o.open/Office_Networks
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Christoph
2018-05-08 03:01:03 +02:00
commit 1c4c595cd6
3256 changed files with 417972 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
SPR-BE/openvpn/gw-ckubu/ccd/server-gw-ckubu/VPN-SPR-gw-ckubu
+7
View File
@@ -0,0 +1,7 @@
ifconfig-push 10.1.92.2 255.255.255.0
push "route 192.168.92.0 255.255.255.0 10.1.92.1"
push "route 192.168.93.0 255.255.255.0 10.1.92.1"
push "route 192.168.150.0 255.255.255.0 10.1.92.1"
push "route 172.16.92.0 255.255.255.0 10.1.92.1"
iroute 192.168.63.0 255.255.255.0
iroute 192.168.64.0 255.255.255.0
SPR-BE/openvpn/gw-ckubu/client-configs/gw-ckubu.conf
+270
View File
@@ -0,0 +1,270 @@
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote gw-spr.oopen.de 1195
topology subnet
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Try to preserve some state across restarts.
persist-key
persist-tun
# Server CA
<ca>
-----BEGIN CERTIFICATE-----
MIIGzDCCBLSgAwIBAgIJAMzhic2M9z96MA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMH
VlBOLVNQUjEQMA4GA1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
b29wZW4uZGUwIBcNMTgwMzE4MTM1NDAzWhgPMjA1MDAzMTgxMzU0MDNaMIGeMQsw
CQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzAN
BgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UE
AxMHVlBOLVNQUjEQMA4GA1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3DQEJARYOYXJn
dXNAb29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDU3Y3K
UW+th51pqc+MttFyQNVQ+TwGUFptpoES5KIDqXifbqQfTLNUch1us+C0e6qt6B/t
ZSotqwAqBgA9bT4ws02sMP2U7U0+sn+rxvb9H/6Q0H4KixfsyTTxqrstEphEE2aF
eC9L3Z4QlJuafsuUWIxT9LW1KnaPV5CIDz/cJZIO/Xc7/TRyiO0ylgf6+br2zAFH
Rm8Tnr1TDUm2ftB0ukG2wsmGhd/+lXPBrXWwC83NBYjFi0o9OZZmAUekyNWUTHQY
UJ1fLJAPLdpoVuxbV0BK6HQdpRvj4KyMBt/kEcGMXSLuAr1/848wI1EI8AuFyaZV
RQdnS6yHxZ4+Mi8YSdXEj+nb/SwBGxz9kmmVUQCTlPm/B4Y5I+3ivS9PxihpSwHo
zJkr8tr+xwfnFXSXB3wPdYu9rD8KmY3/uDYy9iWLg0/xW6keL4luDCVNjltMjc0x
03MOpv9cjN2eBwGyU2dHyyfDPSqSsQi9FZeWmgCzwJ0rL4WywDRc5paXbaWtzdqQ
98gVox7lFbmQIE5VoFc4VTKEIY9D/cLdmZpWzPHOn3vPEc5eAFKb5qZv2IlN420Q
CSCFJAb5orrIj9ALAIvFXfvTv5o7G+ZEvk4eMP39nK1ZXc6/cL7/IapPfy3/vUs0
tEph6pRHP39bcH9pxVAA7WkTS5ZEUshA7NrUEwIDAQABo4IBBzCCAQMwHQYDVR0O
BBYEFHHdskSE3v+RJciX4ZEOWD5SJZ+qMIHTBgNVHSMEgcswgciAFHHdskSE3v+R
JciX4ZEOWD5SJZ+qoYGkpIGhMIGeMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVy
bGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQ
TmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLVNQUjEQMA4GA1UEKRMHVlBO
IFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDM4YnNjPc/ejAM
BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQB1cA8o2Fo78xQ8jRdyfbvK
GFH8+SMoOh/8qxj9prk0kLYAro5QnzEBmftHhf3sXevEAUWpr77VL1FxhTXgKUp2
S06S/meC24M/KclxM+W/7AuG9yrJuW122l61OuWUcDWA24oj0KG896Mbw13ieeWS
7XmC1YU5Lix3wiWnjD7QZ+E4dg09z722+zwUi1UwRekzJZmB8pTHHmbX4Yig/K27
STnxQEiVZzlzcvjY6QvC3Sj/aA3YCSNl0bsSwH6GwXXJZ3BEKmm6w+ZRQMTz7+72
q0ybGf43XH4sj2OBm1YvCD8LehygPy2uJYlDxG8zRq2kxYxiWLbncs1x9Acusd7l
Te+k8YArRTqsWLN5Q47sGO4H1clz4ay80TTuz4Vc6JQ3banHDmMFV2nMsR2YtKX6
lKD3lXvMU04ZvZe2SolP1uTto3Jw3cNarigj/nHjn5s16uvy6Q3x4TyVUqyAOqrG
cuGrbYAEqtVnMrrovGZTj73HSwAx2PD+3jJKZH+suwBIijNL90wbkNlsNHlNcQeQ
zQAlYRBdCYWFU+7d86kUWYYrActGZc2MJmBZzZ/Tt7YoOIw6NMnWcpMMTUV+zToP
WWrD5OMDc7EX9BmMg7uif46UF6ol2puGXpQIF/yVRbFk1IiPwhc1ZyCuh+1ugh5+
CZSTeKgLDVjfXlqH1ErAvQ==
-----END CERTIFICATE-----
</ca>
# Client Certificate
<cert>
-----BEGIN CERTIFICATE-----
MIIHLjCCBRagAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1TUFIx
EDAOBgNVBCkTB1ZQTiBTUFIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRl
MB4XDTE4MDMxODIyMTMwNloXDTM4MDMxODIyMTMwNlowgacxCzAJBgNVBAYTAkRF
MQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5v
cGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRkwFwYDVQQDExBWUE4tU1BS
LWd3LWNrdWJ1MRAwDgYDVQQpEwdWUE4gU1BSMR0wGwYJKoZIhvcNAQkBFg5hcmd1
c0Bvb3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANmowNDa
f1Pz+ACS/w8DzUiRIu7i6yfteeWBnVTh4pF0wmmbIV6sq7nFXHefINYYju/szU5D
jqm1750YUPKVmJi7c+CNKkQt2kNa80qPENaZ50TuQAWjHgIgVC1IPpkjk/+2dIk4
rVKPwC0B2qolvH8lj1VXgt6ieRU6CwLCuB5JtvKbOEz0wCS2sCKPscz0R+/9jf+9
DAB6Cr1t4MkawJ7h3mn17N3tmfDUqyGr3hf8nvJgMFBTJsRLKcgdNEfDUGYT1cJ5
8rqNlBjssx24T2Kv/V72tvgv0Y88jDQLJIAO/swqWcYaqKHQAvvmg3zYfri10V9M
sExKswfEvGLgly+3EkMhPuEU9Jqi+c5m4awKGx6Ww0YgJJkhgHw+D8/7/EjiaXM2
sVwSWijStYRmf/LmYlS2Ts38MHAC0WjTd2j8iOB1a4djDv2jGSv0iq3zpv63I0FC
DqVqTWhzJGkMsUowk4AyWrnKNsMfC4ZHG2c8DThAAuKW/OOu+hamGAkUuNC6SYMh
GZus/VoPJudF5vp+5AkthAo/N5wPxIm/nWJXV8Nr9Cd24TIb7TeX6ESWCkZMs/O3
1BWxJZ93n5Pv6uEPlBp1bh5oj69F2vVm9kal8YmpO8jkuwzuwJgs7f300aiG+JJF
+Pz68w/5B170pguuybyq8UQNJJhYMyo9L9nBAgMBAAGjggFqMIIBZjAJBgNVHRME
AjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNh
dGUwHQYDVR0OBBYEFBNSxrpHA9HfrvuHjvuKZnTXkdN2MIHTBgNVHSMEgcswgciA
FHHdskSE3v+RJciX4ZEOWD5SJZ+qoYGkpIGhMIGeMQswCQYDVQQGEwJERTEPMA0G
A1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZ
MBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLVNQUjEQMA4G
A1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDM
4YnNjPc/ejATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEwYDVR0R
BAwwCoIIZ3ctY2t1YnUwDQYJKoZIhvcNAQELBQADggIBAEDGKiwnx2nlVB4VpK+H
4fE6KYLjqGCpZLliRxXD2V/zLwXt63hYGMPUxUmqq+nnQAIzbReOf4/3avwuaoMc
h8PGmbTdoZic5Qxu0FwN7f24eemYuEtC8R6jrLVHffuCmNX+n94T9Fw8dh5Z4BY9
W3JHr62y5CkRE03VTWgiu4nRluknwyJFYFcj8p8h6kt9qIoSpcaOTfyrhUUgxu4n
jECCw7ZjZbLvaWq4k5Sea9zBL/5p9phJVvgmZBfioMXKbYrg9MUunWxMDJ2+DRdL
vV7wWwByHrMhfbZ71KPAeJF8MsXR6WHaHTzckqOh0l8O5BPzU07IJxhKh2HI2joa
ZfEf5df99ARtH7yUi9qb2/OgqUe2uF/Z6MDUuuipoK95PACf8yvGGEprzqAEusoS
kvXJAkTHBajNPZf3M909Wqy0C8rRVC06+y9AT1Toba3yTb2wUEOFQ4vwJK+Iwi3d
16za6vzZArEgpij2me5RVblwVoSDlqbTTKN/obTOm3Vr2tBX1NCdVaQuwwWTcAmj
zuMd+bluEOOnlBfATuLdnRdgZAA0LbtQAxOcpdUsxR6KxyXFqlo7wPefx7GJKeTa
At0U50Jw76gTAwxTgdgyBuol998pZheyuFavjH9KmWY/q1N+WyOtPgF30VjbpDNf
GXH8zFh56LyFtBxdpjuVSUEj
-----END CERTIFICATE-----
</cert>
# Client Key
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIJpDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIsMy/MytYtzsCAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECM8bcaVcNffeBIIJUNOSqKmf153a
NBjm25drvNrgo+bEd2kxywgcjqIyl/csUjkbx3WWANZZAdRIFgtM2mN6xiGPAzpB
AMU+0FhbMeSC4aaoE6kbu0QREcHxgLemoA1+3c/VMfzTXJQ5xtr84pyBfj7lwYTh
uOC8k5WYV0VCWWwj39TAAfF/eqIzfuN4L2ybSgQyHHyWQPvCgfEPMZi5lBcPtZT5
OQgS30tFTgNOmz+wTex6uOJi0Qqo6MvH3rWv5rRwO17FZU6v+SLXcopvZfrO4WLN
AMHzjIvvfwmO+7/ypLnVdBYCd+CpvBUwcEbPVqrddWhNgidlOkoQzVnK34wexRvm
eDjmm8JbTHFQP8+DMEAODlMPNxMD1vCC/vM7bKMjCNYGjRwrxtL9Z8drp1wgzULJ
8AY3J72+lL1yMQNoch0Niuda3RDBs68FeVvGaFmGCPlzDdfTlex0Pi+BFeuTao0Q
7Y9zfcjyv+p4HxMg6YoIIQYOEogWO58GF1UL0zOJD81j4ihkT7HTWtOskw5E6Kfq
WEWyW5Oe4xR0PZpHNrYVURNg6kIxEBwRFfskFofGac36tKJ2fJseESkuqvXLenNt
Y0Epi/AxwEZa0E+G2ewNPNoBAIvRlOx0CBWWQKeCVaOgsOD0zyqYPsCGFWDl+2d5
i8afGhTw/8oqhwNwr25tWhW1xKbMEGchycywGGQloGvquv7kchJb6lDADZtF1++v
4wgRwtiBYOvkqXSLOpFiZinvmUMmqXD7PqG9yWF7XlnRV8JJ61RP2cuKCTXXCGfI
dtzLnet/4lUV7S0Wd3g1US2iPz6LJ+ngOBQEbAqFvInBiZFyduPwQJo0yswDyJYd
WNhmHumuFSSCdnAF6qVjuKhsNhftY5w+xww6RhAqst1idoVqYSt1LLODwKVQfIPs
uctF108LBYPBGf5tEC5Z1KRpDQO41q3F91eTZTVEH8Su1pW7IbMGt8XTUVRJESbQ
SYH5ELMdd+tb1ccD2fZZV3R6V7vI7ejAzOWdmjqaITtPGsFcMevc36YmJ18OQVBe
mTZJjdx28sGrsoqCSvgc7ii0DFLWZrRs4WRrgoxQq/G0zKLuuGXhlEgVw9QhIfeo
fMj1ebR0oElSimcqwPJYI/DDfhYZUA5Mx2Ewnfs1NS+CGoo+UcDKNHQRR3uEmP7T
1Mhg+MQ3b6ssZ8uZQut1E6bALf9ipH5xkN6rgniJsBL3lzvkN+/5XiE5qz16bmkN
gpF1+8G0/pjDi7a0Fw602ffdD1XAfcV6SMobDgTyMmjybgZHzf6cFy9gKrRa6WV0
do4Oc+uv0Nmj6wrAYO4s/nuJnpeTY0wbuHJgcYnTmUX15kIw+bPJ2UIGjyS8QpkF
evX8XeN48U9mknoQv1OfC6+kE6jgqQiDzigy9nSHFc4kIQWsihO6NKDEia11RWCn
QN3t8sHDNZdFY3dy7nnQRIhFNEy6InjLnUbfhuzgZVaVoaqULH8EmoE78z25zi0H
Xt6P+hkW8zZthYHsucVvyiNqZmIb50MK/5VHuORXsepWD9hX/rEyFxsv71AyBl9x
TSHjk4cgBqVh3uRH8NxNNvWnx7Th03Zk4/2dzNUc5taj3WX2jCH1vaKBMI1BBHJD
QWNIrwCExUOIAbYJLGkyihnTv4PCRlZrYQtMyx0laxYRdWR6lsIk83jcMWkWfhPf
YbYd/XIIR+hOFrUIM28Y2TTPHpJhbuORP7z18o2heUV0ZD3LdMi27/JtsSZHlbOu
nqdP9reWG8Kx6mjEdSFe5hTD0VmZ3Yks1jGp3QBcxQivAbLoXsP5VOMOPr7zXmb1
m9uWqtC+/1L6lAg5iH0YNyvrmRL02uzMiEXBQQDx0CYqcWJY+hwaXU6MnSyUMH7F
H7wAW2cqq1XCBVFWUIPI6P63LUlgewzmseaAGgD7tfbGSsx7BwseMXUwtdOYt+Rp
H8/3QeLLAfgD2Kl7Mv8F8l+KsBRNpaSJVYCqYH5ogzjRiuwDwsOmRdHKRh+r825g
fAJsI3grgZOd7poDQSisRZKOAF/ytTclreostJGfwLEE7IpUA/R7yLPCTI/mdPwT
4zRZ2N0fovkApA6hvhIpnhaA5XXuY7gmN8E0tgokZ7NsiL0JgFUFevEwzvZhlCJI
7edh2kPl379+bT1lgy37Z0V8ntU0S3I/g+6RsepDuWtCGsW434Z+iAAv7aKPJz0H
UqNHS4vElG8tQKBkO+qWRdC19hmM5itQoy/nD935hyZgRBZKFTmO3kNPPyvHVTdJ
hYTN/WAuXAMrP5HvkMv4AXZLQSk/YJCcJsPN5p8Kd40oEuwMumI8HCwXlSnpHnro
prdZrrCCUQ2232zCw5qQ4KZl7i5LB8AkLmNXtMUscHf6Nge3GSTILFaKoFYrDPF5
P6u21fO1R2HcA+b7xKzK6ecpPZA25ggxPMqvRwCnT/gueVSXjOIhd3f2pEs3yVWM
W0HenWuiWcbryuzcPAJytianU1KqtrEYhqFTxcdJAYa4xvFbCtGrmVuJ8NRomSg3
BdL8lOfdYxE5R8VYfVxw2jcLiK4o2Bqjt17kHTzzP95E8Eybkzgo5vycmMedOBsn
rBOUJXYFSo6hONNiMR1vlIxNi2Tdo9w5wKHUerVdXhVSLgvC7SeJeArN6+To+MVR
n73jBAA48VcA8d5miDNnfwEDguP/Fg3+vo9VAWccR3lq9tHT1GkNyz0gyYLxmwoV
2w+QkNYM2SzbrsDJ0GEN7s8gEkeQHuwcXHsdyJnLJQJsTrZaaHDd65BMXseE9dwu
Lgf0zuiq2DCDTJEvabd9siS7wDOxJAKzd3atP1O4ylnzSHgvi7DNQJ8Xeu8FF43L
Sn6KmWhdtfIhL3uNAvI2/6434qWKU4WE5Ro/TjI4uMxmfkTTQPmffJTGnH9nYJjJ
aURTTNSKQGbeyBS9KEUjSyQAAXBaDka4zP93eOi66aeUNaMcod1aKLo9r1LpjVqe
3qLBy7cCP56qaMTJChhwhYWtwyu5AqX2fk4LRAOrm7olFNlbJ/QMYEahztZzFuiO
hCCGNebRqk7IYmXnvoA1gJ7VJEov1QYeLX9xnZqF+qwHzs29pNZwADtvBlWn+MT4
yCy2JxLwIwfVuMsJWRzvHcpeOzmgtDIgUkqGzpjPB5bdtbr7GFbFkpms29DmGLtT
Ujfylfy4W1TZtS1ryCsskAiOrTpXH0G7
-----END ENCRYPTED PRIVATE KEY-----
</key>
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-server
# script in the easy-rsa folder will do this.
#
# Note!
# The option "ns-cert-type" has been deprecated since
# version 2.4 and will be removed from later distributions.
#
# Use the modern equivalent "remote-cert-tls"
#
;ns-cert-type server
remote-cert-tls server
# If a tls-auth key is used on the server
# then every client must also have the key.
#
# Don't forget to set the 'key-direction' Parameter if using
# Inline Key. Usualy , sever has key direction '0', while client
# has ke direction '1'.
#
key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
50c09d4cd2d32cbfadcc9ebff8e624d2
f7a5730ff6b708aad8a6bb14b3a7619d
e32764bbe875f11ce46213a35500cc2c
fd0b6bf2e7b8cc2392a478ad7f4e7c7a
3fbe2e50a781ea9a4fd83cfaf64725db
98b4740b145e2d948b3b09975866c03b
a268f82e767fa2517b469ec3e563d321
8156f8f192f75bf8385697aeed6b9f33
fd74e02426437c42dc7a85afd828012a
911e7d8e837249d33a4209dbd0a2c017
c0ee31207a0e5ba05e736fa1c9af1cbb
0b39dab31939eb37df367d1eccf61ff3
28135f42ba70344179186cdd0cac5058
9cb4bac7dd08436d1efbd452b72416e8
59bc9118c2c6aba6107faca0604d947f
ff8569318b234e4ddbb68189b1504969
-----END OpenVPN Static key V1-----
</tls-auth>
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
cipher AES-256-CBC
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
;comp-lzo
# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 1
# Setting 'pull' on the client takes care to get the 'push' durectives
# from the server
pull
SPR-BE/openvpn/gw-ckubu/crl.pem
+18
View File
@@ -0,0 +1,18 @@
-----BEGIN X509 CRL-----
MIIC5zCB0DANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCREUxDzANBgNVBAgT
BkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNV
BAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1TUFIxEDAOBgNVBCkT
B1ZQTiBTUFIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlFw0xODAzMTgx
NTU5NTZaGA8yMDUwMDMxODE1NTk1NlowDQYJKoZIhvcNAQELBQADggIBAHiAKVWa
aJxRcohJGD6hfhXEOhBqV1GxWWuoEP1ONgdgsXTEfEDdK+lTS4P0PNyxEkbFS8OH
TuRfg5OhmONezKAi6C3rGZHeM/jYwlCaoD1mNABgwkBKiU7BeXfdho1j3dhjgZ6f
IYVEcWFM+0UDJsnZHeA6zkpjRTL1AlB0I+mYg5f8fb85SVoxNIk3C8Hh22X19wVd
MHYb4/F/k6AAcetLwuptdgS7nsWQama8BkJ1d9nBLV+aKdx39ZSOWKy4TuExicN3
B41kh1qOqOnTYGkKjLLxn8AGdk4cqvZprraO6UEL4xV7WWRk3n6eaWsp0WLUnpTq
5y3QhdSwne/nT/WAsUVE0qoKz/0LIHwL3YyEFNPpfdKn+0ulp1loqlPfZiGDEZ9s
qs1lPAb8hSj8Gtoh6Ehb9rjH3ia78EVhzG/Npnzcq8IkJW9U9KjvJkjLUYQB0cE9
gAKjMtJ1XWf1G/H6jYHSt85FM/fq8gnQX/yBVJzXlVdYWL4giS1K3kATJ9OjH3TL
xyB0Evi15vG4a5HlbNT6g/a6GvEEfS6ANaBC82uRFK1AjELRCiKvjnOT5AndB/uV
Q/tgplEqJJX2CQrH+BRUe0PWtOl0UYC84fGNr1lySHeWaI3Z3UUYeBIgJ+Y3d7/4
5u5CE+zRVhxqCD1bxxZdJq8F8zQe4fOlWR3L
-----END X509 CRL-----
SPR-BE/openvpn/gw-ckubu/easy-rsa/build-ca
Symlink
+1
View File
@@ -0,0 +1 @@
/usr/share/easy-rsa/build-ca
SPR-BE/openvpn/gw-ckubu/easy-rsa/build-dh
Symlink
+1
View File
@@ -0,0 +1 @@
/usr/share/easy-rsa/build-dh
SPR-BE/openvpn/gw-ckubu/easy-rsa/build-inter
Symlink
+1
View File
@@ -0,0 +1 @@
/usr/share/easy-rsa/build-inter
SPR-BE/openvpn/gw-ckubu/easy-rsa/build-key
Symlink
+1
View File
@@ -0,0 +1 @@
/usr/share/easy-rsa/build-key
SPR-BE/openvpn/gw-ckubu/easy-rsa/build-key-pass
Symlink
+1
View File
@@ -0,0 +1 @@
/usr/share/easy-rsa/build-key-pass
SPR-BE/openvpn/gw-ckubu/easy-rsa/build-key-pkcs12
Symlink
+1
View File
@@ -0,0 +1 @@
/usr/share/easy-rsa/build-key-pkcs12
SPR-BE/openvpn/gw-ckubu/easy-rsa/build-key-server
Symlink
+1
View File
@@ -0,0 +1 @@
/usr/share/easy-rsa/build-key-server
SPR-BE/openvpn/gw-ckubu/easy-rsa/build-req
Symlink
+1
View File
@@ -0,0 +1 @@
/usr/share/easy-rsa/build-req
SPR-BE/openvpn/gw-ckubu/easy-rsa/build-req-pass
Symlink
+1
View File
@@ -0,0 +1 @@
/usr/share/easy-rsa/build-req-pass
SPR-BE/openvpn/gw-ckubu/easy-rsa/clean-all
Symlink
+1
View File
@@ -0,0 +1 @@
/usr/share/easy-rsa/clean-all
SPR-BE/openvpn/gw-ckubu/easy-rsa/inherit-inter
Symlink
+1
View File
@@ -0,0 +1 @@
/usr/share/easy-rsa/inherit-inter
SPR-BE/openvpn/gw-ckubu/easy-rsa/list-crl
Symlink
+1
View File
@@ -0,0 +1 @@
/usr/share/easy-rsa/list-crl
SPR-BE/openvpn/gw-ckubu/easy-rsa/openssl-0.9.6.cnf
+268
View File
@@ -0,0 +1,268 @@
# For use with easy-rsa version 2.0
#
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = $ENV::KEY_DIR # Where everything is kept
certs = $dir # Where the issued certs are kept
crl_dir = $dir # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir # default place for new certs.
certificate = $dir/ca.crt # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/ca.key # The private key
RANDFILE = $dir/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 3650 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = sha256 # which md to use.
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
####################################################################
[ req ]
default_bits = $ENV::KEY_SIZE
default_keyfile = privkey.pem
default_md = sha256
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString.
# utf8only: only UTF8Strings.
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
# so use this option with caution!
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = $ENV::KEY_COUNTRY
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = $ENV::KEY_PROVINCE
localityName = Locality Name (eg, city)
localityName_default = $ENV::KEY_CITY
0.organizationName = Organization Name (eg, company)
0.organizationName_default = $ENV::KEY_ORG
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
emailAddress = Email Address
emailAddress_default = $ENV::KEY_EMAIL
emailAddress_max = 40
# JY -- added for batch mode
organizationalUnitName_default = $ENV::KEY_OU
commonName_default = $ENV::KEY_CN
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "Easy-RSA Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=clientAuth
keyUsage = digitalSignature
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
subjectAltName=$ENV::KEY_ALTNAMES
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ server ]
# JY ADDED -- Make a cert with nsCertType set to "server"
basicConstraints=CA:FALSE
nsCertType = server
nsComment = "Easy-RSA Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=serverAuth
keyUsage = digitalSignature, keyEncipherment
subjectAltName=$ENV::KEY_ALTNAMES
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always
SPR-BE/openvpn/gw-ckubu/easy-rsa/openssl-0.9.8.cnf
+293
View File
@@ -0,0 +1,293 @@
# For use with easy-rsa version 2.0
#
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
openssl_conf = openssl_init
[ openssl_init ]
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
engines = engine_section
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = $ENV::KEY_DIR # Where everything is kept
certs = $dir # Where the issued certs are kept
crl_dir = $dir # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir # default place for new certs.
certificate = $dir/ca.crt # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/ca.key # The private key
RANDFILE = $dir/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 3650 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = sha256 # which md to use.
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
####################################################################
[ req ]
default_bits = $ENV::KEY_SIZE
default_keyfile = privkey.pem
default_md = sha256
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString.
# utf8only: only UTF8Strings.
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
# so use this option with caution!
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = $ENV::KEY_COUNTRY
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = $ENV::KEY_PROVINCE
localityName = Locality Name (eg, city)
localityName_default = $ENV::KEY_CITY
0.organizationName = Organization Name (eg, company)
0.organizationName_default = $ENV::KEY_ORG
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
name = Name
name_max = 64
emailAddress = Email Address
emailAddress_default = $ENV::KEY_EMAIL
emailAddress_max = 40
# JY -- added for batch mode
organizationalUnitName_default = $ENV::KEY_OU
commonName_default = $ENV::KEY_CN
name_default = $ENV::KEY_NAME
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "Easy-RSA Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=clientAuth
keyUsage = digitalSignature
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
subjectAltName=$ENV::KEY_ALTNAMES
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ server ]
# JY ADDED -- Make a cert with nsCertType set to "server"
basicConstraints=CA:FALSE
nsCertType = server
nsComment = "Easy-RSA Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=serverAuth
keyUsage = digitalSignature, keyEncipherment
subjectAltName=$ENV::KEY_ALTNAMES
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always
[ engine_section ]
#
# If you are using PKCS#11
# Install engine_pkcs11 of opensc (www.opensc.org)
# And uncomment the following
# verify that dynamic_path points to the correct location
#
#pkcs11 = pkcs11_section
[ pkcs11_section ]
engine_id = pkcs11
dynamic_path = /usr/lib/engines/engine_pkcs11.so
MODULE_PATH = $ENV::PKCS11_MODULE_PATH
PIN = $ENV::PKCS11_PIN
init = 0
SPR-BE/openvpn/gw-ckubu/easy-rsa/openssl-1.0.0.cnf
+290
View File
@@ -0,0 +1,290 @@
# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
openssl_conf = openssl_init
[ openssl_init ]
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
engines = engine_section
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = $ENV::KEY_DIR # Where everything is kept
certs = $dir # Where the issued certs are kept
crl_dir = $dir # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir # default place for new certs.
certificate = $dir/ca.crt # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/ca.key # The private key
RANDFILE = $dir/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
#default_days = 3650 # how long to certify for
default_days = 11688
#default_crl_days= 30 # how long before next CRL
default_crl_days = 11688
default_md = sha256 # use public key default MD
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
####################################################################
[ req ]
default_bits = $ENV::KEY_SIZE
default_keyfile = privkey.pem
default_md = sha256
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString (PKIX recommendation after 2004).
# utf8only: only UTF8Strings (PKIX recommendation after 2004).
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = $ENV::KEY_COUNTRY
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = $ENV::KEY_PROVINCE
localityName = Locality Name (eg, city)
localityName_default = $ENV::KEY_CITY
0.organizationName = Organization Name (eg, company)
0.organizationName_default = $ENV::KEY_ORG
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
name = Name
name_max = 64
emailAddress = Email Address
emailAddress_default = $ENV::KEY_EMAIL
emailAddress_max = 40
# JY -- added for batch mode
organizationalUnitName_default = $ENV::KEY_OU
commonName_default = $ENV::KEY_CN
name_default = $ENV::KEY_NAME
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "Easy-RSA Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=clientAuth
keyUsage = digitalSignature
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
subjectAltName=$ENV::KEY_ALTNAMES
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ server ]
# JY ADDED -- Make a cert with nsCertType set to "server"
basicConstraints=CA:FALSE
nsCertType = server
nsComment = "Easy-RSA Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=serverAuth
keyUsage = digitalSignature, keyEncipherment
subjectAltName=$ENV::KEY_ALTNAMES
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always
[ engine_section ]
#
# If you are using PKCS#11
# Install engine_pkcs11 of opensc (www.opensc.org)
# And uncomment the following
# verify that dynamic_path points to the correct location
#
#pkcs11 = pkcs11_section
[ pkcs11_section ]
engine_id = pkcs11
dynamic_path = /usr/lib/engines/engine_pkcs11.so
MODULE_PATH = $ENV::PKCS11_MODULE_PATH
PIN = $ENV::PKCS11_PIN
init = 0
SPR-BE/openvpn/gw-ckubu/easy-rsa/openssl-1.0.0.cnf.ORIG
+288
View File
@@ -0,0 +1,288 @@
# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
openssl_conf = openssl_init
[ openssl_init ]
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
engines = engine_section
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = $ENV::KEY_DIR # Where everything is kept
certs = $dir # Where the issued certs are kept
crl_dir = $dir # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir # default place for new certs.
certificate = $dir/ca.crt # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/ca.key # The private key
RANDFILE = $dir/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 3650 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = sha256 # use public key default MD
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
####################################################################
[ req ]
default_bits = $ENV::KEY_SIZE
default_keyfile = privkey.pem
default_md = sha256
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString (PKIX recommendation after 2004).
