days = 11688
#default_crl_days= 30 # how long before next CRL
default_crl_days = 11688
default_md = sha256 # use public key default MD
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
####################################################################
[ req ]
default_bits = $ENV::KEY_SIZE
default_keyfile = privkey.pem
default_md = sha256
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString (PKIX recommendation after 2004).
# utf8only: only UTF8Strings (PKIX recommendation after 2004).
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = $ENV::KEY_COUNTRY
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = $ENV::KEY_PROVINCE
localityName = Locality Name (eg, city)
localityName_default = $ENV::KEY_CITY
0.organizationName = Organization Name (eg, company)
0.organizationName_default = $ENV::KEY_ORG
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
name = Name
name_max = 64
emailAddress = Email Address
emailAddress_default = $ENV::KEY_EMAIL
emailAddress_max = 40
# JY -- added for batch mode
organizationalUnitName_default = $ENV::KEY_OU
commonName_default = $ENV::KEY_CN
name_default = $ENV::KEY_NAME
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "Easy-RSA Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=clientAuth
keyUsage = digitalSignature
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
subjectAltName=$ENV::KEY_ALTNAMES
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ server ]
# JY ADDED -- Make a cert with nsCertType set to "server"
basicConstraints=CA:FALSE
nsCertType = server
nsComment = "Easy-RSA Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=serverAuth
keyUsage = digitalSignature, keyEncipherment
subjectAltName=$ENV::KEY_ALTNAMES
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always
[ engine_section ]
#
# If you are using PKCS#11
# Install engine_pkcs11 of opensc (www.opensc.org)
# And uncomment the following
# verify that dynamic_path points to the correct location
#
#pkcs11 = pkcs11_section
[ pkcs11_section ]
engine_id = pkcs11
dynamic_path = /usr/lib/engines/engine_pkcs11.so
MODULE_PATH = $ENV::PKCS11_MODULE_PATH
PIN = $ENV::PKCS11_PIN
init = 0

288
ANW-URB/openvpn/gw-ckubu/easy-rsa/openssl-1.0.0.cnf.ORIG Normal file
View File

@ -0,0 +1,288 @@
# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
openssl_conf = openssl_init
[ openssl_init ]
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
engines = engine_section
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = $ENV::KEY_DIR # Where everything is kept
certs = $dir # Where the issued certs are kept
crl_dir = $dir # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir # default place for new certs.
certificate = $dir/ca.crt # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/ca.key # The private key
RANDFILE = $dir/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 3650 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = sha256 # use public key default MD
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
####################################################################
[ req ]
default_bits = $ENV::KEY_SIZE
default_keyfile = privkey.pem
default_md = sha256
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString (PKIX recommendation after 2004).
# utf8only: only UTF8Strings (PKIX recommendation after 2004).
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = $ENV::KEY_COUNTRY
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = $ENV::KEY_PROVINCE
localityName = Locality Name (eg, city)
localityName_default = $ENV::KEY_CITY
0.organizationName = Organization Name (eg, company)
0.organizationName_default = $ENV::KEY_ORG
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
name = Name
name_max = 64
emailAddress = Email Address
emailAddress_default = $ENV::KEY_EMAIL
emailAddress_max = 40
# JY -- added for batch mode
organizationalUnitName_default = $ENV::KEY_OU
commonName_default = $ENV::KEY_CN
name_default = $ENV::KEY_NAME
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "Easy-RSA Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=clientAuth
keyUsage = digitalSignature
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
subjectAltName=$ENV::KEY_ALTNAMES
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ server ]
# JY ADDED -- Make a cert with nsCertType set to "server"
basicConstraints=CA:FALSE
nsCertType = server
nsComment = "Easy-RSA Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=serverAuth
keyUsage = digitalSignature, keyEncipherment
subjectAltName=$ENV::KEY_ALTNAMES
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always
[ engine_section ]
#
# If you are using PKCS#11
# Install engine_pkcs11 of opensc (www.opensc.org)
# And uncomment the following
# verify that dynamic_path points to the correct location
#
#pkcs11 = pkcs11_section
[ pkcs11_section ]
engine_id = pkcs11
dynamic_path = /usr/lib/engines/engine_pkcs11.so
MODULE_PATH = $ENV::PKCS11_MODULE_PATH
PIN = $ENV::PKCS11_PIN
init = 0

1
ANW-URB/openvpn/gw-ckubu/easy-rsa/pkitool Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/pkitool

1
ANW-URB/openvpn/gw-ckubu/easy-rsa/revoke-full Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/revoke-full

1
ANW-URB/openvpn/gw-ckubu/easy-rsa/sign-req Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/sign-req

96
ANW-URB/openvpn/gw-ckubu/easy-rsa/vars Normal file
View File

@ -0,0 +1,96 @@
# easy-rsa parameter settings
# NOTE: If you installed from an RPM,
# don't edit this file in place in
# /usr/share/openvpn/easy-rsa --
# instead, you should copy the whole
# easy-rsa directory to another location
# (such as /etc/openvpn) so that your
# edits will not be wiped out by a future
# OpenVPN package upgrade.
# This variable should point to
# the top level of the easy-rsa
# tree.
##export EASY_RSA="`pwd`"
export BASE_DIR="/etc/openvpn/gw-ckubu"
export EASY_RSA="$BASE_DIR/easy-rsa"
#
# This variable should point to
# the requested executables
#
export OPENSSL="openssl"
export PKCS11TOOL="pkcs11-tool"
export GREP="grep"
# This variable should point to
# the openssl.cnf file included
# with easy-rsa.
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
# Edit this variable to point to
# your soon-to-be-created key
# directory.
#
# WARNING: clean-all will do
# a rm -rf on this directory
# so make sure you define
# it correctly!
##export KEY_DIR="$EASY_RSA/keys"
export KEY_DIR="$BASE_DIR/keys"
# Issue rm -rf warning
echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
# PKCS11 fixes
export PKCS11_MODULE_PATH="dummy"
export PKCS11_PIN="dummy"
# Increase this to 2048 if you
# are paranoid. This will slow
# down TLS negotiation performance
# as well as the one-time DH parms
# generation process.
##export KEY_SIZE=2048
export KEY_SIZE=4096
# In how many days should the root CA key expire?
##export CA_EXPIRE=3650
export CA_EXPIRE=11688
# In how many days should certificates expire?
##export KEY_EXPIRE=3650
export KEY_EXPIRE=7305
# These are the default values for fields
# which will be placed in the certificate.
# Don't leave any of these fields blank.
##export KEY_COUNTRY="US"
export KEY_COUNTRY="DE"
##export KEY_PROVINCE="CA"
export KEY_PROVINCE="Berlin"
##export KEY_CITY="SanFrancisco"
export KEY_CITY="Berlin"
##export KEY_ORG="Fort-Funston"
export KEY_ORG="o.open"
##export KEY_EMAIL="me@myhost.mydomain"
export KEY_EMAIL="argus@oopen.de"
##export KEY_OU="MyOrganizationalUnit"
export KEY_OU="Network Services"
# X509 Subject Field
##export KEY_NAME="EasyRSA"
export KEY_NAME="VPN ANW-URB"
# PKCS11 Smart Card
# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
# export PKCS11_PIN=1234
# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
## export KEY_CN="CommonName"
export KEY_CN="VPN-ANW-URB"
export KEY_ALTNAMES="VPN-ANW-URB"

80
ANW-URB/openvpn/gw-ckubu/easy-rsa/vars.2018-07-01-1354 Normal file
View File

@ -0,0 +1,80 @@
# easy-rsa parameter settings
# NOTE: If you installed from an RPM,
# don't edit this file in place in
# /usr/share/openvpn/easy-rsa --
# instead, you should copy the whole
# easy-rsa directory to another location
# (such as /etc/openvpn) so that your
# edits will not be wiped out by a future
# OpenVPN package upgrade.
# This variable should point to
# the top level of the easy-rsa
# tree.
export EASY_RSA="`pwd`"
#
# This variable should point to
# the requested executables
#
export OPENSSL="openssl"
export PKCS11TOOL="pkcs11-tool"
export GREP="grep"
# This variable should point to
# the openssl.cnf file included
# with easy-rsa.
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
# Edit this variable to point to
# your soon-to-be-created key
# directory.
#
# WARNING: clean-all will do
# a rm -rf on this directory
# so make sure you define
# it correctly!
export KEY_DIR="$EASY_RSA/keys"
# Issue rm -rf warning
echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
# PKCS11 fixes
export PKCS11_MODULE_PATH="dummy"
export PKCS11_PIN="dummy"
# Increase this to 2048 if you
# are paranoid. This will slow
# down TLS negotiation performance
# as well as the one-time DH parms
# generation process.
export KEY_SIZE=2048
# In how many days should the root CA key expire?
export CA_EXPIRE=3650
# In how many days should certificates expire?
export KEY_EXPIRE=3650
# These are the default values for fields
# which will be placed in the certificate.
# Don't leave any of these fields blank.
export KEY_COUNTRY="US"
export KEY_PROVINCE="CA"
export KEY_CITY="SanFrancisco"
export KEY_ORG="Fort-Funston"
export KEY_EMAIL="me@myhost.mydomain"
export KEY_OU="MyOrganizationalUnit"
# X509 Subject Field
export KEY_NAME="EasyRSA"
# PKCS11 Smart Card
# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
# export PKCS11_PIN=1234
# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
# export KEY_CN="CommonName"

1
ANW-URB/openvpn/gw-ckubu/easy-rsa/whichopensslcnf Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/whichopensslcnf

4
ANW-URB/openvpn/gw-ckubu/keys-created.txt Normal file
View File

@ -0,0 +1,4 @@
key...............: gw-ckubu.key
common name.......: VPN-ANW-URB-gw-ckubu
password..........: iBeiGo4she3oorae3ualuj4seegaiwih

