From 9a06f3c656d369f58b9c0bba9e932cdb769e2b64 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Zolt=C3=A1n=20Felleg?= Date: Wed, 7 Nov 2018 12:03:47 +0100 Subject: [PATCH] Added vpn.usr.f29. --- sources/vpn.usr.f29/config | 21 + sources/vpn.usr.f29/envvars | 4 + .../firstboot/01_setupnetworking.sh | 54 + .../vpn.usr.f29/firstboot/02_settimezone.sh | 21 + .../vpn.usr.f29/firstboot/03_displayvpndoc.sh | 6 + sources/vpn.usr.f29/firstboot/99_cleanup.sh | 6 + sources/vpn.usr.f29/hooks/autodev | 6 + .../postinstall/01_setownership.sh | 7 + .../postinstall/02_setpermissions.sh | 5 + .../postinstall/03_installfiles.sh | 15 + .../postinstall/10_setupservices.sh | 7 + sources/vpn.usr.f29/postinstall/99_cleanup.sh | 6 + .../vpn.usr.f29/postinstall/install/etc/hosts | 4 + .../etc/openvpn/client-config/abellai.conf | 236 ++++ .../etc/openvpn/client-config/aborza.conf | 236 ++++ .../etc/openvpn/client-config/acsiba.conf | 236 ++++ .../openvpn/client-config/akosztolanyi.conf | 236 ++++ .../etc/openvpn/client-config/azsamboki.conf | 236 ++++ .../client-config/client.conf.template | 127 ++ .../etc/openvpn/client-config/csgulyas.conf | 236 ++++ .../etc/openvpn/client-config/dvasary.conf | 236 ++++ .../etc/openvpn/client-config/fritter.conf | 236 ++++ .../etc/openvpn/client-config/fschnell.conf | 236 ++++ .../etc/openvpn/client-config/khorvath.conf | 236 ++++ .../etc/openvpn/client-config/kkele.conf | 236 ++++ .../etc/openvpn/client-config/kschaffer.conf | 236 ++++ .../etc/openvpn/client-config/mszabo.conf | 236 ++++ .../etc/openvpn/client-config/ptombor.conf | 236 ++++ .../etc/openvpn/client-config/qqcs.conf | 236 ++++ .../etc/openvpn/client-config/rrendek.conf | 236 ++++ .../etc/openvpn/client-config/rtoth.conf | 236 ++++ .../openvpn/client-config/zbartakovics.conf | 236 ++++ .../etc/openvpn/client-config/zfelleg.conf | 236 ++++ .../etc/openvpn/client-config/zsnemes.conf | 236 ++++ .../install/etc/openvpn/server/ccd/qqcs | 1 + .../etc/openvpn/server/easy-rsa/easyrsa | 1217 +++++++++++++++++ .../openvpn/server/easy-rsa/openssl-1.0.cnf | 137 ++ .../etc/openvpn/server/easy-rsa/pki/ca.crt | 13 + .../easy-rsa/pki/certs_by_serial/01.pem | 57 + .../easy-rsa/pki/certs_by_serial/2811.pem | 57 + .../easy-rsa/pki/certs_by_serial/2AC2.pem | 57 + .../easy-rsa/pki/certs_by_serial/2B1C.pem | 57 + .../easy-rsa/pki/certs_by_serial/2BAE.pem | 57 + .../easy-rsa/pki/certs_by_serial/2CA3.pem | 57 + .../easy-rsa/pki/certs_by_serial/2DB5.pem | 57 + .../easy-rsa/pki/certs_by_serial/2E00.pem | 57 + .../easy-rsa/pki/certs_by_serial/2EEA.pem | 57 + .../easy-rsa/pki/certs_by_serial/2F41.pem | 57 + .../easy-rsa/pki/certs_by_serial/2FCF.pem | 57 + .../easy-rsa/pki/certs_by_serial/305F.pem | 57 + .../easy-rsa/pki/certs_by_serial/3068.pem | 57 + .../easy-rsa/pki/certs_by_serial/31EE.pem | 57 + .../easy-rsa/pki/certs_by_serial/3254.pem | 57 + .../easy-rsa/pki/certs_by_serial/3274.pem | 57 + .../easy-rsa/pki/certs_by_serial/3301.pem | 57 + .../easy-rsa/pki/certs_by_serial/333C.pem | 57 + .../easy-rsa/pki/certs_by_serial/3349.pem | 57 + .../easy-rsa/pki/certs_by_serial/3374.pem | 57 + .../easy-rsa/pki/certs_by_serial/33E9.pem | 57 + .../easy-rsa/pki/certs_by_serial/36B4.pem | 57 + .../etc/openvpn/server/easy-rsa/pki/crl.pem | 9 + .../etc/openvpn/server/easy-rsa/pki/dh.pem | 8 + .../easy-rsa/pki/ecparams/secp384r1.pem | 3 + .../etc/openvpn/server/easy-rsa/pki/index.txt | 22 + .../server/easy-rsa/pki/index.txt.attr | 1 + .../server/easy-rsa/pki/index.txt.attr.old | 1 + .../openvpn/server/easy-rsa/pki/index.txt.old | 22 + .../server/easy-rsa/pki/issued/aborza.crt | 57 + .../server/easy-rsa/pki/issued/acsiba.crt | 57 + .../easy-rsa/pki/issued/akosztolanyi.crt | 57 + .../server/easy-rsa/pki/issued/azsamboki.crt | 57 + .../server/easy-rsa/pki/issued/csgulyas.crt | 57 + .../server/easy-rsa/pki/issued/cslevai.crt | 57 + .../server/easy-rsa/pki/issued/dvasary.crt | 57 + .../server/easy-rsa/pki/issued/fritter.crt | 57 + .../server/easy-rsa/pki/issued/fschnell.crt | 57 + .../server/easy-rsa/pki/issued/ifabian.crt | 57 + .../server/easy-rsa/pki/issued/khorvath.crt | 57 + .../server/easy-rsa/pki/issued/kkele.crt | 57 + .../server/easy-rsa/pki/issued/kschaffer.crt | 57 + .../server/easy-rsa/pki/issued/mszabo.crt | 57 + .../server/easy-rsa/pki/issued/ptombor.crt | 57 + .../server/easy-rsa/pki/issued/qqcs.crt | 57 + .../server/easy-rsa/pki/issued/rrendek.crt | 57 + .../server/easy-rsa/pki/issued/rtoth.crt | 57 + .../server/easy-rsa/pki/issued/server.crt | 57 + .../easy-rsa/pki/issued/zbartakovics.crt | 57 + .../server/easy-rsa/pki/issued/zfelleg.crt | 57 + .../server/easy-rsa/pki/issued/zsnemes.crt | 57 + .../server/easy-rsa/pki/private/aborza.key | 6 + .../server/easy-rsa/pki/private/acsiba.key | 6 + .../easy-rsa/pki/private/akosztolanyi.key | 6 + .../server/easy-rsa/pki/private/azsamboki.key | 6 + .../server/easy-rsa/pki/private/ca.key | 6 + .../server/easy-rsa/pki/private/csgulyas.key | 6 + .../server/easy-rsa/pki/private/cslevai.key | 6 + .../server/easy-rsa/pki/private/dvasary.key | 6 + .../server/easy-rsa/pki/private/fritter.key | 6 + .../server/easy-rsa/pki/private/fschnell.key | 6 + .../server/easy-rsa/pki/private/ifabian.key | 6 + .../server/easy-rsa/pki/private/khorvath.key | 6 + .../server/easy-rsa/pki/private/kkele.key | 6 + .../server/easy-rsa/pki/private/kschaffer.key | 6 + .../server/easy-rsa/pki/private/mszabo.key | 6 + .../server/easy-rsa/pki/private/ptombor.key | 6 + .../server/easy-rsa/pki/private/qqcs.key | 6 + .../server/easy-rsa/pki/private/rrendek.key | 6 + .../server/easy-rsa/pki/private/rtoth.key | 6 + .../server/easy-rsa/pki/private/server.key | 6 + .../easy-rsa/pki/private/zbartakovics.key | 6 + .../server/easy-rsa/pki/private/zfelleg.key | 6 + .../server/easy-rsa/pki/private/zsnemes.key | 6 + .../server/easy-rsa/pki/reqs/aborza.req | 8 + .../server/easy-rsa/pki/reqs/acsiba.req | 8 + .../server/easy-rsa/pki/reqs/akosztolanyi.req | 8 + .../server/easy-rsa/pki/reqs/azsamboki.req | 8 + .../server/easy-rsa/pki/reqs/csgulyas.req | 8 + .../server/easy-rsa/pki/reqs/cslevai.req | 8 + .../server/easy-rsa/pki/reqs/dvasary.req | 8 + .../server/easy-rsa/pki/reqs/fritter.req | 8 + .../server/easy-rsa/pki/reqs/fschnell.req | 8 + .../server/easy-rsa/pki/reqs/ifabian.req | 8 + .../server/easy-rsa/pki/reqs/khorvath.req | 8 + .../server/easy-rsa/pki/reqs/kkele.req | 8 + .../server/easy-rsa/pki/reqs/kschaffer.req | 8 + .../server/easy-rsa/pki/reqs/mszabo.req | 8 + .../server/easy-rsa/pki/reqs/ptombor.req | 8 + .../openvpn/server/easy-rsa/pki/reqs/qqcs.req | 8 + .../server/easy-rsa/pki/reqs/rrendek.req | 8 + .../server/easy-rsa/pki/reqs/rtoth.req | 8 + .../server/easy-rsa/pki/reqs/server.req | 8 + .../server/easy-rsa/pki/reqs/zbartakovics.req | 8 + .../server/easy-rsa/pki/reqs/zfelleg.req | 8 + .../server/easy-rsa/pki/reqs/zsnemes.req | 8 + .../etc/openvpn/server/easy-rsa/pki/serial | 1 + .../openvpn/server/easy-rsa/pki/serial.old | 1 + .../etc/openvpn/server/easy-rsa/pki/ta.key | 21 + .../install/etc/openvpn/server/easy-rsa/vars | 199 +++ .../openvpn/server/easy-rsa/x509-types/COMMON | 7 + .../etc/openvpn/server/easy-rsa/x509-types/ca | 13 + .../openvpn/server/easy-rsa/x509-types/client | 8 + .../openvpn/server/easy-rsa/x509-types/server | 8 + .../install/etc/openvpn/server/server.conf | 323 +++++ .../openvpn/setupscripts/10_setupserver.sh | 57 + .../etc/openvpn/setupscripts/20_getuids.sh | 35 + .../openvpn/setupscripts/30_create_client.sh | 52 + .../setupscripts/40_create_all_clients.sh | 8 + .../etc/openvpn/setupscripts/99_cleanup.sh | 6 + .../etc/openvpn/setupscripts/NAMES.txt | 19 + .../etc/openvpn/setupscripts/README.txt | 2 + .../install/etc/sysctl.d/01-ipv4.conf | 2 + .../install/etc/sysctl.d/01-ipv6.conf | 2 + 152 files changed, 10029 insertions(+) create mode 100644 sources/vpn.usr.f29/config create mode 100644 sources/vpn.usr.f29/envvars create mode 100755 sources/vpn.usr.f29/firstboot/01_setupnetworking.sh create mode 100755 sources/vpn.usr.f29/firstboot/02_settimezone.sh create mode 100755 sources/vpn.usr.f29/firstboot/03_displayvpndoc.sh create mode 100755 sources/vpn.usr.f29/firstboot/99_cleanup.sh create mode 100755 sources/vpn.usr.f29/hooks/autodev create mode 100755 sources/vpn.usr.f29/postinstall/01_setownership.sh create mode 100755 sources/vpn.usr.f29/postinstall/02_setpermissions.sh create mode 100755 sources/vpn.usr.f29/postinstall/03_installfiles.sh create mode 100755 sources/vpn.usr.f29/postinstall/10_setupservices.sh create mode 100755 sources/vpn.usr.f29/postinstall/99_cleanup.sh create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/hosts create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/abellai.conf create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/aborza.conf create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/acsiba.conf create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/akosztolanyi.conf create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/azsamboki.conf create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/client.conf.template create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/csgulyas.conf create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/dvasary.conf create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/fritter.conf create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/fschnell.conf create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/khorvath.conf create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/kkele.conf create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/kschaffer.conf create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/mszabo.conf create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/ptombor.conf create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/qqcs.conf create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/rrendek.conf create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/rtoth.conf create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/zbartakovics.conf create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/zfelleg.conf create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/zsnemes.conf create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/ccd/qqcs create mode 100755 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/easyrsa create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/openssl-1.0.cnf create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/ca.crt create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/01.pem create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/2811.pem create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/2AC2.pem create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/2B1C.pem create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/2BAE.pem create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/2CA3.pem create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/2DB5.pem create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/2E00.pem create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/2EEA.pem create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/2F41.pem create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/2FCF.pem create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/305F.pem create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/3068.pem create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/31EE.pem create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/3254.pem create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/3274.pem create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/3301.pem create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/333C.pem create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/3349.pem create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/3374.pem create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/33E9.pem create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/36B4.pem create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/crl.pem create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/dh.pem create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/ecparams/secp384r1.pem create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/index.txt create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/index.txt.attr create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/index.txt.attr.old create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/index.txt.old create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/aborza.crt create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/acsiba.crt create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/akosztolanyi.crt create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/azsamboki.crt create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/csgulyas.crt create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/cslevai.crt create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/dvasary.crt create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/fritter.crt create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/fschnell.crt create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/ifabian.crt create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/khorvath.crt create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/kkele.crt create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/kschaffer.crt create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/mszabo.crt create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/ptombor.crt create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/qqcs.crt create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/rrendek.crt create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/rtoth.crt create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/server.crt create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/zbartakovics.crt create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/zfelleg.crt create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/zsnemes.crt create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/aborza.key create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/acsiba.key create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/akosztolanyi.key create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/azsamboki.key create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/ca.key create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/csgulyas.key create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/cslevai.key create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/dvasary.key create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/fritter.key create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/fschnell.key create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/ifabian.key create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/khorvath.key create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/kkele.key create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/kschaffer.key create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/mszabo.key create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/ptombor.key create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/qqcs.key create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/rrendek.key create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/rtoth.key create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/server.key create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/zbartakovics.key create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/zfelleg.key create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/zsnemes.key create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/aborza.req create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/acsiba.req create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/akosztolanyi.req create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/azsamboki.req create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/csgulyas.req create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/cslevai.req create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/dvasary.req create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/fritter.req create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/fschnell.req create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/ifabian.req create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/khorvath.req create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/kkele.req create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/kschaffer.req create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/mszabo.req create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/ptombor.req create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/qqcs.req create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/rrendek.req create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/rtoth.req create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/server.req create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/zbartakovics.req create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/zfelleg.req create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/zsnemes.req create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/serial create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/serial.old create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/ta.key create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/vars create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/x509-types/COMMON create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/x509-types/ca create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/x509-types/client create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/x509-types/server create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/server.conf create mode 100755 sources/vpn.usr.f29/postinstall/install/etc/openvpn/setupscripts/10_setupserver.sh create mode 100755 sources/vpn.usr.f29/postinstall/install/etc/openvpn/setupscripts/20_getuids.sh create mode 100755 sources/vpn.usr.f29/postinstall/install/etc/openvpn/setupscripts/30_create_client.sh create mode 100755 sources/vpn.usr.f29/postinstall/install/etc/openvpn/setupscripts/40_create_all_clients.sh create mode 100755 sources/vpn.usr.f29/postinstall/install/etc/openvpn/setupscripts/99_cleanup.sh create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/setupscripts/NAMES.txt create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/openvpn/setupscripts/README.txt create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/sysctl.d/01-ipv4.conf create mode 100644 sources/vpn.usr.f29/postinstall/install/etc/sysctl.d/01-ipv6.conf diff --git a/sources/vpn.usr.f29/config b/sources/vpn.usr.f29/config new file mode 100644 index 0000000..9754aa3 --- /dev/null +++ b/sources/vpn.usr.f29/config @@ -0,0 +1,21 @@ +lxc.include = /usr/share/lxc/config/common.conf + +lxc.arch = x86_64 +lxc.uts.name = vpn.usr.user.hu +lxc.rootfs.path = __CONTAINER_PATH__/rootfs +lxc.mount.auto = proc:rw sys:ro + +lxc.net.0.type = phys +lxc.net.0.flags = up +lxc.net.0.link = vpn + +lxc.autodev = 1 +lxc.hook.autodev = __CONTAINER_PATH__/hooks/autodev + +lxc.cgroup.devices.allow = c 10:200 rwm + +lxc.signal.halt = SIGRTMIN+4 + +lxc.start.auto = 1 +lxc.start.order = 12 +lxc.start.delay = 10 diff --git a/sources/vpn.usr.f29/envvars b/sources/vpn.usr.f29/envvars new file mode 100644 index 0000000..9390854 --- /dev/null +++ b/sources/vpn.usr.f29/envvars @@ -0,0 +1,4 @@ +#BASE_PACKAGES="NetworkManager initscripts openssh-server openssh-clients openssh-ldap rootfiles rsyslog sudo tar vim-minimal" +#SPEC_PACKAGES="authselect easy-rsa openvpn nss-pam-ldapd pam_ssh passwd python" +BASE_PACKAGES="NetworkManager initscripts rootfiles rsyslog tar" +SPEC_PACKAGES="easy-rsa openvpn" diff --git a/sources/vpn.usr.f29/firstboot/01_setupnetworking.sh b/sources/vpn.usr.f29/firstboot/01_setupnetworking.sh new file mode 100755 index 0000000..25b401d --- /dev/null +++ b/sources/vpn.usr.f29/firstboot/01_setupnetworking.sh @@ -0,0 +1,54 @@ +#!