# utf8only: only UTF8Strings (PKIX recommendation after 2004).
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = $ENV::KEY_COUNTRY
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = $ENV::KEY_PROVINCE
localityName = Locality Name (eg, city)
localityName_default = $ENV::KEY_CITY
0.organizationName = Organization Name (eg, company)
0.organizationName_default = $ENV::KEY_ORG
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
name = Name
name_max = 64
emailAddress = Email Address
emailAddress_default = $ENV::KEY_EMAIL
emailAddress_max = 40
# JY -- added for batch mode
organizationalUnitName_default = $ENV::KEY_OU
commonName_default = $ENV::KEY_CN
name_default = $ENV::KEY_NAME
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "Easy-RSA Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=clientAuth
keyUsage = digitalSignature
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
subjectAltName=$ENV::KEY_ALTNAMES
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ server ]
# JY ADDED -- Make a cert with nsCertType set to "server"
basicConstraints=CA:FALSE
nsCertType = server
nsComment = "Easy-RSA Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=serverAuth
keyUsage = digitalSignature, keyEncipherment
subjectAltName=$ENV::KEY_ALTNAMES
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always
[ engine_section ]
#
# If you are using PKCS#11
# Install engine_pkcs11 of opensc (www.opensc.org)
# And uncomment the following
# verify that dynamic_path points to the correct location
#
#pkcs11 = pkcs11_section
[ pkcs11_section ]
engine_id = pkcs11
dynamic_path = /usr/lib/engines/engine_pkcs11.so
MODULE_PATH = $ENV::PKCS11_MODULE_PATH
PIN = $ENV::PKCS11_PIN
init = 0
SPR-BE/openvpn/gw-ckubu/easy-rsa/openssl.cnf
Symlink
+1
View File
@@ -0,0 +1 @@
/etc/openvpn/gw-ckubu/easy-rsa/openssl-1.0.0.cnf
SPR-BE/openvpn/gw-ckubu/easy-rsa/pkitool
Symlink
+1
View File
@@ -0,0 +1 @@
/usr/share/easy-rsa/pkitool
SPR-BE/openvpn/gw-ckubu/easy-rsa/revoke-full
Symlink
+1
View File
@@ -0,0 +1 @@
/usr/share/easy-rsa/revoke-full
SPR-BE/openvpn/gw-ckubu/easy-rsa/sign-req
Symlink
+1
View File
@@ -0,0 +1 @@
/usr/share/easy-rsa/sign-req
SPR-BE/openvpn/gw-ckubu/easy-rsa/vars
+96
View File
@@ -0,0 +1,96 @@
# easy-rsa parameter settings
# NOTE: If you installed from an RPM,
# don't edit this file in place in
# /usr/share/openvpn/easy-rsa --
# instead, you should copy the whole
# easy-rsa directory to another location
# (such as /etc/openvpn) so that your
# edits will not be wiped out by a future
# OpenVPN package upgrade.
# This variable should point to
# the top level of the easy-rsa
# tree.
##export EASY_RSA="`pwd`"
export BASE_DIR="/etc/openvpn/gw-ckubu"
export EASY_RSA="$BASE_DIR/easy-rsa"
#
# This variable should point to
# the requested executables
#
export OPENSSL="openssl"
export PKCS11TOOL="pkcs11-tool"
export GREP="grep"
# This variable should point to
# the openssl.cnf file included
# with easy-rsa.
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
# Edit this variable to point to
# your soon-to-be-created key
# directory.
#
# WARNING: clean-all will do
# a rm -rf on this directory
# so make sure you define
# it correctly!
##export KEY_DIR="$EASY_RSA/keys"
export KEY_DIR="$BASE_DIR/keys"
# Issue rm -rf warning
echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
# PKCS11 fixes
export PKCS11_MODULE_PATH="dummy"
export PKCS11_PIN="dummy"
# Increase this to 2048 if you
# are paranoid. This will slow
# down TLS negotiation performance
# as well as the one-time DH parms
# generation process.
##export KEY_SIZE=2048
export KEY_SIZE=4096
# In how many days should the root CA key expire?
##export CA_EXPIRE=3650
export CA_EXPIRE=11688
# In how many days should certificates expire?
##export KEY_EXPIRE=3650
export KEY_EXPIRE=7305
# These are the default values for fields
# which will be placed in the certificate.
# Don't leave any of these fields blank.
##export KEY_COUNTRY="US"
export KEY_COUNTRY="DE"
##export KEY_PROVINCE="CA"
export KEY_PROVINCE="Berlin"
##export KEY_CITY="SanFrancisco"
export KEY_CITY="Berlin"
##export KEY_ORG="Fort-Funston"
export KEY_ORG="o.open"
##export KEY_EMAIL="me@myhost.mydomain"
export KEY_EMAIL="argus@oopen.de"
##export KEY_OU="MyOrganizationalUnit"
export KEY_OU="Network Services"
# X509 Subject Field
##export KEY_NAME="EasyRSA"
export KEY_NAME="VPN SPR"
# PKCS11 Smart Card
# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
# export PKCS11_PIN=1234
# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
## export KEY_CN="CommonName"
export KEY_CN="VPN-SPR"
export KEY_ALTNAMES="VPN-SPR"
SPR-BE/openvpn/gw-ckubu/easy-rsa/vars.2018-03-18-1452
+80
View File
@@ -0,0 +1,80 @@
# easy-rsa parameter settings
# NOTE: If you installed from an RPM,
# don't edit this file in place in
# /usr/share/openvpn/easy-rsa --
# instead, you should copy the whole
# easy-rsa directory to another location
# (such as /etc/openvpn) so that your
# edits will not be wiped out by a future
# OpenVPN package upgrade.
# This variable should point to
# the top level of the easy-rsa
# tree.
export EASY_RSA="`pwd`"
#
# This variable should point to
# the requested executables
#
export OPENSSL="openssl"
export PKCS11TOOL="pkcs11-tool"
export GREP="grep"
# This variable should point to
# the openssl.cnf file included
# with easy-rsa.
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
# Edit this variable to point to
# your soon-to-be-created key
# directory.
#
# WARNING: clean-all will do
# a rm -rf on this directory
# so make sure you define
# it correctly!
export KEY_DIR="$EASY_RSA/keys"
# Issue rm -rf warning
echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
# PKCS11 fixes
export PKCS11_MODULE_PATH="dummy"
export PKCS11_PIN="dummy"
# Increase this to 2048 if you
# are paranoid. This will slow
# down TLS negotiation performance
# as well as the one-time DH parms
# generation process.
export KEY_SIZE=2048
# In how many days should the root CA key expire?
export CA_EXPIRE=3650
# In how many days should certificates expire?
export KEY_EXPIRE=3650
# These are the default values for fields
# which will be placed in the certificate.
# Don't leave any of these fields blank.
export KEY_COUNTRY="US"
export KEY_PROVINCE="CA"
export KEY_CITY="SanFrancisco"
export KEY_ORG="Fort-Funston"
export KEY_EMAIL="me@myhost.mydomain"
export KEY_OU="MyOrganizationalUnit"
# X509 Subject Field
export KEY_NAME="EasyRSA"
# PKCS11 Smart Card
# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
# export PKCS11_PIN=1234
# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
# export KEY_CN="CommonName"
SPR-BE/openvpn/gw-ckubu/easy-rsa/whichopensslcnf
Symlink
+1
View File
@@ -0,0 +1 @@
/usr/share/easy-rsa/whichopensslcnf
SPR-BE/openvpn/gw-ckubu/ipp.txt
View File
SPR-BE/openvpn/gw-ckubu/keys-created.txt
+4
View File
@@ -0,0 +1,4 @@
key...............: gw-ckubu.key
common name.......: VPN-SPR-gw-ckubu
password..........: uoziengeeyiephu5voh7eothu1Aex8ar
SPR-BE/openvpn/gw-ckubu/keys/01.pem
+141
View File
@@ -0,0 +1,141 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-SPR/name=VPN SPR/emailAddress=argus@oopen.de
Validity
Not Before: Mar 18 15:59:51 2018 GMT
Not After : Mar 18 15:59:51 2038 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-SPR-server/name=VPN SPR/emailAddress=argus@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:a3:49:18:ae:69:4f:5c:4a:34:b1:85:9a:4d:a5:
ce:f6:2d:b5:6a:9e:40:27:02:3b:57:e0:75:ee:1c:
fd:eb:20:56:eb:ed:24:f1:57:a5:cb:ad:0d:09:af:
15:f3:9d:a4:67:8d:e5:a8:67:d5:1b:b8:36:f6:e6:
9c:d3:e8:29:08:d6:8f:a3:5e:e1:e5:30:eb:07:bc:
03:c2:95:a4:93:cc:19:86:c1:89:fb:9d:f5:38:9b:
10:01:6b:74:d2:20:8e:4a:65:34:17:1a:85:39:d4:
35:2b:04:f3:37:4f:f5:93:12:06:fa:c5:04:c3:73:
30:30:1f:33:69:86:bc:60:cf:fb:38:ae:6f:8a:21:
0e:76:35:7e:ba:0d:ad:ae:4c:6b:d0:cf:3b:73:a9:
1e:58:cf:ce:bf:45:8c:52:75:ee:da:a3:f4:6c:24:
8b:bd:b6:f2:db:59:fe:b7:7b:ef:8e:b8:30:ad:67:
dc:bf:3d:ca:d6:e4:b3:86:bc:60:fc:f9:a5:ba:5a:
0c:9d:c9:72:ec:ab:73:6d:2b:f5:9b:f0:a6:a5:c2:
31:6c:5c:a6:54:47:1e:65:73:2b:47:80:bc:27:29:
28:be:45:12:77:5c:44:51:cc:91:55:d3:36:5d:dd:
f1:01:18:68:c5:08:de:ee:06:9b:0c:d3:a7:94:c7:
99:75:c2:bb:f8:2e:19:46:db:d8:13:70:7d:a1:96:
6e:21:8b:32:1b:d6:8d:74:4b:a9:1d:43:53:d2:11:
3b:d9:63:b0:6a:ac:a8:e2:70:15:62:aa:c2:15:d2:
1e:df:34:1e:45:3a:30:b7:54:1a:25:2f:73:c0:d8:
1a:6d:8f:80:aa:7e:86:1a:84:e3:0a:c0:89:61:3f:
fd:bd:19:40:b3:cb:de:2d:aa:97:af:dd:cd:a2:28:
33:17:ae:50:bb:2b:00:d1:01:8a:25:32:56:d8:09:
fd:58:22:fe:33:a1:f3:b5:16:cc:59:ca:d8:d3:8e:
dc:62:13:25:05:c6:6a:02:fb:82:83:35:7b:e4:33:
84:71:18:fa:bb:6e:48:3f:ec:be:72:a2:dd:38:bd:
7a:69:89:28:6c:46:79:bf:34:30:39:5a:9f:a7:e3:
9d:15:73:29:f3:24:f0:84:51:27:38:8a:20:5d:cd:
d6:47:e8:2e:7c:6c:e1:8c:10:29:0a:79:96:24:fa:
94:29:a1:6f:dc:d8:94:fd:d6:f7:62:24:6d:a5:cc:
42:89:94:ee:8c:c4:19:31:0a:49:9d:e2:87:0a:29:
cc:f0:b1:ab:8f:d8:11:71:46:de:2c:d3:a7:5b:2e:
5c:f7:54:92:97:f8:1f:7b:42:23:b9:1e:47:0d:57:
2a:24:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Server
Netscape Comment:
Easy-RSA Generated Server Certificate
X509v3 Subject Key Identifier:
BD:B0:0D:2A:D9:8E:FF:E1:91:B4:A5:26:9C:C4:D3:E8:44:B2:BB:D5
X509v3 Authority Key Identifier:
keyid:71:DD:B2:44:84:DE:FF:91:25:C8:97:E1:91:0E:58:3E:52:25:9F:AA
DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-SPR/name=VPN SPR/emailAddress=argus@oopen.de
serial:CC:E1:89:CD:8C:F7:3F:7A
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Subject Alternative Name:
DNS:server
Signature Algorithm: sha256WithRSAEncryption
5a:36:4b:aa:dc:7c:3a:1d:93:f5:e3:d3:b4:cd:45:e9:ff:64:
9a:61:36:57:06:91:e7:39:24:cf:3c:4d:4a:3a:48:97:49:dc:
90:96:d4:4b:0c:35:a2:88:01:47:f6:a0:5a:74:71:cb:7d:08:
60:2f:4e:ba:de:99:20:e1:8e:75:d1:f6:96:69:9f:53:ed:e6:
7a:31:4a:e2:2a:10:10:94:1b:61:ac:e7:ee:f9:6a:37:ff:80:
49:12:35:f8:65:3e:1e:7d:9f:8a:31:cf:0b:31:cb:a2:37:d3:
7d:1c:41:cd:c9:0c:34:da:bf:5a:d5:52:da:6d:71:fa:37:10:
f1:73:02:5e:0d:01:34:ab:fb:88:5f:ea:ee:9e:e0:1a:e5:58:
e1:b7:f2:a6:01:62:bc:80:2c:42:c0:7a:b9:1d:9e:00:0a:bd:
87:d6:e4:a5:19:ba:65:c5:24:ba:e5:b7:a5:81:3d:34:b2:20:
1c:29:93:98:02:7f:1c:49:53:eb:c9:ef:73:35:cf:31:61:f8:
34:1f:cb:76:58:22:fe:4b:ab:93:b3:83:71:93:1a:5d:78:66:
29:3f:f4:f6:d5:4b:d5:ff:ff:f4:83:2d:f3:73:c3:d9:33:f2:
af:97:4f:f2:f3:f7:54:80:32:30:5b:b3:db:cb:a9:23:e0:df:
e1:d6:bd:db:3a:36:55:52:19:e7:1e:6e:72:0c:25:43:31:c3:
b5:01:27:af:72:85:e9:ab:ce:5a:62:8b:c0:73:be:67:52:56:
a2:6c:04:74:66:46:ab:fb:03:d3:3a:89:e9:7c:8a:0b:e5:d1:
01:52:00:41:f1:aa:fe:48:8b:ab:af:e1:4b:40:16:2e:f0:3e:
50:cb:6d:d9:bb:95:1f:f3:56:17:6e:67:aa:00:bd:da:9b:2c:
8c:b5:dc:3c:41:0d:87:7b:05:5a:6f:a5:a2:d2:cf:bb:a0:7e:
d5:aa:d1:cc:d8:57:9a:81:cb:ef:7f:ad:76:95:eb:65:6f:c0:
2e:21:61:fa:9c:6a:ee:f3:f9:d3:7a:9c:e1:5a:37:83:1d:61:
85:01:70:26:54:29:bf:52:50:7c:ff:5c:24:94:0a:5e:f5:37:
a8:36:2a:83:c8:d1:1a:ae:bb:19:b3:1b:a1:68:14:ef:33:a5:
7a:d1:b7:ff:74:d5:69:08:91:f7:f2:d6:e1:12:c2:17:70:e2:
13:f8:17:92:31:19:46:35:a9:13:79:f9:cf:2a:b9:8b:7a:2b:
b4:76:d0:0f:3b:75:0c:99:99:a7:dd:26:f1:da:82:7b:f7:d7:
67:8c:cc:c8:16:63:c9:c2:23:47:71:a1:cd:34:88:a9:8a:fa:
59:f3:1f:08:ab:e1:33:a6
-----BEGIN CERTIFICATE-----
MIIHRDCCBSygAwIBAgIBATANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1TUFIx
EDAOBgNVBCkTB1ZQTiBTUFIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRl
MB4XDTE4MDMxODE1NTk1MVoXDTM4MDMxODE1NTk1MVowgaUxCzAJBgNVBAYTAkRF
MQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5v
cGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRcwFQYDVQQDEw5WUE4tU1BS
LXNlcnZlcjEQMA4GA1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
b29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCjSRiuaU9c
SjSxhZpNpc72LbVqnkAnAjtX4HXuHP3rIFbr7STxV6XLrQ0JrxXznaRnjeWoZ9Ub
uDb25pzT6CkI1o+jXuHlMOsHvAPClaSTzBmGwYn7nfU4mxABa3TSII5KZTQXGoU5
1DUrBPM3T/WTEgb6xQTDczAwHzNphrxgz/s4rm+KIQ52NX66Da2uTGvQzztzqR5Y
z86/RYxSde7ao/RsJIu9tvLbWf63e++OuDCtZ9y/PcrW5LOGvGD8+aW6WgydyXLs
q3NtK/Wb8KalwjFsXKZURx5lcytHgLwnKSi+RRJ3XERRzJFV0zZd3fEBGGjFCN7u
BpsM06eUx5l1wrv4LhlG29gTcH2hlm4hizIb1o10S6kdQ1PSETvZY7BqrKjicBVi
qsIV0h7fNB5FOjC3VBolL3PA2Bptj4CqfoYahOMKwIlhP/29GUCzy94tqpev3c2i
KDMXrlC7KwDRAYolMlbYCf1YIv4zofO1FsxZytjTjtxiEyUFxmoC+4KDNXvkM4Rx
GPq7bkg/7L5yot04vXppiShsRnm/NDA5Wp+n450VcynzJPCEUSc4iiBdzdZH6C58
bOGMECkKeZYk+pQpoW/c2JT91vdiJG2lzEKJlO6MxBkxCkmd4ocKKczwsauP2BFx
Rt4s06dbLlz3VJKX+B97QiO5HkcNVyokuwIDAQABo4IBgjCCAX4wCQYDVR0TBAIw
ADARBglghkgBhvhCAQEEBAMCBkAwNAYJYIZIAYb4QgENBCcWJUVhc3ktUlNBIEdl
bmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFL2wDSrZjv/hkbSl
JpzE0+hEsrvVMIHTBgNVHSMEgcswgciAFHHdskSE3v+RJciX4ZEOWD5SJZ+qoYGk
pIGhMIGeMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZC
ZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNl
czEQMA4GA1UEAxMHVlBOLVNQUjEQMA4GA1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3
DQEJARYOYXJndXNAb29wZW4uZGWCCQDM4YnNjPc/ejATBgNVHSUEDDAKBggrBgEF
BQcDATALBgNVHQ8EBAMCBaAwEQYDVR0RBAowCIIGc2VydmVyMA0GCSqGSIb3DQEB
CwUAA4ICAQBaNkuq3Hw6HZP149O0zUXp/2SaYTZXBpHnOSTPPE1KOkiXSdyQltRL
DDWiiAFH9qBadHHLfQhgL0663pkg4Y510faWaZ9T7eZ6MUriKhAQlBthrOfu+Wo3
/4BJEjX4ZT4efZ+KMc8LMcuiN9N9HEHNyQw02r9a1VLabXH6NxDxcwJeDQE0q/uI
X+runuAa5Vjht/KmAWK8gCxCwHq5HZ4ACr2H1uSlGbplxSS65belgT00siAcKZOY
An8cSVPrye9zNc8xYfg0H8t2WCL+S6uTs4NxkxpdeGYpP/T21UvV///0gy3zc8PZ
M/Kvl0/y8/dUgDIwW7Pby6kj4N/h1r3bOjZVUhnnHm5yDCVDMcO1ASevcoXpq85a
YovAc75nUlaibAR0Zkar+wPTOonpfIoL5dEBUgBB8ar+SIurr+FLQBYu8D5Qy23Z
u5Uf81YXbmeqAL3amyyMtdw8QQ2HewVab6Wi0s+7oH7VqtHM2Feagcvvf612letl
b8AuIWH6nGru8/nTepzhWjeDHWGFAXAmVCm/UlB8/1wklApe9TeoNiqDyNEarrsZ
sxuhaBTvM6V60bf/dNVpCJH38tbhEsIXcOIT+BeSMRlGNakTefnPKrmLeiu0dtAP
O3UMmZmn3Sbx2oJ799dnjMzIFmPJwiNHcaHNNIipivpZ8x8Iq+Ezpg==
-----END CERTIFICATE-----
SPR-BE/openvpn/gw-ckubu/keys/02.pem
+139
View File
@@ -0,0 +1,139 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-SPR/name=VPN SPR/emailAddress=argus@oopen.de
Validity
Not Before: Mar 18 22:13:06 2018 GMT
Not After : Mar 18 22:13:06 2038 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-SPR-gw-ckubu/name=VPN SPR/emailAddress=argus@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:d9:a8:c0:d0:da:7f:53:f3:f8:00:92:ff:0f:03:
cd:48:91:22:ee:e2:eb:27:ed:79:e5:81:9d:54:e1:
e2:91:74:c2:69:9b:21:5e:ac:ab:b9:c5:5c:77:9f:
20:d6:18:8e:ef:ec:cd:4e:43:8e:a9:b5:ef:9d:18:
50:f2:95:98:98:bb:73:e0:8d:2a:44:2d:da:43:5a:
f3:4a:8f:10:d6:99:e7:44:ee:40:05:a3:1e:02:20:
54:2d:48:3e:99:23:93:ff:b6:74:89:38:ad:52:8f:
c0:2d:01:da:aa:25:bc:7f:25:8f:55:57:82:de:a2:
79:15:3a:0b:02:c2:b8:1e:49:b6:f2:9b:38:4c:f4:
c0:24:b6:b0:22:8f:b1:cc:f4:47:ef:fd:8d:ff:bd:
0c:00:7a:0a:bd:6d:e0:c9:1a:c0:9e:e1:de:69:f5:
ec:dd:ed:99:f0:d4:ab:21:ab:de:17:fc:9e:f2:60:
30:50:53:26:c4:4b:29:c8:1d:34:47:c3:50:66:13:
d5:c2:79:f2:ba:8d:94:18:ec:b3:1d:b8:4f:62:af:
fd:5e:f6:b6:f8:2f:d1:8f:3c:8c:34:0b:24:80:0e:
fe:cc:2a:59:c6:1a:a8:a1:d0:02:fb:e6:83:7c:d8:
7e:b8:b5:d1:5f:4c:b0:4c:4a:b3:07:c4:bc:62:e0:
97:2f:b7:12:43:21:3e:e1:14:f4:9a:a2:f9:ce:66:
e1:ac:0a:1b:1e:96:c3:46:20:24:99:21:80:7c:3e:
0f:cf:fb:fc:48:e2:69:73:36:b1:5c:12:5a:28:d2:
b5:84:66:7f:f2:e6:62:54:b6:4e:cd:fc:30:70:02:
d1:68:d3:77:68:fc:88:e0:75:6b:87:63:0e:fd:a3:
19:2b:f4:8a:ad:f3:a6:fe:b7:23:41:42:0e:a5:6a:
4d:68:73:24:69:0c:b1:4a:30:93:80:32:5a:b9:ca:
36:c3:1f:0b:86:47:1b:67:3c:0d:38:40:02:e2:96:
fc:e3:ae:fa:16:a6:18:09:14:b8:d0:ba:49:83:21:
19:9b:ac:fd:5a:0f:26:e7:45:e6:fa:7e:e4:09:2d:
84:0a:3f:37:9c:0f:c4:89:bf:9d:62:57:57:c3:6b:
f4:27:76:e1:32:1b:ed:37:97:e8:44:96:0a:46:4c:
b3:f3:b7:d4:15:b1:25:9f:77:9f:93:ef:ea:e1:0f:
94:1a:75:6e:1e:68:8f:af:45:da:f5:66:f6:46:a5:
f1:89:a9:3b:c8:e4:bb:0c:ee:c0:98:2c:ed:fd:f4:
d1:a8:86:f8:92:45:f8:fc:fa:f3:0f:f9:07:5e:f4:
a6:0b:ae:c9:bc:aa:f1:44:0d:24:98:58:33:2a:3d:
2f:d9:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
13:52:C6:BA:47:03:D1:DF:AE:FB:87:8E:FB:8A:66:74:D7:91:D3:76
X509v3 Authority Key Identifier:
keyid:71:DD:B2:44:84:DE:FF:91:25:C8:97:E1:91:0E:58:3E:52:25:9F:AA
DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-SPR/name=VPN SPR/emailAddress=argus@oopen.de
serial:CC:E1:89:CD:8C:F7:3F:7A
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:gw-ckubu
Signature Algorithm: sha256WithRSAEncryption
40:c6:2a:2c:27:c7:69:e5:54:1e:15:a4:af:87:e1:f1:3a:29:
82:e3:a8:60:a9:64:b9:62:47:15:c3:d9:5f:f3:2f:05:ed:eb:
78:58:18:c3:d4:c5:49:aa:ab:e9:e7:40:02:33:6d:17:8e:7f:
8f:f7:6a:fc:2e:6a:83:1c:87:c3:c6:99:b4:dd:a1:98:9c:e5:
0c:6e:d0:5c:0d:ed:fd:b8:79:e9:98:b8:4b:42:f1:1e:a3:ac:
b5:47:7d:fb:82:98:d5:fe:9f:de:13:f4:5c:3c:76:1e:59:e0:
16:3d:5b:72:47:af:ad:b2:e4:29:11:13:4d:d5:4d:68:22:bb:
89:d1:96:e9:27:c3:22:45:60:57:23:f2:9f:21:ea:4b:7d:a8:
8a:12:a5:c6:8e:4d:fc:ab:85:45:20:c6:ee:27:8c:40:82:c3:
b6:63:65:b2:ef:69:6a:b8:93:94:9e:6b:dc:c1:2f:fe:69:f6:
98:49:56:f8:26:64:17:e2:a0:c5:ca:6d:8a:e0:f4:c5:2e:9d:
6c:4c:0c:9d:be:0d:17:4b:bd:5e:f0:5b:00:72:1e:b3:21:7d:
b6:7b:d4:a3:c0:78:91:7c:32:c5:d1:e9:61:da:1d:3c:dc:92:
a3:a1:d2:5f:0e:e4:13:f3:53:4e:c8:27:18:4a:87:61:c8:da:
3a:1a:65:f1:1f:e5:d7:fd:f4:04:6d:1f:bc:94:8b:da:9b:db:
f3:a0:a9:47:b6:b8:5f:d9:e8:c0:d4:ba:e8:a9:a0:af:79:3c:
00:9f:f3:2b:c6:18:4a:6b:ce:a0:04:ba:ca:12:92:f5:c9:02:
44:c7:05:a8:cd:3d:97:f7:33:dd:3d:5a:ac:b4:0b:ca:d1:54:
2d:3a:fb:2f:40:4f:54:e8:6d:ad:f2:4d:bd:b0:50:43:85:43:
8b:f0:24:af:88:c2:2d:dd:d7:ac:da:ea:fc:d9:02:b1:20:a6:
28:f6:99:ee:51:55:b9:70:56:84:83:96:a6:d3:4c:a3:7f:a1:
b4:ce:9b:75:6b:da:d0:57:d4:d0:9d:55:a4:2e:c3:05:93:70:
09:a3:ce:e3:1d:f9:b9:6e:10:e3:a7:94:17:c0:4e:e2:dd:9d:
17:60:64:00:34:2d:bb:50:03:13:9c:a5:d5:2c:c5:1e:8a:c7:
25:c5:aa:5a:3b:c0:f7:9f:c7:b1:89:29:e4:da:02:dd:14:e7:
42:70:ef:a8:13:03:0c:53:81:d8:32:06:ea:25:f7:df:29:66:
17:b2:b8:56:af:8c:7f:4a:99:66:3f:ab:53:7e:5b:23:ad:3e:
01:77:d1:58:db:a4:33:5f:19:71:fc:cc:58:79:e8:bc:85:b4:
1c:5d:a6:3b:95:49:41:23
-----BEGIN CERTIFICATE-----
MIIHLjCCBRagAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1TUFIx
EDAOBgNVBCkTB1ZQTiBTUFIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRl
MB4XDTE4MDMxODIyMTMwNloXDTM4MDMxODIyMTMwNlowgacxCzAJBgNVBAYTAkRF
MQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5v
cGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRkwFwYDVQQDExBWUE4tU1BS
LWd3LWNrdWJ1MRAwDgYDVQQpEwdWUE4gU1BSMR0wGwYJKoZIhvcNAQkBFg5hcmd1
c0Bvb3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANmowNDa
f1Pz+ACS/w8DzUiRIu7i6yfteeWBnVTh4pF0wmmbIV6sq7nFXHefINYYju/szU5D
jqm1750YUPKVmJi7c+CNKkQt2kNa80qPENaZ50TuQAWjHgIgVC1IPpkjk/+2dIk4
rVKPwC0B2qolvH8lj1VXgt6ieRU6CwLCuB5JtvKbOEz0wCS2sCKPscz0R+/9jf+9
DAB6Cr1t4MkawJ7h3mn17N3tmfDUqyGr3hf8nvJgMFBTJsRLKcgdNEfDUGYT1cJ5
8rqNlBjssx24T2Kv/V72tvgv0Y88jDQLJIAO/swqWcYaqKHQAvvmg3zYfri10V9M
sExKswfEvGLgly+3EkMhPuEU9Jqi+c5m4awKGx6Ww0YgJJkhgHw+D8/7/EjiaXM2
sVwSWijStYRmf/LmYlS2Ts38MHAC0WjTd2j8iOB1a4djDv2jGSv0iq3zpv63I0FC
DqVqTWhzJGkMsUowk4AyWrnKNsMfC4ZHG2c8DThAAuKW/OOu+hamGAkUuNC6SYMh
GZus/VoPJudF5vp+5AkthAo/N5wPxIm/nWJXV8Nr9Cd24TIb7TeX6ESWCkZMs/O3
1BWxJZ93n5Pv6uEPlBp1bh5oj69F2vVm9kal8YmpO8jkuwzuwJgs7f300aiG+JJF
+Pz68w/5B170pguuybyq8UQNJJhYMyo9L9nBAgMBAAGjggFqMIIBZjAJBgNVHRME
AjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNh
dGUwHQYDVR0OBBYEFBNSxrpHA9HfrvuHjvuKZnTXkdN2MIHTBgNVHSMEgcswgciA
FHHdskSE3v+RJciX4ZEOWD5SJZ+qoYGkpIGhMIGeMQswCQYDVQQGEwJERTEPMA0G
A1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZ
MBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLVNQUjEQMA4G
A1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDM
4YnNjPc/ejATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEwYDVR0R
BAwwCoIIZ3ctY2t1YnUwDQYJKoZIhvcNAQELBQADggIBAEDGKiwnx2nlVB4VpK+H
4fE6KYLjqGCpZLliRxXD2V/zLwXt63hYGMPUxUmqq+nnQAIzbReOf4/3avwuaoMc
h8PGmbTdoZic5Qxu0FwN7f24eemYuEtC8R6jrLVHffuCmNX+n94T9Fw8dh5Z4BY9
W3JHr62y5CkRE03VTWgiu4nRluknwyJFYFcj8p8h6kt9qIoSpcaOTfyrhUUgxu4n
jECCw7ZjZbLvaWq4k5Sea9zBL/5p9phJVvgmZBfioMXKbYrg9MUunWxMDJ2+DRdL