142
ANW-URB/openvpn/gw-ckubu/keys/01.pem Normal file
View File

@ -0,0 +1,142 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-ANW-URB/name=VPN ANW-URB/emailAddress=argus@oopen.de
Validity
Not Before: Jul 1 12:08:00 2018 GMT
Not After : Jul 1 12:08:00 2038 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-ANW-URB-server/name=VPN ANW-URB/emailAddress=argus@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:dc:d8:37:7c:82:5d:f7:52:61:1a:64:5e:4e:4c:
66:8f:81:4a:70:de:4f:ed:ab:7e:8c:dc:aa:6d:77:
2d:53:b6:7e:80:e7:54:e0:98:81:cf:f2:e7:bf:2c:
62:5e:31:54:aa:e5:ce:8f:b3:86:31:22:6c:0e:bd:
bd:c6:df:a8:1e:90:4c:aa:6b:af:85:85:e8:37:db:
13:fa:83:40:7f:5d:2f:d5:4b:35:8b:36:7e:ae:50:
a5:b1:7d:dc:d2:db:d1:20:5a:7b:ec:fb:b9:04:54:
d5:b9:13:7a:cd:50:7b:f8:68:f2:03:4b:34:92:5d:
65:dc:99:2b:03:f0:93:a7:5b:df:5b:be:f1:c8:c7:
d0:03:c3:fa:f5:27:3e:1d:87:9c:af:22:3a:c5:12:
f1:7e:52:ed:73:db:a7:a3:01:e4:ab:7b:34:a4:30:
8c:c4:9f:bf:f6:0b:5f:31:eb:15:90:d9:b1:c1:00:
e2:22:50:d8:91:1a:d5:49:fe:bd:1d:48:41:1a:1c:
54:cc:50:88:a3:4d:b4:24:6b:54:d1:e5:f9:6d:88:
a5:cb:8d:1d:29:50:2d:01:8e:41:2a:ce:57:08:c9:
96:4e:27:7a:74:6f:ed:99:cf:c4:e5:f2:9a:d8:1d:
ec:24:f1:2d:8e:48:ec:60:6f:d0:96:fc:dd:87:98:
b2:b6:92:e4:eb:f6:22:9a:ed:63:c2:ba:a7:f2:87:
1d:50:d0:ee:cd:93:47:a6:d3:db:5d:f7:af:58:cc:
13:e8:dd:1b:73:20:1c:66:b8:ca:91:fb:96:80:7d:
93:fd:e9:80:2a:9b:17:41:24:6b:ea:fa:65:5f:17:
47:99:0a:c2:93:67:e9:11:6c:fb:84:b7:f2:4a:15:
46:19:13:d3:6f:94:93:06:57:b6:44:77:8f:c1:0e:
38:6f:1a:98:15:87:f6:91:c8:ac:38:f6:78:44:dd:
8f:e2:6e:da:72:0e:81:61:d3:cd:61:cd:fa:3c:9c:
6f:0c:fa:cd:91:5b:b2:98:65:cd:ed:19:34:d7:2f:
53:fa:a4:c2:4c:bb:39:2d:b7:fc:db:0d:b7:a9:38:
2c:15:ff:24:78:e1:66:d4:4b:22:95:87:da:6d:1e:
81:73:93:45:13:5e:7a:b1:a6:3c:a2:41:96:e2:ec:
bb:5d:1e:d2:33:8f:1e:05:7f:a9:ef:b0:59:45:d2:
9d:06:fc:ba:84:24:3a:0c:8c:a2:fd:d9:8a:91:21:
a4:47:c3:a9:ca:07:7a:9d:4c:67:f0:de:29:9b:2c:
4f:4b:fc:d6:91:78:44:52:41:a8:9d:4c:c1:15:90:
93:2c:1b:91:28:7c:4e:3d:f6:a8:3a:e0:fc:05:de:
a3:ec:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Server
Netscape Comment:
Easy-RSA Generated Server Certificate
X509v3 Subject Key Identifier:
8D:6F:B4:C0:CA:39:8E:D1:BC:31:63:A4:32:BB:B0:C8:66:6C:7E:A3
X509v3 Authority Key Identifier:
keyid:83:CE:05:AA:76:4D:6F:F5:F6:53:D5:90:06:B8:99:9A:9A:CA:BF:CA
DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-ANW-URB/name=VPN ANW-URB/emailAddress=argus@oopen.de
serial:BA:7F:28:9D:63:2F:B7:DE
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Subject Alternative Name:
DNS:server
Signature Algorithm: sha256WithRSAEncryption
14:4f:8a:df:e6:49:a2:f4:59:cd:15:11:38:ee:de:80:07:0f:
52:87:d2:46:af:32:87:83:17:8e:e7:98:fb:f2:75:8d:85:32:
92:2d:df:41:eb:f9:74:7f:46:64:d2:1b:3b:60:2b:4c:c9:f3:
8a:50:91:04:ef:dc:aa:fd:03:ed:7b:9e:d8:d8:b5:df:ce:22:
d3:93:ea:92:50:d2:89:e2:a8:41:d9:19:13:d7:ab:3e:57:22:
54:73:cb:b4:03:30:be:c8:ea:fb:2f:96:30:74:29:d1:c1:4e:
9f:f6:c4:42:cd:67:b0:12:15:99:0b:58:d5:9c:0b:a0:65:6d:
44:b9:65:a4:f3:fd:d8:87:dd:f9:da:1c:0b:3d:96:1c:d1:29:
68:30:73:89:83:b8:3d:f5:f9:51:3c:c6:32:17:3a:c7:f8:1f:
81:09:9e:cd:87:27:3d:f6:62:57:0d:75:62:60:65:34:13:5d:
09:19:be:f5:57:23:c7:be:6b:0c:b5:67:a0:ec:8d:c1:0d:9c:
1f:e2:78:58:83:f8:30:a4:3e:72:e7:31:62:0e:d0:da:84:ce:
95:6c:1e:69:62:ee:c8:b0:61:55:1c:15:5e:69:7c:5c:c4:95:
91:28:7a:63:66:65:66:8f:0c:4e:cd:38:aa:94:11:d0:a0:cf:
2a:d5:fb:e1:3a:6b:b9:6c:13:cd:b9:e0:2e:8b:cd:c7:06:cf:
12:17:32:0e:ae:50:cf:7f:04:df:8f:c9:bb:eb:5f:72:b7:63:
ec:31:e8:1a:a2:94:93:43:64:17:69:ab:26:61:1d:fd:85:e3:
c1:60:ed:c2:9d:f6:04:11:a5:ff:77:e0:d3:ef:75:90:99:36:
ab:62:59:fd:75:df:95:be:c7:1a:e0:eb:92:07:f9:a7:6b:a3:
3c:30:14:99:60:e3:04:3c:ba:45:91:fd:bf:1d:6a:d8:26:61:
eb:8d:76:7e:74:7c:d5:a3:50:0a:ab:cf:c8:f1:85:65:e4:6c:
10:11:91:f8:68:54:05:37:11:9e:ee:1c:5d:60:f7:b3:40:cf:
9c:c1:f4:3a:26:6c:d2:72:19:20:3c:da:27:9d:17:dd:75:f1:
b8:b3:9e:bc:92:4f:18:26:ad:38:a6:27:2a:92:b1:8e:23:96:
ff:0b:b1:96:ed:40:b6:da:3c:52:49:09:07:1d:6d:ed:02:78:
fd:55:95:db:8c:6c:85:2b:5d:4b:56:0f:ea:49:6d:2d:10:c7:
df:a8:3f:dd:b5:c5:be:ba:69:b0:a5:b0:c7:06:71:be:af:33:
c3:4e:71:aa:ce:1b:51:2f:dd:bc:c7:a0:8e:92:b1:ff:3b:cf:
a7:62:fd:35:c6:01:64:66
-----BEGIN CERTIFICATE-----
MIIHXDCCBUSgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1BTlct
VVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
b29wZW4uZGUwHhcNMTgwNzAxMTIwODAwWhcNMzgwNzAxMTIwODAwWjCBrTELMAkG
A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGzAZBgNVBAMT
ElZQTi1BTlctVVJCLXNlcnZlcjEUMBIGA1UEKRMLVlBOIEFOVy1VUkIxHTAbBgkq
hkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
MIICCgKCAgEA3Ng3fIJd91JhGmReTkxmj4FKcN5P7at+jNyqbXctU7Z+gOdU4JiB
z/LnvyxiXjFUquXOj7OGMSJsDr29xt+oHpBMqmuvhYXoN9sT+oNAf10v1Us1izZ+
rlClsX3c0tvRIFp77Pu5BFTVuRN6zVB7+GjyA0s0kl1l3JkrA/CTp1vfW77xyMfQ
A8P69Sc+HYecryI6xRLxflLtc9unowHkq3s0pDCMxJ+/9gtfMesVkNmxwQDiIlDY
kRrVSf69HUhBGhxUzFCIo020JGtU0eX5bYily40dKVAtAY5BKs5XCMmWTid6dG/t
mc/E5fKa2B3sJPEtjkjsYG/Qlvzdh5iytpLk6/Yimu1jwrqn8ocdUNDuzZNHptPb
XfevWMwT6N0bcyAcZrjKkfuWgH2T/emAKpsXQSRr6vplXxdHmQrCk2fpEWz7hLfy
ShVGGRPTb5STBle2RHePwQ44bxqYFYf2kcisOPZ4RN2P4m7acg6BYdPNYc36PJxv
DPrNkVuymGXN7Rk01y9T+qTCTLs5Lbf82w23qTgsFf8keOFm1EsilYfabR6Bc5NF
E156saY8okGW4uy7XR7SM48eBX+p77BZRdKdBvy6hCQ6DIyi/dmKkSGkR8Opygd6
nUxn8N4pmyxPS/zWkXhEUkGonUzBFZCTLBuRKHxOPfaoOuD8Bd6j7FECAwEAAaOC
AYowggGGMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMDQGCWCGSAGG+EIB
DQQnFiVFYXN5LVJTQSBHZW5lcmF0ZWQgU2VydmVyIENlcnRpZmljYXRlMB0GA1Ud
DgQWBBSNb7TAyjmO0bwxY6Qyu7DIZmx+ozCB2wYDVR0jBIHTMIHQgBSDzgWqdk1v
9fZT1ZAGuJmamsq/yqGBrKSBqTCBpjELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJl
cmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsT
EE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1BTlctVVJCMRQwEgYDVQQp
EwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQC6
fyidYy+33jATBgNVHSUEDDAKBggrBgEFBQcDATALBgNVHQ8EBAMCBaAwEQYDVR0R
BAowCIIGc2VydmVyMA0GCSqGSIb3DQEBCwUAA4ICAQAUT4rf5kmi9FnNFRE47t6A
Bw9Sh9JGrzKHgxeO55j78nWNhTKSLd9B6/l0f0Zk0hs7YCtMyfOKUJEE79yq/QPt
e57Y2LXfziLTk+qSUNKJ4qhB2RkT16s+VyJUc8u0AzC+yOr7L5YwdCnRwU6f9sRC
zWewEhWZC1jVnAugZW1EuWWk8/3Yh9352hwLPZYc0SloMHOJg7g99flRPMYyFzrH
+B+BCZ7Nhyc99mJXDXViYGU0E10JGb71VyPHvmsMtWeg7I3BDZwf4nhYg/gwpD5y
5zFiDtDahM6VbB5pYu7IsGFVHBVeaXxcxJWRKHpjZmVmjwxOzTiqlBHQoM8q1fvh
Omu5bBPNueAui83HBs8SFzIOrlDPfwTfj8m7619yt2PsMegaopSTQ2QXaasmYR39
hePBYO3CnfYEEaX/d+DT73WQmTarYln9dd+Vvsca4OuSB/mna6M8MBSZYOMEPLpF
kf2/HWrYJmHrjXZ+dHzVo1AKq8/I8YVl5GwQEZH4aFQFNxGe7hxdYPezQM+cwfQ6
JmzSchkgPNonnRfddfG4s568kk8YJq04picqkrGOI5b/C7GW7UC22jxSSQkHHW3t
Anj9VZXbjGyFK11LVg/qSW0tEMffqD/dtcW+ummwpbDHBnG+rzPDTnGqzhtRL928
x6COkrH/O8+nYv01xgFkZg==
-----END CERTIFICATE-----

