o.open/Office_Networks
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update ANW-URB.

Browse Source
This commit is contained in:
Christoph 2018-07-01 16:58:11 +02:00
parent 100d1297e6
commit a8ad08b139
107 changed files with 6107 additions and 89 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ANW-URB/README.txt
View File

@ -1,5 +1,8 @@
-------
Notice:
-------
You have to change some configuration files becaus the because
the configuration of network interfaces must not be equal.
@ -21,5 +24,5 @@ Notice:
interfaces.ANW-URB: see above
default_isc-dhcp-server.ANW-URB
ipt-firewall.ANW-URB: LAN device (mostly ) = eth1
second LAN WLAN or what ever (if present) = eth0
second LAN WLAN or what ever (if present) = eth0

2
ANW-URB/bin/admin-stuff

@ -1 +1 @@
Subproject commit 6c91fc0987a1d4b55910523e167b3755ab1f6718
Subproject commit 414ae04eada0ebc45643e82d8742de795e5c5a70

2
ANW-URB/bin/manage-gw-config

@ -1 +1 @@
Subproject commit 2a96dfdc8f50605a84059b07e64b8ae6b41b5688
Subproject commit e0e37c21b77b5876fb9b5b66204cfcb7eba3cffc

2
ANW-URB/bin/monitoring

@ -1 +1 @@
Subproject commit 0611d0a2ad1eefa0a9a094887a76bc5bc8532653
Subproject commit 9a02312bda7beec1b6d6f63d197f2dfd39254680

94
ANW-URB/bind/bind.keys
View File

@ -1,49 +1,69 @@
/* $Id: bind.keys,v 1.5.42.2 2011-01-04 19:14:48 each Exp $ */
# The bind.keys file is used to override built-in DNSSEC trust anchors
# which are included as part of BIND 9. As of the current release (BIND
# 9.7), the only trust anchor it sets is the one for the ISC DNSSEC
# Lookaside Validation zone ("dlv.isc.org"). Trust anchors for any other
# zones MUST be configured elsewhere; if they are configured here, they
# will not be recognized or used by named.
# The bind.keys file is used to override the built-in DNSSEC trust anchors
# which are included as part of BIND 9. As of the current release, the only
# trust anchors it contains are those for the DNS root zone ("."), and for
# the ISC DNSSEC Lookaside Validation zone ("dlv.isc.org"). Trust anchors
# for any other zones MUST be configured elsewhere; if they are configured
# here, they will not be recognized or used by named.
#
# This file also contains a copy of the trust anchor for the DNS root zone
# ("."). However, named does not use it; it is provided here for
# informational purposes only. To switch on DNSSEC validation at the
# root, the root key below can be copied into named.conf.
#
# The built-in DLV trust anchor in this file is used directly by named.
# However, it is not activated unless specifically switched on. To use
# the DLV key, set "dnssec-lookaside auto;" in the named.conf options.
# Without this option being set, the key in this file is ignored.
# The built-in trust anchors are provided for convenience of configuration.
# They are not activated within named.conf unless specifically switched on.
# To use the built-in root key, set "dnssec-validation auto;" in
# named.conf options. To use the built-in DLV key, set
# "dnssec-lookaside auto;". Without these options being set,
# the keys in this file are ignored.
#
# This file is NOT expected to be user-configured.
#
# These keys are current as of January 2011. If any key fails to
# These keys are current as of Feburary 2017. If any key fails to
# initialize correctly, it may have expired. In that event you should
# replace this file with a current version. The latest version of
# bind.keys can always be obtained from ISC at https://www.isc.org/bind-keys.
managed-keys {
# ISC DLV: See https://www.isc.org/solutions/dlv for details.
# NOTE: This key is activated by setting "dnssec-lookaside auto;"
# in named.conf.
dlv.isc.org. initial-key 257 3 5 "BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2
brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+
1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5
ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk
Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM
QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt
TDN0YUuWrBNh";
# ISC DLV: See https://www.isc.org/solutions/dlv for details.
#
# NOTE: The ISC DLV zone is being phased out as of February 2017;
# the key will remain in place but the zone will be otherwise empty.
# Configuring "dnssec-lookaside auto;" to activate this key is
# harmless, but is no longer useful and is not recommended.
dlv.isc.org. initial-key 257 3 5 "BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2
brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+
1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5
ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk
Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM
QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt
TDN0YUuWrBNh";
# ROOT KEY: See https://data.iana.org/root-anchors/root-anchors.xml
# for current trust anchor information.
# NOTE: This key is activated by setting "dnssec-validation auto;"
# ROOT KEYS: See https://data.iana.org/root-anchors/root-anchors.xml
# for current trust anchor information.
#
# These keys are activated by setting "dnssec-validation auto;"
# in named.conf.
. initial-key 257 3 8 "AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF
FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX
bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD
X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz
W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS
Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq
QxA+Uk1ihz0=";
#
# This key (19036) is to be phased out starting in 2017. It will
# remain in the root zone for some time after its successor key
# has been added. It will remain this file until it is removed from
# the root zone.
. initial-key 257 3 8 "AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF
FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX
bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD
X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz
W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS
Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq
QxA+Uk1ihz0=";
# This key (20326) is to be published in the root zone in 2017.
# Servers which were already using the old key (19036) should
# roll seamlessly to this new one via RFC 5011 rollover. Servers
# being set up for the first time can use the contents of this
# file as initializing keys; thereafter, the keys in the
# managed key database will be trusted and maintained
# automatically.
. initial-key 257 3 8 "AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3
+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kv
ArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF
0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+e
oZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfd
RUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwN
R1AkUTV74bU=";
};

49
ANW-URB/bind/bind.keys.dpkg-old Normal file
View File

@ -0,0 +1,49 @@
/* $Id: bind.keys,v 1.5.42.2 2011-01-04 19:14:48 each Exp $ */
# The bind.keys file is used to override built-in DNSSEC trust anchors
# which are included as part of BIND 9. As of the current release (BIND
# 9.7), the only trust anchor it sets is the one for the ISC DNSSEC
# Lookaside Validation zone ("dlv.isc.org"). Trust anchors for any other
# zones MUST be configured elsewhere; if they are configured here, they
# will not be recognized or used by named.
#
# This file also contains a copy of the trust anchor for the DNS root zone
# ("."). However, named does not use it; it is provided here for
# informational purposes only. To switch on DNSSEC validation at the
# root, the root key below can be copied into named.conf.
#
# The built-in DLV trust anchor in this file is used directly by named.
# However, it is not activated unless specifically switched on. To use
# the DLV key, set "dnssec-lookaside auto;" in the named.conf options.
# Without this option being set, the key in this file is ignored.
#
# This file is NOT expected to be user-configured.
#
# These keys are current as of January 2011. If any key fails to
# initialize correctly, it may have expired. In that event you should
# replace this file with a current version. The latest version of
# bind.keys can always be obtained from ISC at https://www.isc.org/bind-keys.
managed-keys {
# ISC DLV: See https://www.isc.org/solutions/dlv for details.
# NOTE: This key is activated by setting "dnssec-lookaside auto;"
# in named.conf.
dlv.isc.org. initial-key 257 3 5 "BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2
brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+
1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5
ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk
Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM
QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt
TDN0YUuWrBNh";
# ROOT KEY: See https://data.iana.org/root-anchors/root-anchors.xml
# for current trust anchor information.
# NOTE: This key is activated by setting "dnssec-validation auto;"
# in named.conf.
. initial-key 257 3 8 "AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF
FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX
bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD
X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz
W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS
Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq
QxA+Uk1ihz0=";
};

4
ANW-URB/openvpn/anwaeltinnen/ccd/server-anwaeltinnen/VPN-ANW-URB-chris Normal file
View File

@ -0,0 +1,4 @@
ifconfig-push 10.0.132.3 255.255.255.0
push "route 172.16.132.0 255.255.255.0"
#push "route 192.168.1.0 255.255.255.0"

2
ANW-URB/openvpn/anwaeltinnen/ccd/server-anwaeltinnen/VPN-ANW-URB-undine Normal file
View File

@ -0,0 +1,2 @@
ifconfig-push 10.0.132.4 255.255.255.0
#push "route 192.168.1.0 255.255.255.0"

270
ANW-URB/openvpn/anwaeltinnen/client-configs/chris.conf Normal file
View File

@ -0,0 +1,270 @@
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote gw-urban.oopen.de 1194
topology subnet
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Try to preserve some state across restarts.
persist-key
persist-tun
# Server CA
<ca>
-----BEGIN CERTIFICATE-----
MIIG5DCCBMygAwIBAgIJAN1fphZLnTfpMA0GCSqGSIb3DQEBCwUAMIGmMQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEUMBIGA1UEAxML
VlBOLUFOVy1VUkIxFDASBgNVBCkTC1ZQTiBBTlctVVJCMR0wGwYJKoZIhvcNAQkB
Fg5hcmd1c0Bvb3Blbi5kZTAgFw0xODA3MDExMTM2NTVaGA8yMDUwMDcwMTExMzY1
NVowgaYxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJl
cmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2Vz
MRQwEgYDVQQDEwtWUE4tQU5XLVVSQjEUMBIGA1UEKRMLVlBOIEFOVy1VUkIxHTAb
BgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOC
Ag8AMIICCgKCAgEA0Eg3kuQNQbERkNaYwBm4/Q1FAnFg5p9kPFDoYrx+/Sm1XCAp
dO4Ufs0ZqyGFhUMtKU2nNeKy21lPMR3sRIADlqX767FmNahMHsG6iJ87y2cEZKTD
CWK15jNEwP54DzxTqSEO3VnmMnZqOrahPTyAsrT/HGnaair40FG3JKj1VzbERuaD
u9OGKzGLFfZLTisGURAiU0yWKt9t6EbunXVheMmCv1n0ReKWF8W4lzPl7XNZnrN+
uVr6PFYwgwWW9iyJF5gwBuWnk6gCMZ4dk7NJGX00rPn9tL9gj4OpSq4ab9B9iUTM
9qtJRw859i8255TzyjGLrFxjdSVcr6jkKZXBqfPCc52PFsdtdi0Z3TaixY6q33NH
QPjLwacFHqKqjmURYmEJ6SCQh+gy88ns+q1F6iGW/RJcYAr5aSfHCujvcqzWx7kQ
Cm+M0e2or52GF7rni2RxuwN5VB+Rg8odDblXFJz8+Re2ogIjVJH3+SGO5THmWb2U
vcQfZG8HS9qo/M7AfFAX8rJ9SGUE8IXd+ToLChNQQ+ve0BtELVxepb9Sa+qNrd1y
KMgfexkCaI0FE8nrXyW/RcDuvczQu3Z4gUyimbGGR7OjCh0sbW/YKu/3Fa9TM5zB
Y4ftr7hy3ZnHbJN+19n2UHfmtTr+ZgeAs7JwMynInof8BHhGv+kUum3crJsCAwEA
AaOCAQ8wggELMB0GA1UdDgQWBBTF9OUo3n/o7JvzICYiUlEjKHRepDCB2wYDVR0j
BIHTMIHQgBTF9OUo3n/o7JvzICYiUlEjKHRepKGBrKSBqTCBpjELMAkGA1UEBhMC
REUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZv
Lm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1B
TlctVVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJn
dXNAb29wZW4uZGWCCQDdX6YWS5036TAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEB
CwUAA4ICAQCsVsSGmADWXv/lcH9sG+dIfQzq1b+gwlbdFPUX2Cc8zOnKwwKlG31k
dupsmTz6e7kXNMbcaWkZmhC20SxnuVzuT0BxoCAplTZ64FxK+Z3ezjIj0UxEVS83
m9uDUJ8Cqdcb/0sv05pPqvw3NL+VvNElyZKYsE8YqzlxNcM0GYpFlbO4mH9g1Oc/
FChyxW0j1tdo/DDUypxOJni/nFETudequpeEAFI5rhOTu34uG2KZCXvKrPwO/NG9
EmgTZJhEA2QLKBfBwfiWFIlFc1EOx9ZyjmIxt/iA2nQAB6nN7mp/RxuzHuLfqJcN
+4LpD/gl2vdmgTSgSWPsFthRZALW7U4pJew4vJeQZjhn/0KjSPCCkoLaAIW/xQrs
4HgieQxO56ejaUzU+FdzU4MgWpZrl7i0OiZ6KiSH56PlutZhLyQha/P03IeXpSDs
WdRVE6iQ24CLjIJ+B3C/T/YtAGEnm5L+Rw5bVcL4cIjkoQx0tVHE1OOcquYY78aA
o1/oMkW/HRx7rGfbxykcnVOYyEegklSu4uSBIw2qrlA1Ug3wWpK+226+s2Rprpbs
Y44VQIZ0c2ZFG2nrddoG1N+Uzse/577orfsXeMyEbShgnao4If13DKqPCNfayxmp
4phyU0hy3UUIEc92FBH/GlOBbbxAozfH39GICmeFO6xTJDajKG0OTA==
-----END CERTIFICATE-----
</ca>
# Client Certificate
<cert>
-----BEGIN CERTIFICATE-----
MIIHQDCCBSigAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1BTlct
VVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
b29wZW4uZGUwHhcNMTgwNzAxMTIxMzQ1WhcNMzgwNzAxMTIxMzQ1WjCBrDELMAkG
A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGjAYBgNVBAMT
EVZQTi1BTlctVVJCLWNocmlzMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqG
SIb3DQEJARYOYXJndXNAb29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
ggIKAoICAQCmaF8/xuke0DJtb9o+YbTcavESM+LsNxT4WNKymiE8Ai0ABVUxZq8E
52XYnYNcaiavt/3ijmdDxQBOuMqU87dEke37mEh6Rqi5V7fwJ5kXPHNlhxDGDuHW
dYXjD60IYrw1HYoI7QPYUUS0MsRX3oQtFknRmQZbHKQODToEMvsSE9ZiZGrioVxh
5X8bcB0kIhN7vxD8P6Z4dPHcA6LXKuBfzt//LXMt3RK65a5i01S1SFM57nBj/e6n
vhpBIbyEcap0FjXduNfI08QVuIxKkq1eHAOGTA5LbRixjYWSxO4B5AHIoBmQrbq8
aVzDVn0RgvUd3dQVuYPNDvneJOrrSEYuneD8yl998+luSvE9JvhltzxHHsyyNvTD
30B2WsNxRgIYrUxq6lPgoAzpwEy/NhmUAx3RfCAyZnsKOBAkGwhkYdisT5DByvru
IR8tXz2EoYEOZ0lbdulVTIGrH7isdJSXGQiOXbLZIhr3/eTcFv9gNqbI4PvpCwPG
UP8hg8O8aUiWcoxrEArLL3tpxlp5JlS4BSXJj725m/CCuaZN6hl6cEUFttKmIoKW
KzCt9h8okGLEJVJKJtza05+U3sT02wKKJwyXRdfvfF8Z+k/yQcvPGMHxuGbdgSNP
sKx6BBE5VWPlF5CxfZGadogRnA4J3SG/MNgeMJv5UZ2rDjqZoubuYQIDAQABo4IB
bzCCAWswCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2VuZXJh
dGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBTRPLXyUmqvwwPUbLmzUYaOMxr4WDCB
2wYDVR0jBIHTMIHQgBTF9OUo3n/o7JvzICYiUlEjKHRepKGBrKSBqTCBpjELMAkG
A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMT
C1ZQTi1BTlctVVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJ
ARYOYXJndXNAb29wZW4uZGWCCQDdX6YWS5036TATBgNVHSUEDDAKBggrBgEFBQcD
AjALBgNVHQ8EBAMCB4AwEAYDVR0RBAkwB4IFY2hyaXMwDQYJKoZIhvcNAQELBQAD
ggIBAI67FjgkmJlI0/bie4kSEb1orEKzCGmA1q9FxJAD+DnWEpQcE+SYrtgJH//T
aH37a5siyjfFtLsQqf+4mv1lG9jONeqQvr9g/vNI0GR7fefjl2GxzaiOlONqiiAO
PZG4GabB524T90/szbFuGn3ri+A+40qRCEKJzOYG6NI/IpNdO7VunbY5NdRIqdEl
9BfYt1ROmhQba2srFSRsuClmdwQixl1Qh7b/97DN9wVqn+PHIwPYppqD002bxYBb
LZaKsbVoHy+nZdyrOhjPe+FVxPYBDd9BxeXDBwoVfgww8Y2V/6eqnJ0nHyo77n+a
sVF0Nej+36/VMBrPaB4chwIVcwudRCsrNsSKsinL7JzBhry423CfK57kTsqDQ0Ib
481tqr7CH3kSmTSbAdDX+3NG8W3NWzKlSprll8SSi/b7xX17yv6xc3AnBcngLlvG
DLOiCDAgX0iwgho1to+rnyZ8/IlxWe+5BhBJMyHfPZuyphPhD7KqxBjKb6K4y1at
wUxI8YSBEKM5mcdmjrkYVZVyHZB0tK2UsbkJC/gzJaVMOmbLRIHTkdx93rNAewEU
8JopTqHv84Z1yFiL8n6sI5XTwqdcCvj9Q/lJ3mh1UBogmtStr6OSUMDiWmsOLD/9
9QhHpvTC376/9OwD78wpPRBmCHdmpthXvryCE1eVOszDcapr
-----END CERTIFICATE-----
</cert>
# Client Key
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIJljBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIwgpZYNPhKv4CAggA
MBQGCCqGSIb3DQMHBAhMWcosg1DkggSCCVBPbBDQJAZKMbPsp1qwJQL09RpZgtpp
y93DH+BlfoqK8Yvn2P1FUUSK7gtHtg7dL7MJyXzQSusx7rd62wMTPDPOCf2p5S50
EngLGOwuS6mQtYXHSxl1+RIJxkTJzCOkeiFYZ2eXwhC1iTCZzAMuRNoY7dSQWMtP
mkJEcjA5xlSXGc9YZHE9T9TtKPHF3l6QJk9y7iT0CUF1PjAoSijGreuUMvK6t7FM
Bv+yurbXC03v7Bmsb+m3zDUSOzsDtDGWChP4v9kAGjv+wDNY44fI4nD3B2oJrGzu
QRqmuv/LqYJc5/4M2MoasJD7mc7JxNqf4CiY01exgVnALEb8mm1GLu3b0dyf0H08
N4tJl+6kctl7nIxux943o5CXSenBjRbiTys/Hsv5iUhlzLKBxrAiVACIDnOy6LLE
Z1xpWw+kGPNk95v61wxrO+k7wie3rAjLGwSjlgE/ukmBoF+t/huyB/5Uax0OMMQU
ju50r7HGaKiNLGi97pdr56fmRquFzxfbAoToZckwBHd4ga0DMFoHylnOo4fzwmL6
BAJg/kBDfn16rjGCwg90CF9hLyEnOyppAqTwqXQyDAWOFJaXSArea/Tvvo6sTK92
maKSLXhu9wHOWgti7IE3/tz/DUkXeTMvAms+C7ho24E9VgRi+1l6r92A9eeSAO6L
/d13e5jOfQ0NUvNpn0VyzwgKJK+LB4br7DveehUtTr4RVgH5x2ulzmsEeDEvlH4a
RYV7uDCG+f2IHieNsn4jI2yxZTVv1VhtPWQJdsFFJ2wmTHwnU+wDmeTBAaucB6E9
8swykBViLQwWzy3prBonDz2+1jAzMTvCeasZwEovSxgVtrMCOH/vobotMW/YVHtC
TBYNtX+1Sc3er06LdhsXn6BpmNiGck3jqOYPZDihX38viOfzFg0vy60r39TyLBX9
VFTepVPNDvG4NdLoqibbt70ik2L9y2igL60jb4hPIjWhN7kgmA033PkhPUb/FR0P
c7vGAtKpZ8OWWlGMMzURYchspfkMfeZ8fPyyk8kHm8nKQ0+sICy8IqNqK0bitS95
nIkGrohRasxBN0eqth4aofP+uLwsUagrd+ceFWNr0+F4xoqtyLVy/iq6XJytZniW
8cth2X/U1GwZ/6F0SdylXLbPhVHCcPvlowCVVBR0wScxRH3WjDj5lk9uHX0bPYTA
Sl1cuheFGMUSA/77t64yiSEHewW0H/DRSuNPMOS1zLMQ/L5c+kPPHLKRFqJCkPc2
rvsqKxKgvlmwCziMVgJQ0ndfET7m7UY8xUhlja3tsDG9bvPey6b2ZzZUpuRCAcck
MfTZeHkUhONkI8WLooedSjMO/mavwO8wqotCdHnO2FDvYZhFeEoQYqtT5jCD5kJC
D0RA/mCN0HMntedYZb+1N8GTIFnNwqCZzh4+QD8Am/iKd3HqO1SgxAbEAAkxyK7O
pMo/pzQQW22+Th+yOLBeKRMOL6jdy3di/mId6XXq4DNn3kRsHFsRSVXaWfAabzxB
Lr4qGlv2cIOlxjWcaSI8ldeoazDKmA8vzeQzbK6fGu9QgAKh+i7443blPp8J5Ms6
6hz7NK/H39CRNK4B+WIMswHSokSn99SfiC+3sOGgHXXNlqlRwvp7r5OUQ1uP8wLm
D6g22sO1BzYZOVbocyeVyrLEBjpY3kzaQDR2h/Ts8Y3urH3crY5IB4ZEf7CT4XdI
Qu8cYJNM87ifrrKNC6ZyenVtmAGMjpu6yXAxyEb+qDQnBioCOdX5knYnsOpWHBWG
lBpdL5SSbXxH0UWlLbMiIdO9NhNKZ27OtjXp2rlxOJMVryYdWtgDp4phmvI1cgV5
Qo6cUxS4IG0nHFsEfOHO56xnQGyt5tKHTjg9xtDjgLz2gBknjK1KcUfdZ1PZshef
08Y0DeubeFAi95JwB8NcZYEf3P01JH4c55Z9fVfWzhb04mX1fdHz9O/XqCMymiIv
C39gqMk96mPGamaN2wVt2twbnUtoA83E3m1dxk94sKxmFugkvlN1w4XjPEw2Wwba
cQj3Or3E6CtWsAo/5wlQZypvVkknjfyFZRYWb4dGX0tCPdNLrkArkpABTi7XrgYC
MFw1FX/Q2axEYFYUAb3XjDULlqa6ot3HDfJLll2Tqt65dj7sf/655n/oMU6deV/d
VKJzHvTwRmYFQyMYYA4LB6pVuSAL7r4L0ObHolt+Lq7KQpShjZwzL9GGzsD8nA6B
YRczfnTJRp+KZ4Nxgm5vm/UDhvUmGavqhkCnAHfPEj6wgrMsc0vyujbOo50lXH87
YbscsJqDFsnB+Ym5K+bD8X6cgO66PC2qQIngDuHyPm57l/FdbdAFbWQaDiv8Yojo
PnU8LisFXOv0h4ESa83zSUw9YRhMFcPR5yh28iYlVDWJjd9VoXgOoR6YGwTkV/wy
4CkQVIFznftkZXaZYrsfU/GaR1LjGxwu9TlLzt8hAqbgvzbGXvUn0zF7HF2OrMoX
OTUr/ptuF8qzq2JMzBlCla7tp1cmBR8NFd1ZUQVat95OEG5U9aMvHjHIZGpw0gcx
3PavXizCvjgsl8aHSeTRPBxS1ajzXont/RjRO5SOVj1y8jzvd8suCWCjkB6XeJI7
1kZAz2STCxq7k2uwpYmFMcyu3RCISoyWFAvpNY298RtsvJexyj3iWiVNPRgEDfSy
mncxifB/TZKofpHe3+ZM6uEbiKE3eivIZVFRTC3p3qN+WTMrgzQinADQZTwzBnJz
/BzO3iejgI6URhx62F3OVJOaG16pYNJ+RT1gHFl/icozVOPXjSDgtjztDVKMhqd/
0oRCCCt5RBy5T6ufUpoJJ6rZsRRITthb+u7YhFZuuYcPCPcC1UF43SjXXitf00Av
ImlNi6F9FyQU8HZ8nMuOzcDv2E109g1nyisPnUTuBd5tPzVwHI5+ZdAWTYyGurDR
P+s+56COnfo68wcmPuEHSBqQjBD+8Tlkf0NS0g55uYiszULvWO74i0UEi0TXyd1b
sFXDbiUk7fIW5kWCzwaEgECTWAHNr52IpoF/5WEHCNaV2uDg7t5QLDMwVk3bJe2z
CODdkX5frI/HNkZwn7Ywq7uu+T2ADFSqRmjputFp/VjOuQICyJ0xL3vl51vn11FL
lj3hkBwxfHPZyugbwD9OkXInyr1du0h/aOoCauf2DX9IzAb48Xt0E0P0TiCUZJY0
WO3Ph1v2Ieg0Vg==
-----END ENCRYPTED PRIVATE KEY-----
</key>
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-server
# script in the easy-rsa folder will do this.
#
# Note!
# The option "ns-cert-type" has been deprecated since
# version 2.4 and will be removed from later distributions.
#
# Use the modern equivalent "remote-cert-tls"
#
;ns-cert-type server
remote-cert-tls server
# If a tls-auth key is used on the server
# then every client must also have the key.
#
# Don't forget to set the 'key-direction' Parameter if using
# Inline Key. Usualy , sever has key direction '0', while client
# has ke direction '1'.
#
key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
b5fff06e622a9b746f5f7496e4995abb
cdb1504b21d4f6937f4f455358831fa9
d9e6c2ff64229b53be1f5ee86865cd9b
6076ee9a55c4ec534d52ee6715b4bdee
993eab28f394fbb3843b6c4e4e2c71a8
75b2bf33e58457ad6d8e35c6adeafe13
ffc25ce4c6b7883311f40e6040e3a89d
7442612f008190286768cad399da95c7
1ada651b830a9ce00ed0c7397eb8d25e
efdac1ea41e70ab1c466d8e2a7d5ea61
6dc519f0561ffe874dd731da4de6b5e0
16d445c20133139d775e8eb4287a8a15
9f01cf7d7fa91ad6ec7c5fb876ccd181
0c100ac5dfd28f9bfe2fcc02c84f9d95
5c94571f02a6b9032f8f7fff07c29c9c
4cfbf4bcb2dd45e9659506e1b5c5b745
-----END OpenVPN Static key V1-----
</tls-auth>
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
cipher AES-256-CBC
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
;comp-lzo
# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 1
# Setting 'pull' on the client takes care to get the 'push' durectives
# from the server
pull

270
ANW-URB/openvpn/anwaeltinnen/client-configs/undine.conf Normal file
View File

@ -0,0 +1,270 @@
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote gw-urban.oopen.de 1194
topology subnet
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Try to preserve some state across restarts.
persist-key
persist-tun
# Server CA
<ca>
-----BEGIN CERTIFICATE-----
MIIG5DCCBMygAwIBAgIJAN1fphZLnTfpMA0GCSqGSIb3DQEBCwUAMIGmMQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEUMBIGA1UEAxML
VlBOLUFOVy1VUkIxFDASBgNVBCkTC1ZQTiBBTlctVVJCMR0wGwYJKoZIhvcNAQkB
Fg5hcmd1c0Bvb3Blbi5kZTAgFw0xODA3MDExMTM2NTVaGA8yMDUwMDcwMTExMzY1
NVowgaYxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJl
cmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2Vz
MRQwEgYDVQQDEwtWUE4tQU5XLVVSQjEUMBIGA1UEKRMLVlBOIEFOVy1VUkIxHTAb
BgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOC
Ag8AMIICCgKCAgEA0Eg3kuQNQbERkNaYwBm4/Q1FAnFg5p9kPFDoYrx+/Sm1XCAp
dO4Ufs0ZqyGFhUMtKU2nNeKy21lPMR3sRIADlqX767FmNahMHsG6iJ87y2cEZKTD
CWK15jNEwP54DzxTqSEO3VnmMnZqOrahPTyAsrT/HGnaair40FG3JKj1VzbERuaD
u9OGKzGLFfZLTisGURAiU0yWKt9t6EbunXVheMmCv1n0ReKWF8W4lzPl7XNZnrN+
uVr6PFYwgwWW9iyJF5gwBuWnk6gCMZ4dk7NJGX00rPn9tL9gj4OpSq4ab9B9iUTM
9qtJRw859i8255TzyjGLrFxjdSVcr6jkKZXBqfPCc52PFsdtdi0Z3TaixY6q33NH
QPjLwacFHqKqjmURYmEJ6SCQh+gy88ns+q1F6iGW/RJcYAr5aSfHCujvcqzWx7kQ
Cm+M0e2or52GF7rni2RxuwN5VB+Rg8odDblXFJz8+Re2ogIjVJH3+SGO5THmWb2U
vcQfZG8HS9qo/M7AfFAX8rJ9SGUE8IXd+ToLChNQQ+ve0BtELVxepb9Sa+qNrd1y
KMgfexkCaI0FE8nrXyW/RcDuvczQu3Z4gUyimbGGR7OjCh0sbW/YKu/3Fa9TM5zB
Y4ftr7hy3ZnHbJN+19n2UHfmtTr+ZgeAs7JwMynInof8BHhGv+kUum3crJsCAwEA
AaOCAQ8wggELMB0GA1UdDgQWBBTF9OUo3n/o7JvzICYiUlEjKHRepDCB2wYDVR0j
BIHTMIHQgBTF9OUo3n/o7JvzICYiUlEjKHRepKGBrKSBqTCBpjELMAkGA1UEBhMC
REUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZv
Lm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1B
TlctVVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJn
dXNAb29wZW4uZGWCCQDdX6YWS5036TAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEB
CwUAA4ICAQCsVsSGmADWXv/lcH9sG+dIfQzq1b+gwlbdFPUX2Cc8zOnKwwKlG31k
dupsmTz6e7kXNMbcaWkZmhC20SxnuVzuT0BxoCAplTZ64FxK+Z3ezjIj0UxEVS83
m9uDUJ8Cqdcb/0sv05pPqvw3NL+VvNElyZKYsE8YqzlxNcM0GYpFlbO4mH9g1Oc/
FChyxW0j1tdo/DDUypxOJni/nFETudequpeEAFI5rhOTu34uG2KZCXvKrPwO/NG9
EmgTZJhEA2QLKBfBwfiWFIlFc1EOx9ZyjmIxt/iA2nQAB6nN7mp/RxuzHuLfqJcN
+4LpD/gl2vdmgTSgSWPsFthRZALW7U4pJew4vJeQZjhn/0KjSPCCkoLaAIW/xQrs
4HgieQxO56ejaUzU+FdzU4MgWpZrl7i0OiZ6KiSH56PlutZhLyQha/P03IeXpSDs
WdRVE6iQ24CLjIJ+B3C/T/YtAGEnm5L+Rw5bVcL4cIjkoQx0tVHE1OOcquYY78aA
o1/oMkW/HRx7rGfbxykcnVOYyEegklSu4uSBIw2qrlA1Ug3wWpK+226+s2Rprpbs
Y44VQIZ0c2ZFG2nrddoG1N+Uzse/577orfsXeMyEbShgnao4If13DKqPCNfayxmp
4phyU0hy3UUIEc92FBH/GlOBbbxAozfH39GICmeFO6xTJDajKG0OTA==
-----END CERTIFICATE-----
</ca>
# Client Certificate
<cert>
-----BEGIN CERTIFICATE-----
MIIHQjCCBSqgAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1BTlct
VVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
b29wZW4uZGUwHhcNMTgwNzAxMTIxODE3WhcNMzgwNzAxMTIxODE3WjCBrTELMAkG
A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGzAZBgNVBAMT
ElZQTi1BTlctVVJCLXVuZGluZTEUMBIGA1UEKRMLVlBOIEFOVy1VUkIxHTAbBgkq
hkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
MIICCgKCAgEA1+izZ4w/cMKITssRbMM1d/POW3HvZN9M/tYuJX1S0fUPF3NL9u/W
Zeeh2H5DNv32BnTbFFJP1ky+wPBtvDixDvOkSYPTUKdp0lwsFtutzMfznNWQkcet
ads+Lruagmd/TfTJiAigQoo9S7CpiMwCtg4kDGpkpbTZx70DEKU6/RfhMoLx+8xn
S0hbQa8BtVj7MSIVhC/kWwV6+RuN2XMY7S1BBx0S1BQlkpuPSDkMTENUqiDa9TZK
186kWmgD8qj2rXDxNAPsNnTpdi9W1zcCoQA7kGk9pgkcle2jowIE+4zns9uf/6gQ
jKHwKVT9PTUhTYXCQcvoB9LO0ln4C3eh+Ud8N70EpL4qlyvJ4BJ5fIm+hPCrQ7Lw
w1ekuW6uhX89QSCC0NXWsScHhiimH9gxw1lGHcJek60dL7suEaK7WUV1ubffCiHS
9IKKd20XmpjXiQppx/Yr7MnVyTMYvzhYtPjGAFdlb/Ch5TW88BCBvXNMeEg/ceuW
YuMDRKIZQX6Q/LKgcrgoaoNmu0h12FbR88cBordV5rl2qT1qvezTLOC9zwfeAm3y
PEFgIfIttIVbEaLLcrTBgDtG8IGSxEJvC4XE5leC+qwKjd4O5a4X5PbUYGi0WbSt
jQDSNIB9qjOWU7/7VEIrUGOvsuL4unoSGLnVgUtnttLE3Iqc7h7mPFsCAwEAAaOC
AXAwggFsMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVy
YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU23oijcFi4NLk/l994E61OdufmOkw
gdsGA1UdIwSB0zCB0IAUxfTlKN5/6Oyb8yAmIlJRIyh0XqShgaykgakwgaYxCzAJ
BgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0G
A1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRQwEgYDVQQD
EwtWUE4tQU5XLVVSQjEUMBIGA1UEKRMLVlBOIEFOVy1VUkIxHTAbBgkqhkiG9w0B
CQEWDmFyZ3VzQG9vcGVuLmRlggkA3V+mFkudN+kwEwYDVR0lBAwwCgYIKwYBBQUH
AwIwCwYDVR0PBAQDAgeAMBEGA1UdEQQKMAiCBnVuZGluZTANBgkqhkiG9w0BAQsF
AAOCAgEAOJ9G1p+NGb2mdklY2pa/MmHsHAYtwFYVOMT5HscWyminX8GLhnucA+ZH
LLasngyHULn0TZt0HLzTbcmU2SwqFzYLOXfBbT0lIvrPLrEwEaFqaiWvuDET+TLB
UUiXrIwujUSlFv9bqd+u/l4Lim+Jtz5/y65amBzlAHLW/xXFfTq8yrHkD/Mb8bgi
yds7E/11PwOEg6JlT+Z7ui8m4bJ+aVWQ4mYqEhwFQlgpu+PgHG4+mrw5P9b951X7
f2femU0mQzk5JLXaFOnA3xx7k1UHFNTb3u+QWXmVxQdy1MojWt1unmtHTwEgadL6
dq+DRzoy7QAE6erNVXpOxl+0EapJydWz232Om+YfrWvBS0cIOlVudKlCi/ECHJbC
xnPXRYVARggFvJsZFC6NKQyyJKLKYhJYbX4fuP7CXCe3y0apB8bA73rpWcDI4Agr
9VndtYjf4VLWvQXV1PBcLY0d90Qdj3rY6nKxSBDYYxqyVRgYwg/aLDU2zHDLfjFn
pdJq4IVy4BQrUPpShVh84MIxt6ffJYtVT7ZI8mZmDRFQ2E2GAODsPuw5DxZwdsKG
aeg0JrrV/K9r+uHhKWERq5/h4Q7c71gxWABbk1O/sWDQsD1T6L79i1D1YdyZTxdq
XTJiDKsid5St9kxRoAPXA/7Ohb/rDCRcHR8oEJ+8E4a0xJ0SVCw=
-----END CERTIFICATE-----
</cert>
# Client Key
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIJjjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIBY2tP0fElaECAggA
MBQGCCqGSIb3DQMHBAh7JbT/FCqcYQSCCUgqNTx9aaElX8D0drs3YD6CNzNIyCKj
SvKpLe4PVMdtBJIwPG6SLdsI+rXyo0l27MJSnb0/6LOySVxXKHzherGq5PcaJym3
DU9cRA89zIM4wK3mTaGps8CWS7uaG1nRxKlvBD+5JA4HNMpQ9ALvUEnyjD1xpZXo
eJCirMUPL5SswUYmagIzAfVvqPNNEYlA0ljL3phtA9dR2S/E/YmuUPFc1raV/wG8
eRUC9oZy9zZUjNm9LT5F5cM7C0rwhUbcFviIi/EFaZEYqkR23iwDl7BhM3ULBLED
0qLGIHDFPnkF3rXiuvLEykr+bMUdzxiq3Yqz9kEG3RTBdjtKXplg1fJSqD2dbUiA
bSI9BU0o9+J0TdtpofDr+LAjWENsUJQ98EtdSNweaINt0q4CLiJ1ckQ61/Oz2IN7
hkE0e4eVWMb28vyVo17QhwRPxpe6SwFlfqM7i+G5nUqhzHpEYvAh4IO9aPWW9NCo
W/miI/7z5pM/+gvhfOco1JCaebpn6HdXlPhM/osuyffGE7XDnIKzSm8ucA8VmmIh
g7G9J6N1N54uqXwTBFZ1FMuHhtHNVN2yLOrwmlQeUItMREUgXHdoAfKqA4OC500Q
tCfR9cFEzyfRGgs56THpIv1YxsshNW7tfVQhOuQNBulrPJBceAq5JtfyVlV+EWo+
iaQ+l2WQhAV1VtLqq2tRrTX5949Tsj+sW9DsZ4LNGNlAOPh8x3WeJNCaCFIX6lcj
ltECknZEdzYPAxQAOvnNsCMI23Ak4Si+SkxWearZ1NXepLxqYQH2bmhIeayjjfBz
66uElG2WmhfQ2vxAVWh52paVDHAFDV92UG2H68dLaIDzJasvRZ1Lihx9ncDgx4uN
v7yGnXzq0rdWfiidYJS8AMpB46Pyh8/HWolW21vyzsr+OaxAaOOllcf5x8JtBcpi
2MKCUXq/AfgCYv8PSUdam4amFhBxR2C27PnFUxyrBTqgWsJtXffOBoN/okvwEDr2
cJb7Urk78VZP+QsgzwMsRsMJw0wRh4wFxFMAp+iNuSH1IWoKte04fMLrAX/J34pJ
0xUpyngX/Wbp2lkffhQwtM+hagLMV233sYmOAo0hHH9LhL/RFAQw1Ls/X+Y3caSU
oD4KSBReQG60xYX2S0DaK2WSvN1mPJYraxuWwmnLsX5mhk4Uk8n1ObOvx7paTQI1
KlC3lQU+e8bAhnbYFjIHvNbLdWtYsF7vQqRwTnX4ePm34PHjq9ZWHkY7RS21DQ6b
Wg2SMzHrsbnnL1YdcIXgkw74dfDBM3n2lZPmdnKPeDZYxHbrm50ZuBEr0FH3+rfb
OJEx/mIUg/Pul2ikFAsFJ22kqtmhZLn2iy6V2ECJKfdlrXwYTC8GtyEcSHRyCihg
8rpuMJrPmP0RltAEHrahOHtVkoOgUnGgPU7NXFHd4Y4DYYmsIbjFr13skPgPpJS3
yzB0gsQxTh7iw4y7XVYkt0LycorCvS/GR5tXt51EkOqWvrH4qVBglbdnxxQfeMC1
wRgkL8G2jjPYNySBc2Xdp8gyt/uBy/uRVpSFWsiuKyVcr6685kY6Sy+K8hqvAvNv
WkOkGpW1CQJh5uxcgdd0H50tFZHJ8TXWibbXKY+0Mn2HeML+J8dRPHDFcQUOYgmz
gd4ASzl0lGp3huWvSWMGgJHqCT0G9hRf6j/sFJRqpUBPXc0Jp3yf+TjWlMa0c0ld
8XStDL3bE5tq7zixreIIYlXPZIoKa8OWz+/1GVXgA2Z0FPr1dvy8hgNuC+Iy1DIZ
wbRp/SA78JOfvp45XnFwqkBpB3PCU0810++r9jTHJmkynmgZXfJv9Qcs8KLNEgAm
4WtCuuc4KVtlJ9e5ycdv/w0h/keYN6gVL1naLBIU4aT3YWU/g8Z/6cT6/daHZK5B
xpW6tIco+UA8JOh1MeLWR0nU5HGwFGVn78W32wgAhRNoXfJl//+2bQSy3fYQwSvN
ZpUNLjblZZ+P7KR95BV1yw2BmhaFIgl4NMLEWOSBD45hnuTdGVMogLb+mjROzWyg
mRWngVRCCauBkptDHbSjxFtCzcwZ8HfYKl/QHVFzmGlkTf/yJ40EtpWbmjjiE6D1
chkulZUt0HjR4hChJ+fsUAjHt85YXFibwpP4lwkLWReexZZVgPkVfg5iXWU+7h+m
+5kunxOx/XspEbRzueBrLyrUE3+t9aCCboOFar7JQPy3vAN06+Eb+xBpJWgGb1ah
RwXFhDFmdj6OXASxOKxQraKYy6/IeWlI0LprOqwmv8A+RF16CWaqDGV0Ow9tU2ui
mo4JInITTKFJUgzhlvzk7AMkQngJPcCYcnfxkhthCS2F6zjI0q1C6y3x6rnYHSiA
/u4qiZ0VY3id9R9kgyKdlddG0Rlw8U1x3tO3ZYedQsEcSHb9fFy5mh/3LDs6qhMp
3Lt7ezyt8JfmPDnXG5VJ+clAasdy/z7cILXuq6SLeNJZc3pFSLXMkejW4uRzgMGf
BVLwGYMA33RKPdDzBAjbxEF3nbR3CoEDbmxTyyxczM8N0bMQHHgu200QBn8v9pKj
CZy3fxTm8faNqZAqYOBP9iyc5NUhcGt7yfwPP8DiQDNfrngzNazAP64MfI1zzUxb
lKTiLqjH+FsrxuG6zFtX3Rg+GbjFz0uOFrk/WraJhE52k4DYQsHeYQDa4f8xOQA+
MJhSqEqRwP6KLKMrTBb+o7NYTyjM++8Q6/wiTbzp3dFfo/wju1NccUUjfQwd2QaP
KUQyXw4sIv+s1jBaPuw48XwZa3ETLAYWGSdz0dLoS8jWsiiM0oTor8lF4cluQAAa
MBaeFL7TpI6FwK9Si0XV5o/BDsumsx38ecnvWvSjB9BrmUXz9TEfVTFqgLN91Ohj
Eh3247DqWbQw9n1WF5cM85xuLFYVI+i+XBMZouqPOZih0nHnjyUndKaYSQLvcY4S
mnwNIY7N+LspPVsRCAg/ElRZc32HemCzID5oYjlfKpjt+pw5XylK63UXSw//jq78
2d9O103xb8AyQhLO5G+7VXia/68BiLQzSm5AoKqPERSmqalVRRtg5BQ4Ewe+o354
+ZD4dGiazIpG8j7HqN13k8Wzm9kOWZm97m64cNc+nhvdPPkoHyjWtSFoyVDlABT/
Qc9NJLBa4TofNOLZMeQNqGtHjXTdmrwxxe7MJaXGhUUB3zKhPoJyooLECLYUAPmA
T1U=
-----END ENCRYPTED PRIVATE KEY-----
</key>
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-server
# script in the easy-rsa folder will do this.
#
# Note!
# The option "ns-cert-type" has been deprecated since
# version 2.4 and will be removed from later distributions.
#
# Use the modern equivalent "remote-cert-tls"
#
;ns-cert-type server
remote-cert-tls server
# If a tls-auth key is used on the server
# then every client must also have the key.
#
# Don't forget to set the 'key-direction' Parameter if using
# Inline Key. Usualy , sever has key direction '0', while client
# has ke direction '1'.
#
key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
b5fff06e622a9b746f5f7496e4995abb
cdb1504b21d4f6937f4f455358831fa9
d9e6c2ff64229b53be1f5ee86865cd9b
6076ee9a55c4ec534d52ee6715b4bdee
993eab28f394fbb3843b6c4e4e2c71a8
75b2bf33e58457ad6d8e35c6adeafe13
ffc25ce4c6b7883311f40e6040e3a89d
7442612f008190286768cad399da95c7
1ada651b830a9ce00ed0c7397eb8d25e
efdac1ea41e70ab1c466d8e2a7d5ea61
6dc519f0561ffe874dd731da4de6b5e0
16d445c20133139d775e8eb4287a8a15
9f01cf7d7fa91ad6ec7c5fb876ccd181
0c100ac5dfd28f9bfe2fcc02c84f9d95
5c94571f02a6b9032f8f7fff07c29c9c
4cfbf4bcb2dd45e9659506e1b5c5b745
-----END OpenVPN Static key V1-----
</tls-auth>
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
cipher AES-256-CBC
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
;comp-lzo
# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 1
# Setting 'pull' on the client takes care to get the 'push' durectives
# from the server
pull