vV7wWwByHrMhfbZ71KPAeJF8MsXR6WHaHTzckqOh0l8O5BPzU07IJxhKh2HI2joa
ZfEf5df99ARtH7yUi9qb2/OgqUe2uF/Z6MDUuuipoK95PACf8yvGGEprzqAEusoS
kvXJAkTHBajNPZf3M909Wqy0C8rRVC06+y9AT1Toba3yTb2wUEOFQ4vwJK+Iwi3d
16za6vzZArEgpij2me5RVblwVoSDlqbTTKN/obTOm3Vr2tBX1NCdVaQuwwWTcAmj
zuMd+bluEOOnlBfATuLdnRdgZAA0LbtQAxOcpdUsxR6KxyXFqlo7wPefx7GJKeTa
At0U50Jw76gTAwxTgdgyBuol998pZheyuFavjH9KmWY/q1N+WyOtPgF30VjbpDNf
GXH8zFh56LyFtBxdpjuVSUEj
-----END CERTIFICATE-----
SPR-BE/openvpn/gw-ckubu/keys/ca.crt
+39
View File
@@ -0,0 +1,39 @@
-----BEGIN CERTIFICATE-----
MIIGzDCCBLSgAwIBAgIJAMzhic2M9z96MA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMH
VlBOLVNQUjEQMA4GA1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
b29wZW4uZGUwIBcNMTgwMzE4MTM1NDAzWhgPMjA1MDAzMTgxMzU0MDNaMIGeMQsw
CQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzAN
BgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UE
AxMHVlBOLVNQUjEQMA4GA1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3DQEJARYOYXJn
dXNAb29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDU3Y3K
UW+th51pqc+MttFyQNVQ+TwGUFptpoES5KIDqXifbqQfTLNUch1us+C0e6qt6B/t
ZSotqwAqBgA9bT4ws02sMP2U7U0+sn+rxvb9H/6Q0H4KixfsyTTxqrstEphEE2aF
eC9L3Z4QlJuafsuUWIxT9LW1KnaPV5CIDz/cJZIO/Xc7/TRyiO0ylgf6+br2zAFH
Rm8Tnr1TDUm2ftB0ukG2wsmGhd/+lXPBrXWwC83NBYjFi0o9OZZmAUekyNWUTHQY
UJ1fLJAPLdpoVuxbV0BK6HQdpRvj4KyMBt/kEcGMXSLuAr1/848wI1EI8AuFyaZV
RQdnS6yHxZ4+Mi8YSdXEj+nb/SwBGxz9kmmVUQCTlPm/B4Y5I+3ivS9PxihpSwHo
zJkr8tr+xwfnFXSXB3wPdYu9rD8KmY3/uDYy9iWLg0/xW6keL4luDCVNjltMjc0x
03MOpv9cjN2eBwGyU2dHyyfDPSqSsQi9FZeWmgCzwJ0rL4WywDRc5paXbaWtzdqQ
98gVox7lFbmQIE5VoFc4VTKEIY9D/cLdmZpWzPHOn3vPEc5eAFKb5qZv2IlN420Q
CSCFJAb5orrIj9ALAIvFXfvTv5o7G+ZEvk4eMP39nK1ZXc6/cL7/IapPfy3/vUs0
tEph6pRHP39bcH9pxVAA7WkTS5ZEUshA7NrUEwIDAQABo4IBBzCCAQMwHQYDVR0O
BBYEFHHdskSE3v+RJciX4ZEOWD5SJZ+qMIHTBgNVHSMEgcswgciAFHHdskSE3v+R
JciX4ZEOWD5SJZ+qoYGkpIGhMIGeMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVy
bGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQ
TmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLVNQUjEQMA4GA1UEKRMHVlBO
IFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDM4YnNjPc/ejAM
BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQB1cA8o2Fo78xQ8jRdyfbvK
GFH8+SMoOh/8qxj9prk0kLYAro5QnzEBmftHhf3sXevEAUWpr77VL1FxhTXgKUp2
S06S/meC24M/KclxM+W/7AuG9yrJuW122l61OuWUcDWA24oj0KG896Mbw13ieeWS
7XmC1YU5Lix3wiWnjD7QZ+E4dg09z722+zwUi1UwRekzJZmB8pTHHmbX4Yig/K27
STnxQEiVZzlzcvjY6QvC3Sj/aA3YCSNl0bsSwH6GwXXJZ3BEKmm6w+ZRQMTz7+72
q0ybGf43XH4sj2OBm1YvCD8LehygPy2uJYlDxG8zRq2kxYxiWLbncs1x9Acusd7l
Te+k8YArRTqsWLN5Q47sGO4H1clz4ay80TTuz4Vc6JQ3banHDmMFV2nMsR2YtKX6
lKD3lXvMU04ZvZe2SolP1uTto3Jw3cNarigj/nHjn5s16uvy6Q3x4TyVUqyAOqrG
cuGrbYAEqtVnMrrovGZTj73HSwAx2PD+3jJKZH+suwBIijNL90wbkNlsNHlNcQeQ
zQAlYRBdCYWFU+7d86kUWYYrActGZc2MJmBZzZ/Tt7YoOIw6NMnWcpMMTUV+zToP
WWrD5OMDc7EX9BmMg7uif46UF6ol2puGXpQIF/yVRbFk1IiPwhc1ZyCuh+1ugh5+
CZSTeKgLDVjfXlqH1ErAvQ==
-----END CERTIFICATE-----
SPR-BE/openvpn/gw-ckubu/keys/ca.key
+52
View File
@@ -0,0 +1,52 @@
-----BEGIN PRIVATE KEY-----
MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDU3Y3KUW+th51p
qc+MttFyQNVQ+TwGUFptpoES5KIDqXifbqQfTLNUch1us+C0e6qt6B/tZSotqwAq
BgA9bT4ws02sMP2U7U0+sn+rxvb9H/6Q0H4KixfsyTTxqrstEphEE2aFeC9L3Z4Q
lJuafsuUWIxT9LW1KnaPV5CIDz/cJZIO/Xc7/TRyiO0ylgf6+br2zAFHRm8Tnr1T
DUm2ftB0ukG2wsmGhd/+lXPBrXWwC83NBYjFi0o9OZZmAUekyNWUTHQYUJ1fLJAP
LdpoVuxbV0BK6HQdpRvj4KyMBt/kEcGMXSLuAr1/848wI1EI8AuFyaZVRQdnS6yH
xZ4+Mi8YSdXEj+nb/SwBGxz9kmmVUQCTlPm/B4Y5I+3ivS9PxihpSwHozJkr8tr+
xwfnFXSXB3wPdYu9rD8KmY3/uDYy9iWLg0/xW6keL4luDCVNjltMjc0x03MOpv9c
jN2eBwGyU2dHyyfDPSqSsQi9FZeWmgCzwJ0rL4WywDRc5paXbaWtzdqQ98gVox7l
FbmQIE5VoFc4VTKEIY9D/cLdmZpWzPHOn3vPEc5eAFKb5qZv2IlN420QCSCFJAb5
orrIj9ALAIvFXfvTv5o7G+ZEvk4eMP39nK1ZXc6/cL7/IapPfy3/vUs0tEph6pRH
P39bcH9pxVAA7WkTS5ZEUshA7NrUEwIDAQABAoICAGlmxyXOCzFuvFgsuFOh1rXv
OnEc6EbsFMrErpbvVPXhPZQcUfIZpZaD5uUA9pwHvCzeiqie9jKkwLEORaIk7K1q
q2Q+4eGTWzNXaXZiT7xo0kFcq3yHATLDMo8Tjhk0YucagCJIr4quUu082Iu4iw+K
hPmxayQowYoavrtQabuVcuwvP5IZv5WTDXiF56+zZot72oozax7Y9EAijURrKMcT
zyQy8VzF/3LtB+N4A5VHUwFY4y+F2B3W3QznR1VmCLOk47uCd1pAE5kgiEwv9lsI
KhKtZYmkTtoYTvgLE2O4ExFwsLIP80tfC6C3bBGz4tC9V7pTMuZIB0c3aDK94KkL
geojeQg/D81yRzrIImcQDW+6asJJBdV6fdjeWW7oMG6pvweg5xKG53dUgqrcC4yz
EC4mMO4MF4oTUnOv2yYnQOA2GIy7myf87rFKonqB6vzlA7KoE7aOvX3ZTiuydBZ+
StIZ6aJIK7IINa/4QE1TZBLG51GO+u8SE8BMlm96HB//TVp+AmgtrXlqlbREfYHk
CgUB4aIYsvtcfBoy/T0tWREByIFBTDZMO68Ifcaspvys62y1H879BmKTGiq9XCX/
PPQduHUBzcS1wUmnRerSOyvhqqsOvJMEXjbQAJP2J8mBWd8TLaQWtftFb7Y4XXjt
lTsjK5+a+Vux+bugK4rZAoIBAQD5Mvwd9ETTGrW33Gss2u5GswzFIWQymjYHaXlJ
j9YgqmUMRnClBFRCODmBONjw5A866/adXi5N8ZZAxCQUOnrCLJ0TdMb5JnhcH//G
dPHO2iiZV+JUsZbOaxD9m2SPogStqSGVt9i1CRyVC/SWGAxgKdHB52kEfDp/PhOH
dY5iH+kPaPvQd7DSrIjuY9vqlavDAMZ4Wf/Pigeh1/j1LvALZoqb0fAj/qD81U9W
+4BnPBQz/fMhOTu/z+lUC5T4l2WT5zmQ89knkSeUOboCjQ9Int9FH8DFGXY0YKmC
5y9HBt1xypWesnqGCCESiU8lWXvM5T3V6zXyOHpF/72+p/e9AoIBAQDarLnG24Ef
SoIQgEgOuTwajsjducGl/YuHtz6fKLD1OtAbQDYmQCUSUraJXFtYVe0sZa1dQPj3
yGJ0whJW1Po8tIAIfacjJ/gQ6F4xNhqxmbcxGEvMDCWFyyxKOTcmY4tT/Q00Cv4z
Oz+RGWD1Mnw90fFs+KLe7gAfbZgXZ/CDriSEyBPGLARZYCrpQ74FogUGAVcAhZb9
l/2vxaMBr4EVkuIrpd7yP8tWEdnta4ACeW6CcX2KIAGi12o6Z35RO4nfo3BZszUy
pnA4Lau2TmzSqV3/hn2M6tJP9mXaiF7HnvGw2t+/o5nTv2clBm2L2MZOEpNANS3J
YUVVb5W+XZAPAoIBAQCgZb+/bAWMt6l1YaueYIB0AzVaAUckBvx1wt7tiWZy+ho2
T3Sb0nCFevkQgs2oJ7Lh4xWGbyNwyepDX7w1RPrU1rB34Hdd0PQxn+sbCxTFZsgx
A09L4k7GKEX0ZrvQc6F9Qdq7Km2TAP1jtiFFJs94ahJ4M4H2ABwK4KLjUrhF0nJJ
l/JVWWT4BVPR1XasxI+c4Xfd6VftdtO4yXGWJxMc03CuIO/nyzJF6uq5ewJH8HS0
jmWa4eLicGmnzhih9ZjNHUyBT2Nbw2NtVcazc6X9wTzGmkyS0POzfPA+sJ1Oo02P
u6yYTBrvAHaBHt5RlQpJdNhbQ50iflW9joHMIQMlAoIBAQDU/ucZjhcQPoe/wOPv
C3hCug9nARdhMjylXdSuPHlY9Adec8YKrfIuDcjktMP4oAGbfBJIQg//cfyMk7g/
QcXYOUx4eMPC15ymA2Az+Oo5UWuBc5Po1W/7CTJDvcU9LDq6/UHODmMZzb0V/S1W
x+0CXisVpH0oPZR7CEnbio9YA9hoSWYRYjB+SdCiUyyU2gKgnc97n6O5sUEV46Dp
9GP8eoy4TSGCvqa1WD/4JPyT7Gm6vwaz8ocFcWN0Lfh48VBTOCQoCwlnI30tCzc1
JOCUtQns6bgC+XsPDgaZvLjtIaFzTU4hoR4lhUrXYpJzZBuMUkWBhgrqG0fodv7Z
ZNL7AoIBAFiZkq/ccCajhfGw/3XJaGsT9n+X5IZFr4HwK8ucZhVsBidrV7MVT/iU
gzmicc0vj3gktvUJt4WpwYxkneriS0Pxlf9yPny499TczgVgkqxaLVdFTUNPE4zv
MIhvqgtyaSBo1sG9zP01hk7sdUroSnn28TOAPnLXCPgRvdK5q78NflsztokHMGnf
48RE4kEs8x+1u1xHOOe1SwXSeGjQ2HCiEtHjcHuCkeyIMuc3g7ihHAkflKx3jdRd
KbQNVAvuMy+9lUzUXgXWbbk3sU27WGP87pP5D+BlAEA2ZeJ+CmxV+jy+9MEVFVi0
liKWQWNz50yAIjjVr0jSOoWfnCLxXb4=
-----END PRIVATE KEY-----
SPR-BE/openvpn/gw-ckubu/keys/crl.pem
Symlink
+1
View File
@@ -0,0 +1 @@
../crl.pem
SPR-BE/openvpn/gw-ckubu/keys/dh4096.pem
+13
View File
@@ -0,0 +1,13 @@
-----BEGIN DH PARAMETERS-----
MIICCAKCAgEA8AcG6srQW5kZUMnDpQ3FlcyKqlJ4qL10h72+PfKfbXeKwg3a5n0v
kiUIFNSsPZ9Zei9mpEVvVAfy9y1WeewVzvTN+rp5W5gUfMDZHJLSMZt038iWeEhK
x2Regp3Bb+2suBrG53YfVmKLjxyrtb5lZc25YJWnholXMaf19dCl7B301vLKS5dA
RXhHqHWrzZ8Mr6Z1IijOZyOY9tK4zpACS/5qs+lPNam89WdTxdRfwNuxdyDWpWV2
NL5pIJ3D81gslw68bNqVVO2GGjIJlG33CxgvkyR8/WC5YyhkGhufQzyMxmFHeaVb
bsgF57LhjDCKz7HmmNnwhJJnfoeYis3BGHJsTO2tDh4bxJeyNqtqvAnh0DnK1KED
QExIcnCrx7UcaoeFZTtYfRzwPejfB3lhlXckvVHcKiDZvCotCJRXyYQJVQja5mYS
k8a4Qbxx07h94FeEXErHKsLcLqzKXa+RzX07+yzwgWsphWFtmeBroOUzVr+dCtK4
YLzYcZYq+LBMtl7d6NXXsFS1P5Rw5iu0G1o7CuiXeez6bsoj622gghhc23d727Nx
phmv74FINMjJsdraJShpwuYwbwVQCevfvE3FddDf/eR5WMqLx1EdpX3WT+udGQ3l
2oVss5bY7eMFtNnT1eX7G8C9iUSWC9kJEu5ERA8JS0x6eb3pcAy+lWsCAQI=
-----END DH PARAMETERS-----
SPR-BE/openvpn/gw-ckubu/keys/gw-ckubu.crt
+139
View File
@@ -0,0 +1,139 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-SPR/name=VPN SPR/emailAddress=argus@oopen.de
Validity
Not Before: Mar 18 22:13:06 2018 GMT
Not After : Mar 18 22:13:06 2038 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-SPR-gw-ckubu/name=VPN SPR/emailAddress=argus@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:d9:a8:c0:d0:da:7f:53:f3:f8:00:92:ff:0f:03:
cd:48:91:22:ee:e2:eb:27:ed:79:e5:81:9d:54:e1:
e2:91:74:c2:69:9b:21:5e:ac:ab:b9:c5:5c:77:9f:
20:d6:18:8e:ef:ec:cd:4e:43:8e:a9:b5:ef:9d:18:
50:f2:95:98:98:bb:73:e0:8d:2a:44:2d:da:43:5a:
f3:4a:8f:10:d6:99:e7:44:ee:40:05:a3:1e:02:20:
54:2d:48:3e:99:23:93:ff:b6:74:89:38:ad:52:8f:
c0:2d:01:da:aa:25:bc:7f:25:8f:55:57:82:de:a2:
79:15:3a:0b:02:c2:b8:1e:49:b6:f2:9b:38:4c:f4:
c0:24:b6:b0:22:8f:b1:cc:f4:47:ef:fd:8d:ff:bd:
0c:00:7a:0a:bd:6d:e0:c9:1a:c0:9e:e1:de:69:f5:
ec:dd:ed:99:f0:d4:ab:21:ab:de:17:fc:9e:f2:60:
30:50:53:26:c4:4b:29:c8:1d:34:47:c3:50:66:13:
d5:c2:79:f2:ba:8d:94:18:ec:b3:1d:b8:4f:62:af:
fd:5e:f6:b6:f8:2f:d1:8f:3c:8c:34:0b:24:80:0e:
fe:cc:2a:59:c6:1a:a8:a1:d0:02:fb:e6:83:7c:d8:
7e:b8:b5:d1:5f:4c:b0:4c:4a:b3:07:c4:bc:62:e0:
97:2f:b7:12:43:21:3e:e1:14:f4:9a:a2:f9:ce:66:
e1:ac:0a:1b:1e:96:c3:46:20:24:99:21:80:7c:3e:
0f:cf:fb:fc:48:e2:69:73:36:b1:5c:12:5a:28:d2:
b5:84:66:7f:f2:e6:62:54:b6:4e:cd:fc:30:70:02:
d1:68:d3:77:68:fc:88:e0:75:6b:87:63:0e:fd:a3:
19:2b:f4:8a:ad:f3:a6:fe:b7:23:41:42:0e:a5:6a:
4d:68:73:24:69:0c:b1:4a:30:93:80:32:5a:b9:ca:
36:c3:1f:0b:86:47:1b:67:3c:0d:38:40:02:e2:96:
fc:e3:ae:fa:16:a6:18:09:14:b8:d0:ba:49:83:21:
19:9b:ac:fd:5a:0f:26:e7:45:e6:fa:7e:e4:09:2d:
84:0a:3f:37:9c:0f:c4:89:bf:9d:62:57:57:c3:6b:
f4:27:76:e1:32:1b:ed:37:97:e8:44:96:0a:46:4c:
b3:f3:b7:d4:15:b1:25:9f:77:9f:93:ef:ea:e1:0f:
94:1a:75:6e:1e:68:8f:af:45:da:f5:66:f6:46:a5:
f1:89:a9:3b:c8:e4:bb:0c:ee:c0:98:2c:ed:fd:f4:
d1:a8:86:f8:92:45:f8:fc:fa:f3:0f:f9:07:5e:f4:
a6:0b:ae:c9:bc:aa:f1:44:0d:24:98:58:33:2a:3d:
2f:d9:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
13:52:C6:BA:47:03:D1:DF:AE:FB:87:8E:FB:8A:66:74:D7:91:D3:76
X509v3 Authority Key Identifier:
keyid:71:DD:B2:44:84:DE:FF:91:25:C8:97:E1:91:0E:58:3E:52:25:9F:AA
DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-SPR/name=VPN SPR/emailAddress=argus@oopen.de
serial:CC:E1:89:CD:8C:F7:3F:7A
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:gw-ckubu
Signature Algorithm: sha256WithRSAEncryption
40:c6:2a:2c:27:c7:69:e5:54:1e:15:a4:af:87:e1:f1:3a:29:
82:e3:a8:60:a9:64:b9:62:47:15:c3:d9:5f:f3:2f:05:ed:eb:
78:58:18:c3:d4:c5:49:aa:ab:e9:e7:40:02:33:6d:17:8e:7f:
8f:f7:6a:fc:2e:6a:83:1c:87:c3:c6:99:b4:dd:a1:98:9c:e5:
0c:6e:d0:5c:0d:ed:fd:b8:79:e9:98:b8:4b:42:f1:1e:a3:ac:
b5:47:7d:fb:82:98:d5:fe:9f:de:13:f4:5c:3c:76:1e:59:e0:
16:3d:5b:72:47:af:ad:b2:e4:29:11:13:4d:d5:4d:68:22:bb:
89:d1:96:e9:27:c3:22:45:60:57:23:f2:9f:21:ea:4b:7d:a8:
8a:12:a5:c6:8e:4d:fc:ab:85:45:20:c6:ee:27:8c:40:82:c3:
b6:63:65:b2:ef:69:6a:b8:93:94:9e:6b:dc:c1:2f:fe:69:f6:
98:49:56:f8:26:64:17:e2:a0:c5:ca:6d:8a:e0:f4:c5:2e:9d:
6c:4c:0c:9d:be:0d:17:4b:bd:5e:f0:5b:00:72:1e:b3:21:7d:
b6:7b:d4:a3:c0:78:91:7c:32:c5:d1:e9:61:da:1d:3c:dc:92:
a3:a1:d2:5f:0e:e4:13:f3:53:4e:c8:27:18:4a:87:61:c8:da:
3a:1a:65:f1:1f:e5:d7:fd:f4:04:6d:1f:bc:94:8b:da:9b:db:
f3:a0:a9:47:b6:b8:5f:d9:e8:c0:d4:ba:e8:a9:a0:af:79:3c:
00:9f:f3:2b:c6:18:4a:6b:ce:a0:04:ba:ca:12:92:f5:c9:02:
44:c7:05:a8:cd:3d:97:f7:33:dd:3d:5a:ac:b4:0b:ca:d1:54:
2d:3a:fb:2f:40:4f:54:e8:6d:ad:f2:4d:bd:b0:50:43:85:43:
8b:f0:24:af:88:c2:2d:dd:d7:ac:da:ea:fc:d9:02:b1:20:a6:
28:f6:99:ee:51:55:b9:70:56:84:83:96:a6:d3:4c:a3:7f:a1:
b4:ce:9b:75:6b:da:d0:57:d4:d0:9d:55:a4:2e:c3:05:93:70:
09:a3:ce:e3:1d:f9:b9:6e:10:e3:a7:94:17:c0:4e:e2:dd:9d:
17:60:64:00:34:2d:bb:50:03:13:9c:a5:d5:2c:c5:1e:8a:c7:
25:c5:aa:5a:3b:c0:f7:9f:c7:b1:89:29:e4:da:02:dd:14:e7:
42:70:ef:a8:13:03:0c:53:81:d8:32:06:ea:25:f7:df:29:66:
17:b2:b8:56:af:8c:7f:4a:99:66:3f:ab:53:7e:5b:23:ad:3e:
01:77:d1:58:db:a4:33:5f:19:71:fc:cc:58:79:e8:bc:85:b4:
1c:5d:a6:3b:95:49:41:23
-----BEGIN CERTIFICATE-----
MIIHLjCCBRagAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1TUFIx
EDAOBgNVBCkTB1ZQTiBTUFIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRl
MB4XDTE4MDMxODIyMTMwNloXDTM4MDMxODIyMTMwNlowgacxCzAJBgNVBAYTAkRF
MQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5v
cGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRkwFwYDVQQDExBWUE4tU1BS
LWd3LWNrdWJ1MRAwDgYDVQQpEwdWUE4gU1BSMR0wGwYJKoZIhvcNAQkBFg5hcmd1
c0Bvb3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANmowNDa
f1Pz+ACS/w8DzUiRIu7i6yfteeWBnVTh4pF0wmmbIV6sq7nFXHefINYYju/szU5D
jqm1750YUPKVmJi7c+CNKkQt2kNa80qPENaZ50TuQAWjHgIgVC1IPpkjk/+2dIk4
rVKPwC0B2qolvH8lj1VXgt6ieRU6CwLCuB5JtvKbOEz0wCS2sCKPscz0R+/9jf+9
DAB6Cr1t4MkawJ7h3mn17N3tmfDUqyGr3hf8nvJgMFBTJsRLKcgdNEfDUGYT1cJ5
8rqNlBjssx24T2Kv/V72tvgv0Y88jDQLJIAO/swqWcYaqKHQAvvmg3zYfri10V9M
sExKswfEvGLgly+3EkMhPuEU9Jqi+c5m4awKGx6Ww0YgJJkhgHw+D8/7/EjiaXM2
sVwSWijStYRmf/LmYlS2Ts38MHAC0WjTd2j8iOB1a4djDv2jGSv0iq3zpv63I0FC
DqVqTWhzJGkMsUowk4AyWrnKNsMfC4ZHG2c8DThAAuKW/OOu+hamGAkUuNC6SYMh
GZus/VoPJudF5vp+5AkthAo/N5wPxIm/nWJXV8Nr9Cd24TIb7TeX6ESWCkZMs/O3
1BWxJZ93n5Pv6uEPlBp1bh5oj69F2vVm9kal8YmpO8jkuwzuwJgs7f300aiG+JJF
+Pz68w/5B170pguuybyq8UQNJJhYMyo9L9nBAgMBAAGjggFqMIIBZjAJBgNVHRME
AjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNh
dGUwHQYDVR0OBBYEFBNSxrpHA9HfrvuHjvuKZnTXkdN2MIHTBgNVHSMEgcswgciA
FHHdskSE3v+RJciX4ZEOWD5SJZ+qoYGkpIGhMIGeMQswCQYDVQQGEwJERTEPMA0G
A1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZ
MBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLVNQUjEQMA4G
A1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDM
4YnNjPc/ejATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEwYDVR0R
BAwwCoIIZ3ctY2t1YnUwDQYJKoZIhvcNAQELBQADggIBAEDGKiwnx2nlVB4VpK+H
4fE6KYLjqGCpZLliRxXD2V/zLwXt63hYGMPUxUmqq+nnQAIzbReOf4/3avwuaoMc
h8PGmbTdoZic5Qxu0FwN7f24eemYuEtC8R6jrLVHffuCmNX+n94T9Fw8dh5Z4BY9
W3JHr62y5CkRE03VTWgiu4nRluknwyJFYFcj8p8h6kt9qIoSpcaOTfyrhUUgxu4n
jECCw7ZjZbLvaWq4k5Sea9zBL/5p9phJVvgmZBfioMXKbYrg9MUunWxMDJ2+DRdL
vV7wWwByHrMhfbZ71KPAeJF8MsXR6WHaHTzckqOh0l8O5BPzU07IJxhKh2HI2joa
ZfEf5df99ARtH7yUi9qb2/OgqUe2uF/Z6MDUuuipoK95PACf8yvGGEprzqAEusoS
kvXJAkTHBajNPZf3M909Wqy0C8rRVC06+y9AT1Toba3yTb2wUEOFQ4vwJK+Iwi3d
16za6vzZArEgpij2me5RVblwVoSDlqbTTKN/obTOm3Vr2tBX1NCdVaQuwwWTcAmj
zuMd+bluEOOnlBfATuLdnRdgZAA0LbtQAxOcpdUsxR6KxyXFqlo7wPefx7GJKeTa
At0U50Jw76gTAwxTgdgyBuol998pZheyuFavjH9KmWY/q1N+WyOtPgF30VjbpDNf
GXH8zFh56LyFtBxdpjuVSUEj
-----END CERTIFICATE-----
SPR-BE/openvpn/gw-ckubu/keys/gw-ckubu.csr
+29
View File
@@ -0,0 +1,29 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIE7TCCAtUCAQAwgacxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3Jr
IFNlcnZpY2VzMRkwFwYDVQQDExBWUE4tU1BSLWd3LWNrdWJ1MRAwDgYDVQQpEwdW
UE4gU1BSMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCCAiIwDQYJKoZI
hvcNAQEBBQADggIPADCCAgoCggIBANmowNDaf1Pz+ACS/w8DzUiRIu7i6yfteeWB
nVTh4pF0wmmbIV6sq7nFXHefINYYju/szU5Djqm1750YUPKVmJi7c+CNKkQt2kNa
80qPENaZ50TuQAWjHgIgVC1IPpkjk/+2dIk4rVKPwC0B2qolvH8lj1VXgt6ieRU6
CwLCuB5JtvKbOEz0wCS2sCKPscz0R+/9jf+9DAB6Cr1t4MkawJ7h3mn17N3tmfDU
qyGr3hf8nvJgMFBTJsRLKcgdNEfDUGYT1cJ58rqNlBjssx24T2Kv/V72tvgv0Y88
jDQLJIAO/swqWcYaqKHQAvvmg3zYfri10V9MsExKswfEvGLgly+3EkMhPuEU9Jqi
+c5m4awKGx6Ww0YgJJkhgHw+D8/7/EjiaXM2sVwSWijStYRmf/LmYlS2Ts38MHAC
0WjTd2j8iOB1a4djDv2jGSv0iq3zpv63I0FCDqVqTWhzJGkMsUowk4AyWrnKNsMf
C4ZHG2c8DThAAuKW/OOu+hamGAkUuNC6SYMhGZus/VoPJudF5vp+5AkthAo/N5wP
xIm/nWJXV8Nr9Cd24TIb7TeX6ESWCkZMs/O31BWxJZ93n5Pv6uEPlBp1bh5oj69F
2vVm9kal8YmpO8jkuwzuwJgs7f300aiG+JJF+Pz68w/5B170pguuybyq8UQNJJhY
Myo9L9nBAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAgEAGvhTaDqObFzTbnEdTmfM
Oyatagcmh3GIrnyfrn1YK6eZcLCbAodoJMoQE7h0vY32wgwBb59LmjCHElE3GZLG
8OF/cF8qWwSeQYH3rQ7+xsL1b5VF0pdM6UVFfGWUQZJEybj7Hg99ZDjb3co9NdkZ
a1qUub+fi6K9ldcZuFfK92eb6ujj8dGCWNcPIsnqbO+hJAvyZBdJxeeEuiaEvPI0
cv+jaqcuf1txzDwsUG4GVZFjaL2bbk9C+PWKO1lH5dtT0EYhHCGMMthp9dGR513X
M0CLQZhBSFKVt/ZeYD6u4T5fnMylMkSw10vGFmFZTrOa0mvh8QjRzdOJvlxv1lnr
9ZRYIBhzZ47I3N7Hm0xopXpLx22em0P1rk6cXyu5Rjt0NQuyLQHbgKV1r5Z/l9KI
0MN3zB/NSRB/SU+60w0f5Vm4n/6radE4BSXlwMyL9AJy5UpKMePEkSI2eTe58JnH
bIpphpJapGTKdkKyEegdZql7VuZKEoitZLcsIiY040rMYIPTr4w9QADHHFdF1TGy
oIYwgJF0KagHLCTUAte35B9WZ+23ASnUIuYFtv2HgpVCGMrW94Psy8efFI+iM+Yk
zJp3mTVhihoypS36XPnOSgMZJzRkdd0i1tAGSRzfuSqTCHz4CcerXl7W/d7vX5YC
kE4SPiTbo4N2pDtRsu0leQA=
-----END CERTIFICATE REQUEST-----
SPR-BE/openvpn/gw-ckubu/keys/gw-ckubu.key
+54
View File
@@ -0,0 +1,54 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIJpDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIsMy/MytYtzsCAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECM8bcaVcNffeBIIJUNOSqKmf153a
NBjm25drvNrgo+bEd2kxywgcjqIyl/csUjkbx3WWANZZAdRIFgtM2mN6xiGPAzpB
AMU+0FhbMeSC4aaoE6kbu0QREcHxgLemoA1+3c/VMfzTXJQ5xtr84pyBfj7lwYTh
uOC8k5WYV0VCWWwj39TAAfF/eqIzfuN4L2ybSgQyHHyWQPvCgfEPMZi5lBcPtZT5
OQgS30tFTgNOmz+wTex6uOJi0Qqo6MvH3rWv5rRwO17FZU6v+SLXcopvZfrO4WLN
AMHzjIvvfwmO+7/ypLnVdBYCd+CpvBUwcEbPVqrddWhNgidlOkoQzVnK34wexRvm
eDjmm8JbTHFQP8+DMEAODlMPNxMD1vCC/vM7bKMjCNYGjRwrxtL9Z8drp1wgzULJ
8AY3J72+lL1yMQNoch0Niuda3RDBs68FeVvGaFmGCPlzDdfTlex0Pi+BFeuTao0Q
7Y9zfcjyv+p4HxMg6YoIIQYOEogWO58GF1UL0zOJD81j4ihkT7HTWtOskw5E6Kfq
WEWyW5Oe4xR0PZpHNrYVURNg6kIxEBwRFfskFofGac36tKJ2fJseESkuqvXLenNt
Y0Epi/AxwEZa0E+G2ewNPNoBAIvRlOx0CBWWQKeCVaOgsOD0zyqYPsCGFWDl+2d5
i8afGhTw/8oqhwNwr25tWhW1xKbMEGchycywGGQloGvquv7kchJb6lDADZtF1++v
4wgRwtiBYOvkqXSLOpFiZinvmUMmqXD7PqG9yWF7XlnRV8JJ61RP2cuKCTXXCGfI
dtzLnet/4lUV7S0Wd3g1US2iPz6LJ+ngOBQEbAqFvInBiZFyduPwQJo0yswDyJYd
WNhmHumuFSSCdnAF6qVjuKhsNhftY5w+xww6RhAqst1idoVqYSt1LLODwKVQfIPs
uctF108LBYPBGf5tEC5Z1KRpDQO41q3F91eTZTVEH8Su1pW7IbMGt8XTUVRJESbQ
SYH5ELMdd+tb1ccD2fZZV3R6V7vI7ejAzOWdmjqaITtPGsFcMevc36YmJ18OQVBe
mTZJjdx28sGrsoqCSvgc7ii0DFLWZrRs4WRrgoxQq/G0zKLuuGXhlEgVw9QhIfeo
fMj1ebR0oElSimcqwPJYI/DDfhYZUA5Mx2Ewnfs1NS+CGoo+UcDKNHQRR3uEmP7T
1Mhg+MQ3b6ssZ8uZQut1E6bALf9ipH5xkN6rgniJsBL3lzvkN+/5XiE5qz16bmkN
gpF1+8G0/pjDi7a0Fw602ffdD1XAfcV6SMobDgTyMmjybgZHzf6cFy9gKrRa6WV0
do4Oc+uv0Nmj6wrAYO4s/nuJnpeTY0wbuHJgcYnTmUX15kIw+bPJ2UIGjyS8QpkF
evX8XeN48U9mknoQv1OfC6+kE6jgqQiDzigy9nSHFc4kIQWsihO6NKDEia11RWCn
QN3t8sHDNZdFY3dy7nnQRIhFNEy6InjLnUbfhuzgZVaVoaqULH8EmoE78z25zi0H
Xt6P+hkW8zZthYHsucVvyiNqZmIb50MK/5VHuORXsepWD9hX/rEyFxsv71AyBl9x
TSHjk4cgBqVh3uRH8NxNNvWnx7Th03Zk4/2dzNUc5taj3WX2jCH1vaKBMI1BBHJD
QWNIrwCExUOIAbYJLGkyihnTv4PCRlZrYQtMyx0laxYRdWR6lsIk83jcMWkWfhPf
YbYd/XIIR+hOFrUIM28Y2TTPHpJhbuORP7z18o2heUV0ZD3LdMi27/JtsSZHlbOu
nqdP9reWG8Kx6mjEdSFe5hTD0VmZ3Yks1jGp3QBcxQivAbLoXsP5VOMOPr7zXmb1
m9uWqtC+/1L6lAg5iH0YNyvrmRL02uzMiEXBQQDx0CYqcWJY+hwaXU6MnSyUMH7F
H7wAW2cqq1XCBVFWUIPI6P63LUlgewzmseaAGgD7tfbGSsx7BwseMXUwtdOYt+Rp
H8/3QeLLAfgD2Kl7Mv8F8l+KsBRNpaSJVYCqYH5ogzjRiuwDwsOmRdHKRh+r825g
fAJsI3grgZOd7poDQSisRZKOAF/ytTclreostJGfwLEE7IpUA/R7yLPCTI/mdPwT
4zRZ2N0fovkApA6hvhIpnhaA5XXuY7gmN8E0tgokZ7NsiL0JgFUFevEwzvZhlCJI
7edh2kPl379+bT1lgy37Z0V8ntU0S3I/g+6RsepDuWtCGsW434Z+iAAv7aKPJz0H
UqNHS4vElG8tQKBkO+qWRdC19hmM5itQoy/nD935hyZgRBZKFTmO3kNPPyvHVTdJ
hYTN/WAuXAMrP5HvkMv4AXZLQSk/YJCcJsPN5p8Kd40oEuwMumI8HCwXlSnpHnro
prdZrrCCUQ2232zCw5qQ4KZl7i5LB8AkLmNXtMUscHf6Nge3GSTILFaKoFYrDPF5
P6u21fO1R2HcA+b7xKzK6ecpPZA25ggxPMqvRwCnT/gueVSXjOIhd3f2pEs3yVWM
W0HenWuiWcbryuzcPAJytianU1KqtrEYhqFTxcdJAYa4xvFbCtGrmVuJ8NRomSg3
BdL8lOfdYxE5R8VYfVxw2jcLiK4o2Bqjt17kHTzzP95E8Eybkzgo5vycmMedOBsn
rBOUJXYFSo6hONNiMR1vlIxNi2Tdo9w5wKHUerVdXhVSLgvC7SeJeArN6+To+MVR
n73jBAA48VcA8d5miDNnfwEDguP/Fg3+vo9VAWccR3lq9tHT1GkNyz0gyYLxmwoV
2w+QkNYM2SzbrsDJ0GEN7s8gEkeQHuwcXHsdyJnLJQJsTrZaaHDd65BMXseE9dwu
Lgf0zuiq2DCDTJEvabd9siS7wDOxJAKzd3atP1O4ylnzSHgvi7DNQJ8Xeu8FF43L
Sn6KmWhdtfIhL3uNAvI2/6434qWKU4WE5Ro/TjI4uMxmfkTTQPmffJTGnH9nYJjJ
aURTTNSKQGbeyBS9KEUjSyQAAXBaDka4zP93eOi66aeUNaMcod1aKLo9r1LpjVqe
3qLBy7cCP56qaMTJChhwhYWtwyu5AqX2fk4LRAOrm7olFNlbJ/QMYEahztZzFuiO
hCCGNebRqk7IYmXnvoA1gJ7VJEov1QYeLX9xnZqF+qwHzs29pNZwADtvBlWn+MT4
yCy2JxLwIwfVuMsJWRzvHcpeOzmgtDIgUkqGzpjPB5bdtbr7GFbFkpms29DmGLtT
Ujfylfy4W1TZtS1ryCsskAiOrTpXH0G7
-----END ENCRYPTED PRIVATE KEY-----
SPR-BE/openvpn/gw-ckubu/keys/index.txt
+2
View File
@@ -0,0 +1,2 @@
V 380318155951Z 01 unknown /C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-SPR-server/name=VPN SPR/emailAddress=argus@oopen.de
V 380318221306Z 02 unknown /C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-SPR-gw-ckubu/name=VPN SPR/emailAddress=argus@oopen.de
SPR-BE/openvpn/gw-ckubu/keys/index.txt.attr
+1
View File
@@ -0,0 +1 @@
unique_subject = yes
SPR-BE/openvpn/gw-ckubu/keys/index.txt.attr.old
+1
View File
@@ -0,0 +1 @@
unique_subject = yes
SPR-BE/openvpn/gw-ckubu/keys/index.txt.old
+1
View File
@@ -0,0 +1 @@
V 380318155951Z 01 unknown /C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-SPR-server/name=VPN SPR/emailAddress=argus@oopen.de
SPR-BE/openvpn/gw-ckubu/keys/serial
+1
View File
@@ -0,0 +1 @@
03
SPR-BE/openvpn/gw-ckubu/keys/serial.old
+1
View File
@@ -0,0 +1 @@
02
SPR-BE/openvpn/gw-ckubu/keys/server.crt
+141
View File
@@ -0,0 +1,141 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-SPR/name=VPN SPR/emailAddress=argus@oopen.de
Validity
Not Before: Mar 18 15:59:51 2018 GMT
Not After : Mar 18 15:59:51 2038 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-SPR-server/name=VPN SPR/emailAddress=argus@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:a3:49:18:ae:69:4f:5c:4a:34:b1:85:9a:4d:a5:
ce:f6:2d:b5:6a:9e:40:27:02:3b:57:e0:75:ee:1c:
fd:eb:20:56:eb:ed:24:f1:57:a5:cb:ad:0d:09:af:
15:f3:9d:a4:67:8d:e5:a8:67:d5:1b:b8:36:f6:e6:
9c:d3:e8:29:08:d6:8f:a3:5e:e1:e5:30:eb:07:bc:
03:c2:95:a4:93:cc:19:86:c1:89:fb:9d:f5:38:9b:
10:01:6b:74:d2:20:8e:4a:65:34:17:1a:85:39:d4:
35:2b:04:f3:37:4f:f5:93:12:06:fa:c5:04:c3:73:
30:30:1f:33:69:86:bc:60:cf:fb:38:ae:6f:8a:21:
0e:76:35:7e:ba:0d:ad:ae:4c:6b:d0:cf:3b:73:a9:
1e:58:cf:ce:bf:45:8c:52:75:ee:da:a3:f4:6c:24:
8b:bd:b6:f2:db:59:fe:b7:7b:ef:8e:b8:30:ad:67:
dc:bf:3d:ca:d6:e4:b3:86:bc:60:fc:f9:a5:ba:5a:
0c:9d:c9:72:ec:ab:73:6d:2b:f5:9b:f0:a6:a5:c2:
31:6c:5c:a6:54:47:1e:65:73:2b:47:80:bc:27:29:
28:be:45:12:77:5c:44:51:cc:91:55:d3:36:5d:dd:
f1:01:18:68:c5:08:de:ee:06:9b:0c:d3:a7:94:c7:
99:75:c2:bb:f8:2e:19:46:db:d8:13:70:7d:a1:96:
6e:21:8b:32:1b:d6:8d:74:4b:a9:1d:43:53:d2:11:
3b:d9:63:b0:6a:ac:a8:e2:70:15:62:aa:c2:15:d2:
1e:df:34:1e:45:3a:30:b7:54:1a:25:2f:73:c0:d8:
1a:6d:8f:80:aa:7e:86:1a:84:e3:0a:c0:89:61:3f:
fd:bd:19:40:b3:cb:de:2d:aa:97:af:dd:cd:a2:28:
33:17:ae:50:bb:2b:00:d1:01:8a:25:32:56:d8:09:
fd:58:22:fe:33:a1:f3:b5:16:cc:59:ca:d8:d3:8e:
dc:62:13:25:05:c6:6a:02:fb:82:83:35:7b:e4:33:
84:71:18:fa:bb:6e:48:3f:ec:be:72:a2:dd:38:bd:
7a:69:89:28:6c:46:79:bf:34:30:39:5a:9f:a7:e3:
9d:15:73:29:f3:24:f0:84:51:27:38:8a:20:5d:cd:
d6:47:e8:2e:7c:6c:e1:8c:10:29:0a:79:96:24:fa:
94:29:a1:6f:dc:d8:94:fd:d6:f7:62:24:6d:a5:cc:
42:89:94:ee:8c:c4:19:31:0a:49:9d:e2:87:0a:29:
cc:f0:b1:ab:8f:d8:11:71:46:de:2c:d3:a7:5b:2e:
5c:f7:54:92:97:f8:1f:7b:42:23:b9:1e:47:0d:57:
2a:24:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Server
Netscape Comment:
Easy-RSA Generated Server Certificate
X509v3 Subject Key Identifier:
BD:B0:0D:2A:D9:8E:FF:E1:91:B4:A5:26:9C:C4:D3:E8:44:B2:BB:D5
X509v3 Authority Key Identifier:
keyid:71:DD:B2:44:84:DE:FF:91:25:C8:97:E1:91:0E:58:3E:52:25:9F:AA
DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-SPR/name=VPN SPR/emailAddress=argus@oopen.de
serial:CC:E1:89:CD:8C:F7:3F:7A
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Subject Alternative Name:
DNS:server
Signature Algorithm: sha256WithRSAEncryption
5a:36:4b:aa:dc:7c:3a:1d:93:f5:e3:d3:b4:cd:45:e9:ff:64:
9a:61:36:57:06:91:e7:39:24:cf:3c:4d:4a:3a:48:97:49:dc:
90:96:d4:4b:0c:35:a2:88:01:47:f6:a0:5a:74:71:cb:7d:08:
60:2f:4e:ba:de:99:20:e1:8e:75:d1:f6:96:69:9f:53:ed:e6:
7a:31:4a:e2:2a:10:10:94:1b:61:ac:e7:ee:f9:6a:37:ff:80:
49:12:35:f8:65:3e:1e:7d:9f:8a:31:cf:0b:31:cb:a2:37:d3:
7d:1c:41:cd:c9:0c:34:da:bf:5a:d5:52:da:6d:71:fa:37:10:
f1:73:02:5e:0d:01:34:ab:fb:88:5f:ea:ee:9e:e0:1a:e5:58:
e1:b7:f2:a6:01:62:bc:80:2c:42:c0:7a:b9:1d:9e:00:0a:bd:
87:d6:e4:a5:19:ba:65:c5:24:ba:e5:b7:a5:81:3d:34:b2:20:
1c:29:93:98:02:7f:1c:49:53:eb:c9:ef:73:35:cf:31:61:f8:
34:1f:cb:76:58:22:fe:4b:ab:93:b3:83:71:93:1a:5d:78:66:
29:3f:f4:f6:d5:4b:d5:ff:ff:f4:83:2d:f3:73:c3:d9:33:f2:
af:97:4f:f2:f3:f7:54:80:32:30:5b:b3:db:cb:a9:23:e0:df:
e1:d6:bd:db:3a:36:55:52:19:e7:1e:6e:72:0c:25:43:31:c3:
b5:01:27:af:72:85:e9:ab:ce:5a:62:8b:c0:73:be:67:52:56:
a2:6c:04:74:66:46:ab:fb:03:d3:3a:89:e9:7c:8a:0b:e5:d1:
01:52:00:41:f1:aa:fe:48:8b:ab:af:e1:4b:40:16:2e:f0:3e:
50:cb:6d:d9:bb:95:1f:f3:56:17:6e:67:aa:00:bd:da:9b:2c:
8c:b5:dc:3c:41:0d:87:7b:05:5a:6f:a5:a2:d2:cf:bb:a0:7e:
d5:aa:d1:cc:d8:57:9a:81:cb:ef:7f:ad:76:95:eb:65:6f:c0:
2e:21:61:fa:9c:6a:ee:f3:f9:d3:7a:9c:e1:5a:37:83:1d:61:
85:01:70:26:54:29:bf:52:50:7c:ff:5c:24:94:0a:5e:f5:37:
a8:36:2a:83:c8:d1:1a:ae:bb:19:b3:1b:a1:68:14:ef:33:a5:
7a:d1:b7:ff:74:d5:69:08:91:f7:f2:d6:e1:12:c2:17:70:e2:
13:f8:17:92:31:19:46:35:a9:13:79:f9:cf:2a:b9:8b:7a:2b:
b4:76:d0:0f:3b:75:0c:99:99:a7:dd:26:f1:da:82:7b:f7:d7:
67:8c:cc:c8:16:63:c9:c2:23:47:71:a1:cd:34:88:a9:8a:fa:
59:f3:1f:08:ab:e1:33:a6
-----BEGIN CERTIFICATE-----
MIIHRDCCBSygAwIBAgIBATANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1TUFIx
EDAOBgNVBCkTB1ZQTiBTUFIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRl
MB4XDTE4MDMxODE1NTk1MVoXDTM4MDMxODE1NTk1MVowgaUxCzAJBgNVBAYTAkRF
MQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5v
cGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRcwFQYDVQQDEw5WUE4tU1BS
LXNlcnZlcjEQMA4GA1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
b29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCjSRiuaU9c
SjSxhZpNpc72LbVqnkAnAjtX4HXuHP3rIFbr7STxV6XLrQ0JrxXznaRnjeWoZ9Ub
uDb25pzT6CkI1o+jXuHlMOsHvAPClaSTzBmGwYn7nfU4mxABa3TSII5KZTQXGoU5
1DUrBPM3T/WTEgb6xQTDczAwHzNphrxgz/s4rm+KIQ52NX66Da2uTGvQzztzqR5Y
z86/RYxSde7ao/RsJIu9tvLbWf63e++OuDCtZ9y/PcrW5LOGvGD8+aW6WgydyXLs
q3NtK/Wb8KalwjFsXKZURx5lcytHgLwnKSi+RRJ3XERRzJFV0zZd3fEBGGjFCN7u
BpsM06eUx5l1wrv4LhlG29gTcH2hlm4hizIb1o10S6kdQ1PSETvZY7BqrKjicBVi
qsIV0h7fNB5FOjC3VBolL3PA2Bptj4CqfoYahOMKwIlhP/29GUCzy94tqpev3c2i
KDMXrlC7KwDRAYolMlbYCf1YIv4zofO1FsxZytjTjtxiEyUFxmoC+4KDNXvkM4Rx
GPq7bkg/7L5yot04vXppiShsRnm/NDA5Wp+n450VcynzJPCEUSc4iiBdzdZH6C58
bOGMECkKeZYk+pQpoW/c2JT91vdiJG2lzEKJlO6MxBkxCkmd4ocKKczwsauP2BFx
Rt4s06dbLlz3VJKX+B97QiO5HkcNVyokuwIDAQABo4IBgjCCAX4wCQYDVR0TBAIw
ADARBglghkgBhvhCAQEEBAMCBkAwNAYJYIZIAYb4QgENBCcWJUVhc3ktUlNBIEdl
bmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFL2wDSrZjv/hkbSl
JpzE0+hEsrvVMIHTBgNVHSMEgcswgciAFHHdskSE3v+RJciX4ZEOWD5SJZ+qoYGk
pIGhMIGeMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZC
ZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNl
czEQMA4GA1UEAxMHVlBOLVNQUjEQMA4GA1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3
DQEJARYOYXJndXNAb29wZW4uZGWCCQDM4YnNjPc/ejATBgNVHSUEDDAKBggrBgEF
BQcDATALBgNVHQ8EBAMCBaAwEQYDVR0RBAowCIIGc2VydmVyMA0GCSqGSIb3DQEB
CwUAA4ICAQBaNkuq3Hw6HZP149O0zUXp/2SaYTZXBpHnOSTPPE1KOkiXSdyQltRL
DDWiiAFH9qBadHHLfQhgL0663pkg4Y510faWaZ9T7eZ6MUriKhAQlBthrOfu+Wo3
/4BJEjX4ZT4efZ+KMc8LMcuiN9N9HEHNyQw02r9a1VLabXH6NxDxcwJeDQE0q/uI
X+runuAa5Vjht/KmAWK8gCxCwHq5HZ4ACr2H1uSlGbplxSS65belgT00siAcKZOY
An8cSVPrye9zNc8xYfg0H8t2WCL+S6uTs4NxkxpdeGYpP/T21UvV///0gy3zc8PZ
M/Kvl0/y8/dUgDIwW7Pby6kj4N/h1r3bOjZVUhnnHm5yDCVDMcO1ASevcoXpq85a
YovAc75nUlaibAR0Zkar+wPTOonpfIoL5dEBUgBB8ar+SIurr+FLQBYu8D5Qy23Z
u5Uf81YXbmeqAL3amyyMtdw8QQ2HewVab6Wi0s+7oH7VqtHM2Feagcvvf612letl
b8AuIWH6nGru8/nTepzhWjeDHWGFAXAmVCm/UlB8/1wklApe9TeoNiqDyNEarrsZ
sxuhaBTvM6V60bf/dNVpCJH38tbhEsIXcOIT+BeSMRlGNakTefnPKrmLeiu0dtAP
O3UMmZmn3Sbx2oJ799dnjMzIFmPJwiNHcaHNNIipivpZ8x8Iq+Ezpg==
-----END CERTIFICATE-----
SPR-BE/openvpn/gw-ckubu/keys/server.csr
+29
View File
@@ -0,0 +1,29 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIE6zCCAtMCAQAwgaUxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3Jr
IFNlcnZpY2VzMRcwFQYDVQQDEw5WUE4tU1BSLXNlcnZlcjEQMA4GA1UEKRMHVlBO
IFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwggIiMA0GCSqGSIb3
DQEBAQUAA4ICDwAwggIKAoICAQCjSRiuaU9cSjSxhZpNpc72LbVqnkAnAjtX4HXu
HP3rIFbr7STxV6XLrQ0JrxXznaRnjeWoZ9UbuDb25pzT6CkI1o+jXuHlMOsHvAPC
laSTzBmGwYn7nfU4mxABa3TSII5KZTQXGoU51DUrBPM3T/WTEgb6xQTDczAwHzNp
hrxgz/s4rm+KIQ52NX66Da2uTGvQzztzqR5Yz86/RYxSde7ao/RsJIu9tvLbWf63
e++OuDCtZ9y/PcrW5LOGvGD8+aW6WgydyXLsq3NtK/Wb8KalwjFsXKZURx5lcytH
gLwnKSi+RRJ3XERRzJFV0zZd3fEBGGjFCN7uBpsM06eUx5l1wrv4LhlG29gTcH2h
lm4hizIb1o10S6kdQ1PSETvZY7BqrKjicBViqsIV0h7fNB5FOjC3VBolL3PA2Bpt
j4CqfoYahOMKwIlhP/29GUCzy94tqpev3c2iKDMXrlC7KwDRAYolMlbYCf1YIv4z
ofO1FsxZytjTjtxiEyUFxmoC+4KDNXvkM4RxGPq7bkg/7L5yot04vXppiShsRnm/
NDA5Wp+n450VcynzJPCEUSc4iiBdzdZH6C58bOGMECkKeZYk+pQpoW/c2JT91vdi
JG2lzEKJlO6MxBkxCkmd4ocKKczwsauP2BFxRt4s06dbLlz3VJKX+B97QiO5HkcN
VyokuwIDAQABoAAwDQYJKoZIhvcNAQELBQADggIBAI6QRLHWK/ezt9t8yLbpFx4M
mtORWMRiS1JWK3so4CHiXNihm8RIAUkigfKk8PLn25DO9ZRuv4uoB6/lOcYX448Z
CuAW3y1ciej3uNYh3ok+rqrd2QMSiNsq1ZKSrxH3apzm7Bx2RcXUzE/1pYbWXcY5
6VbuKjHmMcGMtRXr2DJyhZURmFs03d38b2qJ+TtbpEQJQr/J9nnC2bouFo9MiV8A
drBS2mfFtjby7kdvHOGMuE4uoy8ANXdde1dMfpIyy+znsX8o0Byi91wWqKueaWpV
62TxyJfXCA0BbZH0oeaVDReSYK7Q1oLOai2sGjWpK0JmZV6t+X7Ra3SqWNgQrgPw
n/W+U/hcKFSedhaY5xu+HnonNUVDLNhHH1P4LngaCpUOGLdW/deJm3DoFGj2jSp3
eDbLCFdj2Hi+LXYrpN7GNYnz5WdkRhsd2AWDnvxNi+LrQUbM4n0JCCVAglSTHnze
c/zG1ssuD9AuU5RcvBd9no4EWdeygxr3MFNB85cMuKF5x/fkPcP7XM2JXlEgDusU
UvJp9VnWNgB/zvpjetqbL5KCfUdXyRAxuQ7NK01vtZzVz3pjiV/iT21ocobIySPB
LPI9ZpVvWwkQPM1wLmez4nLg7+Kj6fyrX/kx6fAaCQVjOrJI22IoKMg/rNxDgkQe
Y2UEmQLAqTK8ichJa/Pi
-----END CERTIFICATE REQUEST-----
SPR-BE/openvpn/gw-ckubu/keys/server.key
+52
View File
@@ -0,0 +1,52 @@
-----BEGIN PRIVATE KEY-----
MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCjSRiuaU9cSjSx
hZpNpc72LbVqnkAnAjtX4HXuHP3rIFbr7STxV6XLrQ0JrxXznaRnjeWoZ9UbuDb2
5pzT6CkI1o+jXuHlMOsHvAPClaSTzBmGwYn7nfU4mxABa3TSII5KZTQXGoU51DUr
BPM3T/WTEgb6xQTDczAwHzNphrxgz/s4rm+KIQ52NX66Da2uTGvQzztzqR5Yz86/
RYxSde7ao/RsJIu9tvLbWf63e++OuDCtZ9y/PcrW5LOGvGD8+aW6WgydyXLsq3Nt
K/Wb8KalwjFsXKZURx5lcytHgLwnKSi+RRJ3XERRzJFV0zZd3fEBGGjFCN7uBpsM
06eUx5l1wrv4LhlG29gTcH2hlm4hizIb1o10S6kdQ1PSETvZY7BqrKjicBViqsIV
0h7fNB5FOjC3VBolL3PA2Bptj4CqfoYahOMKwIlhP/29GUCzy94tqpev3c2iKDMX
rlC7KwDRAYolMlbYCf1YIv4zofO1FsxZytjTjtxiEyUFxmoC+4KDNXvkM4RxGPq7
bkg/7L5yot04vXppiShsRnm/NDA5Wp+n450VcynzJPCEUSc4iiBdzdZH6C58bOGM
ECkKeZYk+pQpoW/c2JT91vdiJG2lzEKJlO6MxBkxCkmd4ocKKczwsauP2BFxRt4s
06dbLlz3VJKX+B97QiO5HkcNVyokuwIDAQABAoICAEX72Vk/h6UdpPIFOjpXe5nl
w2C8DPDrMvYaHVF+GZKCHN8nl/LcxxHBzNm+siDlCwbbOXhxcFReIyi1dLgaRCQm
mg/CZf1udv2spsvqiUxTaQlpwDMY43Zsd3K0VLCPBY17TNUuJ7W+bz9N8tRdL/rl
+hnXAZCnuRqW9Nkgx3KTEbCciu/f9SvTB8rEfBE9beRkPa336SrVfl5ad6cMJuCM
7wC+tSoN1I8RRmvr8aPw6+QWpPVOjbaG9S8lZEho05BIcinaoqgvX9yFv9IjVbmr
vrUcDKoIhU2kDAOseHgsWusZ/a0s3ZdVn2DyktWuf1Ih3R2+DJZmPGRF/wh0eB/i
gbht0nQXCylbiA0BxwS3HtRg2eqU7xE07YEuo19hKl8JmWe2aFwqs9L7WvkNU1Y9
Ega62Z83vPZdDkdWKhEj/y6lgbMj0N8OLHAjXRVfecMM3X5Rq5l6sTpwu6Np2jH4
J0QSPGipFt1Z1WWrgxuMTh+O0vMYRzZHoBqRORT1fFClAxbBe9NA7hia+uq8c+PQ
cE2jb8o2gsqm8x236RjgIg0jA8yjryx8KNnpYyN+IHKaXrgykNS6LPM0t7NjpXEA
Ym98u4Vw6Wx/PjE/uFVvP7IJO0705la7He3Mokqk6Irln5JRyaJcKIPF6goP3UmT
4cLakO3Rz0jA69T/d6HxAoIBAQDUTjJks9jGOwkOb38Kao761IUUfl2LjNV4SFUm
S83ZO+8yqEbI2ylcR8WmGGc+y+8RtXDkDEcR/UungnqrmDFMt8DxPlYSvD6AYvnF
OxBhrR86YF780kIaGR5HCliNyj1nbUsbmPcAZN+DtzPwJ/JcH0hVI77CkaDHaQTM
CDmJRCW6nThvAkNG5vNEajvdTXW+2WeHtQKBET7foDoEy63E9ic+1bKUeonlsTvN
JnPSzKzhEQ2mInUF5ujpPrJJLQrkCck0cFrsckGXpYuhtxJKfCy7UUo0JKN2oN5k
ENXP+yx3/VTs9w8wg5/NtxXfcGTlyExEVRGb8vsAbQ6NNrFTAoIBAQDE5Cv1IoRD
Wo9pgbQIkr9I1bbqLPN9e2abdGyclvKSr+cs978ZTijo/FEJQZYvs59Gb70hBkHF
rRXivviLw5Y0Fzf8W9pCh98RfQMuki+eJg9tERvcoqZwYRIJ4lvkiG4WCDdNFV08
rJTebgUXPExkBjG0iKuFe8Fex2dOSaIpBSf10Y7mEdWgtENySAymvpJrU+Z3S8o5
c4k3qPuTBLJKCSZ6uAX6CaVsS0kdb1IrnI8h2xrW/rhP14JH/+qEvi7qNOO6X/n3
cn8RoB8q1O7i9tPnytiQ34MuzIL9qddcK0juXkZHta61rLs+s5mMgOMr0XrYcImB
LY6H9+O6HUn5AoIBAQCgUykFGTejgyN0rkg+wneU/fY9oqvb3Y+7VMxQrkAWQ4eA
Nsm1lqOmV2Dv7E/TgUfZlK5a2Na2xBRkvEkM2lKof7+JrqxrW5LLe3LpOZBGYulJ
OUuiGtnmQX+24B49fTNfro5gmeQ1fPe5zRjAzDnezZTfDq5Y2oaS8EC6H5/rg/YF
9gKO+iN6IKAm0x7AIWXAqQbg2ZW5iB912tbVlkZ0jfrXHaPNMrh+J5hkdRxUXVJU
aH9pLW439cd/lGQolIY77RPvsMVI94OHFHHcvpZmf118W4fw1pZG2Hb5FCmS9TgA
qOOAS5ZB6bQ9MnynDoZzbA4EMEWrAhQAn1q000+XAoIBADXifGVKXQhR8I3fgXYX
M2KrmrPcOYdODnbdFhyE8z5SBeK4qwQx7+BTrZnq6T+E2UJdslUncTi4dhToTv1x
OdpnwFrAiKtMpDAVFpnYSE/v+qjO1eE8YnC/IEC0QpH5BKfi97+Q6UOBt/xn/9ys
E/wL9e6CuO5/QBzAVfWHEWpIjvcnswQkPWMN8qeEMHIyFcBp5dkgVOgERrmE9dT2
pBS/DFjppDkaCrvonsn/fW2SG1oYrO/KJoczY+Rwla5enlhawThwq+ic3UnlmKIQ
RJC5HKWDTmHXyf802WSy5s3CyuLxyio1/uqZq2Utoghh/cowOn6hzgAch7WOkjSN
b4ECggEBALCHLM/0yNro6VoT+4t7xt4qAySwgqHGVB6p6ab4gQlE6vxVc/VizUSg
Tv+u4TRAvT6zWesaw7rk3EdK+0Rh3YEJRQdA0dPhHF6uKoM3Sm5dBQwbH/EUbpL+
mfq25Q0ODC63967tx+/w8he5jrjcHUblVCSYbGpap3edOEpTkF+y4afJqqJtDico
hxog9InN+dO1cQ8VstVVt0WEtBWtCF5MsE8y07UYw1fwagbbrUsX13oqF0iRP3yy
oZOKgOBMpSMwgHEtQSOxM72GRAMbiqE+NX7TGjCH8TqarSf9d0F16tIx+ThYDrva
tFQ3nrI6uytJXZJKQ6yzsnPZyLYxRE0=
-----END PRIVATE KEY-----
SPR-BE/openvpn/gw-ckubu/keys/ta.key
+21
View File
@@ -0,0 +1,21 @@
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
50c09d4cd2d32cbfadcc9ebff8e624d2
f7a5730ff6b708aad8a6bb14b3a7619d
e32764bbe875f11ce46213a35500cc2c
fd0b6bf2e7b8cc2392a478ad7f4e7c7a
3fbe2e50a781ea9a4fd83cfaf64725db
98b4740b145e2d948b3b09975866c03b
a268f82e767fa2517b469ec3e563d321
8156f8f192f75bf8385697aeed6b9f33
fd74e02426437c42dc7a85afd828012a
911e7d8e837249d33a4209dbd0a2c017
c0ee31207a0e5ba05e736fa1c9af1cbb
0b39dab31939eb37df367d1eccf61ff3
28135f42ba70344179186cdd0cac5058
9cb4bac7dd08436d1efbd452b72416e8
59bc9118c2c6aba6107faca0604d947f
ff8569318b234e4ddbb68189b1504969
-----END OpenVPN Static key V1-----
SPR-BE/openvpn/server-gw-ckubu.conf
+314
View File
@@ -0,0 +1,314 @@
#################################################
# Sample OpenVPN 2.0 config file for #
# multi-client server. #
# #
# This file is for the server side #
# of a many-clients <-> one-server #
# OpenVPN configuration. #
# #
# OpenVPN also supports #
# single-machine <-> single-machine #
# configurations (See the Examples page #
# on the web site for more info). #
# #
# This config should work on Windows #
# or Linux/BSD systems. Remember on #
# Windows to quote pathnames and use #
# double backslashes, e.g.: #
# "C:\\Program Files\\OpenVPN\\config\\foo.key" #
# #
# Comments are preceded with '#' or ';' #
#################################################
# Which local IP address should OpenVPN
# listen on? (optional)
;local a.b.c.d
# Which TCP/UDP port should OpenVPN listen on?
# If you want to run multiple OpenVPN instances
# on the same machine, use a different port
# number for each one. You will need to
# open up this port on your firewall.
port 1195
# TCP or UDP server?
;proto tcp
proto udp
topology subnet
route 192.168.63.0 255.255.255.0 10.1.92.1
route 192.168.64.0 255.255.255.0 10.1.92.1
# "dev tun" will create a routed IP tunnel,
# "dev tap" will create an ethernet tunnel.
# Use "dev tap" if you are ethernet bridging.
# If you want to control access policies
# over the VPN, you must create firewall
# rules for the the TUN/TAP interface.
# On non-Windows systems, you can give
# an explicit unit number, such as tun0.
# On Windows, use "dev-node" for this.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Enable TUN IPv6 module
;tun-ipv6
# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel if you
# have more than one. On XP SP2 or higher,
# you may need to selectively disable the
# Windows firewall for the TAP adapter.
# Non-Windows systems usually don't need this.
;dev-node MyTap
# SSL/TLS root certificate (ca), certificate
# (cert), and private key (key). Each client
# and the server must have their own cert and
# key file. The server and all clients will
# use the same ca file.
#
# See the "easy-rsa" directory for a series
# of scripts for generating RSA certificates
# and private keys. Remember to use
# a unique Common Name for the server
# and each of the client certificates.
#
# Any X509 key management system can be used.
# OpenVPN can also use a PKCS #12 formatted key file
# (see "pkcs12" directive in man page).
ca /etc/openvpn/gw-ckubu/keys/ca.crt
cert /etc/openvpn/gw-ckubu/keys/server.crt
key /etc/openvpn/gw-ckubu/keys/server.key # This file should be kept secret
# Diffie hellman parameters.
# Generate your own with:
# openssl dhparam -out dh1024.pem 1024
# Substitute 2048 for 1024 if you are using
# 2048 bit keys.
dh /etc/openvpn/gw-ckubu/keys/dh4096.pem
# Configure server mode and supply a VPN subnet
# for OpenVPN to draw client addresses from.
# The server will take 10.8.0.1 for itself,
# the rest will be made available to clients.
# Each client will be able to reach the server
# on 10.8.0.1. Comment this line out if you are
# ethernet bridging. See the man page for more info.
;server 10.8.0.0 255.255.255.0
;server-ipv6 2a01:30:1fff:fd00::/64
server 10.1.92.0 255.255.255.0
# Maintain a record of client <-> virtual IP address
# associations in this file. If OpenVPN goes down or
# is restarted, reconnecting clients can be assigned
# the same virtual IP address from the pool that was
# previously assigned.
ifconfig-pool-persist /etc/openvpn/gw-ckubu/ipp.txt
# Configure server mode for ethernet bridging.
# You must first use your OS's bridging capability
# to bridge the TAP interface with the ethernet
# NIC interface. Then you must manually set the
# IP/netmask on the bridge interface, here we
# assume 10.8.0.4/255.255.255.0. Finally we
# must set aside an IP range in this subnet
# (start=10.8.0.50 end=10.8.0.100) to allocate
# to connecting clients. Leave this line commented
# out unless you are ethernet bridging.
;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
# Push routes to the client to allow it
# to reach other private subnets behind
# the server. Remember that these
# private subnets will also need
# to know to route the OpenVPN client
# address pool (10.8.0.0/255.255.255.0)
# back to the OpenVPN server.
;push "route 10.8.0.0 255.255.255.0"
# To assign specific IP addresses to specific
# clients or if a connecting client has a private
# subnet behind it that should also have VPN access,
# use the subdirectory "ccd" for client-specific
# configuration files (see man page for more info).
client-config-dir /etc/openvpn/gw-ckubu/ccd/server-gw-ckubu
# ---
# EXAMPLE: Suppose the client
# having the certificate common name "Thelonious"
# also has a small subnet behind his connecting
# machine, such as 192.168.40.128/255.255.255.248.
# First, uncomment out these lines:
;client-config-dir /etc/openvpn/ccd
;route 192.168.40.128 255.255.255.248
# Then create a file ccd/Thelonious with this line:
# iroute 192.168.40.128 255.255.255.248
# This will allow Thelonious' private subnet to
# access the VPN. This example will only work
# if you are routing, not bridging, i.e. you are
# using "dev tun" and "server" directives.
# ---
# ---
# EXAMPLE: Suppose you want to give
# Thelonious a fixed VPN IP address of 10.9.0.1.
# First uncomment out these lines:
;client-config-dir ccd
;route 10.9.0.0 255.255.255.252
# Then add this line to ccd/Thelonious:
# ifconfig-push 10.9.0.1 10.9.0.2
# ---
# ---
# Suppose that you want to enable different
# firewall access policies for different groups
# of clients. There are two methods:
# (1) Run multiple OpenVPN daemons, one for each
# group, and firewall the TUN/TAP interface
# for each group/daemon appropriately.
# (2) (Advanced) Create a script to dynamically
# modify the firewall in response to access
# from different clients. See man
# page for more info on learn-address script.
;learn-address ./script
# ---
# If enabled, this directive will configure
# all clients to redirect their default
# network gateway through the VPN, causing
# all IP traffic such as web browsing and
# and DNS lookups to go through the VPN
# (The OpenVPN server machine may need to NAT
# the TUN/TAP interface to the internet in
# order for this to work properly).
# CAVEAT: May break client's network config if
# client's local DHCP server packets get routed
# through the tunnel. Solution: make sure
# client's local DHCP server is reachable via
# a more specific route than the default route
# of 0.0.0.0/0.0.0.0.
;push "redirect-gateway"
# Certain Windows-specific network settings
# can be pushed to clients, such as DNS
# or WINS server addresses. CAVEAT:
# http://openvpn.net/faq.html#dhcpcaveats
;push "dhcp-option WINS 10.8.0.1"