139
ANW-URB/openvpn/gw-ckubu/keys/02.pem Normal file
View File

@ -0,0 +1,139 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-ANW-URB/name=VPN ANW-URB/emailAddress=argus@oopen.de
Validity
Not Before: Jul 1 12:19:59 2018 GMT
Not After : Jul 1 12:19:59 2038 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-ANW-URB-gw-ckubu/name=VPN ANW-URB/emailAddress=argus@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:cf:d1:f3:c8:f7:01:10:52:38:4c:48:6f:74:f1:
42:35:7c:c8:e1:a5:d6:85:b2:86:99:66:91:47:26:
d6:cd:6d:d2:28:1b:0e:ec:a4:bb:78:30:31:e8:4e:
5c:57:fb:04:0d:47:21:3e:21:22:93:70:17:27:6b:
9e:cb:84:b8:ae:91:d3:d7:ac:99:45:fc:44:eb:ea:
fa:3f:96:70:3b:3c:66:bd:86:72:6f:87:32:62:9d:
21:b9:0d:d3:f5:28:ca:44:18:06:ed:59:be:93:e0:
51:45:5b:31:3b:af:b9:4f:ad:c8:77:66:71:2a:87:
17:6f:ba:0f:8c:29:70:ad:57:6b:99:43:2d:7c:93:
9d:9d:75:a4:53:14:08:d5:af:dc:12:8a:bf:de:da:
bc:31:0f:ee:fe:e3:8f:0b:f9:91:ec:f3:7f:73:c5:
09:02:83:0d:a1:cc:26:eb:09:a3:0f:3b:f4:50:e4:
2c:1f:8e:b1:cd:ee:9c:95:b7:49:c2:79:a7:7c:d0:
5c:7f:76:b8:74:c4:f9:3c:6c:5d:fc:61:c2:86:17:
03:c8:da:50:be:3f:b0:38:22:42:26:27:87:bf:94:
eb:7e:2f:3e:7b:eb:15:cc:ab:7d:6a:92:f8:bc:30:
86:12:32:20:3e:d8:eb:bd:51:6b:23:fe:63:6e:94:
6c:d4:aa:9d:b0:b4:ec:5b:68:0d:a8:13:d2:8c:19:
0c:37:0b:c1:e4:5f:89:7f:83:5c:0e:66:85:9f:6f:
8c:21:51:14:eb:33:ca:41:77:65:2f:4b:ff:fb:15:
41:b6:df:2a:05:b7:20:f4:93:31:11:16:f4:d3:d8:
4b:37:c2:12:a2:9d:e5:2d:1f:10:29:0e:17:f4:99:
74:f9:6a:24:b8:e4:6a:6e:7b:c1:21:e0:bc:e5:fd:
20:5a:9f:e5:ad:6d:88:86:b0:c5:17:71:dc:82:ed:
aa:17:30:6b:91:bd:e1:15:d0:18:ce:e6:18:26:2b:
8b:d3:a6:07:57:7c:cd:af:b4:88:ff:fd:e5:84:46:
c9:b7:48:1b:64:ec:1f:cc:12:a2:12:f5:79:33:f4:
42:c8:39:b7:01:4b:19:4f:1a:19:da:24:01:cb:ad:
57:25:6d:19:bb:0c:d6:6a:37:57:ae:58:09:d0:68:
9c:91:b4:d1:32:5d:4c:75:85:e5:b3:08:40:94:63:
92:f9:bf:12:ea:42:8d:06:27:ae:e8:03:95:45:57:
67:6e:31:30:c8:72:13:01:07:c5:25:58:da:32:34:
30:65:7d:6c:51:80:7f:48:d7:7e:b1:91:9a:65:36:
4f:dc:49:56:99:c3:b4:4b:fe:c4:0d:cf:b8:15:ad:
fc:0e:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
E4:08:A5:94:1E:3A:3A:1E:5B:31:08:35:C0:54:32:38:37:B9:30:13
X509v3 Authority Key Identifier:
keyid:83:CE:05:AA:76:4D:6F:F5:F6:53:D5:90:06:B8:99:9A:9A:CA:BF:CA
DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-ANW-URB/name=VPN ANW-URB/emailAddress=argus@oopen.de
serial:BA:7F:28:9D:63:2F:B7:DE
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:gw-ckubu
Signature Algorithm: sha256WithRSAEncryption
64:8b:94:5f:e0:6a:21:35:fa:25:43:6e:92:da:59:20:12:7c:
6b:99:7f:18:d7:39:e9:8d:f9:cc:e2:93:3c:bd:9c:ee:51:0e:
a9:21:d7:ba:09:21:ab:ee:8f:94:4e:7f:ec:01:31:40:6a:4c:
f5:22:54:a9:5f:af:5c:cc:91:76:e6:dd:5e:bd:ce:6b:2c:00:
c3:a1:33:2a:1b:83:48:64:d0:4d:86:5e:da:f0:4d:be:af:c7:
01:6a:69:4b:a4:39:c8:d7:de:ef:4f:94:67:b3:7b:0a:3f:5a:
e4:09:60:7e:ba:79:fb:00:9a:09:2a:52:03:cb:c4:df:d2:5c:
24:9b:2b:f1:c2:fa:5e:bb:62:e4:1f:5e:81:ea:65:00:d9:dc:
4c:38:17:59:ba:d5:09:d0:25:c5:15:28:e4:15:a2:d2:d6:78:
a0:72:f5:06:ae:3f:61:93:a5:8a:8c:9a:a6:ca:5d:2a:20:af:
de:f9:49:d6:a9:45:34:1c:72:c6:93:ad:61:dd:d6:68:2c:16:
7d:97:66:57:08:91:fa:bd:ff:0d:68:20:b4:be:ba:9b:60:f1:
a1:bd:35:e6:51:26:84:91:65:09:f2:7e:17:d5:64:84:97:7a:
f7:ab:ef:77:ea:55:47:e1:d1:e7:b9:ac:f5:5d:ab:37:54:89:
8e:5f:d1:1e:2b:5b:e6:3c:31:38:e8:e9:dd:58:ba:f3:c9:63:
1a:ed:2a:d9:fa:66:52:cd:b9:8c:0d:64:78:c2:d3:23:e9:a3:
9b:57:ed:05:e5:52:1b:6b:32:d8:37:9c:fa:e2:94:ed:3b:a2:
94:4a:9b:cf:4e:90:ce:fc:15:36:e0:a5:2c:3f:c7:fa:03:c1:
06:37:45:56:0c:43:4c:09:ba:50:20:52:6c:32:f3:48:e0:60:
1f:87:c2:42:1a:21:13:96:d9:a6:dd:f1:75:f8:a8:15:c2:c1:
5d:8d:e8:c1:fa:3d:e3:e5:d6:db:71:d1:2a:66:a5:57:af:aa:
43:8b:22:2d:33:a7:28:d1:d2:a8:7f:a6:71:a7:6d:15:85:87:
3b:60:92:f6:88:7d:2b:40:93:4f:0a:30:d1:60:45:e9:31:de:
89:87:13:6f:ca:99:10:df:6b:3b:03:2c:78:f0:f5:2c:4c:6f:
74:f1:f6:03:27:9a:45:74:af:13:36:e1:5b:91:6d:63:61:e0:
a3:cd:41:a3:bb:8d:e0:df:ea:2b:7c:e3:2e:77:ad:3d:f8:a2:
57:0b:94:5e:63:8d:f9:8f:32:e1:e2:3c:96:ae:3c:ec:3f:c1:
64:70:16:b8:7f:84:5f:7d:9d:c7:4e:f1:cf:09:34:9c:0e:89:
ba:d7:be:38:9d:87:30:02
-----BEGIN CERTIFICATE-----
MIIHRjCCBS6gAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1BTlct
VVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
b29wZW4uZGUwHhcNMTgwNzAxMTIxOTU5WhcNMzgwNzAxMTIxOTU5WjCBrzELMAkG
A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxHTAbBgNVBAMT
FFZQTi1BTlctVVJCLWd3LWNrdWJ1MRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsG
CSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4IC
DwAwggIKAoICAQDP0fPI9wEQUjhMSG908UI1fMjhpdaFsoaZZpFHJtbNbdIoGw7s
pLt4MDHoTlxX+wQNRyE+ISKTcBcna57LhLiukdPXrJlF/ETr6vo/lnA7PGa9hnJv
hzJinSG5DdP1KMpEGAbtWb6T4FFFWzE7r7lPrch3ZnEqhxdvug+MKXCtV2uZQy18
k52ddaRTFAjVr9wSir/e2rwxD+7+448L+ZHs839zxQkCgw2hzCbrCaMPO/RQ5Cwf
jrHN7pyVt0nCead80Fx/drh0xPk8bF38YcKGFwPI2lC+P7A4IkImJ4e/lOt+Lz57
6xXMq31qkvi8MIYSMiA+2Ou9UWsj/mNulGzUqp2wtOxbaA2oE9KMGQw3C8HkX4l/
g1wOZoWfb4whURTrM8pBd2UvS//7FUG23yoFtyD0kzERFvTT2Es3whKineUtHxAp
Dhf0mXT5aiS45Gpue8Eh4Lzl/SBan+WtbYiGsMUXcdyC7aoXMGuRveEV0BjO5hgm
K4vTpgdXfM2vtIj//eWERsm3SBtk7B/MEqIS9Xkz9ELIObcBSxlPGhnaJAHLrVcl
bRm7DNZqN1euWAnQaJyRtNEyXUx1heWzCECUY5L5vxLqQo0GJ67oA5VFV2duMTDI
chMBB8UlWNoyNDBlfWxRgH9I136xkZplNk/cSVaZw7RL/sQNz7gVrfwOaQIDAQAB
o4IBcjCCAW4wCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2Vu
ZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBTkCKWUHjo6HlsxCDXAVDI4N7kw
EzCB2wYDVR0jBIHTMIHQgBSDzgWqdk1v9fZT1ZAGuJmamsq/yqGBrKSBqTCBpjEL
MAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8w
DQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNV
BAMTC1ZQTi1BTlctVVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3
DQEJARYOYXJndXNAb29wZW4uZGWCCQC6fyidYy+33jATBgNVHSUEDDAKBggrBgEF
BQcDAjALBgNVHQ8EBAMCB4AwEwYDVR0RBAwwCoIIZ3ctY2t1YnUwDQYJKoZIhvcN
AQELBQADggIBAGSLlF/gaiE1+iVDbpLaWSASfGuZfxjXOemN+czikzy9nO5RDqkh
17oJIavuj5ROf+wBMUBqTPUiVKlfr1zMkXbm3V69zmssAMOhMyobg0hk0E2GXtrw
Tb6vxwFqaUukOcjX3u9PlGezewo/WuQJYH66efsAmgkqUgPLxN/SXCSbK/HC+l67
YuQfXoHqZQDZ3Ew4F1m61QnQJcUVKOQVotLWeKBy9QauP2GTpYqMmqbKXSogr975
SdapRTQccsaTrWHd1mgsFn2XZlcIkfq9/w1oILS+uptg8aG9NeZRJoSRZQnyfhfV
ZISXever73fqVUfh0ee5rPVdqzdUiY5f0R4rW+Y8MTjo6d1YuvPJYxrtKtn6ZlLN
uYwNZHjC0yPpo5tX7QXlUhtrMtg3nPrilO07opRKm89OkM78FTbgpSw/x/oDwQY3
RVYMQ0wJulAgUmwy80jgYB+HwkIaIROW2abd8XX4qBXCwV2N6MH6PePl1ttx0Spm
pVevqkOLIi0zpyjR0qh/pnGnbRWFhztgkvaIfStAk08KMNFgRekx3omHE2/KmRDf
azsDLHjw9SxMb3Tx9gMnmkV0rxM24VuRbWNh4KPNQaO7jeDf6it84y53rT34olcL
lF5jjfmPMuHiPJauPOw/wWRwFrh/hF99ncdO8c8JNJwOibrXvjidhzAC
-----END CERTIFICATE-----