/bin/sh + + +sleep 1 +systemctl --quiet is-active NetworkManager.service +NM_RC=$? +WAITED=0 +while [ $NM_RC -ne 0 ] +do + echo -n . + sleep 1 + WAITED=1 + systemctl --quiet is-active NetworkManager.service + NM_RC=$? +done +[ $WAITED -ne 0 ] && echo + +CONNECTIONS=$(nmcli connection show | grep -v '^NAME' | wc -l) +if [ $CONNECTIONS -ne 1 ] +then + echo "Number of connections: $CONNECTIONS" >&2 + exit 1 +fi + +CONNECTION_LINE=$(nmcli connection show | grep -v '^NAME') +CONNECTION_TOKENS=$(echo $CONNECTION_LINE | wc -w) +#CONNECTION_NAME_POS=$(( $CONNECTION_TOKENS - 3 )) +CONNECTION_UUID_POS=$(( $CONNECTION_TOKENS - 2 )) +#CONNECTION_TYPE_POS=$(( $CONNECTION_TOKENS - 1 )) +CONNECTION_DEVICE_POS=$CONNECTION_TOKENS +#CONNECTION_NAME=$(echo $CONNECTION_LINE \ +# | cut -f -$CONNECTION_NAME_POS -d ' ') +CONNECTION_UUID=$(echo $CONNECTION_LINE \ + | cut -f $CONNECTION_UUID_POS -d ' ') +#CONNECTION_TYPE=$(echo $CONNECTION_LINE \ +# | cut -f $CONNECTION_TYPE_POS -d ' ') +CONNECTION_DEVICE=$(echo $CONNECTION_LINE \ + | cut -f $CONNECTION_DEVICE_POS -d ' ') + +nmcli connection delete uuid "$CONNECTION_UUID" + +nmcli connection add \ + type 802-3-ethernet \ + ifname $CONNECTION_DEVICE \ + con-name internal \ + autoconnect yes \ + save yes \ + ipv4.addresses "10.228.109.236/16" \ + ipv4.dns "10.228.109.104, 10.228.109.253" \ + ipv4.dns-search "usr.user.hu" \ + ipv4.gateway "10.228.109.254" \ + ipv4.method "manual" \ + ipv6.method "ignore" +nmcli connection show diff --git a/sources/vpn.usr.f29/firstboot/02_settimezone.sh b/sources/vpn.usr.f29/firstboot/02_settimezone.sh new file mode 100755 index 0000000..20b2a71 --- /dev/null +++ b/sources/vpn.usr.f29/firstboot/02_settimezone.sh @@ -0,0 +1,21 @@ +#!/bin/sh + + +sleep 1 +systemctl --quiet is-active dbus.service +DBUS_RC=$? +WAITED=0 +while [ $DBUS_RC -ne 0 ] +do + if [ $WAITED -eq 0 ] + then + echo -n "Waiting for dbus.service" + fi + echo -n . + sleep 1 + WAITED=1 + systemctl --quiet is-active dbus.service + DBUS_RC=$? +done +[ $WAITED -ne 0 ] && echo +timedatectl set-timezone Europe/Budapest diff --git a/sources/vpn.usr.f29/firstboot/03_displayvpndoc.sh b/sources/vpn.usr.f29/firstboot/03_displayvpndoc.sh new file mode 100755 index 0000000..e4e8b06 --- /dev/null +++ b/sources/vpn.usr.f29/firstboot/03_displayvpndoc.sh @@ -0,0 +1,6 @@ +#!/bin/sh + + +REAL_PATH=$(dirname $(realpath $0)) + +echo "OpenVPN setup scripts can be found in /etc/openvpn/setupscripts" diff --git a/sources/vpn.usr.f29/firstboot/99_cleanup.sh b/sources/vpn.usr.f29/firstboot/99_cleanup.sh new file mode 100755 index 0000000..b87f2f4 --- /dev/null +++ b/sources/vpn.usr.f29/firstboot/99_cleanup.sh @@ -0,0 +1,6 @@ +#!/bin/sh + + +REAL_PATH=$(dirname $(realpath $0)) + +echo rm -Rf $REAL_PATH diff --git a/sources/vpn.usr.f29/hooks/autodev b/sources/vpn.usr.f29/hooks/autodev new file mode 100755 index 0000000..313469e --- /dev/null +++ b/sources/vpn.usr.f29/hooks/autodev @@ -0,0 +1,6 @@ +#!/bin/bash + +cd $LXC_ROOTFS_MOUNT/dev +mkdir net +mknod net/tun c 10 200 +chmod 0666 net/tun diff --git a/sources/vpn.usr.f29/postinstall/01_setownership.sh b/sources/vpn.usr.f29/postinstall/01_setownership.sh new file mode 100755 index 0000000..f2e6b94 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/01_setownership.sh @@ -0,0 +1,7 @@ +#!/bin/sh + + +REAL_PATH=$(dirname $(realpath $0)) +SOURCE_PATH=$REAL_PATH/install + +chown -R root.root $SOURCE_PATH/* diff --git a/sources/vpn.usr.f29/postinstall/02_setpermissions.sh b/sources/vpn.usr.f29/postinstall/02_setpermissions.sh new file mode 100755 index 0000000..241386a --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/02_setpermissions.sh @@ -0,0 +1,5 @@ +#!/bin/sh + + +REAL_PATH=$(dirname $(realpath $0)) +SOURCE_PATH=$REAL_PATH/install diff --git a/sources/vpn.usr.f29/postinstall/03_installfiles.sh b/sources/vpn.usr.f29/postinstall/03_installfiles.sh new file mode 100755 index 0000000..f190caf --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/03_installfiles.sh @@ -0,0 +1,15 @@ +#!/bin/sh + + +REAL_PATH=$(dirname $(realpath $0)) + +tar --create \ + --directory=$REAL_PATH \ + --to-stdout \ + install \ + | tar --extract \ + --backup \ + --directory=/ \ + --no-overwrite-dir \ + --strip-components=1 \ + --suffix=.orig diff --git a/sources/vpn.usr.f29/postinstall/10_setupservices.sh b/sources/vpn.usr.f29/postinstall/10_setupservices.sh new file mode 100755 index 0000000..a6a9e38 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/10_setupservices.sh @@ -0,0 +1,7 @@ +#!/bin/sh + + +systemctl enable openvpn-server@server.service +systemctl enable NetworkManager-wait-online.service + +systemctl mask wpa_supplicant.service diff --git a/sources/vpn.usr.f29/postinstall/99_cleanup.sh b/sources/vpn.usr.f29/postinstall/99_cleanup.sh new file mode 100755 index 0000000..b87f2f4 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/99_cleanup.sh @@ -0,0 +1,6 @@ +#!/bin/sh + + +REAL_PATH=$(dirname $(realpath $0)) + +echo rm -Rf $REAL_PATH diff --git a/sources/vpn.usr.f29/postinstall/install/etc/hosts b/sources/vpn.usr.f29/postinstall/install/etc/hosts new file mode 100644 index 0000000..219e747 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/hosts @@ -0,0 +1,4 @@ +127.0.0.1 localhost.localdomain localhost localhost4.localdomain4 localhost4 +::1 localhost6.localdomain6 localhost6 + +10.228.109.236 vpn.usr.user.hu vpn diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/abellai.conf b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/abellai.conf new file mode 100644 index 0000000..373477f --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/abellai.conf @@ -0,0 +1,236 @@ +############################################## +# Sample client-side OpenVPN 2.0 config file # +# for connecting to multi-client server. # +# # +# This configuration can be used by multiple # +# clients, however each client should have # +# its own cert and key files. # +# # +# On Windows, you might want to rename this # +# file so it has a .ovpn extension # +############################################## + +# Specify that we are a client and that we +# will be pulling certain config file directives +# from the server. +client + +# Use the same setting as you are using on +# the server. +# On most systems, the VPN will not function +# unless you partially or fully disable +# the firewall for the TUN/TAP interface. +;dev tap +dev tun + +# Windows needs the TAP-Win32 adapter name +# from the Network Connections panel +# if you have more than one. On XP SP2, +# you may need to disable the firewall +# for the TAP adapter. +;dev-node MyTap + +# Are we connecting to a TCP or +# UDP server? Use the same setting as +# on the server. +;proto tcp +proto udp + +# The hostname/IP and port of the server. +# You can have multiple remote entries +# to load balance between the servers. +remote vpn.userrendszerhaz.hu 1194 + +# Choose a random host from the remote +# list for load-balancing. Otherwise +# try hosts in the order specified. +;remote-random + +# Keep trying indefinitely to resolve the +# host name of the OpenVPN server. Very useful +# on machines which are not permanently connected +# to the internet such as laptops. +resolv-retry infinite + +# Most clients don't need to bind to +# a specific local port number. +nobind + +# Downgrade privileges after initialization (non-Windows only) +user nobody +group nobody + +# Try to preserve some state across restarts. +persist-key +persist-tun + +# If you are connecting through an +# HTTP proxy to reach the actual OpenVPN +# server, put the proxy server/IP and +# port number here. See the man page +# if your proxy server requires +# authentication. +;http-proxy-retry # retry on connection failures +;http-proxy [proxy server] [proxy port #] + +# Wireless networks often produce a lot +# of duplicate packets. Set this flag +# to silence duplicate packet warnings. +;mute-replay-warnings + +# SSL/TLS parms. +# See the server config file for more +# description. It's best to use +# a separate .crt/.key file pair +# for each client. A single ca +# file can be used for all clients. +;ca ca.crt +;cert client.crt +;key client.key + +# Verify server certificate by checking that the +# certicate has the correct key usage set. +# This is an important precaution to protect against +# a potential attack discussed here: +# http://openvpn.net/howto.html#mitm +# +# To use this feature, you will need to generate +# your server certificates with the keyUsage set to +# digitalSignature, keyEncipherment +# and the extendedKeyUsage to +# serverAuth +# EasyRSA can do this for you. +remote-cert-tls server + +# If a tls-auth key is used on the server +# then every client must also have the key. +;tls-auth ta.key 1 +key-direction 1 + +# Select a cryptographic cipher. +# If the cipher option is used on the server +# then you must also specify it here. +# Note that v2.4 client/server will automatically +# negotiate AES-256-GCM in TLS mode. +# See also the ncp-cipher option in the manpage +cipher AES-256-CBC + +# Enable compression on the VPN link. +# Don't enable this unless it is also +# enabled in the server config file. +#comp-lzo + +# Set log file verbosity. +verb 3 + +# Silence repeating messages +;mute 20 + + +-----BEGIN CERTIFICATE----- +MIIB4zCCAWmgAwIBAgIJANzVB7ZWgM/zMAoGCCqGSM49BAMCMBUxEzARBgNVBAMM +Ck9wZW5WUE4gQ0EwHhcNMTcxMDE5MDkyNjQ5WhcNMjcxMDE3MDkyNjQ5WjAVMRMw +EQYDVQQDDApPcGVuVlBOIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEZlRYMkM/ +C1BWwdhulSHhjowAkCXaAN8OUprngryT/qA/0Am+LYQmWdwNdef4ElhSTW4xaKQZ +q4d36p1ygnf3lEKRQSkg2u/5mrTCBw1DEZOgg8CS1z4wTlttYqlido0Jo4GEMIGB +MB0GA1UdDgQWBBQ0+FxfsE+24u9DitmrWHTQVshLzzBFBgNVHSMEPjA8gBQ0+Fxf +sE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJANzV +B7ZWgM/zMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqGSM49BAMCA2gA +MGUCMQCzheSmsBg4AbeGKqnuJ9P/uvgQOZcsgxls63EDhpirHcL/eJFGwpF2xj1p +9AnWZfwCMGO/71WFApKPRJo6rFfpbqt3UG/ht2TKE59f2kXNlhW2DS0Vg4FnFRVa ++ARBv6orZw== +-----END CERTIFICATE----- + + + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 11420 (0x2c9c) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=OpenVPN CA + Validity + Not Before: Nov 6 09:18:33 2017 GMT + Not After : Nov 4 09:18:33 2027 GMT + Subject: CN=abellai + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:76:75:53:16:13:32:01:21:f9:80:8b:5f:aa:e9: + b8:d8:0a:b6:cf:b1:d1:74:b8:f3:0b:cb:5a:60:41: + d4:de:50:20:53:aa:f1:3e:ba:14:b6:e8:3a:56:75: + cd:7d:1a:c9:a9:f6:31:b9:b8:55:a8:4c:cf:eb:91: + f7:23:f7:98:13:30:79:08:6f:4a:4d:61:be:3b:46: + 6d:80:83:67:bf:e9:03:4d:24:02:ce:a7:82:5f:6d: + b3:1b:c2:64:e9:43:bc + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 6D:CB:36:20:EB:42:04:2D:DD:B7:03:29:70:E0:05:32:40:9B:96:E0 + X509v3 Authority Key Identifier: + keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF + DirName:/CN=OpenVPN CA + serial:DC:D5:07:B6:56:80:CF:F3 + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:30:1e:ee:85:f7:51:aa:00:8c:a7:bc:5d:81:dd:54: + 59:d0:bf:6b:31:6e:34:87:68:1c:23:1c:d8:6c:1a:59:6f:3f: + b8:88:b2:f7:da:45:22:38:d2:22:fb:a6:e1:fb:e1:f6:02:31: + 00:f0:6d:fc:d9:87:61:74:0e:6b:76:00:63:f2:16:5e:5d:ee: + d7:96:c4:ac:dd:ef:b8:fd:e5:e4:b1:47:35:52:ef:1d:5d:1d: + e6:1a:c7:7e:4a:b4:d4:be:86:64:2d:fd:52 +-----BEGIN CERTIFICATE----- +MIIB6zCCAXGgAwIBAgICLJwwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ +TiBDQTAeFw0xNzExMDYwOTE4MzNaFw0yNzExMDQwOTE4MzNaMBIxEDAOBgNVBAMM +B2FiZWxsYWkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAR2dVMWEzIBIfmAi1+q6bjY +CrbPsdF0uPMLy1pgQdTeUCBTqvE+uhS26DpWdc19Gsmp9jG5uFWoTM/rkfcj95gT +MHkIb0pNYb47Rm2Ag2e/6QNNJALOp4JfbbMbwmTpQ7yjgZYwgZMwCQYDVR0TBAIw +ADAdBgNVHQ4EFgQUbcs2IOtCBC3dtwMpcOAFMkCbluAwRQYDVR0jBD4wPIAUNPhc +X7BPtuLvQ4rZq1h00FbIS8+hGaQXMBUxEzARBgNVBAMMCk9wZW5WUE4gQ0GCCQDc +1Qe2VoDP8zATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZI +zj0EAwIDaAAwZQIwHu6F91GqAIynvF2B3VRZ0L9rMW40h2gcIxzYbBpZbz+4iLL3 +2kUiONIi+6bh++H2AjEA8G382YdhdA5rdgBj8hZeXe7XlsSs3e+4/eXksUc1Uu8d +XR3mGsd+SrTUvoZkLf1S +-----END CERTIFICATE----- + + + +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBFYzI7yj3wui4KYnrc +HaHi0zzfEhd4GHhLKut+ILUjG1EFGAYB/x1INjV0pYiY9cyhZANiAAR2dVMWEzIB +IfmAi1+q6bjYCrbPsdF0uPMLy1pgQdTeUCBTqvE+uhS26DpWdc19Gsmp9jG5uFWo +TM/rkfcj95gTMHkIb0pNYb47Rm2Ag2e/6QNNJALOp4JfbbMbwmTpQ7w= +-----END PRIVATE KEY----- + + + +# +# 2048 bit OpenVPN static key +# +-----BEGIN OpenVPN Static key V1----- +e2c3228e2b7b2e06ea31c36d88f0b025 +a43272d29c5e75ce0e0d848a22455f7f +2fbbe2913630194ca637d987b9c9a62d +4e68ce4cb9cc00a13475e749fdbf98c9 +cae6c8c4ef8e5b8bbf6d0cd30c217625 +382064df6f2fba84d572f0b462530549 +462ef72ebdf83b41bb1c25467d516938 +b9b82d3a5a6ba072c5ca7c1ed54500f1 +932f175f377cbf6a9250690eb36cf05b +8d04c22756cb43d787d5c6efbbe78732 +02cdc11cf66cef8ccf0842f6f3de425a +e0c1f29111e7aaf091b97b3958a35066 +94ba9f615b622339e6151314c6ea6014 +518c7ea5e064965985afab9a4bbba63e +80fb88e0ab45db4f734c1650dcd01810 +c201d2efe838b414674643ce2d05fdab +-----END OpenVPN Static key V1----- + diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/aborza.conf b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/aborza.conf new file mode 100644 index 0000000..e47416f --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/aborza.conf @@ -0,0 +1,236 @@ +############################################## +# Sample client-side OpenVPN 2.0 config file # +# for connecting to multi-client server. # +# # +# This configuration can be used by multiple # +# clients, however each client should have # +# its own cert and key files. # +# # +# On Windows, you might want to rename this # +# file so it has a .ovpn extension # +############################################## + +# Specify that we are a client and that we +# will be pulling certain config file directives +# from the server. +client + +# Use the same setting as you are using on +# the server. +# On most systems, the VPN will not function +# unless you partially or fully disable +# the firewall for the TUN/TAP interface. +;dev tap +dev tun + +# Windows needs the TAP-Win32 adapter name +# from the Network Connections panel +# if you have more than one. On XP SP2, +# you may need to disable the firewall +# for the TAP adapter. +;dev-node MyTap + +# Are we connecting to a TCP or +# UDP server? Use the same setting as +# on the server. +;proto tcp +proto udp + +# The hostname/IP and port of the server. +# You can have multiple remote entries +# to load balance between the servers. +remote vpn.userrendszerhaz.hu 1194 + +# Choose a random host from the remote +# list for load-balancing. Otherwise +# try hosts in the order specified. +;remote-random + +# Keep trying indefinitely to resolve the +# host name of the OpenVPN server. Very useful +# on machines which are not permanently connected +# to the internet such as laptops. +resolv-retry infinite + +# Most clients don't need to bind to +# a specific local port number. +nobind + +# Downgrade privileges after initialization (non-Windows only) +user nobody +group nobody + +# Try to preserve some state across restarts. +persist-key +persist-tun + +# If you are connecting through an +# HTTP proxy to reach the actual OpenVPN +# server, put the proxy server/IP and +# port number here. See the man page +# if your proxy server requires +# authentication. +;http-proxy-retry # retry on connection failures +;http-proxy [proxy server] [proxy port #] + +# Wireless networks often produce a lot +# of duplicate packets. Set this flag +# to silence duplicate packet warnings. +;mute-replay-warnings + +# SSL/TLS parms. +# See the server config file for more +# description. It's best to use +# a separate .crt/.key file pair +# for each client. A single ca +# file can be used for all clients. +;ca ca.crt +;cert client.crt +;key client.key + +# Verify server certificate by checking that the +# certicate has the correct key usage set. +# This is an important precaution to protect against +# a potential attack discussed here: +# http://openvpn.net/howto.html#mitm +# +# To use this feature, you will need to generate +# your server certificates with the keyUsage set to +# digitalSignature, keyEncipherment +# and the extendedKeyUsage to +# serverAuth +# EasyRSA can do this for you. +remote-cert-tls server + +# If a tls-auth key is used on the server +# then every client must also have the key. +;tls-auth ta.key 1 +key-direction 1 + +# Select a cryptographic cipher. +# If the cipher option is used on the server +# then you must also specify it here. +# Note that v2.4 client/server will automatically +# negotiate AES-256-GCM in TLS mode. +# See also the ncp-cipher option in the manpage +cipher AES-256-CBC + +# Enable compression on the VPN link. +# Don't enable this unless it is also +# enabled in the server config file. +#comp-lzo + +# Set log file verbosity. +verb 3 + +# Silence repeating messages +;mute 20 + + +-----BEGIN CERTIFICATE----- +MIIB4zCCAWmgAwIBAgIJANzVB7ZWgM/zMAoGCCqGSM49BAMCMBUxEzARBgNVBAMM +Ck9wZW5WUE4gQ0EwHhcNMTcxMDE5MDkyNjQ5WhcNMjcxMDE3MDkyNjQ5WjAVMRMw +EQYDVQQDDApPcGVuVlBOIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEZlRYMkM/ +C1BWwdhulSHhjowAkCXaAN8OUprngryT/qA/0Am+LYQmWdwNdef4ElhSTW4xaKQZ +q4d36p1ygnf3lEKRQSkg2u/5mrTCBw1DEZOgg8CS1z4wTlttYqlido0Jo4GEMIGB +MB0GA1UdDgQWBBQ0+FxfsE+24u9DitmrWHTQVshLzzBFBgNVHSMEPjA8gBQ0+Fxf +sE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJANzV +B7ZWgM/zMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqGSM49BAMCA2gA +MGUCMQCzheSmsBg4AbeGKqnuJ9P/uvgQOZcsgxls63EDhpirHcL/eJFGwpF2xj1p +9AnWZfwCMGO/71WFApKPRJo6rFfpbqt3UG/ht2TKE59f2kXNlhW2DS0Vg4FnFRVa ++ARBv6orZw== +-----END CERTIFICATE----- + + + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 12782 (0x31ee) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=OpenVPN CA + Validity + Not Before: Oct 19 09:30:45 2017 GMT + Not After : Oct 17 09:30:45 2027 GMT + Subject: CN=aborza + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:ca:81:c1:4a:ea:59:0a:e6:b5:34:90:78:60:ae: + 9a:b9:5c:d8:52:3e:ec:8f:30:00:96:c0:6b:5e:17: + 60:ab:72:09:73:e3:3e:31:5b:f7:fe:ed:31:48:94: + 6f:e9:a0:4a:70:76:55:5b:41:07:ea:af:e2:8a:b1: + 5f:5c:95:e4:f4:b4:60:1d:91:c8:0f:fb:57:f6:53: + 79:07:3a:2e:c9:6f:96:6a:7d:1e:1c:f6:74:19:76: + 8c:bb:c1:dd:dd:ff:6d + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 8D:C0:A1:00:5B:E9:79:9B:65:3D:0B:DA:CD:18:C0:80:D7:11:49:7A + X509v3 Authority Key Identifier: + keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF + DirName:/CN=OpenVPN CA + serial:DC:D5:07:B6:56:80:CF:F3 + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:30:70:1e:e8:7c:51:73:46:96:78:64:df:35:e8:90: + 28:60:66:c3:a1:9c:ce:46:c6:09:95:c3:99:80:ce:70:84:10: + 2f:a2:8b:ad:53:8f:0e:67:ad:05:88:71:4b:dc:a4:4a:02:31: + 00:83:2b:87:a9:6e:6e:14:49:ff:53:61:8c:6b:8a:f3:cf:b4: + 4a:b7:ec:19:e3:05:bd:4f:43:49:bb:cb:df:aa:ba:27:e7:5e: + 07:4a:f8:32:c6:f0:f1:22:31:a0:7f:f8:22 +-----BEGIN CERTIFICATE----- +MIIB6jCCAXCgAwIBAgICMe4wCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ +TiBDQTAeFw0xNzEwMTkwOTMwNDVaFw0yNzEwMTcwOTMwNDVaMBExDzANBgNVBAMM +BmFib3J6YTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMqBwUrqWQrmtTSQeGCumrlc +2FI+7I8wAJbAa14XYKtyCXPjPjFb9/7tMUiUb+mgSnB2VVtBB+qv4oqxX1yV5PS0 +YB2RyA/7V/ZTeQc6Lslvlmp9Hhz2dBl2jLvB3d3/baOBljCBkzAJBgNVHRMEAjAA +MB0GA1UdDgQWBBSNwKEAW+l5m2U9C9rNGMCA1xFJejBFBgNVHSMEPjA8gBQ0+Fxf +sE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJANzV +B7ZWgM/zMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAKBggqhkjO +PQQDAgNoADBlAjBwHuh8UXNGlnhk3zXokChgZsOhnM5GxgmVw5mAznCEEC+ii61T +jw5nrQWIcUvcpEoCMQCDK4epbm4USf9TYYxrivPPtEq37BnjBb1PQ0m7y9+quifn +XgdK+DLG8PEiMaB/+CI= +-----END CERTIFICATE----- + + + +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDXDmyQ4XF5iPRhk/8g +XXdZ5ECp/D3r7OnQDsORGakLdezeXNdK0ZgdIBX0R5/Vg1mhZANiAATKgcFK6lkK +5rU0kHhgrpq5XNhSPuyPMACWwGteF2Crcglz4z4xW/f+7TFIlG/poEpwdlVbQQfq +r+KKsV9cleT0tGAdkcgP+1f2U3kHOi7Jb5ZqfR4c9nQZdoy7wd3d/20= +-----END PRIVATE KEY----- + + + +# +# 2048 bit OpenVPN static key +# +-----BEGIN OpenVPN Static key V1----- +e2c3228e2b7b2e06ea31c36d88f0b025 +a43272d29c5e75ce0e0d848a22455f7f +2fbbe2913630194ca637d987b9c9a62d +4e68ce4cb9cc00a13475e749fdbf98c9 +cae6c8c4ef8e5b8bbf6d0cd30c217625 +382064df6f2fba84d572f0b462530549 +462ef72ebdf83b41bb1c25467d516938 +b9b82d3a5a6ba072c5ca7c1ed54500f1 +932f175f377cbf6a9250690eb36cf05b +8d04c22756cb43d787d5c6efbbe78732 +02cdc11cf66cef8ccf0842f6f3de425a +e0c1f29111e7aaf091b97b3958a35066 +94ba9f615b622339e6151314c6ea6014 +518c7ea5e064965985afab9a4bbba63e +80fb88e0ab45db4f734c1650dcd01810 +c201d2efe838b414674643ce2d05fdab +-----END OpenVPN Static key V1----- + diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/acsiba.conf b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/acsiba.conf new file mode 100644 index 0000000..41869be --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/acsiba.conf @@ -0,0 +1,236 @@ +############################################## +# Sample client-side OpenVPN 2.0 config file # +# for connecting to multi-client server. # +# # +# This configuration can be used by multiple # +# clients, however each client should have # +# its own cert and key files. # +# # +# On Windows, you might want to rename this # +# file so it has a .ovpn extension # +############################################## + +# Specify that we are a client and that we +# will be pulling certain config file directives +# from the server. +client + +# Use the same setting as you are using on +# the server. +# On most systems, the VPN will not function +# unless you partially or fully disable +# the firewall for the TUN/TAP interface. +;dev tap +dev tun + +# Windows needs the TAP-Win32 adapter name +# from the Network Connections panel +# if you have more than one. On XP SP2, +# you may need to disable the firewall +# for the TAP adapter. +;dev-node MyTap + +# Are we connecting to a TCP or +# UDP server? Use the same setting as +# on the server. +;proto tcp +proto udp + +# The hostname/IP and port of the server. +# You can have multiple remote entries +# to load balance between the servers. +remote vpn.userrendszerhaz.hu 1194 + +# Choose a random host from the remote +# list for load-balancing. Otherwise +# try hosts in the order specified. +;remote-random + +# Keep trying indefinitely to resolve the +# host name of the OpenVPN server. Very useful +# on machines which are not permanently connected +# to the internet such as laptops. +resolv-retry infinite + +# Most clients don't need to bind to +# a specific local port number. +nobind + +# Downgrade privileges after initialization (non-Windows only) +user nobody +group nobody + +# Try to preserve some state across restarts. +persist-key +persist-tun + +# If you are connecting through an +# HTTP proxy to reach the actual OpenVPN +# server, put the proxy server/IP and +# port number here. See the man page +# if your proxy server requires +# authentication. +;http-proxy-retry # retry on connection failures +;http-proxy [proxy server] [proxy port #] + +# Wireless networks often produce a lot +# of duplicate packets. Set this flag +# to silence duplicate packet warnings. +;mute-replay-warnings + +# SSL/TLS parms. +# See the server config file for more +# description. It's best to use +# a separate .crt/.key file pair +# for each client. A single ca +# file can be used for all clients. +;ca ca.crt +;cert client.crt +;key client.key + +# Verify server certificate by checking that the +# certicate has the correct key usage set. +# This is an important precaution to protect against +# a potential attack discussed here: +# http://openvpn.net/howto.html#mitm +# +# To use this feature, you will need to generate +# your server certificates with the keyUsage set to +# digitalSignature, keyEncipherment +# and the extendedKeyUsage to +# serverAuth +# EasyRSA can do this for you. +remote-cert-tls server + +# If a tls-auth key is used on the server +# then every client must also have the key. +;tls-auth ta.key 1 +key-direction 1 + +# Select a cryptographic cipher. +# If the cipher option is used on the server +# then you must also specify it here. +# Note that v2.4 client/server will automatically +# negotiate AES-256-GCM in TLS mode. +# See also the ncp-cipher option in the manpage +cipher AES-256-CBC + +# Enable compression on the VPN link. +# Don't enable this unless it is also +# enabled in the server config file. +#comp-lzo + +# Set log file verbosity. +verb 3 + +# Silence repeating messages +;mute 20 + + +-----BEGIN CERTIFICATE----- +MIIB4zCCAWmgAwIBAgIJANzVB7ZWgM/zMAoGCCqGSM49BAMCMBUxEzARBgNVBAMM +Ck9wZW5WUE4gQ0EwHhcNMTcxMDE5MDkyNjQ5WhcNMjcxMDE3MDkyNjQ5WjAVMRMw +EQYDVQQDDApPcGVuVlBOIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEZlRYMkM/ +C1BWwdhulSHhjowAkCXaAN8OUprngryT/qA/0Am+LYQmWdwNdef4ElhSTW4xaKQZ +q4d36p1ygnf3lEKRQSkg2u/5mrTCBw1DEZOgg8CS1z4wTlttYqlido0Jo4GEMIGB +MB0GA1UdDgQWBBQ0+FxfsE+24u9DitmrWHTQVshLzzBFBgNVHSMEPjA8gBQ0+Fxf +sE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJANzV +B7ZWgM/zMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqGSM49BAMCA2gA +MGUCMQCzheSmsBg4AbeGKqnuJ9P/uvgQOZcsgxls63EDhpirHcL/eJFGwpF2xj1p +9AnWZfwCMGO/71WFApKPRJo6rFfpbqt3UG/ht2TKE59f2kXNlhW2DS0Vg4FnFRVa ++ARBv6orZw== +-----END CERTIFICATE----- + + + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 12010 (0x2eea) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=OpenVPN CA + Validity + Not Before: Oct 19 09:30:53 2017 GMT + Not After : Oct 17 09:30:53 2027 GMT + Subject: CN=acsiba + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:da:c2:53:06:83:f7:48:e5:6a:f8:89:fc:d5:bd: + db:d0:b9:7c:e0:d9:83:2c:63:7b:d2:5f:81:a7:81: + fc:c8:3d:ff:33:a8:48:f0:aa:7b:07:68:1b:aa:01: + 70:5e:d8:d1:18:a6:12:c9:65:42:2a:43:bc:37:19: + 41:57:a2:bc:e5:fb:9b:4a:0b:88:47:50:e2:ad:3e: + 79:22:54:c0:e9:ac:2a:2f:e7:ed:0d:a0:c1:38:86: + 9e:45:ec:14:12:a3:73 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 15:17:AB:54:ED:F7:6C:D1:1E:AD:12:A6:20:4F:04:78:22:83:6C:A0 + X509v3 Authority Key Identifier: + keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF + DirName:/CN=OpenVPN CA + serial:DC:D5:07:B6:56:80:CF:F3 + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:31:00:a9:f0:bc:0c:01:70:39:9f:99:f1:c9:ce:5f: + d0:f2:b3:66:64:38:7e:9b:36:51:1c:5e:69:6f:7a:4b:bd:32: + 0f:50:7a:c9:8a:dc:f5:18:a3:f3:69:02:20:c2:3c:f1:95:02: + 30:78:72:d5:53:c2:2e:b2:5c:91:a7:a6:78:b4:3f:0f:2e:3e: + 22:20:22:3f:b2:67:96:e8:79:89:f0:b0:a8:bb:1d:d6:70:f1: + c9:1b:22:31:e3:40:36:6e:40:da:7d:64:d7 +-----BEGIN CERTIFICATE----- +MIIB6jCCAXCgAwIBAgICLuowCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ +TiBDQTAeFw0xNzEwMTkwOTMwNTNaFw0yNzEwMTcwOTMwNTNaMBExDzANBgNVBAMM +BmFjc2liYTB2MBAGByqGSM49AgEGBSuBBAAiA2IABNrCUwaD90jlaviJ/NW929C5 +fODZgyxje9JfgaeB/Mg9/zOoSPCqewdoG6oBcF7Y0RimEsllQipDvDcZQVeivOX7 +m0oLiEdQ4q0+eSJUwOmsKi/n7Q2gwTiGnkXsFBKjc6OBljCBkzAJBgNVHRMEAjAA +MB0GA1UdDgQWBBQVF6tU7fds0R6tEqYgTwR4IoNsoDBFBgNVHSMEPjA8gBQ0+Fxf +sE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJANzV +B7ZWgM/zMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAKBggqhkjO +PQQDAgNoADBlAjEAqfC8DAFwOZ+Z8cnOX9Dys2ZkOH6bNlEcXmlveku9Mg9QesmK +3PUYo/NpAiDCPPGVAjB4ctVTwi6yXJGnpni0Pw8uPiIgIj+yZ5boeYnwsKi7HdZw +8ckbIjHjQDZuQNp9ZNc= +-----END CERTIFICATE----- + + + +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBWJGEFVc/SmIhR0WOU +yvUkd77l0e1NWkcUaVzR9ImZR8hVKPHkSH7mxgZW8ntIWBShZANiAATawlMGg/dI +5Wr4ifzVvdvQuXzg2YMsY3vSX4GngfzIPf8zqEjwqnsHaBuqAXBe2NEYphLJZUIq +Q7w3GUFXorzl+5tKC4hHUOKtPnkiVMDprCov5+0NoME4hp5F7BQSo3M= +-----END PRIVATE KEY----- + + + +# +# 2048 bit OpenVPN static key +# +-----BEGIN OpenVPN Static key V1----- +e2c3228e2b7b2e06ea31c36d88f0b025 +a43272d29c5e75ce0e0d848a22455f7f +2fbbe2913630194ca637d987b9c9a62d +4e68ce4cb9cc00a13475e749fdbf98c9 +cae6c8c4ef8e5b8bbf6d0cd30c217625 +382064df6f2fba84d572f0b462530549 +462ef72ebdf83b41bb1c25467d516938 +b9b82d3a5a6ba072c5ca7c1ed54500f1 +932f175f377cbf6a9250690eb36cf05b +8d04c22756cb43d787d5c6efbbe78732 +02cdc11cf66cef8ccf0842f6f3de425a +e0c1f29111e7aaf091b97b3958a35066 +94ba9f615b622339e6151314c6ea6014 +518c7ea5e064965985afab9a4bbba63e +80fb88e0ab45db4f734c1650dcd01810 +c201d2efe838b414674643ce2d05fdab +-----END OpenVPN Static key V1----- + diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/akosztolanyi.conf b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/akosztolanyi.conf new file mode 100644 index 0000000..d8f2ecd --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/akosztolanyi.conf @@ -0,0 +1,236 @@ +############################################## +# Sample client-side OpenVPN 2.0 config file # +# for connecting to multi-client server. # +# # +# This configuration can be used by multiple # +# clients, however each client should have # +# its own cert and key files. # +# # +# On Windows, you might want to rename this # +# file so it has a .ovpn extension # +############################################## + +# Specify that we are a client and that we +# will be pulling certain config file directives +# from the server. +client + +# Use the same setting as you are using on +# the server. +# On most systems, the VPN will not function +# unless you partially or fully disable +# the firewall for the TUN/TAP interface. +;dev tap +dev tun + +# Windows needs the TAP-Win32 adapter name +# from the Network Connections panel +# if you have more than one. On XP SP2, +# you may need to disable the firewall +# for the TAP adapter. +;dev-node MyTap + +# Are we connecting to a TCP or +# UDP server? Use the same setting as +# on the server. +;proto tcp +proto udp + +# The hostname/IP and port of the server. +# You can have multiple remote entries +# to load balance between the servers. +remote vpn.userrendszerhaz.hu 1194 + +# Choose a random host from the remote +# list for load-balancing. Otherwise +# try hosts in the order specified. +;remote-random + +# Keep trying indefinitely to resolve the +# host name of the OpenVPN server. Very useful +# on machines which are not permanently connected +# to the internet such as laptops. +resolv-retry infinite + +# Most clients don't need to bind to +# a specific local port number. +nobind + +# Downgrade privileges after initialization (non-Windows only) +user nobody +group nobody + +# Try to preserve some state across restarts. +persist-key +persist-tun + +# If you are connecting through an +# HTTP proxy to reach the actual OpenVPN +# server, put the proxy server/IP and +# port number here. See the man page +# if your proxy server requires +# authentication. +;http-proxy-retry # retry on connection failures +;http-proxy [proxy server] [proxy port #] + +# Wireless networks often produce a lot +# of duplicate packets. Set this flag +# to silence duplicate packet warnings. +;mute-replay-warnings + +# SSL/TLS parms. +# See the server config file for more +# description. It's best to use +# a separate .crt/.key file pair +# for each client. A single ca +# file can be used for all clients. +;ca ca.crt +;cert client.crt +;key client.key + +# Verify server certificate by checking that the +# certicate has the correct key usage set. +# This is an important precaution to protect against +# a potential attack discussed here: +# http://openvpn.net/howto.html#mitm +# +# To use this feature, you will need to generate +# your server certificates with the keyUsage set to +# digitalSignature, keyEncipherment +# and the extendedKeyUsage to +# serverAuth +# EasyRSA can do this for you. +remote-cert-tls server + +# If a tls-auth key is used on the server +# then every client must also have the key. +;tls-auth ta.key 1 +key-direction 1 + +# Select a cryptographic cipher. +# If the cipher option is used on the server +# then you must also specify it here. +# Note that v2.4 client/server will automatically +# negotiate AES-256-GCM in TLS mode. +# See also the ncp-cipher option in the manpage +cipher AES-256-CBC + +# Enable compression on the VPN link. +# Don't enable this unless it is also +# enabled in the server config file. +#comp-lzo + +# Set log file verbosity. +verb 3 + +# Silence repeating messages +;mute 20 + + +-----BEGIN CERTIFICATE----- +MIIB4zCCAWmgAwIBAgIJANzVB7ZWgM/zMAoGCCqGSM49BAMCMBUxEzARBgNVBAMM +Ck9wZW5WUE4gQ0EwHhcNMTcxMDE5MDkyNjQ5WhcNMjcxMDE3MDkyNjQ5WjAVMRMw +EQYDVQQDDApPcGVuVlBOIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEZlRYMkM/ +C1BWwdhulSHhjowAkCXaAN8OUprngryT/qA/0Am+LYQmWdwNdef4ElhSTW4xaKQZ +q4d36p1ygnf3lEKRQSkg2u/5mrTCBw1DEZOgg8CS1z4wTlttYqlido0Jo4GEMIGB +MB0GA1UdDgQWBBQ0+FxfsE+24u9DitmrWHTQVshLzzBFBgNVHSMEPjA8gBQ0+Fxf +sE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJANzV +B7ZWgM/zMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqGSM49BAMCA2gA +MGUCMQCzheSmsBg4AbeGKqnuJ9P/uvgQOZcsgxls63EDhpirHcL/eJFGwpF2xj1p +9AnWZfwCMGO/71WFApKPRJo6rFfpbqt3UG/ht2TKE59f2kXNlhW2DS0Vg4FnFRVa ++ARBv6orZw== +-----END CERTIFICATE----- + + + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 11036 (0x2b1c) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=OpenVPN CA + Validity + Not Before: Oct 19 09:31:11 2017 GMT + Not After : Oct 17 09:31:11 2027 GMT + Subject: CN=akosztolanyi + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:8f:3c:74:2e:5d:d7:90:ac:5c:2f:e8:fe:f3:8a: + 8d:6b:6b:96:98:a7:63:e3:03:42:4c:2b:49:22:a8: + 07:c2:ac:06:89:a8:80:04:26:5e:68:79:a8:b9:84: + 79:3e:da:98:56:15:36:f2:7c:09:f8:41:78:5c:8e: + 2c:de:1b:18:8a:49:4c:8f:fe:ed:95:8f:0f:cb:5b: + e2:64:b1:63:ef:3d:d1:95:49:f1:4e:73:47:a7:11: + 94:1c:36:da:e6:55:cf + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + B1:A3:E4:CB:16:E0:E1:12:E2:70:12:2B:8F:DA:D8:99:D6:63:A4:FC + X509v3 Authority Key Identifier: + keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF + DirName:/CN=OpenVPN CA + serial:DC:D5:07:B6:56:80:CF:F3 + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:66:02:31:00:b7:e6:6c:6c:e6:75:bd:45:00:d2:29:3e:55: + 07:c4:33:b8:50:77:09:1b:d2:9b:1d:4d:48:ed:74:a3:2d:c0: + 99:0a:06:7a:08:b6:c7:41:e0:58:a9:2c:3c:6e:3f:62:a3:02: + 31:00:a9:80:0c:db:0c:c4:7c:79:44:ec:09:a5:2d:02:ef:31: + a7:84:0b:c2:7e:a6:0b:0c:c1:e3:84:d5:35:7f:1d:ac:21:7f: + f0:83:a7:2b:db:d8:06:61:f2:86:ee:1b:6f:1f +-----BEGIN CERTIFICATE----- +MIIB8TCCAXagAwIBAgICKxwwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ +TiBDQTAeFw0xNzEwMTkwOTMxMTFaFw0yNzEwMTcwOTMxMTFaMBcxFTATBgNVBAMM +DGFrb3N6dG9sYW55aTB2MBAGByqGSM49AgEGBSuBBAAiA2IABI88dC5d15CsXC/o +/vOKjWtrlpinY+MDQkwrSSKoB8KsBomogAQmXmh5qLmEeT7amFYVNvJ8CfhBeFyO +LN4bGIpJTI/+7ZWPD8tb4mSxY+890ZVJ8U5zR6cRlBw22uZVz6OBljCBkzAJBgNV +HRMEAjAAMB0GA1UdDgQWBBSxo+TLFuDhEuJwEiuP2tiZ1mOk/DBFBgNVHSMEPjA8 +gBQ0+FxfsE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBD +QYIJANzVB7ZWgM/zMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAK +BggqhkjOPQQDAgNpADBmAjEAt+ZsbOZ1vUUA0ik+VQfEM7hQdwkb0psdTUjtdKMt +wJkKBnoItsdB4FipLDxuP2KjAjEAqYAM2wzEfHlE7AmlLQLvMaeEC8J+pgsMweOE +1TV/Hawhf/CDpyvb2AZh8obuG28f +-----END CERTIFICATE----- + + + +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDAcQQScflm1tSD4BQhX +fWc/SL9jTmJnJC4hHlFyr6u558vkhOn49nOv62bdtGUKQjGhZANiAASPPHQuXdeQ +rFwv6P7zio1ra5aYp2PjA0JMK0kiqAfCrAaJqIAEJl5oeai5hHk+2phWFTbyfAn4 +QXhcjizeGxiKSUyP/u2Vjw/LW+JksWPvPdGVSfFOc0enEZQcNtrmVc8= +-----END PRIVATE KEY----- + + + +# +# 2048 bit OpenVPN static key +# +-----BEGIN OpenVPN Static key V1----- +e2c3228e2b7b2e06ea31c36d88f0b025 +a43272d29c5e75ce0e0d848a22455f7f +2fbbe2913630194ca637d987b9c9a62d +4e68ce4cb9cc00a13475e749fdbf98c9 +cae6c8c4ef8e5b8bbf6d0cd30c217625 +382064df6f2fba84d572f0b462530549 +462ef72ebdf83b41bb1c25467d516938 +b9b82d3a5a6ba072c5ca7c1ed54500f1 +932f175f377cbf6a9250690eb36cf05b +8d04c22756cb43d787d5c6efbbe78732 +02cdc11cf66cef8ccf0842f6f3de425a +e0c1f29111e7aaf091b97b3958a35066 +94ba9f615b622339e6151314c6ea6014 +518c7ea5e064965985afab9a4bbba63e +80fb88e0ab45db4f734c1650dcd01810 +c201d2efe838b414674643ce2d05fdab +-----END OpenVPN Static key