# Uncomment this directive to allow different
# clients to be able to "see" each other.
# By default, clients will only see the server.
# To force clients to only see the server, you
# will also need to appropriately firewall the
# server's TUN/TAP interface.
client-to-client
# Uncomment this directive if multiple clients
# might connect with the same certificate/key
# files or common names. This is recommended
# only for testing purposes. For production use,
# each client should have its own certificate/key
# pair.
#
# IF YOU HAVE NOT GENERATED INDIVIDUAL
# CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
# EACH HAVING ITS OWN UNIQUE "COMMON NAME",
# UNCOMMENT THIS LINE OUT.
;duplicate-cn
# The keepalive directive causes ping-like
# messages to be sent back and forth over
# the link so that each side knows when
# the other side has gone down.
# Ping every 10 seconds, assume that remote
# peer is down if no ping received during
# a 120 second time period.
keepalive 10 120
# For extra security beyond that provided
# by SSL/TLS, create an "HMAC firewall"
# to help block DoS attacks and UDP port flooding.
#
# Generate with:
# openvpn --genkey --secret ta.key
#
# The server and each client must have
# a copy of this key.
# The second parameter should be '0'
# on the server and '1' on the clients.
;tls-auth ta.key 0 # This file is secret
tls-auth /etc/openvpn/gw-ckubu/keys/ta.key 0
# Select a cryptographic cipher.
# This config item must be copied to
# the client config file as well.
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
cipher AES-256-CBC
# Enable compression on the VPN link.
# If you enable it here, you must also
# enable it in the client config file.
;comp-lzo
# The maximum number of concurrently connected
# clients we want to allow.
;max-clients 100
# It's a good idea to reduce the OpenVPN
# daemon's privileges after initialization.
#
# You can uncomment this out on
# non-Windows systems.
user nobody
group nogroup
# The persist options will try to avoid
# accessing certain resources on restart
# that may no longer be accessible because
# of the privilege downgrade.
persist-key
persist-tun
persist-local-ip
persist-remote-ip
# Output a short status file showing
# current connections, truncated
# and rewritten every minute.
;status openvpn-status.log
status /var/log/openvpn/status-server-gw-ckubu.log
# By default, log messages will go to the syslog (or
# on Windows, if running as a service, they will go to
# the "\Program Files\OpenVPN\log" directory).
# Use log or log-append to override this default.
# "log" will truncate the log file on OpenVPN startup,
# while "log-append" will append to it. Use one
# or the other (but not both).
;log-append openvpn.log
;log openvpn.log
log /var/log/openvpn/server-gw-ckubu.log
# Set the appropriate level of log
# file verbosity.
#
# 0 is silent, except for fatal errors
# 4 is reasonable for general usage
# 5 and 6 can help to debug connection problems
# 9 is extremely verbose
verb 1
# Silence repeating messages. At most 20
# sequential messages of the same message
# category will be output to the log.
;mute 20
# CRL (certificate revocation list) verification
crl-verify /etc/openvpn/gw-ckubu/crl.pem
SPR-BE/openvpn/server-spr.conf
+314
View File
@@ -0,0 +1,314 @@
#################################################
# Sample OpenVPN 2.0 config file for #
# multi-client server. #
# #
# This file is for the server side #
# of a many-clients <-> one-server #
# OpenVPN configuration. #
# #
# OpenVPN also supports #
# single-machine <-> single-machine #
# configurations (See the Examples page #
# on the web site for more info). #
# #
# This config should work on Windows #
# or Linux/BSD systems. Remember on #
# Windows to quote pathnames and use #
# double backslashes, e.g.: #
# "C:\\Program Files\\OpenVPN\\config\\foo.key" #
# #
# Comments are preceded with '#' or ';' #
#################################################
# Which local IP address should OpenVPN
# listen on? (optional)
;local a.b.c.d
# Which TCP/UDP port should OpenVPN listen on?
# If you want to run multiple OpenVPN instances
# on the same machine, use a different port
# number for each one. You will need to
# open up this port on your firewall.
port 1194
# TCP or UDP server?
;proto tcp
proto udp
topology subnet
# "dev tun" will create a routed IP tunnel,
# "dev tap" will create an ethernet tunnel.
# Use "dev tap" if you are ethernet bridging.
# If you want to control access policies
# over the VPN, you must create firewall
# rules for the the TUN/TAP interface.
# On non-Windows systems, you can give
# an explicit unit number, such as tun0.
# On Windows, use "dev-node" for this.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Enable TUN IPv6 module
;tun-ipv6
# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel if you
# have more than one. On XP SP2 or higher,
# you may need to selectively disable the
# Windows firewall for the TAP adapter.
# Non-Windows systems usually don't need this.
;dev-node MyTap
# SSL/TLS root certificate (ca), certificate
# (cert), and private key (key). Each client
# and the server must have their own cert and
# key file. The server and all clients will
# use the same ca file.
#
# See the "easy-rsa" directory for a series
# of scripts for generating RSA certificates
# and private keys. Remember to use
# a unique Common Name for the server
# and each of the client certificates.
#
# Any X509 key management system can be used.
# OpenVPN can also use a PKCS #12 formatted key file
# (see "pkcs12" directive in man page).
ca /etc/openvpn/spr/keys/ca.crt
cert /etc/openvpn/spr/keys/server.crt
key /etc/openvpn/spr/keys/server.key # This file should be kept secret
# Diffie hellman parameters.
# Generate your own with:
# openssl dhparam -out dh1024.pem 1024
# Substitute 2048 for 1024 if you are using
# 2048 bit keys.
dh /etc/openvpn/spr/keys/dh4096.pem
# Configure server mode and supply a VPN subnet
# for OpenVPN to draw client addresses from.
# The server will take 10.8.0.1 for itself,
# the rest will be made available to clients.
# Each client will be able to reach the server
# on 10.8.0.1. Comment this line out if you are
# ethernet bridging. See the man page for more info.
;server 10.8.0.0 255.255.255.0
;server-ipv6 2a01:30:1fff:fd00::/64
server 10.0.92.0 255.255.255.0
# Maintain a record of client <-> virtual IP address
# associations in this file. If OpenVPN goes down or
# is restarted, reconnecting clients can be assigned
# the same virtual IP address from the pool that was
# previously assigned.
ifconfig-pool-persist /etc/openvpn/spr/ipp.txt
# Configure server mode for ethernet bridging.
# You must first use your OS's bridging capability
# to bridge the TAP interface with the ethernet
# NIC interface. Then you must manually set the
# IP/netmask on the bridge interface, here we
# assume 10.8.0.4/255.255.255.0. Finally we
# must set aside an IP range in this subnet
# (start=10.8.0.50 end=10.8.0.100) to allocate
# to connecting clients. Leave this line commented
# out unless you are ethernet bridging.
;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
# Push routes to the client to allow it
# to reach other private subnets behind
# the server. Remember that these
# private subnets will also need
# to know to route the OpenVPN client
# address pool (10.8.0.0/255.255.255.0)
# back to the OpenVPN server.
;push "route 10.8.0.0 255.255.255.0"
push "route 192.168.92.0 255.255.255.0"
# To assign specific IP addresses to specific
# clients or if a connecting client has a private
# subnet behind it that should also have VPN access,
# use the subdirectory "ccd" for client-specific
# configuration files (see man page for more info).
client-config-dir /etc/openvpn/spr/ccd/server-spr
# ---
# EXAMPLE: Suppose the client
# having the certificate common name "Thelonious"
# also has a small subnet behind his connecting
# machine, such as 192.168.40.128/255.255.255.248.
# First, uncomment out these lines:
;client-config-dir /etc/openvpn/ccd
;route 192.168.40.128 255.255.255.248
# Then create a file ccd/Thelonious with this line:
# iroute 192.168.40.128 255.255.255.248
# This will allow Thelonious' private subnet to
# access the VPN. This example will only work
# if you are routing, not bridging, i.e. you are
# using "dev tun" and "server" directives.
# ---
# ---
# EXAMPLE: Suppose you want to give
# Thelonious a fixed VPN IP address of 10.9.0.1.
# First uncomment out these lines:
;client-config-dir ccd
;route 10.9.0.0 255.255.255.252
# Then add this line to ccd/Thelonious:
# ifconfig-push 10.9.0.1 10.9.0.2
# ---
# ---
# Suppose that you want to enable different
# firewall access policies for different groups
# of clients. There are two methods:
# (1) Run multiple OpenVPN daemons, one for each
# group, and firewall the TUN/TAP interface
# for each group/daemon appropriately.
# (2) (Advanced) Create a script to dynamically
# modify the firewall in response to access
# from different clients. See man
# page for more info on learn-address script.
;learn-address ./script
# ---
# If enabled, this directive will configure
# all clients to redirect their default
# network gateway through the VPN, causing
# all IP traffic such as web browsing and
# and DNS lookups to go through the VPN
# (The OpenVPN server machine may need to NAT
# the TUN/TAP interface to the internet in
# order for this to work properly).
# CAVEAT: May break client's network config if
# client's local DHCP server packets get routed
# through the tunnel. Solution: make sure
# client's local DHCP server is reachable via
# a more specific route than the default route
# of 0.0.0.0/0.0.0.0.
;push "redirect-gateway"
# Certain Windows-specific network settings
# can be pushed to clients, such as DNS
# or WINS server addresses. CAVEAT:
# http://openvpn.net/faq.html#dhcpcaveats
;push "dhcp-option WINS 10.8.0.1"
push "dhcp-option DNS 192.168.92.1"
push "dhcp-option DOMAIN sprachenatelier.netz"
# Uncomment this directive to allow different
# clients to be able to "see" each other.
# By default, clients will only see the server.
# To force clients to only see the server, you
# will also need to appropriately firewall the
# server's TUN/TAP interface.
client-to-client
# Uncomment this directive if multiple clients
# might connect with the same certificate/key
# files or common names. This is recommended
# only for testing purposes. For production use,
# each client should have its own certificate/key
# pair.
#
# IF YOU HAVE NOT GENERATED INDIVIDUAL
# CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
# EACH HAVING ITS OWN UNIQUE "COMMON NAME",
# UNCOMMENT THIS LINE OUT.
;duplicate-cn
# The keepalive directive causes ping-like
# messages to be sent back and forth over
# the link so that each side knows when
# the other side has gone down.
# Ping every 10 seconds, assume that remote
# peer is down if no ping received during
# a 120 second time period.
keepalive 10 120
# For extra security beyond that provided
# by SSL/TLS, create an "HMAC firewall"
# to help block DoS attacks and UDP port flooding.
#
# Generate with:
# openvpn --genkey --secret ta.key
#
# The server and each client must have
# a copy of this key.
# The second parameter should be '0'
# on the server and '1' on the clients.
;tls-auth ta.key 0 # This file is secret
tls-auth /etc/openvpn/spr/keys/ta.key 0
# Select a cryptographic cipher.
# This config item must be copied to
# the client config file as well.
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
# Enable compression on the VPN link.
# If you enable it here, you must also
# enable it in the client config file.
;comp-lzo
# The maximum number of concurrently connected
# clients we want to allow.
;max-clients 100
# It's a good idea to reduce the OpenVPN
# daemon's privileges after initialization.
#
# You can uncomment this out on
# non-Windows systems.
user nobody
group nogroup
# The persist options will try to avoid
# accessing certain resources on restart
# that may no longer be accessible because
# of the privilege downgrade.
persist-key
persist-tun
persist-local-ip
persist-remote-ip
# Output a short status file showing
# current connections, truncated
# and rewritten every minute.
;status openvpn-status.log
status /var/log/openvpn/status-server-spr.log
# By default, log messages will go to the syslog (or
# on Windows, if running as a service, they will go to
# the "\Program Files\OpenVPN\log" directory).
# Use log or log-append to override this default.
# "log" will truncate the log file on OpenVPN startup,
# while "log-append" will append to it. Use one
# or the other (but not both).
;log-append openvpn.log
;log openvpn.log
log /var/log/openvpn/server-spr.log
# Set the appropriate level of log
# file verbosity.
#
# 0 is silent, except for fatal errors
# 4 is reasonable for general usage
# 5 and 6 can help to debug connection problems
# 9 is extremely verbose
verb 1
# Silence repeating messages. At most 20
# sequential messages of the same message
# category will be output to the log.
;mute 20
# CRL (certificate revocation list) verification
crl-verify /etc/openvpn/spr/crl.pem
SPR-BE/openvpn/spr/ccd/server-spr/VPN-SPR-chris
+7
View File
@@ -0,0 +1,7 @@
ifconfig-push 10.0.92.2 255.255.255.0
push "route 172.16.92.0 255.255.255.0"
push "route 192.168.93.0 255.255.255.0 10.0.92.1"
# - Already pushed from server config
# -
#push "route 192.168.92.0 255.255.255.0 10.0.92.1"
SPR-BE/openvpn/spr/client-configs/chris.conf
+270
View File
@@ -0,0 +1,270 @@
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote gw-spr.oopen.de 1195
topology subnet
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Try to preserve some state across restarts.
persist-key
persist-tun
# Server CA
<ca>
-----BEGIN CERTIFICATE-----
MIIGzDCCBLSgAwIBAgIJAJa8ImRNIVSZMA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMH
VlBOLVNQUjEQMA4GA1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
b29wZW4uZGUwIBcNMTgwMzE4MTYwMTU3WhgPMjA1MDAzMTgxNjAxNTdaMIGeMQsw
CQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzAN
BgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UE
AxMHVlBOLVNQUjEQMA4GA1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3DQEJARYOYXJn
dXNAb29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDEhmCg
nhfyO/Z8q6/cyBTn7/K74AJRHl+8sUv/YFf0AOTgIrO93qdzDZf16IioZ/2+lg5X
0exZGcXCIEOnWlrnDiVYYsVyYrCWOhhhLBv5Oe+OZCOwWEBY/+/M9Zp2OUgS5zJ6
1DX4rtmb+WsAjcNJJmZV6q9M0gEZsuCfpgrNGADpuTCEa4RMk7z4mG/yjh0dkT1a
RT2vAYD2RgUdVyR/xFQNflWh101i06kKwrJOuBT+iopBbyz3X2NkkBba+F9qoOpJ
3NiOr4UfIMW6chUQiF1+8/PPtVIPkYFjNpUF5l1HXQBjwRCZZPYog1w701jN0G4u
9GH6ZJjCBzvuSS8lo5jMdUillMh7EoCNdZTq+LgM8ZAro6GJh9oOXf3YL3RBMTfX
aLFTxHzN+PCG53buZkNiM23OaackKyeOhXbDIQwiaTOcANVGpXrh63Qoj7BFbKx0
pLTynp6IUXBbsE+ToX5y/BAtm8Q4DXLLe0h82zJIQ/ZBhTorQaMbi0VpLD0zkamM
YWdZPVnAv+SOAt/uVVLN9aFUZO4V1ebBKVhYY56iW/OlugcSNo7vRcrvBFLI9TLU
cS9euI4HxKldRZOejoTIbQXVEV7fZ1v1YHC7dafW/YJIJTkliTCQ05E8eiW/0zQd
V1DWNIiPBOKm1LnMkVr+Aa1JpgpcEEN7ngMvswIDAQABo4IBBzCCAQMwHQYDVR0O
BBYEFHSigxuV60X8ONBxrGr1ItbazicLMIHTBgNVHSMEgcswgciAFHSigxuV60X8
ONBxrGr1ItbazicLoYGkpIGhMIGeMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVy
bGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQ
TmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLVNQUjEQMA4GA1UEKRMHVlBO
IFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQCWvCJkTSFUmTAM
BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQBkzH3PqKEHjXZytQY7usSL
6uAjH2jMhZb96GJpMNdpgzntACGjYl80Vxtwj0aIAYyOyIbfA9VyZsnc4dsYqJ82
bN/K3AlEHeMBaxhrD6qOdyoXkwjx80WfvtF/FTyMHxsCIR/N2l0BM6THKOLMZWB2
TmY/QBBsD+/nSwy/4JOeeJvtxuY0IXu0aONM+n4tDoVO9O7EyvpzcfrT/SosbtBB
mBI1hH7/ThmXswvcrN7rCn00yaJC5Qv9HN4osKihzgigS5jh4lOYAvXhxTGU9Nzm
kH21ONSNZql/mZCfs97RaoM7l2Uap5ex5vPA4BJvQ4WXWL89GYJGwTuOmIf77aX3
Aoxl8ntuiE9R9oQKqcFe9uW25c1h1o6DRglc6oBEP1T40Ni8b/cTnwSeES4RiYAK
ScSturvc/Nj2Z5nzR5iVKo/mW9SBHlbk52HvsIIhFRMoHahIcv2Z4+nyUPMlJCly
lvp9yEFCnjwVbc3ruUqtYQHDxJf/SkBxuCLkN7W7W2voq1mOSOl3i7Aw2zf/kmG7
BTLQVfIkUKLR6F2erz6QdEn8mST/Niz0la9mfK34ZgdG0zFZ0j5lLC3YnW91lr7B
hlwVD/nIqjSOFLHdK2d/lefY1ZHcTbs3fUA8oKp8CdJb1NhfUWprigKHsSVHyqJ1
CAgKxVPrsd1y2i/Xhg74YQ==
-----END CERTIFICATE-----
</ca>
# Client Certificate
<cert>
-----BEGIN CERTIFICATE-----
MIIHKDCCBRCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1TUFIx
EDAOBgNVBCkTB1ZQTiBTUFIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRl
MB4XDTE4MDMxODIyMjAzOFoXDTM4MDMxODIyMjAzOFowgaQxCzAJBgNVBAYTAkRF
MQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5v
cGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRYwFAYDVQQDEw1WUE4tU1BS
LWNocmlzMRAwDgYDVQQpEwdWUE4gU1BSMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bv
b3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALnzXmkGe5c+
RW0VwkXg4e6ePXjxSQzq74RDNxvKxfwf7CoRBhP6yzQ2XfmZvumesqHHPbI/YjMJ
Dac9lYKcBMYSAS+IW6WqPdC8NYmpGyRQfvJhoKlxFkDyTD5pOT5S0wXBJf+eZsJp
H6glWboaJdz/4JpOOPFFGOrxVQyjp0YymCZv3Zc0nsqUhKcgxXTDm09G2oVze/X0
mju2p1SK5alCyudadE4szi4XQSSctX4YGQ71w/jv7yVnARdIAL92YJ/Xx99wGlWR
dolMUByrLZYYphEciNZSwXAyHXi/giXteUR5/IuaZ0FAzgWYDldKb5kD4CWzp1tP
vlV2aw5kiawHzq27TE7sXJfC6UTnp2GIfXAqZ7S9cHT1D2YDMKrlUfMnbBrwyZVg
rWHlUN6Gf2lmaGnc1loqk19J9v5uf5sD/QiI2R23X7xIxqfRx2QX28vPGUvgb6qI
87/kpPGeI7q6KAXTW6wDDyhvhTqboSP7xNB/W6Yqc0/QFs2PxHTTBRMZmEkRk8Vd
+qxKwZYLK/4FucQHGWem6xF/XNYwJ/i7WGC4hjCvATN8JZNRCLPoEPrwZtuGiwD+
jwXwQyX+djjjbkpo6NJGhnaYAQMetXYuGWEvhMzEEhLw7muVxBDIt59VA5lfSy+t
jeRzWaIJl1IA3N0GQE9YZhMyUt6AlMmvAgMBAAGjggFnMIIBYzAJBgNVHRMEAjAA
MC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUw
HQYDVR0OBBYEFPEa0Qzkh0IB8EoZTuIQl5h6fygPMIHTBgNVHSMEgcswgciAFHSi
gxuV60X8ONBxrGr1ItbazicLoYGkpIGhMIGeMQswCQYDVQQGEwJERTEPMA0GA1UE
CBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcG
A1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLVNQUjEQMA4GA1UE
KRMHVlBOIFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQCWvCJk
TSFUmTATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEAYDVR0RBAkw
B4IFY2hyaXMwDQYJKoZIhvcNAQELBQADggIBADqIgd5cpkF8Q1hUrHhJHo0CIyio
01zOCKQprLum4s8f1B08qUxwOlc82UCh6t/CjN/hYbQzhHth/pZyXoAJXj1AkxMt
vmapyR3glVjxbwHC6sNj6hZDDKNXnkXLYXszTQx10pWpP51HzgkOWxUJ7qhWW/98
RHCkvUkft7mfrHe/QuhkYXvgQjGJI3Z0Ab8ZsCh6wSdqEU0QcJOYQKNbGjRI9lfD
TE1NNVjRtmcUaFPSlLWYuPAr4/UBW0pJifcC6jUtzmpPfs4pkrq/9JdUpO9H2y17
7TSqU86YXkBf9apxu3l8vM+UQRdB69js+5OSNvtZwyyvmUr5JOujM6bUCN+PWco8
pydvUNzIYC7H8One7giVV6Q20XSoMd4suR7W37jAkG02FbUHhOwFodtF8oo5UoLu
EdB4m6ul+Qje7QsRT70BNFxyAUzXsFIW4qfk50Ay8XDlnBzGft4LDsPhmmDMdWJq
Kt92Tfp5AdH6ga8i3LW1CxsNZFdlF1jXvRd6o5LwqEzEZwV8H/U8I3mUrCysouqw
3bp68Tc+cQ25bZS16u5c17xh5VMvIbVTzR1IHURhovwcY98212h+J9bsx7RvjMCI
wEQu81pjNu0Yx6NubhFJQ6pI/1NeF4I7H/Ksr4D1ng0G7xIOYx9yphVI0ZSoHH97
16CJQbBARZ0gLeJr
-----END CERTIFICATE-----
</cert>
# Client Key
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI3P+UTRrv91ECAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECIGofT8rXdMtBIIJSMRkl94ROVWC
v/madZNyDie+Wlec4pGWYgur/dfgeQyjMEleu642IrvRFgJwdZOhEEIDc/syOHzx
Hiy6zxvWcnMAfzQKwHcMI4HsOcqtZKiA/UZ+mXIH8H0HW62N8WHpryqpVyZC5EZj
0bFaulmD7rV0MtYS2z5pfGLTnKvsDIE3rMvwyZTcRSA6Zt3bOxsJN+SjD4AlmJbk
XERauxx47EmvPle3aIna625eIQjfniLxrEq0e5E8FQdZipHzqKz3Pub2bepAbmFO
S3t1Eqk3DkA1mG5PKog1IrTgFAJ24tk/EZuFLzGEL0Wc5hdtcIijJh0Us8w0lWJ1
RMp2+Pr6zMZSK5L1GYubi0IfASsAmBPewLPt/cUqdNuaCFc1dUuaX2/1gtBl/G16
s6GFwjK8BhMuYi3Z2ehwNCA2koWA9nGbWzT4CSL63Znupc0ieCBob1UqrbtiaIPn
xMFrKvO2wdnDJiKyNVCx3jUeN7700E2BCdS/G1WLoocQZTooQGJIpWUhcjvf6wXa
AZhz+z/uFBXslWEB4O3t8VTk2M2/dKqJOg6yg+MwpAQSOd/8ogV0VOpft5GD/t4c
6mgBs5lwtau7GbTFj060X15znpzvtPRUrNbL5QrK9DpLw+vvYB+IwCq/CVpjjchz
g3nkpPw0O0gzGf6AEBJLGsfGljifMc1pDd0KNNkAweZSOg5XufFJpjiFnuXS5Puo
O+vnvy0iie1e0KzMBrWJWY1vt9JuNRI85qNcftRNnyboQBmnnBAvdA5hiYib7+lY
akB6UNwkREl40/FsDYxJl4yLbtUC/Lr1hEmyQt4ZEI9v96nW/L0/qlOyiYNAP1r0
/PEKfRKn7uMZnJXZ0SYf9uMfdy8M56DYEEG3X08F6MWVbEozGbbF8l46FH/9cqFp
/crtnJZi/1W/A12wmzSgGk2zzLtr+drZ8w/rO0sI5Ptjh+G1dSqSTobCb0bOC7+t
H+6vesuSAdEQuxasbleh1IyBKkPRwNf4FqAumFfZDKlh0+PVw/waSEIcg5Ef4whV
EI6rUHigVoZ7AtU/XsjJ3YkRulBXgIOVNCHCJqd8tRqgc5dUeG1652L3q5sIljtE
nT1t/CEGOd+/rjLwbYl7ZdW3E67QovB/CRIh/B23u4jsbdBkZgeRINcrwbOIXE6t
jhzO6uGjVuu/6VxMBRSSfxvIsMVCt1rDumadckn+MMOM8E/jT7qN+5QAurdSVnPq
d7R6M14Jlz39NXXYkdAjNpAH9XX+8y/isOD1La6J+bcxpO7BqcAlQTzhgwB56DrN
UZ234vaAW1hNtSjNS0e3jZ6noiEjfG6qOw5+DxtXLP9Rq5DwjPrIc2dscY4//foM
u1NvDB4SloHVy1r01sEA5OqO4KyJsxXotKMeY6k92c2SmP7E461UHLn54LTLOs3t
iuzug6aJh9nK/NOGprJoNgI9C/46phTTfPE73eUVCpbnbd46dZ8qpMnil4YIpk1L
+mOZCDOQD0H1CmFRXu+EzZsZLDLFjLtKtiGO/ifxs+zdNpLCcJyycPy44zteoMFq
mra1b3hFgGestzHz/2ANY6gIe5sZikZVXgTRP9oZYQ7Wm0c1PVqQ003n60hJlajx
a+EItIYkQl16BZCBbanDuKwofXmxtGZXtU84qcRIzs6X4NSb1N+0xwBC0TM+xYnN
ZmX6hkj/ELYbrktcML6yJyDJz2UvMRaORBnrUjfisJ8dUFSKX6J0JCQ5IMSyZjeL
Vzv7CRKFQ3VTvWgAtY31yjpNrr6oHJQ+Wk8B987IAKIKqIBH+RYiBlf3jQVrB3vl
kQ93LqTXw2Iiapevb0fEREwoU9qEC/lTv39nrYIpHXMlpfQqFLGMPgS1VP5fQzrU
QET6SCxYaehYT64aWBARpYUcwc7xMA8WwLc40f1JfXvmbIZ4dC4OZeIHNyy+kDu2
hVKL7bI6jGZVTmFKGXYF9iMjiV8m4q19WqgvBkKZFzmTAZ4gasieHtOi+TzrEH+u
G06wcEilg6o9NS2JkNl8H+ReOasnhPs/nuWZlB7hUNXnPA6QARQGZEuk6lKAxl6V
zjtniLdRsZwVBKb8lExcP+BQ0KovnaLOzorFdISlsuOCwt4YWUbQkN1LMDMd1bq9
Z3ThemCCOvn4C/Ez6DzFul22jTj8s5XPPZXUKEpu8p6Spt7rCYA8+MLoYmeS1Ztu
L4ufZler6891KMkn2mLhSb91IB/5MDomgo9H9rBJA5JWa6hG/QV/wTxR2WkKuJAv
IX8Zkhs5pQBTh+WDf9W5ftv4fqqowEOOztN+XotNAqaSmTE8vTxjePbnDAX5+iyp
s40aHaxj9BFZrj0/Sp0StL9OzgV8qN8rxeblSoBFU0nx3bTAp76CM6fvp0XqK0el
Ua6PdBBHKmp0RQoguX99cz3WYNqxTWMWE8c9aoXakBGff1Uz1Qgq0Y7kFnaXxCRM
aUbkPMBOeMJrt1fQQWSlzurYXAO8pPn63uzZGhiplYh6fJQ3m+8m+AYGwzLTXEkS
Z88Ox1CCdtR40brDba0pvkRNfOkD8wGpe2uYcAjnhc2MF5DeZf+8syxRnTBYsud9
dBDCjQkYUKEihmqz31SjojoxaYutFkEe5//Nov2BxxoyVHtpjmLWtEdhVTAkcYTt
05aO30leUBQ3IX97K68s6GFA1nJCe5WrcpCgjA/718N5tGuvc53zACLzpdEaCm5g
2nowfRP/lx/faFCC1/ePjlT+1g9BJiaqFBaWR2iQ9VR8nKNws4ULCu6uNr5xtpG9
LIw3C6DrBWtzVHAiZvz6Ufma4u5TlFxR4IlFS2aY7QzL9+EYqrogZUZIvDH3nOHs
qS/t+CBbItxpb25X5EI/jruhmHplgHmdqdstRtyxjObEOdm5TV4+oRTIA6YYc4Cz
TXrdjDkOECV+U/OYzHWxKFyCarn6d81pRu79RuksIhE0uAd5rxT5uJlzf9UuQjFr
63XCVmLnVXuF4qpdfT7lj0cvtGz/Z7itSPgR3gzu/VnR+u+kdAvRgtDg0BJqV/Om
vJLAnlJxc0bhwVmWB6q1Tmy3ZpDMsEGz7fLsbUQp+TcjNfrFCTrRgMppUdET5fFc
8+kUQiLjZYYYINwpeS3cU+5tOtNNsnbgt1xkvbQvJ7qEjL8wF3J4j62M36dKCo5p
LOq4p2liZ+06x9mtaX7NIg==
-----END ENCRYPTED PRIVATE KEY-----
</key>
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-server
# script in the easy-rsa folder will do this.
#
# Note!
# The option "ns-cert-type" has been deprecated since
# version 2.4 and will be removed from later distributions.
#
# Use the modern equivalent "remote-cert-tls"
#
;ns-cert-type server
remote-cert-tls server
# If a tls-auth key is used on the server
# then every client must also have the key.
#
# Don't forget to set the 'key-direction' Parameter if using
# Inline Key. Usualy , sever has key direction '0', while client
# has ke direction '1'.
#
key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
0f871c0affde12bf4aa4c3683db554ab
5b289badc22171c46f4fcf749b94c3b3
fc8da02a98f067a6b624e3755ff08e28
6c74f622bcb49a31b94bf9e9e9619fd7
2949dddce9997bdd6b8c08bf7785baba
54267e89eabf34f4e729d09dad95fbb4
f254ed52de9287436f718c138f29e927
36a77a01b8801be92da98eec772e1d9f
eb568dc508531ca7dbb92af3098f812f
4b7bcff4c0badbd34b6e168fc7312da1
030559d8278ea9d2ac200da87d4b9283
8994c85e9ef639c82214107f12d67f9a
d71ca5d6a991bf778222f8a87eb99009
1e1de4379406d4008daf98437ffe0e98
0dd90d7d41239a14489e6d077740e97a
90b30b8b8f445e78073ae1f365601bb1
-----END OpenVPN Static key V1-----
</tls-auth>
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
cipher none
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
;comp-lzo
# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 1
# Setting 'pull' on the client takes care to get the 'push' durectives
# from the server
pull
SPR-BE/openvpn/spr/crl.pem
+18
View File
@@ -0,0 +1,18 @@
-----BEGIN X509 CRL-----
MIIC5zCB0DANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCREUxDzANBgNVBAgT
BkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNV
BAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1TUFIxEDAOBgNVBCkT
B1ZQTiBTUFIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlFw0xODAzMTgx
ODA4MTlaGA8yMDUwMDMxODE4MDgxOVowDQYJKoZIhvcNAQELBQADggIBAJCORgWK
d6nbaAD4ZdnTMAfqRxkiSLyQ1PMTnriA0A6NxXWr905HYwcrPROpSOSF4YCluDwe
dLmYgfzqJ/FhygXk45Ko9QNnsN6/222CBO0LThN829B3pq4oRmykXVyAp6gCyK3K
+T+GljZ67LOwOe0wz1zqrv2MbqqBeHLkOqlpKnaXSPTFGNhTzwWSUPlubV43Fi8+
amedFAhchCIAQ8QJ2oY0wE6cnmkPZx5Gd1hmZZxVo/Xh2kBjj2oprxF3R2vMDl3J
LSkpArUVRuRjo545oSFtEq5qlbuW8L5krgivAPqdGXcvn4fK/2pwzWwPqJxa5MYY
+dHFr29pYcWYT5p0mcZOH56RCTYIGCxNrEnofSgCeotN5q/0/SCbTUT8zUeyPl4P
FFIeWpifGh6EDB8IW5XtHmxxMykO3g8CPE8KvTRODFj3cYk2DxMgniIX/CoIsNux
BZ3aMf4KaU5GF3wKipdWe1RBzrO2v5o6nsOKlR8atTsg56pfKZCfqglJwHnblRm2
DA/Nc8UcCS4DM+wtHgCyhA/ssZGpv0Wli+I004Kwn1BQjpnfwHU/6upSGVza5q37
NZtJIoh1wSmu3weDaoSgRThSC6KrjlIt7rXeLxfa2qv5h4v1drm5CV65vp/x8nuo
09TJ/dsYQRRsHXQiSv4Bw6Kiv5t6P+21G6lq
-----END X509 CRL-----
SPR-BE/openvpn/spr/easy-rsa/build-ca
Symlink
+1
View File
@@ -0,0 +1 @@
/usr/share/easy-rsa/build-ca
SPR-BE/openvpn/spr/easy-rsa/build-dh
Symlink
+1
View File
@@ -0,0 +1 @@
/usr/share/easy-rsa/build-dh
SPR-BE/openvpn/spr/easy-rsa/build-inter
Symlink
+1
View File
@@ -0,0 +1 @@
/usr/share/easy-rsa/build-inter
SPR-BE/openvpn/spr/easy-rsa/build-key
Symlink
+1
View File
@@ -0,0 +1 @@
/usr/share/easy-rsa/build-key
SPR-BE/openvpn/spr/easy-rsa/build-key-pass
Symlink
+1
View File
@@ -0,0 +1 @@
/usr/share/easy-rsa/build-key-pass
SPR-BE/openvpn/spr/easy-rsa/build-key-pkcs12
Symlink
+1
View File
@@ -0,0 +1 @@
/usr/share/easy-rsa/build-key-pkcs12
SPR-BE/openvpn/spr/easy-rsa/build-key-server
Symlink
+1
View File
@@ -0,0 +1 @@
/usr/share/easy-rsa/build-key-server
SPR-BE/openvpn/spr/easy-rsa/build-req
Symlink
+1
View File
@@ -0,0 +1 @@
/usr/share/easy-rsa/build-req
SPR-BE/openvpn/spr/easy-rsa/build-req-pass
Symlink
+1
View File
@@ -0,0 +1 @@
/usr/share/easy-rsa/build-req-pass
SPR-BE/openvpn/spr/easy-rsa/clean-all
Symlink
+1
View File
@@ -0,0 +1 @@
/usr/share/easy-rsa/clean-all
SPR-BE/openvpn/spr/easy-rsa/inherit-inter
Symlink
+1
View File
@@ -0,0 +1 @@
/usr/share/easy-rsa/inherit-inter
SPR-BE/openvpn/spr/easy-rsa/list-crl
Symlink
+1
View File
@@ -0,0 +1 @@
/usr/share/easy-rsa/list-crl
SPR-BE/openvpn/spr/easy-rsa/openssl-0.9.6.cnf
+268
View File
@@ -0,0 +1,268 @@
# For use with easy-rsa version 2.0
#
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = $ENV::KEY_DIR # Where everything is kept
certs = $dir # Where the issued certs are kept
crl_dir = $dir # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir # default place for new certs.
certificate = $dir/ca.crt # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/ca.key # The private key
RANDFILE = $dir/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 3650 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = sha256 # which md to use.
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
####################################################################
[ req ]
default_bits = $ENV::KEY_SIZE
default_keyfile = privkey.pem
default_md = sha256
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString.
# utf8only: only UTF8Strings.
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
# so use this option with caution!
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = $ENV::KEY_COUNTRY
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = $ENV::KEY_PROVINCE
localityName = Locality Name (eg, city)
localityName_default = $ENV::KEY_CITY
0.organizationName = Organization Name (eg, company)
0.organizationName_default = $ENV::KEY_ORG
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
emailAddress = Email Address
emailAddress_default = $ENV::KEY_EMAIL
emailAddress_max = 40
# JY -- added for batch mode
organizationalUnitName_default = $ENV::KEY_OU
commonName_default = $ENV::KEY_CN
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "Easy-RSA Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=clientAuth
keyUsage = digitalSignature
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
subjectAltName=$ENV::KEY_ALTNAMES
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ server ]
# JY ADDED -- Make a cert with nsCertType set to "server"
basicConstraints=CA:FALSE
nsCertType = server
nsComment = "Easy-RSA Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=serverAuth
keyUsage = digitalSignature, keyEncipherment
subjectAltName=$ENV::KEY_ALTNAMES
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always
SPR-BE/openvpn/spr/easy-rsa/openssl-0.9.8.cnf
+293
View File
@@ -0,0 +1,293 @@
# For use with easy-rsa version 2.0
#
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
openssl_conf = openssl_init
[ openssl_init ]
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
engines = engine_section
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = $ENV::KEY_DIR # Where everything is kept
certs = $dir # Where the issued certs are kept
crl_dir = $dir # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir # default place for new certs.
certificate = $dir/ca.crt # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/ca.key # The private key
RANDFILE = $dir/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 3650 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = sha256 # which md to use.