39
ANW-URB/openvpn/gw-ckubu/keys/ca.crt Normal file
View File

@ -0,0 +1,39 @@
-----BEGIN CERTIFICATE-----
MIIG5DCCBMygAwIBAgIJALp/KJ1jL7feMA0GCSqGSIb3DQEBCwUAMIGmMQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEUMBIGA1UEAxML
VlBOLUFOVy1VUkIxFDASBgNVBCkTC1ZQTiBBTlctVVJCMR0wGwYJKoZIhvcNAQkB
Fg5hcmd1c0Bvb3Blbi5kZTAgFw0xODA3MDExMjAxMTBaGA8yMDUwMDcwMTEyMDEx
MFowgaYxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJl
cmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2Vz
MRQwEgYDVQQDEwtWUE4tQU5XLVVSQjEUMBIGA1UEKRMLVlBOIEFOVy1VUkIxHTAb
BgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOC
Ag8AMIICCgKCAgEAwqxYiLmI2l30o0GJ0tFrt8G8pHrhuIUbgmaKpv+nvkDVZlYi
x7e36iGcswVwFrCRMkDSZk3assH95zr+psTDDpcsLeXg6t/P8m4Fa+nRpGAnJiRG
kC5C1gi6mzQq2exkyK/N8uEN1i1uRSm6bg5SYoY2kYid9t2wzkvw/oRpee3orrGX
T0L0V7gQsBXRQMPkDdcsXiS6yMC/BiucNZ7aTNm0ZFJW/FrtFK2fq+zhfKMffe0q
ZEBC9kpJvo12u1TVE6udnBqEa7SdDTgZdIJt2bWeI700WQd/wbxX2+pn+mMvzwnz
ArIkMkAEg8XKRvvyTTZFXgLjNie03mfT3Rhdaren7SW0Y9ZP5f9RWiqaUVPwbc4L
Y0rHuxDOn26GM5lcMUcDH5mqhe/7jOeGFNWNjvMzfwud1lGNVWjM9RLLhvQnZmJn
RCuCiP4egh9eZ537XYvnf9tEfZibeDZQbeJ+RXHfcPb4QZbTXfyah8A6tw4SN3DY
BA5S0f/5RJ58K/HqUk63zTMLDTQ5xxnh9H6t0dj0d1hKZdBGJ4J+h94aSBWd1yDj
0ihEtuMlkmXlb6WuMCu7WfVjveq+Y0cbyP7j8Eydr4mKNUGSLSr36OxBaaj84MqN
/SxgR/WC6cd2sIfI2arqBfs6Ofh6SnwY7QthrolPGBkVltemHIFOXNPRFakCAwEA
AaOCAQ8wggELMB0GA1UdDgQWBBSDzgWqdk1v9fZT1ZAGuJmamsq/yjCB2wYDVR0j
BIHTMIHQgBSDzgWqdk1v9fZT1ZAGuJmamsq/yqGBrKSBqTCBpjELMAkGA1UEBhMC
REUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZv
Lm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1B
TlctVVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJn
dXNAb29wZW4uZGWCCQC6fyidYy+33jAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEB
CwUAA4ICAQCpZ/wJ4P99jqlzsvxt/xr9vmaseN40KRUiVhNMI4NArL6cxNw++MX/
yYIw4lk4BtBtMxidcgBnubtck5wuCeLco4HBYnXcLOJT6kJkZQ7ruM9Q5gwaYZFq
HWNJFDQhMO8x1sbf7QzENmg9UsZu+9ugA+MZ30gnWBLWW4BfB6YuHQkRmE/i9gYn
AGwiokUCem4hKUiN+K4rOmPFgtJN5rY9Tv0cu4dvY93lz+e9kvBj2qHTydTBvLM5
YdxuZ5YN4dLEvpI+PIlJCS78Z5fISake3oQliy7sTs77cYihQ4AgWTo4JO/sX6Z0
VyV0Y8qGkMhcWJ9p/6y4XpatBIDmzuvauRUFR8U6qLknWDgFpEeppqUOU43y1Kmq
brVBRFjqfiJfYSOOr6lUkiJkLOHNAbHsNrtQLFnr4PHsegIwPLC4hRjmZjlrkUiW
GV/+QUeNahFkZ6PhaELXAzmwi2oDkoszssMIXbwgtzq0T8svlJXZUEfzY+O/tVOB
uQ7qgA2fKzGI1/F0Qzm5TV/bxhP8IzHPUiEWHaQbJkTzUW8oe9l63KxtEysw99to
mgxxeMVvxuRxswkp77j/he8B95VHIvYBtVzTRPLfXwhSSeGgZsriqORXqhInNGi8
+yEXH4slS8QSBi7fLkgk7Fkl4HLNSUqstdOyJuMPr9yfgTg4Mhb16g==
-----END CERTIFICATE-----

52
ANW-URB/openvpn/gw-ckubu/keys/ca.key Normal file
View File

@ -0,0 +1,52 @@
-----BEGIN PRIVATE KEY-----
MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDCrFiIuYjaXfSj
QYnS0Wu3wbykeuG4hRuCZoqm/6e+QNVmViLHt7fqIZyzBXAWsJEyQNJmTdqywf3n
Ov6mxMMOlywt5eDq38/ybgVr6dGkYCcmJEaQLkLWCLqbNCrZ7GTIr83y4Q3WLW5F
KbpuDlJihjaRiJ323bDOS/D+hGl57eiusZdPQvRXuBCwFdFAw+QN1yxeJLrIwL8G
K5w1ntpM2bRkUlb8Wu0UrZ+r7OF8ox997SpkQEL2Skm+jXa7VNUTq52cGoRrtJ0N
OBl0gm3ZtZ4jvTRZB3/BvFfb6mf6Yy/PCfMCsiQyQASDxcpG+/JNNkVeAuM2J7Te
Z9PdGF1qt6ftJbRj1k/l/1FaKppRU/BtzgtjSse7EM6fboYzmVwxRwMfmaqF7/uM
54YU1Y2O8zN/C53WUY1VaMz1EsuG9CdmYmdEK4KI/h6CH15nnftdi+d/20R9mJt4
NlBt4n5Fcd9w9vhBltNd/JqHwDq3DhI3cNgEDlLR//lEnnwr8epSTrfNMwsNNDnH
GeH0fq3R2PR3WEpl0EYngn6H3hpIFZ3XIOPSKES24yWSZeVvpa4wK7tZ9WO96r5j
RxvI/uPwTJ2viYo1QZItKvfo7EFpqPzgyo39LGBH9YLpx3awh8jZquoF+zo5+HpK
fBjtC2GuiU8YGRWW16YcgU5c09EVqQIDAQABAoICAH/S2m8sJAf+GVv49J5QlAIc
W9lENmIKRH3jBreQtnvd5kFD3aJ1p3U8jL+fmnHLjgsJNR2nkSo+5pCl0/98wvcZ
nBCnGIAgZVIxm6234cekuw/4UbzqI0iWgrDWGCzvY13C0d/glk1Dl1wigh8xmDbJ
GZuFsPMfrbBHfP4hw4AkDtxmD4wj0nymh46XRMbZ2SydVKycQWj/5m4OxIsQuxYq
/J/C0QrySSmCt40UBRrpoQv2ZhddepptPO65xHRMx3wa+2o8nyZ5eYXsiApQegCx
mByvZ2ft3J1BJg9oYs2twv6W8dGbVtkH3+8GOENTu02njPSlwLsWZ1SBqENMdEkv
MWKWX13XFz9TErwywDUbgh7/PAlItwXdQAnkBc+OnbDat+We5P98kSfGWb4q+sxv
A95H2alTaKZrA7bbcUWdvVISDydhrmyNt1yMMhC4BjKOL2FOSM7qDQ1IogpIgq0U
GCd9hYeERBbk+PSQBjgIgjzhhhxLdgC9pWHMhJ7XmpBIiDTMbC1A35Hu0e+l6Rr/
vqdCKQERXQm7etXSRGPuEtuDYc8UnZWPIMu5hgSVuh707z91O2fvytKouIMuIuNx
gBb9PviLSmn7cMGeExRs/KUZh5khf5rFhGre0rYr9pxXIx0J+sMPZs/EFG93VBFg
ZYRs9c2Tw6JSaM5voOPhAoIBAQD6BUFo3XYpKHJeScBCSZfZ2LNFhze5MeKCKkAK
v0s+++i8HNLL2ypnxo1ZDd4r2KSHttjiWJxXWj9I7wIYMHS8X5vg2B/yHXFJCiha
msrCL8zJBpVkLCdoMCzz7CcScVs1kgiN3aoJd2KMzM6KIQOTB0Ovyt4Lvquua986
h6ItXXse8Ac0N5pcaqkdWD3wuULMTWXn8jgI9TMm1pRh21Nh0bZFZi0VHXBL86vS
VDTiYHddSB3M9BesUW61TaSYisip2tvYXkMUtfbrj5yDIW4mPyoL3V30JGvB2QwY
Ijk60J1qwcLyFMOJ11BcorgUA6/+AuZVeatfwh0xEb8MHLBHAoIBAQDHVDpTgXmP
VLi4MepOYACnNweT00QM8XhMvSxk35Y6yoNRHivsusJ3HhSYaEpu7Jo3OoL33qhc
m+v7u0ppThuZeGhr8eMpCT/l+zVW1W5Ayvqg4tKWcikN8EV3gkpFkwuCkLraxcCQ
9HMgInoAr2EO2f65wH1tmb2X57ra8iN3ZPVv4nDri5LwGaFZ8GEUTe6cLoWz1Du1
hyTaCNd4eRO3zWdmYbGBfh59XKtbimMxudL86Tz862gd2x4MkzMQ+pRDaYpeLrgx
snEh4j948f5FSvS4niPmp+rUb5AXADKVwfplYLqzVph+2sKpEwDIUyOXlUSMY3XD
RRjuCO0E3XKPAoIBAQCnrbiljMl/Zvn1FH9Vtaea2cO5oKsVkEg6Rf23d34OmsIG
z0nsoGs7OCV6EVvsihomTtH8U7Nevk7tKiZ8dJsF7xVK4YfjSC2+74oK4f+T5pzw
QXMVwKsZLB4p5Tp7Gv0x22PTSVONj7zPc1gduXB9PgT+NA9hTxozG3OV/Hse86/s
GsyqD5R94KbU4GaCOK18+Xeb7I36LACHTqgrTP4J/6y/tHwNyjWTKrQUlpb1L/89
12ztFNN/pQmbnJwEFifoCrkgzm8sx7D3YNR1+Yi3K+uWE3u8jmSamGeNE/7P3DOG
8rY8xwIxQu9JgXP1MFfrAqTZtITj7vrG+wDnLaJnAoIBACZZlTM1yO6DrVp6+AqG
O/nwA3w0fHZFCxEwoFb0EZJUHjnAJVFRiVKjrfC4uAFpci5ICqSn6RqQQTHYkfN6
vKKlYOnLyxm9FtcnotaHD8RViSzlFwEtC6sL3EGnBqUmKmO/dsPaojcBYRkAqRpy
o6jY1kJkv30TxD9yrSesyJgTC4mwNmuLGgUp2TpVnkfqyoqwBLdZkPdW/gcZBmO+
X8XQNiGjkCRK4JDcAHgHQxhxGR/hvAMpQ4ni+4AN3hhZLadeqel+8Z9WJqAPSIj7
fiFUz4qpmlypV+vxXvad6h2YCZXxq1oPwh0994/SASeJn2JtrJeaFzEvnSFHBFsY
RA8CggEAZiNUmy5gRHKqP3W//HQseO3n8t8KbeNnIZvvnUMwDH1uf0HqQSgrlJfr
O1EKf2JpxPC4Nl2LrnW314mwwW79gR2jF3jYlf6p6afPCV0bdlQZ0fuFskcGRPXl
oql8FA82xC4DHgJ8inSn9hcen17ksvUQxRz0cv3H4YKf+kPs3JscZ2rX7CIOr4Qb
lWRk8DHc2QdhcWBIPH9TH/2njoFBVIbbvDNiBnQbRZ7d9KM/OAuXWxTHYRxLyRR6
lrf4O7rxTh4CyvmeqGxwYBrU1ecJTigu0dPKJQSn1rhZt5ukOvjypf7iBKzgAeW8
5CgRf72B8KP9wr6piE2BHvjWudE4TQ==
-----END PRIVATE KEY-----