18
ANW-URB/openvpn/anwaeltinnen/crl.pem Normal file
View File

@ -0,0 +1,18 @@
-----BEGIN X509 CRL-----
MIIC7zCB2DANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCREUxDzANBgNVBAgT
BkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNV
BAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1BTlctVVJCMRQwEgYD
VQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUX
DTE4MDcwMTExNTAyMloYDzIwNTAwNzAxMTE1MDIyWjANBgkqhkiG9w0BAQsFAAOC
AgEANbwrI+TgGLoDlVTPqekHN6v6GYH84gXowpenqlPLERIEK+hpb0Kj4th7qr4d
6ekP/+7aasrr5ZR5ZCFGUDznfHegyP1YGTtCEtv1Gh8Etn1ZkjsrWL9YAxN2i4s3
iMKP3e1+Y3c/ai8RYW6ZuBbpxyTJUpQQjwGHb3iccFAOq9wnBuAZyDOJCvP6Jici
0dcXzWartfXlwipqduMNyyNQhNoZkb/Sv72wKP/K0XratZG+utV1W8Aonbp47hSA
Os/obxQTMsWL1sfcNqlZVEklc42YevOGFnxTzuim5JYehdzjqR8tutj31Qs0jRcq
ojWZiF7nTphiAdeZA5FBPkyeiEGX3IIxgEH2Miu5Jc3h6QIoGU64q9Qb2J3mu7D6
EcyOl3+BXGKSHYHorNb3Ti6g7dOyg4ng4sVeG6R/SwlhJbNYsM4S2vsGFI5kxT5x
4AJ0ShV2n75JCzySKUYlwre8X1/CBdHefyuXHl9wLlOOcAeyHx6yJUiYrdWZ0gu5
0aKSGPTkzPt41bo9zNojBRNW+UDW4EubY+F+Mac6y9Gn+ix2dm3k1CAoMSchGiUE
I8kiiZ4SNRUYJrnNYu2XiwhYMMI7knUkTTVqf4QF3ouvcKgTfyD7RQ4vQzaA6A6S
ar6C56aNPEbffN6tthtyKkI8T9aSXpr9hIvkYOCV7ajSwc8=
-----END X509 CRL-----

1
ANW-URB/openvpn/anwaeltinnen/easy-rsa/build-ca Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-ca

1
ANW-URB/openvpn/anwaeltinnen/easy-rsa/build-dh Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-dh

1
ANW-URB/openvpn/anwaeltinnen/easy-rsa/build-inter Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-inter

1
ANW-URB/openvpn/anwaeltinnen/easy-rsa/build-key Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-key

1
ANW-URB/openvpn/anwaeltinnen/easy-rsa/build-key-pass Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-key-pass

1
ANW-URB/openvpn/anwaeltinnen/easy-rsa/build-key-pkcs12 Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-key-pkcs12

1
ANW-URB/openvpn/anwaeltinnen/easy-rsa/build-key-server Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-key-server

1
ANW-URB/openvpn/anwaeltinnen/easy-rsa/build-req Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-req

1
ANW-URB/openvpn/anwaeltinnen/easy-rsa/build-req-pass Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-req-pass

1
ANW-URB/openvpn/anwaeltinnen/easy-rsa/clean-all Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/clean-all

1
ANW-URB/openvpn/anwaeltinnen/easy-rsa/inherit-inter Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/inherit-inter

1
ANW-URB/openvpn/anwaeltinnen/easy-rsa/list-crl Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/list-crl

268
ANW-URB/openvpn/anwaeltinnen/easy-rsa/openssl-0.9.6.cnf Normal file
View File

@ -0,0 +1,268 @@
# For use with easy-rsa version 2.0
#
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = $ENV::KEY_DIR # Where everything is kept
certs = $dir # Where the issued certs are kept
crl_dir = $dir # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir # default place for new certs.
certificate = $dir/ca.crt # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/ca.key # The private key
RANDFILE = $dir/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 3650 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = sha256 # which md to use.
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
####################################################################
[ req ]
default_bits = $ENV::KEY_SIZE
default_keyfile = privkey.pem
default_md = sha256
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString.
# utf8only: only UTF8Strings.
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
# so use this option with caution!
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = $ENV::KEY_COUNTRY
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = $ENV::KEY_PROVINCE
localityName = Locality Name (eg, city)
localityName_default = $ENV::KEY_CITY
0.organizationName = Organization Name (eg, company)
0.organizationName_default = $ENV::KEY_ORG
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
emailAddress = Email Address
emailAddress_default = $ENV::KEY_EMAIL
emailAddress_max = 40
# JY -- added for batch mode
organizationalUnitName_default = $ENV::KEY_OU
commonName_default = $ENV::KEY_CN
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "Easy-RSA Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=clientAuth
keyUsage = digitalSignature
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
subjectAltName=$ENV::KEY_ALTNAMES
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ server ]
# JY ADDED -- Make a cert with nsCertType set to "server"
basicConstraints=CA:FALSE
nsCertType = server
nsComment = "Easy-RSA Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=serverAuth
keyUsage = digitalSignature, keyEncipherment
subjectAltName=$ENV::KEY_ALTNAMES
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always

293
ANW-URB/openvpn/anwaeltinnen/easy-rsa/openssl-0.9.8.cnf Normal file
View File

@ -0,0 +1,293 @@
# For use with easy-rsa version 2.0
#
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
openssl_conf = openssl_init
[ openssl_init ]
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
engines = engine_section
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = $ENV::KEY_DIR # Where everything is kept
certs = $dir # Where the issued certs are kept
crl_dir = $dir # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir # default place for new certs.
certificate = $dir/ca.crt # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/ca.key # The private key
RANDFILE = $dir/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 3650 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = sha256 # which md to use.
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
####################################################################
[ req ]
default_bits = $ENV::KEY_SIZE
default_keyfile = privkey.pem
default_md = sha256
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString.
# utf8only: only UTF8Strings.
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
# so use this option with caution!
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = $ENV::KEY_COUNTRY
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = $ENV::KEY_PROVINCE
localityName = Locality Name (eg, city)
localityName_default = $ENV::KEY_CITY
0.organizationName = Organization Name (eg, company)
0.organizationName_default = $ENV::KEY_ORG
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
name = Name
name_max = 64
emailAddress = Email Address
emailAddress_default = $ENV::KEY_EMAIL
emailAddress_max = 40
# JY -- added for batch mode
organizationalUnitName_default = $ENV::KEY_OU
commonName_default = $ENV::KEY_CN
name_default = $ENV::KEY_NAME
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "Easy-RSA Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=clientAuth
keyUsage = digitalSignature
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
subjectAltName=$ENV::KEY_ALTNAMES
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ server ]
# JY ADDED -- Make a cert with nsCertType set to "server"
basicConstraints=CA:FALSE
nsCertType = server
nsComment = "Easy-RSA Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=serverAuth
keyUsage = digitalSignature, keyEncipherment
subjectAltName=$ENV::KEY_ALTNAMES
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always
[ engine_section ]
#
# If you are using PKCS#11
# Install engine_pkcs11 of opensc (www.opensc.org)
# And uncomment the following
# verify that dynamic_path points to the correct location
#
#pkcs11 = pkcs11_section
[ pkcs11_section ]
engine_id = pkcs11
dynamic_path = /usr/lib/engines/engine_pkcs11.so
MODULE_PATH = $ENV::PKCS11_MODULE_PATH
PIN = $ENV::PKCS11_PIN
init = 0

290
ANW-URB/openvpn/anwaeltinnen/easy-rsa/openssl-1.0.0.cnf Normal file
View File

@ -0,0 +1,290 @@
# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
openssl_conf = openssl_init
[ openssl_init ]
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
engines = engine_section
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = $ENV::KEY_DIR # Where everything is kept
certs = $dir # Where the issued certs are kept
crl_dir = $dir # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir # default place for new certs.
certificate = $dir/ca.crt # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/ca.key # The private key
RANDFILE = $dir/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
#default_days = 3650 # how long to certify for
default_days = 11688
#default_crl_days= 30 # how long before next CRL
default_crl_days = 11688
default_md = sha256 # use public key default MD
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
####################################################################
[ req ]
default_bits = $ENV::KEY_SIZE
default_keyfile = privkey.pem
default_md = sha256
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString (PKIX recommendation after 2004).
# utf8only: only UTF8Strings (PKIX recommendation after 2004).
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = $ENV::KEY_COUNTRY
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = $ENV::KEY_PROVINCE
localityName = Locality Name (eg, city)
localityName_default = $ENV::KEY_CITY
0.organizationName = Organization Name (eg, company)
0.organizationName_default = $ENV::KEY_ORG
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
name = Name
name_max = 64
emailAddress = Email Address
emailAddress_default = $ENV::KEY_EMAIL
emailAddress_max = 40
# JY -- added for batch mode
organizationalUnitName_default = $ENV::KEY_OU
commonName_default = $ENV::KEY_CN
name_default = $ENV::KEY_NAME
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "Easy-RSA Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=clientAuth
keyUsage = digitalSignature
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
subjectAltName=$ENV::KEY_ALTNAMES
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ server ]
# JY ADDED -- Make a cert with nsCertType set to "server"
basicConstraints=CA:FALSE
nsCertType = server
nsComment = "Easy-RSA Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=serverAuth
keyUsage = digitalSignature, keyEncipherment
subjectAltName=$ENV::KEY_ALTNAMES
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always
[ engine_section ]
#
# If you are using PKCS#11
# Install engine_pkcs11 of opensc (www.opensc.org)
# And uncomment the following
# verify that dynamic_path points to the correct location
#
#pkcs11 = pkcs11_section
[ pkcs11_section ]
engine_id = pkcs11
dynamic_path = /usr/lib/engines/engine_pkcs11.so
MODULE_PATH = $ENV::PKCS11_MODULE_PATH
PIN = $ENV::PKCS11_PIN
init = 0

288
ANW-URB/openvpn/anwaeltinnen/easy-rsa/openssl-1.0.0.cnf.ORIG Normal file
View File

@ -0,0 +1,288 @@
# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
openssl_conf = openssl_init
[ openssl_init ]
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
engines = engine_section
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = $ENV::KEY_DIR # Where everything is kept
certs = $dir # Where the issued certs are kept
crl_dir = $dir # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir # default place for new certs.
certificate = $dir/ca.crt # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/ca.key # The private key
RANDFILE = $dir/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 3650 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = sha256 # use public key default MD
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
####################################################################
[ req ]
default_bits = $ENV::KEY_SIZE
default_keyfile = privkey.pem
default_md = sha256
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString (PKIX recommendation after 2004).
# utf8only: only UTF8Strings (PKIX recommendation after 2004).
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = $ENV::KEY_COUNTRY
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = $ENV::KEY_PROVINCE
localityName = Locality Name (eg, city)
localityName_default = $ENV::KEY_CITY
0.organizationName = Organization Name (eg, company)
0.organizationName_default = $ENV::KEY_ORG
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
name = Name
name_max = 64
emailAddress = Email Address
emailAddress_default = $ENV::KEY_EMAIL
emailAddress_max = 40
# JY -- added for batch mode
organizationalUnitName_default = $ENV::KEY_OU
commonName_default = $ENV::KEY_CN
name_default = $ENV::KEY_NAME
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "Easy-RSA Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=clientAuth
keyUsage = digitalSignature
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
subjectAltName=$ENV::KEY_ALTNAMES
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ server ]
# JY ADDED -- Make a cert with nsCertType set to "server"
basicConstraints=CA:FALSE
nsCertType = server
nsComment = "Easy-RSA Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=serverAuth
keyUsage = digitalSignature, keyEncipherment
subjectAltName=$ENV::KEY_ALTNAMES
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always
[ engine_section ]
#
# If you are using PKCS#11
# Install engine_pkcs11 of opensc (www.opensc.org)
# And uncomment the following
# verify that dynamic_path points to the correct location
#
#pkcs11 = pkcs11_section
[ pkcs11_section ]
engine_id = pkcs11
dynamic_path = /usr/lib/engines/engine_pkcs11.so
MODULE_PATH = $ENV::PKCS11_MODULE_PATH
PIN = $ENV::PKCS11_PIN
init = 0

1
ANW-URB/openvpn/anwaeltinnen/easy-rsa/pkitool Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/pkitool

1
ANW-URB/openvpn/anwaeltinnen/easy-rsa/revoke-full Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/revoke-full

1
ANW-URB/openvpn/anwaeltinnen/easy-rsa/sign-req Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/sign-req

96
ANW-URB/openvpn/anwaeltinnen/easy-rsa/vars Normal file
View File

@ -0,0 +1,96 @@
# easy-rsa parameter settings
# NOTE: If you installed from an RPM,
# don't edit this file in place in
# /usr/share/openvpn/easy-rsa --
# instead, you should copy the whole
# easy-rsa directory to another location
# (such as /etc/openvpn) so that your
# edits will not be wiped out by a future
# OpenVPN package upgrade.
# This variable should point to
# the top level of the easy-rsa
# tree.
##export EASY_RSA="`pwd`"
export BASE_DIR="/etc/openvpn/anwaeltinnen"
export EASY_RSA="$BASE_DIR/easy-rsa"
#
# This variable should point to
# the requested executables
#
export OPENSSL="openssl"
export PKCS11TOOL="pkcs11-tool"
export GREP="grep"
# This variable should point to
# the openssl.cnf file included
# with easy-rsa.
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
# Edit this variable to point to
# your soon-to-be-created key
# directory.
#
# WARNING: clean-all will do
# a rm -rf on this directory
# so make sure you define
# it correctly!
##export KEY_DIR="$EASY_RSA/keys"
export KEY_DIR="$BASE_DIR/keys"
# Issue rm -rf warning
echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
# PKCS11 fixes
export PKCS11_MODULE_PATH="dummy"
export PKCS11_PIN="dummy"
# Increase this to 2048 if you
# are paranoid. This will slow
# down TLS negotiation performance
# as well as the one-time DH parms
# generation process.
##export KEY_SIZE=2048
export KEY_SIZE=4096
# In how many days should the root CA key expire?
##export CA_EXPIRE=3650
export CA_EXPIRE=11688
# In how many days should certificates expire?
##export KEY_EXPIRE=3650
export KEY_EXPIRE=7305
# These are the default values for fields
# which will be placed in the certificate.
# Don't leave any of these fields blank.
##export KEY_COUNTRY="US"
export KEY_COUNTRY="DE"
##export KEY_PROVINCE="CA"
export KEY_PROVINCE="Berlin"
##export KEY_CITY="SanFrancisco"
export KEY_CITY="Berlin"
##export KEY_ORG="Fort-Funston"
export KEY_ORG="o.open"
##export KEY_EMAIL="me@myhost.mydomain"
export KEY_EMAIL="argus@oopen.de"
##export KEY_OU="MyOrganizationalUnit"
export KEY_OU="Network Services"
# X509 Subject Field
##export KEY_NAME="EasyRSA"
export KEY_NAME="VPN ANW-URB"
# PKCS11 Smart Card
# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
# export PKCS11_PIN=1234
# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
## export KEY_CN="CommonName"
export KEY_CN="VPN-ANW-URB"
export KEY_ALTNAMES="VPN-ANW-URB"

80
ANW-URB/openvpn/anwaeltinnen/easy-rsa/vars.2018-07-01-1326 Normal file
View File

@ -0,0 +1,80 @@
# easy-rsa parameter settings
# NOTE: If you installed from an RPM,
# don't edit this file in place in
# /usr/share/openvpn/easy-rsa --
# instead, you should copy the whole
# easy-rsa directory to another location
# (such as /etc/openvpn) so that your
# edits will not be wiped out by a future
# OpenVPN package upgrade.
# This variable should point to
# the top level of the easy-rsa
# tree.
export EASY_RSA="`pwd`"
#
# This variable should point to
# the requested executables
#
export OPENSSL="openssl"
export PKCS11TOOL="pkcs11-tool"
export GREP="grep"
# This variable should point to
# the openssl.cnf file included
# with easy-rsa.
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
# Edit this variable to point to
# your soon-to-be-created key
# directory.
#
# WARNING: clean-all will do
# a rm -rf on this directory
# so make sure you define
# it correctly!
export KEY_DIR="$EASY_RSA/keys"
# Issue rm -rf warning
echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
# PKCS11 fixes
export PKCS11_MODULE_PATH="dummy"
export PKCS11_PIN="dummy"
# Increase this to 2048 if you
# are paranoid. This will slow
# down TLS negotiation performance
# as well as the one-time DH parms
# generation process.
export KEY_SIZE=2048
# In how many days should the root CA key expire?
export CA_EXPIRE=3650
# In how many days should certificates expire?
export KEY_EXPIRE=3650
# These are the default values for fields
# which will be placed in the certificate.
# Don't leave any of these fields blank.
export KEY_COUNTRY="US"
export KEY_PROVINCE="CA"
export KEY_CITY="SanFrancisco"
export KEY_ORG="Fort-Funston"
export KEY_EMAIL="me@myhost.mydomain"
export KEY_OU="MyOrganizationalUnit"
# X509 Subject Field
export KEY_NAME="EasyRSA"
# PKCS11 Smart Card
# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
# export PKCS11_PIN=1234
# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
# export KEY_CN="CommonName"

1
ANW-URB/openvpn/anwaeltinnen/easy-rsa/whichopensslcnf Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/whichopensslcnf

8
ANW-URB/openvpn/anwaeltinnen/keys-created.txt Normal file
View File

@ -0,0 +1,8 @@
key...............: chris.key
common name.......: VPN-ANW-URB-chris
password..........: dbddhkpuka.&EadGl15E.
key...............: undine.key
common name.......: VPN-ANW-URB-undine
password..........: JH334nmXPdsw

142
ANW-URB/openvpn/anwaeltinnen/keys/01.pem Normal file
View File

@ -0,0 +1,142 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-ANW-URB/name=VPN ANW-URB/emailAddress=argus@oopen.de
Validity
Not Before: Jul 1 11:50:13 2018 GMT
Not After : Jul 1 11:50:13 2038 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-ANW-URB-server/name=VPN ANW-URB/emailAddress=argus@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:9a:fc:0b:94:9f:83:ea:2d:cc:b3:5a:74:89:c9:
b0:32:ce:38:07:f1:1f:47:04:a1:0c:b1:b9:c3:2f:
e8:31:a9:0b:df:ca:59:16:5f:13:40:c2:89:56:47:
90:b3:b8:d8:06:92:df:ae:05:70:d7:c1:95:57:9c:
2d:d6:2a:77:28:40:5b:80:45:4d:dc:79:02:18:14:
97:b7:83:26:b5:37:ab:85:b6:a1:4a:3e:87:9c:c4:
0e:ab:54:e2:99:f3:11:52:50:89:40:6f:79:e3:12:
40:5e:b6:ea:08:53:68:6a:21:7a:24:20:f9:89:c1:
e0:5b:9c:3f:16:80:f1:d6:d2:6e:e5:85:02:e6:79:
18:27:d2:26:f0:e3:30:94:0d:f9:72:d0:f8:c6:18:
d2:4d:a9:b8:64:ab:35:8b:1b:35:5e:0f:9c:2a:d4:
6e:23:34:fa:e2:35:e5:7e:fc:6c:2c:3a:d1:79:cf:
2c:a1:c5:da:a6:f9:ea:26:49:76:09:40:fd:0d:e2:
9b:89:47:ab:ce:5d:a5:a7:ec:d3:14:15:be:b9:e0:
67:25:7d:fa:0d:8a:f8:b0:02:92:2a:f6:80:f1:ac:
e3:d5:41:11:c2:53:e5:a5:8e:28:03:b7:76:ba:94:
28:53:52:fa:58:ad:ad:d2:3d:2d:b0:b2:94:8d:75:
42:a3:97:3b:e1:89:19:e0:f8:46:04:79:17:6b:59:
7c:fa:9a:0a:da:59:1b:a2:f5:bb:45:04:0f:f1:d5:
2e:7b:57:b9:ee:d5:5c:f1:88:75:12:d6:73:1e:6a:
dc:94:e0:0b:e6:0b:5a:1e:74:e8:65:1e:0a:10:ef:
b8:81:3a:58:3f:fe:19:af:1b:cd:93:98:70:f5:22:
ea:7a:d2:30:b1:0d:cb:76:44:14:9e:fa:19:1b:2a:
d3:67:1f:55:8a:39:c5:5d:d7:a4:67:3b:31:ee:19:
4e:d0:6c:7d:26:18:e4:14:a8:70:f8:a1:14:1d:e3:
7e:27:0d:ad:38:39:79:7a:73:94:fd:ae:c4:70:6e:
82:a1:f6:a0:b2:2d:54:cc:56:d4:76:5d:36:40:19:
32:ab:58:23:1e:0e:a5:b0:3f:87:7a:59:4a:f6:2d:
3c:0a:64:8b:a8:1e:54:12:3d:34:bf:33:6b:78:a7:
0c:38:dd:78:6f:e3:97:ad:bd:c9:89:69:50:3a:e9:
ff:2e:0e:93:5d:73:80:22:e1:33:e0:a6:9e:95:cc:
d6:a2:93:19:37:0f:40:95:c1:27:6d:1c:0d:5c:84:
7b:29:d0:ab:1d:63:fc:87:cf:74:01:df:b4:9f:82:
6b:2a:8e:1c:c0:9d:ff:c7:24:ee:fb:c3:a1:54:98:
8c:b6:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Server
Netscape Comment:
Easy-RSA Generated Server Certificate
X509v3 Subject Key Identifier:
6D:8B:55:0E:DB:C6:58:D5:DD:1B:1F:2F:BA:81:09:D0:C0:3C:36:AC
X509v3 Authority Key Identifier:
keyid:C5:F4:E5:28:DE:7F:E8:EC:9B:F3:20:26:22:52:51:23:28:74:5E:A4
DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-ANW-URB/name=VPN ANW-URB/emailAddress=argus@oopen.de
serial:DD:5F:A6:16:4B:9D:37:E9
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Subject Alternative Name:
DNS:server
Signature Algorithm: sha256WithRSAEncryption
75:3e:fb:6f:7e:2d:18:5f:3d:09:31:66:b2:75:25:cd:bd:72:
2f:61:17:87:4a:f9:d4:ac:15:f2:9f:75:0d:fd:90:0f:b4:d6:
aa:79:d8:6a:44:86:e2:ab:5e:3c:1b:22:79:52:a3:da:8c:41:
c5:17:b6:e3:07:78:04:06:1e:4b:d0:cf:96:50:4c:07:67:df:
5b:8f:77:e9:6b:7a:c4:8a:4f:d5:81:69:b5:01:d6:42:34:69:
be:d4:6d:40:39:62:6d:49:31:ff:b7:86:95:31:b1:95:52:ae:
98:c2:fa:9e:b4:1e:90:2e:8e:29:6e:e9:01:e7:83:56:4d:49:
3f:52:2e:b4:9b:a2:72:1b:1b:fd:19:a5:03:ca:01:d0:95:9f:
56:fd:4e:a0:d8:58:c3:b4:f7:1f:ba:79:21:ab:5b:a0:35:d8:
af:a7:2e:41:b7:ab:1b:e1:63:88:ed:fb:2b:f8:4f:49:b5:b2:
07:94:92:59:dd:db:c2:d6:53:fc:27:3f:0b:09:25:17:53:76:
ee:60:77:d7:b5:4e:46:41:f0:a3:cd:9c:71:16:b4:f2:c4:85:
20:43:e0:37:b2:8d:fb:ce:85:07:44:f8:0d:05:a5:5b:68:85:
31:7b:0e:1c:7e:03:f4:13:a1:2e:3f:1f:18:71:b4:36:7a:d6:
f3:ba:5b:32:67:aa:05:d2:00:fd:dc:4f:9e:83:cc:81:9b:e9:
ad:57:7e:b5:ec:53:63:7f:7e:59:e7:0c:98:14:e6:2b:2a:c1:
de:f7:3a:c3:14:8b:5f:3a:d3:07:6d:bb:61:09:53:b9:77:17:
30:c5:91:7a:c4:94:38:0a:27:c2:20:80:8c:03:b4:95:1e:e1:
81:7c:99:d8:dd:79:94:ae:84:2f:6f:35:6a:67:3d:fc:3a:c4:
d3:77:ca:85:5d:7a:be:12:e9:a7:c9:e7:bf:25:82:69:a0:06:
18:12:b0:e1:84:2b:94:b6:2a:48:0c:93:19:b5:cf:09:13:72:
ff:cc:9e:e4:b5:56:f7:b4:c8:93:6d:bd:0c:0c:1b:42:34:2c:
59:7a:21:c0:3c:cb:4f:4f:f3:0c:29:d0:56:05:1a:46:58:93:
0e:d3:40:e3:b1:9c:04:58:84:e0:cc:bd:0e:fa:99:15:09:b0:
c5:50:aa:1f:8a:70:fb:2d:ac:c6:b6:7b:00:4c:07:ab:b0:00:
0b:2e:2c:0e:e2:0c:99:cb:c1:9f:9c:a1:53:95:9c:d1:5e:31:
af:ee:79:b8:22:62:2c:c1:de:0c:f1:7f:6e:c3:c7:ad:76:c1:
0b:74:05:13:7b:1a:97:90:27:0a:e3:3f:ae:4a:c2:d4:04:30:
2c:bb:ac:fe:00:f7:e8:e1
-----BEGIN CERTIFICATE-----
MIIHXDCCBUSgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1BTlct
VVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
b29wZW4uZGUwHhcNMTgwNzAxMTE1MDEzWhcNMzgwNzAxMTE1MDEzWjCBrTELMAkG
A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGzAZBgNVBAMT
ElZQTi1BTlctVVJCLXNlcnZlcjEUMBIGA1UEKRMLVlBOIEFOVy1VUkIxHTAbBgkq
hkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
MIICCgKCAgEAmvwLlJ+D6i3Ms1p0icmwMs44B/EfRwShDLG5wy/oMakL38pZFl8T
QMKJVkeQs7jYBpLfrgVw18GVV5wt1ip3KEBbgEVN3HkCGBSXt4MmtTerhbahSj6H
nMQOq1TimfMRUlCJQG954xJAXrbqCFNoaiF6JCD5icHgW5w/FoDx1tJu5YUC5nkY
J9Im8OMwlA35ctD4xhjSTam4ZKs1ixs1Xg+cKtRuIzT64jXlfvxsLDrRec8socXa
pvnqJkl2CUD9DeKbiUerzl2lp+zTFBW+ueBnJX36DYr4sAKSKvaA8azj1UERwlPl
pY4oA7d2upQoU1L6WK2t0j0tsLKUjXVCo5c74YkZ4PhGBHkXa1l8+poK2lkbovW7
RQQP8dUue1e57tVc8Yh1EtZzHmrclOAL5gtaHnToZR4KEO+4gTpYP/4ZrxvNk5hw
9SLqetIwsQ3LdkQUnvoZGyrTZx9VijnFXdekZzsx7hlO0Gx9JhjkFKhw+KEUHeN+
Jw2tODl5enOU/a7EcG6Cofagsi1UzFbUdl02QBkyq1gjHg6lsD+HellK9i08CmSL
qB5UEj00vzNreKcMON14b+OXrb3JiWlQOun/Lg6TXXOAIuEz4KaelczWopMZNw9A
lcEnbRwNXIR7KdCrHWP8h890Ad+0n4JrKo4cwJ3/xyTu+8OhVJiMtj8CAwEAAaOC
AYowggGGMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMDQGCWCGSAGG+EIB
DQQnFiVFYXN5LVJTQSBHZW5lcmF0ZWQgU2VydmVyIENlcnRpZmljYXRlMB0GA1Ud
DgQWBBRti1UO28ZY1d0bHy+6gQnQwDw2rDCB2wYDVR0jBIHTMIHQgBTF9OUo3n/o
7JvzICYiUlEjKHRepKGBrKSBqTCBpjELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJl
cmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsT
EE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1BTlctVVJCMRQwEgYDVQQp
EwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDd
X6YWS5036TATBgNVHSUEDDAKBggrBgEFBQcDATALBgNVHQ8EBAMCBaAwEQYDVR0R
BAowCIIGc2VydmVyMA0GCSqGSIb3DQEBCwUAA4ICAQB1Pvtvfi0YXz0JMWaydSXN
vXIvYReHSvnUrBXyn3UN/ZAPtNaqedhqRIbiq148GyJ5UqPajEHFF7bjB3gEBh5L
0M+WUEwHZ99bj3fpa3rEik/VgWm1AdZCNGm+1G1AOWJtSTH/t4aVMbGVUq6Ywvqe
tB6QLo4pbukB54NWTUk/Ui60m6JyGxv9GaUDygHQlZ9W/U6g2FjDtPcfunkhq1ug
Ndivpy5Bt6sb4WOI7fsr+E9JtbIHlJJZ3dvC1lP8Jz8LCSUXU3buYHfXtU5GQfCj
zZxxFrTyxIUgQ+A3so37zoUHRPgNBaVbaIUxew4cfgP0E6EuPx8YcbQ2etbzulsy
Z6oF0gD93E+eg8yBm+mtV3617FNjf35Z5wyYFOYrKsHe9zrDFItfOtMHbbthCVO5
dxcwxZF6xJQ4CifCIICMA7SVHuGBfJnY3XmUroQvbzVqZz38OsTTd8qFXXq+Eumn
yee/JYJpoAYYErDhhCuUtipIDJMZtc8JE3L/zJ7ktVb3tMiTbb0MDBtCNCxZeiHA
PMtPT/MMKdBWBRpGWJMO00DjsZwEWITgzL0O+pkVCbDFUKofinD7LazGtnsATAer
sAALLiwO4gyZy8GfnKFTlZzRXjGv7nm4ImIswd4M8X9uw8etdsELdAUTexqXkCcK
4z+uSsLUBDAsu6z+APfo4Q==
-----END CERTIFICATE-----