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
####################################################################
[ req ]
default_bits = $ENV::KEY_SIZE
default_keyfile = privkey.pem
default_md = sha256
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString.
# utf8only: only UTF8Strings.
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
# so use this option with caution!
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = $ENV::KEY_COUNTRY
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = $ENV::KEY_PROVINCE
localityName = Locality Name (eg, city)
localityName_default = $ENV::KEY_CITY
0.organizationName = Organization Name (eg, company)
0.organizationName_default = $ENV::KEY_ORG
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
name = Name
name_max = 64
emailAddress = Email Address
emailAddress_default = $ENV::KEY_EMAIL
emailAddress_max = 40
# JY -- added for batch mode
organizationalUnitName_default = $ENV::KEY_OU
commonName_default = $ENV::KEY_CN
name_default = $ENV::KEY_NAME
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "Easy-RSA Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=clientAuth
keyUsage = digitalSignature
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
subjectAltName=$ENV::KEY_ALTNAMES
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ server ]
# JY ADDED -- Make a cert with nsCertType set to "server"
basicConstraints=CA:FALSE
nsCertType = server
nsComment = "Easy-RSA Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=serverAuth
keyUsage = digitalSignature, keyEncipherment
subjectAltName=$ENV::KEY_ALTNAMES
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always
[ engine_section ]
#
# If you are using PKCS#11
# Install engine_pkcs11 of opensc (www.opensc.org)
# And uncomment the following
# verify that dynamic_path points to the correct location
#
#pkcs11 = pkcs11_section
[ pkcs11_section ]
engine_id = pkcs11
dynamic_path = /usr/lib/engines/engine_pkcs11.so
MODULE_PATH = $ENV::PKCS11_MODULE_PATH
PIN = $ENV::PKCS11_PIN
init = 0
SPR-BE/openvpn/spr/easy-rsa/openssl-1.0.0.cnf
+290
View File
@@ -0,0 +1,290 @@
# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
openssl_conf = openssl_init
[ openssl_init ]
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
engines = engine_section
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = $ENV::KEY_DIR # Where everything is kept
certs = $dir # Where the issued certs are kept
crl_dir = $dir # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir # default place for new certs.
certificate = $dir/ca.crt # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/ca.key # The private key
RANDFILE = $dir/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
#default_days = 3650 # how long to certify for
default_days = 11688
#default_crl_days= 30 # how long before next CRL
default_crl_days = 11688
default_md = sha256 # use public key default MD
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
####################################################################
[ req ]
default_bits = $ENV::KEY_SIZE
default_keyfile = privkey.pem
default_md = sha256
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString (PKIX recommendation after 2004).
# utf8only: only UTF8Strings (PKIX recommendation after 2004).
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = $ENV::KEY_COUNTRY
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = $ENV::KEY_PROVINCE
localityName = Locality Name (eg, city)
localityName_default = $ENV::KEY_CITY
0.organizationName = Organization Name (eg, company)
0.organizationName_default = $ENV::KEY_ORG
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
name = Name
name_max = 64
emailAddress = Email Address
emailAddress_default = $ENV::KEY_EMAIL
emailAddress_max = 40
# JY -- added for batch mode
organizationalUnitName_default = $ENV::KEY_OU
commonName_default = $ENV::KEY_CN
name_default = $ENV::KEY_NAME
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "Easy-RSA Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=clientAuth
keyUsage = digitalSignature
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
subjectAltName=$ENV::KEY_ALTNAMES
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ server ]
# JY ADDED -- Make a cert with nsCertType set to "server"
basicConstraints=CA:FALSE
nsCertType = server
nsComment = "Easy-RSA Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=serverAuth
keyUsage = digitalSignature, keyEncipherment
subjectAltName=$ENV::KEY_ALTNAMES
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always
[ engine_section ]
#
# If you are using PKCS#11
# Install engine_pkcs11 of opensc (www.opensc.org)
# And uncomment the following
# verify that dynamic_path points to the correct location
#
#pkcs11 = pkcs11_section
[ pkcs11_section ]
engine_id = pkcs11
dynamic_path = /usr/lib/engines/engine_pkcs11.so
MODULE_PATH = $ENV::PKCS11_MODULE_PATH
PIN = $ENV::PKCS11_PIN
init = 0
SPR-BE/openvpn/spr/easy-rsa/openssl-1.0.0.cnf.ORIG
+288
View File
@@ -0,0 +1,288 @@
# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
openssl_conf = openssl_init
[ openssl_init ]
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
engines = engine_section
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = $ENV::KEY_DIR # Where everything is kept
certs = $dir # Where the issued certs are kept
crl_dir = $dir # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir # default place for new certs.
certificate = $dir/ca.crt # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/ca.key # The private key
RANDFILE = $dir/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 3650 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = sha256 # use public key default MD
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_anything
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
name = optional
emailAddress = optional
####################################################################
[ req ]
default_bits = $ENV::KEY_SIZE
default_keyfile = privkey.pem
default_md = sha256
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString (PKIX recommendation after 2004).
# utf8only: only UTF8Strings (PKIX recommendation after 2004).
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = $ENV::KEY_COUNTRY
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = $ENV::KEY_PROVINCE
localityName = Locality Name (eg, city)
localityName_default = $ENV::KEY_CITY
0.organizationName = Organization Name (eg, company)
0.organizationName_default = $ENV::KEY_ORG
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
name = Name
name_max = 64
emailAddress = Email Address
emailAddress_default = $ENV::KEY_EMAIL
emailAddress_max = 40
# JY -- added for batch mode
organizationalUnitName_default = $ENV::KEY_OU
commonName_default = $ENV::KEY_CN
name_default = $ENV::KEY_NAME
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "Easy-RSA Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=clientAuth
keyUsage = digitalSignature
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
subjectAltName=$ENV::KEY_ALTNAMES
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ server ]
# JY ADDED -- Make a cert with nsCertType set to "server"
basicConstraints=CA:FALSE
nsCertType = server
nsComment = "Easy-RSA Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
extendedKeyUsage=serverAuth
keyUsage = digitalSignature, keyEncipherment
subjectAltName=$ENV::KEY_ALTNAMES
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always
[ engine_section ]
#
# If you are using PKCS#11
# Install engine_pkcs11 of opensc (www.opensc.org)
# And uncomment the following
# verify that dynamic_path points to the correct location
#
#pkcs11 = pkcs11_section
[ pkcs11_section ]
engine_id = pkcs11
dynamic_path = /usr/lib/engines/engine_pkcs11.so
MODULE_PATH = $ENV::PKCS11_MODULE_PATH
PIN = $ENV::PKCS11_PIN
init = 0
SPR-BE/openvpn/spr/easy-rsa/openssl.cnf
Symlink
+1
View File
@@ -0,0 +1 @@
/etc/openvpn/spr/easy-rsa/openssl-1.0.0.cnf
SPR-BE/openvpn/spr/easy-rsa/pkitool
Symlink
+1
View File
@@ -0,0 +1 @@
/usr/share/easy-rsa/pkitool
SPR-BE/openvpn/spr/easy-rsa/revoke-full
Symlink
+1
View File
@@ -0,0 +1 @@
/usr/share/easy-rsa/revoke-full
SPR-BE/openvpn/spr/easy-rsa/sign-req
Symlink
+1
View File
@@ -0,0 +1 @@
/usr/share/easy-rsa/sign-req
SPR-BE/openvpn/spr/easy-rsa/vars
+96
View File
@@ -0,0 +1,96 @@
# easy-rsa parameter settings
# NOTE: If you installed from an RPM,
# don't edit this file in place in
# /usr/share/openvpn/easy-rsa --
# instead, you should copy the whole
# easy-rsa directory to another location
# (such as /etc/openvpn) so that your
# edits will not be wiped out by a future
# OpenVPN package upgrade.
# This variable should point to
# the top level of the easy-rsa
# tree.
##export EASY_RSA="`pwd`"
export BASE_DIR="/etc/openvpn/spr"
export EASY_RSA="$BASE_DIR/easy-rsa"
#
# This variable should point to
# the requested executables
#
export OPENSSL="openssl"
export PKCS11TOOL="pkcs11-tool"
export GREP="grep"
# This variable should point to
# the openssl.cnf file included
# with easy-rsa.
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
# Edit this variable to point to
# your soon-to-be-created key
# directory.
#
# WARNING: clean-all will do
# a rm -rf on this directory
# so make sure you define
# it correctly!
##export KEY_DIR="$EASY_RSA/keys"
export KEY_DIR="$BASE_DIR/keys"
# Issue rm -rf warning
echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
# PKCS11 fixes
export PKCS11_MODULE_PATH="dummy"
export PKCS11_PIN="dummy"
# Increase this to 2048 if you
# are paranoid. This will slow
# down TLS negotiation performance
# as well as the one-time DH parms
# generation process.
##export KEY_SIZE=2048
export KEY_SIZE=4096
# In how many days should the root CA key expire?
##export CA_EXPIRE=3650
export CA_EXPIRE=11688
# In how many days should certificates expire?
##export KEY_EXPIRE=3650
export KEY_EXPIRE=7305
# These are the default values for fields
# which will be placed in the certificate.
# Don't leave any of these fields blank.
##export KEY_COUNTRY="US"
export KEY_COUNTRY="DE"
##export KEY_PROVINCE="CA"
export KEY_PROVINCE="Berlin"
##export KEY_CITY="SanFrancisco"
export KEY_CITY="Berlin"
##export KEY_ORG="Fort-Funston"
export KEY_ORG="o.open"
##export KEY_EMAIL="me@myhost.mydomain"
export KEY_EMAIL="argus@oopen.de"
##export KEY_OU="MyOrganizationalUnit"
export KEY_OU="Network Services"
# X509 Subject Field
##export KEY_NAME="EasyRSA"
export KEY_NAME="VPN SPR"
# PKCS11 Smart Card
# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
# export PKCS11_PIN=1234
# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
## export KEY_CN="CommonName"
export KEY_CN="VPN-SPR"
export KEY_ALTNAMES="VPN-SPR"
SPR-BE/openvpn/spr/easy-rsa/vars.2018-03-18-1700
+80
View File
@@ -0,0 +1,80 @@
# easy-rsa parameter settings
# NOTE: If you installed from an RPM,
# don't edit this file in place in
# /usr/share/openvpn/easy-rsa --
# instead, you should copy the whole
# easy-rsa directory to another location
# (such as /etc/openvpn) so that your
# edits will not be wiped out by a future
# OpenVPN package upgrade.
# This variable should point to
# the top level of the easy-rsa
# tree.
export EASY_RSA="`pwd`"
#
# This variable should point to
# the requested executables
#
export OPENSSL="openssl"
export PKCS11TOOL="pkcs11-tool"
export GREP="grep"
# This variable should point to
# the openssl.cnf file included
# with easy-rsa.
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
# Edit this variable to point to
# your soon-to-be-created key
# directory.
#
# WARNING: clean-all will do
# a rm -rf on this directory
# so make sure you define
# it correctly!
export KEY_DIR="$EASY_RSA/keys"
# Issue rm -rf warning
echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
# PKCS11 fixes
export PKCS11_MODULE_PATH="dummy"
export PKCS11_PIN="dummy"
# Increase this to 2048 if you
# are paranoid. This will slow
# down TLS negotiation performance
# as well as the one-time DH parms
# generation process.
export KEY_SIZE=2048
# In how many days should the root CA key expire?
export CA_EXPIRE=3650
# In how many days should certificates expire?
export KEY_EXPIRE=3650
# These are the default values for fields
# which will be placed in the certificate.
# Don't leave any of these fields blank.
export KEY_COUNTRY="US"
export KEY_PROVINCE="CA"
export KEY_CITY="SanFrancisco"
export KEY_ORG="Fort-Funston"
export KEY_EMAIL="me@myhost.mydomain"
export KEY_OU="MyOrganizationalUnit"
# X509 Subject Field
export KEY_NAME="EasyRSA"
# PKCS11 Smart Card
# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
# export PKCS11_PIN=1234
# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
# export KEY_CN="CommonName"
SPR-BE/openvpn/spr/easy-rsa/whichopensslcnf
Symlink
+1
View File
@@ -0,0 +1 @@
/usr/share/easy-rsa/whichopensslcnf
SPR-BE/openvpn/spr/ipp.txt
View File
SPR-BE/openvpn/spr/keys-created.txt
+4
View File
@@ -0,0 +1,4 @@
key...............: chris.key
common name.......: VPN-SPR-chris
password..........: dbddhkpuka.&EadGl15E.
SPR-BE/openvpn/spr/keys/01.pem
+141
View File
@@ -0,0 +1,141 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-SPR/name=VPN SPR/emailAddress=argus@oopen.de
Validity
Not Before: Mar 18 18:08:15 2018 GMT
Not After : Mar 18 18:08:15 2038 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-SPR-server/name=VPN SPR/emailAddress=argus@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:f5:57:0f:71:d1:a5:17:ec:2c:74:fd:16:8f:f7:
8d:16:80:5f:0a:60:e9:3b:9e:65:19:fe:30:71:41:
14:55:f3:f8:17:5a:10:c8:b7:16:1c:bf:21:63:bb:
33:64:75:f0:3a:a9:9b:1a:27:68:33:71:fc:85:a7:
f8:7f:b2:f5:31:c4:39:a2:e4:2e:53:8b:3d:20:49:
0d:e7:83:83:82:54:ff:05:00:5e:5a:e5:e1:b4:9d:
2e:0b:61:c2:71:19:11:10:30:2e:ed:95:62:01:70:
f2:5f:77:25:71:8b:2b:b3:4d:f2:68:13:41:85:3f:
03:82:88:98:89:e5:58:b4:83:e2:65:1f:5e:c1:b1:
b9:80:54:35:f4:00:7e:92:fe:e5:2a:ad:c1:d1:b8:
f3:33:f9:c8:de:ac:08:87:84:5c:61:65:25:a7:cc:
7d:c1:b8:00:63:59:31:68:af:8e:0d:26:ef:62:7c:
93:a8:94:32:18:fb:19:0e:d6:39:36:d8:89:35:eb:
82:5e:cd:32:a0:b9:6b:37:83:c7:51:7e:24:38:84:
d9:dd:c3:6c:f9:5e:7a:aa:c8:7e:d8:3b:ee:e3:bb:
b5:9f:87:b8:c1:ce:91:a6:d5:5c:76:e0:cb:40:f8:
97:4a:3d:bc:0a:d3:06:1b:08:ef:72:50:7c:b9:c5:
72:3f:3a:c6:70:da:d5:4f:db:c9:a4:7a:d2:ac:56:
e5:71:37:34:42:48:f8:8b:d1:ce:ae:34:2b:71:5b:
9c:9d:47:5c:47:6e:f0:90:55:95:a3:81:de:f3:a9:
34:c2:9e:9e:be:e3:ce:f5:46:e1:70:7a:42:d4:71:
c9:78:f7:b4:a0:9e:2f:db:97:e6:e3:44:a4:55:29:
1a:d5:d2:23:b8:a5:37:47:40:5d:c1:1f:67:4d:84:
b6:67:2c:bc:dd:83:ea:1a:75:a7:96:f9:90:7c:29:
47:32:72:fe:79:d4:b8:48:13:e1:80:a9:d2:06:20:
ff:52:16:e8:7c:58:86:ab:3e:9a:ff:f4:c0:e0:7e:
aa:46:eb:16:53:5c:9b:9e:b6:07:8f:a7:1d:68:0a:
81:80:49:1e:45:05:78:d1:7f:0c:29:b9:06:9e:19:
2d:d2:39:a1:a0:dc:d6:54:ac:da:da:20:0e:6d:a2:
22:04:23:95:3b:5e:8a:6c:e9:53:b2:41:8a:86:98:
89:e9:a8:60:45:f0:ba:8b:50:c3:4b:a0:a2:a5:16:
ac:d3:27:bd:dc:a4:dc:b7:69:39:10:60:5e:6f:56:
7a:dd:1a:e7:7d:bd:06:3d:be:b5:09:44:48:79:c7:
69:f1:ea:48:60:6b:cb:eb:5a:43:7c:36:0a:a4:05:
d4:ff:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Server
Netscape Comment:
Easy-RSA Generated Server Certificate
X509v3 Subject Key Identifier:
AE:A8:6B:BE:2E:F3:60:22:A3:76:8F:4F:F5:26:69:83:AC:2E:19:29
X509v3 Authority Key Identifier:
keyid:74:A2:83:1B:95:EB:45:FC:38:D0:71:AC:6A:F5:22:D6:DA:CE:27:0B
DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-SPR/name=VPN SPR/emailAddress=argus@oopen.de
serial:96:BC:22:64:4D:21:54:99
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Subject Alternative Name:
DNS:server
Signature Algorithm: sha256WithRSAEncryption
b4:51:ec:9d:ec:39:ed:c1:29:83:0e:e8:eb:c3:ec:5f:0e:1d:
53:d7:51:b9:d2:2e:90:09:a3:27:e8:f7:24:3f:de:15:d9:92:
22:80:ae:12:ab:17:5f:a1:7e:01:44:be:54:28:d8:76:42:ba:
60:77:7c:46:1d:42:6d:a9:25:ae:57:52:94:f7:76:44:b9:93:
de:a4:a7:c8:a3:4a:8d:72:bd:96:15:9a:42:37:b0:1c:e0:38:
7d:72:53:45:dc:11:28:62:e5:7d:0f:f9:32:21:81:8a:23:39:
85:05:bc:46:6a:23:34:a9:38:a3:fd:3e:a6:76:ae:82:d3:32:
a3:d4:6d:7e:33:0c:91:b2:04:26:99:ab:eb:43:9c:22:ab:ca:
ce:b1:c0:e9:10:0c:5b:cc:4e:42:8e:c9:e0:1d:59:b1:83:64:
57:7a:02:38:bc:b8:4b:ff:be:36:3f:a0:66:43:c6:1a:7e:17:
5a:d6:b8:5b:a7:08:7a:9f:e7:3c:00:0e:0b:46:f1:a1:90:73:
bd:b4:3e:11:a3:b6:96:4d:30:24:75:fb:fd:24:cc:63:b7:ac:
a5:6e:06:ba:1c:c2:6a:b2:fe:59:6e:5a:53:dc:0f:dc:e4:6f:
28:7d:c0:b1:cd:e9:14:95:06:ef:e9:91:7d:39:55:62:61:3c:
72:8f:0f:35:b4:e8:9b:49:50:41:2f:07:6d:3f:1f:92:94:ed:
e2:10:d3:08:75:43:cc:da:7f:00:3b:f9:d2:f1:97:21:2d:c5:
d0:30:2e:0e:84:1b:fd:3c:bd:ab:9d:bf:b7:18:ad:01:36:6c:
43:7e:04:33:29:14:b1:c7:68:64:a9:cc:85:57:67:f7:a3:3e:
c2:d5:a7:bf:f4:20:fb:41:91:2c:8f:6a:c5:d3:55:76:0f:79:
3d:12:59:d7:0e:59:f6:02:0c:31:07:39:09:55:97:40:e1:a9:
27:01:ad:fa:42:d7:67:14:7b:0f:e6:e3:1d:6f:28:71:17:9f:
de:97:2f:d1:a6:95:ba:d4:42:80:9c:0e:db:06:91:8e:bb:c4:
af:23:ae:85:9f:e2:57:e4:4a:87:e1:d0:64:9f:9a:15:30:c8:
bc:96:ea:da:98:eb:0a:5a:be:13:70:d6:35:50:0e:48:07:2b:
8a:19:e5:35:e6:a7:a2:ca:42:50:7b:bc:72:ea:99:4d:b8:2c:
06:75:e9:a6:c1:45:1e:97:42:9b:5b:a4:61:92:3c:45:88:31:
f4:1f:da:e4:01:72:f9:93:08:e4:66:4d:2c:4c:2f:19:10:49:
21:52:ca:18:59:38:76:79:ae:99:8e:ac:20:85:85:af:a8:b6:
ab:73:04:66:d5:56:a5:9e
-----BEGIN CERTIFICATE-----
MIIHRDCCBSygAwIBAgIBATANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1TUFIx
EDAOBgNVBCkTB1ZQTiBTUFIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRl
MB4XDTE4MDMxODE4MDgxNVoXDTM4MDMxODE4MDgxNVowgaUxCzAJBgNVBAYTAkRF
MQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5v
cGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRcwFQYDVQQDEw5WUE4tU1BS
LXNlcnZlcjEQMA4GA1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
b29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQD1Vw9x0aUX
7Cx0/RaP940WgF8KYOk7nmUZ/jBxQRRV8/gXWhDItxYcvyFjuzNkdfA6qZsaJ2gz
cfyFp/h/svUxxDmi5C5Tiz0gSQ3ng4OCVP8FAF5a5eG0nS4LYcJxGREQMC7tlWIB
cPJfdyVxiyuzTfJoE0GFPwOCiJiJ5Vi0g+JlH17BsbmAVDX0AH6S/uUqrcHRuPMz
+cjerAiHhFxhZSWnzH3BuABjWTFor44NJu9ifJOolDIY+xkO1jk22Ik164JezTKg
uWs3g8dRfiQ4hNndw2z5XnqqyH7YO+7ju7Wfh7jBzpGm1Vx24MtA+JdKPbwK0wYb
CO9yUHy5xXI/OsZw2tVP28mketKsVuVxNzRCSPiL0c6uNCtxW5ydR1xHbvCQVZWj
gd7zqTTCnp6+4871RuFwekLUccl497Sgni/bl+bjRKRVKRrV0iO4pTdHQF3BH2dN
hLZnLLzdg+oadaeW+ZB8KUcycv551LhIE+GAqdIGIP9SFuh8WIarPpr/9MDgfqpG
6xZTXJuetgePpx1oCoGASR5FBXjRfwwpuQaeGS3SOaGg3NZUrNraIA5toiIEI5U7
Xops6VOyQYqGmInpqGBF8LqLUMNLoKKlFqzTJ73cpNy3aTkQYF5vVnrdGud9vQY9
vrUJREh5x2nx6khga8vrWkN8NgqkBdT/7wIDAQABo4IBgjCCAX4wCQYDVR0TBAIw
ADARBglghkgBhvhCAQEEBAMCBkAwNAYJYIZIAYb4QgENBCcWJUVhc3ktUlNBIEdl
bmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFK6oa74u82Aio3aP
T/UmaYOsLhkpMIHTBgNVHSMEgcswgciAFHSigxuV60X8ONBxrGr1ItbazicLoYGk
pIGhMIGeMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZC
ZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNl
czEQMA4GA1UEAxMHVlBOLVNQUjEQMA4GA1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3
DQEJARYOYXJndXNAb29wZW4uZGWCCQCWvCJkTSFUmTATBgNVHSUEDDAKBggrBgEF
BQcDATALBgNVHQ8EBAMCBaAwEQYDVR0RBAowCIIGc2VydmVyMA0GCSqGSIb3DQEB
CwUAA4ICAQC0Ueyd7DntwSmDDujrw+xfDh1T11G50i6QCaMn6PckP94V2ZIigK4S
qxdfoX4BRL5UKNh2Qrpgd3xGHUJtqSWuV1KU93ZEuZPepKfIo0qNcr2WFZpCN7Ac
4Dh9clNF3BEoYuV9D/kyIYGKIzmFBbxGaiM0qTij/T6mdq6C0zKj1G1+MwyRsgQm
mavrQ5wiq8rOscDpEAxbzE5CjsngHVmxg2RXegI4vLhL/742P6BmQ8Yafhda1rhb
pwh6n+c8AA4LRvGhkHO9tD4Ro7aWTTAkdfv9JMxjt6ylbga6HMJqsv5ZblpT3A/c
5G8ofcCxzekUlQbv6ZF9OVViYTxyjw81tOibSVBBLwdtPx+SlO3iENMIdUPM2n8A
O/nS8ZchLcXQMC4OhBv9PL2rnb+3GK0BNmxDfgQzKRSxx2hkqcyFV2f3oz7C1ae/
9CD7QZEsj2rF01V2D3k9ElnXDln2AgwxBzkJVZdA4aknAa36QtdnFHsP5uMdbyhx
F5/ely/RppW61EKAnA7bBpGOu8SvI66Fn+JX5EqH4dBkn5oVMMi8luramOsKWr4T
cNY1UA5IByuKGeU15qeiykJQe7xy6plNuCwGdemmwUUel0KbW6RhkjxFiDH0H9rk
AXL5kwjkZk0sTC8ZEEkhUsoYWTh2ea6ZjqwghYWvqLarcwRm1Valng==
-----END CERTIFICATE-----
SPR-BE/openvpn/spr/keys/02.pem
+139
View File