1
ANW-URB/openvpn/gw-ckubu/keys/crl.pem Symbolic link
View File

@ -0,0 +1 @@
../crl.pem

13
ANW-URB/openvpn/gw-ckubu/keys/dh4096.pem Normal file
View File

@ -0,0 +1,13 @@
-----BEGIN DH PARAMETERS-----
MIICCAKCAgEAkb98/ZYPH87EHpUo6LatlbDgwe/tquFxg8EnrgAGaHrQMWDnSOvm
A1rXnnpql+avwnloGIqrQ+HjWMLq7KEBYc2W0KN37/qTQw0X7NPixQgDfaeainjQ
TpcAdjKcLCVeHd7J0aiKC/C1u1vRBCf14+wd0NZK7PXCRY8Ggft7hc0ya//riD+s
R4v1A1XXdMkns/YJMKzvvGEvV6IOlFuLUbbU6kYCUjVWDqsvNaRZpGuIiMis1e1l
PRtmIHGlhw/phKgK42ct5OIv2fjTkgg+u31ljptBBr6524HePx8ArifYySHIkk66
O6NeTQpX0VSqs4gpSgAQYAZS5M8DwMrMykmZml1PJkotevBP2YswNvTxwDRosaVu
1u0vJknjPyXnf+BvB9mbcZBVLqJ9YwdjxfVT5biIFVty7V5Oavxkn0zGdH+72eTT
t2FdyTx36Xwl/cRxeXENpVa4xsd7b1zxLLHP9gVHadrTsScplsiZcYZaxrMufuIp
r/I3W9FAgG8zxvnwNRPEjvqLEwuvgo0Ab3bQcl/Sz7Z36lo6TRS8y4V7uZdmdJ+w
92VxbVPFCb27veqrXooZJY5wVAkxdeG7NyS/MScC1JjpmqMK/fTcwfWzA0EH/k8Y
rEv324x/7ZK7gf9mNw21CcXHfBidZhyaU0imHQ5KhUOQS11xHQDqN4MCAQI=
-----END DH PARAMETERS-----

139
ANW-URB/openvpn/gw-ckubu/keys/gw-ckubu.crt Normal file
View File

@ -0,0 +1,139 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-ANW-URB/name=VPN ANW-URB/emailAddress=argus@oopen.de
Validity
Not Before: Jul 1 12:19:59 2018 GMT
Not After : Jul 1 12:19:59 2038 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-ANW-URB-gw-ckubu/name=VPN ANW-URB/emailAddress=argus@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:cf:d1:f3:c8:f7:01:10:52:38:4c:48:6f:74:f1:
42:35:7c:c8:e1:a5:d6:85:b2:86:99:66:91:47:26:
d6:cd:6d:d2:28:1b:0e:ec:a4:bb:78:30:31:e8:4e:
5c:57:fb:04:0d:47:21:3e:21:22:93:70:17:27:6b:
9e:cb:84:b8:ae:91:d3:d7:ac:99:45:fc:44:eb:ea:
fa:3f:96:70:3b:3c:66:bd:86:72:6f:87:32:62:9d:
21:b9:0d:d3:f5:28:ca:44:18:06:ed:59:be:93:e0:
51:45:5b:31:3b:af:b9:4f:ad:c8:77:66:71:2a:87:
17:6f:ba:0f:8c:29:70:ad:57:6b:99:43:2d:7c:93:
9d:9d:75:a4:53:14:08:d5:af:dc:12:8a:bf:de:da:
bc:31:0f:ee:fe:e3:8f:0b:f9:91:ec:f3:7f:73:c5:
09:02:83:0d:a1:cc:26:eb:09:a3:0f:3b:f4:50:e4:
2c:1f:8e:b1:cd:ee:9c:95:b7:49:c2:79:a7:7c:d0:
5c:7f:76:b8:74:c4:f9:3c:6c:5d:fc:61:c2:86:17:
03:c8:da:50:be:3f:b0:38:22:42:26:27:87:bf:94:
eb:7e:2f:3e:7b:eb:15:cc:ab:7d:6a:92:f8:bc:30:
86:12:32:20:3e:d8:eb:bd:51:6b:23:fe:63:6e:94:
6c:d4:aa:9d:b0:b4:ec:5b:68:0d:a8:13:d2:8c:19:
0c:37:0b:c1:e4:5f:89:7f:83:5c:0e:66:85:9f:6f:
8c:21:51:14:eb:33:ca:41:77:65:2f:4b:ff:fb:15:
41:b6:df:2a:05:b7:20:f4:93:31:11:16:f4:d3:d8:
4b:37:c2:12:a2:9d:e5:2d:1f:10:29:0e:17:f4:99:
74:f9:6a:24:b8:e4:6a:6e:7b:c1:21:e0:bc:e5:fd:
20:5a:9f:e5:ad:6d:88:86:b0:c5:17:71:dc:82:ed:
aa:17:30:6b:91:bd:e1:15:d0:18:ce:e6:18:26:2b:
8b:d3:a6:07:57:7c:cd:af:b4:88:ff:fd:e5:84:46:
c9:b7:48:1b:64:ec:1f:cc:12:a2:12:f5:79:33:f4:
42:c8:39:b7:01:4b:19:4f:1a:19:da:24:01:cb:ad:
57:25:6d:19:bb:0c:d6:6a:37:57:ae:58:09:d0:68:
9c:91:b4:d1:32:5d:4c:75:85:e5:b3:08:40:94:63:
92:f9:bf:12:ea:42:8d:06:27:ae:e8:03:95:45:57:
67:6e:31:30:c8:72:13:01:07:c5:25:58:da:32:34:
30:65:7d:6c:51:80:7f:48:d7:7e:b1:91:9a:65:36:
4f:dc:49:56:99:c3:b4:4b:fe:c4:0d:cf:b8:15:ad:
fc:0e:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
E4:08:A5:94:1E:3A:3A:1E:5B:31:08:35:C0:54:32:38:37:B9:30:13
X509v3 Authority Key Identifier:
keyid:83:CE:05:AA:76:4D:6F:F5:F6:53:D5:90:06:B8:99:9A:9A:CA:BF:CA
DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-ANW-URB/name=VPN ANW-URB/emailAddress=argus@oopen.de
serial:BA:7F:28:9D:63:2F:B7:DE
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:gw-ckubu
Signature Algorithm: sha256WithRSAEncryption
64:8b:94:5f:e0:6a:21:35:fa:25:43:6e:92:da:59:20:12:7c:
6b:99:7f:18:d7:39:e9:8d:f9:cc:e2:93:3c:bd:9c:ee:51:0e:
a9:21:d7:ba:09:21:ab:ee:8f:94:4e:7f:ec:01:31:40:6a:4c:
f5:22:54:a9:5f:af:5c:cc:91:76:e6:dd:5e:bd:ce:6b:2c:00:
c3:a1:33:2a:1b:83:48:64:d0:4d:86:5e:da:f0:4d:be:af:c7:
01:6a:69:4b:a4:39:c8:d7:de:ef:4f:94:67:b3:7b:0a:3f:5a:
e4:09:60:7e:ba:79:fb:00:9a:09:2a:52:03:cb:c4:df:d2:5c:
24:9b:2b:f1:c2:fa:5e:bb:62:e4:1f:5e:81:ea:65:00:d9:dc:
4c:38:17:59:ba:d5:09:d0:25:c5:15:28:e4:15:a2:d2:d6:78:
a0:72:f5:06:ae:3f:61:93:a5:8a:8c:9a:a6:ca:5d:2a:20:af:
de:f9:49:d6:a9:45:34:1c:72:c6:93:ad:61:dd:d6:68:2c:16:
7d:97:66:57:08:91:fa:bd:ff:0d:68:20:b4:be:ba:9b:60:f1:
a1:bd:35:e6:51:26:84:91:65:09:f2:7e:17:d5:64:84:97:7a:
f7:ab:ef:77:ea:55:47:e1:d1:e7:b9:ac:f5:5d:ab:37:54:89:
8e:5f:d1:1e:2b:5b:e6:3c:31:38:e8:e9:dd:58:ba:f3:c9:63:
1a:ed:2a:d9:fa:66:52:cd:b9:8c:0d:64:78:c2:d3:23:e9:a3:
9b:57:ed:05:e5:52:1b:6b:32:d8:37:9c:fa:e2:94:ed:3b:a2:
94:4a:9b:cf:4e:90:ce:fc:15:36:e0:a5:2c:3f:c7:fa:03:c1:
06:37:45:56:0c:43:4c:09:ba:50:20:52:6c:32:f3:48:e0:60:
1f:87:c2:42:1a:21:13:96:d9:a6:dd:f1:75:f8:a8:15:c2:c1:
5d:8d:e8:c1:fa:3d:e3:e5:d6:db:71:d1:2a:66:a5:57:af:aa:
43:8b:22:2d:33:a7:28:d1:d2:a8:7f:a6:71:a7:6d:15:85:87:
3b:60:92:f6:88:7d:2b:40:93:4f:0a:30:d1:60:45:e9:31:de:
89:87:13:6f:ca:99:10:df:6b:3b:03:2c:78:f0:f5:2c:4c:6f:
74:f1:f6:03:27:9a:45:74:af:13:36:e1:5b:91:6d:63:61:e0:
a3:cd:41:a3:bb:8d:e0:df:ea:2b:7c:e3:2e:77:ad:3d:f8:a2:
57:0b:94:5e:63:8d:f9:8f:32:e1:e2:3c:96:ae:3c:ec:3f:c1:
64:70:16:b8:7f:84:5f:7d:9d:c7:4e:f1:cf:09:34:9c:0e:89:
ba:d7:be:38:9d:87:30:02
-----BEGIN CERTIFICATE-----
MIIHRjCCBS6gAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1BTlct
VVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
b29wZW4uZGUwHhcNMTgwNzAxMTIxOTU5WhcNMzgwNzAxMTIxOTU5WjCBrzELMAkG
A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxHTAbBgNVBAMT
FFZQTi1BTlctVVJCLWd3LWNrdWJ1MRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsG
CSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4IC
DwAwggIKAoICAQDP0fPI9wEQUjhMSG908UI1fMjhpdaFsoaZZpFHJtbNbdIoGw7s
pLt4MDHoTlxX+wQNRyE+ISKTcBcna57LhLiukdPXrJlF/ETr6vo/lnA7PGa9hnJv
hzJinSG5DdP1KMpEGAbtWb6T4FFFWzE7r7lPrch3ZnEqhxdvug+MKXCtV2uZQy18
k52ddaRTFAjVr9wSir/e2rwxD+7+448L+ZHs839zxQkCgw2hzCbrCaMPO/RQ5Cwf
jrHN7pyVt0nCead80Fx/drh0xPk8bF38YcKGFwPI2lC+P7A4IkImJ4e/lOt+Lz57
6xXMq31qkvi8MIYSMiA+2Ou9UWsj/mNulGzUqp2wtOxbaA2oE9KMGQw3C8HkX4l/
g1wOZoWfb4whURTrM8pBd2UvS//7FUG23yoFtyD0kzERFvTT2Es3whKineUtHxAp
Dhf0mXT5aiS45Gpue8Eh4Lzl/SBan+WtbYiGsMUXcdyC7aoXMGuRveEV0BjO5hgm
K4vTpgdXfM2vtIj//eWERsm3SBtk7B/MEqIS9Xkz9ELIObcBSxlPGhnaJAHLrVcl
bRm7DNZqN1euWAnQaJyRtNEyXUx1heWzCECUY5L5vxLqQo0GJ67oA5VFV2duMTDI
chMBB8UlWNoyNDBlfWxRgH9I136xkZplNk/cSVaZw7RL/sQNz7gVrfwOaQIDAQAB
o4IBcjCCAW4wCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2Vu
ZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBTkCKWUHjo6HlsxCDXAVDI4N7kw
EzCB2wYDVR0jBIHTMIHQgBSDzgWqdk1v9fZT1ZAGuJmamsq/yqGBrKSBqTCBpjEL
MAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8w
DQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNV
BAMTC1ZQTi1BTlctVVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3
DQEJARYOYXJndXNAb29wZW4uZGWCCQC6fyidYy+33jATBgNVHSUEDDAKBggrBgEF
BQcDAjALBgNVHQ8EBAMCB4AwEwYDVR0RBAwwCoIIZ3ctY2t1YnUwDQYJKoZIhvcN
AQELBQADggIBAGSLlF/gaiE1+iVDbpLaWSASfGuZfxjXOemN+czikzy9nO5RDqkh
17oJIavuj5ROf+wBMUBqTPUiVKlfr1zMkXbm3V69zmssAMOhMyobg0hk0E2GXtrw
Tb6vxwFqaUukOcjX3u9PlGezewo/WuQJYH66efsAmgkqUgPLxN/SXCSbK/HC+l67
YuQfXoHqZQDZ3Ew4F1m61QnQJcUVKOQVotLWeKBy9QauP2GTpYqMmqbKXSogr975
SdapRTQccsaTrWHd1mgsFn2XZlcIkfq9/w1oILS+uptg8aG9NeZRJoSRZQnyfhfV
ZISXever73fqVUfh0ee5rPVdqzdUiY5f0R4rW+Y8MTjo6d1YuvPJYxrtKtn6ZlLN
uYwNZHjC0yPpo5tX7QXlUhtrMtg3nPrilO07opRKm89OkM78FTbgpSw/x/oDwQY3
RVYMQ0wJulAgUmwy80jgYB+HwkIaIROW2abd8XX4qBXCwV2N6MH6PePl1ttx0Spm
pVevqkOLIi0zpyjR0qh/pnGnbRWFhztgkvaIfStAk08KMNFgRekx3omHE2/KmRDf
azsDLHjw9SxMb3Tx9gMnmkV0rxM24VuRbWNh4KPNQaO7jeDf6it84y53rT34olcL
lF5jjfmPMuHiPJauPOw/wWRwFrh/hF99ncdO8c8JNJwOibrXvjidhzAC
-----END CERTIFICATE-----