V1----- + diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/azsamboki.conf b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/azsamboki.conf new file mode 100644 index 0000000..e6bdca9 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/azsamboki.conf @@ -0,0 +1,236 @@ +############################################## +# Sample client-side OpenVPN 2.0 config file # +# for connecting to multi-client server. # +# # +# This configuration can be used by multiple # +# clients, however each client should have # +# its own cert and key files. # +# # +# On Windows, you might want to rename this # +# file so it has a .ovpn extension # +############################################## + +# Specify that we are a client and that we +# will be pulling certain config file directives +# from the server. +client + +# Use the same setting as you are using on +# the server. +# On most systems, the VPN will not function +# unless you partially or fully disable +# the firewall for the TUN/TAP interface. +;dev tap +dev tun + +# Windows needs the TAP-Win32 adapter name +# from the Network Connections panel +# if you have more than one. On XP SP2, +# you may need to disable the firewall +# for the TAP adapter. +;dev-node MyTap + +# Are we connecting to a TCP or +# UDP server? Use the same setting as +# on the server. +;proto tcp +proto udp + +# The hostname/IP and port of the server. +# You can have multiple remote entries +# to load balance between the servers. +remote vpn.userrendszerhaz.hu 1194 + +# Choose a random host from the remote +# list for load-balancing. Otherwise +# try hosts in the order specified. +;remote-random + +# Keep trying indefinitely to resolve the +# host name of the OpenVPN server. Very useful +# on machines which are not permanently connected +# to the internet such as laptops. +resolv-retry infinite + +# Most clients don't need to bind to +# a specific local port number. +nobind + +# Downgrade privileges after initialization (non-Windows only) +user nobody +group nobody + +# Try to preserve some state across restarts. +persist-key +persist-tun + +# If you are connecting through an +# HTTP proxy to reach the actual OpenVPN +# server, put the proxy server/IP and +# port number here. See the man page +# if your proxy server requires +# authentication. +;http-proxy-retry # retry on connection failures +;http-proxy [proxy server] [proxy port #] + +# Wireless networks often produce a lot +# of duplicate packets. Set this flag +# to silence duplicate packet warnings. +;mute-replay-warnings + +# SSL/TLS parms. +# See the server config file for more +# description. It's best to use +# a separate .crt/.key file pair +# for each client. A single ca +# file can be used for all clients. +;ca ca.crt +;cert client.crt +;key client.key + +# Verify server certificate by checking that the +# certicate has the correct key usage set. +# This is an important precaution to protect against +# a potential attack discussed here: +# http://openvpn.net/howto.html#mitm +# +# To use this feature, you will need to generate +# your server certificates with the keyUsage set to +# digitalSignature, keyEncipherment +# and the extendedKeyUsage to +# serverAuth +# EasyRSA can do this for you. +remote-cert-tls server + +# If a tls-auth key is used on the server +# then every client must also have the key. +;tls-auth ta.key 1 +key-direction 1 + +# Select a cryptographic cipher. +# If the cipher option is used on the server +# then you must also specify it here. +# Note that v2.4 client/server will automatically +# negotiate AES-256-GCM in TLS mode. +# See also the ncp-cipher option in the manpage +cipher AES-256-CBC + +# Enable compression on the VPN link. +# Don't enable this unless it is also +# enabled in the server config file. +#comp-lzo + +# Set log file verbosity. +verb 3 + +# Silence repeating messages +;mute 20 + + +-----BEGIN CERTIFICATE----- +MIIB4zCCAWmgAwIBAgIJANzVB7ZWgM/zMAoGCCqGSM49BAMCMBUxEzARBgNVBAMM +Ck9wZW5WUE4gQ0EwHhcNMTcxMDE5MDkyNjQ5WhcNMjcxMDE3MDkyNjQ5WjAVMRMw +EQYDVQQDDApPcGVuVlBOIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEZlRYMkM/ +C1BWwdhulSHhjowAkCXaAN8OUprngryT/qA/0Am+LYQmWdwNdef4ElhSTW4xaKQZ +q4d36p1ygnf3lEKRQSkg2u/5mrTCBw1DEZOgg8CS1z4wTlttYqlido0Jo4GEMIGB +MB0GA1UdDgQWBBQ0+FxfsE+24u9DitmrWHTQVshLzzBFBgNVHSMEPjA8gBQ0+Fxf +sE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJANzV +B7ZWgM/zMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqGSM49BAMCA2gA +MGUCMQCzheSmsBg4AbeGKqnuJ9P/uvgQOZcsgxls63EDhpirHcL/eJFGwpF2xj1p +9AnWZfwCMGO/71WFApKPRJo6rFfpbqt3UG/ht2TKE59f2kXNlhW2DS0Vg4FnFRVa ++ARBv6orZw== +-----END CERTIFICATE----- + + + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 11427 (0x2ca3) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=OpenVPN CA + Validity + Not Before: Oct 19 09:31:22 2017 GMT + Not After : Oct 17 09:31:22 2027 GMT + Subject: CN=azsamboki + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:37:66:66:c1:b8:90:03:80:8d:75:22:db:61:2e: + 72:0e:78:04:91:9d:da:99:39:1d:89:0b:0e:34:90: + 06:0d:3d:8c:25:2f:fc:56:75:bc:85:ab:24:54:14: + f4:27:39:49:10:11:80:4a:07:7b:72:ed:79:8d:95: + 34:e3:07:13:3b:da:51:eb:8a:b5:77:b6:71:e4:97: + e6:05:4f:27:3e:0a:c1:f6:1f:ff:bf:a4:5e:43:ca: + bc:42:fd:3f:49:c3:5b + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + DE:CA:E6:F5:11:A9:62:D9:9C:93:4A:B3:2B:A4:9B:31:B1:1E:66:61 + X509v3 Authority Key Identifier: + keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF + DirName:/CN=OpenVPN CA + serial:DC:D5:07:B6:56:80:CF:F3 + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:66:02:31:00:cb:c2:a4:ad:cd:f0:de:75:3b:7e:bb:c8:c1: + 45:2a:bf:01:8e:83:b7:7b:15:98:7d:21:2c:86:83:bb:2d:21: + f6:be:b8:0d:fb:91:d2:57:fb:21:e4:6c:4f:90:b8:29:eb:02: + 31:00:f2:98:41:ca:42:df:94:78:e5:c7:9e:93:fc:e4:f2:5f: + cc:5d:5d:e9:f8:97:84:1a:78:15:90:04:06:99:77:9b:dd:3c: + 3a:93:55:d0:2b:f6:59:80:ae:c7:1d:85:32:61 +-----BEGIN CERTIFICATE----- +MIIB7jCCAXOgAwIBAgICLKMwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ +TiBDQTAeFw0xNzEwMTkwOTMxMjJaFw0yNzEwMTcwOTMxMjJaMBQxEjAQBgNVBAMM +CWF6c2FtYm9raTB2MBAGByqGSM49AgEGBSuBBAAiA2IABDdmZsG4kAOAjXUi22Eu +cg54BJGd2pk5HYkLDjSQBg09jCUv/FZ1vIWrJFQU9Cc5SRARgEoHe3LteY2VNOMH +EzvaUeuKtXe2ceSX5gVPJz4KwfYf/7+kXkPKvEL9P0nDW6OBljCBkzAJBgNVHRME +AjAAMB0GA1UdDgQWBBTeyub1Eali2ZyTSrMrpJsxsR5mYTBFBgNVHSMEPjA8gBQ0 ++FxfsE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJ +ANzVB7ZWgM/zMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAKBggq +hkjOPQQDAgNpADBmAjEAy8Kkrc3w3nU7frvIwUUqvwGOg7d7FZh9ISyGg7stIfa+ +uA37kdJX+yHkbE+QuCnrAjEA8phBykLflHjlx56T/OTyX8xdXen4l4QaeBWQBAaZ +d5vdPDqTVdAr9lmArscdhTJh +-----END CERTIFICATE----- + + + +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDArFkY/hBHoHVjQTRyX +IrGy0dove2XopHBruMLhyoCeALqMVf71yMiC5ULPfcHa832hZANiAAQ3ZmbBuJAD +gI11ItthLnIOeASRndqZOR2JCw40kAYNPYwlL/xWdbyFqyRUFPQnOUkQEYBKB3ty +7XmNlTTjBxM72lHrirV3tnHkl+YFTyc+CsH2H/+/pF5DyrxC/T9Jw1s= +-----END PRIVATE KEY----- + + + +# +# 2048 bit OpenVPN static key +# +-----BEGIN OpenVPN Static key V1----- +e2c3228e2b7b2e06ea31c36d88f0b025 +a43272d29c5e75ce0e0d848a22455f7f +2fbbe2913630194ca637d987b9c9a62d +4e68ce4cb9cc00a13475e749fdbf98c9 +cae6c8c4ef8e5b8bbf6d0cd30c217625 +382064df6f2fba84d572f0b462530549 +462ef72ebdf83b41bb1c25467d516938 +b9b82d3a5a6ba072c5ca7c1ed54500f1 +932f175f377cbf6a9250690eb36cf05b +8d04c22756cb43d787d5c6efbbe78732 +02cdc11cf66cef8ccf0842f6f3de425a +e0c1f29111e7aaf091b97b3958a35066 +94ba9f615b622339e6151314c6ea6014 +518c7ea5e064965985afab9a4bbba63e +80fb88e0ab45db4f734c1650dcd01810 +c201d2efe838b414674643ce2d05fdab +-----END OpenVPN Static key V1----- + diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/client.conf.template b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/client.conf.template new file mode 100644 index 0000000..0498910 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/client.conf.template @@ -0,0 +1,127 @@ +############################################## +# Sample client-side OpenVPN 2.0 config file # +# for connecting to multi-client server. # +# # +# This configuration can be used by multiple # +# clients, however each client should have # +# its own cert and key files. # +# # +# On Windows, you might want to rename this # +# file so it has a .ovpn extension # +############################################## + +# Specify that we are a client and that we +# will be pulling certain config file directives +# from the server. +client + +# Use the same setting as you are using on +# the server. +# On most systems, the VPN will not function +# unless you partially or fully disable +# the firewall for the TUN/TAP interface. +;dev tap +dev tun + +# Windows needs the TAP-Win32 adapter name +# from the Network Connections panel +# if you have more than one. On XP SP2, +# you may need to disable the firewall +# for the TAP adapter. +;dev-node MyTap + +# Are we connecting to a TCP or +# UDP server? Use the same setting as +# on the server. +;proto tcp +proto udp + +# The hostname/IP and port of the server. +# You can have multiple remote entries +# to load balance between the servers. +remote vpn.userrendszerhaz.hu 1194 + +# Choose a random host from the remote +# list for load-balancing. Otherwise +# try hosts in the order specified. +;remote-random + +# Keep trying indefinitely to resolve the +# host name of the OpenVPN server. Very useful +# on machines which are not permanently connected +# to the internet such as laptops. +resolv-retry infinite + +# Most clients don't need to bind to +# a specific local port number. +nobind + +# Downgrade privileges after initialization (non-Windows only) +user nobody +group nobody + +# Try to preserve some state across restarts. +persist-key +persist-tun + +# If you are connecting through an +# HTTP proxy to reach the actual OpenVPN +# server, put the proxy server/IP and +# port number here. See the man page +# if your proxy server requires +# authentication. +;http-proxy-retry # retry on connection failures +;http-proxy [proxy server] [proxy port #] + +# Wireless networks often produce a lot +# of duplicate packets. Set this flag +# to silence duplicate packet warnings. +;mute-replay-warnings + +# SSL/TLS parms. +# See the server config file for more +# description. It's best to use +# a separate .crt/.key file pair +# for each client. A single ca +# file can be used for all clients. +;ca ca.crt +;cert client.crt +;key client.key + +# Verify server certificate by checking that the +# certicate has the correct key usage set. +# This is an important precaution to protect against +# a potential attack discussed here: +# http://openvpn.net/howto.html#mitm +# +# To use this feature, you will need to generate +# your server certificates with the keyUsage set to +# digitalSignature, keyEncipherment +# and the extendedKeyUsage to +# serverAuth +# EasyRSA can do this for you. +remote-cert-tls server + +# If a tls-auth key is used on the server +# then every client must also have the key. +;tls-auth ta.key 1 +key-direction 1 + +# Select a cryptographic cipher. +# If the cipher option is used on the server +# then you must also specify it here. +# Note that v2.4 client/server will automatically +# negotiate AES-256-GCM in TLS mode. +# See also the ncp-cipher option in the manpage +cipher AES-256-CBC + +# Enable compression on the VPN link. +# Don't enable this unless it is also +# enabled in the server config file. +#comp-lzo + +# Set log file verbosity. +verb 3 + +# Silence repeating messages +;mute 20 diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/csgulyas.conf b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/csgulyas.conf new file mode 100644 index 0000000..f88083d --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/csgulyas.conf @@ -0,0 +1,236 @@ +############################################## +# Sample client-side OpenVPN 2.0 config file # +# for connecting to multi-client server. # +# # +# This configuration can be used by multiple # +# clients, however each client should have # +# its own cert and key files. # +# # +# On Windows, you might want to rename this # +# file so it has a .ovpn extension # +############################################## + +# Specify that we are a client and that we +# will be pulling certain config file directives +# from the server. +client + +# Use the same setting as you are using on +# the server. +# On most systems, the VPN will not function +# unless you partially or fully disable +# the firewall for the TUN/TAP interface. +;dev tap +dev tun + +# Windows needs the TAP-Win32 adapter name +# from the Network Connections panel +# if you have more than one. On XP SP2, +# you may need to disable the firewall +# for the TAP adapter. +;dev-node MyTap + +# Are we connecting to a TCP or +# UDP server? Use the same setting as +# on the server. +;proto tcp +proto udp + +# The hostname/IP and port of the server. +# You can have multiple remote entries +# to load balance between the servers. +remote vpn.userrendszerhaz.hu 1194 + +# Choose a random host from the remote +# list for load-balancing. Otherwise +# try hosts in the order specified. +;remote-random + +# Keep trying indefinitely to resolve the +# host name of the OpenVPN server. Very useful +# on machines which are not permanently connected +# to the internet such as laptops. +resolv-retry infinite + +# Most clients don't need to bind to +# a specific local port number. +nobind + +# Downgrade privileges after initialization (non-Windows only) +user nobody +group nobody + +# Try to preserve some state across restarts. +persist-key +persist-tun + +# If you are connecting through an +# HTTP proxy to reach the actual OpenVPN +# server, put the proxy server/IP and +# port number here. See the man page +# if your proxy server requires +# authentication. +;http-proxy-retry # retry on connection failures +;http-proxy [proxy server] [proxy port #] + +# Wireless networks often produce a lot +# of duplicate packets. Set this flag +# to silence duplicate packet warnings. +;mute-replay-warnings + +# SSL/TLS parms. +# See the server config file for more +# description. It's best to use +# a separate .crt/.key file pair +# for each client. A single ca +# file can be used for all clients. +;ca ca.crt +;cert client.crt +;key client.key + +# Verify server certificate by checking that the +# certicate has the correct key usage set. +# This is an important precaution to protect against +# a potential attack discussed here: +# http://openvpn.net/howto.html#mitm +# +# To use this feature, you will need to generate +# your server certificates with the keyUsage set to +# digitalSignature, keyEncipherment +# and the extendedKeyUsage to +# serverAuth +# EasyRSA can do this for you. +remote-cert-tls server + +# If a tls-auth key is used on the server +# then every client must also have the key. +;tls-auth ta.key 1 +key-direction 1 + +# Select a cryptographic cipher. +# If the cipher option is used on the server +# then you must also specify it here. +# Note that v2.4 client/server will automatically +# negotiate AES-256-GCM in TLS mode. +# See also the ncp-cipher option in the manpage +cipher AES-256-CBC + +# Enable compression on the VPN link. +# Don't enable this unless it is also +# enabled in the server config file. +#comp-lzo + +# Set log file verbosity. +verb 3 + +# Silence repeating messages +;mute 20 + + +-----BEGIN CERTIFICATE----- +MIIB4zCCAWmgAwIBAgIJANzVB7ZWgM/zMAoGCCqGSM49BAMCMBUxEzARBgNVBAMM +Ck9wZW5WUE4gQ0EwHhcNMTcxMDE5MDkyNjQ5WhcNMjcxMDE3MDkyNjQ5WjAVMRMw +EQYDVQQDDApPcGVuVlBOIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEZlRYMkM/ +C1BWwdhulSHhjowAkCXaAN8OUprngryT/qA/0Am+LYQmWdwNdef4ElhSTW4xaKQZ +q4d36p1ygnf3lEKRQSkg2u/5mrTCBw1DEZOgg8CS1z4wTlttYqlido0Jo4GEMIGB +MB0GA1UdDgQWBBQ0+FxfsE+24u9DitmrWHTQVshLzzBFBgNVHSMEPjA8gBQ0+Fxf +sE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJANzV +B7ZWgM/zMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqGSM49BAMCA2gA +MGUCMQCzheSmsBg4AbeGKqnuJ9P/uvgQOZcsgxls63EDhpirHcL/eJFGwpF2xj1p +9AnWZfwCMGO/71WFApKPRJo6rFfpbqt3UG/ht2TKE59f2kXNlhW2DS0Vg4FnFRVa ++ARBv6orZw== +-----END CERTIFICATE----- + + + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 12239 (0x2fcf) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=OpenVPN CA + Validity + Not Before: Oct 19 09:31:36 2017 GMT + Not After : Oct 17 09:31:36 2027 GMT + Subject: CN=csgulyas + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:f2:18:09:ae:cd:31:69:80:cf:9b:ca:1b:ff:67: + d8:40:61:dc:48:60:b5:19:f9:40:aa:0b:92:0b:2b: + d9:7c:1f:01:23:cd:7a:62:51:0a:6a:57:18:49:dd: + d3:6b:71:48:4e:31:69:7c:56:b9:68:ed:a4:e8:a7: + cb:bb:6c:f8:95:f4:76:64:07:14:8f:4f:04:e9:26: + a2:74:46:a5:10:77:67:18:28:9c:8d:29:10:f7:7f: + 92:b2:83:75:19:8d:74 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 23:BC:13:C4:79:E6:B1:98:F7:D3:0D:AB:BB:B2:7F:C6:08:19:D5:15 + X509v3 Authority Key Identifier: + keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF + DirName:/CN=OpenVPN CA + serial:DC:D5:07:B6:56:80:CF:F3 + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:66:02:31:00:d9:f1:2c:76:09:e3:5b:ed:20:3a:a7:47:48: + b8:55:d1:eb:37:51:3a:9f:33:48:03:c3:ec:82:9b:72:d5:94: + 24:58:7d:55:34:69:68:86:f4:57:85:1b:91:a5:57:c1:fb:02: + 31:00:f3:8f:50:60:25:14:b9:48:73:a8:d0:a0:ee:b1:a4:f9: + a3:6f:a8:29:d1:8c:fe:d0:be:7d:2f:67:e7:9d:02:85:ac:54: + d4:da:0f:68:85:53:04:7a:9c:14:28:91:7b:c3 +-----BEGIN CERTIFICATE----- +MIIB7TCCAXKgAwIBAgICL88wCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ +TiBDQTAeFw0xNzEwMTkwOTMxMzZaFw0yNzEwMTcwOTMxMzZaMBMxETAPBgNVBAMM +CGNzZ3VseWFzMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8hgJrs0xaYDPm8ob/2fY +QGHcSGC1GflAqguSCyvZfB8BI816YlEKalcYSd3Ta3FITjFpfFa5aO2k6KfLu2z4 +lfR2ZAcUj08E6SaidEalEHdnGCicjSkQ93+SsoN1GY10o4GWMIGTMAkGA1UdEwQC +MAAwHQYDVR0OBBYEFCO8E8R55rGY99MNq7uyf8YIGdUVMEUGA1UdIwQ+MDyAFDT4 +XF+wT7bi70OK2atYdNBWyEvPoRmkFzAVMRMwEQYDVQQDDApPcGVuVlBOIENBggkA +3NUHtlaAz/MwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqG +SM49BAMCA2kAMGYCMQDZ8Sx2CeNb7SA6p0dIuFXR6zdROp8zSAPD7IKbctWUJFh9 +VTRpaIb0V4UbkaVXwfsCMQDzj1BgJRS5SHOo0KDusaT5o2+oKdGM/tC+fS9n550C +haxU1NoPaIVTBHqcFCiRe8M= +-----END CERTIFICATE----- + + + +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDCsHP52L0UObr9/psSM +ua2cxeyl2m92YG5GgOAml76NIMUFfeFQgqGSW1slknJISZqhZANiAATyGAmuzTFp +gM+byhv/Z9hAYdxIYLUZ+UCqC5ILK9l8HwEjzXpiUQpqVxhJ3dNrcUhOMWl8Vrlo +7aTop8u7bPiV9HZkBxSPTwTpJqJ0RqUQd2cYKJyNKRD3f5Kyg3UZjXQ= +-----END PRIVATE KEY----- + + + +# +# 2048 bit OpenVPN static key +# +-----BEGIN OpenVPN Static key V1----- +e2c3228e2b7b2e06ea31c36d88f0b025 +a43272d29c5e75ce0e0d848a22455f7f +2fbbe2913630194ca637d987b9c9a62d +4e68ce4cb9cc00a13475e749fdbf98c9 +cae6c8c4ef8e5b8bbf6d0cd30c217625 +382064df6f2fba84d572f0b462530549 +462ef72ebdf83b41bb1c25467d516938 +b9b82d3a5a6ba072c5ca7c1ed54500f1 +932f175f377cbf6a9250690eb36cf05b +8d04c22756cb43d787d5c6efbbe78732 +02cdc11cf66cef8ccf0842f6f3de425a +e0c1f29111e7aaf091b97b3958a35066 +94ba9f615b622339e6151314c6ea6014 +518c7ea5e064965985afab9a4bbba63e +80fb88e0ab45db4f734c1650dcd01810 +c201d2efe838b414674643ce2d05fdab +-----END OpenVPN Static key V1----- + diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/dvasary.conf b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/dvasary.conf new file mode 100644 index 0000000..29ab656 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/dvasary.conf @@ -0,0 +1,236 @@ +############################################## +# Sample client-side OpenVPN 2.0 config file # +# for connecting to multi-client server. # +# # +# This configuration can be used by multiple # +# clients, however each client should have # +# its own cert and key files. # +# # +# On Windows, you might want to rename this # +# file so it has a .ovpn extension # +############################################## + +# Specify that we are a client and that we +# will be pulling certain config file directives +# from the server. +client + +# Use the same setting as you are using on +# the server. +# On most systems, the VPN will not function +# unless you partially or fully disable +# the firewall for the TUN/TAP interface. +;dev tap +dev tun + +# Windows needs the TAP-Win32 adapter name +# from the Network Connections panel +# if you have more than one. On XP SP2, +# you may need to disable the firewall +# for the TAP adapter. +;dev-node MyTap + +# Are we connecting to a TCP or +# UDP server? Use the same setting as +# on the server. +;proto tcp +proto udp + +# The hostname/IP and port of the server. +# You can have multiple remote entries +# to load balance between the servers. +remote vpn.userrendszerhaz.hu 1194 + +# Choose a random host from the remote +# list for load-balancing. Otherwise +# try hosts in the order specified. +;remote-random + +# Keep trying indefinitely to resolve the +# host name of the OpenVPN server. Very useful +# on machines which are not permanently connected +# to the internet such as laptops. +resolv-retry infinite + +# Most clients don't need to bind to +# a specific local port number. +nobind + +# Downgrade privileges after initialization (non-Windows only) +user nobody +group nobody + +# Try to preserve some state across restarts. +persist-key +persist-tun + +# If you are connecting through an +# HTTP proxy to reach the actual OpenVPN +# server, put the proxy server/IP and +# port number here. See the man page +# if your proxy server requires +# authentication. +;http-proxy-retry # retry on connection failures +;http-proxy [proxy server] [proxy port #] + +# Wireless networks often produce a lot +# of duplicate packets. Set this flag +# to silence duplicate packet warnings. +;mute-replay-warnings + +# SSL/TLS parms. +# See the server config file for more +# description. It's best to use +# a separate .crt/.key file pair +# for each client. A single ca +# file can be used for all clients. +;ca ca.crt +;cert client.crt +;key client.key + +# Verify server certificate by checking that the +# certicate has the correct key usage set. +# This is an important precaution to protect against +# a potential attack discussed here: +# http://openvpn.net/howto.html#mitm +# +# To use this feature, you will need to generate +# your server certificates with the keyUsage set to +# digitalSignature, keyEncipherment +# and the extendedKeyUsage to +# serverAuth +# EasyRSA can do this for you. +remote-cert-tls server + +# If a tls-auth key is used on the server +# then every client must also have the key. +;tls-auth ta.key 1 +key-direction 1 + +# Select a cryptographic cipher. +# If the cipher option is used on the server +# then you must also specify it here. +# Note that v2.4 client/server will automatically +# negotiate AES-256-GCM in TLS mode. +# See also the ncp-cipher option in the manpage +cipher AES-256-CBC + +# Enable compression on the VPN link. +# Don't enable this unless it is also +# enabled in the server config file. +#comp-lzo + +# Set log file verbosity. +verb 3 + +# Silence repeating messages +;mute 20 + + +-----BEGIN CERTIFICATE----- +MIIB4zCCAWmgAwIBAgIJANzVB7ZWgM/zMAoGCCqGSM49BAMCMBUxEzARBgNVBAMM +Ck9wZW5WUE4gQ0EwHhcNMTcxMDE5MDkyNjQ5WhcNMjcxMDE3MDkyNjQ5WjAVMRMw +EQYDVQQDDApPcGVuVlBOIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEZlRYMkM/ +C1BWwdhulSHhjowAkCXaAN8OUprngryT/qA/0Am+LYQmWdwNdef4ElhSTW4xaKQZ +q4d36p1ygnf3lEKRQSkg2u/5mrTCBw1DEZOgg8CS1z4wTlttYqlido0Jo4GEMIGB +MB0GA1UdDgQWBBQ0+FxfsE+24u9DitmrWHTQVshLzzBFBgNVHSMEPjA8gBQ0+Fxf +sE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJANzV +B7ZWgM/zMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqGSM49BAMCA2gA +MGUCMQCzheSmsBg4AbeGKqnuJ9P/uvgQOZcsgxls63EDhpirHcL/eJFGwpF2xj1p +9AnWZfwCMGO/71WFApKPRJo6rFfpbqt3UG/ht2TKE59f2kXNlhW2DS0Vg4FnFRVa ++ARBv6orZw== +-----END CERTIFICATE----- + + + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 12383 (0x305f) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=OpenVPN CA + Validity + Not Before: Oct 19 09:31:47 2017 GMT + Not After : Oct 17 09:31:47 2027 GMT + Subject: CN=dvasary + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:e6:2e:65:84:8a:05:e7:d2:32:6b:85:20:26:cd: + 0d:dc:a2:e6:cc:23:36:f4:33:7b:f0:6c:0d:a0:8d: + f8:0c:13:77:57:f7:6e:02:b7:1a:35:b0:ee:31:26: + 0d:57:31:df:11:fa:15:73:bd:d3:3e:e6:bc:97:9b: + 5e:da:41:b0:36:a2:95:98:3b:a6:4e:f5:18:8c:9e: + ff:26:8f:3e:00:93:b0:14:84:4d:43:f0:01:fa:95: + 6d:32:f2:41:0e:4f:5e + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + CD:19:31:60:F7:8A:AB:3D:A9:4F:C8:83:0D:B0:5A:D0:EB:69:44:4B + X509v3 Authority Key Identifier: + keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF + DirName:/CN=OpenVPN CA + serial:DC:D5:07:B6:56:80:CF:F3 + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:31:00:c8:72:bd:64:1d:57:d1:87:d9:1c:ef:e9:4f: + 7a:c9:b5:80:58:fb:ff:47:50:43:13:eb:80:4d:ab:ab:d6:9b: + 90:65:ae:58:88:43:da:3a:56:ba:ea:24:c0:03:42:a6:b1:02: + 30:22:fa:c5:a0:7d:b7:97:54:5a:e7:65:25:6a:02:f8:53:99: + 08:64:5e:a9:70:27:84:b0:03:df:d1:39:c9:9a:b7:ca:be:60: + d5:45:22:18:a7:ca:da:56:bd:15:d5:30:66 +-----BEGIN CERTIFICATE----- +MIIB6zCCAXGgAwIBAgICMF8wCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ +TiBDQTAeFw0xNzEwMTkwOTMxNDdaFw0yNzEwMTcwOTMxNDdaMBIxEDAOBgNVBAMM +B2R2YXNhcnkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATmLmWEigXn0jJrhSAmzQ3c +oubMIzb0M3vwbA2gjfgME3dX924Ctxo1sO4xJg1XMd8R+hVzvdM+5ryXm17aQbA2 +opWYO6ZO9RiMnv8mjz4Ak7AUhE1D8AH6lW0y8kEOT16jgZYwgZMwCQYDVR0TBAIw +ADAdBgNVHQ4EFgQUzRkxYPeKqz2pT8iDDbBa0OtpREswRQYDVR0jBD4wPIAUNPhc +X7BPtuLvQ4rZq1h00FbIS8+hGaQXMBUxEzARBgNVBAMMCk9wZW5WUE4gQ0GCCQDc +1Qe2VoDP8zATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZI +zj0EAwIDaAAwZQIxAMhyvWQdV9GH2Rzv6U96ybWAWPv/R1BDE+uATaur1puQZa5Y +iEPaOla66iTAA0KmsQIwIvrFoH23l1Ra52UlagL4U5kIZF6pcCeEsAPf0TnJmrfK +vmDVRSIYp8raVr0V1TBm +-----END CERTIFICATE----- + + + +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDARoRvzkpzAcOI8m67x +hCTeRoMbGd40xLhjrm+wAufAwpw3qqJe/LHNP12sOuEHbGihZANiAATmLmWEigXn +0jJrhSAmzQ3coubMIzb0M3vwbA2gjfgME3dX924Ctxo1sO4xJg1XMd8R+hVzvdM+ +5ryXm17aQbA2opWYO6ZO9RiMnv8mjz4Ak7AUhE1D8AH6lW0y8kEOT14= +-----END PRIVATE KEY----- + + + +# +# 2048 bit OpenVPN static key +# +-----BEGIN OpenVPN Static key V1----- +e2c3228e2b7b2e06ea31c36d88f0b025 +a43272d29c5e75ce0e0d848a22455f7f +2fbbe2913630194ca637d987b9c9a62d +4e68ce4cb9cc00a13475e749fdbf98c9 +cae6c8c4ef8e5b8bbf6d0cd30c217625 +382064df6f2fba84d572f0b462530549 +462ef72ebdf83b41bb1c25467d516938 +b9b82d3a5a6ba072c5ca7c1ed54500f1 +932f175f377cbf6a9250690eb36cf05b +8d04c22756cb43d787d5c6efbbe78732 +02cdc11cf66cef8ccf0842f6f3de425a +e0c1f29111e7aaf091b97b3958a35066 +94ba9f615b622339e6151314c6ea6014 +518c7ea5e064965985afab9a4bbba63e +80fb88e0ab45db4f734c1650dcd01810 +c201d2efe838b414674643ce2d05fdab +-----END OpenVPN Static key V1----- + diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/fritter.conf b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/fritter.conf new file mode 100644 index 0000000..28664ea --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/fritter.conf @@ -0,0 +1,236 @@ +############################################## +# Sample client-side OpenVPN 2.0 config file # +# for connecting to multi-client server. # +# # +# This configuration can be used by multiple # +# clients, however each client should have # +# its own cert and key files. # +# # +# On Windows, you might want to rename this # +# file so it has a .ovpn extension # +############################################## + +# Specify that we are a client and that we +# will be pulling certain config file directives +# from the server. +client + +# Use the same setting as you are using on +# the server. +# On most systems, the VPN will not function +# unless you partially or fully disable +# the firewall for the TUN/TAP interface. +;dev tap +dev tun + +# Windows needs the TAP-Win32 adapter name +# from the Network Connections panel +# if you have more than one. On XP SP2, +# you may need to disable the firewall +# for the TAP adapter. +;dev-node MyTap + +# Are we connecting to a TCP or +# UDP server? Use the same setting as +# on the server. +;proto tcp +proto udp + +# The hostname/IP and port of the server. +# You can have multiple remote entries +# to load balance between the servers. +remote vpn.userrendszerhaz.hu 1194 + +# Choose a random host from the remote +# list for load-balancing. Otherwise +# try hosts in the order specified. +;remote-random + +# Keep trying indefinitely to resolve the +# host name of the OpenVPN server. Very useful +# on machines which are not permanently connected +# to the internet such as laptops. +resolv-retry infinite + +# Most clients don't need to bind to +# a specific local port number. +nobind + +# Downgrade privileges after initialization (non-Windows only) +user nobody +group nobody + +# Try to preserve some state across restarts. +persist-key +persist-tun + +# If you are connecting through an +# HTTP proxy to reach the actual OpenVPN +# server, put the proxy server/IP and +# port number here. See the man page +# if your proxy server requires +# authentication. +;http-proxy-retry # retry on connection failures +;http-proxy [proxy server] [proxy port #] + +# Wireless networks often produce a lot +# of duplicate packets. Set this flag +# to silence duplicate packet warnings. +;mute-replay-warnings + +# SSL/TLS parms. +# See the server config file for more +# description. It's best to use +# a separate .crt/.key file pair +# for each client. A single ca +# file can be used for all clients. +;ca ca.crt +;cert client.crt +;key client.key + +# Verify server certificate by checking that the +# certicate has the correct key usage set. +# This is an important precaution to protect against +# a potential attack discussed here: +# http://openvpn.net/howto.html#mitm +# +# To use this feature, you will need to generate +# your server certificates with the keyUsage set to +# digitalSignature, keyEncipherment +# and the extendedKeyUsage to +# serverAuth +# EasyRSA can do this for you. +remote-cert-tls server + +# If a tls-auth key is used on the server +# then every client must also have the key. +;tls-auth ta.key 1 +key-direction 1 + +# Select a cryptographic cipher. +# If the cipher option is used on the server +# then you must also specify it here. +# Note that v2.4 client/server will automatically +# negotiate AES-256-GCM in TLS mode. +# See also the ncp-cipher option in the manpage +cipher AES-256-CBC + +# Enable compression on the VPN link. +# Don't enable this unless it is also +# enabled in the server config file. +#comp-lzo + +# Set log file verbosity. +verb 3 + +# Silence repeating messages +;mute 20 + + +-----BEGIN CERTIFICATE----- +MIIB4zCCAWmgAwIBAgIJANzVB7ZWgM/zMAoGCCqGSM49BAMCMBUxEzARBgNVBAMM +Ck9wZW5WUE4gQ0EwHhcNMTcxMDE5MDkyNjQ5WhcNMjcxMDE3MDkyNjQ5WjAVMRMw +EQYDVQQDDApPcGVuVlBOIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEZlRYMkM/ +C1BWwdhulSHhjowAkCXaAN8OUprngryT/qA/0Am+LYQmWdwNdef4ElhSTW4xaKQZ +q4d36p1ygnf3lEKRQSkg2u/5mrTCBw1DEZOgg8CS1z4wTlttYqlido0Jo4GEMIGB +MB0GA1UdDgQWBBQ0+FxfsE+24u9DitmrWHTQVshLzzBFBgNVHSMEPjA8gBQ0+Fxf +sE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJANzV +B7ZWgM/zMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqGSM49BAMCA2gA +MGUCMQCzheSmsBg4AbeGKqnuJ9P/uvgQOZcsgxls63EDhpirHcL/eJFGwpF2xj1p +9AnWZfwCMGO/71WFApKPRJo6rFfpbqt3UG/ht2TKE59f2kXNlhW2DS0Vg4FnFRVa ++ARBv6orZw== +-----END CERTIFICATE----- + + + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 13116 (0x333c) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=OpenVPN CA + Validity + Not Before: Oct 19 09:32:00 2017 GMT + Not After : Oct 17 09:32:00 2027 GMT + Subject: CN=fritter + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:2c:40:ec:81:89:ad:1b:ae:c8:1c:3e:5d:62:2f: + 5e:27:33:d2:42:ba:b9:6c:38:34:ea:90:d6:dd:10: + e6:b3:19:f5:02:4a:fe:8c:b4:77:cf:6f:c5:ab:81: + 82:88:3c:4e:9b:82:c3:22:c2:1f:c8:c7:53:af:18: + f9:9b:92:cf:18:51:8f:95:67:6b:04:9f:f4:95:b8: + 8b:1a:6a:d4:4c:23:c5:33:46:20:d2:e5:15:bf:bd: + af:1c:68:44:98:85:82 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + F6:A5:72:FC:DA:1E:8B:69:98:1A:0E:1E:21:31:3F:A3:CD:57:59:D2 + X509v3 Authority Key Identifier: + keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF + DirName:/CN=OpenVPN CA + serial:DC:D5:07:B6:56:80:CF:F3 + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:31:00:ce:de:f9:f5:30:65:f1:0c:19:dd:a5:8d:42: + e7:b5:5b:66:96:45:7f:d2:00:de:d2:9f:7a:7d:cc:0a:a8:6e: + 0e:ce:f3:1a:4e:1e:33:50:48:9c:84:d4:47:47:d8:81:98:02: + 30:0b:13:67:f6:2a:d8:0d:86:2b:15:18:e5:41:f3:dc:3b:1c: + 15:a4:09:a6:82:03:d5:16:7e:4b:6b:0b:51:70:1a:01:92:e1: + 4f:61:58:1b:ed:b8:d9:17:90:78:70:85:bc +-----BEGIN CERTIFICATE----- +MIIB6zCCAXGgAwIBAgICMzwwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ +TiBDQTAeFw0xNzEwMTkwOTMyMDBaFw0yNzEwMTcwOTMyMDBaMBIxEDAOBgNVBAMM +B2ZyaXR0ZXIwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQsQOyBia0brsgcPl1iL14n +M9JCurlsODTqkNbdEOazGfUCSv6MtHfPb8WrgYKIPE6bgsMiwh/Ix1OvGPmbks8Y +UY+VZ2sEn/SVuIsaatRMI8UzRiDS5RW/va8caESYhYKjgZYwgZMwCQYDVR0TBAIw +ADAdBgNVHQ4EFgQU9qVy/Noei2mYGg4eITE/o81XWdIwRQYDVR0jBD4wPIAUNPhc +X7BPtuLvQ4rZq1h00FbIS8+hGaQXMBUxEzARBgNVBAMMCk9wZW5WUE4gQ0GCCQDc +1Qe2VoDP8zATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZI +zj0EAwIDaAAwZQIxAM7e+fUwZfEMGd2ljULntVtmlkV/0gDe0p96fcwKqG4OzvMa +Th4zUEichNRHR9iBmAIwCxNn9irYDYYrFRjlQfPcOxwVpAmmggPVFn5LawtRcBoB +kuFPYVgb7bjZF5B4cIW8 +-----END CERTIFICATE----- + + + +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDATa0Ldyit4RAnORuqq +C4y/tAt7nJCaZkGnOsL7NE2V2iKSNyfQ0cH3go0Rb9db/i6hZANiAAQsQOyBia0b +rsgcPl1iL14nM9JCurlsODTqkNbdEOazGfUCSv6MtHfPb8WrgYKIPE6bgsMiwh/I +x1OvGPmbks8YUY+VZ2sEn/SVuIsaatRMI8UzRiDS5RW/va8caESYhYI= +-----END PRIVATE KEY----- + + + +# +# 2048 bit OpenVPN static key +# +-----BEGIN OpenVPN Static key V1----- +e2c3228e2b7b2e06ea31c36d88f0b025 +a43272d29c5e75ce0e0d848a22455f7f +2fbbe2913630194ca637d987b9c9a62d +4e68ce4cb9cc00a13475e749fdbf98c9 +cae6c8c4ef8e5b8bbf6d0cd30c217625 +382064df6f2fba84d572f0b462530549 +462ef72ebdf83b41bb1c25467d516938 +b9b82d3a5a6ba072c5ca7c1ed54500f1 +932f175f377cbf6a9250690eb36cf05b +8d04c22756cb43d787d5c6efbbe78732 +02cdc11cf66cef8ccf0842f6f3de425a +e0c1f29111e7aaf091b97b3958a35066 +94ba9f615b622339e6151314c6ea6014 +518c7ea5e064965985afab9a4bbba63e +80fb88e0ab45db4f734c1650dcd01810 +c201d2efe838b414674643ce2d05fdab +-----END OpenVPN Static key V1----- + diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/fschnell.conf b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/fschnell.conf new file mode 100644 index 0000000..a24a06b --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/fschnell.conf @@ -0,0 +1,236 @@ +############################################## +# Sample client-side OpenVPN 2.0 config file # +# for connecting to multi-client server. # +# # +# This configuration can be used by multiple # +# clients, however each client should have # +# its own cert and key files. # +# # +# On Windows, you might want to rename this # +# file so it has a .ovpn extension # +############################################## + +# Specify that we are a client and that we +# will be pulling certain config file directives +# from the server. +client + +# Use the same setting as you are using on +# the server. +# On most systems, the VPN will not function +# unless you partially or fully disable +# the firewall for the TUN/TAP interface. +;dev tap +dev tun + +# Windows needs the TAP-Win32 adapter name +# from the Network Connections panel +# if you have more than one. On XP SP2, +# you may need to disable the firewall +# for the TAP adapter. +;dev-node MyTap + +# Are we connecting to a TCP or +# UDP server? Use the same setting as +# on the server. +;proto tcp +proto udp + +# The hostname/IP and port of the server. +# You can have multiple remote entries +# to load balance between the servers. +remote vpn.userrendszerhaz.hu 1194 + +# Choose a random host from the remote +# list for load-balancing. Otherwise +# try hosts in the order specified. +;remote-random + +# Keep trying indefinitely to resolve the +# host name of the OpenVPN server. Very useful +# on machines which are not permanently connected +# to the internet such as laptops. +resolv-retry infinite + +# Most clients don't need to bind to +# a specific local port number. +nobind + +# Downgrade privileges after initialization (non-Windows only) +user nobody +group nobody + +# Try to preserve some state across restarts. +persist-key +persist-tun + +# If you are connecting through an +# HTTP proxy to reach the actual OpenVPN +# server, put the proxy server/IP and +# port number here. See the man page +# if your proxy server requires +# authentication. +;http-proxy-retry # retry on connection failures +;http-proxy [proxy server] [proxy port #] + +# Wireless networks often produce a lot +# of duplicate packets. Set this flag +# to silence duplicate packet warnings. +;mute-replay-warnings + +# SSL/TLS parms. +# See the server config file for more +# description. It's best to use +# a separate .crt/.key file pair +# for each client. A single ca +# file can be used for all clients. +;ca ca.crt +;cert client.crt +;key client.key + +# Verify server certificate by checking that the +# certicate has the correct key usage set. +# This is an important precaution to protect against +# a potential attack discussed here: +# http://openvpn.net/howto.html#mitm +# +# To use