139
ANW-URB/openvpn/anwaeltinnen/keys/02.pem Normal file
View File

@ -0,0 +1,139 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-ANW-URB/name=VPN ANW-URB/emailAddress=argus@oopen.de
Validity
Not Before: Jul 1 12:13:45 2018 GMT
Not After : Jul 1 12:13:45 2038 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-ANW-URB-chris/name=VPN ANW-URB/emailAddress=argus@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:a6:68:5f:3f:c6:e9:1e:d0:32:6d:6f:da:3e:61:
b4:dc:6a:f1:12:33:e2:ec:37:14:f8:58:d2:b2:9a:
21:3c:02:2d:00:05:55:31:66:af:04:e7:65:d8:9d:
83:5c:6a:26:af:b7:fd:e2:8e:67:43:c5:00:4e:b8:
ca:94:f3:b7:44:91:ed:fb:98:48:7a:46:a8:b9:57:
b7:f0:27:99:17:3c:73:65:87:10:c6:0e:e1:d6:75:
85:e3:0f:ad:08:62:bc:35:1d:8a:08:ed:03:d8:51:
44:b4:32:c4:57:de:84:2d:16:49:d1:99:06:5b:1c:
a4:0e:0d:3a:04:32:fb:12:13:d6:62:64:6a:e2:a1:
5c:61:e5:7f:1b:70:1d:24:22:13:7b:bf:10:fc:3f:
a6:78:74:f1:dc:03:a2:d7:2a:e0:5f:ce:df:ff:2d:
73:2d:dd:12:ba:e5:ae:62:d3:54:b5:48:53:39:ee:
70:63:fd:ee:a7:be:1a:41:21:bc:84:71:aa:74:16:
35:dd:b8:d7:c8:d3:c4:15:b8:8c:4a:92:ad:5e:1c:
03:86:4c:0e:4b:6d:18:b1:8d:85:92:c4:ee:01:e4:
01:c8:a0:19:90:ad:ba:bc:69:5c:c3:56:7d:11:82:
f5:1d:dd:d4:15:b9:83:cd:0e:f9:de:24:ea:eb:48:
46:2e:9d:e0:fc:ca:5f:7d:f3:e9:6e:4a:f1:3d:26:
f8:65:b7:3c:47:1e:cc:b2:36:f4:c3:df:40:76:5a:
c3:71:46:02:18:ad:4c:6a:ea:53:e0:a0:0c:e9:c0:
4c:bf:36:19:94:03:1d:d1:7c:20:32:66:7b:0a:38:
10:24:1b:08:64:61:d8:ac:4f:90:c1:ca:fa:ee:21:
1f:2d:5f:3d:84:a1:81:0e:67:49:5b:76:e9:55:4c:
81:ab:1f:b8:ac:74:94:97:19:08:8e:5d:b2:d9:22:
1a:f7:fd:e4:dc:16:ff:60:36:a6:c8:e0:fb:e9:0b:
03:c6:50:ff:21:83:c3:bc:69:48:96:72:8c:6b:10:
0a:cb:2f:7b:69:c6:5a:79:26:54:b8:05:25:c9:8f:
bd:b9:9b:f0:82:b9:a6:4d:ea:19:7a:70:45:05:b6:
d2:a6:22:82:96:2b:30:ad:f6:1f:28:90:62:c4:25:
52:4a:26:dc:da:d3:9f:94:de:c4:f4:db:02:8a:27:
0c:97:45:d7:ef:7c:5f:19:fa:4f:f2:41:cb:cf:18:
c1:f1:b8:66:dd:81:23:4f:b0:ac:7a:04:11:39:55:
63:e5:17:90:b1:7d:91:9a:76:88:11:9c:0e:09:dd:
21:bf:30:d8:1e:30:9b:f9:51:9d:ab:0e:3a:99:a2:
e6:ee:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
D1:3C:B5:F2:52:6A:AF:C3:03:D4:6C:B9:B3:51:86:8E:33:1A:F8:58
X509v3 Authority Key Identifier:
keyid:C5:F4:E5:28:DE:7F:E8:EC:9B:F3:20:26:22:52:51:23:28:74:5E:A4
DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-ANW-URB/name=VPN ANW-URB/emailAddress=argus@oopen.de
serial:DD:5F:A6:16:4B:9D:37:E9
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:chris
Signature Algorithm: sha256WithRSAEncryption
8e:bb:16:38:24:98:99:48:d3:f6:e2:7b:89:12:11:bd:68:ac:
42:b3:08:69:80:d6:af:45:c4:90:03:f8:39:d6:12:94:1c:13:
e4:98:ae:d8:09:1f:ff:d3:68:7d:fb:6b:9b:22:ca:37:c5:b4:
bb:10:a9:ff:b8:9a:fd:65:1b:d8:ce:35:ea:90:be:bf:60:fe:
f3:48:d0:64:7b:7d:e7:e3:97:61:b1:cd:a8:8e:94:e3:6a:8a:
20:0e:3d:91:b8:19:a6:c1:e7:6e:13:f7:4f:ec:cd:b1:6e:1a:
7d:eb:8b:e0:3e:e3:4a:91:08:42:89:cc:e6:06:e8:d2:3f:22:
93:5d:3b:b5:6e:9d:b6:39:35:d4:48:a9:d1:25:f4:17:d8:b7:
54:4e:9a:14:1b:6b:6b:2b:15:24:6c:b8:29:66:77:04:22:c6:
5d:50:87:b6:ff:f7:b0:cd:f7:05:6a:9f:e3:c7:23:03:d8:a6:
9a:83:d3:4d:9b:c5:80:5b:2d:96:8a:b1:b5:68:1f:2f:a7:65:
dc:ab:3a:18:cf:7b:e1:55:c4:f6:01:0d:df:41:c5:e5:c3:07:
0a:15:7e:0c:30:f1:8d:95:ff:a7:aa:9c:9d:27:1f:2a:3b:ee:
7f:9a:b1:51:74:35:e8:fe:df:af:d5:30:1a:cf:68:1e:1c:87:
02:15:73:0b:9d:44:2b:2b:36:c4:8a:b2:29:cb:ec:9c:c1:86:
bc:b8:db:70:9f:2b:9e:e4:4e:ca:83:43:42:1b:e3:cd:6d:aa:
be:c2:1f:79:12:99:34:9b:01:d0:d7:fb:73:46:f1:6d:cd:5b:
32:a5:4a:9a:e5:97:c4:92:8b:f6:fb:c5:7d:7b:ca:fe:b1:73:
70:27:05:c9:e0:2e:5b:c6:0c:b3:a2:08:30:20:5f:48:b0:82:
1a:35:b6:8f:ab:9f:26:7c:fc:89:71:59:ef:b9:06:10:49:33:
21:df:3d:9b:b2:a6:13:e1:0f:b2:aa:c4:18:ca:6f:a2:b8:cb:
56:ad:c1:4c:48:f1:84:81:10:a3:39:99:c7:66:8e:b9:18:55:
95:72:1d:90:74:b4:ad:94:b1:b9:09:0b:f8:33:25:a5:4c:3a:
66:cb:44:81:d3:91:dc:7d:de:b3:40:7b:01:14:f0:9a:29:4e:
a1:ef:f3:86:75:c8:58:8b:f2:7e:ac:23:95:d3:c2:a7:5c:0a:
f8:fd:43:f9:49:de:68:75:50:1a:20:9a:d4:ad:af:a3:92:50:
c0:e2:5a:6b:0e:2c:3f:fd:f5:08:47:a6:f4:c2:df:be:bf:f4:
ec:03:ef:cc:29:3d:10:66:08:77:66:a6:d8:57:be:bc:82:13:
57:95:3a:cc:c3:71:aa:6b
-----BEGIN CERTIFICATE-----
MIIHQDCCBSigAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1BTlct
VVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
b29wZW4uZGUwHhcNMTgwNzAxMTIxMzQ1WhcNMzgwNzAxMTIxMzQ1WjCBrDELMAkG
A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGjAYBgNVBAMT
EVZQTi1BTlctVVJCLWNocmlzMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqG
SIb3DQEJARYOYXJndXNAb29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
ggIKAoICAQCmaF8/xuke0DJtb9o+YbTcavESM+LsNxT4WNKymiE8Ai0ABVUxZq8E
52XYnYNcaiavt/3ijmdDxQBOuMqU87dEke37mEh6Rqi5V7fwJ5kXPHNlhxDGDuHW
dYXjD60IYrw1HYoI7QPYUUS0MsRX3oQtFknRmQZbHKQODToEMvsSE9ZiZGrioVxh
5X8bcB0kIhN7vxD8P6Z4dPHcA6LXKuBfzt//LXMt3RK65a5i01S1SFM57nBj/e6n
vhpBIbyEcap0FjXduNfI08QVuIxKkq1eHAOGTA5LbRixjYWSxO4B5AHIoBmQrbq8
aVzDVn0RgvUd3dQVuYPNDvneJOrrSEYuneD8yl998+luSvE9JvhltzxHHsyyNvTD
30B2WsNxRgIYrUxq6lPgoAzpwEy/NhmUAx3RfCAyZnsKOBAkGwhkYdisT5DByvru
IR8tXz2EoYEOZ0lbdulVTIGrH7isdJSXGQiOXbLZIhr3/eTcFv9gNqbI4PvpCwPG
UP8hg8O8aUiWcoxrEArLL3tpxlp5JlS4BSXJj725m/CCuaZN6hl6cEUFttKmIoKW
KzCt9h8okGLEJVJKJtza05+U3sT02wKKJwyXRdfvfF8Z+k/yQcvPGMHxuGbdgSNP
sKx6BBE5VWPlF5CxfZGadogRnA4J3SG/MNgeMJv5UZ2rDjqZoubuYQIDAQABo4IB
bzCCAWswCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2VuZXJh
dGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBTRPLXyUmqvwwPUbLmzUYaOMxr4WDCB
2wYDVR0jBIHTMIHQgBTF9OUo3n/o7JvzICYiUlEjKHRepKGBrKSBqTCBpjELMAkG
A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMT
C1ZQTi1BTlctVVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJ
ARYOYXJndXNAb29wZW4uZGWCCQDdX6YWS5036TATBgNVHSUEDDAKBggrBgEFBQcD
AjALBgNVHQ8EBAMCB4AwEAYDVR0RBAkwB4IFY2hyaXMwDQYJKoZIhvcNAQELBQAD
ggIBAI67FjgkmJlI0/bie4kSEb1orEKzCGmA1q9FxJAD+DnWEpQcE+SYrtgJH//T
aH37a5siyjfFtLsQqf+4mv1lG9jONeqQvr9g/vNI0GR7fefjl2GxzaiOlONqiiAO
PZG4GabB524T90/szbFuGn3ri+A+40qRCEKJzOYG6NI/IpNdO7VunbY5NdRIqdEl
9BfYt1ROmhQba2srFSRsuClmdwQixl1Qh7b/97DN9wVqn+PHIwPYppqD002bxYBb
LZaKsbVoHy+nZdyrOhjPe+FVxPYBDd9BxeXDBwoVfgww8Y2V/6eqnJ0nHyo77n+a
sVF0Nej+36/VMBrPaB4chwIVcwudRCsrNsSKsinL7JzBhry423CfK57kTsqDQ0Ib
481tqr7CH3kSmTSbAdDX+3NG8W3NWzKlSprll8SSi/b7xX17yv6xc3AnBcngLlvG
DLOiCDAgX0iwgho1to+rnyZ8/IlxWe+5BhBJMyHfPZuyphPhD7KqxBjKb6K4y1at
wUxI8YSBEKM5mcdmjrkYVZVyHZB0tK2UsbkJC/gzJaVMOmbLRIHTkdx93rNAewEU
8JopTqHv84Z1yFiL8n6sI5XTwqdcCvj9Q/lJ3mh1UBogmtStr6OSUMDiWmsOLD/9
9QhHpvTC376/9OwD78wpPRBmCHdmpthXvryCE1eVOszDcapr
-----END CERTIFICATE-----

139
ANW-URB/openvpn/anwaeltinnen/keys/03.pem Normal file
View File

@ -0,0 +1,139 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3 (0x3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-ANW-URB/name=VPN ANW-URB/emailAddress=argus@oopen.de
Validity
Not Before: Jul 1 12:18:17 2018 GMT
Not After : Jul 1 12:18:17 2038 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-ANW-URB-undine/name=VPN ANW-URB/emailAddress=argus@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:d7:e8:b3:67:8c:3f:70:c2:88:4e:cb:11:6c:c3:
35:77:f3:ce:5b:71:ef:64:df:4c:fe:d6:2e:25:7d:
52:d1:f5:0f:17:73:4b:f6:ef:d6:65:e7:a1:d8:7e:
43:36:fd:f6:06:74:db:14:52:4f:d6:4c:be:c0:f0:
6d:bc:38:b1:0e:f3:a4:49:83:d3:50:a7:69:d2:5c:
2c:16:db:ad:cc:c7:f3:9c:d5:90:91:c7:ad:69:db:
3e:2e:bb:9a:82:67:7f:4d:f4:c9:88:08:a0:42:8a:
3d:4b:b0:a9:88:cc:02:b6:0e:24:0c:6a:64:a5:b4:
d9:c7:bd:03:10:a5:3a:fd:17:e1:32:82:f1:fb:cc:
67:4b:48:5b:41:af:01:b5:58:fb:31:22:15:84:2f:
e4:5b:05:7a:f9:1b:8d:d9:73:18:ed:2d:41:07:1d:
12:d4:14:25:92:9b:8f:48:39:0c:4c:43:54:aa:20:
da:f5:36:4a:d7:ce:a4:5a:68:03:f2:a8:f6:ad:70:
f1:34:03:ec:36:74:e9:76:2f:56:d7:37:02:a1:00:
3b:90:69:3d:a6:09:1c:95:ed:a3:a3:02:04:fb:8c:
e7:b3:db:9f:ff:a8:10:8c:a1:f0:29:54:fd:3d:35:
21:4d:85:c2:41:cb:e8:07:d2:ce:d2:59:f8:0b:77:
a1:f9:47:7c:37:bd:04:a4:be:2a:97:2b:c9:e0:12:
79:7c:89:be:84:f0:ab:43:b2:f0:c3:57:a4:b9:6e:
ae:85:7f:3d:41:20:82:d0:d5:d6:b1:27:07:86:28:
a6:1f:d8:31:c3:59:46:1d:c2:5e:93:ad:1d:2f:bb:
2e:11:a2:bb:59:45:75:b9:b7:df:0a:21:d2:f4:82:
8a:77:6d:17:9a:98:d7:89:0a:69:c7:f6:2b:ec:c9:
d5:c9:33:18:bf:38:58:b4:f8:c6:00:57:65:6f:f0:
a1:e5:35:bc:f0:10:81:bd:73:4c:78:48:3f:71:eb:
96:62:e3:03:44:a2:19:41:7e:90:fc:b2:a0:72:b8:
28:6a:83:66:bb:48:75:d8:56:d1:f3:c7:01:a2:b7:
55:e6:b9:76:a9:3d:6a:bd:ec:d3:2c:e0:bd:cf:07:
de:02:6d:f2:3c:41:60:21:f2:2d:b4:85:5b:11:a2:
cb:72:b4:c1:80:3b:46:f0:81:92:c4:42:6f:0b:85:
c4:e6:57:82:fa:ac:0a:8d:de:0e:e5:ae:17:e4:f6:
d4:60:68:b4:59:b4:ad:8d:00:d2:34:80:7d:aa:33:
96:53:bf:fb:54:42:2b:50:63:af:b2:e2:f8:ba:7a:
12:18:b9:d5:81:4b:67:b6:d2:c4:dc:8a:9c:ee:1e:
e6:3c:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
DB:7A:22:8D:C1:62:E0:D2:E4:FE:5F:7D:E0:4E:B5:39:DB:9F:98:E9
X509v3 Authority Key Identifier:
keyid:C5:F4:E5:28:DE:7F:E8:EC:9B:F3:20:26:22:52:51:23:28:74:5E:A4
DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-ANW-URB/name=VPN ANW-URB/emailAddress=argus@oopen.de
serial:DD:5F:A6:16:4B:9D:37:E9
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:undine
Signature Algorithm: sha256WithRSAEncryption
38:9f:46:d6:9f:8d:19:bd:a6:76:49:58:da:96:bf:32:61:ec:
1c:06:2d:c0:56:15:38:c4:f9:1e:c7:16:ca:68:a7:5f:c1:8b:
86:7b:9c:03:e6:47:2c:b6:ac:9e:0c:87:50:b9:f4:4d:9b:74:
1c:bc:d3:6d:c9:94:d9:2c:2a:17:36:0b:39:77:c1:6d:3d:25:
22:fa:cf:2e:b1:30:11:a1:6a:6a:25:af:b8:31:13:f9:32:c1:
51:48:97:ac:8c:2e:8d:44:a5:16:ff:5b:a9:df:ae:fe:5e:0b:
8a:6f:89:b7:3e:7f:cb:ae:5a:98:1c:e5:00:72:d6:ff:15:c5:
7d:3a:bc:ca:b1:e4:0f:f3:1b:f1:b8:22:c9:db:3b:13:fd:75:
3f:03:84:83:a2:65:4f:e6:7b:ba:2f:26:e1:b2:7e:69:55:90:
e2:66:2a:12:1c:05:42:58:29:bb:e3:e0:1c:6e:3e:9a:bc:39:
3f:d6:fd:e7:55:fb:7f:67:de:99:4d:26:43:39:39:24:b5:da:
14:e9:c0:df:1c:7b:93:55:07:14:d4:db:de:ef:90:59:79:95:
c5:07:72:d4:ca:23:5a:dd:6e:9e:6b:47:4f:01:20:69:d2:fa:
76:af:83:47:3a:32:ed:00:04:e9:ea:cd:55:7a:4e:c6:5f:b4:
11:aa:49:c9:d5:b3:db:7d:8e:9b:e6:1f:ad:6b:c1:4b:47:08:
3a:55:6e:74:a9:42:8b:f1:02:1c:96:c2:c6:73:d7:45:85:40:
46:08:05:bc:9b:19:14:2e:8d:29:0c:b2:24:a2:ca:62:12:58:
6d:7e:1f:b8:fe:c2:5c:27:b7:cb:46:a9:07:c6:c0:ef:7a:e9:
59:c0:c8:e0:08:2b:f5:59:dd:b5:88:df:e1:52:d6:bd:05:d5:
d4:f0:5c:2d:8d:1d:f7:44:1d:8f:7a:d8:ea:72:b1:48:10:d8:
63:1a:b2:55:18:18:c2:0f:da:2c:35:36:cc:70:cb:7e:31:67:
a5:d2:6a:e0:85:72:e0:14:2b:50:fa:52:85:58:7c:e0:c2:31:
b7:a7:df:25:8b:55:4f:b6:48:f2:66:66:0d:11:50:d8:4d:86:
00:e0:ec:3e:ec:39:0f:16:70:76:c2:86:69:e8:34:26:ba:d5:
fc:af:6b:fa:e1:e1:29:61:11:ab:9f:e1:e1:0e:dc:ef:58:31:
58:00:5b:93:53:bf:b1:60:d0:b0:3d:53:e8:be:fd:8b:50:f5:
61:dc:99:4f:17:6a:5d:32:62:0c:ab:22:77:94:ad:f6:4c:51:
a0:03:d7:03:fe:ce:85:bf:eb:0c:24:5c:1d:1f:28:10:9f:bc:
13:86:b4:c4:9d:12:54:2c
-----BEGIN CERTIFICATE-----
MIIHQjCCBSqgAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1BTlct
VVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
b29wZW4uZGUwHhcNMTgwNzAxMTIxODE3WhcNMzgwNzAxMTIxODE3WjCBrTELMAkG
A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGzAZBgNVBAMT
ElZQTi1BTlctVVJCLXVuZGluZTEUMBIGA1UEKRMLVlBOIEFOVy1VUkIxHTAbBgkq
hkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
MIICCgKCAgEA1+izZ4w/cMKITssRbMM1d/POW3HvZN9M/tYuJX1S0fUPF3NL9u/W
Zeeh2H5DNv32BnTbFFJP1ky+wPBtvDixDvOkSYPTUKdp0lwsFtutzMfznNWQkcet
ads+Lruagmd/TfTJiAigQoo9S7CpiMwCtg4kDGpkpbTZx70DEKU6/RfhMoLx+8xn
S0hbQa8BtVj7MSIVhC/kWwV6+RuN2XMY7S1BBx0S1BQlkpuPSDkMTENUqiDa9TZK
186kWmgD8qj2rXDxNAPsNnTpdi9W1zcCoQA7kGk9pgkcle2jowIE+4zns9uf/6gQ
jKHwKVT9PTUhTYXCQcvoB9LO0ln4C3eh+Ud8N70EpL4qlyvJ4BJ5fIm+hPCrQ7Lw
w1ekuW6uhX89QSCC0NXWsScHhiimH9gxw1lGHcJek60dL7suEaK7WUV1ubffCiHS
9IKKd20XmpjXiQppx/Yr7MnVyTMYvzhYtPjGAFdlb/Ch5TW88BCBvXNMeEg/ceuW
YuMDRKIZQX6Q/LKgcrgoaoNmu0h12FbR88cBordV5rl2qT1qvezTLOC9zwfeAm3y
PEFgIfIttIVbEaLLcrTBgDtG8IGSxEJvC4XE5leC+qwKjd4O5a4X5PbUYGi0WbSt
jQDSNIB9qjOWU7/7VEIrUGOvsuL4unoSGLnVgUtnttLE3Iqc7h7mPFsCAwEAAaOC
AXAwggFsMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVy
YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU23oijcFi4NLk/l994E61OdufmOkw
gdsGA1UdIwSB0zCB0IAUxfTlKN5/6Oyb8yAmIlJRIyh0XqShgaykgakwgaYxCzAJ
BgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0G
A1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRQwEgYDVQQD
EwtWUE4tQU5XLVVSQjEUMBIGA1UEKRMLVlBOIEFOVy1VUkIxHTAbBgkqhkiG9w0B
CQEWDmFyZ3VzQG9vcGVuLmRlggkA3V+mFkudN+kwEwYDVR0lBAwwCgYIKwYBBQUH
AwIwCwYDVR0PBAQDAgeAMBEGA1UdEQQKMAiCBnVuZGluZTANBgkqhkiG9w0BAQsF
AAOCAgEAOJ9G1p+NGb2mdklY2pa/MmHsHAYtwFYVOMT5HscWyminX8GLhnucA+ZH
LLasngyHULn0TZt0HLzTbcmU2SwqFzYLOXfBbT0lIvrPLrEwEaFqaiWvuDET+TLB
UUiXrIwujUSlFv9bqd+u/l4Lim+Jtz5/y65amBzlAHLW/xXFfTq8yrHkD/Mb8bgi
yds7E/11PwOEg6JlT+Z7ui8m4bJ+aVWQ4mYqEhwFQlgpu+PgHG4+mrw5P9b951X7
f2femU0mQzk5JLXaFOnA3xx7k1UHFNTb3u+QWXmVxQdy1MojWt1unmtHTwEgadL6
dq+DRzoy7QAE6erNVXpOxl+0EapJydWz232Om+YfrWvBS0cIOlVudKlCi/ECHJbC
xnPXRYVARggFvJsZFC6NKQyyJKLKYhJYbX4fuP7CXCe3y0apB8bA73rpWcDI4Agr
9VndtYjf4VLWvQXV1PBcLY0d90Qdj3rY6nKxSBDYYxqyVRgYwg/aLDU2zHDLfjFn
pdJq4IVy4BQrUPpShVh84MIxt6ffJYtVT7ZI8mZmDRFQ2E2GAODsPuw5DxZwdsKG
aeg0JrrV/K9r+uHhKWERq5/h4Q7c71gxWABbk1O/sWDQsD1T6L79i1D1YdyZTxdq
XTJiDKsid5St9kxRoAPXA/7Ohb/rDCRcHR8oEJ+8E4a0xJ0SVCw=
-----END CERTIFICATE-----

39
ANW-URB/openvpn/anwaeltinnen/keys/ca.crt Normal file
View File

@ -0,0 +1,39 @@
-----BEGIN CERTIFICATE-----
MIIG5DCCBMygAwIBAgIJAN1fphZLnTfpMA0GCSqGSIb3DQEBCwUAMIGmMQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEUMBIGA1UEAxML
VlBOLUFOVy1VUkIxFDASBgNVBCkTC1ZQTiBBTlctVVJCMR0wGwYJKoZIhvcNAQkB
Fg5hcmd1c0Bvb3Blbi5kZTAgFw0xODA3MDExMTM2NTVaGA8yMDUwMDcwMTExMzY1
NVowgaYxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJl
cmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2Vz
MRQwEgYDVQQDEwtWUE4tQU5XLVVSQjEUMBIGA1UEKRMLVlBOIEFOVy1VUkIxHTAb
BgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOC
Ag8AMIICCgKCAgEA0Eg3kuQNQbERkNaYwBm4/Q1FAnFg5p9kPFDoYrx+/Sm1XCAp
dO4Ufs0ZqyGFhUMtKU2nNeKy21lPMR3sRIADlqX767FmNahMHsG6iJ87y2cEZKTD
CWK15jNEwP54DzxTqSEO3VnmMnZqOrahPTyAsrT/HGnaair40FG3JKj1VzbERuaD
u9OGKzGLFfZLTisGURAiU0yWKt9t6EbunXVheMmCv1n0ReKWF8W4lzPl7XNZnrN+
uVr6PFYwgwWW9iyJF5gwBuWnk6gCMZ4dk7NJGX00rPn9tL9gj4OpSq4ab9B9iUTM
9qtJRw859i8255TzyjGLrFxjdSVcr6jkKZXBqfPCc52PFsdtdi0Z3TaixY6q33NH
QPjLwacFHqKqjmURYmEJ6SCQh+gy88ns+q1F6iGW/RJcYAr5aSfHCujvcqzWx7kQ
Cm+M0e2or52GF7rni2RxuwN5VB+Rg8odDblXFJz8+Re2ogIjVJH3+SGO5THmWb2U
vcQfZG8HS9qo/M7AfFAX8rJ9SGUE8IXd+ToLChNQQ+ve0BtELVxepb9Sa+qNrd1y
KMgfexkCaI0FE8nrXyW/RcDuvczQu3Z4gUyimbGGR7OjCh0sbW/YKu/3Fa9TM5zB
Y4ftr7hy3ZnHbJN+19n2UHfmtTr+ZgeAs7JwMynInof8BHhGv+kUum3crJsCAwEA
AaOCAQ8wggELMB0GA1UdDgQWBBTF9OUo3n/o7JvzICYiUlEjKHRepDCB2wYDVR0j
BIHTMIHQgBTF9OUo3n/o7JvzICYiUlEjKHRepKGBrKSBqTCBpjELMAkGA1UEBhMC
REUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZv
Lm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1B
TlctVVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJn
dXNAb29wZW4uZGWCCQDdX6YWS5036TAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEB
CwUAA4ICAQCsVsSGmADWXv/lcH9sG+dIfQzq1b+gwlbdFPUX2Cc8zOnKwwKlG31k
dupsmTz6e7kXNMbcaWkZmhC20SxnuVzuT0BxoCAplTZ64FxK+Z3ezjIj0UxEVS83
m9uDUJ8Cqdcb/0sv05pPqvw3NL+VvNElyZKYsE8YqzlxNcM0GYpFlbO4mH9g1Oc/
FChyxW0j1tdo/DDUypxOJni/nFETudequpeEAFI5rhOTu34uG2KZCXvKrPwO/NG9
EmgTZJhEA2QLKBfBwfiWFIlFc1EOx9ZyjmIxt/iA2nQAB6nN7mp/RxuzHuLfqJcN
+4LpD/gl2vdmgTSgSWPsFthRZALW7U4pJew4vJeQZjhn/0KjSPCCkoLaAIW/xQrs
4HgieQxO56ejaUzU+FdzU4MgWpZrl7i0OiZ6KiSH56PlutZhLyQha/P03IeXpSDs
WdRVE6iQ24CLjIJ+B3C/T/YtAGEnm5L+Rw5bVcL4cIjkoQx0tVHE1OOcquYY78aA
o1/oMkW/HRx7rGfbxykcnVOYyEegklSu4uSBIw2qrlA1Ug3wWpK+226+s2Rprpbs
Y44VQIZ0c2ZFG2nrddoG1N+Uzse/577orfsXeMyEbShgnao4If13DKqPCNfayxmp
4phyU0hy3UUIEc92FBH/GlOBbbxAozfH39GICmeFO6xTJDajKG0OTA==
-----END CERTIFICATE-----

52
ANW-URB/openvpn/anwaeltinnen/keys/ca.key Normal file
View File

@ -0,0 +1,52 @@
-----BEGIN PRIVATE KEY-----
MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDQSDeS5A1BsRGQ
1pjAGbj9DUUCcWDmn2Q8UOhivH79KbVcICl07hR+zRmrIYWFQy0pTac14rLbWU8x
HexEgAOWpfvrsWY1qEwewbqInzvLZwRkpMMJYrXmM0TA/ngPPFOpIQ7dWeYydmo6
tqE9PICytP8cadpqKvjQUbckqPVXNsRG5oO704YrMYsV9ktOKwZRECJTTJYq323o
Ru6ddWF4yYK/WfRF4pYXxbiXM+Xtc1mes365Wvo8VjCDBZb2LIkXmDAG5aeTqAIx
nh2Ts0kZfTSs+f20v2CPg6lKrhpv0H2JRMz2q0lHDzn2LzbnlPPKMYusXGN1JVyv
qOQplcGp88JznY8Wx212LRndNqLFjqrfc0dA+MvBpwUeoqqOZRFiYQnpIJCH6DLz
yez6rUXqIZb9ElxgCvlpJ8cK6O9yrNbHuRAKb4zR7aivnYYXuueLZHG7A3lUH5GD
yh0NuVcUnPz5F7aiAiNUkff5IY7lMeZZvZS9xB9kbwdL2qj8zsB8UBfysn1IZQTw
hd35OgsKE1BD697QG0QtXF6lv1Jr6o2t3XIoyB97GQJojQUTyetfJb9FwO69zNC7
dniBTKKZsYZHs6MKHSxtb9gq7/cVr1MznMFjh+2vuHLdmcdsk37X2fZQd+a1Ov5m
B4CzsnAzKcieh/wEeEa/6RS6bdysmwIDAQABAoICAQCONbDUN6ehgc/Xj95t02JO
TWAgAd/Ct3POBwQUXlVqb67nvwHvV5tg1JNBGDs9ORe9yspvbWDnibwbci3eu3U3
yA8Q52g9HLMUkPvWyrod8DG8sg6E+wPtsHWyPE0nQe5xXSP0GKynKdjwS8AdupC4
9AH3mYLK2JpYSmL8wev552fubPfnJ87E8SfhD/Bs582BTb3SGEmz7ifx33SOyBWM
TjJaioXRrZsDkjmt636DOS4owK+2yRpwVfz7iLaBUPktxfiMzQM1OxJ8ZFQXg+NW
ZvmvXWVPoxfABYpydhuQ2s7MCdDUXzFCNnBB2gzn4/jsxhVy0wYJd0Aoo+1dQ2Yd
c+dYHEWjPM2k88ptNLJbEOjjoRwup8GhGe/8ERiUmEVcN9ugS+2mwpN6g2GV6wxl
WTaRRUh/Pa0tTHux4w6oqffnyZwGAjwaa0coACbu9JQ1r2Oi8jFUBHPCCtQrY0uU
+F4mMACN8sndfeV+kTpaA1d8EkY8cRJbOVAIzBwcasenPzck1tZYE2nxZPXiQqBo
oeOPM3RkCAi/BqvFMtIk2WJdoVS1pVLdRAWuXwEv4Y9XTvEq1T7MxTJJlWm2pi7n
h/vGSEutGaPXalId7bH41D7bYzr5etuMJEaL+PoFl87EMJAS6+rPEtUiKdpILXPV
AcxzmAjtup9i7QjMMiw3YQKCAQEA7N4fLi3nJ1vD+TGrzexU/jNP8mc/4Wf1YyRt
tMIm+amHp74TGZFXXkilSD+v0Yopah+FCME7leSPNMZPTPlIveRqYxVciM6hxbJr
k2+WBSi5rF32M4+/zrj1dYSneMB/yVdICK/i2pJdXuiWsblFdhYlkGH+n36VOUV+
wLl7nZJ9Rejgeta+WuAEE+bmh/mIlCfRFuUIN0zZn5gx3ddjP0ZTpodzL9J7wtiF
5wicqx9y9RWWYQUHSMo6r0qeW20DjX12Bx7zgPWhCveugqq6PzxeADitqjaiWrAj
ZZwq2R12Bzf91/lIA4DgVYce1TV1+y4+whcv3spkrV/uH7dRqwKCAQEA4RsC9rfk
M7xlhtZU9vUtmoTpEQeMrgGjCq2Yq+3OcfTgJWhq5EarlIPXkoZdWdLaJiQU7rxN
6rWrmtvOmsND4t8/CMHsQ9uwFo+bCDBcCKvOgBnASDUbhdGFoBhH6TAWT8gvuNKv
dbGtUDtZIVp/8YlwD2mkTFJt5ZG7dO3wll4XzpXd4xM9X4fmITMNIb1Rra42RkWm
kZKhZ292++MULrlz+PHGZcCZcIVUE2dkeJq6YBCUWg0LzKvHopATmylYVjwllY1J
F0qauRITIFVgU/6xlGtkRIQ585F3uN5s6tGJpUVgfKQ7RK6QKjHRvNqceJ6QvhH4
jxcHFHBCLpkA0QKCAQB8B8+R8c1hiaazvPO2j3Lt7NaHGtOTZ0lSEcg0Z5nbD4+O
IXSE5ds27plFnLum4E7RWBHkRLK7yYPHYbQynTIe5RVkLtJWfMSu7b9w43RN3UZk
YItD8pjAWY+GauD61OnU9xQsIFWMmCm2Qdpu05HwxKYE1Ztrzu+6no5Bwp5dI1Df
o5KwH/RrR3Q7K6Q5PUvsMHFHKMTFmEM4U4yBGoDIqD2zLKf/OZs+qvxqvtKytHQQ
q64jvWtUDTjvgwYq34mFtFVyYx2kwHoEcS97EoUWCbk7KnKdd6BKFoNieITjTY75
NrOAPPMdioVto6RchnLyBQQtw9B4O8i+FEZvayGjAoIBADkH+uw/EtX4uVA8JTKc
U31+hv4Fh6LeT0x5RuDoUxGUFOXlWo+TSA1MieVZnXUQcqyPH66MjsEUXfHSFron
Fp/4J6Q0XYOjuS0+HO0qM2cPADZ8T7b7nYl91/kDrdRqlnyIH28YEdQju+FD6AUH
RLsRMw70mOetSqKLFY8+aWHvXOC+H4VUbowxhiCLKpyNto/mP2H2a4keOT5XgzG2
Cnr8CWHc/4LwFO/pF7AC1fWoXefQy4U1IPQt4VpSXmVFSFgwzOTi8s2v3RtedPIQ
L2OYd60+uByT04reJBL2Z2nmxJTWyudJRKrV/zhxfs32JQZ6Rfmh2/OExgprlpjv
ssECggEBALQDTtW6rlIKde6C/STWWyOBqY7bw7z6ECdvqC5ZzSIfs7eBxUhL7ahe
G/U0P5Jcw/sUo3xB2QnmCpSVYeiShpaPu6XC4JaxImF0GCGAtDitfCT7aKeYX16g
uQ2AQn/cXb9sI5c+tG4ollurrigPoJCZSAZu23hNURofb/AalYUZMvtg+udi7x6d
bQ2DT1Zy0B5X+cJm0/hTpkLa7NIyAkhAhMgvzdXq5WscX+y7MQFekWaXdJO4Fieh
WJLOyxmwKiW9NnE9J7KAq/YDzrbhIu/mfeDlQk9Cm8jZEvQul6ND/fby8kRMxAPq
9HcXkHjCoQ8f2pZaZZ36Q0XYt4gLoV4=
-----END PRIVATE KEY-----