29
ANW-URB/openvpn/gw-ckubu/keys/gw-ckubu.csr Normal file
View File

@ -0,0 +1,29 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIE9TCCAt0CAQAwga8xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3Jr
IFNlcnZpY2VzMR0wGwYDVQQDExRWUE4tQU5XLVVSQi1ndy1ja3VidTEUMBIGA1UE
KRMLVlBOIEFOVy1VUkIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIIC
IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAz9HzyPcBEFI4TEhvdPFCNXzI
4aXWhbKGmWaRRybWzW3SKBsO7KS7eDAx6E5cV/sEDUchPiEik3AXJ2uey4S4rpHT
16yZRfxE6+r6P5ZwOzxmvYZyb4cyYp0huQ3T9SjKRBgG7Vm+k+BRRVsxO6+5T63I
d2ZxKocXb7oPjClwrVdrmUMtfJOdnXWkUxQI1a/cEoq/3tq8MQ/u/uOPC/mR7PN/
c8UJAoMNocwm6wmjDzv0UOQsH46xze6clbdJwnmnfNBcf3a4dMT5PGxd/GHChhcD
yNpQvj+wOCJCJieHv5Trfi8+e+sVzKt9apL4vDCGEjIgPtjrvVFrI/5jbpRs1Kqd
sLTsW2gNqBPSjBkMNwvB5F+Jf4NcDmaFn2+MIVEU6zPKQXdlL0v/+xVBtt8qBbcg
9JMxERb009hLN8ISop3lLR8QKQ4X9Jl0+WokuORqbnvBIeC85f0gWp/lrW2IhrDF
F3Hcgu2qFzBrkb3hFdAYzuYYJiuL06YHV3zNr7SI//3lhEbJt0gbZOwfzBKiEvV5
M/RCyDm3AUsZTxoZ2iQBy61XJW0ZuwzWajdXrlgJ0GickbTRMl1MdYXlswhAlGOS
+b8S6kKNBieu6AOVRVdnbjEwyHITAQfFJVjaMjQwZX1sUYB/SNd+sZGaZTZP3ElW
mcO0S/7EDc+4Fa38DmkCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4ICAQAfQvUcdiK1
ykZKin31+ghZftAniK/ZQPOg/fFq1AjjNM349iiEBJRK/9N8upCqiXppJ4xmQESG
d80MAzj392a1zMMvWR6j2beNqrVyC8Vced/p1qMov+mR1PHtF9uelyHtrFNT5AWw
h5pd9wvFG7XXbPMQYeUIOesoNc80E1/PY9+3OqlRVPHCFqOxdmMR1kOTIq6z8xeB
Dah7QBgtEF6QkPU3wqtnis6hsr0q4gGPF4+apAX5S+OX7UVjsBOc2JwPSa8o0fJB
EJGzPVNFYxbL15ZasT34ajQJydJ7iT+E4oFtphN6VmlhYeK75OEA0Lb8x9Mzzm/h
dMgEDzhdqHZc3REEpK5hcvYk8PKGlkKY0j8QoqpaFN9gG1qsuzlhoRAs7zf1YY1I
H3eVnA5tPuPfVXawKY1JNSWR+zBFH5eb6qytmkovyGAbT2UYi6v4JyZFKpCUJYP5
DmKBL2vLVgDu1QjA6uFghWV3VBPkvyw0kDpvYOGD+PzryRsjYZYB0gHobW0hKYuS
8TCWUBPmtRoVg2+z0IkXL68Ajc0oyNo+M4Ihr6YQB1XYYOhv3bqHRhRQpNCIhbRA
D68WPzLFYNCjqMMXH1Q+mIbRDyT6ja5OKVX9uvVk9i2QJd0Vyf+N1d/xALNsijwf
UGoSG+FjZRFV3lEC12vdOOmK7FNlLvHjrQ==
-----END CERTIFICATE REQUEST-----