@@ -0,0 +1,139 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-SPR/name=VPN SPR/emailAddress=argus@oopen.de
Validity
Not Before: Mar 18 22:20:38 2018 GMT
Not After : Mar 18 22:20:38 2038 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-SPR-chris/name=VPN SPR/emailAddress=argus@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:b9:f3:5e:69:06:7b:97:3e:45:6d:15:c2:45:e0:
e1:ee:9e:3d:78:f1:49:0c:ea:ef:84:43:37:1b:ca:
c5:fc:1f:ec:2a:11:06:13:fa:cb:34:36:5d:f9:99:
be:e9:9e:b2:a1:c7:3d:b2:3f:62:33:09:0d:a7:3d:
95:82:9c:04:c6:12:01:2f:88:5b:a5:aa:3d:d0:bc:
35:89:a9:1b:24:50:7e:f2:61:a0:a9:71:16:40:f2:
4c:3e:69:39:3e:52:d3:05:c1:25:ff:9e:66:c2:69:
1f:a8:25:59:ba:1a:25:dc:ff:e0:9a:4e:38:f1:45:
18:ea:f1:55:0c:a3:a7:46:32:98:26:6f:dd:97:34:
9e:ca:94:84:a7:20:c5:74:c3:9b:4f:46:da:85:73:
7b:f5:f4:9a:3b:b6:a7:54:8a:e5:a9:42:ca:e7:5a:
74:4e:2c:ce:2e:17:41:24:9c:b5:7e:18:19:0e:f5:
c3:f8:ef:ef:25:67:01:17:48:00:bf:76:60:9f:d7:
c7:df:70:1a:55:91:76:89:4c:50:1c:ab:2d:96:18:
a6:11:1c:88:d6:52:c1:70:32:1d:78:bf:82:25:ed:
79:44:79:fc:8b:9a:67:41:40:ce:05:98:0e:57:4a:
6f:99:03:e0:25:b3:a7:5b:4f:be:55:76:6b:0e:64:
89:ac:07:ce:ad:bb:4c:4e:ec:5c:97:c2:e9:44:e7:
a7:61:88:7d:70:2a:67:b4:bd:70:74:f5:0f:66:03:
30:aa:e5:51:f3:27:6c:1a:f0:c9:95:60:ad:61:e5:
50:de:86:7f:69:66:68:69:dc:d6:5a:2a:93:5f:49:
f6:fe:6e:7f:9b:03:fd:08:88:d9:1d:b7:5f:bc:48:
c6:a7:d1:c7:64:17:db:cb:cf:19:4b:e0:6f:aa:88:
f3:bf:e4:a4:f1:9e:23:ba:ba:28:05:d3:5b:ac:03:
0f:28:6f:85:3a:9b:a1:23:fb:c4:d0:7f:5b:a6:2a:
73:4f:d0:16:cd:8f:c4:74:d3:05:13:19:98:49:11:
93:c5:5d:fa:ac:4a:c1:96:0b:2b:fe:05:b9:c4:07:
19:67:a6:eb:11:7f:5c:d6:30:27:f8:bb:58:60:b8:
86:30:af:01:33:7c:25:93:51:08:b3:e8:10:fa:f0:
66:db:86:8b:00:fe:8f:05:f0:43:25:fe:76:38:e3:
6e:4a:68:e8:d2:46:86:76:98:01:03:1e:b5:76:2e:
19:61:2f:84:cc:c4:12:12:f0:ee:6b:95:c4:10:c8:
b7:9f:55:03:99:5f:4b:2f:ad:8d:e4:73:59:a2:09:
97:52:00:dc:dd:06:40:4f:58:66:13:32:52:de:80:
94:c9:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
F1:1A:D1:0C:E4:87:42:01:F0:4A:19:4E:E2:10:97:98:7A:7F:28:0F
X509v3 Authority Key Identifier:
keyid:74:A2:83:1B:95:EB:45:FC:38:D0:71:AC:6A:F5:22:D6:DA:CE:27:0B
DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-SPR/name=VPN SPR/emailAddress=argus@oopen.de
serial:96:BC:22:64:4D:21:54:99
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:chris
Signature Algorithm: sha256WithRSAEncryption
3a:88:81:de:5c:a6:41:7c:43:58:54:ac:78:49:1e:8d:02:23:
28:a8:d3:5c:ce:08:a4:29:ac:bb:a6:e2:cf:1f:d4:1d:3c:a9:
4c:70:3a:57:3c:d9:40:a1:ea:df:c2:8c:df:e1:61:b4:33:84:
7b:61:fe:96:72:5e:80:09:5e:3d:40:93:13:2d:be:66:a9:c9:
1d:e0:95:58:f1:6f:01:c2:ea:c3:63:ea:16:43:0c:a3:57:9e:
45:cb:61:7b:33:4d:0c:75:d2:95:a9:3f:9d:47:ce:09:0e:5b:
15:09:ee:a8:56:5b:ff:7c:44:70:a4:bd:49:1f:b7:b9:9f:ac:
77:bf:42:e8:64:61:7b:e0:42:31:89:23:76:74:01:bf:19:b0:
28:7a:c1:27:6a:11:4d:10:70:93:98:40:a3:5b:1a:34:48:f6:
57:c3:4c:4d:4d:35:58:d1:b6:67:14:68:53:d2:94:b5:98:b8:
f0:2b:e3:f5:01:5b:4a:49:89:f7:02:ea:35:2d:ce:6a:4f:7e:
ce:29:92:ba:bf:f4:97:54:a4:ef:47:db:2d:7b:ed:34:aa:53:
ce:98:5e:40:5f:f5:aa:71:bb:79:7c:bc:cf:94:41:17:41:eb:
d8:ec:fb:93:92:36:fb:59:c3:2c:af:99:4a:f9:24:eb:a3:33:
a6:d4:08:df:8f:59:ca:3c:a7:27:6f:50:dc:c8:60:2e:c7:f0:
e9:de:ee:08:95:57:a4:36:d1:74:a8:31:de:2c:b9:1e:d6:df:
b8:c0:90:6d:36:15:b5:07:84:ec:05:a1:db:45:f2:8a:39:52:
82:ee:11:d0:78:9b:ab:a5:f9:08:de:ed:0b:11:4f:bd:01:34:
5c:72:01:4c:d7:b0:52:16:e2:a7:e4:e7:40:32:f1:70:e5:9c:
1c:c6:7e:de:0b:0e:c3:e1:9a:60:cc:75:62:6a:2a:df:76:4d:
fa:79:01:d1:fa:81:af:22:dc:b5:b5:0b:1b:0d:64:57:65:17:
58:d7:bd:17:7a:a3:92:f0:a8:4c:c4:67:05:7c:1f:f5:3c:23:
79:94:ac:2c:ac:a2:ea:b0:dd:ba:7a:f1:37:3e:71:0d:b9:6d:
94:b5:ea:ee:5c:d7:bc:61:e5:53:2f:21:b5:53:cd:1d:48:1d:
44:61:a2:fc:1c:63:df:36:d7:68:7e:27:d6:ec:c7:b4:6f:8c:
c0:88:c0:44:2e:f3:5a:63:36:ed:18:c7:a3:6e:6e:11:49:43:
aa:48:ff:53:5e:17:82:3b:1f:f2:ac:af:80:f5:9e:0d:06:ef:
12:0e:63:1f:72:a6:15:48:d1:94:a8:1c:7f:7b:d7:a0:89:41:
b0:40:45:9d:20:2d:e2:6b
-----BEGIN CERTIFICATE-----
MIIHKDCCBRCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1TUFIx
EDAOBgNVBCkTB1ZQTiBTUFIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRl
MB4XDTE4MDMxODIyMjAzOFoXDTM4MDMxODIyMjAzOFowgaQxCzAJBgNVBAYTAkRF
MQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5v
cGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRYwFAYDVQQDEw1WUE4tU1BS
LWNocmlzMRAwDgYDVQQpEwdWUE4gU1BSMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bv
b3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALnzXmkGe5c+
RW0VwkXg4e6ePXjxSQzq74RDNxvKxfwf7CoRBhP6yzQ2XfmZvumesqHHPbI/YjMJ
Dac9lYKcBMYSAS+IW6WqPdC8NYmpGyRQfvJhoKlxFkDyTD5pOT5S0wXBJf+eZsJp
H6glWboaJdz/4JpOOPFFGOrxVQyjp0YymCZv3Zc0nsqUhKcgxXTDm09G2oVze/X0
mju2p1SK5alCyudadE4szi4XQSSctX4YGQ71w/jv7yVnARdIAL92YJ/Xx99wGlWR
dolMUByrLZYYphEciNZSwXAyHXi/giXteUR5/IuaZ0FAzgWYDldKb5kD4CWzp1tP
vlV2aw5kiawHzq27TE7sXJfC6UTnp2GIfXAqZ7S9cHT1D2YDMKrlUfMnbBrwyZVg
rWHlUN6Gf2lmaGnc1loqk19J9v5uf5sD/QiI2R23X7xIxqfRx2QX28vPGUvgb6qI
87/kpPGeI7q6KAXTW6wDDyhvhTqboSP7xNB/W6Yqc0/QFs2PxHTTBRMZmEkRk8Vd
+qxKwZYLK/4FucQHGWem6xF/XNYwJ/i7WGC4hjCvATN8JZNRCLPoEPrwZtuGiwD+
jwXwQyX+djjjbkpo6NJGhnaYAQMetXYuGWEvhMzEEhLw7muVxBDIt59VA5lfSy+t
jeRzWaIJl1IA3N0GQE9YZhMyUt6AlMmvAgMBAAGjggFnMIIBYzAJBgNVHRMEAjAA
MC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUw
HQYDVR0OBBYEFPEa0Qzkh0IB8EoZTuIQl5h6fygPMIHTBgNVHSMEgcswgciAFHSi
gxuV60X8ONBxrGr1ItbazicLoYGkpIGhMIGeMQswCQYDVQQGEwJERTEPMA0GA1UE
CBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcG
A1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLVNQUjEQMA4GA1UE
KRMHVlBOIFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQCWvCJk
TSFUmTATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEAYDVR0RBAkw
B4IFY2hyaXMwDQYJKoZIhvcNAQELBQADggIBADqIgd5cpkF8Q1hUrHhJHo0CIyio
01zOCKQprLum4s8f1B08qUxwOlc82UCh6t/CjN/hYbQzhHth/pZyXoAJXj1AkxMt
vmapyR3glVjxbwHC6sNj6hZDDKNXnkXLYXszTQx10pWpP51HzgkOWxUJ7qhWW/98
RHCkvUkft7mfrHe/QuhkYXvgQjGJI3Z0Ab8ZsCh6wSdqEU0QcJOYQKNbGjRI9lfD
TE1NNVjRtmcUaFPSlLWYuPAr4/UBW0pJifcC6jUtzmpPfs4pkrq/9JdUpO9H2y17
7TSqU86YXkBf9apxu3l8vM+UQRdB69js+5OSNvtZwyyvmUr5JOujM6bUCN+PWco8
pydvUNzIYC7H8One7giVV6Q20XSoMd4suR7W37jAkG02FbUHhOwFodtF8oo5UoLu
EdB4m6ul+Qje7QsRT70BNFxyAUzXsFIW4qfk50Ay8XDlnBzGft4LDsPhmmDMdWJq
Kt92Tfp5AdH6ga8i3LW1CxsNZFdlF1jXvRd6o5LwqEzEZwV8H/U8I3mUrCysouqw
3bp68Tc+cQ25bZS16u5c17xh5VMvIbVTzR1IHURhovwcY98212h+J9bsx7RvjMCI
wEQu81pjNu0Yx6NubhFJQ6pI/1NeF4I7H/Ksr4D1ng0G7xIOYx9yphVI0ZSoHH97
16CJQbBARZ0gLeJr
-----END CERTIFICATE-----
SPR-BE/openvpn/spr/keys/ca.crt
+39
View File
@@ -0,0 +1,39 @@
-----BEGIN CERTIFICATE-----
MIIGzDCCBLSgAwIBAgIJAJa8ImRNIVSZMA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMH
VlBOLVNQUjEQMA4GA1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
b29wZW4uZGUwIBcNMTgwMzE4MTYwMTU3WhgPMjA1MDAzMTgxNjAxNTdaMIGeMQsw
CQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzAN
BgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UE
AxMHVlBOLVNQUjEQMA4GA1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3DQEJARYOYXJn
dXNAb29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDEhmCg
nhfyO/Z8q6/cyBTn7/K74AJRHl+8sUv/YFf0AOTgIrO93qdzDZf16IioZ/2+lg5X
0exZGcXCIEOnWlrnDiVYYsVyYrCWOhhhLBv5Oe+OZCOwWEBY/+/M9Zp2OUgS5zJ6
1DX4rtmb+WsAjcNJJmZV6q9M0gEZsuCfpgrNGADpuTCEa4RMk7z4mG/yjh0dkT1a
RT2vAYD2RgUdVyR/xFQNflWh101i06kKwrJOuBT+iopBbyz3X2NkkBba+F9qoOpJ
3NiOr4UfIMW6chUQiF1+8/PPtVIPkYFjNpUF5l1HXQBjwRCZZPYog1w701jN0G4u
9GH6ZJjCBzvuSS8lo5jMdUillMh7EoCNdZTq+LgM8ZAro6GJh9oOXf3YL3RBMTfX
aLFTxHzN+PCG53buZkNiM23OaackKyeOhXbDIQwiaTOcANVGpXrh63Qoj7BFbKx0
pLTynp6IUXBbsE+ToX5y/BAtm8Q4DXLLe0h82zJIQ/ZBhTorQaMbi0VpLD0zkamM
YWdZPVnAv+SOAt/uVVLN9aFUZO4V1ebBKVhYY56iW/OlugcSNo7vRcrvBFLI9TLU
cS9euI4HxKldRZOejoTIbQXVEV7fZ1v1YHC7dafW/YJIJTkliTCQ05E8eiW/0zQd
V1DWNIiPBOKm1LnMkVr+Aa1JpgpcEEN7ngMvswIDAQABo4IBBzCCAQMwHQYDVR0O
BBYEFHSigxuV60X8ONBxrGr1ItbazicLMIHTBgNVHSMEgcswgciAFHSigxuV60X8
ONBxrGr1ItbazicLoYGkpIGhMIGeMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVy
bGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQ
TmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLVNQUjEQMA4GA1UEKRMHVlBO
IFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQCWvCJkTSFUmTAM
BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQBkzH3PqKEHjXZytQY7usSL
6uAjH2jMhZb96GJpMNdpgzntACGjYl80Vxtwj0aIAYyOyIbfA9VyZsnc4dsYqJ82
bN/K3AlEHeMBaxhrD6qOdyoXkwjx80WfvtF/FTyMHxsCIR/N2l0BM6THKOLMZWB2
TmY/QBBsD+/nSwy/4JOeeJvtxuY0IXu0aONM+n4tDoVO9O7EyvpzcfrT/SosbtBB
mBI1hH7/ThmXswvcrN7rCn00yaJC5Qv9HN4osKihzgigS5jh4lOYAvXhxTGU9Nzm
kH21ONSNZql/mZCfs97RaoM7l2Uap5ex5vPA4BJvQ4WXWL89GYJGwTuOmIf77aX3
Aoxl8ntuiE9R9oQKqcFe9uW25c1h1o6DRglc6oBEP1T40Ni8b/cTnwSeES4RiYAK
ScSturvc/Nj2Z5nzR5iVKo/mW9SBHlbk52HvsIIhFRMoHahIcv2Z4+nyUPMlJCly
lvp9yEFCnjwVbc3ruUqtYQHDxJf/SkBxuCLkN7W7W2voq1mOSOl3i7Aw2zf/kmG7
BTLQVfIkUKLR6F2erz6QdEn8mST/Niz0la9mfK34ZgdG0zFZ0j5lLC3YnW91lr7B
hlwVD/nIqjSOFLHdK2d/lefY1ZHcTbs3fUA8oKp8CdJb1NhfUWprigKHsSVHyqJ1
CAgKxVPrsd1y2i/Xhg74YQ==
-----END CERTIFICATE-----
SPR-BE/openvpn/spr/keys/ca.key
+52
View File
@@ -0,0 +1,52 @@
-----BEGIN PRIVATE KEY-----
MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQDEhmCgnhfyO/Z8
q6/cyBTn7/K74AJRHl+8sUv/YFf0AOTgIrO93qdzDZf16IioZ/2+lg5X0exZGcXC
IEOnWlrnDiVYYsVyYrCWOhhhLBv5Oe+OZCOwWEBY/+/M9Zp2OUgS5zJ61DX4rtmb
+WsAjcNJJmZV6q9M0gEZsuCfpgrNGADpuTCEa4RMk7z4mG/yjh0dkT1aRT2vAYD2
RgUdVyR/xFQNflWh101i06kKwrJOuBT+iopBbyz3X2NkkBba+F9qoOpJ3NiOr4Uf
IMW6chUQiF1+8/PPtVIPkYFjNpUF5l1HXQBjwRCZZPYog1w701jN0G4u9GH6ZJjC
BzvuSS8lo5jMdUillMh7EoCNdZTq+LgM8ZAro6GJh9oOXf3YL3RBMTfXaLFTxHzN
+PCG53buZkNiM23OaackKyeOhXbDIQwiaTOcANVGpXrh63Qoj7BFbKx0pLTynp6I
UXBbsE+ToX5y/BAtm8Q4DXLLe0h82zJIQ/ZBhTorQaMbi0VpLD0zkamMYWdZPVnA
v+SOAt/uVVLN9aFUZO4V1ebBKVhYY56iW/OlugcSNo7vRcrvBFLI9TLUcS9euI4H
xKldRZOejoTIbQXVEV7fZ1v1YHC7dafW/YJIJTkliTCQ05E8eiW/0zQdV1DWNIiP
BOKm1LnMkVr+Aa1JpgpcEEN7ngMvswIDAQABAoICAARc82I9gEyZdjR4X1QogQZR
NnNjWsnQQdHfoc9OpUU+i9ZKDvGFMvSD9b645efPPzvu+uyKNZQY1WIk8zuQ7vm4
P64Bq16JwF/ldEsb/pb+6UmhAYXVv7/6FqnXPhGn3ejFh0Jg2b3mq+AhnnWJsC88
kgMQTcoH04xtgz0oI49AHC0UNnaKKIrGsOhYAgxBiXXxloodhWwQPXu6PDzVhXLs
uez+xAnuzMIH7vXVMr46qgSosL8ZJ8dqL7u40zkTUJL+dZUkOQ6Z6Puy75DfHYab
cG/0HJKc9PBxi4zXVmGmJqYB85NDYwn0yt5FZFPTsmIHYZrbRB2aBCYyoOr+ZvSF
/44fBymBWiCNkTSHPp6aJUKh5pUxbpV5JWQtQZMbzc4sWONRhqwLnIQITuJg4b1q
szWH9xyzrceBNCpKvaIWA8++cAexTR648NW4KxO3Po5EYlAYkfZFBsK3SvE18noV
hMK/Yis8yBVDCTsg45LlACxi/ErYQAGfY1s4kfBYhJgy5aWow9MnKdnA5v5menOw
w7N4YkrBy4iRcE2NZzd6YQY6ow0+LcEQMoPyj7UKVnmb2EgMRvjEKMngSdEeHL7w
Amp+fEzgFGIaNZCxBLwOV7waF8mF3QH5/T4sIl3JfQ1oDDv/yFUJwnROR/RDgJ3X
PCFyWvPEOBUbd1U4TpqJAoIBAQDrmm7QAY1X9brxH2L10QunCbUcx/B9ckzfDrOW
D/OXgvDZKS9Vkb76MqUUExbdTjRQncUoma5KiVb2DnmGbQubUmgCiD4CEOeWuJl1
6MQuOu2qjbCbK6iQIO01Lqz6Dbm3ZebobYB+qrnK5OMIhbHhlBTRhP+j5X1Q0vzv
jTFMFdW3xt+S0aoc0Y5gLjw6i6Q2gXNgxenrCgyuAxJng82xX25O5DyvsXatxOw5
DbFj7/96OeWc7OFluhpHAxCsgYgG7ff8UyUzr85DoAVSfU7nqMr/M9WmiTQ7Vvwa
Ku5KtlaGVX5Pv4PCY+ECX07/YyDOXTdg+uwCuS8ROTaIGxOVAoIBAQDVid6Cvh2Z
9nvq4Q+tIgem3NTmVrrh9QQNdW/HzAwdUvekDgL3Jlev+aO8D3YQHtJJndTJQ46m
3H5jE+Rzs+Ld5FlpWS2NUMVya/QuUpUPmJ4lml7jsqof52To8NXKi74drNJt6PHq
uRFUPPHAlLu+IvinSErCCezcDh75Hkf7b43MMFhH5s8msIC2f18SQI3SNnsdyL2u
zJI4zYPg1lJ3Cn0gt3V97kkGT+FuRgUj5u5fXkvORi0+2TMmyWqybkZA+RQyRhC+
rAs6qlxVfEvQt1vnGehDefSlyKlrXHdhyKJJ8RZROvbwNY8XDYo/zm3a7MPnLjWr
FdMq8uymCWQnAoIBAD/ZpYhns0eQR+6K5AXcdnz5a4T2Rp2ouV6GHHNhtVFtYhpo
R/S3v/sMeKJ9HegyBomGiGUdaRe4KsIaYCLnMIsShS+SfsOOk0TMmIJU573jqH9d
UOxso40T71VHZgeKardiPXbmHjm1yQ5Mg57OpMuOlynFEob3bcPWuketixukmzvo
ALVIbwLKY/x660WujH1dDci/OkrBeXg7SuSU2szkIP/uaOfwf0pOoPpBVL7Rzvnv
8ONbayZnjjGKih1GKXg/S8KtQdrFHXBEUMzvOtAbdZA+Gvu8GVSvmTj6Q4Qp8D8N
smKoc2veJ5+99qnN0pk6uARnXEjMqQ3Q5I90TxUCggEAX54mtuCunJyUjG5O+LW+
O2ezJZk8gaWXNPebIBosao0WOq3Tghv3M+NTAAjkUv+aJkC4YY8Qt4MQTQlBSNYK
BlYT+2plTVwXrc7NPljYSm2Kk0f2qXr9Vt/kfbIp6VJ9xQf4CiM/AF3ydof7sMJo
9xDtyupCH3UWTMs970sx7FLdactUHI4rwCVU3WNXjPK/Dpw6sPGMjlMoPqs4HFub
/ZYCxb2grM0ggeUPCrPr5VGo96dfxnQCGpxjnUCfuFpMtxdRhdl98gNT2+chBV5t
DH6udmNRb7WSaRHbWynCg1S15uo/lgwTOyigdDAp8bxb0KYoasJ0YbGaJycz9H1M
DQKCAQBElhUv4LAHzwIJJN5dnhUgqraSDzn7es5zRM1MPc+cFfLuZOrHSldFZ6ss
DrHZ7+FdBqxPHqBso/iUsKZqmPMZFwrVjiGuRvZm6XqH076Zpq7iijQh+DlT67h/
G3IbYAcH8h6mBSxDHoDDZSDIB6kw2zczSET/XViDtEQOnZD35n9KpI5n81o3iCi3
R7bpeJe2aDWiWSMnSTE2q6hjw9yKDe/dcHswVGR6VwPdkwAnFPf3Kaa1e4OKWgyt
c9nDLtdNLw24XZtEHxJrCBlZGfSGVR+l7IMzIAw76sbfh5H0opOQUMYvY+i7mkiq
iNFVi9ygF7UxmEskpH/4gFKMSJZq
-----END PRIVATE KEY-----
SPR-BE/openvpn/spr/keys/chris.crt
+139
View File
@@ -0,0 +1,139 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-SPR/name=VPN SPR/emailAddress=argus@oopen.de
Validity
Not Before: Mar 18 22:20:38 2018 GMT
Not After : Mar 18 22:20:38 2038 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-SPR-chris/name=VPN SPR/emailAddress=argus@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:b9:f3:5e:69:06:7b:97:3e:45:6d:15:c2:45:e0:
e1:ee:9e:3d:78:f1:49:0c:ea:ef:84:43:37:1b:ca:
c5:fc:1f:ec:2a:11:06:13:fa:cb:34:36:5d:f9:99:
be:e9:9e:b2:a1:c7:3d:b2:3f:62:33:09:0d:a7:3d:
95:82:9c:04:c6:12:01:2f:88:5b:a5:aa:3d:d0:bc:
35:89:a9:1b:24:50:7e:f2:61:a0:a9:71:16:40:f2:
4c:3e:69:39:3e:52:d3:05:c1:25:ff:9e:66:c2:69:
1f:a8:25:59:ba:1a:25:dc:ff:e0:9a:4e:38:f1:45:
18:ea:f1:55:0c:a3:a7:46:32:98:26:6f:dd:97:34:
9e:ca:94:84:a7:20:c5:74:c3:9b:4f:46:da:85:73:
7b:f5:f4:9a:3b:b6:a7:54:8a:e5:a9:42:ca:e7:5a:
74:4e:2c:ce:2e:17:41:24:9c:b5:7e:18:19:0e:f5:
c3:f8:ef:ef:25:67:01:17:48:00:bf:76:60:9f:d7:
c7:df:70:1a:55:91:76:89:4c:50:1c:ab:2d:96:18:
a6:11:1c:88:d6:52:c1:70:32:1d:78:bf:82:25:ed:
79:44:79:fc:8b:9a:67:41:40:ce:05:98:0e:57:4a:
6f:99:03:e0:25:b3:a7:5b:4f:be:55:76:6b:0e:64:
89:ac:07:ce:ad:bb:4c:4e:ec:5c:97:c2:e9:44:e7:
a7:61:88:7d:70:2a:67:b4:bd:70:74:f5:0f:66:03:
30:aa:e5:51:f3:27:6c:1a:f0:c9:95:60:ad:61:e5:
50:de:86:7f:69:66:68:69:dc:d6:5a:2a:93:5f:49:
f6:fe:6e:7f:9b:03:fd:08:88:d9:1d:b7:5f:bc:48:
c6:a7:d1:c7:64:17:db:cb:cf:19:4b:e0:6f:aa:88:
f3:bf:e4:a4:f1:9e:23:ba:ba:28:05:d3:5b:ac:03:
0f:28:6f:85:3a:9b:a1:23:fb:c4:d0:7f:5b:a6:2a:
73:4f:d0:16:cd:8f:c4:74:d3:05:13:19:98:49:11:
93:c5:5d:fa:ac:4a:c1:96:0b:2b:fe:05:b9:c4:07:
19:67:a6:eb:11:7f:5c:d6:30:27:f8:bb:58:60:b8:
86:30:af:01:33:7c:25:93:51:08:b3:e8:10:fa:f0:
66:db:86:8b:00:fe:8f:05:f0:43:25:fe:76:38:e3:
6e:4a:68:e8:d2:46:86:76:98:01:03:1e:b5:76:2e:
19:61:2f:84:cc:c4:12:12:f0:ee:6b:95:c4:10:c8:
b7:9f:55:03:99:5f:4b:2f:ad:8d:e4:73:59:a2:09:
97:52:00:dc:dd:06:40:4f:58:66:13:32:52:de:80:
94:c9:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
F1:1A:D1:0C:E4:87:42:01:F0:4A:19:4E:E2:10:97:98:7A:7F:28:0F
X509v3 Authority Key Identifier:
keyid:74:A2:83:1B:95:EB:45:FC:38:D0:71:AC:6A:F5:22:D6:DA:CE:27:0B
DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-SPR/name=VPN SPR/emailAddress=argus@oopen.de
serial:96:BC:22:64:4D:21:54:99
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:chris
Signature Algorithm: sha256WithRSAEncryption
3a:88:81:de:5c:a6:41:7c:43:58:54:ac:78:49:1e:8d:02:23:
28:a8:d3:5c:ce:08:a4:29:ac:bb:a6:e2:cf:1f:d4:1d:3c:a9:
4c:70:3a:57:3c:d9:40:a1:ea:df:c2:8c:df:e1:61:b4:33:84:
7b:61:fe:96:72:5e:80:09:5e:3d:40:93:13:2d:be:66:a9:c9:
1d:e0:95:58:f1:6f:01:c2:ea:c3:63:ea:16:43:0c:a3:57:9e:
45:cb:61:7b:33:4d:0c:75:d2:95:a9:3f:9d:47:ce:09:0e:5b:
15:09:ee:a8:56:5b:ff:7c:44:70:a4:bd:49:1f:b7:b9:9f:ac:
77:bf:42:e8:64:61:7b:e0:42:31:89:23:76:74:01:bf:19:b0:
28:7a:c1:27:6a:11:4d:10:70:93:98:40:a3:5b:1a:34:48:f6:
57:c3:4c:4d:4d:35:58:d1:b6:67:14:68:53:d2:94:b5:98:b8:
f0:2b:e3:f5:01:5b:4a:49:89:f7:02:ea:35:2d:ce:6a:4f:7e:
ce:29:92:ba:bf:f4:97:54:a4:ef:47:db:2d:7b:ed:34:aa:53:
ce:98:5e:40:5f:f5:aa:71:bb:79:7c:bc:cf:94:41:17:41:eb:
d8:ec:fb:93:92:36:fb:59:c3:2c:af:99:4a:f9:24:eb:a3:33:
a6:d4:08:df:8f:59:ca:3c:a7:27:6f:50:dc:c8:60:2e:c7:f0:
e9:de:ee:08:95:57:a4:36:d1:74:a8:31:de:2c:b9:1e:d6:df:
b8:c0:90:6d:36:15:b5:07:84:ec:05:a1:db:45:f2:8a:39:52:
82:ee:11:d0:78:9b:ab:a5:f9:08:de:ed:0b:11:4f:bd:01:34:
5c:72:01:4c:d7:b0:52:16:e2:a7:e4:e7:40:32:f1:70:e5:9c:
1c:c6:7e:de:0b:0e:c3:e1:9a:60:cc:75:62:6a:2a:df:76:4d:
fa:79:01:d1:fa:81:af:22:dc:b5:b5:0b:1b:0d:64:57:65:17:
58:d7:bd:17:7a:a3:92:f0:a8:4c:c4:67:05:7c:1f:f5:3c:23:
79:94:ac:2c:ac:a2:ea:b0:dd:ba:7a:f1:37:3e:71:0d:b9:6d:
94:b5:ea:ee:5c:d7:bc:61:e5:53:2f:21:b5:53:cd:1d:48:1d:
44:61:a2:fc:1c:63:df:36:d7:68:7e:27:d6:ec:c7:b4:6f:8c:
c0:88:c0:44:2e:f3:5a:63:36:ed:18:c7:a3:6e:6e:11:49:43:
aa:48:ff:53:5e:17:82:3b:1f:f2:ac:af:80:f5:9e:0d:06:ef:
12:0e:63:1f:72:a6:15:48:d1:94:a8:1c:7f:7b:d7:a0:89:41:
b0:40:45:9d:20:2d:e2:6b
-----BEGIN CERTIFICATE-----
MIIHKDCCBRCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1TUFIx
EDAOBgNVBCkTB1ZQTiBTUFIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRl
MB4XDTE4MDMxODIyMjAzOFoXDTM4MDMxODIyMjAzOFowgaQxCzAJBgNVBAYTAkRF
MQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5v
cGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRYwFAYDVQQDEw1WUE4tU1BS
LWNocmlzMRAwDgYDVQQpEwdWUE4gU1BSMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bv
b3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALnzXmkGe5c+
RW0VwkXg4e6ePXjxSQzq74RDNxvKxfwf7CoRBhP6yzQ2XfmZvumesqHHPbI/YjMJ
Dac9lYKcBMYSAS+IW6WqPdC8NYmpGyRQfvJhoKlxFkDyTD5pOT5S0wXBJf+eZsJp
H6glWboaJdz/4JpOOPFFGOrxVQyjp0YymCZv3Zc0nsqUhKcgxXTDm09G2oVze/X0
mju2p1SK5alCyudadE4szi4XQSSctX4YGQ71w/jv7yVnARdIAL92YJ/Xx99wGlWR
dolMUByrLZYYphEciNZSwXAyHXi/giXteUR5/IuaZ0FAzgWYDldKb5kD4CWzp1tP
vlV2aw5kiawHzq27TE7sXJfC6UTnp2GIfXAqZ7S9cHT1D2YDMKrlUfMnbBrwyZVg
rWHlUN6Gf2lmaGnc1loqk19J9v5uf5sD/QiI2R23X7xIxqfRx2QX28vPGUvgb6qI
87/kpPGeI7q6KAXTW6wDDyhvhTqboSP7xNB/W6Yqc0/QFs2PxHTTBRMZmEkRk8Vd
+qxKwZYLK/4FucQHGWem6xF/XNYwJ/i7WGC4hjCvATN8JZNRCLPoEPrwZtuGiwD+
jwXwQyX+djjjbkpo6NJGhnaYAQMetXYuGWEvhMzEEhLw7muVxBDIt59VA5lfSy+t
jeRzWaIJl1IA3N0GQE9YZhMyUt6AlMmvAgMBAAGjggFnMIIBYzAJBgNVHRMEAjAA
MC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUw
HQYDVR0OBBYEFPEa0Qzkh0IB8EoZTuIQl5h6fygPMIHTBgNVHSMEgcswgciAFHSi
gxuV60X8ONBxrGr1ItbazicLoYGkpIGhMIGeMQswCQYDVQQGEwJERTEPMA0GA1UE
CBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcG
A1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLVNQUjEQMA4GA1UE
KRMHVlBOIFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQCWvCJk
TSFUmTATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEAYDVR0RBAkw
B4IFY2hyaXMwDQYJKoZIhvcNAQELBQADggIBADqIgd5cpkF8Q1hUrHhJHo0CIyio
01zOCKQprLum4s8f1B08qUxwOlc82UCh6t/CjN/hYbQzhHth/pZyXoAJXj1AkxMt
vmapyR3glVjxbwHC6sNj6hZDDKNXnkXLYXszTQx10pWpP51HzgkOWxUJ7qhWW/98
RHCkvUkft7mfrHe/QuhkYXvgQjGJI3Z0Ab8ZsCh6wSdqEU0QcJOYQKNbGjRI9lfD
TE1NNVjRtmcUaFPSlLWYuPAr4/UBW0pJifcC6jUtzmpPfs4pkrq/9JdUpO9H2y17
7TSqU86YXkBf9apxu3l8vM+UQRdB69js+5OSNvtZwyyvmUr5JOujM6bUCN+PWco8
pydvUNzIYC7H8One7giVV6Q20XSoMd4suR7W37jAkG02FbUHhOwFodtF8oo5UoLu
EdB4m6ul+Qje7QsRT70BNFxyAUzXsFIW4qfk50Ay8XDlnBzGft4LDsPhmmDMdWJq
Kt92Tfp5AdH6ga8i3LW1CxsNZFdlF1jXvRd6o5LwqEzEZwV8H/U8I3mUrCysouqw
3bp68Tc+cQ25bZS16u5c17xh5VMvIbVTzR1IHURhovwcY98212h+J9bsx7RvjMCI
wEQu81pjNu0Yx6NubhFJQ6pI/1NeF4I7H/Ksr4D1ng0G7xIOYx9yphVI0ZSoHH97
16CJQbBARZ0gLeJr
-----END CERTIFICATE-----
SPR-BE/openvpn/spr/keys/chris.csr
+29
View File
@@ -0,0 +1,29 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIE6jCCAtICAQAwgaQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3Jr
IFNlcnZpY2VzMRYwFAYDVQQDEw1WUE4tU1BSLWNocmlzMRAwDgYDVQQpEwdWUE4g
U1BSMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCCAiIwDQYJKoZIhvcN
AQEBBQADggIPADCCAgoCggIBALnzXmkGe5c+RW0VwkXg4e6ePXjxSQzq74RDNxvK
xfwf7CoRBhP6yzQ2XfmZvumesqHHPbI/YjMJDac9lYKcBMYSAS+IW6WqPdC8NYmp
GyRQfvJhoKlxFkDyTD5pOT5S0wXBJf+eZsJpH6glWboaJdz/4JpOOPFFGOrxVQyj
p0YymCZv3Zc0nsqUhKcgxXTDm09G2oVze/X0mju2p1SK5alCyudadE4szi4XQSSc
tX4YGQ71w/jv7yVnARdIAL92YJ/Xx99wGlWRdolMUByrLZYYphEciNZSwXAyHXi/
giXteUR5/IuaZ0FAzgWYDldKb5kD4CWzp1tPvlV2aw5kiawHzq27TE7sXJfC6UTn
p2GIfXAqZ7S9cHT1D2YDMKrlUfMnbBrwyZVgrWHlUN6Gf2lmaGnc1loqk19J9v5u
f5sD/QiI2R23X7xIxqfRx2QX28vPGUvgb6qI87/kpPGeI7q6KAXTW6wDDyhvhTqb
oSP7xNB/W6Yqc0/QFs2PxHTTBRMZmEkRk8Vd+qxKwZYLK/4FucQHGWem6xF/XNYw
J/i7WGC4hjCvATN8JZNRCLPoEPrwZtuGiwD+jwXwQyX+djjjbkpo6NJGhnaYAQMe
tXYuGWEvhMzEEhLw7muVxBDIt59VA5lfSy+tjeRzWaIJl1IA3N0GQE9YZhMyUt6A
lMmvAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAgEAJngSSAfyxqID3NeeFhxtpb0I