139
ANW-URB/openvpn/anwaeltinnen/keys/chris.crt Normal file
View File

@ -0,0 +1,139 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-ANW-URB/name=VPN ANW-URB/emailAddress=argus@oopen.de
Validity
Not Before: Jul 1 12:13:45 2018 GMT
Not After : Jul 1 12:13:45 2038 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-ANW-URB-chris/name=VPN ANW-URB/emailAddress=argus@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:a6:68:5f:3f:c6:e9:1e:d0:32:6d:6f:da:3e:61:
b4:dc:6a:f1:12:33:e2:ec:37:14:f8:58:d2:b2:9a:
21:3c:02:2d:00:05:55:31:66:af:04:e7:65:d8:9d:
83:5c:6a:26:af:b7:fd:e2:8e:67:43:c5:00:4e:b8:
ca:94:f3:b7:44:91:ed:fb:98:48:7a:46:a8:b9:57:
b7:f0:27:99:17:3c:73:65:87:10:c6:0e:e1:d6:75:
85:e3:0f:ad:08:62:bc:35:1d:8a:08:ed:03:d8:51:
44:b4:32:c4:57:de:84:2d:16:49:d1:99:06:5b:1c:
a4:0e:0d:3a:04:32:fb:12:13:d6:62:64:6a:e2:a1:
5c:61:e5:7f:1b:70:1d:24:22:13:7b:bf:10:fc:3f:
a6:78:74:f1:dc:03:a2:d7:2a:e0:5f:ce:df:ff:2d:
73:2d:dd:12:ba:e5:ae:62:d3:54:b5:48:53:39:ee:
70:63:fd:ee:a7:be:1a:41:21:bc:84:71:aa:74:16:
35:dd:b8:d7:c8:d3:c4:15:b8:8c:4a:92:ad:5e:1c:
03:86:4c:0e:4b:6d:18:b1:8d:85:92:c4:ee:01:e4:
01:c8:a0:19:90:ad:ba:bc:69:5c:c3:56:7d:11:82:
f5:1d:dd:d4:15:b9:83:cd:0e:f9:de:24:ea:eb:48:
46:2e:9d:e0:fc:ca:5f:7d:f3:e9:6e:4a:f1:3d:26:
f8:65:b7:3c:47:1e:cc:b2:36:f4:c3:df:40:76:5a:
c3:71:46:02:18:ad:4c:6a:ea:53:e0:a0:0c:e9:c0:
4c:bf:36:19:94:03:1d:d1:7c:20:32:66:7b:0a:38:
10:24:1b:08:64:61:d8:ac:4f:90:c1:ca:fa:ee:21:
1f:2d:5f:3d:84:a1:81:0e:67:49:5b:76:e9:55:4c:
81:ab:1f:b8:ac:74:94:97:19:08:8e:5d:b2:d9:22:
1a:f7:fd:e4:dc:16:ff:60:36:a6:c8:e0:fb:e9:0b:
03:c6:50:ff:21:83:c3:bc:69:48:96:72:8c:6b:10:
0a:cb:2f:7b:69:c6:5a:79:26:54:b8:05:25:c9:8f:
bd:b9:9b:f0:82:b9:a6:4d:ea:19:7a:70:45:05:b6:
d2:a6:22:82:96:2b:30:ad:f6:1f:28:90:62:c4:25:
52:4a:26:dc:da:d3:9f:94:de:c4:f4:db:02:8a:27:
0c:97:45:d7:ef:7c:5f:19:fa:4f:f2:41:cb:cf:18:
c1:f1:b8:66:dd:81:23:4f:b0:ac:7a:04:11:39:55:
63:e5:17:90:b1:7d:91:9a:76:88:11:9c:0e:09:dd:
21:bf:30:d8:1e:30:9b:f9:51:9d:ab:0e:3a:99:a2:
e6:ee:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
D1:3C:B5:F2:52:6A:AF:C3:03:D4:6C:B9:B3:51:86:8E:33:1A:F8:58
X509v3 Authority Key Identifier:
keyid:C5:F4:E5:28:DE:7F:E8:EC:9B:F3:20:26:22:52:51:23:28:74:5E:A4
DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-ANW-URB/name=VPN ANW-URB/emailAddress=argus@oopen.de
serial:DD:5F:A6:16:4B:9D:37:E9
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:chris
Signature Algorithm: sha256WithRSAEncryption
8e:bb:16:38:24:98:99:48:d3:f6:e2:7b:89:12:11:bd:68:ac:
42:b3:08:69:80:d6:af:45:c4:90:03:f8:39:d6:12:94:1c:13:
e4:98:ae:d8:09:1f:ff:d3:68:7d:fb:6b:9b:22:ca:37:c5:b4:
bb:10:a9:ff:b8:9a:fd:65:1b:d8:ce:35:ea:90:be:bf:60:fe:
f3:48:d0:64:7b:7d:e7:e3:97:61:b1:cd:a8:8e:94:e3:6a:8a:
20:0e:3d:91:b8:19:a6:c1:e7:6e:13:f7:4f:ec:cd:b1:6e:1a:
7d:eb:8b:e0:3e:e3:4a:91:08:42:89:cc:e6:06:e8:d2:3f:22:
93:5d:3b:b5:6e:9d:b6:39:35:d4:48:a9:d1:25:f4:17:d8:b7:
54:4e:9a:14:1b:6b:6b:2b:15:24:6c:b8:29:66:77:04:22:c6:
5d:50:87:b6:ff:f7:b0:cd:f7:05:6a:9f:e3:c7:23:03:d8:a6:
9a:83:d3:4d:9b:c5:80:5b:2d:96:8a:b1:b5:68:1f:2f:a7:65:
dc:ab:3a:18:cf:7b:e1:55:c4:f6:01:0d:df:41:c5:e5:c3:07:
0a:15:7e:0c:30:f1:8d:95:ff:a7:aa:9c:9d:27:1f:2a:3b:ee:
7f:9a:b1:51:74:35:e8:fe:df:af:d5:30:1a:cf:68:1e:1c:87:
02:15:73:0b:9d:44:2b:2b:36:c4:8a:b2:29:cb:ec:9c:c1:86:
bc:b8:db:70:9f:2b:9e:e4:4e:ca:83:43:42:1b:e3:cd:6d:aa:
be:c2:1f:79:12:99:34:9b:01:d0:d7:fb:73:46:f1:6d:cd:5b:
32:a5:4a:9a:e5:97:c4:92:8b:f6:fb:c5:7d:7b:ca:fe:b1:73:
70:27:05:c9:e0:2e:5b:c6:0c:b3:a2:08:30:20:5f:48:b0:82:
1a:35:b6:8f:ab:9f:26:7c:fc:89:71:59:ef:b9:06:10:49:33:
21:df:3d:9b:b2:a6:13:e1:0f:b2:aa:c4:18:ca:6f:a2:b8:cb:
56:ad:c1:4c:48:f1:84:81:10:a3:39:99:c7:66:8e:b9:18:55:
95:72:1d:90:74:b4:ad:94:b1:b9:09:0b:f8:33:25:a5:4c:3a:
66:cb:44:81:d3:91:dc:7d:de:b3:40:7b:01:14:f0:9a:29:4e:
a1:ef:f3:86:75:c8:58:8b:f2:7e:ac:23:95:d3:c2:a7:5c:0a:
f8:fd:43:f9:49:de:68:75:50:1a:20:9a:d4:ad:af:a3:92:50:
c0:e2:5a:6b:0e:2c:3f:fd:f5:08:47:a6:f4:c2:df:be:bf:f4:
ec:03:ef:cc:29:3d:10:66:08:77:66:a6:d8:57:be:bc:82:13:
57:95:3a:cc:c3:71:aa:6b
-----BEGIN CERTIFICATE-----
MIIHQDCCBSigAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1BTlct
VVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
b29wZW4uZGUwHhcNMTgwNzAxMTIxMzQ1WhcNMzgwNzAxMTIxMzQ1WjCBrDELMAkG
A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGjAYBgNVBAMT
EVZQTi1BTlctVVJCLWNocmlzMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqG
SIb3DQEJARYOYXJndXNAb29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
ggIKAoICAQCmaF8/xuke0DJtb9o+YbTcavESM+LsNxT4WNKymiE8Ai0ABVUxZq8E
52XYnYNcaiavt/3ijmdDxQBOuMqU87dEke37mEh6Rqi5V7fwJ5kXPHNlhxDGDuHW
dYXjD60IYrw1HYoI7QPYUUS0MsRX3oQtFknRmQZbHKQODToEMvsSE9ZiZGrioVxh
5X8bcB0kIhN7vxD8P6Z4dPHcA6LXKuBfzt//LXMt3RK65a5i01S1SFM57nBj/e6n
vhpBIbyEcap0FjXduNfI08QVuIxKkq1eHAOGTA5LbRixjYWSxO4B5AHIoBmQrbq8
aVzDVn0RgvUd3dQVuYPNDvneJOrrSEYuneD8yl998+luSvE9JvhltzxHHsyyNvTD
30B2WsNxRgIYrUxq6lPgoAzpwEy/NhmUAx3RfCAyZnsKOBAkGwhkYdisT5DByvru
IR8tXz2EoYEOZ0lbdulVTIGrH7isdJSXGQiOXbLZIhr3/eTcFv9gNqbI4PvpCwPG
UP8hg8O8aUiWcoxrEArLL3tpxlp5JlS4BSXJj725m/CCuaZN6hl6cEUFttKmIoKW
KzCt9h8okGLEJVJKJtza05+U3sT02wKKJwyXRdfvfF8Z+k/yQcvPGMHxuGbdgSNP
sKx6BBE5VWPlF5CxfZGadogRnA4J3SG/MNgeMJv5UZ2rDjqZoubuYQIDAQABo4IB
bzCCAWswCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2VuZXJh
dGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBTRPLXyUmqvwwPUbLmzUYaOMxr4WDCB
2wYDVR0jBIHTMIHQgBTF9OUo3n/o7JvzICYiUlEjKHRepKGBrKSBqTCBpjELMAkG
A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMT
C1ZQTi1BTlctVVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJ
ARYOYXJndXNAb29wZW4uZGWCCQDdX6YWS5036TATBgNVHSUEDDAKBggrBgEFBQcD
AjALBgNVHQ8EBAMCB4AwEAYDVR0RBAkwB4IFY2hyaXMwDQYJKoZIhvcNAQELBQAD
ggIBAI67FjgkmJlI0/bie4kSEb1orEKzCGmA1q9FxJAD+DnWEpQcE+SYrtgJH//T
aH37a5siyjfFtLsQqf+4mv1lG9jONeqQvr9g/vNI0GR7fefjl2GxzaiOlONqiiAO
PZG4GabB524T90/szbFuGn3ri+A+40qRCEKJzOYG6NI/IpNdO7VunbY5NdRIqdEl
9BfYt1ROmhQba2srFSRsuClmdwQixl1Qh7b/97DN9wVqn+PHIwPYppqD002bxYBb
LZaKsbVoHy+nZdyrOhjPe+FVxPYBDd9BxeXDBwoVfgww8Y2V/6eqnJ0nHyo77n+a
sVF0Nej+36/VMBrPaB4chwIVcwudRCsrNsSKsinL7JzBhry423CfK57kTsqDQ0Ib
481tqr7CH3kSmTSbAdDX+3NG8W3NWzKlSprll8SSi/b7xX17yv6xc3AnBcngLlvG
DLOiCDAgX0iwgho1to+rnyZ8/IlxWe+5BhBJMyHfPZuyphPhD7KqxBjKb6K4y1at
wUxI8YSBEKM5mcdmjrkYVZVyHZB0tK2UsbkJC/gzJaVMOmbLRIHTkdx93rNAewEU
8JopTqHv84Z1yFiL8n6sI5XTwqdcCvj9Q/lJ3mh1UBogmtStr6OSUMDiWmsOLD/9
9QhHpvTC376/9OwD78wpPRBmCHdmpthXvryCE1eVOszDcapr
-----END CERTIFICATE-----

29
ANW-URB/openvpn/anwaeltinnen/keys/chris.csr Normal file
View File

@ -0,0 +1,29 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIE8jCCAtoCAQAwgawxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3Jr
IFNlcnZpY2VzMRowGAYDVQQDExFWUE4tQU5XLVVSQi1jaHJpczEUMBIGA1UEKRML
VlBOIEFOVy1VUkIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEApmhfP8bpHtAybW/aPmG03GrxEjPi
7DcU+FjSspohPAItAAVVMWavBOdl2J2DXGomr7f94o5nQ8UATrjKlPO3RJHt+5hI
ekaouVe38CeZFzxzZYcQxg7h1nWF4w+tCGK8NR2KCO0D2FFEtDLEV96ELRZJ0ZkG
WxykDg06BDL7EhPWYmRq4qFcYeV/G3AdJCITe78Q/D+meHTx3AOi1yrgX87f/y1z
Ld0SuuWuYtNUtUhTOe5wY/3up74aQSG8hHGqdBY13bjXyNPEFbiMSpKtXhwDhkwO
S20YsY2FksTuAeQByKAZkK26vGlcw1Z9EYL1Hd3UFbmDzQ753iTq60hGLp3g/Mpf
ffPpbkrxPSb4Zbc8Rx7Msjb0w99AdlrDcUYCGK1MaupT4KAM6cBMvzYZlAMd0Xwg
MmZ7CjgQJBsIZGHYrE+Qwcr67iEfLV89hKGBDmdJW3bpVUyBqx+4rHSUlxkIjl2y
2SIa9/3k3Bb/YDamyOD76QsDxlD/IYPDvGlIlnKMaxAKyy97acZaeSZUuAUlyY+9
uZvwgrmmTeoZenBFBbbSpiKCliswrfYfKJBixCVSSibc2tOflN7E9NsCiicMl0XX
73xfGfpP8kHLzxjB8bhm3YEjT7CsegQROVVj5ReQsX2RmnaIEZwOCd0hvzDYHjCb
+VGdqw46maLm7mECAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4ICAQAJQJ250AtBCmWI
rrPA+q86l6SoYbQ2LAIsz8rKGikQNOUReXMVp8Skt/GdTYLNKLxoq4Tv6dSjNJtK
lEQf/HjqYlXx/plE43Bg/WRGNfkjr2OcYdhDdXg9UHoj6bkOzETHlorUH4Lwqx6B
ODXyYCsiT3m/ofbZjOwzj1a76rMfpZEn0l56S27eQDpsIAhGHzO1w9rkIuYXRWTU
GcwAOIGzepjsvev5JB7BYq/qkCIwxQqc6GLS1XHr0op8+VMh75QN2deds3kxmab+
lJBMce6OAZ4fmB7zZrQ3zjGjZPGnJMdap2ywHp/xjpHm57PEaltq8RUACh/dr9VN
8q0/EKjQElzwqkxqKC6c41KZa1eNM/gON9BTcZBLaZKVQKTyUAQ8v+BeQ17MCrD9
jWZfCENVSESdLlspb7uiciLJI0HwL7cKBzP5204LElroxDOqayZ4RA/Z49yMw4jd
EZHtWabs+xg1MWv/+1hBbRbjf5acB1YGkOLoxCEq7l8z6mYgwgxN5jp5JqPKFj/P
QMCLKXGPXZKyxIcMs+GdfxXun900pu/BMgO6Y+uHKdIVV7uGZbtQjqwTU8j/kNa6
7Ikr1RQCr9uZ/tNt61K5IZnT6bxIwSxdk1YVp8+3FVTZkHGor4Sk15Mvs8uZ5GL2
x3A4ageabACHGXCnVHH9xF6gPnkO+Q==
-----END CERTIFICATE REQUEST-----

54
ANW-URB/openvpn/anwaeltinnen/keys/chris.key Normal file
View File

@ -0,0 +1,54 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIJljBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIwgpZYNPhKv4CAggA
MBQGCCqGSIb3DQMHBAhMWcosg1DkggSCCVBPbBDQJAZKMbPsp1qwJQL09RpZgtpp
y93DH+BlfoqK8Yvn2P1FUUSK7gtHtg7dL7MJyXzQSusx7rd62wMTPDPOCf2p5S50
EngLGOwuS6mQtYXHSxl1+RIJxkTJzCOkeiFYZ2eXwhC1iTCZzAMuRNoY7dSQWMtP
mkJEcjA5xlSXGc9YZHE9T9TtKPHF3l6QJk9y7iT0CUF1PjAoSijGreuUMvK6t7FM
Bv+yurbXC03v7Bmsb+m3zDUSOzsDtDGWChP4v9kAGjv+wDNY44fI4nD3B2oJrGzu
QRqmuv/LqYJc5/4M2MoasJD7mc7JxNqf4CiY01exgVnALEb8mm1GLu3b0dyf0H08
N4tJl+6kctl7nIxux943o5CXSenBjRbiTys/Hsv5iUhlzLKBxrAiVACIDnOy6LLE
Z1xpWw+kGPNk95v61wxrO+k7wie3rAjLGwSjlgE/ukmBoF+t/huyB/5Uax0OMMQU
ju50r7HGaKiNLGi97pdr56fmRquFzxfbAoToZckwBHd4ga0DMFoHylnOo4fzwmL6
BAJg/kBDfn16rjGCwg90CF9hLyEnOyppAqTwqXQyDAWOFJaXSArea/Tvvo6sTK92
maKSLXhu9wHOWgti7IE3/tz/DUkXeTMvAms+C7ho24E9VgRi+1l6r92A9eeSAO6L
/d13e5jOfQ0NUvNpn0VyzwgKJK+LB4br7DveehUtTr4RVgH5x2ulzmsEeDEvlH4a
RYV7uDCG+f2IHieNsn4jI2yxZTVv1VhtPWQJdsFFJ2wmTHwnU+wDmeTBAaucB6E9
8swykBViLQwWzy3prBonDz2+1jAzMTvCeasZwEovSxgVtrMCOH/vobotMW/YVHtC
TBYNtX+1Sc3er06LdhsXn6BpmNiGck3jqOYPZDihX38viOfzFg0vy60r39TyLBX9
VFTepVPNDvG4NdLoqibbt70ik2L9y2igL60jb4hPIjWhN7kgmA033PkhPUb/FR0P
c7vGAtKpZ8OWWlGMMzURYchspfkMfeZ8fPyyk8kHm8nKQ0+sICy8IqNqK0bitS95
nIkGrohRasxBN0eqth4aofP+uLwsUagrd+ceFWNr0+F4xoqtyLVy/iq6XJytZniW
8cth2X/U1GwZ/6F0SdylXLbPhVHCcPvlowCVVBR0wScxRH3WjDj5lk9uHX0bPYTA
Sl1cuheFGMUSA/77t64yiSEHewW0H/DRSuNPMOS1zLMQ/L5c+kPPHLKRFqJCkPc2
rvsqKxKgvlmwCziMVgJQ0ndfET7m7UY8xUhlja3tsDG9bvPey6b2ZzZUpuRCAcck
MfTZeHkUhONkI8WLooedSjMO/mavwO8wqotCdHnO2FDvYZhFeEoQYqtT5jCD5kJC
D0RA/mCN0HMntedYZb+1N8GTIFnNwqCZzh4+QD8Am/iKd3HqO1SgxAbEAAkxyK7O
pMo/pzQQW22+Th+yOLBeKRMOL6jdy3di/mId6XXq4DNn3kRsHFsRSVXaWfAabzxB
Lr4qGlv2cIOlxjWcaSI8ldeoazDKmA8vzeQzbK6fGu9QgAKh+i7443blPp8J5Ms6
6hz7NK/H39CRNK4B+WIMswHSokSn99SfiC+3sOGgHXXNlqlRwvp7r5OUQ1uP8wLm
D6g22sO1BzYZOVbocyeVyrLEBjpY3kzaQDR2h/Ts8Y3urH3crY5IB4ZEf7CT4XdI
Qu8cYJNM87ifrrKNC6ZyenVtmAGMjpu6yXAxyEb+qDQnBioCOdX5knYnsOpWHBWG
lBpdL5SSbXxH0UWlLbMiIdO9NhNKZ27OtjXp2rlxOJMVryYdWtgDp4phmvI1cgV5
Qo6cUxS4IG0nHFsEfOHO56xnQGyt5tKHTjg9xtDjgLz2gBknjK1KcUfdZ1PZshef
08Y0DeubeFAi95JwB8NcZYEf3P01JH4c55Z9fVfWzhb04mX1fdHz9O/XqCMymiIv
C39gqMk96mPGamaN2wVt2twbnUtoA83E3m1dxk94sKxmFugkvlN1w4XjPEw2Wwba
cQj3Or3E6CtWsAo/5wlQZypvVkknjfyFZRYWb4dGX0tCPdNLrkArkpABTi7XrgYC
MFw1FX/Q2axEYFYUAb3XjDULlqa6ot3HDfJLll2Tqt65dj7sf/655n/oMU6deV/d
VKJzHvTwRmYFQyMYYA4LB6pVuSAL7r4L0ObHolt+Lq7KQpShjZwzL9GGzsD8nA6B
YRczfnTJRp+KZ4Nxgm5vm/UDhvUmGavqhkCnAHfPEj6wgrMsc0vyujbOo50lXH87
YbscsJqDFsnB+Ym5K+bD8X6cgO66PC2qQIngDuHyPm57l/FdbdAFbWQaDiv8Yojo
PnU8LisFXOv0h4ESa83zSUw9YRhMFcPR5yh28iYlVDWJjd9VoXgOoR6YGwTkV/wy
4CkQVIFznftkZXaZYrsfU/GaR1LjGxwu9TlLzt8hAqbgvzbGXvUn0zF7HF2OrMoX
OTUr/ptuF8qzq2JMzBlCla7tp1cmBR8NFd1ZUQVat95OEG5U9aMvHjHIZGpw0gcx
3PavXizCvjgsl8aHSeTRPBxS1ajzXont/RjRO5SOVj1y8jzvd8suCWCjkB6XeJI7
1kZAz2STCxq7k2uwpYmFMcyu3RCISoyWFAvpNY298RtsvJexyj3iWiVNPRgEDfSy
mncxifB/TZKofpHe3+ZM6uEbiKE3eivIZVFRTC3p3qN+WTMrgzQinADQZTwzBnJz
/BzO3iejgI6URhx62F3OVJOaG16pYNJ+RT1gHFl/icozVOPXjSDgtjztDVKMhqd/
0oRCCCt5RBy5T6ufUpoJJ6rZsRRITthb+u7YhFZuuYcPCPcC1UF43SjXXitf00Av
ImlNi6F9FyQU8HZ8nMuOzcDv2E109g1nyisPnUTuBd5tPzVwHI5+ZdAWTYyGurDR
P+s+56COnfo68wcmPuEHSBqQjBD+8Tlkf0NS0g55uYiszULvWO74i0UEi0TXyd1b
sFXDbiUk7fIW5kWCzwaEgECTWAHNr52IpoF/5WEHCNaV2uDg7t5QLDMwVk3bJe2z
CODdkX5frI/HNkZwn7Ywq7uu+T2ADFSqRmjputFp/VjOuQICyJ0xL3vl51vn11FL
lj3hkBwxfHPZyugbwD9OkXInyr1du0h/aOoCauf2DX9IzAb48Xt0E0P0TiCUZJY0
WO3Ph1v2Ieg0Vg==
-----END ENCRYPTED PRIVATE KEY-----

1
ANW-URB/openvpn/anwaeltinnen/keys/crl.pem Symbolic link
View File

@ -0,0 +1 @@
../crl.pem

13
ANW-URB/openvpn/anwaeltinnen/keys/dh4096.pem Normal file
View File

@ -0,0 +1,13 @@
-----BEGIN DH PARAMETERS-----
MIICCAKCAgEAkb98/ZYPH87EHpUo6LatlbDgwe/tquFxg8EnrgAGaHrQMWDnSOvm
A1rXnnpql+avwnloGIqrQ+HjWMLq7KEBYc2W0KN37/qTQw0X7NPixQgDfaeainjQ
TpcAdjKcLCVeHd7J0aiKC/C1u1vRBCf14+wd0NZK7PXCRY8Ggft7hc0ya//riD+s
R4v1A1XXdMkns/YJMKzvvGEvV6IOlFuLUbbU6kYCUjVWDqsvNaRZpGuIiMis1e1l
PRtmIHGlhw/phKgK42ct5OIv2fjTkgg+u31ljptBBr6524HePx8ArifYySHIkk66
O6NeTQpX0VSqs4gpSgAQYAZS5M8DwMrMykmZml1PJkotevBP2YswNvTxwDRosaVu
1u0vJknjPyXnf+BvB9mbcZBVLqJ9YwdjxfVT5biIFVty7V5Oavxkn0zGdH+72eTT
t2FdyTx36Xwl/cRxeXENpVa4xsd7b1zxLLHP9gVHadrTsScplsiZcYZaxrMufuIp
r/I3W9FAgG8zxvnwNRPEjvqLEwuvgo0Ab3bQcl/Sz7Z36lo6TRS8y4V7uZdmdJ+w
92VxbVPFCb27veqrXooZJY5wVAkxdeG7NyS/MScC1JjpmqMK/fTcwfWzA0EH/k8Y
rEv324x/7ZK7gf9mNw21CcXHfBidZhyaU0imHQ5KhUOQS11xHQDqN4MCAQI=
-----END DH PARAMETERS-----

3
ANW-URB/openvpn/anwaeltinnen/keys/index.txt Normal file
View File

@ -0,0 +1,3 @@
V 380701115013Z 01 unknown /C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-ANW-URB-server/name=VPN ANW-URB/emailAddress=argus@oopen.de
V 380701121345Z 02 unknown /C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-ANW-URB-chris/name=VPN ANW-URB/emailAddress=argus@oopen.de
V 380701121817Z 03 unknown /C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-ANW-URB-undine/name=VPN ANW-URB/emailAddress=argus@oopen.de

1
ANW-URB/openvpn/anwaeltinnen/keys/index.txt.attr Normal file
View File

@ -0,0 +1 @@
unique_subject = yes

1
ANW-URB/openvpn/anwaeltinnen/keys/index.txt.attr.old Normal file
View File

@ -0,0 +1 @@
unique_subject = yes

2
ANW-URB/openvpn/anwaeltinnen/keys/index.txt.old Normal file
View File

@ -0,0 +1,2 @@
V 380701115013Z 01 unknown /C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-ANW-URB-server/name=VPN ANW-URB/emailAddress=argus@oopen.de
V 380701121345Z 02 unknown /C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-ANW-URB-chris/name=VPN ANW-URB/emailAddress=argus@oopen.de

1
ANW-URB/openvpn/anwaeltinnen/keys/serial Normal file
View File

@ -0,0 +1 @@
04

1
ANW-URB/openvpn/anwaeltinnen/keys/serial.old Normal file
View File

@ -0,0 +1 @@
03

142
ANW-URB/openvpn/anwaeltinnen/keys/server.crt Normal file
View File

@ -0,0 +1,142 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-ANW-URB/name=VPN ANW-URB/emailAddress=argus@oopen.de
Validity
Not Before: Jul 1 11:50:13 2018 GMT
Not After : Jul 1 11:50:13 2038 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-ANW-URB-server/name=VPN ANW-URB/emailAddress=argus@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:9a:fc:0b:94:9f:83:ea:2d:cc:b3:5a:74:89:c9:
b0:32:ce:38:07:f1:1f:47:04:a1:0c:b1:b9:c3:2f:
e8:31:a9:0b:df:ca:59:16:5f:13:40:c2:89:56:47:
90:b3:b8:d8:06:92:df:ae:05:70:d7:c1:95:57:9c:
2d:d6:2a:77:28:40:5b:80:45:4d:dc:79:02:18:14:
97:b7:83:26:b5:37:ab:85:b6:a1:4a:3e:87:9c:c4:
0e:ab:54:e2:99:f3:11:52:50:89:40:6f:79:e3:12:
40:5e:b6:ea:08:53:68:6a:21:7a:24:20:f9:89:c1:
e0:5b:9c:3f:16:80:f1:d6:d2:6e:e5:85:02:e6:79:
18:27:d2:26:f0:e3:30:94:0d:f9:72:d0:f8:c6:18:
d2:4d:a9:b8:64:ab:35:8b:1b:35:5e:0f:9c:2a:d4:
6e:23:34:fa:e2:35:e5:7e:fc:6c:2c:3a:d1:79:cf:
2c:a1:c5:da:a6:f9:ea:26:49:76:09:40:fd:0d:e2:
9b:89:47:ab:ce:5d:a5:a7:ec:d3:14:15:be:b9:e0:
67:25:7d:fa:0d:8a:f8:b0:02:92:2a:f6:80:f1:ac:
e3:d5:41:11:c2:53:e5:a5:8e:28:03:b7:76:ba:94:
28:53:52:fa:58:ad:ad:d2:3d:2d:b0:b2:94:8d:75:
42:a3:97:3b:e1:89:19:e0:f8:46:04:79:17:6b:59:
7c:fa:9a:0a:da:59:1b:a2:f5:bb:45:04:0f:f1:d5:
2e:7b:57:b9:ee:d5:5c:f1:88:75:12:d6:73:1e:6a:
dc:94:e0:0b:e6:0b:5a:1e:74:e8:65:1e:0a:10:ef:
b8:81:3a:58:3f:fe:19:af:1b:cd:93:98:70:f5:22:
ea:7a:d2:30:b1:0d:cb:76:44:14:9e:fa:19:1b:2a:
d3:67:1f:55:8a:39:c5:5d:d7:a4:67:3b:31:ee:19:
4e:d0:6c:7d:26:18:e4:14:a8:70:f8:a1:14:1d:e3:
7e:27:0d:ad:38:39:79:7a:73:94:fd:ae:c4:70:6e:
82:a1:f6:a0:b2:2d:54:cc:56:d4:76:5d:36:40:19:
32:ab:58:23:1e:0e:a5:b0:3f:87:7a:59:4a:f6:2d:
3c:0a:64:8b:a8:1e:54:12:3d:34:bf:33:6b:78:a7:
0c:38:dd:78:6f:e3:97:ad:bd:c9:89:69:50:3a:e9:
ff:2e:0e:93:5d:73:80:22:e1:33:e0:a6:9e:95:cc:
d6:a2:93:19:37:0f:40:95:c1:27:6d:1c:0d:5c:84:
7b:29:d0:ab:1d:63:fc:87:cf:74:01:df:b4:9f:82:
6b:2a:8e:1c:c0:9d:ff:c7:24:ee:fb:c3:a1:54:98:
8c:b6:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Server
Netscape Comment:
Easy-RSA Generated Server Certificate
X509v3 Subject Key Identifier:
6D:8B:55:0E:DB:C6:58:D5:DD:1B:1F:2F:BA:81:09:D0:C0:3C:36:AC
X509v3 Authority Key Identifier:
keyid:C5:F4:E5:28:DE:7F:E8:EC:9B:F3:20:26:22:52:51:23:28:74:5E:A4
DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-ANW-URB/name=VPN ANW-URB/emailAddress=argus@oopen.de
serial:DD:5F:A6:16:4B:9D:37:E9
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Subject Alternative Name:
DNS:server
Signature Algorithm: sha256WithRSAEncryption
75:3e:fb:6f:7e:2d:18:5f:3d:09:31:66:b2:75:25:cd:bd:72:
2f:61:17:87:4a:f9:d4:ac:15:f2:9f:75:0d:fd:90:0f:b4:d6:
aa:79:d8:6a:44:86:e2:ab:5e:3c:1b:22:79:52:a3:da:8c:41:
c5:17:b6:e3:07:78:04:06:1e:4b:d0:cf:96:50:4c:07:67:df:
5b:8f:77:e9:6b:7a:c4:8a:4f:d5:81:69:b5:01:d6:42:34:69:
be:d4:6d:40:39:62:6d:49:31:ff:b7:86:95:31:b1:95:52:ae:
98:c2:fa:9e:b4:1e:90:2e:8e:29:6e:e9:01:e7:83:56:4d:49:
3f:52:2e:b4:9b:a2:72:1b:1b:fd:19:a5:03:ca:01:d0:95:9f:
56:fd:4e:a0:d8:58:c3:b4:f7:1f:ba:79:21:ab:5b:a0:35:d8:
af:a7:2e:41:b7:ab:1b:e1:63:88:ed:fb:2b:f8:4f:49:b5:b2:
07:94:92:59:dd:db:c2:d6:53:fc:27:3f:0b:09:25:17:53:76:
ee:60:77:d7:b5:4e:46:41:f0:a3:cd:9c:71:16:b4:f2:c4:85:
20:43:e0:37:b2:8d:fb:ce:85:07:44:f8:0d:05:a5:5b:68:85:
31:7b:0e:1c:7e:03:f4:13:a1:2e:3f:1f:18:71:b4:36:7a:d6:
f3:ba:5b:32:67:aa:05:d2:00:fd:dc:4f:9e:83:cc:81:9b:e9:
ad:57:7e:b5:ec:53:63:7f:7e:59:e7:0c:98:14:e6:2b:2a:c1:
de:f7:3a:c3:14:8b:5f:3a:d3:07:6d:bb:61:09:53:b9:77:17:
30:c5:91:7a:c4:94:38:0a:27:c2:20:80:8c:03:b4:95:1e:e1:
81:7c:99:d8:dd:79:94:ae:84:2f:6f:35:6a:67:3d:fc:3a:c4:
d3:77:ca:85:5d:7a:be:12:e9:a7:c9:e7:bf:25:82:69:a0:06:
18:12:b0:e1:84:2b:94:b6:2a:48:0c:93:19:b5:cf:09:13:72:
ff:cc:9e:e4:b5:56:f7:b4:c8:93:6d:bd:0c:0c:1b:42:34:2c:
59:7a:21:c0:3c:cb:4f:4f:f3:0c:29:d0:56:05:1a:46:58:93:
0e:d3:40:e3:b1:9c:04:58:84:e0:cc:bd:0e:fa:99:15:09:b0:
c5:50:aa:1f:8a:70:fb:2d:ac:c6:b6:7b:00:4c:07:ab:b0:00:
0b:2e:2c:0e:e2:0c:99:cb:c1:9f:9c:a1:53:95:9c:d1:5e:31:
af:ee:79:b8:22:62:2c:c1:de:0c:f1:7f:6e:c3:c7:ad:76:c1:
0b:74:05:13:7b:1a:97:90:27:0a:e3:3f:ae:4a:c2:d4:04:30:
2c:bb:ac:fe:00:f7:e8:e1
-----BEGIN CERTIFICATE-----
MIIHXDCCBUSgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1BTlct
VVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
b29wZW4uZGUwHhcNMTgwNzAxMTE1MDEzWhcNMzgwNzAxMTE1MDEzWjCBrTELMAkG
A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGzAZBgNVBAMT
ElZQTi1BTlctVVJCLXNlcnZlcjEUMBIGA1UEKRMLVlBOIEFOVy1VUkIxHTAbBgkq
hkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
MIICCgKCAgEAmvwLlJ+D6i3Ms1p0icmwMs44B/EfRwShDLG5wy/oMakL38pZFl8T
QMKJVkeQs7jYBpLfrgVw18GVV5wt1ip3KEBbgEVN3HkCGBSXt4MmtTerhbahSj6H
nMQOq1TimfMRUlCJQG954xJAXrbqCFNoaiF6JCD5icHgW5w/FoDx1tJu5YUC5nkY
J9Im8OMwlA35ctD4xhjSTam4ZKs1ixs1Xg+cKtRuIzT64jXlfvxsLDrRec8socXa
pvnqJkl2CUD9DeKbiUerzl2lp+zTFBW+ueBnJX36DYr4sAKSKvaA8azj1UERwlPl
pY4oA7d2upQoU1L6WK2t0j0tsLKUjXVCo5c74YkZ4PhGBHkXa1l8+poK2lkbovW7
RQQP8dUue1e57tVc8Yh1EtZzHmrclOAL5gtaHnToZR4KEO+4gTpYP/4ZrxvNk5hw
9SLqetIwsQ3LdkQUnvoZGyrTZx9VijnFXdekZzsx7hlO0Gx9JhjkFKhw+KEUHeN+
Jw2tODl5enOU/a7EcG6Cofagsi1UzFbUdl02QBkyq1gjHg6lsD+HellK9i08CmSL
qB5UEj00vzNreKcMON14b+OXrb3JiWlQOun/Lg6TXXOAIuEz4KaelczWopMZNw9A
lcEnbRwNXIR7KdCrHWP8h890Ad+0n4JrKo4cwJ3/xyTu+8OhVJiMtj8CAwEAAaOC
AYowggGGMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMDQGCWCGSAGG+EIB
DQQnFiVFYXN5LVJTQSBHZW5lcmF0ZWQgU2VydmVyIENlcnRpZmljYXRlMB0GA1Ud
DgQWBBRti1UO28ZY1d0bHy+6gQnQwDw2rDCB2wYDVR0jBIHTMIHQgBTF9OUo3n/o
7JvzICYiUlEjKHRepKGBrKSBqTCBpjELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJl
cmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsT
EE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1BTlctVVJCMRQwEgYDVQQp
EwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDd
X6YWS5036TATBgNVHSUEDDAKBggrBgEFBQcDATALBgNVHQ8EBAMCBaAwEQYDVR0R
BAowCIIGc2VydmVyMA0GCSqGSIb3DQEBCwUAA4ICAQB1Pvtvfi0YXz0JMWaydSXN
vXIvYReHSvnUrBXyn3UN/ZAPtNaqedhqRIbiq148GyJ5UqPajEHFF7bjB3gEBh5L
0M+WUEwHZ99bj3fpa3rEik/VgWm1AdZCNGm+1G1AOWJtSTH/t4aVMbGVUq6Ywvqe
tB6QLo4pbukB54NWTUk/Ui60m6JyGxv9GaUDygHQlZ9W/U6g2FjDtPcfunkhq1ug
Ndivpy5Bt6sb4WOI7fsr+E9JtbIHlJJZ3dvC1lP8Jz8LCSUXU3buYHfXtU5GQfCj
zZxxFrTyxIUgQ+A3so37zoUHRPgNBaVbaIUxew4cfgP0E6EuPx8YcbQ2etbzulsy
Z6oF0gD93E+eg8yBm+mtV3617FNjf35Z5wyYFOYrKsHe9zrDFItfOtMHbbthCVO5
dxcwxZF6xJQ4CifCIICMA7SVHuGBfJnY3XmUroQvbzVqZz38OsTTd8qFXXq+Eumn
yee/JYJpoAYYErDhhCuUtipIDJMZtc8JE3L/zJ7ktVb3tMiTbb0MDBtCNCxZeiHA
PMtPT/MMKdBWBRpGWJMO00DjsZwEWITgzL0O+pkVCbDFUKofinD7LazGtnsATAer
sAALLiwO4gyZy8GfnKFTlZzRXjGv7nm4ImIswd4M8X9uw8etdsELdAUTexqXkCcK
4z+uSsLUBDAsu6z+APfo4Q==
-----END CERTIFICATE-----