54
ANW-URB/openvpn/gw-ckubu/keys/gw-ckubu.key Normal file
View File

@ -0,0 +1,54 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIJjjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIVPXPy9FjUjECAggA
MBQGCCqGSIb3DQMHBAgeJeDimzYzlwSCCUg6NduONv8wnwx1hQtK24FFJF3dsFN9
sH3ar+oS9CBXyKKKz+Kj2QQcPuEHyD/Ex2KKaxrBLCIh4iHNo23ZoQTvdXpYvAsH
AJLeknvhYFI68hGWj69cGMS+huY/+8Pk2C5ZQZdl4vbClSIa5syHqAuufaWiRQy7
1jrlz8aWq/vx2IJE/OUw6kY6GVsp5/PJSjHS6bHpNM5r938IJeP7sbOvI3aSfqdh
QMATUhMEmmfMIJ5Qo9bgSfowcEPe1LPbg0zr2RbXJmd04vi3+m1AKSd3wG9PpNuh
fwQZGBES4HFdQeNwymfe4YPL7poxQsHqaffSauTxV0dMM3jfnL0O1kzYwYr7TvLN
a7hClcikUnOFHEO0JZm3uKvgFOsNrpPZHQ541BvHwumu9ATO9U8QvCVidZ4O8Ewh
xqXYS0Ugc3M5/jwJwlXKY8rZESM05ea2XdS3OzREQs6sHjnhBZqHB7yIOut3ENjI
sd0V+m2X/AJnxYDCkmfaXAWYdjzmNzWBrQ/2jGsLtvOz25o0BCr2s0Tds16s6ijy
PrnY+RljHd2xz+8VKIjmIRZAfSUj5bPA+5rlWNE17EqNVkE0Drq3ESFyOkOhIxv5
zWLNTJT9GLn8BOz8dt9iH1SXceiBQAAEjKohtihokF8WNFckXcYP8PIZxgT2gNSZ
9vldNzC7tT4/UviFMUJVE7fUQgYf0XgVPcDVvmvfs7xbJVG+cmdckL4qfZsV6xY+
bIyK4Y5fB0J4bQzIva6W96Nne0Lytf++y+sqgY4llpcFibKgYN7M3KfsM5A7k+wc
uKoGy5+2/dZrcF8rS87MPdeeIRKpYFKpxz1/VvugprAXfjDV2eKSULG1fEpsfVOx
u1FE7EIwDnYmue7MpA9OYvLOJXQrHbdnwlvjyRDmR2Pmll6rjEGX/yn9yBltVCal
7NCZHfwlQm4h16bUmWvUSBdTF80pCy6eOaBz77K/2v1V9vWzi1ZAyKy/aVhPtMS4
Jyh3Eg2fh5WHVlH6zkju7Oqz+vfLQS1XVoz5dabbnCgHzWk6MccVyE3D4G+0ti/R
6waRrBhIPazitKQTi7wnK6eZ1CVBCkbRkxu4EcBfq7R4TfV6ijVRK5T/LsYG3TzU
tSx6Z2VAdPDIl78usVOqirrw/Q68s6w3xLm/WxV0a3f80afGHj0p1Pxx9IIb+4fB
B13tAJ8RTCtwXSFf09hFnSKYJc9iS2opUHFm79TUpDR220VznMdjZiLAbYb+lGDm
GNhshIBbaMrBi5oguZ2c9aP+FKUXooYQzpFfSPduU1oO0WoesJDbxbPrzyX6VFy2
d//WWCsGo3l7nF7gAsHJeR0gTaBhnuciR6VLOKuE7rQdoRFovtT/+u0/jUuztss0
P/cH0wZm2jye5y3A8yIsGIyoxJjwAEhCdgBK0ChHarpQ4owwgFWb2gif6T2wTi+j
8ng7r/LnqJZkWHwuttLXX7fpQLmOj6ybG3ytFf3t8A3MQJp2pTY/el7bf0xYz0x+
ll8BSHvGqTRZe3fImzcY03deOrKSPlWUQ0haiT3bcz6EJnWuul6/sCMmxIZbZaEc
qV/orXMaEm/nMd5+e7AVhDo9Q5nBVtTT+BZSABb8YEHY62g26FtEo8cvnFTNfOR7
gSfyBkS1YAttqdQ8UvB4TkjE3cmepy0bo1Uu0h+1XfQqTducPV6AmFu2snbnyys9
8KJgkV0qc+biK8ROPUQBKjE2Mi6jO3wLYVIr8PA2Gl/mv1TjdDOecFnsyyAcjNkX
Ol02fKSMl8nYVKnVKnTffLM6fYs2bKJwjEoYOkLDFmpO+fCnq1IFwg/CBkn7AL0s
chBVisDNUV9MGbDZVIiYUSEtaY7cgyAJqBfRbMtlvC2mQFzMI2L/+J/4ZUGRqJ8K
LsiJ+aCvwgHoOTpuxC7sH3LiAoDejOa8qMRWKqklO1LtNfvTV/APAACjhQ1N484R
/uzmLnKY6QPCFnK1zmo6NwvcSy/8vD3YZMxV3T54kqooMraJrVB62YJe/KsCTCbb
7bUkeNiqxT9jbUf9Lu4Wy91i9XRh9Kakxfl1/oM5E/cuzX+r7hz6AUSLgZ0ibgdJ
wXDCCcdxw6Ne+zw1ME5XfZ+3DhGvFb4LXZuTd5lGzNn01+5sTPMXEDbSaVUcuLc0
qxGNS/Eqs4qAy7FJK9sTMjPvfiPNSp40DOKfKO3dEyGawp3yKOlTNU+fLJT8qsPX
KjUghx2VTtZGOZVijB/VGdx0ecfqWK+FNR7ppU2+370PmDmCdWjlDF2S8CdROMCf
K90VEdvyXKi5NMxM6yRHgRgJTDhCqdKgWQE+NQ/pYqDYt8m2dJAupYKXrnddv5nz
0D9kxRylYi53LigGdDwwAq/R4fjOzZ1trstB4heMx9uMK9YsntOtMzTbOWpYxkqC
klAk7q70TPn8jj8JFYa5UhhDso2EwsfJJXQMReVk3Fs0Kg8hWJLsYyVwJjgAnSNH
1Cu9PvsC1diytKY63+pCJyzxql4ITqgHuVaC8lF/UsxSeTNqQSShviPmSV0V1a8h
W9iTH3oWwLkFp/yczJwLIfkCqMnYpBXE1RmnZfwOu38uWLizo4nVKIbN0Ak7dKX5
4knFkMeqig76Sz059sj1J4V3RwdEaa2do9wzD7893V80NfNWulEqMYG/ZWo8ibXf
gw4EAEyfIC1EldSoWbolhg/wrqqRN2yAij7UjHXDDFbGROyArc746HmkDIvS/RyA
4kGN/8Q5rYZnhoMh3lz1C5HfI0adSmZpjPjeKez1Pknk5lcmkmeoQ/e1Lq2w8Vz6
PqdqbgdHgUE64N5suxrbczMYtXv4sa+sEbs008UoUFHWp1mMVvLqgHkxcMA6qgvo
JM6SPC8yo+di9OGCh92BKo13hbNK0dcs+5Eoq2ahz8e2LM5v4EPHjzqNpEoXTbHw
YepbkgUClp0o8rrxbKQWGpG/x9Yjx8x3TJG2goAxQhjAMmovsbk+U/SuekthWU06
pVC5piI6oho/Tcz4EQsUQMW1lctUVoRuvRZEu7+OTaOUhyv3yXW12gOWM8oVusgh
LE2NaYGiiCun0FI3oJsmmzWn+6xJvYaQM9yFwEhzUFwBDw0BxmCKun8dJ212rvGd
AUVseiVNsR9f3hmHuAT0W+B3XMDq9mAX7rNBts83XfcKrspL5ovKJ2/Um2aOnJwY
rxE=
-----END ENCRYPTED PRIVATE KEY-----

2
ANW-URB/openvpn/gw-ckubu/keys/index.txt Normal file
View File

@ -0,0 +1,2 @@
V 380701120800Z 01 unknown /C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-ANW-URB-server/name=VPN ANW-URB/emailAddress=argus@oopen.de
V 380701121959Z 02 unknown /C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-ANW-URB-gw-ckubu/name=VPN ANW-URB/emailAddress=argus@oopen.de

1
ANW-URB/openvpn/gw-ckubu/keys/index.txt.attr Normal file
View File

@ -0,0 +1 @@
unique_subject = yes

1
ANW-URB/openvpn/gw-ckubu/keys/index.txt.attr.old Normal file
View File

@ -0,0 +1 @@
unique_subject = yes

1
ANW-URB/openvpn/gw-ckubu/keys/index.txt.old Normal file
View File

@ -0,0 +1 @@
V 380701120800Z 01 unknown /C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-ANW-URB-server/name=VPN ANW-URB/emailAddress=argus@oopen.de