FE3bQs8tr6UjJusGPGpqLt42t6AZV36saj11WQqt+coexxz6rtevbIThKmi5jleY
FBjt64cL47TeHY3aM4zIZ7n3YVcxGIbgZS5rDmYYFmydiI7PfOo9P2qUaLoB8I2l
XL4SKv6NqKuu8k1rKiRt7WjZi3h6YG3P2DhU4BwkP7L/d9JjlLNOcsU7lCS2x/W+
aBu0wYGZJNb0yxKdY1g0q5G4ciJGtisOt87DPyPi5uMK9zGCrOgdAFNvgYyL7HWy
sdRPNorcnJxKl2OGTGSGMfy/H8dl7eHnFCtfYlDg1CKPFTrv6RypFE4f0/U1H7n5
pk2rRKewgsSoex7YZrU8iVgs6/GZZwd+bfSzML0nAgp7Zg9CGV9UmGfgrTz6IdUH
Me2iZXOSLrHBM8e9rBsDiTC7Fasd/9vm1oTJyEV29aWLodXRVOmE+pA5kloH6Mbk
CZmKYxU2yBbuHRO7+f3aLa9sMzu5FW+X71qNczTWJ9nGY+mQ9OyPZAYXloRjgchj
N5rIPu0zJhkWz3m84QG5y3ZCmzVkpqdfQPaY/B0xN9LytqlPcn+wvhiS+DK3PtYL
jH1vvxaqfnIi89xnCuKEi1o8+SkpCsIKIjZlHAjM76KFnPc6f7w5Jfwh8Ax2jnQ/
+jtW4o7Fj0YKLjomVvo=
-----END CERTIFICATE REQUEST-----
SPR-BE/openvpn/spr/keys/chris.key
+54
View File
@@ -0,0 +1,54 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI3P+UTRrv91ECAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECIGofT8rXdMtBIIJSMRkl94ROVWC
v/madZNyDie+Wlec4pGWYgur/dfgeQyjMEleu642IrvRFgJwdZOhEEIDc/syOHzx
Hiy6zxvWcnMAfzQKwHcMI4HsOcqtZKiA/UZ+mXIH8H0HW62N8WHpryqpVyZC5EZj
0bFaulmD7rV0MtYS2z5pfGLTnKvsDIE3rMvwyZTcRSA6Zt3bOxsJN+SjD4AlmJbk
XERauxx47EmvPle3aIna625eIQjfniLxrEq0e5E8FQdZipHzqKz3Pub2bepAbmFO
S3t1Eqk3DkA1mG5PKog1IrTgFAJ24tk/EZuFLzGEL0Wc5hdtcIijJh0Us8w0lWJ1
RMp2+Pr6zMZSK5L1GYubi0IfASsAmBPewLPt/cUqdNuaCFc1dUuaX2/1gtBl/G16
s6GFwjK8BhMuYi3Z2ehwNCA2koWA9nGbWzT4CSL63Znupc0ieCBob1UqrbtiaIPn
xMFrKvO2wdnDJiKyNVCx3jUeN7700E2BCdS/G1WLoocQZTooQGJIpWUhcjvf6wXa
AZhz+z/uFBXslWEB4O3t8VTk2M2/dKqJOg6yg+MwpAQSOd/8ogV0VOpft5GD/t4c
6mgBs5lwtau7GbTFj060X15znpzvtPRUrNbL5QrK9DpLw+vvYB+IwCq/CVpjjchz
g3nkpPw0O0gzGf6AEBJLGsfGljifMc1pDd0KNNkAweZSOg5XufFJpjiFnuXS5Puo
O+vnvy0iie1e0KzMBrWJWY1vt9JuNRI85qNcftRNnyboQBmnnBAvdA5hiYib7+lY
akB6UNwkREl40/FsDYxJl4yLbtUC/Lr1hEmyQt4ZEI9v96nW/L0/qlOyiYNAP1r0
/PEKfRKn7uMZnJXZ0SYf9uMfdy8M56DYEEG3X08F6MWVbEozGbbF8l46FH/9cqFp
/crtnJZi/1W/A12wmzSgGk2zzLtr+drZ8w/rO0sI5Ptjh+G1dSqSTobCb0bOC7+t
H+6vesuSAdEQuxasbleh1IyBKkPRwNf4FqAumFfZDKlh0+PVw/waSEIcg5Ef4whV
EI6rUHigVoZ7AtU/XsjJ3YkRulBXgIOVNCHCJqd8tRqgc5dUeG1652L3q5sIljtE
nT1t/CEGOd+/rjLwbYl7ZdW3E67QovB/CRIh/B23u4jsbdBkZgeRINcrwbOIXE6t
jhzO6uGjVuu/6VxMBRSSfxvIsMVCt1rDumadckn+MMOM8E/jT7qN+5QAurdSVnPq
d7R6M14Jlz39NXXYkdAjNpAH9XX+8y/isOD1La6J+bcxpO7BqcAlQTzhgwB56DrN
UZ234vaAW1hNtSjNS0e3jZ6noiEjfG6qOw5+DxtXLP9Rq5DwjPrIc2dscY4//foM
u1NvDB4SloHVy1r01sEA5OqO4KyJsxXotKMeY6k92c2SmP7E461UHLn54LTLOs3t
iuzug6aJh9nK/NOGprJoNgI9C/46phTTfPE73eUVCpbnbd46dZ8qpMnil4YIpk1L
+mOZCDOQD0H1CmFRXu+EzZsZLDLFjLtKtiGO/ifxs+zdNpLCcJyycPy44zteoMFq
mra1b3hFgGestzHz/2ANY6gIe5sZikZVXgTRP9oZYQ7Wm0c1PVqQ003n60hJlajx
a+EItIYkQl16BZCBbanDuKwofXmxtGZXtU84qcRIzs6X4NSb1N+0xwBC0TM+xYnN
ZmX6hkj/ELYbrktcML6yJyDJz2UvMRaORBnrUjfisJ8dUFSKX6J0JCQ5IMSyZjeL
Vzv7CRKFQ3VTvWgAtY31yjpNrr6oHJQ+Wk8B987IAKIKqIBH+RYiBlf3jQVrB3vl
kQ93LqTXw2Iiapevb0fEREwoU9qEC/lTv39nrYIpHXMlpfQqFLGMPgS1VP5fQzrU
QET6SCxYaehYT64aWBARpYUcwc7xMA8WwLc40f1JfXvmbIZ4dC4OZeIHNyy+kDu2
hVKL7bI6jGZVTmFKGXYF9iMjiV8m4q19WqgvBkKZFzmTAZ4gasieHtOi+TzrEH+u
G06wcEilg6o9NS2JkNl8H+ReOasnhPs/nuWZlB7hUNXnPA6QARQGZEuk6lKAxl6V
zjtniLdRsZwVBKb8lExcP+BQ0KovnaLOzorFdISlsuOCwt4YWUbQkN1LMDMd1bq9
Z3ThemCCOvn4C/Ez6DzFul22jTj8s5XPPZXUKEpu8p6Spt7rCYA8+MLoYmeS1Ztu
L4ufZler6891KMkn2mLhSb91IB/5MDomgo9H9rBJA5JWa6hG/QV/wTxR2WkKuJAv
IX8Zkhs5pQBTh+WDf9W5ftv4fqqowEOOztN+XotNAqaSmTE8vTxjePbnDAX5+iyp
s40aHaxj9BFZrj0/Sp0StL9OzgV8qN8rxeblSoBFU0nx3bTAp76CM6fvp0XqK0el
Ua6PdBBHKmp0RQoguX99cz3WYNqxTWMWE8c9aoXakBGff1Uz1Qgq0Y7kFnaXxCRM
aUbkPMBOeMJrt1fQQWSlzurYXAO8pPn63uzZGhiplYh6fJQ3m+8m+AYGwzLTXEkS
Z88Ox1CCdtR40brDba0pvkRNfOkD8wGpe2uYcAjnhc2MF5DeZf+8syxRnTBYsud9
dBDCjQkYUKEihmqz31SjojoxaYutFkEe5//Nov2BxxoyVHtpjmLWtEdhVTAkcYTt
05aO30leUBQ3IX97K68s6GFA1nJCe5WrcpCgjA/718N5tGuvc53zACLzpdEaCm5g
2nowfRP/lx/faFCC1/ePjlT+1g9BJiaqFBaWR2iQ9VR8nKNws4ULCu6uNr5xtpG9
LIw3C6DrBWtzVHAiZvz6Ufma4u5TlFxR4IlFS2aY7QzL9+EYqrogZUZIvDH3nOHs
qS/t+CBbItxpb25X5EI/jruhmHplgHmdqdstRtyxjObEOdm5TV4+oRTIA6YYc4Cz
TXrdjDkOECV+U/OYzHWxKFyCarn6d81pRu79RuksIhE0uAd5rxT5uJlzf9UuQjFr
63XCVmLnVXuF4qpdfT7lj0cvtGz/Z7itSPgR3gzu/VnR+u+kdAvRgtDg0BJqV/Om
vJLAnlJxc0bhwVmWB6q1Tmy3ZpDMsEGz7fLsbUQp+TcjNfrFCTrRgMppUdET5fFc
8+kUQiLjZYYYINwpeS3cU+5tOtNNsnbgt1xkvbQvJ7qEjL8wF3J4j62M36dKCo5p
LOq4p2liZ+06x9mtaX7NIg==
-----END ENCRYPTED PRIVATE KEY-----
SPR-BE/openvpn/spr/keys/crl.pem
Symlink
+1
View File
@@ -0,0 +1 @@
../crl.pem
SPR-BE/openvpn/spr/keys/dh4096.pem
+13
View File
@@ -0,0 +1,13 @@
-----BEGIN DH PARAMETERS-----
MIICCAKCAgEA8HMy/i1H5AJVhuI3mRhJyAW+60dvO7tHI24uyoVwvUPpyoz5VWYw
XtqTF1a2pOQNsDORvofWgdV6zoj/pzaWUV1IT4TbTxif/G30a7cMbOKK9yQK5cWZ
CiaDjh96gEL64qF5qk4o2m/9Yg0qQE3NhJvt9VDz/EcfFu78OJP259/6KsPozSwk
id93JjaMtXUmoAcLclylvVfKAV0uP03PzO8XlsVQnXYy+zSpvC0nhYpPATMcMFeY
pDxbhoBaN51VoMP+CUeCZp0/s7hZBsistMVoh/Qgkhorru0TpAhsNVUwG0GfMbE1
jm3Rq1LMT3rFhlxXy2imiSd4Q2dGz5SBjmjwyQ3Jdoovji62q3MfjMTVi1CI4OMH
kjDZQiLu3nD8DpgHELfDi/Olel8VnSvQ1j1OOINw2MM4h0tINWKMuKKoBFxG2lCl
86CYZ6nZKlN99FH3dz6vQjzM03zkB+w05PC6mXSkzkoLaTD+pyU/Q9mbwUyfE4ZE
T79sJ+tBl1uSNPAflqx8AJYkJIHY1STR9YeAk03ZUF21GZtALSJH/+Vy3BbApKEY
+YpemjqXeUoQ9rMYEJu8O26E78KbSqjt/hh+9CKnqllqbXI6EdAV23MlFimxoFSw
NvOeD3iyUAlqC2RccNwUD8z2z1/fHozcYHE1GCBgXCsVm9HUV38BQVMCAQI=
-----END DH PARAMETERS-----
SPR-BE/openvpn/spr/keys/index.txt
+2
View File
@@ -0,0 +1,2 @@
V 380318180815Z 01 unknown /C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-SPR-server/name=VPN SPR/emailAddress=argus@oopen.de
V 380318222038Z 02 unknown /C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-SPR-chris/name=VPN SPR/emailAddress=argus@oopen.de
SPR-BE/openvpn/spr/keys/index.txt.attr
+1
View File
@@ -0,0 +1 @@
unique_subject = yes
SPR-BE/openvpn/spr/keys/index.txt.attr.old
+1
View File
@@ -0,0 +1 @@
unique_subject = yes
SPR-BE/openvpn/spr/keys/index.txt.old
+1
View File
@@ -0,0 +1 @@
V 380318180815Z 01 unknown /C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-SPR-server/name=VPN SPR/emailAddress=argus@oopen.de
SPR-BE/openvpn/spr/keys/serial
+1
View File
@@ -0,0 +1 @@
03
SPR-BE/openvpn/spr/keys/serial.old
+1
View File
@@ -0,0 +1 @@
02
SPR-BE/openvpn/spr/keys/server.crt
+141
View File
@@ -0,0 +1,141 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-SPR/name=VPN SPR/emailAddress=argus@oopen.de
Validity
Not Before: Mar 18 18:08:15 2018 GMT
Not After : Mar 18 18:08:15 2038 GMT
Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-SPR-server/name=VPN SPR/emailAddress=argus@oopen.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:f5:57:0f:71:d1:a5:17:ec:2c:74:fd:16:8f:f7:
8d:16:80:5f:0a:60:e9:3b:9e:65:19:fe:30:71:41:
14:55:f3:f8:17:5a:10:c8:b7:16:1c:bf:21:63:bb:
33:64:75:f0:3a:a9:9b:1a:27:68:33:71:fc:85:a7:
f8:7f:b2:f5:31:c4:39:a2:e4:2e:53:8b:3d:20:49:
0d:e7:83:83:82:54:ff:05:00:5e:5a:e5:e1:b4:9d:
2e:0b:61:c2:71:19:11:10:30:2e:ed:95:62:01:70:
f2:5f:77:25:71:8b:2b:b3:4d:f2:68:13:41:85:3f:
03:82:88:98:89:e5:58:b4:83:e2:65:1f:5e:c1:b1:
b9:80:54:35:f4:00:7e:92:fe:e5:2a:ad:c1:d1:b8:
f3:33:f9:c8:de:ac:08:87:84:5c:61:65:25:a7:cc:
7d:c1:b8:00:63:59:31:68:af:8e:0d:26:ef:62:7c:
93:a8:94:32:18:fb:19:0e:d6:39:36:d8:89:35:eb:
82:5e:cd:32:a0:b9:6b:37:83:c7:51:7e:24:38:84:
d9:dd:c3:6c:f9:5e:7a:aa:c8:7e:d8:3b:ee:e3:bb:
b5:9f:87:b8:c1:ce:91:a6:d5:5c:76:e0:cb:40:f8:
97:4a:3d:bc:0a:d3:06:1b:08:ef:72:50:7c:b9:c5:
72:3f:3a:c6:70:da:d5:4f:db:c9:a4:7a:d2:ac:56:
e5:71:37:34:42:48:f8:8b:d1:ce:ae:34:2b:71:5b:
9c:9d:47:5c:47:6e:f0:90:55:95:a3:81:de:f3:a9:
34:c2:9e:9e:be:e3:ce:f5:46:e1:70:7a:42:d4:71:
c9:78:f7:b4:a0:9e:2f:db:97:e6:e3:44:a4:55:29:
1a:d5:d2:23:b8:a5:37:47:40:5d:c1:1f:67:4d:84:
b6:67:2c:bc:dd:83:ea:1a:75:a7:96:f9:90:7c:29:
47:32:72:fe:79:d4:b8:48:13:e1:80:a9:d2:06:20:
ff:52:16:e8:7c:58:86:ab:3e:9a:ff:f4:c0:e0:7e:
aa:46:eb:16:53:5c:9b:9e:b6:07:8f:a7:1d:68:0a:
81:80:49:1e:45:05:78:d1:7f:0c:29:b9:06:9e:19:
2d:d2:39:a1:a0:dc:d6:54:ac:da:da:20:0e:6d:a2:
22:04:23:95:3b:5e:8a:6c:e9:53:b2:41:8a:86:98:
89:e9:a8:60:45:f0:ba:8b:50:c3:4b:a0:a2:a5:16:
ac:d3:27:bd:dc:a4:dc:b7:69:39:10:60:5e:6f:56:
7a:dd:1a:e7:7d:bd:06:3d:be:b5:09:44:48:79:c7:
69:f1:ea:48:60:6b:cb:eb:5a:43:7c:36:0a:a4:05:
d4:ff:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Server
Netscape Comment:
Easy-RSA Generated Server Certificate
X509v3 Subject Key Identifier:
AE:A8:6B:BE:2E:F3:60:22:A3:76:8F:4F:F5:26:69:83:AC:2E:19:29
X509v3 Authority Key Identifier:
keyid:74:A2:83:1B:95:EB:45:FC:38:D0:71:AC:6A:F5:22:D6:DA:CE:27:0B
DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-SPR/name=VPN SPR/emailAddress=argus@oopen.de
serial:96:BC:22:64:4D:21:54:99
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Subject Alternative Name:
DNS:server
Signature Algorithm: sha256WithRSAEncryption
b4:51:ec:9d:ec:39:ed:c1:29:83:0e:e8:eb:c3:ec:5f:0e:1d:
53:d7:51:b9:d2:2e:90:09:a3:27:e8:f7:24:3f:de:15:d9:92:
22:80:ae:12:ab:17:5f:a1:7e:01:44:be:54:28:d8:76:42:ba:
60:77:7c:46:1d:42:6d:a9:25:ae:57:52:94:f7:76:44:b9:93:
de:a4:a7:c8:a3:4a:8d:72:bd:96:15:9a:42:37:b0:1c:e0:38:
7d:72:53:45:dc:11:28:62:e5:7d:0f:f9:32:21:81:8a:23:39:
85:05:bc:46:6a:23:34:a9:38:a3:fd:3e:a6:76:ae:82:d3:32:
a3:d4:6d:7e:33:0c:91:b2:04:26:99:ab:eb:43:9c:22:ab:ca:
ce:b1:c0:e9:10:0c:5b:cc:4e:42:8e:c9:e0:1d:59:b1:83:64:
57:7a:02:38:bc:b8:4b:ff:be:36:3f:a0:66:43:c6:1a:7e:17:
5a:d6:b8:5b:a7:08:7a:9f:e7:3c:00:0e:0b:46:f1:a1:90:73:
bd:b4:3e:11:a3:b6:96:4d:30:24:75:fb:fd:24:cc:63:b7:ac:
a5:6e:06:ba:1c:c2:6a:b2:fe:59:6e:5a:53:dc:0f:dc:e4:6f:
28:7d:c0:b1:cd:e9:14:95:06:ef:e9:91:7d:39:55:62:61:3c:
72:8f:0f:35:b4:e8:9b:49:50:41:2f:07:6d:3f:1f:92:94:ed:
e2:10:d3:08:75:43:cc:da:7f:00:3b:f9:d2:f1:97:21:2d:c5:
d0:30:2e:0e:84:1b:fd:3c:bd:ab:9d:bf:b7:18:ad:01:36:6c:
43:7e:04:33:29:14:b1:c7:68:64:a9:cc:85:57:67:f7:a3:3e:
c2:d5:a7:bf:f4:20:fb:41:91:2c:8f:6a:c5:d3:55:76:0f:79:
3d:12:59:d7:0e:59:f6:02:0c:31:07:39:09:55:97:40:e1:a9:
27:01:ad:fa:42:d7:67:14:7b:0f:e6:e3:1d:6f:28:71:17:9f:
de:97:2f:d1:a6:95:ba:d4:42:80:9c:0e:db:06:91:8e:bb:c4:
af:23:ae:85:9f:e2:57:e4:4a:87:e1:d0:64:9f:9a:15:30:c8:
bc:96:ea:da:98:eb:0a:5a:be:13:70:d6:35:50:0e:48:07:2b:
8a:19:e5:35:e6:a7:a2:ca:42:50:7b:bc:72:ea:99:4d:b8:2c:
06:75:e9:a6:c1:45:1e:97:42:9b:5b:a4:61:92:3c:45:88:31:
f4:1f:da:e4:01:72:f9:93:08:e4:66:4d:2c:4c:2f:19:10:49:
21:52:ca:18:59:38:76:79:ae:99:8e:ac:20:85:85:af:a8:b6:
ab:73:04:66:d5:56:a5:9e
-----BEGIN CERTIFICATE-----
MIIHRDCCBSygAwIBAgIBATANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1TUFIx
EDAOBgNVBCkTB1ZQTiBTUFIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRl
MB4XDTE4MDMxODE4MDgxNVoXDTM4MDMxODE4MDgxNVowgaUxCzAJBgNVBAYTAkRF
MQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5v
cGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRcwFQYDVQQDEw5WUE4tU1BS
LXNlcnZlcjEQMA4GA1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
b29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQD1Vw9x0aUX
7Cx0/RaP940WgF8KYOk7nmUZ/jBxQRRV8/gXWhDItxYcvyFjuzNkdfA6qZsaJ2gz
cfyFp/h/svUxxDmi5C5Tiz0gSQ3ng4OCVP8FAF5a5eG0nS4LYcJxGREQMC7tlWIB
cPJfdyVxiyuzTfJoE0GFPwOCiJiJ5Vi0g+JlH17BsbmAVDX0AH6S/uUqrcHRuPMz
+cjerAiHhFxhZSWnzH3BuABjWTFor44NJu9ifJOolDIY+xkO1jk22Ik164JezTKg
uWs3g8dRfiQ4hNndw2z5XnqqyH7YO+7ju7Wfh7jBzpGm1Vx24MtA+JdKPbwK0wYb
CO9yUHy5xXI/OsZw2tVP28mketKsVuVxNzRCSPiL0c6uNCtxW5ydR1xHbvCQVZWj
gd7zqTTCnp6+4871RuFwekLUccl497Sgni/bl+bjRKRVKRrV0iO4pTdHQF3BH2dN
hLZnLLzdg+oadaeW+ZB8KUcycv551LhIE+GAqdIGIP9SFuh8WIarPpr/9MDgfqpG
6xZTXJuetgePpx1oCoGASR5FBXjRfwwpuQaeGS3SOaGg3NZUrNraIA5toiIEI5U7
Xops6VOyQYqGmInpqGBF8LqLUMNLoKKlFqzTJ73cpNy3aTkQYF5vVnrdGud9vQY9
vrUJREh5x2nx6khga8vrWkN8NgqkBdT/7wIDAQABo4IBgjCCAX4wCQYDVR0TBAIw
ADARBglghkgBhvhCAQEEBAMCBkAwNAYJYIZIAYb4QgENBCcWJUVhc3ktUlNBIEdl
bmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFK6oa74u82Aio3aP
T/UmaYOsLhkpMIHTBgNVHSMEgcswgciAFHSigxuV60X8ONBxrGr1ItbazicLoYGk
pIGhMIGeMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZC
ZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNl
czEQMA4GA1UEAxMHVlBOLVNQUjEQMA4GA1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3
DQEJARYOYXJndXNAb29wZW4uZGWCCQCWvCJkTSFUmTATBgNVHSUEDDAKBggrBgEF
BQcDATALBgNVHQ8EBAMCBaAwEQYDVR0RBAowCIIGc2VydmVyMA0GCSqGSIb3DQEB
CwUAA4ICAQC0Ueyd7DntwSmDDujrw+xfDh1T11G50i6QCaMn6PckP94V2ZIigK4S
qxdfoX4BRL5UKNh2Qrpgd3xGHUJtqSWuV1KU93ZEuZPepKfIo0qNcr2WFZpCN7Ac
4Dh9clNF3BEoYuV9D/kyIYGKIzmFBbxGaiM0qTij/T6mdq6C0zKj1G1+MwyRsgQm
mavrQ5wiq8rOscDpEAxbzE5CjsngHVmxg2RXegI4vLhL/742P6BmQ8Yafhda1rhb
pwh6n+c8AA4LRvGhkHO9tD4Ro7aWTTAkdfv9JMxjt6ylbga6HMJqsv5ZblpT3A/c
5G8ofcCxzekUlQbv6ZF9OVViYTxyjw81tOibSVBBLwdtPx+SlO3iENMIdUPM2n8A
O/nS8ZchLcXQMC4OhBv9PL2rnb+3GK0BNmxDfgQzKRSxx2hkqcyFV2f3oz7C1ae/
9CD7QZEsj2rF01V2D3k9ElnXDln2AgwxBzkJVZdA4aknAa36QtdnFHsP5uMdbyhx
F5/ely/RppW61EKAnA7bBpGOu8SvI66Fn+JX5EqH4dBkn5oVMMi8luramOsKWr4T
cNY1UA5IByuKGeU15qeiykJQe7xy6plNuCwGdemmwUUel0KbW6RhkjxFiDH0H9rk
AXL5kwjkZk0sTC8ZEEkhUsoYWTh2ea6ZjqwghYWvqLarcwRm1Valng==
-----END CERTIFICATE-----
SPR-BE/openvpn/spr/keys/server.csr
+29
View File
@@ -0,0 +1,29 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIE6zCCAtMCAQAwgaUxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3Jr
IFNlcnZpY2VzMRcwFQYDVQQDEw5WUE4tU1BSLXNlcnZlcjEQMA4GA1UEKRMHVlBO
IFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwggIiMA0GCSqGSIb3
DQEBAQUAA4ICDwAwggIKAoICAQD1Vw9x0aUX7Cx0/RaP940WgF8KYOk7nmUZ/jBx
QRRV8/gXWhDItxYcvyFjuzNkdfA6qZsaJ2gzcfyFp/h/svUxxDmi5C5Tiz0gSQ3n
g4OCVP8FAF5a5eG0nS4LYcJxGREQMC7tlWIBcPJfdyVxiyuzTfJoE0GFPwOCiJiJ
5Vi0g+JlH17BsbmAVDX0AH6S/uUqrcHRuPMz+cjerAiHhFxhZSWnzH3BuABjWTFo
r44NJu9ifJOolDIY+xkO1jk22Ik164JezTKguWs3g8dRfiQ4hNndw2z5XnqqyH7Y
O+7ju7Wfh7jBzpGm1Vx24MtA+JdKPbwK0wYbCO9yUHy5xXI/OsZw2tVP28mketKs
VuVxNzRCSPiL0c6uNCtxW5ydR1xHbvCQVZWjgd7zqTTCnp6+4871RuFwekLUccl4
97Sgni/bl+bjRKRVKRrV0iO4pTdHQF3BH2dNhLZnLLzdg+oadaeW+ZB8KUcycv55
1LhIE+GAqdIGIP9SFuh8WIarPpr/9MDgfqpG6xZTXJuetgePpx1oCoGASR5FBXjR
fwwpuQaeGS3SOaGg3NZUrNraIA5toiIEI5U7Xops6VOyQYqGmInpqGBF8LqLUMNL
oKKlFqzTJ73cpNy3aTkQYF5vVnrdGud9vQY9vrUJREh5x2nx6khga8vrWkN8Ngqk
BdT/7wIDAQABoAAwDQYJKoZIhvcNAQELBQADggIBAA4yKihpqPJAXK45e30X9Prz
/C/RSinDDRctSxEF1tfleUgg+WhNg0xvzee/C0oDJXEovJy0w0/RJzRTvwnFCTlq
En8L86Gdan4SOKDV+UkXEJCtOmYOiL6AvqKcfMoVThTYSqbNkZ/rkSHAZ9g5hIq8
sPVfbt5gdWKD7/ZVzbvqKZC7bvS4taFRJutejKgdHyXHpJr9MYfRZncxQT7XtBFe
LrM8fqJ14fWYTg8Q/E2qL28kPK1YZf+nEawnAldG4zaOyrKGplWf830815EyrQOn
AhjJgz5RraTHQwo6l0vDtuSnO+1r52RyUA202O04Kdj/eOhtGDdA1vEsQKmVnFzq
dvwVGVm+SzRb8otGx8JSf+Bc0W/+zGWT9CewW+apM7tpcZ8IyWlYxObMtcXJTEPL
8XIvkcOGal9+NEqduSEo6goeuiuYo991WeQStrM/gioa6S9x6zzQW36dFmb7Y0VC
HYjjgG6YOOfJPd2mWIs61c/2u3NDB+9Jy88PvdbJ7ukOAHxkyGq2ctsBZYwzCfoH
WGq0dvP4qHNqCfhpfXOZsMKfopDmcE1+M6JFKv6OYYoXgOrCumEEly/AVNcr9ExU
WmqBp5D1DBlaDrcJe/TBAOOBbDB2Ui/kCO3mhONRDKDemF5vriR+jATU4tZ5AVT0
37MQGB4tDI1V8Iq9ovdD
-----END CERTIFICATE REQUEST-----
SPR-BE/openvpn/spr/keys/server.key
+52
View File
@@ -0,0 +1,52 @@
-----BEGIN PRIVATE KEY-----
MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQD1Vw9x0aUX7Cx0
/RaP940WgF8KYOk7nmUZ/jBxQRRV8/gXWhDItxYcvyFjuzNkdfA6qZsaJ2gzcfyF
p/h/svUxxDmi5C5Tiz0gSQ3ng4OCVP8FAF5a5eG0nS4LYcJxGREQMC7tlWIBcPJf
dyVxiyuzTfJoE0GFPwOCiJiJ5Vi0g+JlH17BsbmAVDX0AH6S/uUqrcHRuPMz+cje
rAiHhFxhZSWnzH3BuABjWTFor44NJu9ifJOolDIY+xkO1jk22Ik164JezTKguWs3
g8dRfiQ4hNndw2z5XnqqyH7YO+7ju7Wfh7jBzpGm1Vx24MtA+JdKPbwK0wYbCO9y
UHy5xXI/OsZw2tVP28mketKsVuVxNzRCSPiL0c6uNCtxW5ydR1xHbvCQVZWjgd7z
qTTCnp6+4871RuFwekLUccl497Sgni/bl+bjRKRVKRrV0iO4pTdHQF3BH2dNhLZn
LLzdg+oadaeW+ZB8KUcycv551LhIE+GAqdIGIP9SFuh8WIarPpr/9MDgfqpG6xZT
XJuetgePpx1oCoGASR5FBXjRfwwpuQaeGS3SOaGg3NZUrNraIA5toiIEI5U7Xops
6VOyQYqGmInpqGBF8LqLUMNLoKKlFqzTJ73cpNy3aTkQYF5vVnrdGud9vQY9vrUJ
REh5x2nx6khga8vrWkN8NgqkBdT/7wIDAQABAoICAQDNJFneswyXnzxhKgqGoNjR
Os+9buE2n7Ar9tZsrJ0jbddBN2cXXbfYm5yAttQ3KUKQ2qa9TLwdYC9lVtk7ddj+
HvSOlruB0chvyYYd0mLRRN7kQLWkzdlXW6JXlAuw4+PXpGJo+GK1j8qqNocRlOwa
ho+tpIRBtTnrGOprS2FLt4dDROLHlSLmAgQHHa64nPfkItwQz9RT3oWuYyzSm8Nf
EONWlm+E3qU8bSUaQsjFiIvbzwzshdYJ+1Oti0TV7mN0uZMOUAgISmIzTjYIlzAU
Lkm526GwNebeDL27cwnCVH9+gE7lhyNU28zv/fEWR4bBZjNo3aCaVHNbI5/W+hkW
0Ix5cJq18cv0k5pqfdgeUyQsYCH+pWpJg8xRidlq6vrrHnYrYfZfg86WkIZHtkQy
b81s0Pi4Hy9bd1fvJIwBHG1Q/I47H7G4BD4sRTIGpm4/eXWGk6ceUlQROLu0b0ij
d9/1K7VeB8IQom+DhRdyJ08tU2p/7/qS+sDR77+A1TfL6pEmtvwaNO8QJmSUE6kR
/3nQKqJIR0s5R1qHzn6yXQFODVyzi9yWtG92mhyCOIx+hZmyhAzDszx1tTDPDarD
pxdtaMTO6V6Br7V6x8jlM2iRgh3IVVxdG1pG7ZF5633LPeXycoKaCUL/yyEtGYw1
NpY4tevGxUueiE8hWp3DYQKCAQEA/9+nkHICSSCWHbRnkkGmJii/ZMWMqr0Yv6wa
OyaqRswElVFSgh44dYSv2Gw6MkNSb6hytOvSYHMVvbsG54TolO4uXHjsW8KfYaR/
R7iWsNhJ0woZzJXyjKTPH7vTkeVgwbouqmoM3sFsXdzJMEV2TAsclZYhec7FaWMX
EYkGEVC2DH7kMrLXddm3h74G4kkm9k8LYVFnXbNeK7Rwlrx9HtdkqrcYC5oiN/cc
z8JyYt+5WZRB1ovksTv4rhHVe6xsgJb/k/Mdhykdnawl6NnTNcaMGInxH+xt+4st
7REuwWPGeAa6JWVvuzu618IjIPB4/g5DiYhzKnGbkE6/RpPrsQKCAQEA9XYS/758
W1W6CdZbo59lfYlKzXJarVJr6PPJxuDEUR3zarKiVdVzcAj8geiQqVTdt5OYFyd0
Ny4CrnQKqM2EtjUK7m+DJbiMv54jSWItiIvA+3vuoCYE6m0APPfImU3YwxSCOWWF
f9gNmkk54xON/x/gj5WMmaYezfPPjdCtnXsXq/Eyq0hM2bZwgAfAkmWBRlrVopDr
9Q61mYm0+lAz6ZSGADldsXIou5zTM5z5kDNk6rbEEpkP5IKeGaNNRvuM4WvfzlUZ
u7sFCR9GDuvF4C5hNTlH6fRVvoBImcjgAZScgyIqQiDB/7HA1MzSobQOOVWu7pXC
7+Coygi0s1+tnwKCAQEAkT4SbsLYm0v9ClWKaRIMzyJYKkqc45o9PyfhJ+x1wYQz
odKspCGlaMftzUr56egfFjSnEB3AqHELSUytyaO/JjLhbCpT+G5MbG+ktECKgU30
8e+M333KVZ2D2P6URP/QYYdez+ss7REcg1c9eMIlOVshWaQD0pHVq1HNGW4PXKrU
+9jXjhPIjCQOsuXiIHbnv+70hcRgiWa0sNhXBKlv2J7pjKIr6wIOJHiICULWDVvz
aW7nxHJaWWSyb5S9+trQKFoOL5xUCZIENqkuR7PF2YOfqJo8niNl9uB1LFmRkcMi
OKWQ6oNe3gg0sh6IND1sYMIWAi7LOK+OX2bj2ptCsQKCAQEApcgshsw5o1pf/xrm
47jZTBM5EU8lzR/4v+o/onHWRc8Lw0mI+J3kjIuVN4xCgAtQgBdQRnsgM9CAgSDg
vieodYOXsXhhRE3Dyftda8fCZxG0smV+wm1LLqWV3pefxWLdfsxQM8HMi475iPXi
AesIIYJ/IZrozjFzZrg/u1FwoQcs8rVB+osnVHeyvdX+iyHBUSoyVcy5gNaBcoSe
Vd1rYlwssOQN0rX+qs/9mUNxDqKXiysLfGAiaryJWVmA7OsiuHEqRGoXqkJi4Uld
AODe0U2h29enKW0bqEFuR2dzW73qg2rEzcrgG/kK+u6naA16+eBT+NHvSiIa/fEp
UmjRkwKCAQAg9Viy5Rm5aBV37X0TDZH0Iftk53N8J/CQtH3jbzUd8H49M92akBdY
M+X7LZP16iVrIXdvFdSeIGgHNKnHGwDq/Lpnjm3CUpHRSwCXsNKlB1kY8VncSnEe
zErz7FElHGXWZRJCRfpvMuSxjl3f9QiZrYq9B9VcSrsD5pMIdibXTZngbWyMM7kz
KW0fasBni5evMASFnWrOsk7RaxAAnj3L+kHF7ijDh1n8X7QzpOv81LPPO+ziwmVm
bVSoZQKSA6qdODQ6J+5bJjrnWng8JjzJw1554oBZsqj4TB613R80x9UcdoJh2eIN
39lbdV2Gx8i/VYUZylpD0R8oBgxq4Kkr
-----END PRIVATE KEY-----
SPR-BE/openvpn/spr/keys/ta.key
+21
View File
@@ -0,0 +1,21 @@
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
0f871c0affde12bf4aa4c3683db554ab
5b289badc22171c46f4fcf749b94c3b3
fc8da02a98f067a6b624e3755ff08e28
6c74f622bcb49a31b94bf9e9e9619fd7
2949dddce9997bdd6b8c08bf7785baba
54267e89eabf34f4e729d09dad95fbb4
f254ed52de9287436f718c138f29e927
36a77a01b8801be92da98eec772e1d9f
eb568dc508531ca7dbb92af3098f812f
4b7bcff4c0badbd34b6e168fc7312da1
030559d8278ea9d2ac200da87d4b9283
8994c85e9ef639c82214107f12d67f9a
d71ca5d6a991bf778222f8a87eb99009
1e1de4379406d4008daf98437ffe0e98
0dd90d7d41239a14489e6d077740e97a
90b30b8b8f445e78073ae1f365601bb1
-----END OpenVPN Static key V1-----
SPR-BE/openvpn/update-resolv-conf
Executable
+58
View File
@@ -0,0 +1,58 @@
#!/bin/bash
#
# Parses DHCP options from openvpn to update resolv.conf
# To use set as 'up' and 'down' script in your openvpn *.conf:
# up /etc/openvpn/update-resolv-conf
# down /etc/openvpn/update-resolv-conf
#
# Used snippets of resolvconf script by Thomas Hood and Chris Hanson.
# Licensed under the GNU GPL. See /usr/share/common-licenses/GPL.
#
# Example envs set from openvpn:
#
# foreign_option_1='dhcp-option DNS 193.43.27.132'
# foreign_option_2='dhcp-option DNS 193.43.27.133'
# foreign_option_3='dhcp-option DOMAIN be.bnc.ch'
#
[ -x /sbin/resolvconf ] || exit 0
[ "$script_type" ] || exit 0
[ "$dev" ] || exit 0
split_into_parts()
{
part1="$1"
part2="$2"
part3="$3"
}
case "$script_type" in
up)
NMSRVRS=""
SRCHS=""
for optionvarname in ${!foreign_option_*} ; do
option="${!optionvarname}"
echo "$option"
split_into_parts $option
if [ "$part1" = "dhcp-option" ] ; then
if [ "$part2" = "DNS" ] ; then
NMSRVRS="${NMSRVRS:+$NMSRVRS }$part3"
elif [ "$part2" = "DOMAIN" ] ; then
SRCHS="${SRCHS:+$SRCHS }$part3"
fi
fi
done
R=""
[ "$SRCHS" ] && R="search $SRCHS
"
for NS in $NMSRVRS ; do
R="${R}nameserver $NS
"
done
echo -n "$R" | /sbin/resolvconf -a "${dev}.openvpn"
;;
down)
/sbin/resolvconf -d "${dev}.openvpn"
;;
esac