29
ANW-URB/openvpn/anwaeltinnen/keys/server.csr Normal file
View File

@ -0,0 +1,29 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIE8zCCAtsCAQAwga0xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3Jr
IFNlcnZpY2VzMRswGQYDVQQDExJWUE4tQU5XLVVSQi1zZXJ2ZXIxFDASBgNVBCkT
C1ZQTiBBTlctVVJCMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCCAiIw
DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJr8C5Sfg+otzLNadInJsDLOOAfx
H0cEoQyxucMv6DGpC9/KWRZfE0DCiVZHkLO42AaS364FcNfBlVecLdYqdyhAW4BF
Tdx5AhgUl7eDJrU3q4W2oUo+h5zEDqtU4pnzEVJQiUBveeMSQF626ghTaGoheiQg
+YnB4FucPxaA8dbSbuWFAuZ5GCfSJvDjMJQN+XLQ+MYY0k2puGSrNYsbNV4PnCrU
biM0+uI15X78bCw60XnPLKHF2qb56iZJdglA/Q3im4lHq85dpafs0xQVvrngZyV9
+g2K+LACkir2gPGs49VBEcJT5aWOKAO3drqUKFNS+litrdI9LbCylI11QqOXO+GJ
GeD4RgR5F2tZfPqaCtpZG6L1u0UED/HVLntXue7VXPGIdRLWcx5q3JTgC+YLWh50
6GUeChDvuIE6WD/+Ga8bzZOYcPUi6nrSMLENy3ZEFJ76GRsq02cfVYo5xV3XpGc7
Me4ZTtBsfSYY5BSocPihFB3jficNrTg5eXpzlP2uxHBugqH2oLItVMxW1HZdNkAZ
MqtYIx4OpbA/h3pZSvYtPApki6geVBI9NL8za3inDDjdeG/jl629yYlpUDrp/y4O
k11zgCLhM+CmnpXM1qKTGTcPQJXBJ20cDVyEeynQqx1j/IfPdAHftJ+CayqOHMCd
/8ck7vvDoVSYjLY/AgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAgEAhAQde2HMtUL6
wObBMV3qUouJseC4mwlVyR0mMNqc5EPcs3otg6bpQ/buCZQ2gADXgfplU32/hbjx
V3aTT74s2sFYI2dRUDIR9h8BZlTbqn52WmW2IA6RgAyllyamdX/dEplyHqymRtOD
77+ZGRki3EHSBFX1JTLofFqWF452/60GTRuTmga0MH3yJDv6LWdUjUAA0sBOYTKA
Iohd+a47VV02Vd73EF4r77AW8ASDhrRSMHhKdq+o2ebulbZRl6qGPtVomcq0TQWw
rR5Ce47ckgv2SAXZ+KkYQpIVU3ThIzeSe0QgDxoHB5e0F6mjoOQkVZ0MKIhbzTfm
7IgdDXt3Mn0hHQcP7QWhZB+DSAyjDD1/CRnHhgcWQW5i3/fPjlhCP4BLeCLLJUfP
SJ84omiFuNUHZfZdcIagj9tKaA80DpKTBDtl8WT0olNk++c+Gd24JBucrxznMK1h
xNBHJElHMBwRCiZPm2Ify+OU658PXwg/LRW5Q/vlSGtESKWGhPSn/PA9t3BN2ag5
NzLaclmpjUOQk2qhy3fNjrW28MGl3fyeYrm04p3pGYyvOenQV5q57MfR8OiNxUpg
6zdh0Or2T6fMOvwJFsJWZBCYOoTmMhjgHu4Bw0aIfkI4o4xEz6qvoUugAhvNx9g7
UQd+f3P3C7My1z7h/axibCIBpjhlmaA=
-----END CERTIFICATE REQUEST-----

52
ANW-URB/openvpn/anwaeltinnen/keys/server.key Normal file
View File

@ -0,0 +1,52 @@
-----BEGIN PRIVATE KEY-----
MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQCa/AuUn4PqLcyz
WnSJybAyzjgH8R9HBKEMsbnDL+gxqQvfylkWXxNAwolWR5CzuNgGkt+uBXDXwZVX
nC3WKncoQFuARU3ceQIYFJe3gya1N6uFtqFKPoecxA6rVOKZ8xFSUIlAb3njEkBe
tuoIU2hqIXokIPmJweBbnD8WgPHW0m7lhQLmeRgn0ibw4zCUDfly0PjGGNJNqbhk
qzWLGzVeD5wq1G4jNPriNeV+/GwsOtF5zyyhxdqm+eomSXYJQP0N4puJR6vOXaWn
7NMUFb654GclffoNiviwApIq9oDxrOPVQRHCU+WljigDt3a6lChTUvpYra3SPS2w
spSNdUKjlzvhiRng+EYEeRdrWXz6mgraWRui9btFBA/x1S57V7nu1VzxiHUS1nMe
atyU4AvmC1oedOhlHgoQ77iBOlg//hmvG82TmHD1Iup60jCxDct2RBSe+hkbKtNn
H1WKOcVd16RnOzHuGU7QbH0mGOQUqHD4oRQd434nDa04OXl6c5T9rsRwboKh9qCy
LVTMVtR2XTZAGTKrWCMeDqWwP4d6WUr2LTwKZIuoHlQSPTS/M2t4pww43Xhv45et
vcmJaVA66f8uDpNdc4Ai4TPgpp6VzNaikxk3D0CVwSdtHA1chHsp0KsdY/yHz3QB
37SfgmsqjhzAnf/HJO77w6FUmIy2PwIDAQABAoICACxZp+613wfqZ0ODxQmQ/6zq
Ojp7k5m9B2Eckq36TZW4bD90Jh4yws2rXaWlARGM+bSX3w5rXClBqjzR4oQAzuxj
zktcibVno2PEsM3A6Bi/f4PaCTm3vxLrP89jkRzA49oMVdpsjBKgrG7uJPaQ97Y3
Mj6YeRAkvNE6WwtThuEUgsuHTpcpW/I5Pw970/DqNtHWXvpBLB0xTiTwoXfXJ2Rt
TyEqfQHyLUECb1PxY/scMcmLsZfxiGpz5b9jEjX/tOp+SEf2jIGXZsoxCQ4cUuHa
B2pBLIcnl5a2haFpvOhrsx7Zaf2UCIlhrq2xmHY343pEqoMp4C3jd+mykLQSNCku
E9d0r+I8xTWR1Msrep7CfG1RDguC4IhqfNrRb0G3w0cKZOs+D3Dj+DUsFTr814Kb
LqVB83rN6y+f5spQph8HmKCs9m3xKOvbcugIceO2meWGs8nvbL0PdyYdCMursqj8
/nCZJVWUB5+Sweoo4JhmSF2sMSeQrsEdewF9wQuAEJT79j9SO2ub2MoF0XTrj7XY
1UsFmVJD2SqGrnwLwdz3owGNc1MM56873ApjGdHPDxCLHVJD2+Hc9zYtDw2D5DWW
uHd2ofojOB4B01XvtwmdlseKRn10liTdBs/pfuQmhxtGmlgH7kBHD2pFxe53RRrH
T7ytXCLNTVkDS3YChk/xAoIBAQDN2yt3lRaC8XDDeACArTfCl5NaejjmDE+HHZkU
J34mTN2x3q8Fe0vkxEonskJe3zvs52cYGRridYaqTkfzjagUF7J8jfQYsp7BbuKn
ZtVrVhETl3NAXgZGcM9zzf55QbgeuKMtG3LxyQMOMeXx9A5gXblDuBYcPJn2es5F
7xPA+4dccxHMsSIAZVoQ+HwSxZYDDWO8Qfnnv/ZLOD1RtEZCqauqlxGMMz1lSqCq
XfHwhRy1/G1MQ2+hVMHTMQUo47qLAC+GbA5k9pZyQtRbSGRCWV0gA9BkbTQK6dVx
XIQXTxEm3C3tuB5O83rYY8y7cZBEoHRMGpgxPiUKgvVErR1bAoIBAQDAvJy53V6V
cZfYUS/Rm2UTTgqqt2k6ynXltb+QpjEa+J4t5TdcCQ14Xst3r8gPn5vNyMoxJUb9
/Vqyv8gYSsZ3RFn4H/8Ou8jZIcgdxF5KLEgpEo1kMCQYjd67TAU76NebD8f99DVo
z1QsuPzKRKrB05Ui5ahBQlh6iwTmicGRJ6FzD+J9Fq6u/5yZrbbuMDgB/Vhg6+PZ
Aw0erjJU+AW9B29AQ5xDyp1KSYrrpVj5nMnvLgaTVaEalCA/mARxirQJ9ARN+6vq
/PW0yT8kM4fUlBRSKIroefqboG+cuqa4NIH3dQZrEe4VkaB76jI7XUcDiKNlBaRT
bssxgkaQ4uvtAoIBADR2TKeXKTuJyJEoPgiNHI7NDlKan3GRZZsrod2PCwk7wawY
8kXVXEwa8kMXnO6MubrwZkev7jgUd5Nji9a4HUOxnl072B+LNgZZ+g1rmaxXLNbv
XAHldHfzPAtpThcc9o1txLg0LKEN92dgtBdreVZ5zEND4O6lSx+TwIn2GfSupZqc
AMdHxUCQk9mLWiN2k3qHqQlLTyMOuvgEhywRY26NyyAYi/JNBLKRyExi0MvZQK3o
fPpYnVRiQ1tNPOFk2B+glnwNgcWdSk4oVfJFireWCrOkBTHy2raFTU4so8VE8zwS
FOpmZ+L7Di2jkYObt4al1b2ncW3rRoldQqCT9c0CggEAR7RkIooHLFYshd/+iF7l
xb7dHRJLZgH4xtNNR8Vss3oXbz+9ztHXXxb1X7vYFGfvESpIfuw9czUUzzeme9Ml
7y1Qw40z2Qln+dAloV1zLuk2l4E9dS6r3y641Lm9oMJJpHjEkOiQDkRELrdL5PyT
ArVy4J7McCr8u+qIkjRh/VzfJe2c96i+qICUhGAqlIb/702P2c8o343RDb8FHrN/
fwoLC7+bnWT+C6s8sdq8NXFtdzyKWboby8WcEcy+qndN7/4Gs/STy0L9LptIkHFT
cXT98mr+8uqen9OacpbGe/Wc/LFfB+qNxxx8tl00/vz+9IObNnRY5Glt0yeClVi3
KQKCAQAaAfcMO79R5UKLFMPvHjlYJxQ/2NvIAkS6v9Skd0j1HU2Cw8PQBE8PsRLn
QrkKFIPZm/nqZpHz5d/HFgxfuP0XOhJEsTNZFyjySQIpIWp++r6pzOkJWp7OeXsw
Nu7vHLc4y/Esjh/wZ7qdzHakNoOpMyG0NsE3HYGWGDcITndfPiQrPIO/jk9TtEh4
WdzR0nybx9fx5piKkr6A2DnRonMvROn+v9Qn6hIDwXRNffJ1Ouu1PlO36hlJvb/4
kDvtsLsDCb5uoX1cZ5sKNDKpakzOMwU53qBsHK5zgJn1iXKokLbnmP36cpMj0a5o
ZD9M+HEJBhESvgoDaP6Xr7lSxwKd
-----END PRIVATE KEY-----

21
ANW-URB/openvpn/anwaeltinnen/keys/ta.key Normal file
View File

@ -0,0 +1,21 @@
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
b5fff06e622a9b746f5f7496e4995abb
cdb1504b21d4f6937f4f455358831fa9
d9e6c2ff64229b53be1f5ee86865cd9b
6076ee9a55c4ec534d52ee6715b4bdee
993eab28f394fbb3843b6c4e4e2c71a8
75b2bf33e58457ad6d8e35c6adeafe13
ffc25ce4c6b7883311f40e6040e3a89d
7442612f008190286768cad399da95c7
1ada651b830a9ce00ed0c7397eb8d25e
efdac1ea41e70ab1c466d8e2a7d5ea61
6dc519f0561ffe874dd731da4de6b5e0
16d445c20133139d775e8eb4287a8a15
9f01cf7d7fa91ad6ec7c5fb876ccd181
0c100ac5dfd28f9bfe2fcc02c84f9d95
5c94571f02a6b9032f8f7fff07c29c9c
4cfbf4bcb2dd45e9659506e1b5c5b745
-----END OpenVPN Static key V1-----

139
ANW-URB/openvpn/anwaeltinnen/keys/undine.crt Normal file
View File

@ -0,0 +1,139 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3 (0x3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-ANW-URB/name=VPN ANW-URB/emailAddress=argus@oopen.de
Validity
Not Before: Jul 1 12:18:17 2018 GMT
Not After : Jul 1 12:18:17 2038 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-ANW-URB-undine/name=VPN ANW-URB/emailAddress=argus@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:d7:e8:b3:67:8c:3f:70:c2:88:4e:cb:11:6c:c3:
35:77:f3:ce:5b:71:ef:64:df:4c:fe:d6:2e:25:7d:
52:d1:f5:0f:17:73:4b:f6:ef:d6:65:e7:a1:d8:7e:
43:36:fd:f6:06:74:db:14:52:4f:d6:4c:be:c0:f0:
6d:bc:38:b1:0e:f3:a4:49:83:d3:50:a7:69:d2:5c:
2c:16:db:ad:cc:c7:f3:9c:d5:90:91:c7:ad:69:db:
3e:2e:bb:9a:82:67:7f:4d:f4:c9:88:08:a0:42:8a:
3d:4b:b0:a9:88:cc:02:b6:0e:24:0c:6a:64:a5:b4:
d9:c7:bd:03:10:a5:3a:fd:17:e1:32:82:f1:fb:cc:
67:4b:48:5b:41:af:01:b5:58:fb:31:22:15:84:2f:
e4:5b:05:7a:f9:1b:8d:d9:73:18:ed:2d:41:07:1d:
12:d4:14:25:92:9b:8f:48:39:0c:4c:43:54:aa:20:
da:f5:36:4a:d7:ce:a4:5a:68:03:f2:a8:f6:ad:70:
f1:34:03:ec:36:74:e9:76:2f:56:d7:37:02:a1:00:
3b:90:69:3d:a6:09:1c:95:ed:a3:a3:02:04:fb:8c:
e7:b3:db:9f:ff:a8:10:8c:a1:f0:29:54:fd:3d:35:
21:4d:85:c2:41:cb:e8:07:d2:ce:d2:59:f8:0b:77:
a1:f9:47:7c:37:bd:04:a4:be:2a:97:2b:c9:e0:12:
79:7c:89:be:84:f0:ab:43:b2:f0:c3:57:a4:b9:6e:
ae:85:7f:3d:41:20:82:d0:d5:d6:b1:27:07:86:28:
a6:1f:d8:31:c3:59:46:1d:c2:5e:93:ad:1d:2f:bb:
2e:11:a2:bb:59:45:75:b9:b7:df:0a:21:d2:f4:82:
8a:77:6d:17:9a:98:d7:89:0a:69:c7:f6:2b:ec:c9:
d5:c9:33:18:bf:38:58:b4:f8:c6:00:57:65:6f:f0:
a1:e5:35:bc:f0:10:81:bd:73:4c:78:48:3f:71:eb:
96:62:e3:03:44:a2:19:41:7e:90:fc:b2:a0:72:b8:
28:6a:83:66:bb:48:75:d8:56:d1:f3:c7:01:a2:b7:
55:e6:b9:76:a9:3d:6a:bd:ec:d3:2c:e0:bd:cf:07:
de:02:6d:f2:3c:41:60:21:f2:2d:b4:85:5b:11:a2:
cb:72:b4:c1:80:3b:46:f0:81:92:c4:42:6f:0b:85:
c4:e6:57:82:fa:ac:0a:8d:de:0e:e5:ae:17:e4:f6:
d4:60:68:b4:59:b4:ad:8d:00:d2:34:80:7d:aa:33:
96:53:bf:fb:54:42:2b:50:63:af:b2:e2:f8:ba:7a:
12:18:b9:d5:81:4b:67:b6:d2:c4:dc:8a:9c:ee:1e:
e6:3c:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
DB:7A:22:8D:C1:62:E0:D2:E4:FE:5F:7D:E0:4E:B5:39:DB:9F:98:E9
X509v3 Authority Key Identifier:
keyid:C5:F4:E5:28:DE:7F:E8:EC:9B:F3:20:26:22:52:51:23:28:74:5E:A4
DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-ANW-URB/name=VPN ANW-URB/emailAddress=argus@oopen.de
serial:DD:5F:A6:16:4B:9D:37:E9
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:undine
Signature Algorithm: sha256WithRSAEncryption
38:9f:46:d6:9f:8d:19:bd:a6:76:49:58:da:96:bf:32:61:ec:
1c:06:2d:c0:56:15:38:c4:f9:1e:c7:16:ca:68:a7:5f:c1:8b:
86:7b:9c:03:e6:47:2c:b6:ac:9e:0c:87:50:b9:f4:4d:9b:74:
1c:bc:d3:6d:c9:94:d9:2c:2a:17:36:0b:39:77:c1:6d:3d:25:
22:fa:cf:2e:b1:30:11:a1:6a:6a:25:af:b8:31:13:f9:32:c1:
51:48:97:ac:8c:2e:8d:44:a5:16:ff:5b:a9:df:ae:fe:5e:0b:
8a:6f:89:b7:3e:7f:cb:ae:5a:98:1c:e5:00:72:d6:ff:15:c5:
7d:3a:bc:ca:b1:e4:0f:f3:1b:f1:b8:22:c9:db:3b:13:fd:75:
3f:03:84:83:a2:65:4f:e6:7b:ba:2f:26:e1:b2:7e:69:55:90:
e2:66:2a:12:1c:05:42:58:29:bb:e3:e0:1c:6e:3e:9a:bc:39:
3f:d6:fd:e7:55:fb:7f:67:de:99:4d:26:43:39:39:24:b5:da:
14:e9:c0:df:1c:7b:93:55:07:14:d4:db:de:ef:90:59:79:95:
c5:07:72:d4:ca:23:5a:dd:6e:9e:6b:47:4f:01:20:69:d2:fa:
76:af:83:47:3a:32:ed:00:04:e9:ea:cd:55:7a:4e:c6:5f:b4:
11:aa:49:c9:d5:b3:db:7d:8e:9b:e6:1f:ad:6b:c1:4b:47:08:
3a:55:6e:74:a9:42:8b:f1:02:1c:96:c2:c6:73:d7:45:85:40:
46:08:05:bc:9b:19:14:2e:8d:29:0c:b2:24:a2:ca:62:12:58:
6d:7e:1f:b8:fe:c2:5c:27:b7:cb:46:a9:07:c6:c0:ef:7a:e9:
59:c0:c8:e0:08:2b:f5:59:dd:b5:88:df:e1:52:d6:bd:05:d5:
d4:f0:5c:2d:8d:1d:f7:44:1d:8f:7a:d8:ea:72:b1:48:10:d8:
63:1a:b2:55:18:18:c2:0f:da:2c:35:36:cc:70:cb:7e:31:67:
a5:d2:6a:e0:85:72:e0:14:2b:50:fa:52:85:58:7c:e0:c2:31:
b7:a7:df:25:8b:55:4f:b6:48:f2:66:66:0d:11:50:d8:4d:86:
00:e0:ec:3e:ec:39:0f:16:70:76:c2:86:69:e8:34:26:ba:d5:
fc:af:6b:fa:e1:e1:29:61:11:ab:9f:e1:e1:0e:dc:ef:58:31:
58:00:5b:93:53:bf:b1:60:d0:b0:3d:53:e8:be:fd:8b:50:f5:
61:dc:99:4f:17:6a:5d:32:62:0c:ab:22:77:94:ad:f6:4c:51:
a0:03:d7:03:fe:ce:85:bf:eb:0c:24:5c:1d:1f:28:10:9f:bc:
13:86:b4:c4:9d:12:54:2c
-----BEGIN CERTIFICATE-----
MIIHQjCCBSqgAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1BTlct
VVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
b29wZW4uZGUwHhcNMTgwNzAxMTIxODE3WhcNMzgwNzAxMTIxODE3WjCBrTELMAkG
A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGzAZBgNVBAMT
ElZQTi1BTlctVVJCLXVuZGluZTEUMBIGA1UEKRMLVlBOIEFOVy1VUkIxHTAbBgkq
hkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
MIICCgKCAgEA1+izZ4w/cMKITssRbMM1d/POW3HvZN9M/tYuJX1S0fUPF3NL9u/W
Zeeh2H5DNv32BnTbFFJP1ky+wPBtvDixDvOkSYPTUKdp0lwsFtutzMfznNWQkcet
ads+Lruagmd/TfTJiAigQoo9S7CpiMwCtg4kDGpkpbTZx70DEKU6/RfhMoLx+8xn
S0hbQa8BtVj7MSIVhC/kWwV6+RuN2XMY7S1BBx0S1BQlkpuPSDkMTENUqiDa9TZK
186kWmgD8qj2rXDxNAPsNnTpdi9W1zcCoQA7kGk9pgkcle2jowIE+4zns9uf/6gQ
jKHwKVT9PTUhTYXCQcvoB9LO0ln4C3eh+Ud8N70EpL4qlyvJ4BJ5fIm+hPCrQ7Lw
w1ekuW6uhX89QSCC0NXWsScHhiimH9gxw1lGHcJek60dL7suEaK7WUV1ubffCiHS
9IKKd20XmpjXiQppx/Yr7MnVyTMYvzhYtPjGAFdlb/Ch5TW88BCBvXNMeEg/ceuW
YuMDRKIZQX6Q/LKgcrgoaoNmu0h12FbR88cBordV5rl2qT1qvezTLOC9zwfeAm3y
PEFgIfIttIVbEaLLcrTBgDtG8IGSxEJvC4XE5leC+qwKjd4O5a4X5PbUYGi0WbSt
jQDSNIB9qjOWU7/7VEIrUGOvsuL4unoSGLnVgUtnttLE3Iqc7h7mPFsCAwEAAaOC
AXAwggFsMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVy
YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU23oijcFi4NLk/l994E61OdufmOkw
gdsGA1UdIwSB0zCB0IAUxfTlKN5/6Oyb8yAmIlJRIyh0XqShgaykgakwgaYxCzAJ
BgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0G
A1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRQwEgYDVQQD
EwtWUE4tQU5XLVVSQjEUMBIGA1UEKRMLVlBOIEFOVy1VUkIxHTAbBgkqhkiG9w0B
CQEWDmFyZ3VzQG9vcGVuLmRlggkA3V+mFkudN+kwEwYDVR0lBAwwCgYIKwYBBQUH
AwIwCwYDVR0PBAQDAgeAMBEGA1UdEQQKMAiCBnVuZGluZTANBgkqhkiG9w0BAQsF
AAOCAgEAOJ9G1p+NGb2mdklY2pa/MmHsHAYtwFYVOMT5HscWyminX8GLhnucA+ZH
LLasngyHULn0TZt0HLzTbcmU2SwqFzYLOXfBbT0lIvrPLrEwEaFqaiWvuDET+TLB
UUiXrIwujUSlFv9bqd+u/l4Lim+Jtz5/y65amBzlAHLW/xXFfTq8yrHkD/Mb8bgi
yds7E/11PwOEg6JlT+Z7ui8m4bJ+aVWQ4mYqEhwFQlgpu+PgHG4+mrw5P9b951X7
f2femU0mQzk5JLXaFOnA3xx7k1UHFNTb3u+QWXmVxQdy1MojWt1unmtHTwEgadL6
dq+DRzoy7QAE6erNVXpOxl+0EapJydWz232Om+YfrWvBS0cIOlVudKlCi/ECHJbC
xnPXRYVARggFvJsZFC6NKQyyJKLKYhJYbX4fuP7CXCe3y0apB8bA73rpWcDI4Agr
9VndtYjf4VLWvQXV1PBcLY0d90Qdj3rY6nKxSBDYYxqyVRgYwg/aLDU2zHDLfjFn
pdJq4IVy4BQrUPpShVh84MIxt6ffJYtVT7ZI8mZmDRFQ2E2GAODsPuw5DxZwdsKG
aeg0JrrV/K9r+uHhKWERq5/h4Q7c71gxWABbk1O/sWDQsD1T6L79i1D1YdyZTxdq
XTJiDKsid5St9kxRoAPXA/7Ohb/rDCRcHR8oEJ+8E4a0xJ0SVCw=
-----END CERTIFICATE-----

29
ANW-URB/openvpn/anwaeltinnen/keys/undine.csr Normal file
View File

@ -0,0 +1,29 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIE8zCCAtsCAQAwga0xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3Jr
IFNlcnZpY2VzMRswGQYDVQQDExJWUE4tQU5XLVVSQi11bmRpbmUxFDASBgNVBCkT
C1ZQTiBBTlctVVJCMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCCAiIw
DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANfos2eMP3DCiE7LEWzDNXfzzltx
72TfTP7WLiV9UtH1DxdzS/bv1mXnodh+Qzb99gZ02xRST9ZMvsDwbbw4sQ7zpEmD
01CnadJcLBbbrczH85zVkJHHrWnbPi67moJnf030yYgIoEKKPUuwqYjMArYOJAxq
ZKW02ce9AxClOv0X4TKC8fvMZ0tIW0GvAbVY+zEiFYQv5FsFevkbjdlzGO0tQQcd
EtQUJZKbj0g5DExDVKog2vU2StfOpFpoA/Ko9q1w8TQD7DZ06XYvVtc3AqEAO5Bp
PaYJHJXto6MCBPuM57Pbn/+oEIyh8ClU/T01IU2FwkHL6AfSztJZ+At3oflHfDe9
BKS+KpcryeASeXyJvoTwq0Oy8MNXpLluroV/PUEggtDV1rEnB4Yoph/YMcNZRh3C
XpOtHS+7LhGiu1lFdbm33woh0vSCindtF5qY14kKacf2K+zJ1ckzGL84WLT4xgBX
ZW/woeU1vPAQgb1zTHhIP3HrlmLjA0SiGUF+kPyyoHK4KGqDZrtIddhW0fPHAaK3
Vea5dqk9ar3s0yzgvc8H3gJt8jxBYCHyLbSFWxGiy3K0wYA7RvCBksRCbwuFxOZX
gvqsCo3eDuWuF+T21GBotFm0rY0A0jSAfaozllO/+1RCK1Bjr7Li+Lp6Ehi51YFL
Z7bSxNyKnO4e5jxbAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAgEAJ0Hktze0RTOc
DKWmnmFGL3LCwymcob8TsW6e33vr5zEIBt3VooOvNeFMuwfL6JIISlVilzSnH1K/
wxBNv6PGiGhNiUSIE8w+XlwtTSAhe4lkENbR6GnHi2N6sh2f33mBL1XbpX149OQt
xLr6Ywdq9kvj72KqYoOUm5HiWM4Rw2nhlJFthtWIoWQlPSyNM4XXsexP30c/dOGZ
pNWgNLKnbDO9FZ3LEDVvWg90fYqXGuHcNix9JtwyeW5haWE2PNRkVa11jzG4kU/F
Q26F1XT6yixMikwSq1sLaNIgwx4ULG3a3dCpUW0j19UhLjTu3bJ5xwGg0b0k87t3
TvlVMRPlRTHrgbAMCPxjVhWIa4ydTGytHYJUx4cfLsoWy5VHmJpSDl+/YbDJ2Xu0
As9/wCunCpXRMrtEpk7UJ+vy+8bh530oV72c5jdPs5eeXJVrLi+HfSA+por07vYX
32CHUsXTK167blmgsRHyU+plraq/iftfpZ+rxUfmCnPqzHXu9oApPLWM/ccXnttu
tEz80YCN6Dww+WD+08xC9Fal+cy4o4uKUKCv5Gqv+mJDrd89mfloYJgptnqIDVRL
K3nx3wMVLNgGeh9pLBD29yXxAswoFB2gdBAgykK7PMeM5u3ONFO8DEQxoWdY5S19
akU4JQm/ZAORROntImddUr32iXGUMAc=
-----END CERTIFICATE REQUEST-----

54
ANW-URB/openvpn/anwaeltinnen/keys/undine.key Normal file
View File

@ -0,0 +1,54 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIJjjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIBY2tP0fElaECAggA
MBQGCCqGSIb3DQMHBAh7JbT/FCqcYQSCCUgqNTx9aaElX8D0drs3YD6CNzNIyCKj
SvKpLe4PVMdtBJIwPG6SLdsI+rXyo0l27MJSnb0/6LOySVxXKHzherGq5PcaJym3
DU9cRA89zIM4wK3mTaGps8CWS7uaG1nRxKlvBD+5JA4HNMpQ9ALvUEnyjD1xpZXo
eJCirMUPL5SswUYmagIzAfVvqPNNEYlA0ljL3phtA9dR2S/E/YmuUPFc1raV/wG8
eRUC9oZy9zZUjNm9LT5F5cM7C0rwhUbcFviIi/EFaZEYqkR23iwDl7BhM3ULBLED
0qLGIHDFPnkF3rXiuvLEykr+bMUdzxiq3Yqz9kEG3RTBdjtKXplg1fJSqD2dbUiA
bSI9BU0o9+J0TdtpofDr+LAjWENsUJQ98EtdSNweaINt0q4CLiJ1ckQ61/Oz2IN7
hkE0e4eVWMb28vyVo17QhwRPxpe6SwFlfqM7i+G5nUqhzHpEYvAh4IO9aPWW9NCo
W/miI/7z5pM/+gvhfOco1JCaebpn6HdXlPhM/osuyffGE7XDnIKzSm8ucA8VmmIh
g7G9J6N1N54uqXwTBFZ1FMuHhtHNVN2yLOrwmlQeUItMREUgXHdoAfKqA4OC500Q
tCfR9cFEzyfRGgs56THpIv1YxsshNW7tfVQhOuQNBulrPJBceAq5JtfyVlV+EWo+
iaQ+l2WQhAV1VtLqq2tRrTX5949Tsj+sW9DsZ4LNGNlAOPh8x3WeJNCaCFIX6lcj
ltECknZEdzYPAxQAOvnNsCMI23Ak4Si+SkxWearZ1NXepLxqYQH2bmhIeayjjfBz
66uElG2WmhfQ2vxAVWh52paVDHAFDV92UG2H68dLaIDzJasvRZ1Lihx9ncDgx4uN
v7yGnXzq0rdWfiidYJS8AMpB46Pyh8/HWolW21vyzsr+OaxAaOOllcf5x8JtBcpi
2MKCUXq/AfgCYv8PSUdam4amFhBxR2C27PnFUxyrBTqgWsJtXffOBoN/okvwEDr2
cJb7Urk78VZP+QsgzwMsRsMJw0wRh4wFxFMAp+iNuSH1IWoKte04fMLrAX/J34pJ
0xUpyngX/Wbp2lkffhQwtM+hagLMV233sYmOAo0hHH9LhL/RFAQw1Ls/X+Y3caSU
oD4KSBReQG60xYX2S0DaK2WSvN1mPJYraxuWwmnLsX5mhk4Uk8n1ObOvx7paTQI1
KlC3lQU+e8bAhnbYFjIHvNbLdWtYsF7vQqRwTnX4ePm34PHjq9ZWHkY7RS21DQ6b
Wg2SMzHrsbnnL1YdcIXgkw74dfDBM3n2lZPmdnKPeDZYxHbrm50ZuBEr0FH3+rfb
OJEx/mIUg/Pul2ikFAsFJ22kqtmhZLn2iy6V2ECJKfdlrXwYTC8GtyEcSHRyCihg
8rpuMJrPmP0RltAEHrahOHtVkoOgUnGgPU7NXFHd4Y4DYYmsIbjFr13skPgPpJS3
yzB0gsQxTh7iw4y7XVYkt0LycorCvS/GR5tXt51EkOqWvrH4qVBglbdnxxQfeMC1
wRgkL8G2jjPYNySBc2Xdp8gyt/uBy/uRVpSFWsiuKyVcr6685kY6Sy+K8hqvAvNv
WkOkGpW1CQJh5uxcgdd0H50tFZHJ8TXWibbXKY+0Mn2HeML+J8dRPHDFcQUOYgmz
gd4ASzl0lGp3huWvSWMGgJHqCT0G9hRf6j/sFJRqpUBPXc0Jp3yf+TjWlMa0c0ld
8XStDL3bE5tq7zixreIIYlXPZIoKa8OWz+/1GVXgA2Z0FPr1dvy8hgNuC+Iy1DIZ
wbRp/SA78JOfvp45XnFwqkBpB3PCU0810++r9jTHJmkynmgZXfJv9Qcs8KLNEgAm
4WtCuuc4KVtlJ9e5ycdv/w0h/keYN6gVL1naLBIU4aT3YWU/g8Z/6cT6/daHZK5B
xpW6tIco+UA8JOh1MeLWR0nU5HGwFGVn78W32wgAhRNoXfJl//+2bQSy3fYQwSvN
ZpUNLjblZZ+P7KR95BV1yw2BmhaFIgl4NMLEWOSBD45hnuTdGVMogLb+mjROzWyg
mRWngVRCCauBkptDHbSjxFtCzcwZ8HfYKl/QHVFzmGlkTf/yJ40EtpWbmjjiE6D1
chkulZUt0HjR4hChJ+fsUAjHt85YXFibwpP4lwkLWReexZZVgPkVfg5iXWU+7h+m
+5kunxOx/XspEbRzueBrLyrUE3+t9aCCboOFar7JQPy3vAN06+Eb+xBpJWgGb1ah
RwXFhDFmdj6OXASxOKxQraKYy6/IeWlI0LprOqwmv8A+RF16CWaqDGV0Ow9tU2ui
mo4JInITTKFJUgzhlvzk7AMkQngJPcCYcnfxkhthCS2F6zjI0q1C6y3x6rnYHSiA
/u4qiZ0VY3id9R9kgyKdlddG0Rlw8U1x3tO3ZYedQsEcSHb9fFy5mh/3LDs6qhMp
3Lt7ezyt8JfmPDnXG5VJ+clAasdy/z7cILXuq6SLeNJZc3pFSLXMkejW4uRzgMGf
BVLwGYMA33RKPdDzBAjbxEF3nbR3CoEDbmxTyyxczM8N0bMQHHgu200QBn8v9pKj
CZy3fxTm8faNqZAqYOBP9iyc5NUhcGt7yfwPP8DiQDNfrngzNazAP64MfI1zzUxb
lKTiLqjH+FsrxuG6zFtX3Rg+GbjFz0uOFrk/WraJhE52k4DYQsHeYQDa4f8xOQA+
MJhSqEqRwP6KLKMrTBb+o7NYTyjM++8Q6/wiTbzp3dFfo/wju1NccUUjfQwd2QaP
KUQyXw4sIv+s1jBaPuw48XwZa3ETLAYWGSdz0dLoS8jWsiiM0oTor8lF4cluQAAa
MBaeFL7TpI6FwK9Si0XV5o/BDsumsx38ecnvWvSjB9BrmUXz9TEfVTFqgLN91Ohj
Eh3247DqWbQw9n1WF5cM85xuLFYVI+i+XBMZouqPOZih0nHnjyUndKaYSQLvcY4S
mnwNIY7N+LspPVsRCAg/ElRZc32HemCzID5oYjlfKpjt+pw5XylK63UXSw//jq78
2d9O103xb8AyQhLO5G+7VXia/68BiLQzSm5AoKqPERSmqalVRRtg5BQ4Ewe+o354
+ZD4dGiazIpG8j7HqN13k8Wzm9kOWZm97m64cNc+nhvdPPkoHyjWtSFoyVDlABT/
Qc9NJLBa4TofNOLZMeQNqGtHjXTdmrwxxe7MJaXGhUUB3zKhPoJyooLECLYUAPmA
T1U=
-----END ENCRYPTED PRIVATE KEY-----

6
ANW-URB/openvpn/gw-ckubu/ccd/server-gw-ckubu/VPN-ANW-URB-gw-ckubu Normal file
View File

@ -0,0 +1,6 @@
ifconfig-push 10.1.132.2 255.255.255.0
push "route 192.168.132.0 255.255.255.0 10.1.132.1"
push "route 192.168.133.0 255.255.255.0 10.1.132.1"
push "route 172.16.132.0 255.255.255.0 10.1.132.1"
iroute 192.168.63.0 255.255.255.0
iroute 192.168.64.0 255.255.255.0