1
ANW-URB/openvpn/gw-ckubu/keys/serial Normal file
View File

@ -0,0 +1 @@
03

1
ANW-URB/openvpn/gw-ckubu/keys/serial.old Normal file
View File

@ -0,0 +1 @@
02

142
ANW-URB/openvpn/gw-ckubu/keys/server.crt Normal file
View File

@ -0,0 +1,142 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-ANW-URB/name=VPN ANW-URB/emailAddress=argus@oopen.de
Validity
Not Before: Jul 1 12:08:00 2018 GMT
Not After : Jul 1 12:08:00 2038 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-ANW-URB-server/name=VPN ANW-URB/emailAddress=argus@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:dc:d8:37:7c:82:5d:f7:52:61:1a:64:5e:4e:4c:
66:8f:81:4a:70:de:4f:ed:ab:7e:8c:dc:aa:6d:77:
2d:53:b6:7e:80:e7:54:e0:98:81:cf:f2:e7:bf:2c:
62:5e:31:54:aa:e5:ce:8f:b3:86:31:22:6c:0e:bd:
bd:c6:df:a8:1e:90:4c:aa:6b:af:85:85:e8:37:db:
13:fa:83:40:7f:5d:2f:d5:4b:35:8b:36:7e:ae:50:
a5:b1:7d:dc:d2:db:d1:20:5a:7b:ec:fb:b9:04:54:
d5:b9:13:7a:cd:50:7b:f8:68:f2:03:4b:34:92:5d:
65:dc:99:2b:03:f0:93:a7:5b:df:5b:be:f1:c8:c7:
d0:03:c3:fa:f5:27:3e:1d:87:9c:af:22:3a:c5:12:
f1:7e:52:ed:73:db:a7:a3:01:e4:ab:7b:34:a4:30:
8c:c4:9f:bf:f6:0b:5f:31:eb:15:90:d9:b1:c1:00:
e2:22:50:d8:91:1a:d5:49:fe:bd:1d:48:41:1a:1c:
54:cc:50:88:a3:4d:b4:24:6b:54:d1:e5:f9:6d:88:
a5:cb:8d:1d:29:50:2d:01:8e:41:2a:ce:57:08:c9:
96:4e:27:7a:74:6f:ed:99:cf:c4:e5:f2:9a:d8:1d:
ec:24:f1:2d:8e:48:ec:60:6f:d0:96:fc:dd:87:98:
b2:b6:92:e4:eb:f6:22:9a:ed:63:c2:ba:a7:f2:87:
1d:50:d0:ee:cd:93:47:a6:d3:db:5d:f7:af:58:cc:
13:e8:dd:1b:73:20:1c:66:b8:ca:91:fb:96:80:7d:
93:fd:e9:80:2a:9b:17:41:24:6b:ea:fa:65:5f:17:
47:99:0a:c2:93:67:e9:11:6c:fb:84:b7:f2:4a:15:
46:19:13:d3:6f:94:93:06:57:b6:44:77:8f:c1:0e:
38:6f:1a:98:15:87:f6:91:c8:ac:38:f6:78:44:dd:
8f:e2:6e:da:72:0e:81:61:d3:cd:61:cd:fa:3c:9c:
6f:0c:fa:cd:91:5b:b2:98:65:cd:ed:19:34:d7:2f:
53:fa:a4:c2:4c:bb:39:2d:b7:fc:db:0d:b7:a9:38:
2c:15:ff:24:78:e1:66:d4:4b:22:95:87:da:6d:1e:
81:73:93:45:13:5e:7a:b1:a6:3c:a2:41:96:e2:ec:
bb:5d:1e:d2:33:8f:1e:05:7f:a9:ef:b0:59:45:d2:
9d:06:fc:ba:84:24:3a:0c:8c:a2:fd:d9:8a:91:21:
a4:47:c3:a9:ca:07:7a:9d:4c:67:f0:de:29:9b:2c:
4f:4b:fc:d6:91:78:44:52:41:a8:9d:4c:c1:15:90:
93:2c:1b:91:28:7c:4e:3d:f6:a8:3a:e0:fc:05:de:
a3:ec:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Server
Netscape Comment:
Easy-RSA Generated Server Certificate
X509v3 Subject Key Identifier:
8D:6F:B4:C0:CA:39:8E:D1:BC:31:63:A4:32:BB:B0:C8:66:6C:7E:A3
X509v3 Authority Key Identifier:
keyid:83:CE:05:AA:76:4D:6F:F5:F6:53:D5:90:06:B8:99:9A:9A:CA:BF:CA
DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-ANW-URB/name=VPN ANW-URB/emailAddress=argus@oopen.de
serial:BA:7F:28:9D:63:2F:B7:DE
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Subject Alternative Name:
DNS:server
Signature Algorithm: sha256WithRSAEncryption
14:4f:8a:df:e6:49:a2:f4:59:cd:15:11:38:ee:de:80:07:0f:
52:87:d2:46:af:32:87:83:17:8e:e7:98:fb:f2:75:8d:85:32:
92:2d:df:41:eb:f9:74:7f:46:64:d2:1b:3b:60:2b:4c:c9:f3:
8a:50:91:04:ef:dc:aa:fd:03:ed:7b:9e:d8:d8:b5:df:ce:22:
d3:93:ea:92:50:d2:89:e2:a8:41:d9:19:13:d7:ab:3e:57:22:
54:73:cb:b4:03:30:be:c8:ea:fb:2f:96:30:74:29:d1:c1:4e:
9f:f6:c4:42:cd:67:b0:12:15:99:0b:58:d5:9c:0b:a0:65:6d:
44:b9:65:a4:f3:fd:d8:87:dd:f9:da:1c:0b:3d:96:1c:d1:29:
68:30:73:89:83:b8:3d:f5:f9:51:3c:c6:32:17:3a:c7:f8:1f:
81:09:9e:cd:87:27:3d:f6:62:57:0d:75:62:60:65:34:13:5d:
09:19:be:f5:57:23:c7:be:6b:0c:b5:67:a0:ec:8d:c1:0d:9c:
1f:e2:78:58:83:f8:30:a4:3e:72:e7:31:62:0e:d0:da:84:ce:
95:6c:1e:69:62:ee:c8:b0:61:55:1c:15:5e:69:7c:5c:c4:95:
91:28:7a:63:66:65:66:8f:0c:4e:cd:38:aa:94:11:d0:a0:cf:
2a:d5:fb:e1:3a:6b:b9:6c:13:cd:b9:e0:2e:8b:cd:c7:06:cf:
12:17:32:0e:ae:50:cf:7f:04:df:8f:c9:bb:eb:5f:72:b7:63:
ec:31:e8:1a:a2:94:93:43:64:17:69:ab:26:61:1d:fd:85:e3:
c1:60:ed:c2:9d:f6:04:11:a5:ff:77:e0:d3:ef:75:90:99:36:
ab:62:59:fd:75:df:95:be:c7:1a:e0:eb:92:07:f9:a7:6b:a3:
3c:30:14:99:60:e3:04:3c:ba:45:91:fd:bf:1d:6a:d8:26:61:
eb:8d:76:7e:74:7c:d5:a3:50:0a:ab:cf:c8:f1:85:65:e4:6c:
10:11:91:f8:68:54:05:37:11:9e:ee:1c:5d:60:f7:b3:40:cf:
9c:c1:f4:3a:26:6c:d2:72:19:20:3c:da:27:9d:17:dd:75:f1:
b8:b3:9e:bc:92:4f:18:26:ad:38:a6:27:2a:92:b1:8e:23:96:
ff:0b:b1:96:ed:40:b6:da:3c:52:49:09:07:1d:6d:ed:02:78:
fd:55:95:db:8c:6c:85:2b:5d:4b:56:0f:ea:49:6d:2d:10:c7:
df:a8:3f:dd:b5:c5:be:ba:69:b0:a5:b0:c7:06:71:be:af:33:
c3:4e:71:aa:ce:1b:51:2f:dd:bc:c7:a0:8e:92:b1:ff:3b:cf:
a7:62:fd:35:c6:01:64:66
-----BEGIN CERTIFICATE-----
MIIHXDCCBUSgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1BTlct
VVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
b29wZW4uZGUwHhcNMTgwNzAxMTIwODAwWhcNMzgwNzAxMTIwODAwWjCBrTELMAkG
A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGzAZBgNVBAMT
ElZQTi1BTlctVVJCLXNlcnZlcjEUMBIGA1UEKRMLVlBOIEFOVy1VUkIxHTAbBgkq
hkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
MIICCgKCAgEA3Ng3fIJd91JhGmReTkxmj4FKcN5P7at+jNyqbXctU7Z+gOdU4JiB
z/LnvyxiXjFUquXOj7OGMSJsDr29xt+oHpBMqmuvhYXoN9sT+oNAf10v1Us1izZ+
rlClsX3c0tvRIFp77Pu5BFTVuRN6zVB7+GjyA0s0kl1l3JkrA/CTp1vfW77xyMfQ
A8P69Sc+HYecryI6xRLxflLtc9unowHkq3s0pDCMxJ+/9gtfMesVkNmxwQDiIlDY
kRrVSf69HUhBGhxUzFCIo020JGtU0eX5bYily40dKVAtAY5BKs5XCMmWTid6dG/t
mc/E5fKa2B3sJPEtjkjsYG/Qlvzdh5iytpLk6/Yimu1jwrqn8ocdUNDuzZNHptPb
XfevWMwT6N0bcyAcZrjKkfuWgH2T/emAKpsXQSRr6vplXxdHmQrCk2fpEWz7hLfy
ShVGGRPTb5STBle2RHePwQ44bxqYFYf2kcisOPZ4RN2P4m7acg6BYdPNYc36PJxv
DPrNkVuymGXN7Rk01y9T+qTCTLs5Lbf82w23qTgsFf8keOFm1EsilYfabR6Bc5NF
E156saY8okGW4uy7XR7SM48eBX+p77BZRdKdBvy6hCQ6DIyi/dmKkSGkR8Opygd6
nUxn8N4pmyxPS/zWkXhEUkGonUzBFZCTLBuRKHxOPfaoOuD8Bd6j7FECAwEAAaOC
AYowggGGMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMDQGCWCGSAGG+EIB
DQQnFiVFYXN5LVJTQSBHZW5lcmF0ZWQgU2VydmVyIENlcnRpZmljYXRlMB0GA1Ud
DgQWBBSNb7TAyjmO0bwxY6Qyu7DIZmx+ozCB2wYDVR0jBIHTMIHQgBSDzgWqdk1v
9fZT1ZAGuJmamsq/yqGBrKSBqTCBpjELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJl
cmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsT
EE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1BTlctVVJCMRQwEgYDVQQp
EwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQC6
fyidYy+33jATBgNVHSUEDDAKBggrBgEFBQcDATALBgNVHQ8EBAMCBaAwEQYDVR0R
BAowCIIGc2VydmVyMA0GCSqGSIb3DQEBCwUAA4ICAQAUT4rf5kmi9FnNFRE47t6A
Bw9Sh9JGrzKHgxeO55j78nWNhTKSLd9B6/l0f0Zk0hs7YCtMyfOKUJEE79yq/QPt
e57Y2LXfziLTk+qSUNKJ4qhB2RkT16s+VyJUc8u0AzC+yOr7L5YwdCnRwU6f9sRC
zWewEhWZC1jVnAugZW1EuWWk8/3Yh9352hwLPZYc0SloMHOJg7g99flRPMYyFzrH
+B+BCZ7Nhyc99mJXDXViYGU0E10JGb71VyPHvmsMtWeg7I3BDZwf4nhYg/gwpD5y
5zFiDtDahM6VbB5pYu7IsGFVHBVeaXxcxJWRKHpjZmVmjwxOzTiqlBHQoM8q1fvh
Omu5bBPNueAui83HBs8SFzIOrlDPfwTfj8m7619yt2PsMegaopSTQ2QXaasmYR39
hePBYO3CnfYEEaX/d+DT73WQmTarYln9dd+Vvsca4OuSB/mna6M8MBSZYOMEPLpF
kf2/HWrYJmHrjXZ+dHzVo1AKq8/I8YVl5GwQEZH4aFQFNxGe7hxdYPezQM+cwfQ6
JmzSchkgPNonnRfddfG4s568kk8YJq04picqkrGOI5b/C7GW7UC22jxSSQkHHW3t
Anj9VZXbjGyFK11LVg/qSW0tEMffqD/dtcW+ummwpbDHBnG+rzPDTnGqzhtRL928
x6COkrH/O8+nYv01xgFkZg==
-----END CERTIFICATE-----

29
ANW-URB/openvpn/gw-ckubu/keys/server.csr Normal file
View File

@ -0,0 +1,29 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIE8zCCAtsCAQAwga0xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3Jr
IFNlcnZpY2VzMRswGQYDVQQDExJWUE4tQU5XLVVSQi1zZXJ2ZXIxFDASBgNVBCkT
C1ZQTiBBTlctVVJCMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCCAiIw
DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANzYN3yCXfdSYRpkXk5MZo+BSnDe
T+2rfozcqm13LVO2foDnVOCYgc/y578sYl4xVKrlzo+zhjEibA69vcbfqB6QTKpr
r4WF6DfbE/qDQH9dL9VLNYs2fq5QpbF93NLb0SBae+z7uQRU1bkTes1Qe/ho8gNL
NJJdZdyZKwPwk6db31u+8cjH0APD+vUnPh2HnK8iOsUS8X5S7XPbp6MB5Kt7NKQw
jMSfv/YLXzHrFZDZscEA4iJQ2JEa1Un+vR1IQRocVMxQiKNNtCRrVNHl+W2IpcuN
HSlQLQGOQSrOVwjJlk4nenRv7ZnPxOXymtgd7CTxLY5I7GBv0Jb83YeYsraS5Ov2
IprtY8K6p/KHHVDQ7s2TR6bT2133r1jME+jdG3MgHGa4ypH7loB9k/3pgCqbF0Ek
a+r6ZV8XR5kKwpNn6RFs+4S38koVRhkT02+UkwZXtkR3j8EOOG8amBWH9pHIrDj2
eETdj+Ju2nIOgWHTzWHN+jycbwz6zZFbsphlze0ZNNcvU/qkwky7OS23/NsNt6k4
LBX/JHjhZtRLIpWH2m0egXOTRRNeerGmPKJBluLsu10e0jOPHgV/qe+wWUXSnQb8
uoQkOgyMov3ZipEhpEfDqcoHep1MZ/DeKZssT0v81pF4RFJBqJ1MwRWQkywbkSh8
Tj32qDrg/AXeo+xRAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAgEAgGxSsGFaKEbn
6p6vY7xAmnKrYMaMrEEdG2FrDzXUKhgKLEnNPT+5wk2/txxeLqSbVqKe+ig0cxTo
kcJuylqD8l+QUVb1pt0nYtUmhLTqpZa2VRAnsayZ0FDdxv/s9NeOY0faC27YBMJs
JTUb5J/YgbE72JdIMU4ZcUcNgLXkT4H6zhx6gMM8WKBdxtsoKg9+VG7eIB1lKQP1
AfkSd5KCzBG8XrvInCPvjc7e9BW7sDMmkNwe8a9vO2trJxWxvfdhhREYXwKY/fI/
heHZhO1PGfklrJvlX4Zdf5V1beiEjXKc3lammL5UN07mYPEDDXY5R5kxL55kD4Mp
fVGc14rZZ//PPeClGKW9tiCOs3XQshHobJMJhMoxr0qghbh3hoW9LgM9EhIVL/xm
D/Od19jVid9gX8lFtWgFFYHuOp19Ch/l96Q3NmsYDEXYAVn3OMrwudKdKbFynj/t
DvJTm53DzKcyde4t8n9UWUVRpawg6NzK7TvmaoiN2ix+prWVSJNxqid02HLK3eA7
FM65Kl9mHxMBhn4lvP0qsuFAop/BfgF53NoyzJ2XKtIRkt8+TfwdGc2R8x949UPR
80r44MuR/z4AqJL5cO+rQoWSxWuxJHjlaQhvuhJCclUiR9js5GZWkCQI1hwkO9uf
9dYzlA1J+jkyLAiKjGTgU4H6SslFMHg=
-----END CERTIFICATE REQUEST-----

Some files were not shown because too many files have changed in this diff Show More