270
ANW-URB/openvpn/gw-ckubu/client-configs/gw-ckubu.conf Normal file
View File

@ -0,0 +1,270 @@
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote gw-urban.oopen.de 1195
topology subnet
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Try to preserve some state across restarts.
persist-key
persist-tun
# Server CA
<ca>
-----BEGIN CERTIFICATE-----
MIIG5DCCBMygAwIBAgIJALp/KJ1jL7feMA0GCSqGSIb3DQEBCwUAMIGmMQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEUMBIGA1UEAxML
VlBOLUFOVy1VUkIxFDASBgNVBCkTC1ZQTiBBTlctVVJCMR0wGwYJKoZIhvcNAQkB
Fg5hcmd1c0Bvb3Blbi5kZTAgFw0xODA3MDExMjAxMTBaGA8yMDUwMDcwMTEyMDEx
MFowgaYxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJl
cmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2Vz
MRQwEgYDVQQDEwtWUE4tQU5XLVVSQjEUMBIGA1UEKRMLVlBOIEFOVy1VUkIxHTAb
BgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOC
Ag8AMIICCgKCAgEAwqxYiLmI2l30o0GJ0tFrt8G8pHrhuIUbgmaKpv+nvkDVZlYi
x7e36iGcswVwFrCRMkDSZk3assH95zr+psTDDpcsLeXg6t/P8m4Fa+nRpGAnJiRG
kC5C1gi6mzQq2exkyK/N8uEN1i1uRSm6bg5SYoY2kYid9t2wzkvw/oRpee3orrGX
T0L0V7gQsBXRQMPkDdcsXiS6yMC/BiucNZ7aTNm0ZFJW/FrtFK2fq+zhfKMffe0q
ZEBC9kpJvo12u1TVE6udnBqEa7SdDTgZdIJt2bWeI700WQd/wbxX2+pn+mMvzwnz
ArIkMkAEg8XKRvvyTTZFXgLjNie03mfT3Rhdaren7SW0Y9ZP5f9RWiqaUVPwbc4L
Y0rHuxDOn26GM5lcMUcDH5mqhe/7jOeGFNWNjvMzfwud1lGNVWjM9RLLhvQnZmJn
RCuCiP4egh9eZ537XYvnf9tEfZibeDZQbeJ+RXHfcPb4QZbTXfyah8A6tw4SN3DY
BA5S0f/5RJ58K/HqUk63zTMLDTQ5xxnh9H6t0dj0d1hKZdBGJ4J+h94aSBWd1yDj
0ihEtuMlkmXlb6WuMCu7WfVjveq+Y0cbyP7j8Eydr4mKNUGSLSr36OxBaaj84MqN
/SxgR/WC6cd2sIfI2arqBfs6Ofh6SnwY7QthrolPGBkVltemHIFOXNPRFakCAwEA
AaOCAQ8wggELMB0GA1UdDgQWBBSDzgWqdk1v9fZT1ZAGuJmamsq/yjCB2wYDVR0j
BIHTMIHQgBSDzgWqdk1v9fZT1ZAGuJmamsq/yqGBrKSBqTCBpjELMAkGA1UEBhMC
REUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZv
Lm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1B
TlctVVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJn
dXNAb29wZW4uZGWCCQC6fyidYy+33jAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEB
CwUAA4ICAQCpZ/wJ4P99jqlzsvxt/xr9vmaseN40KRUiVhNMI4NArL6cxNw++MX/
yYIw4lk4BtBtMxidcgBnubtck5wuCeLco4HBYnXcLOJT6kJkZQ7ruM9Q5gwaYZFq
HWNJFDQhMO8x1sbf7QzENmg9UsZu+9ugA+MZ30gnWBLWW4BfB6YuHQkRmE/i9gYn
AGwiokUCem4hKUiN+K4rOmPFgtJN5rY9Tv0cu4dvY93lz+e9kvBj2qHTydTBvLM5
YdxuZ5YN4dLEvpI+PIlJCS78Z5fISake3oQliy7sTs77cYihQ4AgWTo4JO/sX6Z0
VyV0Y8qGkMhcWJ9p/6y4XpatBIDmzuvauRUFR8U6qLknWDgFpEeppqUOU43y1Kmq
brVBRFjqfiJfYSOOr6lUkiJkLOHNAbHsNrtQLFnr4PHsegIwPLC4hRjmZjlrkUiW
GV/+QUeNahFkZ6PhaELXAzmwi2oDkoszssMIXbwgtzq0T8svlJXZUEfzY+O/tVOB
uQ7qgA2fKzGI1/F0Qzm5TV/bxhP8IzHPUiEWHaQbJkTzUW8oe9l63KxtEysw99to
mgxxeMVvxuRxswkp77j/he8B95VHIvYBtVzTRPLfXwhSSeGgZsriqORXqhInNGi8
+yEXH4slS8QSBi7fLkgk7Fkl4HLNSUqstdOyJuMPr9yfgTg4Mhb16g==
-----END CERTIFICATE-----
</ca>
# Client Certificate
<cert>
-----BEGIN CERTIFICATE-----
MIIHRjCCBS6gAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1BTlct
VVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
b29wZW4uZGUwHhcNMTgwNzAxMTIxOTU5WhcNMzgwNzAxMTIxOTU5WjCBrzELMAkG
A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxHTAbBgNVBAMT
FFZQTi1BTlctVVJCLWd3LWNrdWJ1MRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsG
CSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4IC
DwAwggIKAoICAQDP0fPI9wEQUjhMSG908UI1fMjhpdaFsoaZZpFHJtbNbdIoGw7s
pLt4MDHoTlxX+wQNRyE+ISKTcBcna57LhLiukdPXrJlF/ETr6vo/lnA7PGa9hnJv
hzJinSG5DdP1KMpEGAbtWb6T4FFFWzE7r7lPrch3ZnEqhxdvug+MKXCtV2uZQy18
k52ddaRTFAjVr9wSir/e2rwxD+7+448L+ZHs839zxQkCgw2hzCbrCaMPO/RQ5Cwf
jrHN7pyVt0nCead80Fx/drh0xPk8bF38YcKGFwPI2lC+P7A4IkImJ4e/lOt+Lz57
6xXMq31qkvi8MIYSMiA+2Ou9UWsj/mNulGzUqp2wtOxbaA2oE9KMGQw3C8HkX4l/
g1wOZoWfb4whURTrM8pBd2UvS//7FUG23yoFtyD0kzERFvTT2Es3whKineUtHxAp
Dhf0mXT5aiS45Gpue8Eh4Lzl/SBan+WtbYiGsMUXcdyC7aoXMGuRveEV0BjO5hgm
K4vTpgdXfM2vtIj//eWERsm3SBtk7B/MEqIS9Xkz9ELIObcBSxlPGhnaJAHLrVcl
bRm7DNZqN1euWAnQaJyRtNEyXUx1heWzCECUY5L5vxLqQo0GJ67oA5VFV2duMTDI
chMBB8UlWNoyNDBlfWxRgH9I136xkZplNk/cSVaZw7RL/sQNz7gVrfwOaQIDAQAB
o4IBcjCCAW4wCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2Vu
ZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBTkCKWUHjo6HlsxCDXAVDI4N7kw
EzCB2wYDVR0jBIHTMIHQgBSDzgWqdk1v9fZT1ZAGuJmamsq/yqGBrKSBqTCBpjEL
MAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8w
DQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNV
BAMTC1ZQTi1BTlctVVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3
DQEJARYOYXJndXNAb29wZW4uZGWCCQC6fyidYy+33jATBgNVHSUEDDAKBggrBgEF
BQcDAjALBgNVHQ8EBAMCB4AwEwYDVR0RBAwwCoIIZ3ctY2t1YnUwDQYJKoZIhvcN
AQELBQADggIBAGSLlF/gaiE1+iVDbpLaWSASfGuZfxjXOemN+czikzy9nO5RDqkh
17oJIavuj5ROf+wBMUBqTPUiVKlfr1zMkXbm3V69zmssAMOhMyobg0hk0E2GXtrw
Tb6vxwFqaUukOcjX3u9PlGezewo/WuQJYH66efsAmgkqUgPLxN/SXCSbK/HC+l67
YuQfXoHqZQDZ3Ew4F1m61QnQJcUVKOQVotLWeKBy9QauP2GTpYqMmqbKXSogr975
SdapRTQccsaTrWHd1mgsFn2XZlcIkfq9/w1oILS+uptg8aG9NeZRJoSRZQnyfhfV
ZISXever73fqVUfh0ee5rPVdqzdUiY5f0R4rW+Y8MTjo6d1YuvPJYxrtKtn6ZlLN
uYwNZHjC0yPpo5tX7QXlUhtrMtg3nPrilO07opRKm89OkM78FTbgpSw/x/oDwQY3
RVYMQ0wJulAgUmwy80jgYB+HwkIaIROW2abd8XX4qBXCwV2N6MH6PePl1ttx0Spm
pVevqkOLIi0zpyjR0qh/pnGnbRWFhztgkvaIfStAk08KMNFgRekx3omHE2/KmRDf
azsDLHjw9SxMb3Tx9gMnmkV0rxM24VuRbWNh4KPNQaO7jeDf6it84y53rT34olcL
lF5jjfmPMuHiPJauPOw/wWRwFrh/hF99ncdO8c8JNJwOibrXvjidhzAC
-----END CERTIFICATE-----
</cert>
# Client Key
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIJjjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIVPXPy9FjUjECAggA
MBQGCCqGSIb3DQMHBAgeJeDimzYzlwSCCUg6NduONv8wnwx1hQtK24FFJF3dsFN9
sH3ar+oS9CBXyKKKz+Kj2QQcPuEHyD/Ex2KKaxrBLCIh4iHNo23ZoQTvdXpYvAsH
AJLeknvhYFI68hGWj69cGMS+huY/+8Pk2C5ZQZdl4vbClSIa5syHqAuufaWiRQy7
1jrlz8aWq/vx2IJE/OUw6kY6GVsp5/PJSjHS6bHpNM5r938IJeP7sbOvI3aSfqdh
QMATUhMEmmfMIJ5Qo9bgSfowcEPe1LPbg0zr2RbXJmd04vi3+m1AKSd3wG9PpNuh
fwQZGBES4HFdQeNwymfe4YPL7poxQsHqaffSauTxV0dMM3jfnL0O1kzYwYr7TvLN
a7hClcikUnOFHEO0JZm3uKvgFOsNrpPZHQ541BvHwumu9ATO9U8QvCVidZ4O8Ewh
xqXYS0Ugc3M5/jwJwlXKY8rZESM05ea2XdS3OzREQs6sHjnhBZqHB7yIOut3ENjI
sd0V+m2X/AJnxYDCkmfaXAWYdjzmNzWBrQ/2jGsLtvOz25o0BCr2s0Tds16s6ijy
PrnY+RljHd2xz+8VKIjmIRZAfSUj5bPA+5rlWNE17EqNVkE0Drq3ESFyOkOhIxv5
zWLNTJT9GLn8BOz8dt9iH1SXceiBQAAEjKohtihokF8WNFckXcYP8PIZxgT2gNSZ
9vldNzC7tT4/UviFMUJVE7fUQgYf0XgVPcDVvmvfs7xbJVG+cmdckL4qfZsV6xY+
bIyK4Y5fB0J4bQzIva6W96Nne0Lytf++y+sqgY4llpcFibKgYN7M3KfsM5A7k+wc
uKoGy5+2/dZrcF8rS87MPdeeIRKpYFKpxz1/VvugprAXfjDV2eKSULG1fEpsfVOx
u1FE7EIwDnYmue7MpA9OYvLOJXQrHbdnwlvjyRDmR2Pmll6rjEGX/yn9yBltVCal
7NCZHfwlQm4h16bUmWvUSBdTF80pCy6eOaBz77K/2v1V9vWzi1ZAyKy/aVhPtMS4
Jyh3Eg2fh5WHVlH6zkju7Oqz+vfLQS1XVoz5dabbnCgHzWk6MccVyE3D4G+0ti/R
6waRrBhIPazitKQTi7wnK6eZ1CVBCkbRkxu4EcBfq7R4TfV6ijVRK5T/LsYG3TzU
tSx6Z2VAdPDIl78usVOqirrw/Q68s6w3xLm/WxV0a3f80afGHj0p1Pxx9IIb+4fB
B13tAJ8RTCtwXSFf09hFnSKYJc9iS2opUHFm79TUpDR220VznMdjZiLAbYb+lGDm
GNhshIBbaMrBi5oguZ2c9aP+FKUXooYQzpFfSPduU1oO0WoesJDbxbPrzyX6VFy2
d//WWCsGo3l7nF7gAsHJeR0gTaBhnuciR6VLOKuE7rQdoRFovtT/+u0/jUuztss0
P/cH0wZm2jye5y3A8yIsGIyoxJjwAEhCdgBK0ChHarpQ4owwgFWb2gif6T2wTi+j
8ng7r/LnqJZkWHwuttLXX7fpQLmOj6ybG3ytFf3t8A3MQJp2pTY/el7bf0xYz0x+
ll8BSHvGqTRZe3fImzcY03deOrKSPlWUQ0haiT3bcz6EJnWuul6/sCMmxIZbZaEc
qV/orXMaEm/nMd5+e7AVhDo9Q5nBVtTT+BZSABb8YEHY62g26FtEo8cvnFTNfOR7
gSfyBkS1YAttqdQ8UvB4TkjE3cmepy0bo1Uu0h+1XfQqTducPV6AmFu2snbnyys9
8KJgkV0qc+biK8ROPUQBKjE2Mi6jO3wLYVIr8PA2Gl/mv1TjdDOecFnsyyAcjNkX
Ol02fKSMl8nYVKnVKnTffLM6fYs2bKJwjEoYOkLDFmpO+fCnq1IFwg/CBkn7AL0s
chBVisDNUV9MGbDZVIiYUSEtaY7cgyAJqBfRbMtlvC2mQFzMI2L/+J/4ZUGRqJ8K
LsiJ+aCvwgHoOTpuxC7sH3LiAoDejOa8qMRWKqklO1LtNfvTV/APAACjhQ1N484R
/uzmLnKY6QPCFnK1zmo6NwvcSy/8vD3YZMxV3T54kqooMraJrVB62YJe/KsCTCbb
7bUkeNiqxT9jbUf9Lu4Wy91i9XRh9Kakxfl1/oM5E/cuzX+r7hz6AUSLgZ0ibgdJ
wXDCCcdxw6Ne+zw1ME5XfZ+3DhGvFb4LXZuTd5lGzNn01+5sTPMXEDbSaVUcuLc0
qxGNS/Eqs4qAy7FJK9sTMjPvfiPNSp40DOKfKO3dEyGawp3yKOlTNU+fLJT8qsPX
KjUghx2VTtZGOZVijB/VGdx0ecfqWK+FNR7ppU2+370PmDmCdWjlDF2S8CdROMCf
K90VEdvyXKi5NMxM6yRHgRgJTDhCqdKgWQE+NQ/pYqDYt8m2dJAupYKXrnddv5nz
0D9kxRylYi53LigGdDwwAq/R4fjOzZ1trstB4heMx9uMK9YsntOtMzTbOWpYxkqC
klAk7q70TPn8jj8JFYa5UhhDso2EwsfJJXQMReVk3Fs0Kg8hWJLsYyVwJjgAnSNH
1Cu9PvsC1diytKY63+pCJyzxql4ITqgHuVaC8lF/UsxSeTNqQSShviPmSV0V1a8h
W9iTH3oWwLkFp/yczJwLIfkCqMnYpBXE1RmnZfwOu38uWLizo4nVKIbN0Ak7dKX5
4knFkMeqig76Sz059sj1J4V3RwdEaa2do9wzD7893V80NfNWulEqMYG/ZWo8ibXf
gw4EAEyfIC1EldSoWbolhg/wrqqRN2yAij7UjHXDDFbGROyArc746HmkDIvS/RyA
4kGN/8Q5rYZnhoMh3lz1C5HfI0adSmZpjPjeKez1Pknk5lcmkmeoQ/e1Lq2w8Vz6
PqdqbgdHgUE64N5suxrbczMYtXv4sa+sEbs008UoUFHWp1mMVvLqgHkxcMA6qgvo
JM6SPC8yo+di9OGCh92BKo13hbNK0dcs+5Eoq2ahz8e2LM5v4EPHjzqNpEoXTbHw
YepbkgUClp0o8rrxbKQWGpG/x9Yjx8x3TJG2goAxQhjAMmovsbk+U/SuekthWU06
pVC5piI6oho/Tcz4EQsUQMW1lctUVoRuvRZEu7+OTaOUhyv3yXW12gOWM8oVusgh
LE2NaYGiiCun0FI3oJsmmzWn+6xJvYaQM9yFwEhzUFwBDw0BxmCKun8dJ212rvGd
AUVseiVNsR9f3hmHuAT0W+B3XMDq9mAX7rNBts83XfcKrspL5ovKJ2/Um2aOnJwY
rxE=
-----END ENCRYPTED PRIVATE KEY-----
</key>
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-server
# script in the easy-rsa folder will do this.
#
# Note!
# The option "ns-cert-type" has been deprecated since
# version 2.4 and will be removed from later distributions.
#
# Use the modern equivalent "remote-cert-tls"
#
;ns-cert-type server
remote-cert-tls server
# If a tls-auth key is used on the server
# then every client must also have the key.
#
# Don't forget to set the 'key-direction' Parameter if using
# Inline Key. Usualy , sever has key direction '0', while client
# has ke direction '1'.
#
key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
aea26f8f0a99ff84f7a6a6f426bef710
2998c49555c2770d954b9251a74b6e30
3859a0a8c086f3509c440c50bf3230e3
d5bc2b247119a4fdb59aefdd2376475d
f060a24165022d981ddee0704d580587
752e520d930b24580ae5ccbef266c471
6ef8dfdd6ba9de23e63823841086a151
90e146c1d085b274d3403de9bd827935
cd18fd2cb4005f3c133802ccc0c2f885
decd3b5fd4d6dd53dc478c59f3a84dc5
e9a3d51e805811af39647a9904605b99
2dbf311089315fcbafa70b89e2d49b1b
d425b598f7551a2cb21ef9315a97e36b
2152699cf9ec5fa90df659495575a935
bceb34f91889eda617d2c6b26573c6c1
ce620dd47a0b08e6da791cf979ed8c44
-----END OpenVPN Static key V1-----
</tls-auth>
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
cipher AES-256-CBC
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
;comp-lzo
# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 1
# Setting 'pull' on the client takes care to get the 'push' durectives
# from the server
pull

18
ANW-URB/openvpn/gw-ckubu/crl.pem Normal file
View File

@ -0,0 +1,18 @@
-----BEGIN X509 CRL-----
MIIC7zCB2DANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCREUxDzANBgNVBAgT
BkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNV
BAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1BTlctVVJCMRQwEgYD
VQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUX
DTE4MDcwMTEyMDgxOVoYDzIwNTAwNzAxMTIwODE5WjANBgkqhkiG9w0BAQsFAAOC
AgEAJSt0Nn+jtnoBtcYIMyn580t85fkd2h/8+5iwCdi1tAfHS1SAwP4OSbH6HKqJ
w9AXIJlkAuHjyOr/TxyoIns8DZIOPrvNoC1hRuym09IkvTnnqM69tTNZk/fbLYft
tEiW2Hnrnk9rHnHm0FFBKCWO1hM0nv896YVBgoo/Wh+Qm7afb96l2ifd4Ycgo5zA
NLTZ3p/S5fyKsXTyXpYP2qF2aMQntebxWmrwYUURswvJKo79d/fN9pPGPlBzRkvV
8NsJA2o4b3s2gKzMShkiJNm2PfoDFQ7bVRZNqMpyJ5rB6HXqUOQVbnlbYB1NW4DZ
2HYQrqeZpv1RRmS2vsRszB4Imp2gKaKAwcWy7ZSAyP70B9nSZN0HjzUpg99gDMFS
JbPWqejwr9b0lFAJAn6EwhMVO6e13SnrHmjDK3Lo4acGRZBbfxZDU0feBxVf0sHe
pWYe59AunQJY9l8H5OYhV8ilnTpe4amEsqGCYVQOmC9NwNJRRoxlJgysfhtI6fU1
p4Qab1RNlewzIZG3FGvFdyYLivvO0kk5U+QVK8wMrYfA4hQGS9I92BL91hiM3Vlc
fVrgZ+GZgOo3x5GjgSodmMPmi1FWmwEBrDns0kkBQvf/6j+i1MA/krRXHJFAW9Fs
POBVtkRCA7hPaZVXpmyywU8IHdL3ZLPVCefzpYE66oSCWPY=
-----END X509 CRL-----

1
ANW-URB/openvpn/gw-ckubu/easy-rsa/build-ca Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-ca

1
ANW-URB/openvpn/gw-ckubu/easy-rsa/build-dh Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-dh

1
ANW-URB/openvpn/gw-ckubu/easy-rsa/build-inter Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-inter

1
ANW-URB/openvpn/gw-ckubu/easy-rsa/build-key Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-key

1
ANW-URB/openvpn/gw-ckubu/easy-rsa/build-key-pass Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-key-pass

1
ANW-URB/openvpn/gw-ckubu/easy-rsa/build-key-pkcs12 Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-key-pkcs12

1
ANW-URB/openvpn/gw-ckubu/easy-rsa/build-key-server Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-key-server

1
ANW-URB/openvpn/gw-ckubu/easy-rsa/build-req Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-req

1
ANW-URB/openvpn/gw-ckubu/easy-rsa/build-req-pass Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/build-req-pass

1
ANW-URB/openvpn/gw-ckubu/easy-rsa/clean-all Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/clean-all

1
ANW-URB/openvpn/gw-ckubu/easy-rsa/inherit-inter Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/inherit-inter

1
ANW-URB/openvpn/gw-ckubu/easy-rsa/list-crl Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/list-crl

268
ANW-URB/openvpn/gw-ckubu/easy-rsa/openssl-0.9.6.cnf Normal file
View File

@ -0,0 +1,268 @@
# For use with easy-rsa version 2.0
#
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = $ENV::KEY_DIR # Where everything is kept
certs = $dir # Where the issued certs are kept
crl_dir = $dir # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir # default place for new certs.
certificate = $dir/ca.crt # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/ca.key # The private key
RANDFILE = $dir/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 3650 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = sha256 # which md to use.
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
####################################################################
[ req ]
default_bits = $ENV::KEY_SIZE
default_keyfile = privkey.pem
default_md = sha256
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString.
# utf8only: only UTF8Strings.
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
# so use this option with caution!
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = $ENV::KEY_COUNTRY
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = $ENV::KEY_PROVINCE
localityName = Locality Name (eg, city)
localityName_default = $ENV::KEY_CITY
0.organizationName = Organization Name (eg, company)
0.organizationName_default = $ENV::KEY_ORG
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
emailAddress = Email Address
emailAddress_default = $ENV::KEY_EMAIL
emailAddress_max = 40
# JY -- added for batch mode
organizationalUnitName_default = $ENV::KEY_OU
commonName_default = $ENV::KEY_CN
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "Easy-RSA Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=clientAuth
keyUsage = digitalSignature
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
subjectAltName=$ENV::KEY_ALTNAMES
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ server ]
# JY ADDED -- Make a cert with nsCertType set to "server"
basicConstraints=CA:FALSE
nsCertType = server
nsComment = "Easy-RSA Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=serverAuth
keyUsage = digitalSignature, keyEncipherment
subjectAltName=$ENV::KEY_ALTNAMES
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always

293
ANW-URB/openvpn/gw-ckubu/easy-rsa/openssl-0.9.8.cnf Normal file
View File

@ -0,0 +1,293 @@
# For use with easy-rsa version 2.0
#
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
openssl_conf = openssl_init
[ openssl_init ]
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
engines = engine_section
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = $ENV::KEY_DIR # Where everything is kept
certs = $dir # Where the issued certs are kept
crl_dir = $dir # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir # default place for new certs.
certificate = $dir/ca.crt # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/ca.key # The private key
RANDFILE = $dir/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 3650 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = sha256 # which md to use.
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
####################################################################
[ req ]
default_bits = $ENV::KEY_SIZE
default_keyfile = privkey.pem
default_md = sha256
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString.
# utf8only: only UTF8Strings.
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
# so use this option with caution!
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = $ENV::KEY_COUNTRY
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = $ENV::KEY_PROVINCE
localityName = Locality Name (eg, city)
localityName_default = $ENV::KEY_CITY
0.organizationName = Organization Name (eg, company)
0.organizationName_default = $ENV::KEY_ORG
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
name = Name
name_max = 64
emailAddress = Email Address
emailAddress_default = $ENV::KEY_EMAIL
emailAddress_max = 40
# JY -- added for batch mode
organizationalUnitName_default = $ENV::KEY_OU
commonName_default = $ENV::KEY_CN
name_default = $ENV::KEY_NAME
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "Easy-RSA Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=clientAuth
keyUsage = digitalSignature
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
subjectAltName=$ENV::KEY_ALTNAMES
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ server ]
# JY ADDED -- Make a cert with nsCertType set to "server"
basicConstraints=CA:FALSE
nsCertType = server
nsComment = "Easy-RSA Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=serverAuth
keyUsage = digitalSignature, keyEncipherment
subjectAltName=$ENV::KEY_ALTNAMES
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always
[ engine_section ]
#
# If you are using PKCS#11
# Install engine_pkcs11 of opensc (www.opensc.org)
# And uncomment the following
# verify that dynamic_path points to the correct location
#
#pkcs11 = pkcs11_section
[ pkcs11_section ]
engine_id = pkcs11
dynamic_path = /usr/lib/engines/engine_pkcs11.so
MODULE_PATH = $ENV::PKCS11_MODULE_PATH
PIN = $ENV::PKCS11_PIN
init = 0

290
ANW-URB/openvpn/gw-ckubu/easy-rsa/openssl-1.0.0.cnf Normal file
View File

@ -0,0 +1,290 @@
# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
openssl_conf = openssl_init
[ openssl_init ]
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
engines = engine_section
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = $ENV::KEY_DIR # Where everything is kept
certs = $dir # Where the issued certs are kept
crl_dir = $dir # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir # default place for new certs.
certificate = $dir/ca.crt # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/ca.key # The private key
RANDFILE = $dir/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
#default_days = 3650 # how long to certify for
default_days = 11688
#default_crl_days= 30 # how long before next CRL
default_crl_days = 11688
default_md = sha256 # use public key default MD
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
####################################################################
[ req ]
default_bits = $ENV::KEY_SIZE
default_keyfile = privkey.pem
default_md = sha256
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString (PKIX recommendation after 2004).
# utf8only: only UTF8Strings (PKIX recommendation after 2004).
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = $ENV::KEY_COUNTRY
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = $ENV::KEY_PROVINCE
localityName = Locality Name (eg, city)
localityName_default = $ENV::KEY_CITY
0.organizationName = Organization Name (eg, company)
0.organizationName_default = $ENV::KEY_ORG
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
name = Name
name_max = 64
emailAddress = Email Address
emailAddress_default = $ENV::KEY_EMAIL
emailAddress_max = 40
# JY -- added for batch mode
organizationalUnitName_default = $ENV::KEY_OU
commonName_default = $ENV::KEY_CN
name_default = $ENV::KEY_NAME
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "Easy-RSA Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=clientAuth
keyUsage = digitalSignature
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
subjectAltName=$ENV::KEY_ALTNAMES
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ server ]
# JY ADDED -- Make a cert with nsCertType set to "server"
basicConstraints=CA:FALSE
nsCertType = server
nsComment = "Easy-RSA Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=serverAuth
keyUsage = digitalSignature, keyEncipherment
subjectAltName=$ENV::KEY_ALTNAMES
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always
[ engine_section ]
#
# If you are using PKCS#11
# Install engine_pkcs11 of opensc (www.opensc.org)
# And uncomment the following
# verify that dynamic_path points to the correct location
#
#pkcs11 = pkcs11_section
[ pkcs11_section ]
engine_id = pkcs11
dynamic_path = /usr/lib/engines/engine_pkcs11.so
MODULE_PATH = $ENV::PKCS11_MODULE_PATH
PIN = $ENV::PKCS11_PIN
init = 0

288
ANW-URB/openvpn/gw-ckubu/easy-rsa/openssl-1.0.0.cnf.ORIG Normal file
View File

@ -0,0 +1,288 @@
# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
openssl_conf = openssl_init
[ openssl_init ]
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
engines = engine_section
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = $ENV::KEY_DIR # Where everything is kept
certs = $dir # Where the issued certs are kept
crl_dir = $dir # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir # default place for new certs.
certificate = $dir/ca.crt # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/ca.key # The private key
RANDFILE = $dir/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 3650 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = sha256 # use public key default MD
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
####################################################################
[ req ]
default_bits = $ENV::KEY_SIZE
default_keyfile = privkey.pem
default_md = sha256
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString (PKIX recommendation after 2004).
# utf8only: only UTF8Strings (PKIX recommendation after 2004).
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = $ENV::KEY_COUNTRY
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = $ENV::KEY_PROVINCE
localityName = Locality Name (eg, city)
localityName_default = $ENV::KEY_CITY
0.organizationName = Organization Name (eg, company)
0.organizationName_default = $ENV::KEY_ORG
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
name = Name
name_max = 64
emailAddress = Email Address
emailAddress_default = $ENV::KEY_EMAIL
emailAddress_max = 40
# JY -- added for batch mode
organizationalUnitName_default = $ENV::KEY_OU
commonName_default = $ENV::KEY_CN
name_default = $ENV::KEY_NAME
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "Easy-RSA Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=clientAuth
keyUsage = digitalSignature
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
subjectAltName=$ENV::KEY_ALTNAMES
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ server ]
# JY ADDED -- Make a cert with nsCertType set to "server"
basicConstraints=CA:FALSE
nsCertType = server
nsComment = "Easy-RSA Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=serverAuth
keyUsage = digitalSignature, keyEncipherment
subjectAltName=$ENV::KEY_ALTNAMES
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always
[ engine_section ]
#
# If you are using PKCS#11
# Install engine_pkcs11 of opensc (www.opensc.org)
# And uncomment the following
# verify that dynamic_path points to the correct location
#
#pkcs11 = pkcs11_section
[ pkcs11_section ]
engine_id = pkcs11
dynamic_path = /usr/lib/engines/engine_pkcs11.so
MODULE_PATH = $ENV::PKCS11_MODULE_PATH
PIN = $ENV::PKCS11_PIN
init = 0

1
ANW-URB/openvpn/gw-ckubu/easy-rsa/pkitool Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/pkitool

1
ANW-URB/openvpn/gw-ckubu/easy-rsa/revoke-full Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/revoke-full

1
ANW-URB/openvpn/gw-ckubu/easy-rsa/sign-req Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/sign-req

96
ANW-URB/openvpn/gw-ckubu/easy-rsa/vars Normal file
View File

@ -0,0 +1,96 @@
# easy-rsa parameter settings
# NOTE: If you installed from an RPM,
# don't edit this file in place in
# /usr/share/openvpn/easy-rsa --
# instead, you should copy the whole
# easy-rsa directory to another location
# (such as /etc/openvpn) so that your
# edits will not be wiped out by a future
# OpenVPN package upgrade.
# This variable should point to
# the top level of the easy-rsa
# tree.
##export EASY_RSA="`pwd`"
export BASE_DIR="/etc/openvpn/gw-ckubu"
export EASY_RSA="$BASE_DIR/easy-rsa"
#
# This variable should point to
# the requested executables
#
export OPENSSL="openssl"
export PKCS11TOOL="pkcs11-tool"
export GREP="grep"
# This variable should point to
# the openssl.cnf file included
# with easy-rsa.
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
# Edit this variable to point to
# your soon-to-be-created key
# directory.
#
# WARNING: clean-all will do
# a rm -rf on this directory
# so make sure you define
# it correctly!
##export KEY_DIR="$EASY_RSA/keys"
export KEY_DIR="$BASE_DIR/keys"
# Issue rm -rf warning
echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
# PKCS11 fixes
export PKCS11_MODULE_PATH="dummy"
export PKCS11_PIN="dummy"
# Increase this to 2048 if you
# are paranoid. This will slow
# down TLS negotiation performance
# as well as the one-time DH parms
# generation process.
##export KEY_SIZE=2048
export KEY_SIZE=4096
# In how many days should the root CA key expire?
##export CA_EXPIRE=3650
export CA_EXPIRE=11688
# In how many days should certificates expire?
##export KEY_EXPIRE=3650
export KEY_EXPIRE=7305
# These are the default values for fields
# which will be placed in the certificate.
# Don't leave any of these fields blank.
##export KEY_COUNTRY="US"
export KEY_COUNTRY="DE"
##export KEY_PROVINCE="CA"
export KEY_PROVINCE="Berlin"
##export KEY_CITY="SanFrancisco"
export KEY_CITY="Berlin"
##export KEY_ORG="Fort-Funston"
export KEY_ORG="o.open"
##export KEY_EMAIL="me@myhost.mydomain"
export KEY_EMAIL="argus@oopen.de"
##export KEY_OU="MyOrganizationalUnit"
export KEY_OU="Network Services"
# X509 Subject Field
##export KEY_NAME="EasyRSA"
export KEY_NAME="VPN ANW-URB"
# PKCS11 Smart Card
# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
# export PKCS11_PIN=1234
# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
## export KEY_CN="CommonName"
export KEY_CN="VPN-ANW-URB"
export KEY_ALTNAMES="VPN-ANW-URB"

80
ANW-URB/openvpn/gw-ckubu/easy-rsa/vars.2018-07-01-1354 Normal file
View File

@ -0,0 +1,80 @@
# easy-rsa parameter settings
# NOTE: If you installed from an RPM,
# don't edit this file in place in
# /usr/share/openvpn/easy-rsa --
# instead, you should copy the whole
# easy-rsa directory to another location
# (such as /etc/openvpn) so that your
# edits will not be wiped out by a future
# OpenVPN package upgrade.
# This variable should point to
# the top level of the easy-rsa
# tree.
export EASY_RSA="`pwd`"
#
# This variable should point to
# the requested executables
#
export OPENSSL="openssl"
export PKCS11TOOL="pkcs11-tool"
export GREP="grep"
# This variable should point to
# the openssl.cnf file included
# with easy-rsa.
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
# Edit this variable to point to
# your soon-to-be-created key
# directory.
#
# WARNING: clean-all will do
# a rm -rf on this directory
# so make sure you define
# it correctly!
export KEY_DIR="$EASY_RSA/keys"
# Issue rm -rf warning
echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
# PKCS11 fixes
export PKCS11_MODULE_PATH="dummy"
export PKCS11_PIN="dummy"
# Increase this to 2048 if you
# are paranoid. This will slow
# down TLS negotiation performance
# as well as the one-time DH parms
# generation process.
export KEY_SIZE=2048
# In how many days should the root CA key expire?
export CA_EXPIRE=3650
# In how many days should certificates expire?
export KEY_EXPIRE=3650
# These are the default values for fields
# which will be placed in the certificate.
# Don't leave any of these fields blank.
export KEY_COUNTRY="US"
export KEY_PROVINCE="CA"
export KEY_CITY="SanFrancisco"
export KEY_ORG="Fort-Funston"
export KEY_EMAIL="me@myhost.mydomain"
export KEY_OU="MyOrganizationalUnit"
# X509 Subject Field
export KEY_NAME="EasyRSA"
# PKCS11 Smart Card
# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
# export PKCS11_PIN=1234
# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
# export KEY_CN="CommonName"

1
ANW-URB/openvpn/gw-ckubu/easy-rsa/whichopensslcnf Symbolic link
View File

@ -0,0 +1 @@
/usr/share/easy-rsa/whichopensslcnf

4
ANW-URB/openvpn/gw-ckubu/keys-created.txt Normal file
View File

@ -0,0 +1,4 @@
key...............: gw-ckubu.key
common name.......: VPN-ANW-URB-gw-ckubu
password..........: iBeiGo4she3oorae3ualuj4seegaiwih

142
ANW-URB/openvpn/gw-ckubu/keys/01.pem Normal file
View File

@ -0,0 +1,142 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-ANW-URB/name=VPN ANW-URB/emailAddress=argus@oopen.de
Validity
Not Before: Jul 1 12:08:00 2018 GMT
Not After : Jul 1 12:08:00 2038 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-ANW-URB-server/name=VPN ANW-URB/emailAddress=argus@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:dc:d8:37:7c:82:5d:f7:52:61:1a:64:5e:4e:4c:
66:8f:81:4a:70:de:4f:ed:ab:7e:8c:dc:aa:6d:77:
2d:53:b6:7e:80:e7:54:e0:98:81:cf:f2:e7:bf:2c:
62:5e:31:54:aa:e5:ce:8f:b3:86:31:22:6c:0e:bd:
bd:c6:df:a8:1e:90:4c:aa:6b:af:85:85:e8:37:db:
13:fa:83:40:7f:5d:2f:d5:4b:35:8b:36:7e:ae:50:
a5:b1:7d:dc:d2:db:d1:20:5a:7b:ec:fb:b9:04:54:
d5:b9:13:7a:cd:50:7b:f8:68:f2:03:4b:34:92:5d:
65:dc:99:2b:03:f0:93:a7:5b:df:5b:be:f1:c8:c7:
d0:03:c3:fa:f5:27:3e:1d:87:9c:af:22:3a:c5:12:
f1:7e:52:ed:73:db:a7:a3:01:e4:ab:7b:34:a4:30:
8c:c4:9f:bf:f6:0b:5f:31:eb:15:90:d9:b1:c1:00:
e2:22:50:d8:91:1a:d5:49:fe:bd:1d:48:41:1a:1c:
54:cc:50:88:a3:4d:b4:24:6b:54:d1:e5:f9:6d:88:
a5:cb:8d:1d:29:50:2d:01:8e:41:2a:ce:57:08:c9:
96:4e:27:7a:74:6f:ed:99:cf:c4:e5:f2:9a:d8:1d:
ec:24:f1:2d:8e:48:ec:60:6f:d0:96:fc:dd:87:98:
b2:b6:92:e4:eb:f6:22:9a:ed:63:c2:ba:a7:f2:87:
1d:50:d0:ee:cd:93:47:a6:d3:db:5d:f7:af:58:cc:
13:e8:dd:1b:73:20:1c:66:b8:ca:91:fb:96:80:7d:
93:fd:e9:80:2a:9b:17:41:24:6b:ea:fa:65:5f:17:
47:99:0a:c2:93:67:e9:11:6c:fb:84:b7:f2:4a:15:
46:19:13:d3:6f:94:93:06:57:b6:44:77:8f:c1:0e:
38:6f:1a:98:15:87:f6:91:c8:ac:38:f6:78:44:dd:
8f:e2:6e:da:72:0e:81:61:d3:cd:61:cd:fa:3c:9c:
6f:0c:fa:cd:91:5b:b2:98:65:cd:ed:19:34:d7:2f:
53:fa:a4:c2:4c:bb:39:2d:b7:fc:db:0d:b7:a9:38:
2c:15:ff:24:78:e1:66:d4:4b:22:95:87:da:6d:1e:
81:73:93:45:13:5e:7a:b1:a6:3c:a2:41:96:e2:ec:
bb:5d:1e:d2:33:8f:1e:05:7f:a9:ef:b0:59:45:d2:
9d:06:fc:ba:84:24:3a:0c:8c:a2:fd:d9:8a:91:21:
a4:47:c3:a9:ca:07:7a:9d:4c:67:f0:de:29:9b:2c:
4f:4b:fc:d6:91:78:44:52:41:a8:9d:4c:c1:15:90:
93:2c:1b:91:28:7c:4e:3d:f6:a8:3a:e0:fc:05:de:
a3:ec:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Server
Netscape Comment:
Easy-RSA Generated Server Certificate
X509v3 Subject Key Identifier:
8D:6F:B4:C0:CA:39:8E:D1:BC:31:63:A4:32:BB:B0:C8:66:6C:7E:A3
X509v3 Authority Key Identifier:
keyid:83:CE:05:AA:76:4D:6F:F5:F6:53:D5:90:06:B8:99:9A:9A:CA:BF:CA
DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-ANW-URB/name=VPN ANW-URB/emailAddress=argus@oopen.de
serial:BA:7F:28:9D:63:2F:B7:DE
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Subject Alternative Name:
DNS:server
Signature Algorithm: sha256WithRSAEncryption
14:4f:8a:df:e6:49:a2:f4:59:cd:15:11:38:ee:de:80:07:0f:
52:87:d2:46:af:32:87:83:17:8e:e7:98:fb:f2:75:8d:85:32:
92:2d:df:41:eb:f9:74:7f:46:64:d2:1b:3b:60:2b:4c:c9:f3:
8a:50:91:04:ef:dc:aa:fd:03:ed:7b:9e:d8:d8:b5:df:ce:22:
d3:93:ea:92:50:d2:89:e2:a8:41:d9:19:13:d7:ab:3e:57:22:
54:73:cb:b4:03:30:be:c8:ea:fb:2f:96:30:74:29:d1:c1:4e:
9f:f6:c4:42:cd:67:b0:12:15:99:0b:58:d5:9c:0b:a0:65:6d:
44:b9:65:a4:f3:fd:d8:87:dd:f9:da:1c:0b:3d:96:1c:d1:29:
68:30:73:89:83:b8:3d:f5:f9:51:3c:c6:32:17:3a:c7:f8:1f:
81:09:9e:cd:87:27:3d:f6:62:57:0d:75:62:60:65:34:13:5d:
09:19:be:f5:57:23:c7:be:6b:0c:b5:67:a0:ec:8d:c1:0d:9c:
1f:e2:78:58:83:f8:30:a4:3e:72:e7:31:62:0e:d0:da:84:ce:
95:6c:1e:69:62:ee:c8:b0:61:55:1c:15:5e:69:7c:5c:c4:95:
91:28:7a:63:66:65:66:8f:0c:4e:cd:38:aa:94:11:d0:a0:cf:
2a:d5:fb:e1:3a:6b:b9:6c:13:cd:b9:e0:2e:8b:cd:c7:06:cf:
12:17:32:0e:ae:50:cf:7f:04:df:8f:c9:bb:eb:5f:72:b7:63:
ec:31:e8:1a:a2:94:93:43:64:17:69:ab:26:61:1d:fd:85:e3:
c1:60:ed:c2:9d:f6:04:11:a5:ff:77:e0:d3:ef:75:90:99:36:
ab:62:59:fd:75:df:95:be:c7:1a:e0:eb:92:07:f9:a7:6b:a3:
3c:30:14:99:60:e3:04:3c:ba:45:91:fd:bf:1d:6a:d8:26:61:
eb:8d:76:7e:74:7c:d5:a3:50:0a:ab:cf:c8:f1:85:65:e4:6c:
10:11:91:f8:68:54:05:37:11:9e:ee:1c:5d:60:f7:b3:40:cf:
9c:c1:f4:3a:26:6c:d2:72:19:20:3c:da:27:9d:17:dd:75:f1:
b8:b3:9e:bc:92:4f:18:26:ad:38:a6:27:2a:92:b1:8e:23:96:
ff:0b:b1:96:ed:40:b6:da:3c:52:49:09:07:1d:6d:ed:02:78:
fd:55:95:db:8c:6c:85:2b:5d:4b:56:0f:ea:49:6d:2d:10:c7:
df:a8:3f:dd:b5:c5:be:ba:69:b0:a5:b0:c7:06:71:be:af:33:
c3:4e:71:aa:ce:1b:51:2f:dd:bc:c7:a0:8e:92:b1:ff:3b:cf:
a7:62:fd:35:c6:01:64:66
-----BEGIN CERTIFICATE-----
MIIHXDCCBUSgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1BTlct
VVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
b29wZW4uZGUwHhcNMTgwNzAxMTIwODAwWhcNMzgwNzAxMTIwODAwWjCBrTELMAkG
A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGzAZBgNVBAMT
ElZQTi1BTlctVVJCLXNlcnZlcjEUMBIGA1UEKRMLVlBOIEFOVy1VUkIxHTAbBgkq
hkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
MIICCgKCAgEA3Ng3fIJd91JhGmReTkxmj4FKcN5P7at+jNyqbXctU7Z+gOdU4JiB
z/LnvyxiXjFUquXOj7OGMSJsDr29xt+oHpBMqmuvhYXoN9sT+oNAf10v1Us1izZ+
rlClsX3c0tvRIFp77Pu5BFTVuRN6zVB7+GjyA0s0kl1l3JkrA/CTp1vfW77xyMfQ
A8P69Sc+HYecryI6xRLxflLtc9unowHkq3s0pDCMxJ+/9gtfMesVkNmxwQDiIlDY
kRrVSf69HUhBGhxUzFCIo020JGtU0eX5bYily40dKVAtAY5BKs5XCMmWTid6dG/t
mc/E5fKa2B3sJPEtjkjsYG/Qlvzdh5iytpLk6/Yimu1jwrqn8ocdUNDuzZNHptPb
XfevWMwT6N0bcyAcZrjKkfuWgH2T/emAKpsXQSRr6vplXxdHmQrCk2fpEWz7hLfy
ShVGGRPTb5STBle2RHePwQ44bxqYFYf2kcisOPZ4RN2P4m7acg6BYdPNYc36PJxv
DPrNkVuymGXN7Rk01y9T+qTCTLs5Lbf82w23qTgsFf8keOFm1EsilYfabR6Bc5NF
E156saY8okGW4uy7XR7SM48eBX+p77BZRdKdBvy6hCQ6DIyi/dmKkSGkR8Opygd6
nUxn8N4pmyxPS/zWkXhEUkGonUzBFZCTLBuRKHxOPfaoOuD8Bd6j7FECAwEAAaOC
AYowggGGMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMDQGCWCGSAGG+EIB
DQQnFiVFYXN5LVJTQSBHZW5lcmF0ZWQgU2VydmVyIENlcnRpZmljYXRlMB0GA1Ud
DgQWBBSNb7TAyjmO0bwxY6Qyu7DIZmx+ozCB2wYDVR0jBIHTMIHQgBSDzgWqdk1v
9fZT1ZAGuJmamsq/yqGBrKSBqTCBpjELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJl
cmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsT
EE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1BTlctVVJCMRQwEgYDVQQp
EwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQC6
fyidYy+33jATBgNVHSUEDDAKBggrBgEFBQcDATALBgNVHQ8EBAMCBaAwEQYDVR0R
BAowCIIGc2VydmVyMA0GCSqGSIb3DQEBCwUAA4ICAQAUT4rf5kmi9FnNFRE47t6A
Bw9Sh9JGrzKHgxeO55j78nWNhTKSLd9B6/l0f0Zk0hs7YCtMyfOKUJEE79yq/QPt
e57Y2LXfziLTk+qSUNKJ4qhB2RkT16s+VyJUc8u0AzC+yOr7L5YwdCnRwU6f9sRC
zWewEhWZC1jVnAugZW1EuWWk8/3Yh9352hwLPZYc0SloMHOJg7g99flRPMYyFzrH
+B+BCZ7Nhyc99mJXDXViYGU0E10JGb71VyPHvmsMtWeg7I3BDZwf4nhYg/gwpD5y
5zFiDtDahM6VbB5pYu7IsGFVHBVeaXxcxJWRKHpjZmVmjwxOzTiqlBHQoM8q1fvh
Omu5bBPNueAui83HBs8SFzIOrlDPfwTfj8m7619yt2PsMegaopSTQ2QXaasmYR39
hePBYO3CnfYEEaX/d+DT73WQmTarYln9dd+Vvsca4OuSB/mna6M8MBSZYOMEPLpF
kf2/HWrYJmHrjXZ+dHzVo1AKq8/I8YVl5GwQEZH4aFQFNxGe7hxdYPezQM+cwfQ6
JmzSchkgPNonnRfddfG4s568kk8YJq04picqkrGOI5b/C7GW7UC22jxSSQkHHW3t
Anj9VZXbjGyFK11LVg/qSW0tEMffqD/dtcW+ummwpbDHBnG+rzPDTnGqzhtRL928
x6COkrH/O8+nYv01xgFkZg==
-----END CERTIFICATE-----

139
ANW-URB/openvpn/gw-ckubu/keys/02.pem Normal file
View File

@ -0,0 +1,139 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-ANW-URB/name=VPN ANW-URB/emailAddress=argus@oopen.de
Validity
Not Before: Jul 1 12:19:59 2018 GMT
Not After : Jul 1 12:19:59 2038 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-ANW-URB-gw-ckubu/name=VPN ANW-URB/emailAddress=argus@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:cf:d1:f3:c8:f7:01:10:52:38:4c:48:6f:74:f1:
42:35:7c:c8:e1:a5:d6:85:b2:86:99:66:91:47:26:
d6:cd:6d:d2:28:1b:0e:ec:a4:bb:78:30:31:e8:4e:
5c:57:fb:04:0d:47:21:3e:21:22:93:70:17:27:6b:
9e:cb:84:b8:ae:91:d3:d7:ac:99:45:fc:44:eb:ea:
fa:3f:96:70:3b:3c:66:bd:86:72:6f:87:32:62:9d:
21:b9:0d:d3:f5:28:ca:44:18:06:ed:59:be:93:e0:
51:45:5b:31:3b:af:b9:4f:ad:c8:77:66:71:2a:87:
17:6f:ba:0f:8c:29:70:ad:57:6b:99:43:2d:7c:93:
9d:9d:75:a4:53:14:08:d5:af:dc:12:8a:bf:de:da:
bc:31:0f:ee:fe:e3:8f:0b:f9:91:ec:f3:7f:73:c5:
09:02:83:0d:a1:cc:26:eb:09:a3:0f:3b:f4:50:e4:
2c:1f:8e:b1:cd:ee:9c:95:b7:49:c2:79:a7:7c:d0:
5c:7f:76:b8:74:c4:f9:3c:6c:5d:fc:61:c2:86:17:
03:c8:da:50:be:3f:b0:38:22:42:26:27:87:bf:94:
eb:7e:2f:3e:7b:eb:15:cc:ab:7d:6a:92:f8:bc:30:
86:12:32:20:3e:d8:eb:bd:51:6b:23:fe:63:6e:94:
6c:d4:aa:9d:b0:b4:ec:5b:68:0d:a8:13:d2:8c:19:
0c:37:0b:c1:e4:5f:89:7f:83:5c:0e:66:85:9f:6f:
8c:21:51:14:eb:33:ca:41:77:65:2f:4b:ff:fb:15:
41:b6:df:2a:05:b7:20:f4:93:31:11:16:f4:d3:d8:
4b:37:c2:12:a2:9d:e5:2d:1f:10:29:0e:17:f4:99:
74:f9:6a:24:b8:e4:6a:6e:7b:c1:21:e0:bc:e5:fd:
20:5a:9f:e5:ad:6d:88:86:b0:c5:17:71:dc:82:ed:
aa:17:30:6b:91:bd:e1:15:d0:18:ce:e6:18:26:2b:
8b:d3:a6:07:57:7c:cd:af:b4:88:ff:fd:e5:84:46:
c9:b7:48:1b:64:ec:1f:cc:12:a2:12:f5:79:33:f4:
42:c8:39:b7:01:4b:19:4f:1a:19:da:24:01:cb:ad:
57:25:6d:19:bb:0c:d6:6a:37:57:ae:58:09:d0:68:
9c:91:b4:d1:32:5d:4c:75:85:e5:b3:08:40:94:63:
92:f9:bf:12:ea:42:8d:06:27:ae:e8:03:95:45:57:
67:6e:31:30:c8:72:13:01:07:c5:25:58:da:32:34:
30:65:7d:6c:51:80:7f:48:d7:7e:b1:91:9a:65:36:
4f:dc:49:56:99:c3:b4:4b:fe:c4:0d:cf:b8:15:ad:
fc:0e:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
E4:08:A5:94:1E:3A:3A:1E:5B:31:08:35:C0:54:32:38:37:B9:30:13
X509v3 Authority Key Identifier:
keyid:83:CE:05:AA:76:4D:6F:F5:F6:53:D5:90:06:B8:99:9A:9A:CA:BF:CA
DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-ANW-URB/name=VPN ANW-URB/emailAddress=argus@oopen.de
serial:BA:7F:28:9D:63:2F:B7:DE
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:gw-ckubu
Signature Algorithm: sha256WithRSAEncryption
64:8b:94:5f:e0:6a:21:35:fa:25:43:6e:92:da:59:20:12:7c:
6b:99:7f:18:d7:39:e9:8d:f9:cc:e2:93:3c:bd:9c:ee:51:0e:
a9:21:d7:ba:09:21:ab:ee:8f:94:4e:7f:ec:01:31:40:6a:4c:
f5:22:54:a9:5f:af:5c:cc:91:76:e6:dd:5e:bd:ce:6b:2c:00:
c3:a1:33:2a:1b:83:48:64:d0:4d:86:5e:da:f0:4d:be:af:c7:
01:6a:69:4b:a4:39:c8:d7:de:ef:4f:94:67:b3:7b:0a:3f:5a:
e4:09:60:7e:ba:79:fb:00:9a:09:2a:52:03:cb:c4:df:d2:5c:
24:9b:2b:f1:c2:fa:5e:bb:62:e4:1f:5e:81:ea:65:00:d9:dc:
4c:38:17:59:ba:d5:09:d0:25:c5:15:28:e4:15:a2:d2:d6:78:
a0:72:f5:06:ae:3f:61:93:a5:8a:8c:9a:a6:ca:5d:2a:20:af:
de:f9:49:d6:a9:45:34:1c:72:c6:93:ad:61:dd:d6:68:2c:16:
7d:97:66:57:08:91:fa:bd:ff:0d:68:20:b4:be:ba:9b:60:f1:
a1:bd:35:e6:51:26:84:91:65:09:f2:7e:17:d5:64:84:97:7a:
f7:ab:ef:77:ea:55:47:e1:d1:e7:b9:ac:f5:5d:ab:37:54:89:
8e:5f:d1:1e:2b:5b:e6:3c:31:38:e8:e9:dd:58:ba:f3:c9:63:
1a:ed:2a:d9:fa:66:52:cd:b9:8c:0d:64:78:c2:d3:23:e9:a3:
9b:57:ed:05:e5:52:1b:6b:32:d8:37:9c:fa:e2:94:ed:3b:a2:
94:4a:9b:cf:4e:90:ce:fc:15:36:e0:a5:2c:3f:c7:fa:03:c1:
06:37:45:56:0c:43:4c:09:ba:50:20:52:6c:32:f3:48:e0:60:
1f:87:c2:42:1a:21:13:96:d9:a6:dd:f1:75:f8:a8:15:c2:c1:
5d:8d:e8:c1:fa:3d:e3:e5:d6:db:71:d1:2a:66:a5:57:af:aa:
43:8b:22:2d:33:a7:28:d1:d2:a8:7f:a6:71:a7:6d:15:85:87:
3b:60:92:f6:88:7d:2b:40:93:4f:0a:30:d1:60:45:e9:31:de:
89:87:13:6f:ca:99:10:df:6b:3b:03:2c:78:f0:f5:2c:4c:6f:
74:f1:f6:03:27:9a:45:74:af:13:36:e1:5b:91:6d:63:61:e0:
a3:cd:41:a3:bb:8d:e0:df:ea:2b:7c:e3:2e:77:ad:3d:f8:a2:
57:0b:94:5e:63:8d:f9:8f:32:e1:e2:3c:96:ae:3c:ec:3f:c1:
64:70:16:b8:7f:84:5f:7d:9d:c7:4e:f1:cf:09:34:9c:0e:89:
ba:d7:be:38:9d:87:30:02
-----BEGIN CERTIFICATE-----
MIIHRjCCBS6gAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1BTlct
VVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
b29wZW4uZGUwHhcNMTgwNzAxMTIxOTU5WhcNMzgwNzAxMTIxOTU5WjCBrzELMAkG
A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxHTAbBgNVBAMT
FFZQTi1BTlctVVJCLWd3LWNrdWJ1MRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsG
CSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4IC
DwAwggIKAoICAQDP0fPI9wEQUjhMSG908UI1fMjhpdaFsoaZZpFHJtbNbdIoGw7s
pLt4MDHoTlxX+wQNRyE+ISKTcBcna57LhLiukdPXrJlF/ETr6vo/lnA7PGa9hnJv
hzJinSG5DdP1KMpEGAbtWb6T4FFFWzE7r7lPrch3ZnEqhxdvug+MKXCtV2uZQy18
k52ddaRTFAjVr9wSir/e2rwxD+7+448L+ZHs839zxQkCgw2hzCbrCaMPO/RQ5Cwf
jrHN7pyVt0nCead80Fx/drh0xPk8bF38YcKGFwPI2lC+P7A4IkImJ4e/lOt+Lz57
6xXMq31qkvi8MIYSMiA+2Ou9UWsj/mNulGzUqp2wtOxbaA2oE9KMGQw3C8HkX4l/
g1wOZoWfb4whURTrM8pBd2UvS//7FUG23yoFtyD0kzERFvTT2Es3whKineUtHxAp
Dhf0mXT5aiS45Gpue8Eh4Lzl/SBan+WtbYiGsMUXcdyC7aoXMGuRveEV0BjO5hgm
K4vTpgdXfM2vtIj//eWERsm3SBtk7B/MEqIS9Xkz9ELIObcBSxlPGhnaJAHLrVcl
bRm7DNZqN1euWAnQaJyRtNEyXUx1heWzCECUY5L5vxLqQo0GJ67oA5VFV2duMTDI
chMBB8UlWNoyNDBlfWxRgH9I136xkZplNk/cSVaZw7RL/sQNz7gVrfwOaQIDAQAB
o4IBcjCCAW4wCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2Vu
ZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBTkCKWUHjo6HlsxCDXAVDI4N7kw
EzCB2wYDVR0jBIHTMIHQgBSDzgWqdk1v9fZT1ZAGuJmamsq/yqGBrKSBqTCBpjEL
MAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8w
DQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNV
BAMTC1ZQTi1BTlctVVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3
DQEJARYOYXJndXNAb29wZW4uZGWCCQC6fyidYy+33jATBgNVHSUEDDAKBggrBgEF
BQcDAjALBgNVHQ8EBAMCB4AwEwYDVR0RBAwwCoIIZ3ctY2t1YnUwDQYJKoZIhvcN
AQELBQADggIBAGSLlF/gaiE1+iVDbpLaWSASfGuZfxjXOemN+czikzy9nO5RDqkh
17oJIavuj5ROf+wBMUBqTPUiVKlfr1zMkXbm3V69zmssAMOhMyobg0hk0E2GXtrw
Tb6vxwFqaUukOcjX3u9PlGezewo/WuQJYH66efsAmgkqUgPLxN/SXCSbK/HC+l67
YuQfXoHqZQDZ3Ew4F1m61QnQJcUVKOQVotLWeKBy9QauP2GTpYqMmqbKXSogr975
SdapRTQccsaTrWHd1mgsFn2XZlcIkfq9/w1oILS+uptg8aG9NeZRJoSRZQnyfhfV
ZISXever73fqVUfh0ee5rPVdqzdUiY5f0R4rW+Y8MTjo6d1YuvPJYxrtKtn6ZlLN
uYwNZHjC0yPpo5tX7QXlUhtrMtg3nPrilO07opRKm89OkM78FTbgpSw/x/oDwQY3
RVYMQ0wJulAgUmwy80jgYB+HwkIaIROW2abd8XX4qBXCwV2N6MH6PePl1ttx0Spm
pVevqkOLIi0zpyjR0qh/pnGnbRWFhztgkvaIfStAk08KMNFgRekx3omHE2/KmRDf
azsDLHjw9SxMb3Tx9gMnmkV0rxM24VuRbWNh4KPNQaO7jeDf6it84y53rT34olcL
lF5jjfmPMuHiPJauPOw/wWRwFrh/hF99ncdO8c8JNJwOibrXvjidhzAC
-----END CERTIFICATE-----

39
ANW-URB/openvpn/gw-ckubu/keys/ca.crt Normal file
View File

@ -0,0 +1,39 @@
-----BEGIN CERTIFICATE-----
MIIG5DCCBMygAwIBAgIJALp/KJ1jL7feMA0GCSqGSIb3DQEBCwUAMIGmMQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEUMBIGA1UEAxML
VlBOLUFOVy1VUkIxFDASBgNVBCkTC1ZQTiBBTlctVVJCMR0wGwYJKoZIhvcNAQkB
Fg5hcmd1c0Bvb3Blbi5kZTAgFw0xODA3MDExMjAxMTBaGA8yMDUwMDcwMTEyMDEx
MFowgaYxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJl
cmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2Vz
MRQwEgYDVQQDEwtWUE4tQU5XLVVSQjEUMBIGA1UEKRMLVlBOIEFOVy1VUkIxHTAb
BgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOC
Ag8AMIICCgKCAgEAwqxYiLmI2l30o0GJ0tFrt8G8pHrhuIUbgmaKpv+nvkDVZlYi
x7e36iGcswVwFrCRMkDSZk3assH95zr+psTDDpcsLeXg6t/P8m4Fa+nRpGAnJiRG
kC5C1gi6mzQq2exkyK/N8uEN1i1uRSm6bg5SYoY2kYid9t2wzkvw/oRpee3orrGX
T0L0V7gQsBXRQMPkDdcsXiS6yMC/BiucNZ7aTNm0ZFJW/FrtFK2fq+zhfKMffe0q
ZEBC9kpJvo12u1TVE6udnBqEa7SdDTgZdIJt2bWeI700WQd/wbxX2+pn+mMvzwnz
ArIkMkAEg8XKRvvyTTZFXgLjNie03mfT3Rhdaren7SW0Y9ZP5f9RWiqaUVPwbc4L
Y0rHuxDOn26GM5lcMUcDH5mqhe/7jOeGFNWNjvMzfwud1lGNVWjM9RLLhvQnZmJn
RCuCiP4egh9eZ537XYvnf9tEfZibeDZQbeJ+RXHfcPb4QZbTXfyah8A6tw4SN3DY
BA5S0f/5RJ58K/HqUk63zTMLDTQ5xxnh9H6t0dj0d1hKZdBGJ4J+h94aSBWd1yDj
0ihEtuMlkmXlb6WuMCu7WfVjveq+Y0cbyP7j8Eydr4mKNUGSLSr36OxBaaj84MqN
/SxgR/WC6cd2sIfI2arqBfs6Ofh6SnwY7QthrolPGBkVltemHIFOXNPRFakCAwEA
AaOCAQ8wggELMB0GA1UdDgQWBBSDzgWqdk1v9fZT1ZAGuJmamsq/yjCB2wYDVR0j
BIHTMIHQgBSDzgWqdk1v9fZT1ZAGuJmamsq/yqGBrKSBqTCBpjELMAkGA1UEBhMC
REUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZv
Lm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1B
TlctVVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJn
dXNAb29wZW4uZGWCCQC6fyidYy+33jAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEB
CwUAA4ICAQCpZ/wJ4P99jqlzsvxt/xr9vmaseN40KRUiVhNMI4NArL6cxNw++MX/
yYIw4lk4BtBtMxidcgBnubtck5wuCeLco4HBYnXcLOJT6kJkZQ7ruM9Q5gwaYZFq
HWNJFDQhMO8x1sbf7QzENmg9UsZu+9ugA+MZ30gnWBLWW4BfB6YuHQkRmE/i9gYn
AGwiokUCem4hKUiN+K4rOmPFgtJN5rY9Tv0cu4dvY93lz+e9kvBj2qHTydTBvLM5
YdxuZ5YN4dLEvpI+PIlJCS78Z5fISake3oQliy7sTs77cYihQ4AgWTo4JO/sX6Z0
VyV0Y8qGkMhcWJ9p/6y4XpatBIDmzuvauRUFR8U6qLknWDgFpEeppqUOU43y1Kmq
brVBRFjqfiJfYSOOr6lUkiJkLOHNAbHsNrtQLFnr4PHsegIwPLC4hRjmZjlrkUiW
GV/+QUeNahFkZ6PhaELXAzmwi2oDkoszssMIXbwgtzq0T8svlJXZUEfzY+O/tVOB
uQ7qgA2fKzGI1/F0Qzm5TV/bxhP8IzHPUiEWHaQbJkTzUW8oe9l63KxtEysw99to
mgxxeMVvxuRxswkp77j/he8B95VHIvYBtVzTRPLfXwhSSeGgZsriqORXqhInNGi8
+yEXH4slS8QSBi7fLkgk7Fkl4HLNSUqstdOyJuMPr9yfgTg4Mhb16g==
-----END CERTIFICATE-----

52
ANW-URB/openvpn/gw-ckubu/keys/ca.key Normal file
View File

@ -0,0 +1,52 @@
-----BEGIN PRIVATE KEY-----
MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDCrFiIuYjaXfSj
QYnS0Wu3wbykeuG4hRuCZoqm/6e+QNVmViLHt7fqIZyzBXAWsJEyQNJmTdqywf3n
Ov6mxMMOlywt5eDq38/ybgVr6dGkYCcmJEaQLkLWCLqbNCrZ7GTIr83y4Q3WLW5F
KbpuDlJihjaRiJ323bDOS/D+hGl57eiusZdPQvRXuBCwFdFAw+QN1yxeJLrIwL8G
K5w1ntpM2bRkUlb8Wu0UrZ+r7OF8ox997SpkQEL2Skm+jXa7VNUTq52cGoRrtJ0N
OBl0gm3ZtZ4jvTRZB3/BvFfb6mf6Yy/PCfMCsiQyQASDxcpG+/JNNkVeAuM2J7Te
Z9PdGF1qt6ftJbRj1k/l/1FaKppRU/BtzgtjSse7EM6fboYzmVwxRwMfmaqF7/uM
54YU1Y2O8zN/C53WUY1VaMz1EsuG9CdmYmdEK4KI/h6CH15nnftdi+d/20R9mJt4
NlBt4n5Fcd9w9vhBltNd/JqHwDq3DhI3cNgEDlLR//lEnnwr8epSTrfNMwsNNDnH
GeH0fq3R2PR3WEpl0EYngn6H3hpIFZ3XIOPSKES24yWSZeVvpa4wK7tZ9WO96r5j
RxvI/uPwTJ2viYo1QZItKvfo7EFpqPzgyo39LGBH9YLpx3awh8jZquoF+zo5+HpK
fBjtC2GuiU8YGRWW16YcgU5c09EVqQIDAQABAoICAH/S2m8sJAf+GVv49J5QlAIc
W9lENmIKRH3jBreQtnvd5kFD3aJ1p3U8jL+fmnHLjgsJNR2nkSo+5pCl0/98wvcZ
nBCnGIAgZVIxm6234cekuw/4UbzqI0iWgrDWGCzvY13C0d/glk1Dl1wigh8xmDbJ
GZuFsPMfrbBHfP4hw4AkDtxmD4wj0nymh46XRMbZ2SydVKycQWj/5m4OxIsQuxYq
/J/C0QrySSmCt40UBRrpoQv2ZhddepptPO65xHRMx3wa+2o8nyZ5eYXsiApQegCx
mByvZ2ft3J1BJg9oYs2twv6W8dGbVtkH3+8GOENTu02njPSlwLsWZ1SBqENMdEkv
MWKWX13XFz9TErwywDUbgh7/PAlItwXdQAnkBc+OnbDat+We5P98kSfGWb4q+sxv
A95H2alTaKZrA7bbcUWdvVISDydhrmyNt1yMMhC4BjKOL2FOSM7qDQ1IogpIgq0U
GCd9hYeERBbk+PSQBjgIgjzhhhxLdgC9pWHMhJ7XmpBIiDTMbC1A35Hu0e+l6Rr/
vqdCKQERXQm7etXSRGPuEtuDYc8UnZWPIMu5hgSVuh707z91O2fvytKouIMuIuNx
gBb9PviLSmn7cMGeExRs/KUZh5khf5rFhGre0rYr9pxXIx0J+sMPZs/EFG93VBFg
ZYRs9c2Tw6JSaM5voOPhAoIBAQD6BUFo3XYpKHJeScBCSZfZ2LNFhze5MeKCKkAK
v0s+++i8HNLL2ypnxo1ZDd4r2KSHttjiWJxXWj9I7wIYMHS8X5vg2B/yHXFJCiha
msrCL8zJBpVkLCdoMCzz7CcScVs1kgiN3aoJd2KMzM6KIQOTB0Ovyt4Lvquua986
h6ItXXse8Ac0N5pcaqkdWD3wuULMTWXn8jgI9TMm1pRh21Nh0bZFZi0VHXBL86vS
VDTiYHddSB3M9BesUW61TaSYisip2tvYXkMUtfbrj5yDIW4mPyoL3V30JGvB2QwY
Ijk60J1qwcLyFMOJ11BcorgUA6/+AuZVeatfwh0xEb8MHLBHAoIBAQDHVDpTgXmP
VLi4MepOYACnNweT00QM8XhMvSxk35Y6yoNRHivsusJ3HhSYaEpu7Jo3OoL33qhc
m+v7u0ppThuZeGhr8eMpCT/l+zVW1W5Ayvqg4tKWcikN8EV3gkpFkwuCkLraxcCQ
9HMgInoAr2EO2f65wH1tmb2X57ra8iN3ZPVv4nDri5LwGaFZ8GEUTe6cLoWz1Du1
hyTaCNd4eRO3zWdmYbGBfh59XKtbimMxudL86Tz862gd2x4MkzMQ+pRDaYpeLrgx
snEh4j948f5FSvS4niPmp+rUb5AXADKVwfplYLqzVph+2sKpEwDIUyOXlUSMY3XD
RRjuCO0E3XKPAoIBAQCnrbiljMl/Zvn1FH9Vtaea2cO5oKsVkEg6Rf23d34OmsIG
z0nsoGs7OCV6EVvsihomTtH8U7Nevk7tKiZ8dJsF7xVK4YfjSC2+74oK4f+T5pzw
QXMVwKsZLB4p5Tp7Gv0x22PTSVONj7zPc1gduXB9PgT+NA9hTxozG3OV/Hse86/s
GsyqD5R94KbU4GaCOK18+Xeb7I36LACHTqgrTP4J/6y/tHwNyjWTKrQUlpb1L/89
12ztFNN/pQmbnJwEFifoCrkgzm8sx7D3YNR1+Yi3K+uWE3u8jmSamGeNE/7P3DOG
8rY8xwIxQu9JgXP1MFfrAqTZtITj7vrG+wDnLaJnAoIBACZZlTM1yO6DrVp6+AqG
O/nwA3w0fHZFCxEwoFb0EZJUHjnAJVFRiVKjrfC4uAFpci5ICqSn6RqQQTHYkfN6
vKKlYOnLyxm9FtcnotaHD8RViSzlFwEtC6sL3EGnBqUmKmO/dsPaojcBYRkAqRpy
o6jY1kJkv30TxD9yrSesyJgTC4mwNmuLGgUp2TpVnkfqyoqwBLdZkPdW/gcZBmO+
X8XQNiGjkCRK4JDcAHgHQxhxGR/hvAMpQ4ni+4AN3hhZLadeqel+8Z9WJqAPSIj7
fiFUz4qpmlypV+vxXvad6h2YCZXxq1oPwh0994/SASeJn2JtrJeaFzEvnSFHBFsY
RA8CggEAZiNUmy5gRHKqP3W//HQseO3n8t8KbeNnIZvvnUMwDH1uf0HqQSgrlJfr
O1EKf2JpxPC4Nl2LrnW314mwwW79gR2jF3jYlf6p6afPCV0bdlQZ0fuFskcGRPXl
oql8FA82xC4DHgJ8inSn9hcen17ksvUQxRz0cv3H4YKf+kPs3JscZ2rX7CIOr4Qb
lWRk8DHc2QdhcWBIPH9TH/2njoFBVIbbvDNiBnQbRZ7d9KM/OAuXWxTHYRxLyRR6
lrf4O7rxTh4CyvmeqGxwYBrU1ecJTigu0dPKJQSn1rhZt5ukOvjypf7iBKzgAeW8
5CgRf72B8KP9wr6piE2BHvjWudE4TQ==
-----END PRIVATE KEY-----

1
ANW-URB/openvpn/gw-ckubu/keys/crl.pem Symbolic link
View File

@ -0,0 +1 @@
../crl.pem

13
ANW-URB/openvpn/gw-ckubu/keys/dh4096.pem Normal file
View File

@ -0,0 +1,13 @@
-----BEGIN DH PARAMETERS-----
MIICCAKCAgEAkb98/ZYPH87EHpUo6LatlbDgwe/tquFxg8EnrgAGaHrQMWDnSOvm
A1rXnnpql+avwnloGIqrQ+HjWMLq7KEBYc2W0KN37/qTQw0X7NPixQgDfaeainjQ
TpcAdjKcLCVeHd7J0aiKC/C1u1vRBCf14+wd0NZK7PXCRY8Ggft7hc0ya//riD+s
R4v1A1XXdMkns/YJMKzvvGEvV6IOlFuLUbbU6kYCUjVWDqsvNaRZpGuIiMis1e1l
PRtmIHGlhw/phKgK42ct5OIv2fjTkgg+u31ljptBBr6524HePx8ArifYySHIkk66
O6NeTQpX0VSqs4gpSgAQYAZS5M8DwMrMykmZml1PJkotevBP2YswNvTxwDRosaVu
1u0vJknjPyXnf+BvB9mbcZBVLqJ9YwdjxfVT5biIFVty7V5Oavxkn0zGdH+72eTT
t2FdyTx36Xwl/cRxeXENpVa4xsd7b1zxLLHP9gVHadrTsScplsiZcYZaxrMufuIp
r/I3W9FAgG8zxvnwNRPEjvqLEwuvgo0Ab3bQcl/Sz7Z36lo6TRS8y4V7uZdmdJ+w
92VxbVPFCb27veqrXooZJY5wVAkxdeG7NyS/MScC1JjpmqMK/fTcwfWzA0EH/k8Y
rEv324x/7ZK7gf9mNw21CcXHfBidZhyaU0imHQ5KhUOQS11xHQDqN4MCAQI=
-----END DH PARAMETERS-----

139
ANW-URB/openvpn/gw-ckubu/keys/gw-ckubu.crt Normal file
View File

@ -0,0 +1,139 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-ANW-URB/name=VPN ANW-URB/emailAddress=argus@oopen.de
Validity
Not Before: Jul 1 12:19:59 2018 GMT
Not After : Jul 1 12:19:59 2038 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-ANW-URB-gw-ckubu/name=VPN ANW-URB/emailAddress=argus@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:cf:d1:f3:c8:f7:01:10:52:38:4c:48:6f:74:f1:
42:35:7c:c8:e1:a5:d6:85:b2:86:99:66:91:47:26:
d6:cd:6d:d2:28:1b:0e:ec:a4:bb:78:30:31:e8:4e:
5c:57:fb:04:0d:47:21:3e:21:22:93:70:17:27:6b:
9e:cb:84:b8:ae:91:d3:d7:ac:99:45:fc:44:eb:ea:
fa:3f:96:70:3b:3c:66:bd:86:72:6f:87:32:62:9d:
21:b9:0d:d3:f5:28:ca:44:18:06:ed:59:be:93:e0:
51:45:5b:31:3b:af:b9:4f:ad:c8:77:66:71:2a:87:
17:6f:ba:0f:8c:29:70:ad:57:6b:99:43:2d:7c:93:
9d:9d:75:a4:53:14:08:d5:af:dc:12:8a:bf:de:da:
bc:31:0f:ee:fe:e3:8f:0b:f9:91:ec:f3:7f:73:c5:
09:02:83:0d:a1:cc:26:eb:09:a3:0f:3b:f4:50:e4:
2c:1f:8e:b1:cd:ee:9c:95:b7:49:c2:79:a7:7c:d0:
5c:7f:76:b8:74:c4:f9:3c:6c:5d:fc:61:c2:86:17:
03:c8:da:50:be:3f:b0:38:22:42:26:27:87:bf:94:
eb:7e:2f:3e:7b:eb:15:cc:ab:7d:6a:92:f8:bc:30:
86:12:32:20:3e:d8:eb:bd:51:6b:23:fe:63:6e:94:
6c:d4:aa:9d:b0:b4:ec:5b:68:0d:a8:13:d2:8c:19:
0c:37:0b:c1:e4:5f:89:7f:83:5c:0e:66:85:9f:6f:
8c:21:51:14:eb:33:ca:41:77:65:2f:4b:ff:fb:15:
41:b6:df:2a:05:b7:20:f4:93:31:11:16:f4:d3:d8:
4b:37:c2:12:a2:9d:e5:2d:1f:10:29:0e:17:f4:99:
74:f9:6a:24:b8:e4:6a:6e:7b:c1:21:e0:bc:e5:fd:
20:5a:9f:e5:ad:6d:88:86:b0:c5:17:71:dc:82:ed:
aa:17:30:6b:91:bd:e1:15:d0:18:ce:e6:18:26:2b:
8b:d3:a6:07:57:7c:cd:af:b4:88:ff:fd:e5:84:46:
c9:b7:48:1b:64:ec:1f:cc:12:a2:12:f5:79:33:f4:
42:c8:39:b7:01:4b:19:4f:1a:19:da:24:01:cb:ad:
57:25:6d:19:bb:0c:d6:6a:37:57:ae:58:09:d0:68:
9c:91:b4:d1:32:5d:4c:75:85:e5:b3:08:40:94:63:
92:f9:bf:12:ea:42:8d:06:27:ae:e8:03:95:45:57:
67:6e:31:30:c8:72:13:01:07:c5:25:58:da:32:34:
30:65:7d:6c:51:80:7f:48:d7:7e:b1:91:9a:65:36:
4f:dc:49:56:99:c3:b4:4b:fe:c4:0d:cf:b8:15:ad:
fc:0e:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
E4:08:A5:94:1E:3A:3A:1E:5B:31:08:35:C0:54:32:38:37:B9:30:13
X509v3 Authority Key Identifier:
keyid:83:CE:05:AA:76:4D:6F:F5:F6:53:D5:90:06:B8:99:9A:9A:CA:BF:CA
DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-ANW-URB/name=VPN ANW-URB/emailAddress=argus@oopen.de
serial:BA:7F:28:9D:63:2F:B7:DE
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:gw-ckubu
Signature Algorithm: sha256WithRSAEncryption
64:8b:94:5f:e0:6a:21:35:fa:25:43:6e:92:da:59:20:12:7c:
6b:99:7f:18:d7:39:e9:8d:f9:cc:e2:93:3c:bd:9c:ee:51:0e:
a9:21:d7:ba:09:21:ab:ee:8f:94:4e:7f:ec:01:31:40:6a:4c:
f5:22:54:a9:5f:af:5c:cc:91:76:e6:dd:5e:bd:ce:6b:2c:00:
c3:a1:33:2a:1b:83:48:64:d0:4d:86:5e:da:f0:4d:be:af:c7:
01:6a:69:4b:a4:39:c8:d7:de:ef:4f:94:67:b3:7b:0a:3f:5a:
e4:09:60:7e:ba:79:fb:00:9a:09:2a:52:03:cb:c4:df:d2:5c:
24:9b:2b:f1:c2:fa:5e:bb:62:e4:1f:5e:81:ea:65:00:d9:dc:
4c:38:17:59:ba:d5:09:d0:25:c5:15:28:e4:15:a2:d2:d6:78:
a0:72:f5:06:ae:3f:61:93:a5:8a:8c:9a:a6:ca:5d:2a:20:af:
de:f9:49:d6:a9:45:34:1c:72:c6:93:ad:61:dd:d6:68:2c:16:
7d:97:66:57:08:91:fa:bd:ff:0d:68:20:b4:be:ba:9b:60:f1:
a1:bd:35:e6:51:26:84:91:65:09:f2:7e:17:d5:64:84:97:7a:
f7:ab:ef:77:ea:55:47:e1:d1:e7:b9:ac:f5:5d:ab:37:54:89:
8e:5f:d1:1e:2b:5b:e6:3c:31:38:e8:e9:dd:58:ba:f3:c9:63:
1a:ed:2a:d9:fa:66:52:cd:b9:8c:0d:64:78:c2:d3:23:e9:a3:
9b:57:ed:05:e5:52:1b:6b:32:d8:37:9c:fa:e2:94:ed:3b:a2:
94:4a:9b:cf:4e:90:ce:fc:15:36:e0:a5:2c:3f:c7:fa:03:c1:
06:37:45:56:0c:43:4c:09:ba:50:20:52:6c:32:f3:48:e0:60:
1f:87:c2:42:1a:21:13:96:d9:a6:dd:f1:75:f8:a8:15:c2:c1:
5d:8d:e8:c1:fa:3d:e3:e5:d6:db:71:d1:2a:66:a5:57:af:aa:
43:8b:22:2d:33:a7:28:d1:d2:a8:7f:a6:71:a7:6d:15:85:87:
3b:60:92:f6:88:7d:2b:40:93:4f:0a:30:d1:60:45:e9:31:de:
89:87:13:6f:ca:99:10:df:6b:3b:03:2c:78:f0:f5:2c:4c:6f:
74:f1:f6:03:27:9a:45:74:af:13:36:e1:5b:91:6d:63:61:e0:
a3:cd:41:a3:bb:8d:e0:df:ea:2b:7c:e3:2e:77:ad:3d:f8:a2:
57:0b:94:5e:63:8d:f9:8f:32:e1:e2:3c:96:ae:3c:ec:3f:c1:
64:70:16:b8:7f:84:5f:7d:9d:c7:4e:f1:cf:09:34:9c:0e:89:
ba:d7:be:38:9d:87:30:02
-----BEGIN CERTIFICATE-----
MIIHRjCCBS6gAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1BTlct
VVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
b29wZW4uZGUwHhcNMTgwNzAxMTIxOTU5WhcNMzgwNzAxMTIxOTU5WjCBrzELMAkG
A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxHTAbBgNVBAMT
FFZQTi1BTlctVVJCLWd3LWNrdWJ1MRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsG
CSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4IC
DwAwggIKAoICAQDP0fPI9wEQUjhMSG908UI1fMjhpdaFsoaZZpFHJtbNbdIoGw7s
pLt4MDHoTlxX+wQNRyE+ISKTcBcna57LhLiukdPXrJlF/ETr6vo/lnA7PGa9hnJv
hzJinSG5DdP1KMpEGAbtWb6T4FFFWzE7r7lPrch3ZnEqhxdvug+MKXCtV2uZQy18
k52ddaRTFAjVr9wSir/e2rwxD+7+448L+ZHs839zxQkCgw2hzCbrCaMPO/RQ5Cwf
jrHN7pyVt0nCead80Fx/drh0xPk8bF38YcKGFwPI2lC+P7A4IkImJ4e/lOt+Lz57
6xXMq31qkvi8MIYSMiA+2Ou9UWsj/mNulGzUqp2wtOxbaA2oE9KMGQw3C8HkX4l/
g1wOZoWfb4whURTrM8pBd2UvS//7FUG23yoFtyD0kzERFvTT2Es3whKineUtHxAp
Dhf0mXT5aiS45Gpue8Eh4Lzl/SBan+WtbYiGsMUXcdyC7aoXMGuRveEV0BjO5hgm
K4vTpgdXfM2vtIj//eWERsm3SBtk7B/MEqIS9Xkz9ELIObcBSxlPGhnaJAHLrVcl
bRm7DNZqN1euWAnQaJyRtNEyXUx1heWzCECUY5L5vxLqQo0GJ67oA5VFV2duMTDI
chMBB8UlWNoyNDBlfWxRgH9I136xkZplNk/cSVaZw7RL/sQNz7gVrfwOaQIDAQAB
o4IBcjCCAW4wCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2Vu
ZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBTkCKWUHjo6HlsxCDXAVDI4N7kw
EzCB2wYDVR0jBIHTMIHQgBSDzgWqdk1v9fZT1ZAGuJmamsq/yqGBrKSBqTCBpjEL
MAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8w
DQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNV
BAMTC1ZQTi1BTlctVVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3
DQEJARYOYXJndXNAb29wZW4uZGWCCQC6fyidYy+33jATBgNVHSUEDDAKBggrBgEF
BQcDAjALBgNVHQ8EBAMCB4AwEwYDVR0RBAwwCoIIZ3ctY2t1YnUwDQYJKoZIhvcN
AQELBQADggIBAGSLlF/gaiE1+iVDbpLaWSASfGuZfxjXOemN+czikzy9nO5RDqkh
17oJIavuj5ROf+wBMUBqTPUiVKlfr1zMkXbm3V69zmssAMOhMyobg0hk0E2GXtrw
Tb6vxwFqaUukOcjX3u9PlGezewo/WuQJYH66efsAmgkqUgPLxN/SXCSbK/HC+l67
YuQfXoHqZQDZ3Ew4F1m61QnQJcUVKOQVotLWeKBy9QauP2GTpYqMmqbKXSogr975
SdapRTQccsaTrWHd1mgsFn2XZlcIkfq9/w1oILS+uptg8aG9NeZRJoSRZQnyfhfV
ZISXever73fqVUfh0ee5rPVdqzdUiY5f0R4rW+Y8MTjo6d1YuvPJYxrtKtn6ZlLN
uYwNZHjC0yPpo5tX7QXlUhtrMtg3nPrilO07opRKm89OkM78FTbgpSw/x/oDwQY3
RVYMQ0wJulAgUmwy80jgYB+HwkIaIROW2abd8XX4qBXCwV2N6MH6PePl1ttx0Spm
pVevqkOLIi0zpyjR0qh/pnGnbRWFhztgkvaIfStAk08KMNFgRekx3omHE2/KmRDf
azsDLHjw9SxMb3Tx9gMnmkV0rxM24VuRbWNh4KPNQaO7jeDf6it84y53rT34olcL
lF5jjfmPMuHiPJauPOw/wWRwFrh/hF99ncdO8c8JNJwOibrXvjidhzAC
-----END CERTIFICATE-----

29
ANW-URB/openvpn/gw-ckubu/keys/gw-ckubu.csr Normal file
View File

@ -0,0 +1,29 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIE9TCCAt0CAQAwga8xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3Jr
IFNlcnZpY2VzMR0wGwYDVQQDExRWUE4tQU5XLVVSQi1ndy1ja3VidTEUMBIGA1UE
KRMLVlBOIEFOVy1VUkIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIIC
IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAz9HzyPcBEFI4TEhvdPFCNXzI
4aXWhbKGmWaRRybWzW3SKBsO7KS7eDAx6E5cV/sEDUchPiEik3AXJ2uey4S4rpHT
16yZRfxE6+r6P5ZwOzxmvYZyb4cyYp0huQ3T9SjKRBgG7Vm+k+BRRVsxO6+5T63I
d2ZxKocXb7oPjClwrVdrmUMtfJOdnXWkUxQI1a/cEoq/3tq8MQ/u/uOPC/mR7PN/
c8UJAoMNocwm6wmjDzv0UOQsH46xze6clbdJwnmnfNBcf3a4dMT5PGxd/GHChhcD
yNpQvj+wOCJCJieHv5Trfi8+e+sVzKt9apL4vDCGEjIgPtjrvVFrI/5jbpRs1Kqd
sLTsW2gNqBPSjBkMNwvB5F+Jf4NcDmaFn2+MIVEU6zPKQXdlL0v/+xVBtt8qBbcg
9JMxERb009hLN8ISop3lLR8QKQ4X9Jl0+WokuORqbnvBIeC85f0gWp/lrW2IhrDF
F3Hcgu2qFzBrkb3hFdAYzuYYJiuL06YHV3zNr7SI//3lhEbJt0gbZOwfzBKiEvV5
M/RCyDm3AUsZTxoZ2iQBy61XJW0ZuwzWajdXrlgJ0GickbTRMl1MdYXlswhAlGOS
+b8S6kKNBieu6AOVRVdnbjEwyHITAQfFJVjaMjQwZX1sUYB/SNd+sZGaZTZP3ElW
mcO0S/7EDc+4Fa38DmkCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4ICAQAfQvUcdiK1
ykZKin31+ghZftAniK/ZQPOg/fFq1AjjNM349iiEBJRK/9N8upCqiXppJ4xmQESG
d80MAzj392a1zMMvWR6j2beNqrVyC8Vced/p1qMov+mR1PHtF9uelyHtrFNT5AWw
h5pd9wvFG7XXbPMQYeUIOesoNc80E1/PY9+3OqlRVPHCFqOxdmMR1kOTIq6z8xeB
Dah7QBgtEF6QkPU3wqtnis6hsr0q4gGPF4+apAX5S+OX7UVjsBOc2JwPSa8o0fJB
EJGzPVNFYxbL15ZasT34ajQJydJ7iT+E4oFtphN6VmlhYeK75OEA0Lb8x9Mzzm/h
dMgEDzhdqHZc3REEpK5hcvYk8PKGlkKY0j8QoqpaFN9gG1qsuzlhoRAs7zf1YY1I
H3eVnA5tPuPfVXawKY1JNSWR+zBFH5eb6qytmkovyGAbT2UYi6v4JyZFKpCUJYP5
DmKBL2vLVgDu1QjA6uFghWV3VBPkvyw0kDpvYOGD+PzryRsjYZYB0gHobW0hKYuS
8TCWUBPmtRoVg2+z0IkXL68Ajc0oyNo+M4Ihr6YQB1XYYOhv3bqHRhRQpNCIhbRA
D68WPzLFYNCjqMMXH1Q+mIbRDyT6ja5OKVX9uvVk9i2QJd0Vyf+N1d/xALNsijwf
UGoSG+FjZRFV3lEC12vdOOmK7FNlLvHjrQ==
-----END CERTIFICATE REQUEST-----

54
ANW-URB/openvpn/gw-ckubu/keys/gw-ckubu.key Normal file
View File

@ -0,0 +1,54 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIJjjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIVPXPy9FjUjECAggA
MBQGCCqGSIb3DQMHBAgeJeDimzYzlwSCCUg6NduONv8wnwx1hQtK24FFJF3dsFN9
sH3ar+oS9CBXyKKKz+Kj2QQcPuEHyD/Ex2KKaxrBLCIh4iHNo23ZoQTvdXpYvAsH
AJLeknvhYFI68hGWj69cGMS+huY/+8Pk2C5ZQZdl4vbClSIa5syHqAuufaWiRQy7
1jrlz8aWq/vx2IJE/OUw6kY6GVsp5/PJSjHS6bHpNM5r938IJeP7sbOvI3aSfqdh
QMATUhMEmmfMIJ5Qo9bgSfowcEPe1LPbg0zr2RbXJmd04vi3+m1AKSd3wG9PpNuh
fwQZGBES4HFdQeNwymfe4YPL7poxQsHqaffSauTxV0dMM3jfnL0O1kzYwYr7TvLN
a7hClcikUnOFHEO0JZm3uKvgFOsNrpPZHQ541BvHwumu9ATO9U8QvCVidZ4O8Ewh
xqXYS0Ugc3M5/jwJwlXKY8rZESM05ea2XdS3OzREQs6sHjnhBZqHB7yIOut3ENjI
sd0V+m2X/AJnxYDCkmfaXAWYdjzmNzWBrQ/2jGsLtvOz25o0BCr2s0Tds16s6ijy
PrnY+RljHd2xz+8VKIjmIRZAfSUj5bPA+5rlWNE17EqNVkE0Drq3ESFyOkOhIxv5
zWLNTJT9GLn8BOz8dt9iH1SXceiBQAAEjKohtihokF8WNFckXcYP8PIZxgT2gNSZ
9vldNzC7tT4/UviFMUJVE7fUQgYf0XgVPcDVvmvfs7xbJVG+cmdckL4qfZsV6xY+
bIyK4Y5fB0J4bQzIva6W96Nne0Lytf++y+sqgY4llpcFibKgYN7M3KfsM5A7k+wc
uKoGy5+2/dZrcF8rS87MPdeeIRKpYFKpxz1/VvugprAXfjDV2eKSULG1fEpsfVOx
u1FE7EIwDnYmue7MpA9OYvLOJXQrHbdnwlvjyRDmR2Pmll6rjEGX/yn9yBltVCal
7NCZHfwlQm4h16bUmWvUSBdTF80pCy6eOaBz77K/2v1V9vWzi1ZAyKy/aVhPtMS4
Jyh3Eg2fh5WHVlH6zkju7Oqz+vfLQS1XVoz5dabbnCgHzWk6MccVyE3D4G+0ti/R
6waRrBhIPazitKQTi7wnK6eZ1CVBCkbRkxu4EcBfq7R4TfV6ijVRK5T/LsYG3TzU
tSx6Z2VAdPDIl78usVOqirrw/Q68s6w3xLm/WxV0a3f80afGHj0p1Pxx9IIb+4fB
B13tAJ8RTCtwXSFf09hFnSKYJc9iS2opUHFm79TUpDR220VznMdjZiLAbYb+lGDm
GNhshIBbaMrBi5oguZ2c9aP+FKUXooYQzpFfSPduU1oO0WoesJDbxbPrzyX6VFy2
d//WWCsGo3l7nF7gAsHJeR0gTaBhnuciR6VLOKuE7rQdoRFovtT/+u0/jUuztss0
P/cH0wZm2jye5y3A8yIsGIyoxJjwAEhCdgBK0ChHarpQ4owwgFWb2gif6T2wTi+j
8ng7r/LnqJZkWHwuttLXX7fpQLmOj6ybG3ytFf3t8A3MQJp2pTY/el7bf0xYz0x+
ll8BSHvGqTRZe3fImzcY03deOrKSPlWUQ0haiT3bcz6EJnWuul6/sCMmxIZbZaEc
qV/orXMaEm/nMd5+e7AVhDo9Q5nBVtTT+BZSABb8YEHY62g26FtEo8cvnFTNfOR7
gSfyBkS1YAttqdQ8UvB4TkjE3cmepy0bo1Uu0h+1XfQqTducPV6AmFu2snbnyys9
8KJgkV0qc+biK8ROPUQBKjE2Mi6jO3wLYVIr8PA2Gl/mv1TjdDOecFnsyyAcjNkX
Ol02fKSMl8nYVKnVKnTffLM6fYs2bKJwjEoYOkLDFmpO+fCnq1IFwg/CBkn7AL0s
chBVisDNUV9MGbDZVIiYUSEtaY7cgyAJqBfRbMtlvC2mQFzMI2L/+J/4ZUGRqJ8K
LsiJ+aCvwgHoOTpuxC7sH3LiAoDejOa8qMRWKqklO1LtNfvTV/APAACjhQ1N484R
/uzmLnKY6QPCFnK1zmo6NwvcSy/8vD3YZMxV3T54kqooMraJrVB62YJe/KsCTCbb
7bUkeNiqxT9jbUf9Lu4Wy91i9XRh9Kakxfl1/oM5E/cuzX+r7hz6AUSLgZ0ibgdJ
wXDCCcdxw6Ne+zw1ME5XfZ+3DhGvFb4LXZuTd5lGzNn01+5sTPMXEDbSaVUcuLc0
qxGNS/Eqs4qAy7FJK9sTMjPvfiPNSp40DOKfKO3dEyGawp3yKOlTNU+fLJT8qsPX
KjUghx2VTtZGOZVijB/VGdx0ecfqWK+FNR7ppU2+370PmDmCdWjlDF2S8CdROMCf
K90VEdvyXKi5NMxM6yRHgRgJTDhCqdKgWQE+NQ/pYqDYt8m2dJAupYKXrnddv5nz
0D9kxRylYi53LigGdDwwAq/R4fjOzZ1trstB4heMx9uMK9YsntOtMzTbOWpYxkqC
klAk7q70TPn8jj8JFYa5UhhDso2EwsfJJXQMReVk3Fs0Kg8hWJLsYyVwJjgAnSNH
1Cu9PvsC1diytKY63+pCJyzxql4ITqgHuVaC8lF/UsxSeTNqQSShviPmSV0V1a8h
W9iTH3oWwLkFp/yczJwLIfkCqMnYpBXE1RmnZfwOu38uWLizo4nVKIbN0Ak7dKX5
4knFkMeqig76Sz059sj1J4V3RwdEaa2do9wzD7893V80NfNWulEqMYG/ZWo8ibXf
gw4EAEyfIC1EldSoWbolhg/wrqqRN2yAij7UjHXDDFbGROyArc746HmkDIvS/RyA
4kGN/8Q5rYZnhoMh3lz1C5HfI0adSmZpjPjeKez1Pknk5lcmkmeoQ/e1Lq2w8Vz6
PqdqbgdHgUE64N5suxrbczMYtXv4sa+sEbs008UoUFHWp1mMVvLqgHkxcMA6qgvo
JM6SPC8yo+di9OGCh92BKo13hbNK0dcs+5Eoq2ahz8e2LM5v4EPHjzqNpEoXTbHw
YepbkgUClp0o8rrxbKQWGpG/x9Yjx8x3TJG2goAxQhjAMmovsbk+U/SuekthWU06
pVC5piI6oho/Tcz4EQsUQMW1lctUVoRuvRZEu7+OTaOUhyv3yXW12gOWM8oVusgh
LE2NaYGiiCun0FI3oJsmmzWn+6xJvYaQM9yFwEhzUFwBDw0BxmCKun8dJ212rvGd
AUVseiVNsR9f3hmHuAT0W+B3XMDq9mAX7rNBts83XfcKrspL5ovKJ2/Um2aOnJwY
rxE=
-----END ENCRYPTED PRIVATE KEY-----

2
ANW-URB/openvpn/gw-ckubu/keys/index.txt Normal file
View File

@ -0,0 +1,2 @@
V 380701120800Z 01 unknown /C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-ANW-URB-server/name=VPN ANW-URB/emailAddress=argus@oopen.de
V 380701121959Z 02 unknown /C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-ANW-URB-gw-ckubu/name=VPN ANW-URB/emailAddress=argus@oopen.de

1
ANW-URB/openvpn/gw-ckubu/keys/index.txt.attr Normal file
View File

@ -0,0 +1 @@
unique_subject = yes

1
ANW-URB/openvpn/gw-ckubu/keys/index.txt.attr.old Normal file
View File

@ -0,0 +1 @@
unique_subject = yes

1
ANW-URB/openvpn/gw-ckubu/keys/index.txt.old Normal file
View File

@ -0,0 +1 @@
V 380701120800Z 01 unknown /C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-ANW-URB-server/name=VPN ANW-URB/emailAddress=argus@oopen.de

1
ANW-URB/openvpn/gw-ckubu/keys/serial Normal file
View File

@ -0,0 +1 @@
03

1
ANW-URB/openvpn/gw-ckubu/keys/serial.old Normal file
View File

@ -0,0 +1 @@
02

142
ANW-URB/openvpn/gw-ckubu/keys/server.crt Normal file
View File

@ -0,0 +1,142 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-ANW-URB/name=VPN ANW-URB/emailAddress=argus@oopen.de
Validity
Not Before: Jul 1 12:08:00 2018 GMT
Not After : Jul 1 12:08:00 2038 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-ANW-URB-server/name=VPN ANW-URB/emailAddress=argus@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:dc:d8:37:7c:82:5d:f7:52:61:1a:64:5e:4e:4c:
66:8f:81:4a:70:de:4f:ed:ab:7e:8c:dc:aa:6d:77:
2d:53:b6:7e:80:e7:54:e0:98:81:cf:f2:e7:bf:2c:
62:5e:31:54:aa:e5:ce:8f:b3:86:31:22:6c:0e:bd:
bd:c6:df:a8:1e:90:4c:aa:6b:af:85:85:e8:37:db:
13:fa:83:40:7f:5d:2f:d5:4b:35:8b:36:7e:ae:50:
a5:b1:7d:dc:d2:db:d1:20:5a:7b:ec:fb:b9:04:54:
d5:b9:13:7a:cd:50:7b:f8:68:f2:03:4b:34:92:5d:
65:dc:99:2b:03:f0:93:a7:5b:df:5b:be:f1:c8:c7:
d0:03:c3:fa:f5:27:3e:1d:87:9c:af:22:3a:c5:12:
f1:7e:52:ed:73:db:a7:a3:01:e4:ab:7b:34:a4:30:
8c:c4:9f:bf:f6:0b:5f:31:eb:15:90:d9:b1:c1:00:
e2:22:50:d8:91:1a:d5:49:fe:bd:1d:48:41:1a:1c:
54:cc:50:88:a3:4d:b4:24:6b:54:d1:e5:f9:6d:88:
a5:cb:8d:1d:29:50:2d:01:8e:41:2a:ce:57:08:c9:
96:4e:27:7a:74:6f:ed:99:cf:c4:e5:f2:9a:d8:1d:
ec:24:f1:2d:8e:48:ec:60:6f:d0:96:fc:dd:87:98:
b2:b6:92:e4:eb:f6:22:9a:ed:63:c2:ba:a7:f2:87:
1d:50:d0:ee:cd:93:47:a6:d3:db:5d:f7:af:58:cc:
13:e8:dd:1b:73:20:1c:66:b8:ca:91:fb:96:80:7d:
93:fd:e9:80:2a:9b:17:41:24:6b:ea:fa:65:5f:17:
47:99:0a:c2:93:67:e9:11:6c:fb:84:b7:f2:4a:15:
46:19:13:d3:6f:94:93:06:57:b6:44:77:8f:c1:0e:
38:6f:1a:98:15:87:f6:91:c8:ac:38:f6:78:44:dd:
8f:e2:6e:da:72:0e:81:61:d3:cd:61:cd:fa:3c:9c:
6f:0c:fa:cd:91:5b:b2:98:65:cd:ed:19:34:d7:2f:
53:fa:a4:c2:4c:bb:39:2d:b7:fc:db:0d:b7:a9:38:
2c:15:ff:24:78:e1:66:d4:4b:22:95:87:da:6d:1e:
81:73:93:45:13:5e:7a:b1:a6:3c:a2:41:96:e2:ec:
bb:5d:1e:d2:33:8f:1e:05:7f:a9:ef:b0:59:45:d2:
9d:06:fc:ba:84:24:3a:0c:8c:a2:fd:d9:8a:91:21:
a4:47:c3:a9:ca:07:7a:9d:4c:67:f0:de:29:9b:2c:
4f:4b:fc:d6:91:78:44:52:41:a8:9d:4c:c1:15:90:
93:2c:1b:91:28:7c:4e:3d:f6:a8:3a:e0:fc:05:de:
a3:ec:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Server
Netscape Comment:
Easy-RSA Generated Server Certificate
X509v3 Subject Key Identifier:
8D:6F:B4:C0:CA:39:8E:D1:BC:31:63:A4:32:BB:B0:C8:66:6C:7E:A3
X509v3 Authority Key Identifier:
keyid:83:CE:05:AA:76:4D:6F:F5:F6:53:D5:90:06:B8:99:9A:9A:CA:BF:CA
DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-ANW-URB/name=VPN ANW-URB/emailAddress=argus@oopen.de
serial:BA:7F:28:9D:63:2F:B7:DE
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Subject Alternative Name:
DNS:server
Signature Algorithm: sha256WithRSAEncryption
14:4f:8a:df:e6:49:a2:f4:59:cd:15:11:38:ee:de:80:07:0f:
52:87:d2:46:af:32:87:83:17:8e:e7:98:fb:f2:75:8d:85:32:
92:2d:df:41:eb:f9:74:7f:46:64:d2:1b:3b:60:2b:4c:c9:f3:
8a:50:91:04:ef:dc:aa:fd:03:ed:7b:9e:d8:d8:b5:df:ce:22:
d3:93:ea:92:50:d2:89:e2:a8:41:d9:19:13:d7:ab:3e:57:22:
54:73:cb:b4:03:30:be:c8:ea:fb:2f:96:30:74:29:d1:c1:4e:
9f:f6:c4:42:cd:67:b0:12:15:99:0b:58:d5:9c:0b:a0:65:6d:
44:b9:65:a4:f3:fd:d8:87:dd:f9:da:1c:0b:3d:96:1c:d1:29:
68:30:73:89:83:b8:3d:f5:f9:51:3c:c6:32:17:3a:c7:f8:1f:
81:09:9e:cd:87:27:3d:f6:62:57:0d:75:62:60:65:34:13:5d:
09:19:be:f5:57:23:c7:be:6b:0c:b5:67:a0:ec:8d:c1:0d:9c:
1f:e2:78:58:83:f8:30:a4:3e:72:e7:31:62:0e:d0:da:84:ce:
95:6c:1e:69:62:ee:c8:b0:61:55:1c:15:5e:69:7c:5c:c4:95:
91:28:7a:63:66:65:66:8f:0c:4e:cd:38:aa:94:11:d0:a0:cf:
2a:d5:fb:e1:3a:6b:b9:6c:13:cd:b9:e0:2e:8b:cd:c7:06:cf:
12:17:32:0e:ae:50:cf:7f:04:df:8f:c9:bb:eb:5f:72:b7:63:
ec:31:e8:1a:a2:94:93:43:64:17:69:ab:26:61:1d:fd:85:e3:
c1:60:ed:c2:9d:f6:04:11:a5:ff:77:e0:d3:ef:75:90:99:36:
ab:62:59:fd:75:df:95:be:c7:1a:e0:eb:92:07:f9:a7:6b:a3:
3c:30:14:99:60:e3:04:3c:ba:45:91:fd:bf:1d:6a:d8:26:61:
eb:8d:76:7e:74:7c:d5:a3:50:0a:ab:cf:c8:f1:85:65:e4:6c:
10:11:91:f8:68:54:05:37:11:9e:ee:1c:5d:60:f7:b3:40:cf:
9c:c1:f4:3a:26:6c:d2:72:19:20:3c:da:27:9d:17:dd:75:f1:
b8:b3:9e:bc:92:4f:18:26:ad:38:a6:27:2a:92:b1:8e:23:96:
ff:0b:b1:96:ed:40:b6:da:3c:52:49:09:07:1d:6d:ed:02:78:
fd:55:95:db:8c:6c:85:2b:5d:4b:56:0f:ea:49:6d:2d:10:c7:
df:a8:3f:dd:b5:c5:be:ba:69:b0:a5:b0:c7:06:71:be:af:33:
c3:4e:71:aa:ce:1b:51:2f:dd:bc:c7:a0:8e:92:b1:ff:3b:cf:
a7:62:fd:35:c6:01:64:66
-----BEGIN CERTIFICATE-----
MIIHXDCCBUSgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1BTlct
VVJCMRQwEgYDVQQpEwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
b29wZW4uZGUwHhcNMTgwNzAxMTIwODAwWhcNMzgwNzAxMTIwODAwWjCBrTELMAkG
A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGzAZBgNVBAMT
ElZQTi1BTlctVVJCLXNlcnZlcjEUMBIGA1UEKRMLVlBOIEFOVy1VUkIxHTAbBgkq
hkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
MIICCgKCAgEA3Ng3fIJd91JhGmReTkxmj4FKcN5P7at+jNyqbXctU7Z+gOdU4JiB
z/LnvyxiXjFUquXOj7OGMSJsDr29xt+oHpBMqmuvhYXoN9sT+oNAf10v1Us1izZ+
rlClsX3c0tvRIFp77Pu5BFTVuRN6zVB7+GjyA0s0kl1l3JkrA/CTp1vfW77xyMfQ
A8P69Sc+HYecryI6xRLxflLtc9unowHkq3s0pDCMxJ+/9gtfMesVkNmxwQDiIlDY
kRrVSf69HUhBGhxUzFCIo020JGtU0eX5bYily40dKVAtAY5BKs5XCMmWTid6dG/t
mc/E5fKa2B3sJPEtjkjsYG/Qlvzdh5iytpLk6/Yimu1jwrqn8ocdUNDuzZNHptPb
XfevWMwT6N0bcyAcZrjKkfuWgH2T/emAKpsXQSRr6vplXxdHmQrCk2fpEWz7hLfy
ShVGGRPTb5STBle2RHePwQ44bxqYFYf2kcisOPZ4RN2P4m7acg6BYdPNYc36PJxv
DPrNkVuymGXN7Rk01y9T+qTCTLs5Lbf82w23qTgsFf8keOFm1EsilYfabR6Bc5NF
E156saY8okGW4uy7XR7SM48eBX+p77BZRdKdBvy6hCQ6DIyi/dmKkSGkR8Opygd6
nUxn8N4pmyxPS/zWkXhEUkGonUzBFZCTLBuRKHxOPfaoOuD8Bd6j7FECAwEAAaOC
AYowggGGMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMDQGCWCGSAGG+EIB
DQQnFiVFYXN5LVJTQSBHZW5lcmF0ZWQgU2VydmVyIENlcnRpZmljYXRlMB0GA1Ud
DgQWBBSNb7TAyjmO0bwxY6Qyu7DIZmx+ozCB2wYDVR0jBIHTMIHQgBSDzgWqdk1v
9fZT1ZAGuJmamsq/yqGBrKSBqTCBpjELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJl
cmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsT
EE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC1ZQTi1BTlctVVJCMRQwEgYDVQQp
EwtWUE4gQU5XLVVSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQC6
fyidYy+33jATBgNVHSUEDDAKBggrBgEFBQcDATALBgNVHQ8EBAMCBaAwEQYDVR0R
BAowCIIGc2VydmVyMA0GCSqGSIb3DQEBCwUAA4ICAQAUT4rf5kmi9FnNFRE47t6A
Bw9Sh9JGrzKHgxeO55j78nWNhTKSLd9B6/l0f0Zk0hs7YCtMyfOKUJEE79yq/QPt
e57Y2LXfziLTk+qSUNKJ4qhB2RkT16s+VyJUc8u0AzC+yOr7L5YwdCnRwU6f9sRC
zWewEhWZC1jVnAugZW1EuWWk8/3Yh9352hwLPZYc0SloMHOJg7g99flRPMYyFzrH
+B+BCZ7Nhyc99mJXDXViYGU0E10JGb71VyPHvmsMtWeg7I3BDZwf4nhYg/gwpD5y
5zFiDtDahM6VbB5pYu7IsGFVHBVeaXxcxJWRKHpjZmVmjwxOzTiqlBHQoM8q1fvh
Omu5bBPNueAui83HBs8SFzIOrlDPfwTfj8m7619yt2PsMegaopSTQ2QXaasmYR39
hePBYO3CnfYEEaX/d+DT73WQmTarYln9dd+Vvsca4OuSB/mna6M8MBSZYOMEPLpF
kf2/HWrYJmHrjXZ+dHzVo1AKq8/I8YVl5GwQEZH4aFQFNxGe7hxdYPezQM+cwfQ6
JmzSchkgPNonnRfddfG4s568kk8YJq04picqkrGOI5b/C7GW7UC22jxSSQkHHW3t
Anj9VZXbjGyFK11LVg/qSW0tEMffqD/dtcW+ummwpbDHBnG+rzPDTnGqzhtRL928
x6COkrH/O8+nYv01xgFkZg==
-----END CERTIFICATE-----

29
ANW-URB/openvpn/gw-ckubu/keys/server.csr Normal file
View File

@ -0,0 +1,29 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIE8zCCAtsCAQAwga0xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3Jr
IFNlcnZpY2VzMRswGQYDVQQDExJWUE4tQU5XLVVSQi1zZXJ2ZXIxFDASBgNVBCkT
C1ZQTiBBTlctVVJCMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCCAiIw
DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANzYN3yCXfdSYRpkXk5MZo+BSnDe
T+2rfozcqm13LVO2foDnVOCYgc/y578sYl4xVKrlzo+zhjEibA69vcbfqB6QTKpr
r4WF6DfbE/qDQH9dL9VLNYs2fq5QpbF93NLb0SBae+z7uQRU1bkTes1Qe/ho8gNL
NJJdZdyZKwPwk6db31u+8cjH0APD+vUnPh2HnK8iOsUS8X5S7XPbp6MB5Kt7NKQw
jMSfv/YLXzHrFZDZscEA4iJQ2JEa1Un+vR1IQRocVMxQiKNNtCRrVNHl+W2IpcuN
HSlQLQGOQSrOVwjJlk4nenRv7ZnPxOXymtgd7CTxLY5I7GBv0Jb83YeYsraS5Ov2
IprtY8K6p/KHHVDQ7s2TR6bT2133r1jME+jdG3MgHGa4ypH7loB9k/3pgCqbF0Ek
a+r6ZV8XR5kKwpNn6RFs+4S38koVRhkT02+UkwZXtkR3j8EOOG8amBWH9pHIrDj2
eETdj+Ju2nIOgWHTzWHN+jycbwz6zZFbsphlze0ZNNcvU/qkwky7OS23/NsNt6k4
LBX/JHjhZtRLIpWH2m0egXOTRRNeerGmPKJBluLsu10e0jOPHgV/qe+wWUXSnQb8
uoQkOgyMov3ZipEhpEfDqcoHep1MZ/DeKZssT0v81pF4RFJBqJ1MwRWQkywbkSh8
Tj32qDrg/AXeo+xRAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAgEAgGxSsGFaKEbn
6p6vY7xAmnKrYMaMrEEdG2FrDzXUKhgKLEnNPT+5wk2/txxeLqSbVqKe+ig0cxTo
kcJuylqD8l+QUVb1pt0nYtUmhLTqpZa2VRAnsayZ0FDdxv/s9NeOY0faC27YBMJs
JTUb5J/YgbE72JdIMU4ZcUcNgLXkT4H6zhx6gMM8WKBdxtsoKg9+VG7eIB1lKQP1
AfkSd5KCzBG8XrvInCPvjc7e9BW7sDMmkNwe8a9vO2trJxWxvfdhhREYXwKY/fI/
heHZhO1PGfklrJvlX4Zdf5V1beiEjXKc3lammL5UN07mYPEDDXY5R5kxL55kD4Mp
fVGc14rZZ//PPeClGKW9tiCOs3XQshHobJMJhMoxr0qghbh3hoW9LgM9EhIVL/xm
D/Od19jVid9gX8lFtWgFFYHuOp19Ch/l96Q3NmsYDEXYAVn3OMrwudKdKbFynj/t
DvJTm53DzKcyde4t8n9UWUVRpawg6NzK7TvmaoiN2ix+prWVSJNxqid02HLK3eA7
FM65Kl9mHxMBhn4lvP0qsuFAop/BfgF53NoyzJ2XKtIRkt8+TfwdGc2R8x949UPR
80r44MuR/z4AqJL5cO+rQoWSxWuxJHjlaQhvuhJCclUiR9js5GZWkCQI1hwkO9uf
9dYzlA1J+jkyLAiKjGTgU4H6SslFMHg=
-----END CERTIFICATE REQUEST-----

Some files were not shown because too many files have changed in this diff Show More