this feature, you will need to generate +# your server certificates with the keyUsage set to +# digitalSignature, keyEncipherment +# and the extendedKeyUsage to +# serverAuth +# EasyRSA can do this for you. +remote-cert-tls server + +# If a tls-auth key is used on the server +# then every client must also have the key. +;tls-auth ta.key 1 +key-direction 1 + +# Select a cryptographic cipher. +# If the cipher option is used on the server +# then you must also specify it here. +# Note that v2.4 client/server will automatically +# negotiate AES-256-GCM in TLS mode. +# See also the ncp-cipher option in the manpage +cipher AES-256-CBC + +# Enable compression on the VPN link. +# Don't enable this unless it is also +# enabled in the server config file. +#comp-lzo + +# Set log file verbosity. +verb 3 + +# Silence repeating messages +;mute 20 + + +-----BEGIN CERTIFICATE----- +MIIB4zCCAWmgAwIBAgIJANzVB7ZWgM/zMAoGCCqGSM49BAMCMBUxEzARBgNVBAMM +Ck9wZW5WUE4gQ0EwHhcNMTcxMDE5MDkyNjQ5WhcNMjcxMDE3MDkyNjQ5WjAVMRMw +EQYDVQQDDApPcGVuVlBOIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEZlRYMkM/ +C1BWwdhulSHhjowAkCXaAN8OUprngryT/qA/0Am+LYQmWdwNdef4ElhSTW4xaKQZ +q4d36p1ygnf3lEKRQSkg2u/5mrTCBw1DEZOgg8CS1z4wTlttYqlido0Jo4GEMIGB +MB0GA1UdDgQWBBQ0+FxfsE+24u9DitmrWHTQVshLzzBFBgNVHSMEPjA8gBQ0+Fxf +sE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJANzV +B7ZWgM/zMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqGSM49BAMCA2gA +MGUCMQCzheSmsBg4AbeGKqnuJ9P/uvgQOZcsgxls63EDhpirHcL/eJFGwpF2xj1p +9AnWZfwCMGO/71WFApKPRJo6rFfpbqt3UG/ht2TKE59f2kXNlhW2DS0Vg4FnFRVa ++ARBv6orZw== +-----END CERTIFICATE----- + + + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 13057 (0x3301) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=OpenVPN CA + Validity + Not Before: Oct 19 09:32:15 2017 GMT + Not After : Oct 17 09:32:15 2027 GMT + Subject: CN=fschnell + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:53:8d:f8:f4:fd:5f:c9:b3:4c:57:f6:c4:93:7f: + 94:43:31:09:62:ca:ef:5a:d8:12:54:59:58:84:21: + aa:59:8b:5a:23:a9:b7:1b:e8:e6:e3:a6:76:14:75: + 45:c7:d5:0c:89:5c:e7:9e:f1:56:2a:6d:25:b8:30: + 6f:4a:dd:80:08:b0:a6:07:c8:98:d6:f3:0a:07:d9: + 60:d0:00:58:7f:f6:a5:6b:78:53:82:44:5a:81:01: + 54:18:6f:1b:f4:99:f9 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + C8:6F:89:82:1D:8F:8C:70:84:6F:E9:35:BD:92:9C:3E:56:DC:40:CD + X509v3 Authority Key Identifier: + keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF + DirName:/CN=OpenVPN CA + serial:DC:D5:07:B6:56:80:CF:F3 + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:66:02:31:00:f7:04:12:3d:b3:98:22:bc:aa:06:62:be:31: + ac:32:26:c9:80:1b:aa:17:e0:85:82:0b:14:b8:35:09:8f:e4: + 7c:2b:8f:82:a6:c2:08:9d:91:7a:43:19:30:a2:94:e6:2b:02: + 31:00:fb:61:02:d5:e4:9b:a8:a3:d9:5e:e6:cf:4e:8f:5c:17: + 4e:59:c4:20:78:bb:d6:2a:cc:8c:92:e5:78:aa:6b:2c:ce:db: + 94:46:86:16:76:14:ac:64:41:d1:78:d2:a9:ec +-----BEGIN CERTIFICATE----- +MIIB7TCCAXKgAwIBAgICMwEwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ +TiBDQTAeFw0xNzEwMTkwOTMyMTVaFw0yNzEwMTcwOTMyMTVaMBMxETAPBgNVBAMM +CGZzY2huZWxsMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEU4349P1fybNMV/bEk3+U +QzEJYsrvWtgSVFlYhCGqWYtaI6m3G+jm46Z2FHVFx9UMiVznnvFWKm0luDBvSt2A +CLCmB8iY1vMKB9lg0ABYf/ala3hTgkRagQFUGG8b9Jn5o4GWMIGTMAkGA1UdEwQC +MAAwHQYDVR0OBBYEFMhviYIdj4xwhG/pNb2SnD5W3EDNMEUGA1UdIwQ+MDyAFDT4 +XF+wT7bi70OK2atYdNBWyEvPoRmkFzAVMRMwEQYDVQQDDApPcGVuVlBOIENBggkA +3NUHtlaAz/MwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqG +SM49BAMCA2kAMGYCMQD3BBI9s5givKoGYr4xrDImyYAbqhfghYILFLg1CY/kfCuP +gqbCCJ2RekMZMKKU5isCMQD7YQLV5Juoo9le5s9Oj1wXTlnEIHi71irMjJLleKpr +LM7blEaGFnYUrGRB0XjSqew= +-----END CERTIFICATE----- + + + +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDAxNEO7csy6z8FIuKh0 +cUYc7KxGcFNiRb1U0ArLkuTxcFCMBar/1RbshVlrM6ecWQKhZANiAARTjfj0/V/J +s0xX9sSTf5RDMQliyu9a2BJUWViEIapZi1ojqbcb6ObjpnYUdUXH1QyJXOee8VYq +bSW4MG9K3YAIsKYHyJjW8woH2WDQAFh/9qVreFOCRFqBAVQYbxv0mfk= +-----END PRIVATE KEY----- + + + +# +# 2048 bit OpenVPN static key +# +-----BEGIN OpenVPN Static key V1----- +e2c3228e2b7b2e06ea31c36d88f0b025 +a43272d29c5e75ce0e0d848a22455f7f +2fbbe2913630194ca637d987b9c9a62d +4e68ce4cb9cc00a13475e749fdbf98c9 +cae6c8c4ef8e5b8bbf6d0cd30c217625 +382064df6f2fba84d572f0b462530549 +462ef72ebdf83b41bb1c25467d516938 +b9b82d3a5a6ba072c5ca7c1ed54500f1 +932f175f377cbf6a9250690eb36cf05b +8d04c22756cb43d787d5c6efbbe78732 +02cdc11cf66cef8ccf0842f6f3de425a +e0c1f29111e7aaf091b97b3958a35066 +94ba9f615b622339e6151314c6ea6014 +518c7ea5e064965985afab9a4bbba63e +80fb88e0ab45db4f734c1650dcd01810 +c201d2efe838b414674643ce2d05fdab +-----END OpenVPN Static key V1----- + diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/khorvath.conf b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/khorvath.conf new file mode 100644 index 0000000..44f0b04 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/khorvath.conf @@ -0,0 +1,236 @@ +############################################## +# Sample client-side OpenVPN 2.0 config file # +# for connecting to multi-client server. # +# # +# This configuration can be used by multiple # +# clients, however each client should have # +# its own cert and key files. # +# # +# On Windows, you might want to rename this # +# file so it has a .ovpn extension # +############################################## + +# Specify that we are a client and that we +# will be pulling certain config file directives +# from the server. +client + +# Use the same setting as you are using on +# the server. +# On most systems, the VPN will not function +# unless you partially or fully disable +# the firewall for the TUN/TAP interface. +;dev tap +dev tun + +# Windows needs the TAP-Win32 adapter name +# from the Network Connections panel +# if you have more than one. On XP SP2, +# you may need to disable the firewall +# for the TAP adapter. +;dev-node MyTap + +# Are we connecting to a TCP or +# UDP server? Use the same setting as +# on the server. +;proto tcp +proto udp + +# The hostname/IP and port of the server. +# You can have multiple remote entries +# to load balance between the servers. +remote vpn.userrendszerhaz.hu 1194 + +# Choose a random host from the remote +# list for load-balancing. Otherwise +# try hosts in the order specified. +;remote-random + +# Keep trying indefinitely to resolve the +# host name of the OpenVPN server. Very useful +# on machines which are not permanently connected +# to the internet such as laptops. +resolv-retry infinite + +# Most clients don't need to bind to +# a specific local port number. +nobind + +# Downgrade privileges after initialization (non-Windows only) +user nobody +group nobody + +# Try to preserve some state across restarts. +persist-key +persist-tun + +# If you are connecting through an +# HTTP proxy to reach the actual OpenVPN +# server, put the proxy server/IP and +# port number here. See the man page +# if your proxy server requires +# authentication. +;http-proxy-retry # retry on connection failures +;http-proxy [proxy server] [proxy port #] + +# Wireless networks often produce a lot +# of duplicate packets. Set this flag +# to silence duplicate packet warnings. +;mute-replay-warnings + +# SSL/TLS parms. +# See the server config file for more +# description. It's best to use +# a separate .crt/.key file pair +# for each client. A single ca +# file can be used for all clients. +;ca ca.crt +;cert client.crt +;key client.key + +# Verify server certificate by checking that the +# certicate has the correct key usage set. +# This is an important precaution to protect against +# a potential attack discussed here: +# http://openvpn.net/howto.html#mitm +# +# To use this feature, you will need to generate +# your server certificates with the keyUsage set to +# digitalSignature, keyEncipherment +# and the extendedKeyUsage to +# serverAuth +# EasyRSA can do this for you. +remote-cert-tls server + +# If a tls-auth key is used on the server +# then every client must also have the key. +;tls-auth ta.key 1 +key-direction 1 + +# Select a cryptographic cipher. +# If the cipher option is used on the server +# then you must also specify it here. +# Note that v2.4 client/server will automatically +# negotiate AES-256-GCM in TLS mode. +# See also the ncp-cipher option in the manpage +cipher AES-256-CBC + +# Enable compression on the VPN link. +# Don't enable this unless it is also +# enabled in the server config file. +#comp-lzo + +# Set log file verbosity. +verb 3 + +# Silence repeating messages +;mute 20 + + +-----BEGIN CERTIFICATE----- +MIIB4zCCAWmgAwIBAgIJANzVB7ZWgM/zMAoGCCqGSM49BAMCMBUxEzARBgNVBAMM +Ck9wZW5WUE4gQ0EwHhcNMTcxMDE5MDkyNjQ5WhcNMjcxMDE3MDkyNjQ5WjAVMRMw +EQYDVQQDDApPcGVuVlBOIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEZlRYMkM/ +C1BWwdhulSHhjowAkCXaAN8OUprngryT/qA/0Am+LYQmWdwNdef4ElhSTW4xaKQZ +q4d36p1ygnf3lEKRQSkg2u/5mrTCBw1DEZOgg8CS1z4wTlttYqlido0Jo4GEMIGB +MB0GA1UdDgQWBBQ0+FxfsE+24u9DitmrWHTQVshLzzBFBgNVHSMEPjA8gBQ0+Fxf +sE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJANzV +B7ZWgM/zMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqGSM49BAMCA2gA +MGUCMQCzheSmsBg4AbeGKqnuJ9P/uvgQOZcsgxls63EDhpirHcL/eJFGwpF2xj1p +9AnWZfwCMGO/71WFApKPRJo6rFfpbqt3UG/ht2TKE59f2kXNlhW2DS0Vg4FnFRVa ++ARBv6orZw== +-----END CERTIFICATE----- + + + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 11182 (0x2bae) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=OpenVPN CA + Validity + Not Before: Oct 19 09:32:30 2017 GMT + Not After : Oct 17 09:32:30 2027 GMT + Subject: CN=khorvath + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:ab:61:3a:de:89:4e:0e:63:ea:c8:6b:98:1a:8b: + c4:f9:72:f4:bf:b2:0e:eb:94:ef:04:6c:a9:e4:78: + 53:f9:a8:af:6a:14:9b:27:e9:17:45:c7:f9:9e:e4: + d3:59:43:9c:13:c7:15:63:80:8e:aa:ac:fc:9a:55: + 59:64:7c:62:3d:2c:50:20:97:d1:c1:1e:22:94:53: + 74:4a:5f:30:fb:a0:3d:ba:e0:9d:2e:e2:70:af:73: + a5:c0:32:45:77:2e:20 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 1D:C8:C2:9E:05:CF:12:BB:33:C2:D9:24:C7:ED:A4:8D:86:23:75:CF + X509v3 Authority Key Identifier: + keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF + DirName:/CN=OpenVPN CA + serial:DC:D5:07:B6:56:80:CF:F3 + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:66:02:31:00:98:ba:ed:a5:45:71:05:76:b6:40:76:4e:a3: + 31:bd:38:7e:7d:0b:71:13:6f:1a:ee:58:1a:89:eb:ee:50:b2: + 86:2b:c6:4b:dc:8b:a5:ee:4b:c7:06:c9:65:55:10:7c:95:02: + 31:00:88:07:18:6d:65:2f:bf:79:42:d7:df:5c:88:f9:ff:81: + 8a:3d:25:80:8b:76:33:59:a9:28:20:82:30:40:67:88:49:34: + 51:f2:36:0a:22:49:2e:e5:d7:35:c3:4e:c8:2b +-----BEGIN CERTIFICATE----- +MIIB7TCCAXKgAwIBAgICK64wCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ +TiBDQTAeFw0xNzEwMTkwOTMyMzBaFw0yNzEwMTcwOTMyMzBaMBMxETAPBgNVBAMM +CGtob3J2YXRoMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEq2E63olODmPqyGuYGovE ++XL0v7IO65TvBGyp5HhT+aivahSbJ+kXRcf5nuTTWUOcE8cVY4COqqz8mlVZZHxi +PSxQIJfRwR4ilFN0Sl8w+6A9uuCdLuJwr3OlwDJFdy4go4GWMIGTMAkGA1UdEwQC +MAAwHQYDVR0OBBYEFB3Iwp4FzxK7M8LZJMftpI2GI3XPMEUGA1UdIwQ+MDyAFDT4 +XF+wT7bi70OK2atYdNBWyEvPoRmkFzAVMRMwEQYDVQQDDApPcGVuVlBOIENBggkA +3NUHtlaAz/MwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqG +SM49BAMCA2kAMGYCMQCYuu2lRXEFdrZAdk6jMb04fn0LcRNvGu5YGonr7lCyhivG +S9yLpe5LxwbJZVUQfJUCMQCIBxhtZS+/eULX31yI+f+Bij0lgIt2M1mpKCCCMEBn +iEk0UfI2CiJJLuXXNcNOyCs= +-----END CERTIFICATE----- + + + +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDA5CxtZG7mg0mVsbSQS +QM45ehcXPIjeWufTSVmDFGXG3ON+mmjr/H7/N4yOY3Clj7+hZANiAASrYTreiU4O +Y+rIa5gai8T5cvS/sg7rlO8EbKnkeFP5qK9qFJsn6RdFx/me5NNZQ5wTxxVjgI6q +rPyaVVlkfGI9LFAgl9HBHiKUU3RKXzD7oD264J0u4nCvc6XAMkV3LiA= +-----END PRIVATE KEY----- + + + +# +# 2048 bit OpenVPN static key +# +-----BEGIN OpenVPN Static key V1----- +e2c3228e2b7b2e06ea31c36d88f0b025 +a43272d29c5e75ce0e0d848a22455f7f +2fbbe2913630194ca637d987b9c9a62d +4e68ce4cb9cc00a13475e749fdbf98c9 +cae6c8c4ef8e5b8bbf6d0cd30c217625 +382064df6f2fba84d572f0b462530549 +462ef72ebdf83b41bb1c25467d516938 +b9b82d3a5a6ba072c5ca7c1ed54500f1 +932f175f377cbf6a9250690eb36cf05b +8d04c22756cb43d787d5c6efbbe78732 +02cdc11cf66cef8ccf0842f6f3de425a +e0c1f29111e7aaf091b97b3958a35066 +94ba9f615b622339e6151314c6ea6014 +518c7ea5e064965985afab9a4bbba63e +80fb88e0ab45db4f734c1650dcd01810 +c201d2efe838b414674643ce2d05fdab +-----END OpenVPN Static key V1----- + diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/kkele.conf b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/kkele.conf new file mode 100644 index 0000000..db7c228 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/kkele.conf @@ -0,0 +1,236 @@ +############################################## +# Sample client-side OpenVPN 2.0 config file # +# for connecting to multi-client server. # +# # +# This configuration can be used by multiple # +# clients, however each client should have # +# its own cert and key files. # +# # +# On Windows, you might want to rename this # +# file so it has a .ovpn extension # +############################################## + +# Specify that we are a client and that we +# will be pulling certain config file directives +# from the server. +client + +# Use the same setting as you are using on +# the server. +# On most systems, the VPN will not function +# unless you partially or fully disable +# the firewall for the TUN/TAP interface. +;dev tap +dev tun + +# Windows needs the TAP-Win32 adapter name +# from the Network Connections panel +# if you have more than one. On XP SP2, +# you may need to disable the firewall +# for the TAP adapter. +;dev-node MyTap + +# Are we connecting to a TCP or +# UDP server? Use the same setting as +# on the server. +;proto tcp +proto udp + +# The hostname/IP and port of the server. +# You can have multiple remote entries +# to load balance between the servers. +remote vpn.userrendszerhaz.hu 1194 + +# Choose a random host from the remote +# list for load-balancing. Otherwise +# try hosts in the order specified. +;remote-random + +# Keep trying indefinitely to resolve the +# host name of the OpenVPN server. Very useful +# on machines which are not permanently connected +# to the internet such as laptops. +resolv-retry infinite + +# Most clients don't need to bind to +# a specific local port number. +nobind + +# Downgrade privileges after initialization (non-Windows only) +user nobody +group nobody + +# Try to preserve some state across restarts. +persist-key +persist-tun + +# If you are connecting through an +# HTTP proxy to reach the actual OpenVPN +# server, put the proxy server/IP and +# port number here. See the man page +# if your proxy server requires +# authentication. +;http-proxy-retry # retry on connection failures +;http-proxy [proxy server] [proxy port #] + +# Wireless networks often produce a lot +# of duplicate packets. Set this flag +# to silence duplicate packet warnings. +;mute-replay-warnings + +# SSL/TLS parms. +# See the server config file for more +# description. It's best to use +# a separate .crt/.key file pair +# for each client. A single ca +# file can be used for all clients. +;ca ca.crt +;cert client.crt +;key client.key + +# Verify server certificate by checking that the +# certicate has the correct key usage set. +# This is an important precaution to protect against +# a potential attack discussed here: +# http://openvpn.net/howto.html#mitm +# +# To use this feature, you will need to generate +# your server certificates with the keyUsage set to +# digitalSignature, keyEncipherment +# and the extendedKeyUsage to +# serverAuth +# EasyRSA can do this for you. +remote-cert-tls server + +# If a tls-auth key is used on the server +# then every client must also have the key. +;tls-auth ta.key 1 +key-direction 1 + +# Select a cryptographic cipher. +# If the cipher option is used on the server +# then you must also specify it here. +# Note that v2.4 client/server will automatically +# negotiate AES-256-GCM in TLS mode. +# See also the ncp-cipher option in the manpage +cipher AES-256-CBC + +# Enable compression on the VPN link. +# Don't enable this unless it is also +# enabled in the server config file. +#comp-lzo + +# Set log file verbosity. +verb 3 + +# Silence repeating messages +;mute 20 + + +-----BEGIN CERTIFICATE----- +MIIB4zCCAWmgAwIBAgIJANzVB7ZWgM/zMAoGCCqGSM49BAMCMBUxEzARBgNVBAMM +Ck9wZW5WUE4gQ0EwHhcNMTcxMDE5MDkyNjQ5WhcNMjcxMDE3MDkyNjQ5WjAVMRMw +EQYDVQQDDApPcGVuVlBOIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEZlRYMkM/ +C1BWwdhulSHhjowAkCXaAN8OUprngryT/qA/0Am+LYQmWdwNdef4ElhSTW4xaKQZ +q4d36p1ygnf3lEKRQSkg2u/5mrTCBw1DEZOgg8CS1z4wTlttYqlido0Jo4GEMIGB +MB0GA1UdDgQWBBQ0+FxfsE+24u9DitmrWHTQVshLzzBFBgNVHSMEPjA8gBQ0+Fxf +sE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJANzV +B7ZWgM/zMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqGSM49BAMCA2gA +MGUCMQCzheSmsBg4AbeGKqnuJ9P/uvgQOZcsgxls63EDhpirHcL/eJFGwpF2xj1p +9AnWZfwCMGO/71WFApKPRJo6rFfpbqt3UG/ht2TKE59f2kXNlhW2DS0Vg4FnFRVa ++ARBv6orZw== +-----END CERTIFICATE----- + + + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 12916 (0x3274) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=OpenVPN CA + Validity + Not Before: Oct 19 09:32:40 2017 GMT + Not After : Oct 17 09:32:40 2027 GMT + Subject: CN=kkele + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:25:3e:a3:bd:c9:27:5e:ba:c6:30:68:0f:90:17: + 94:89:69:30:04:70:6a:ba:16:40:3d:04:08:ed:00: + 2d:a2:c4:45:aa:db:af:85:d2:a6:40:7b:69:85:bc: + cf:9a:41:66:0b:4d:1a:c4:82:53:b0:d1:cb:53:98: + 39:90:11:11:5e:e7:98:a7:b3:71:31:b1:55:be:07: + ef:ed:6a:e7:dc:e9:38:fd:03:fc:d5:52:ed:a8:da: + de:88:22:6d:c2:80:0a + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 05:94:51:39:17:98:AD:AD:A6:A0:4D:7F:79:9C:81:1F:3C:BB:8A:88 + X509v3 Authority Key Identifier: + keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF + DirName:/CN=OpenVPN CA + serial:DC:D5:07:B6:56:80:CF:F3 + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:64:02:30:6c:81:f6:f7:47:45:a0:a2:2b:20:6f:2c:22:7d: + 40:79:45:2a:66:9e:04:5d:75:b9:d9:f9:a7:98:c8:81:c9:6e: + bd:9c:35:e8:67:2c:9c:2f:52:62:3c:b4:5f:4a:33:68:02:30: + 72:86:06:98:6e:ab:ff:2e:00:0d:20:1a:35:1f:86:33:ed:7c: + 36:31:69:89:98:6e:3e:22:39:71:c3:e3:62:26:20:aa:56:77: + 5f:1e:e3:60:45:dd:37:ca:6b:4f:f6:66 +-----BEGIN CERTIFICATE----- +MIIB6DCCAW+gAwIBAgICMnQwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ +TiBDQTAeFw0xNzEwMTkwOTMyNDBaFw0yNzEwMTcwOTMyNDBaMBAxDjAMBgNVBAMM +BWtrZWxlMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEJT6jvcknXrrGMGgPkBeUiWkw +BHBquhZAPQQI7QAtosRFqtuvhdKmQHtphbzPmkFmC00axIJTsNHLU5g5kBERXueY +p7NxMbFVvgfv7Wrn3Ok4/QP81VLtqNreiCJtwoAKo4GWMIGTMAkGA1UdEwQCMAAw +HQYDVR0OBBYEFAWUUTkXmK2tpqBNf3mcgR88u4qIMEUGA1UdIwQ+MDyAFDT4XF+w +T7bi70OK2atYdNBWyEvPoRmkFzAVMRMwEQYDVQQDDApPcGVuVlBOIENBggkA3NUH +tlaAz/MwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqGSM49 +BAMCA2cAMGQCMGyB9vdHRaCiKyBvLCJ9QHlFKmaeBF11udn5p5jIgcluvZw16Gcs +nC9SYjy0X0ozaAIwcoYGmG6r/y4ADSAaNR+GM+18NjFpiZhuPiI5ccPjYiYgqlZ3 +Xx7jYEXdN8prT/Zm +-----END CERTIFICATE----- + + + +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDApjJ+iDz8X3qtoQVtC +jUgcydPDcz6VjstIZ5PGAsYw1QiWbC+7OvnEy+oMETvEzxahZANiAAQlPqO9ySde +usYwaA+QF5SJaTAEcGq6FkA9BAjtAC2ixEWq26+F0qZAe2mFvM+aQWYLTRrEglOw +0ctTmDmQERFe55ins3ExsVW+B+/taufc6Tj9A/zVUu2o2t6IIm3CgAo= +-----END PRIVATE KEY----- + + + +# +# 2048 bit OpenVPN static key +# +-----BEGIN OpenVPN Static key V1----- +e2c3228e2b7b2e06ea31c36d88f0b025 +a43272d29c5e75ce0e0d848a22455f7f +2fbbe2913630194ca637d987b9c9a62d +4e68ce4cb9cc00a13475e749fdbf98c9 +cae6c8c4ef8e5b8bbf6d0cd30c217625 +382064df6f2fba84d572f0b462530549 +462ef72ebdf83b41bb1c25467d516938 +b9b82d3a5a6ba072c5ca7c1ed54500f1 +932f175f377cbf6a9250690eb36cf05b +8d04c22756cb43d787d5c6efbbe78732 +02cdc11cf66cef8ccf0842f6f3de425a +e0c1f29111e7aaf091b97b3958a35066 +94ba9f615b622339e6151314c6ea6014 +518c7ea5e064965985afab9a4bbba63e +80fb88e0ab45db4f734c1650dcd01810 +c201d2efe838b414674643ce2d05fdab +-----END OpenVPN Static key V1----- + diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/kschaffer.conf b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/kschaffer.conf new file mode 100644 index 0000000..2e4e836 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/kschaffer.conf @@ -0,0 +1,236 @@ +############################################## +# Sample client-side OpenVPN 2.0 config file # +# for connecting to multi-client server. # +# # +# This configuration can be used by multiple # +# clients, however each client should have # +# its own cert and key files. # +# # +# On Windows, you might want to rename this # +# file so it has a .ovpn extension # +############################################## + +# Specify that we are a client and that we +# will be pulling certain config file directives +# from the server. +client + +# Use the same setting as you are using on +# the server. +# On most systems, the VPN will not function +# unless you partially or fully disable +# the firewall for the TUN/TAP interface. +;dev tap +dev tun + +# Windows needs the TAP-Win32 adapter name +# from the Network Connections panel +# if you have more than one. On XP SP2, +# you may need to disable the firewall +# for the TAP adapter. +;dev-node MyTap + +# Are we connecting to a TCP or +# UDP server? Use the same setting as +# on the server. +;proto tcp +proto udp + +# The hostname/IP and port of the server. +# You can have multiple remote entries +# to load balance between the servers. +remote vpn.userrendszerhaz.hu 1194 + +# Choose a random host from the remote +# list for load-balancing. Otherwise +# try hosts in the order specified. +;remote-random + +# Keep trying indefinitely to resolve the +# host name of the OpenVPN server. Very useful +# on machines which are not permanently connected +# to the internet such as laptops. +resolv-retry infinite + +# Most clients don't need to bind to +# a specific local port number. +nobind + +# Downgrade privileges after initialization (non-Windows only) +user nobody +group nobody + +# Try to preserve some state across restarts. +persist-key +persist-tun + +# If you are connecting through an +# HTTP proxy to reach the actual OpenVPN +# server, put the proxy server/IP and +# port number here. See the man page +# if your proxy server requires +# authentication. +;http-proxy-retry # retry on connection failures +;http-proxy [proxy server] [proxy port #] + +# Wireless networks often produce a lot +# of duplicate packets. Set this flag +# to silence duplicate packet warnings. +;mute-replay-warnings + +# SSL/TLS parms. +# See the server config file for more +# description. It's best to use +# a separate .crt/.key file pair +# for each client. A single ca +# file can be used for all clients. +;ca ca.crt +;cert client.crt +;key client.key + +# Verify server certificate by checking that the +# certicate has the correct key usage set. +# This is an important precaution to protect against +# a potential attack discussed here: +# http://openvpn.net/howto.html#mitm +# +# To use this feature, you will need to generate +# your server certificates with the keyUsage set to +# digitalSignature, keyEncipherment +# and the extendedKeyUsage to +# serverAuth +# EasyRSA can do this for you. +remote-cert-tls server + +# If a tls-auth key is used on the server +# then every client must also have the key. +;tls-auth ta.key 1 +key-direction 1 + +# Select a cryptographic cipher. +# If the cipher option is used on the server +# then you must also specify it here. +# Note that v2.4 client/server will automatically +# negotiate AES-256-GCM in TLS mode. +# See also the ncp-cipher option in the manpage +cipher AES-256-CBC + +# Enable compression on the VPN link. +# Don't enable this unless it is also +# enabled in the server config file. +#comp-lzo + +# Set log file verbosity. +verb 3 + +# Silence repeating messages +;mute 20 + + +-----BEGIN CERTIFICATE----- +MIIB4zCCAWmgAwIBAgIJANzVB7ZWgM/zMAoGCCqGSM49BAMCMBUxEzARBgNVBAMM +Ck9wZW5WUE4gQ0EwHhcNMTcxMDE5MDkyNjQ5WhcNMjcxMDE3MDkyNjQ5WjAVMRMw +EQYDVQQDDApPcGVuVlBOIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEZlRYMkM/ +C1BWwdhulSHhjowAkCXaAN8OUprngryT/qA/0Am+LYQmWdwNdef4ElhSTW4xaKQZ +q4d36p1ygnf3lEKRQSkg2u/5mrTCBw1DEZOgg8CS1z4wTlttYqlido0Jo4GEMIGB +MB0GA1UdDgQWBBQ0+FxfsE+24u9DitmrWHTQVshLzzBFBgNVHSMEPjA8gBQ0+Fxf +sE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJANzV +B7ZWgM/zMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqGSM49BAMCA2gA +MGUCMQCzheSmsBg4AbeGKqnuJ9P/uvgQOZcsgxls63EDhpirHcL/eJFGwpF2xj1p +9AnWZfwCMGO/71WFApKPRJo6rFfpbqt3UG/ht2TKE59f2kXNlhW2DS0Vg4FnFRVa ++ARBv6orZw== +-----END CERTIFICATE----- + + + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 11701 (0x2db5) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=OpenVPN CA + Validity + Not Before: Oct 19 09:32:51 2017 GMT + Not After : Oct 17 09:32:51 2027 GMT + Subject: CN=kschaffer + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:fc:5e:b3:e4:29:34:b3:d0:28:23:12:b9:4a:aa: + 85:61:2a:cd:16:9b:f9:38:dc:06:32:b1:39:0f:89: + 9f:df:aa:6e:1c:70:99:db:e9:aa:5d:21:eb:f6:6d: + 8f:e6:6b:25:bd:f6:e6:48:2f:75:ee:16:10:a5:e5: + 54:d7:32:7e:6e:26:1d:c2:8e:78:80:9e:69:3f:50: + 38:36:43:36:42:95:f5:42:b3:22:2f:6c:8b:bd:ca: + 2c:40:ea:3f:84:ce:be + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + B6:58:C0:94:45:C5:AC:E8:0A:30:D5:FA:15:AB:DC:7C:53:DC:88:06 + X509v3 Authority Key Identifier: + keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF + DirName:/CN=OpenVPN CA + serial:DC:D5:07:B6:56:80:CF:F3 + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:66:02:31:00:95:e3:da:70:d6:17:f5:85:18:a7:2d:db:31: + 5d:22:a2:98:9a:24:8f:15:75:a6:60:2f:5a:67:46:bc:14:cc: + 38:d2:bc:b8:dd:f1:0d:4c:15:45:37:0f:cb:79:3e:d8:32:02: + 31:00:95:0d:83:ef:33:b0:da:d2:bc:ba:99:27:10:c0:fc:b2: + 9d:31:d7:e8:60:95:0a:0e:59:df:92:59:86:70:cc:7f:64:94: + 76:df:f7:1f:b9:5c:e2:14:85:9c:61:76:b0:cb +-----BEGIN CERTIFICATE----- +MIIB7jCCAXOgAwIBAgICLbUwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ +TiBDQTAeFw0xNzEwMTkwOTMyNTFaFw0yNzEwMTcwOTMyNTFaMBQxEjAQBgNVBAMM +CWtzY2hhZmZlcjB2MBAGByqGSM49AgEGBSuBBAAiA2IABPxes+QpNLPQKCMSuUqq +hWEqzRab+TjcBjKxOQ+Jn9+qbhxwmdvpql0h6/Ztj+ZrJb325kgvde4WEKXlVNcy +fm4mHcKOeICeaT9QODZDNkKV9UKzIi9si73KLEDqP4TOvqOBljCBkzAJBgNVHRME +AjAAMB0GA1UdDgQWBBS2WMCURcWs6Aow1foVq9x8U9yIBjBFBgNVHSMEPjA8gBQ0 ++FxfsE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJ +ANzVB7ZWgM/zMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAKBggq +hkjOPQQDAgNpADBmAjEAlePacNYX9YUYpy3bMV0iopiaJI8VdaZgL1pnRrwUzDjS +vLjd8Q1MFUU3D8t5PtgyAjEAlQ2D7zOw2tK8upknEMD8sp0x1+hglQoOWd+SWYZw +zH9klHbf9x+5XOIUhZxhdrDL +-----END CERTIFICATE----- + + + +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDAGMS95Xt2w9eVSEIRz +QiRQPN5zL1INxTsHy5flZSBvIe/1++f8Il+/vhSssmQeeBmhZANiAAT8XrPkKTSz +0CgjErlKqoVhKs0Wm/k43AYysTkPiZ/fqm4ccJnb6apdIev2bY/mayW99uZIL3Xu +FhCl5VTXMn5uJh3CjniAnmk/UDg2QzZClfVCsyIvbIu9yixA6j+Ezr4= +-----END PRIVATE KEY----- + + + +# +# 2048 bit OpenVPN static key +# +-----BEGIN OpenVPN Static key V1----- +e2c3228e2b7b2e06ea31c36d88f0b025 +a43272d29c5e75ce0e0d848a22455f7f +2fbbe2913630194ca637d987b9c9a62d +4e68ce4cb9cc00a13475e749fdbf98c9 +cae6c8c4ef8e5b8bbf6d0cd30c217625 +382064df6f2fba84d572f0b462530549 +462ef72ebdf83b41bb1c25467d516938 +b9b82d3a5a6ba072c5ca7c1ed54500f1 +932f175f377cbf6a9250690eb36cf05b +8d04c22756cb43d787d5c6efbbe78732 +02cdc11cf66cef8ccf0842f6f3de425a +e0c1f29111e7aaf091b97b3958a35066 +94ba9f615b622339e6151314c6ea6014 +518c7ea5e064965985afab9a4bbba63e +80fb88e0ab45db4f734c1650dcd01810 +c201d2efe838b414674643ce2d05fdab +-----END OpenVPN Static key V1----- + diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/mszabo.conf b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/mszabo.conf new file mode 100644 index 0000000..18028df --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/mszabo.conf @@ -0,0 +1,236 @@ +############################################## +# Sample client-side OpenVPN 2.0 config file # +# for connecting to multi-client server. # +# # +# This configuration can be used by multiple # +# clients, however each client should have # +# its own cert and key files. # +# # +# On Windows, you might want to rename this # +# file so it has a .ovpn extension # +############################################## + +# Specify that we are a client and that we +# will be pulling certain config file directives +# from the server. +client + +# Use the same setting as you are using on +# the server. +# On most systems, the VPN will not function +# unless you partially or fully disable +# the firewall for the TUN/TAP interface. +;dev tap +dev tun + +# Windows needs the TAP-Win32 adapter name +# from the Network Connections panel +# if you have more than one. On XP SP2, +# you may need to disable the firewall +# for the TAP adapter. +;dev-node MyTap + +# Are we connecting to a TCP or +# UDP server? Use the same setting as +# on the server. +;proto tcp +proto udp + +# The hostname/IP and port of the server. +# You can have multiple remote entries +# to load balance between the servers. +remote vpn.userrendszerhaz.hu 1194 + +# Choose a random host from the remote +# list for load-balancing. Otherwise +# try hosts in the order specified. +;remote-random + +# Keep trying indefinitely to resolve the +# host name of the OpenVPN server. Very useful +# on machines which are not permanently connected +# to the internet such as laptops. +resolv-retry infinite + +# Most clients don't need to bind to +# a specific local port number. +nobind + +# Downgrade privileges after initialization (non-Windows only) +user nobody +group nobody + +# Try to preserve some state across restarts. +persist-key +persist-tun + +# If you are connecting through an +# HTTP proxy to reach the actual OpenVPN +# server, put the proxy server/IP and +# port number here. See the man page +# if your proxy server requires +# authentication. +;http-proxy-retry # retry on connection failures +;http-proxy [proxy server] [proxy port #] + +# Wireless networks often produce a lot +# of duplicate packets. Set this flag +# to silence duplicate packet warnings. +;mute-replay-warnings + +# SSL/TLS parms. +# See the server config file for more +# description. It's best to use +# a separate .crt/.key file pair +# for each client. A single ca +# file can be used for all clients. +;ca ca.crt +;cert client.crt +;key client.key + +# Verify server certificate by checking that the +# certicate has the correct key usage set. +# This is an important precaution to protect against +# a potential attack discussed here: +# http://openvpn.net/howto.html#mitm +# +# To use this feature, you will need to generate +# your server certificates with the keyUsage set to +# digitalSignature, keyEncipherment +# and the extendedKeyUsage to +# serverAuth +# EasyRSA can do this for you. +remote-cert-tls server + +# If a tls-auth key is used on the server +# then every client must also have the key. +;tls-auth ta.key 1 +key-direction 1 + +# Select a cryptographic cipher. +# If the cipher option is used on the server +# then you must also specify it here. +# Note that v2.4 client/server will automatically +# negotiate AES-256-GCM in TLS mode. +# See also the ncp-cipher option in the manpage +cipher AES-256-CBC + +# Enable compression on the VPN link. +# Don't enable this unless it is also +# enabled in the server config file. +#comp-lzo + +# Set log file verbosity. +verb 3 + +# Silence repeating messages +;mute 20 + + +-----BEGIN CERTIFICATE----- +MIIB4zCCAWmgAwIBAgIJANzVB7ZWgM/zMAoGCCqGSM49BAMCMBUxEzARBgNVBAMM +Ck9wZW5WUE4gQ0EwHhcNMTcxMDE5MDkyNjQ5WhcNMjcxMDE3MDkyNjQ5WjAVMRMw +EQYDVQQDDApPcGVuVlBOIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEZlRYMkM/ +C1BWwdhulSHhjowAkCXaAN8OUprngryT/qA/0Am+LYQmWdwNdef4ElhSTW4xaKQZ +q4d36p1ygnf3lEKRQSkg2u/5mrTCBw1DEZOgg8CS1z4wTlttYqlido0Jo4GEMIGB +MB0GA1UdDgQWBBQ0+FxfsE+24u9DitmrWHTQVshLzzBFBgNVHSMEPjA8gBQ0+Fxf +sE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJANzV +B7ZWgM/zMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqGSM49BAMCA2gA +MGUCMQCzheSmsBg4AbeGKqnuJ9P/uvgQOZcsgxls63EDhpirHcL/eJFGwpF2xj1p +9AnWZfwCMGO/71WFApKPRJo6rFfpbqt3UG/ht2TKE59f2kXNlhW2DS0Vg4FnFRVa ++ARBv6orZw== +-----END CERTIFICATE----- + + + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 13129 (0x3349) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=OpenVPN CA + Validity + Not Before: Oct 19 09:33:02 2017 GMT + Not After : Oct 17 09:33:02 2027 GMT + Subject: CN=mszabo + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:69:c0:86:27:a1:fa:74:2a:18:21:dc:d4:d1:4b: + b3:6e:d5:16:06:b7:50:8d:3a:5c:86:ea:b9:25:84: + bd:4e:65:d9:7c:33:13:8e:63:64:cb:70:39:3a:ac: + a5:d0:68:4d:f5:aa:f1:56:8c:55:11:26:d3:c3:c0: + 4a:10:78:35:7d:ba:56:f6:9a:f5:af:3d:6b:be:ad: + e7:e2:9c:0e:ec:42:b2:49:e3:f8:d6:36:0d:dd:56: + fb:e3:c0:7d:34:e5:2e + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 28:55:A2:FF:1C:FC:9B:E2:22:C8:45:93:ED:DE:A6:8E:50:A6:86:0A + X509v3 Authority Key Identifier: + keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF + DirName:/CN=OpenVPN CA + serial:DC:D5:07:B6:56:80:CF:F3 + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:66:02:31:00:9e:5f:d5:2d:55:0f:44:fa:9f:67:9b:eb:11: + a9:ef:a4:7e:2e:f1:c7:a4:99:11:d3:b3:05:30:bb:80:a9:0e: + 0d:b4:57:30:a4:4b:c4:94:49:9e:f9:7a:b6:07:7a:02:02:02: + 31:00:81:c9:96:28:0f:c6:47:84:e1:a2:86:17:a1:f3:c1:39: + 55:ca:a9:ce:8c:fc:e9:ea:70:a9:de:be:8c:83:e5:25:1a:cf: + 30:cb:f9:51:b5:3b:59:7d:15:df:9d:f2:2a:4f +-----BEGIN CERTIFICATE----- +MIIB6zCCAXCgAwIBAgICM0kwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ +TiBDQTAeFw0xNzEwMTkwOTMzMDJaFw0yNzEwMTcwOTMzMDJaMBExDzANBgNVBAMM +Bm1zemFibzB2MBAGByqGSM49AgEGBSuBBAAiA2IABGnAhieh+nQqGCHc1NFLs27V +Fga3UI06XIbquSWEvU5l2XwzE45jZMtwOTqspdBoTfWq8VaMVREm08PAShB4NX26 +Vvaa9a89a76t5+KcDuxCsknj+NY2Dd1W++PAfTTlLqOBljCBkzAJBgNVHRMEAjAA +MB0GA1UdDgQWBBQoVaL/HPyb4iLIRZPt3qaOUKaGCjBFBgNVHSMEPjA8gBQ0+Fxf +sE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJANzV +B7ZWgM/zMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAKBggqhkjO +PQQDAgNpADBmAjEAnl/VLVUPRPqfZ5vrEanvpH4u8cekmRHTswUwu4CpDg20VzCk +S8SUSZ75erYHegICAjEAgcmWKA/GR4ThooYXofPBOVXKqc6M/OnqcKnevoyD5SUa +zzDL+VG1O1l9Fd+d8ipP +-----END CERTIFICATE----- + + + +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDCDTjabyjcmnlfQF/VI +cCppGo1RnOkZwbaw9uxuZt11AY9YidT/5HW7aKo/U8ie4cGhZANiAARpwIYnofp0 +Khgh3NTRS7Nu1RYGt1CNOlyG6rklhL1OZdl8MxOOY2TLcDk6rKXQaE31qvFWjFUR +JtPDwEoQeDV9ulb2mvWvPWu+refinA7sQrJJ4/jWNg3dVvvjwH005S4= +-----END PRIVATE KEY----- + + + +# +# 2048 bit OpenVPN static key +# +-----BEGIN OpenVPN Static key V1----- +e2c3228e2b7b2e06ea31c36d88f0b025 +a43272d29c5e75ce0e0d848a22455f7f +2fbbe2913630194ca637d987b9c9a62d +4e68ce4cb9cc00a13475e749fdbf98c9 +cae6c8c4ef8e5b8bbf6d0cd30c217625 +382064df6f2fba84d572f0b462530549 +462ef72ebdf83b41bb1c25467d516938 +b9b82d3a5a6ba072c5ca7c1ed54500f1 +932f175f377cbf6a9250690eb36cf05b +8d04c22756cb43d787d5c6efbbe78732 +02cdc11cf66cef8ccf0842f6f3de425a +e0c1f29111e7aaf091b97b3958a35066 +94ba9f615b622339e6151314c6ea6014 +518c7ea5e064965985afab9a4bbba63e +80fb88e0ab45db4f734c1650dcd01810 +c201d2efe838b414674643ce2d05fdab +-----END OpenVPN Static key V1----- + diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/ptombor.conf b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/ptombor.conf new file mode 100644 index 0000000..92e0754 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/ptombor.conf @@ -0,0 +1,236 @@ +############################################## +# Sample client-side OpenVPN 2.0 config file # +# for connecting to multi-client server. # +# # +# This configuration can be used by multiple # +# clients, however each client should have # +# its own cert and key files. # +# # +# On Windows, you might want to rename this # +# file so it has a .ovpn extension # +############################################## + +# Specify that we are a client and that we +# will be pulling certain config file directives +# from the server. +client + +# Use the same setting as you are using on +# the server. +# On most systems, the VPN will not function +# unless you partially or fully disable +# the firewall for the TUN/TAP interface. +;dev tap +dev tun + +# Windows needs the TAP-Win32 adapter name +# from the Network Connections panel +# if you have more than one. On XP SP2, +# you may need to disable the firewall +# for the TAP adapter. +;dev-node MyTap + +# Are we connecting to a TCP or +# UDP server? Use the same setting as +# on the server. +;proto tcp +proto udp + +# The hostname/IP and port of the server. +# You can have multiple remote entries +# to load balance between the servers. +remote vpn.userrendszerhaz.hu 1194 + +# Choose a random host from the remote +# list for load-balancing. Otherwise +# try hosts in the order specified. +;remote-random + +# Keep trying indefinitely to resolve the +# host name of the OpenVPN server. Very useful +# on machines which are not permanently connected +# to the internet such as laptops. +resolv-retry infinite + +# Most clients don't need to bind to +# a specific local port number. +nobind + +# Downgrade privileges after initialization (non-Windows only) +user nobody +group nobody + +# Try to preserve some state across restarts. +persist-key +persist-tun + +# If you are connecting through an +# HTTP proxy to reach the actual OpenVPN +# server, put the proxy server/IP and +# port number here. See the man page +# if your proxy server requires +# authentication. +;http-proxy-retry # retry on connection failures +;http-proxy [proxy server] [proxy port #] + +# Wireless networks often produce a lot +# of duplicate packets. Set this flag +# to silence duplicate packet warnings. +;mute-replay-warnings + +# SSL/TLS parms. +# See the server config file for more +# description. It's best to use +# a separate .crt/.key file pair +# for each client. A single ca +# file can be used for all clients. +;ca ca.crt +;cert client.crt +;key client.key + +# Verify server certificate by checking that the +# certicate has the correct key usage set. +# This is an important precaution to protect against +# a potential attack discussed here: +# http://openvpn.net/howto.html#mitm +# +# To use this feature, you will need to generate +# your server certificates with the keyUsage set to +# digitalSignature, keyEncipherment +# and the extendedKeyUsage to +# serverAuth +# EasyRSA can do this for you. +remote-cert-tls server + +# If a tls-auth key is used on the server +# then every client must also have the key. +;tls-auth ta.key 1 +key-direction 1 + +# Select a cryptographic cipher. +# If the cipher option is used on the server +# then you must also specify it here. +# Note that v2.4 client/server will automatically +# negotiate AES-256-GCM in TLS mode. +# See also the ncp-cipher option in the manpage +cipher AES-256-CBC + +# Enable compression on the VPN link. +# Don't enable this unless it is also +# enabled in the server config file. +#comp-lzo + +# Set log file verbosity. +verb 3 + +# Silence repeating messages +;mute 20 + + +-----BEGIN CERTIFICATE----- +MIIB4zCCAWmgAwIBAgIJANzVB7ZWgM/zMAoGCCqGSM49BAMCMBUxEzARBgNVBAMM +Ck9wZW5WUE4gQ0EwHhcNMTcxMDE5MDkyNjQ5WhcNMjcxMDE3MDkyNjQ5WjAVMRMw +EQYDVQQDDApPcGVuVlBOIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEZlRYMkM/ +C1BWwdhulSHhjowAkCXaAN8OUprngryT/qA/0Am+LYQmWdwNdef4ElhSTW4xaKQZ +q4d36p1ygnf3lEKRQSkg2u/5mrTCBw1DEZOgg8CS1z4wTlttYqlido0Jo4GEMIGB +MB0GA1UdDgQWBBQ0+FxfsE+24u9DitmrWHTQVshLzzBFBgNVHSMEPjA8gBQ0+Fxf +sE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJANzV +B7ZWgM/zMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqGSM49BAMCA2gA +MGUCMQCzheSmsBg4AbeGKqnuJ9P/uvgQOZcsgxls63EDhpirHcL/eJFGwpF2xj1p +9AnWZfwCMGO/71WFApKPRJo6rFfpbqt3UG/ht2TKE59f2kXNlhW2DS0Vg4FnFRVa ++ARBv6orZw== +-----END CERTIFICATE----- + + + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 11776 (0x2e00) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=OpenVPN CA + Validity + Not Before: Oct 19 09:33:17 2017 GMT + Not After : Oct 17 09:33:17 2027 GMT + Subject: CN=ptombor + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:b0:7a:62:43:10:8b:4b:ae:3e:13:cb:10:b3:8c: + 85:4d:bb:74:df:61:bb:2b:0a:08:fb:15:e2:85:09: + 05:ee:8f:f4:65:43:4b:fe:ef:3c:58:ac:06:11:e8: + e4:d4:eb:7c:e3:dd:41:e0:24:f7:19:07:ee:48:fd: + 69:96:74:1e:fa:f2:b9:15:41:c8:70:64:53:7d:70: + 0a:46:f0:fe:f1:63:73:cc:bc:bc:e0:68:0d:e9:82: + 52:f3:19:53:a4:13:cd + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 5C:60:32:8A:63:F9:49:95:B7:4E:5E:28:41:CB:E2:EB:38:47:A7:76 + X509v3 Authority Key Identifier: + keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF + DirName:/CN=OpenVPN CA + serial:DC:D5:07:B6:56:80:CF:F3 + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:64:02:30:35:ab:49:b6:56:25:02:8f:d8:fe:85:29:52:dd: + bb:ed:4f:52:83:1b:7b:09:ff:29:c3:18:84:48:04:df:34:dd: + fd:19:a4:93:cb:29:bd:6f:e5:83:ec:d7:6a:17:99:02:02:30: + 63:e7:11:4d:c2:f0:b7:50:50:d1:20:c1:9f:d8:27:a8:fd:dd: + a1:57:c4:9a:cd:e4:ff:93:36:e4:32:a7:59:51:24:7b:f3:17: + ff:49:2d:b6:82:da:a1:f9:bf:dc:35:29 +-----BEGIN CERTIFICATE----- +MIIB6jCCAXGgAwIBAgICLgAwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ +TiBDQTAeFw0xNzEwMTkwOTMzMTdaFw0yNzEwMTcwOTMzMTdaMBIxEDAOBgNVBAMM +B3B0b21ib3IwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASwemJDEItLrj4TyxCzjIVN +u3TfYbsrCgj7FeKFCQXuj/RlQ0v+7zxYrAYR6OTU63zj3UHgJPcZB+5I/WmWdB76 +8rkVQchwZFN9cApG8P7xY3PMvLzgaA3pglLzGVOkE82jgZYwgZMwCQYDVR0TBAIw +ADAdBgNVHQ4EFgQUXGAyimP5SZW3Tl4oQcvi6zhHp3YwRQYDVR0jBD4wPIAUNPhc +X7BPtuLvQ4rZq1h00FbIS8+hGaQXMBUxEzARBgNVBAMMCk9wZW5WUE4gQ0GCCQDc +1Qe2VoDP8zATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZI +zj0EAwIDZwAwZAIwNatJtlYlAo/Y/oUpUt277U9Sgxt7Cf8pwxiESATfNN39GaST +yym9b+WD7NdqF5kCAjBj5xFNwvC3UFDRIMGf2Ceo/d2hV8SazeT/kzbkMqdZUSR7 +8xf/SS22gtqh+b/cNSk= +-----END CERTIFICATE----- + + + +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDAWd4gq0fjrX6niP1sy +BWNPL4IH/XsTCC6H7YzbUq3G6/m5B67/P6TLidyEjKAdx1WhZANiAASwemJDEItL +rj4TyxCzjIVNu3TfYbsrCgj7FeKFCQXuj/RlQ0v+7zxYrAYR6OTU63zj3UHgJPcZ +B+5I/WmWdB768rkVQchwZFN9cApG8P7xY3PMvLzgaA3pglLzGVOkE80= +-----END PRIVATE KEY----- + + + +# +# 2048 bit OpenVPN static key +# +-----BEGIN OpenVPN Static key V1----- +e2c3228e2b7b2e06ea31c36d88f0b025 +a43272d29c5e75ce0e0d848a22455f7f +2fbbe2913630194ca637d987b9c9a62d +4e68ce4cb9cc00a13475e749fdbf98c9 +cae6c8c4ef8e5b8bbf6d0cd30c217625 +382064df6f2fba84d572f0b462530549 +462ef72ebdf83b41bb1c25467d516938 +b9b82d3a5a6ba072c5ca7c1ed54500f1 +932f175f377cbf6a9250690eb36cf05b +8d04c22756cb43d787d5c6efbbe78732 +02cdc11cf66cef8ccf0842f6f3de425a +e0c1f29111e7aaf091b97b3958a35066 +94ba9f615b622339e6151314c6ea6014 +518c7ea5e064965985afab9a4bbba63e +80fb88e0ab45db4f734c1650dcd01810 +c201d2efe838b414674643ce2d05fdab +-----END OpenVPN Static key V1----- + diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/qqcs.conf b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/qqcs.conf new file mode 100644 index 0000000..464334c --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/qqcs.conf @@ -0,0 +1,236 @@ +############################################## +# Sample client-side OpenVPN 2.0 config file # +# for connecting to multi-client server. # +# # +# This configuration can be used by multiple # +# clients, however each client should have # +# its own cert and key files. # +# # +# On Windows, you might want to rename this # +# file so it has a .ovpn extension # +############################################## + +# Specify that we are a client and that we +# will be pulling certain config file directives +# from the server. +client + +# Use the same setting as you are using on +# the server. +# On most systems, the VPN will not function +# unless you partially or fully disable +# the firewall for the TUN/TAP interface. +;dev tap +dev tun + +# Windows needs the TAP-Win32 adapter name +# from the Network Connections panel +# if you have more than one. On XP SP2, +# you may need to disable the firewall +# for the TAP adapter. +;dev-node MyTap + +# Are we connecting to a TCP or +# UDP server? Use the same setting as +# on the server. +;proto tcp +proto udp + +# The hostname/IP and port of the server. +# You can have multiple remote entries +# to load balance between the servers. +remote vpn.userrendszerhaz.hu 1194 + +# Choose a random host from the remote +# list for load-balancing. Otherwise +# try hosts in the order specified. +;remote-random + +# Keep trying indefinitely to resolve the +# host name of the OpenVPN server. Very useful +# on machines which are not permanently connected +# to the internet such as laptops. +resolv-retry infinite + +# Most clients don't need to bind to +# a specific local port number. +nobind + +# Downgrade privileges after initialization (non-Windows only) +user nobody +group nobody + +# Try to preserve some state across restarts. +persist-key +persist-tun + +# If you are connecting through an +# HTTP proxy to reach the actual OpenVPN +# server, put the proxy server/IP and +# port number here. See the man page +# if your proxy server requires +# authentication. +;http-proxy-retry # retry on connection failures +;http-proxy [proxy server] [proxy port #] + +# Wireless networks often produce a lot +# of duplicate packets. Set this flag +# to silence duplicate packet warnings. +;mute-replay-warnings + +# SSL/TLS parms. +# See the server config file for more +# description. It's best to use +# a separate .crt/.key file pair +# for each client. A single ca +# file can be used for all clients. +;ca ca.crt +;cert client.crt +;key client.key + +# Verify server certificate by checking that the +# certicate has the correct key usage set. +# This is an important precaution to protect against +# a potential attack discussed here: +# http://openvpn.net/howto.html#mitm +# +# To use this feature, you will need to generate +# your server certificates with the keyUsage set to +# digitalSignature, keyEncipherment +# and the extendedKeyUsage to +# serverAuth +# EasyRSA can do this for you. +remote-cert-tls server + +# If a tls-auth key is used on the server +# then every client must also have the key. +;tls-auth ta.key 1 +key-direction 1 + +# Select a cryptographic cipher. +# If the cipher option is used on the server +# then you must also specify it here. +# Note that v2.4 client/server will automatically +# negotiate AES-256-GCM in TLS mode. +# See also the ncp-cipher option in the manpage +cipher AES-256-CBC + +# Enable compression on the VPN link. +# Don't enable this unless it is also +# enabled in the server config file. +#comp-lzo + +# Set log file verbosity. +verb 3 + +# Silence repeating messages +;mute 20 + + +-----BEGIN CERTIFICATE----- +MIIB4zCCAWmgAwIBAgIJANzVB7ZWgM/zMAoGCCqGSM49BAMCMBUxEzARBgNVBAMM +Ck9wZW5WUE4gQ0EwHhcNMTcxMDE5MDkyNjQ5WhcNMjcxMDE3MDkyNjQ5WjAVMRMw +EQYDVQQDDApPcGVuVlBOIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEZlRYMkM/ +C1BWwdhulSHhjowAkCXaAN8OUprngryT/qA/0Am+LYQmWdwNdef4ElhSTW4xaKQZ +q4d36p1ygnf3lEKRQSkg2u/5mrTCBw1DEZOgg8CS1z4wTlttYqlido0Jo4GEMIGB +MB0GA1UdDgQWBBQ0+FxfsE+24u9DitmrWHTQVshLzzBFBgNVHSMEPjA8gBQ0+Fxf +sE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJANzV +B7ZWgM/zMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqGSM49BAMCA2gA +MGUCMQCzheSmsBg4AbeGKqnuJ9P/uvgQOZcsgxls63EDhpirHcL/eJFGwpF2xj1p +9AnWZfwCMGO/71WFApKPRJo6rFfpbqt3UG/ht2TKE59f2kXNlhW2DS0Vg4FnFRVa ++ARBv6orZw== +-----END CERTIFICATE----- + + + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 13289 (0x33e9) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=OpenVPN CA + Validity + Not Before: Oct 19 09:34:00 2017 GMT + Not After : Oct 17 09:34:00 2027 GMT + Subject: CN=qqcs + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:9a:b6:99:d8:c9:2c:92:54:2a:9c:58:a3:1a:87: + 7c:d3:90:4b:31:09:71:9a:65:6f:9e:04:8f:52:dc: + 13:23:0f:d0:43:6f:6f:cd:87:1b:f6:43:e1:b8:45: + e2:c2:21:e2:c1:ca:13:f8:5c:d4:7c:44:c4:8e:d2: + d8:d4:c2:5e:76:89:93:1b:74:37:88:2e:c3:1e:3e: + 80:b2:d0:2f:62:44:a6:cb:73:20:67:94:ed:b1:0a: + 64:40:71:64:22:f8:6a + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + AA:02:0F:AC:73:99:75:38:B2:AA:0C:93:26:26:1C:16:CB:8E:0F:C6 + X509v3 Authority Key Identifier: + keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF + DirName:/CN=OpenVPN CA + serial:DC:D5:07:B6:56:80:CF:F3 + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:30:21:83:0b:d3:2f:23:d3:94:5b:ec:f8:39:ab:eb: + 8c:2b:d3:2d:d3:8c:02:91:c9:aa:27:43:94:2f:0b:4c:0a:3d: + d3:5e:4e:f7:ce:00:a6:64:27:50:59:23:1c:ce:29:77:02:31: + 00:cf:63:11:48:62:02:45:7c:4a:e2:b8:41:3a:28:9b:dc:24: + c1:6e:04:19:fb:a5:0f:c0:46:85:ec:9c:c7:09:b2:c5:ca:a3: + 2c:51:73:f1:8f:e0:83:3d:9e:61:a2:a1:30 +-----BEGIN CERTIFICATE----- +MIIB6DCCAW6gAwIBAgICM+kwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ +TiBDQTAeFw0xNzEwMTkwOTM0MDBaFw0yNzEwMTcwOTM0MDBaMA8xDTALBgNVBAMM +BHFxY3MwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASatpnYySySVCqcWKMah3zTkEsx +CXGaZW+eBI9S3BMjD9BDb2/Nhxv2Q+G4ReLCIeLByhP4XNR8RMSO0tjUwl52iZMb +dDeILsMePoCy0C9iRKbLcyBnlO2xCmRAcWQi+GqjgZYwgZMwCQYDVR0TBAIwADAd +BgNVHQ4EFgQUqgIPrHOZdTiyqgyTJiYcFsuOD8YwRQYDVR0jBD4wPIAUNPhcX7BP +tuLvQ4rZq1h00FbIS8+hGaQXMBUxEzARBgNVBAMMCk9wZW5WUE4gQ0GCCQDc1Qe2 +VoDP8zATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZIzj0E +AwIDaAAwZQIwIYML0y8j05Rb7Pg5q+uMK9Mt04wCkcmqJ0OULwtMCj3TXk73zgCm +ZCdQWSMczil3AjEAz2MRSGICRXxK4rhBOiib3CTBbgQZ+6UPwEaF7JzHCbLFyqMs +UXPxj+CDPZ5hoqEw +-----END CERTIFICATE----- + + + +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDCPSKMchbxya5tE3BvA +aVwiGkpkGTYbBvB/2JSNYCyY9NlPJE740SiHT4k2722T6cihZANiAASatpnYySyS +VCqcWKMah3zTkEsxCXGaZW+eBI9S3BMjD9BDb2/Nhxv2Q+G4ReLCIeLByhP4XNR8 +RMSO0tjUwl52iZMbdDeILsMePoCy0C9iRKbLcyBnlO2xCmRAcWQi+Go= +-----END PRIVATE KEY----- + + + +# +# 2048 bit OpenVPN static key +# +-----BEGIN OpenVPN Static key V1----- +e2c3228e2b7b2e06ea31c36d88f0b025 +a43272d29c5e75ce0e0d848a22455f7f +2fbbe2913630194ca637d987b9c9a62d +4e68ce4cb9cc00a13475e749fdbf98c9 +cae6c8c4ef8e5b8bbf6d0cd30c217625 +382064df6f2fba84d572f0b462530549 +462ef72ebdf83b41bb1c25467d516938 +b9b82d3a5a6ba072c5ca7c1ed54500f1 +932f175f377cbf6a9250690eb36cf05b +8d04c22756cb43d787d5c6efbbe78732 +02cdc11cf66cef8ccf0842f6f3de425a +e0c1f29111e7aaf091b97b3958a35066 +94ba9f615b622339e6151314c6ea6014 +518c7ea5e064965985afab9a4bbba63e +80fb88e0ab45db4f734c1650dcd01810 +c201d2efe838b414674643ce2d05fdab +-----END OpenVPN Static key V1----- + diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/rrendek.conf b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/rrendek.conf new file mode 100644 index 0000000..96f4505 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/rrendek.conf @@ -0,0 +1,236 @@ +############################################## +# Sample client-side OpenVPN 2.0 config file # +# for connecting to multi-client server. # +# # +# This configuration can be used by multiple # +# clients, however each client should have # +# its own cert and key files. # +# # +# On Windows, you might want to rename this # +# file so it has a .ovpn extension # +############################################## + +# Specify that we are a client and that we +# will be pulling certain config file directives +# from the server. +client + +# Use the same setting as you are using on +# the server. +# On most systems, the VPN will not function +# unless you partially or fully disable +# the firewall for the TUN/TAP interface. +;dev tap +dev tun + +# Windows needs the TAP-Win32 adapter name +# from the Network Connections panel +# if you have more than one. On XP SP2, +# you may need to disable the firewall +# for the TAP adapter. +;dev-node MyTap + +# Are we connecting to a TCP or +# UDP server? Use the same setting as +# on the server. +;proto tcp +proto udp + +# The hostname/IP and port of the server. +# You can have multiple remote entries +# to load balance between the servers. +remote vpn.userrendszerhaz.hu 1194 + +# Choose a random host from the remote +# list for load-balancing. Otherwise +# try hosts in the order specified. +;remote-random + +# Keep trying indefinitely to resolve the +# host name of the OpenVPN server. Very useful +# on machines which are not permanently connected +# to the internet such as laptops. +resolv-retry infinite + +# Most clients don't need to bind to +# a specific local port number. +nobind + +# Downgrade privileges after initialization (non-Windows only) +user nobody +group nobody + +# Try to preserve some state across restarts. +persist-key +persist-tun + +# If you are connecting through an +# HTTP proxy to reach the actual OpenVPN +# server, put the proxy server/IP and +# port number here. See the man page +# if your proxy server requires +# authentication. +;http-proxy-retry # retry on connection failures +;http-proxy [proxy server] [proxy port #] + +# Wireless networks often produce a lot +# of duplicate packets. Set this flag +# to silence duplicate packet warnings. +;mute-replay-warnings + +# SSL/TLS parms. +# See the server config file for more +# description. It's best to use +# a separate .crt/.key file pair +# for each client. A single ca +# file can be used for all clients. +;ca ca.crt +;cert client.crt +;key client.key + +# Verify server certificate by checking that the +# certicate has the correct key usage set. +# This is an important precaution to protect against +# a potential attack discussed here: +# http://openvpn.net/howto.html#mitm +# +# To use this feature, you will need to generate +# your server certificates with the keyUsage set to +# digitalSignature, keyEncipherment +# and the extendedKeyUsage to +# serverAuth +# EasyRSA can do this for you. +remote-cert-tls server + +# If a tls-auth key is used on the server +# then every client must also have the key. +;tls-auth ta.key 1 +key-direction 1 + +# Select a cryptographic cipher. +# If the cipher option is used on the server +# then you must also specify it here. +# Note that v2.4 client/server will automatically +# negotiate AES-256-GCM in TLS mode. +# See also the ncp-cipher option in the manpage +cipher AES-256-CBC + +# Enable compression on the VPN link. +# Don't enable this unless it is also +# enabled in the server config file. +#comp-lzo + +# Set log file verbosity. +verb 3 + +# Silence repeating messages +;mute 20 + + +-----BEGIN CERTIFICATE----- +MIIB4zCCAWmgAwIBAgIJANzVB7ZWgM/zMAoGCCqGSM49BAMCMBUxEzARBgNVBAMM +Ck9wZW5WUE4gQ0EwHhcNMTcxMDE5MDkyNjQ5WhcNMjcxMDE3MDkyNjQ5WjAVMRMw +EQYDVQQDDApPcGVuVlBOIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEZlRYMkM/ +C1BWwdhulSHhjowAkCXaAN8OUprngryT/qA/0Am+LYQmWdwNdef4ElhSTW4xaKQZ +q4d36p1ygnf3lEKRQSkg2u/5mrTCBw1DEZOgg8CS1z4wTlttYqlido0Jo4GEMIGB +MB0GA1UdDgQWBBQ0+FxfsE+24u9DitmrWHTQVshLzzBFBgNVHSMEPjA8gBQ0+Fxf +sE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJANzV +B7ZWgM/zMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqGSM49BAMCA2gA +MGUCMQCzheSmsBg4AbeGKqnuJ9P/uvgQOZcsgxls63EDhpirHcL/eJFGwpF2xj1p +9AnWZfwCMGO/71WFApKPRJo6rFfpbqt3UG/ht2TKE59f2kXNlhW2DS0Vg4FnFRVa ++ARBv6orZw== +-----END CERTIFICATE----- + + + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 12392 (0x3068) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=OpenVPN CA + Validity + Not Before: Oct 19 09:33:27 2017 GMT + Not After : Oct 17 09:33:27 2027 GMT + Subject: CN=rrendek + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:93:14:3f:24:4e:45:1b:b9:99:2d:3f:dd:de:34: + ef:fe:d2:92:04:02:a7:15:a2:13:70:63:c3:2d:7c: + c9:4c:e1:b9:3d:16:da:4b:82:ab:f4:f8:12:fb:97: + 67:f9:5c:ed:a8:9f:59:a6:8f:95:07:60:51:ae:d1: + 31:a2:f3:7b:84:8e:22:12:cf:15:9d:f2:28:79:6f: + ae:81:7a:4f:8d:17:c8:51:40:5d:00:8a:be:d7:bc: + 89:9c:5c:6a:74:26:bd + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + DC:B3:A4:15:7A:8C:D4:35:51:97:3C:CE:EB:AE:04:F3:16:6E:06:EC + X509v3 Authority Key Identifier: + keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF + DirName:/CN=OpenVPN CA + serial:DC:D5:07:B6:56:80:CF:F3 + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:30:51:85:3f:d2:fb:cb:3c:b2:23:38:67:74:21:57: + d1:ce:30:98:ce:74:ba:25:bc:1d:4c:78:a8:9a:b3:9d:65:e4: + bb:f3:18:11:3d:78:3f:cb:0e:4e:84:10:d1:e3:36:fb:02:31: + 00:ac:47:55:f0:2e:4f:8d:04:10:f0:d7:ef:e6:20:49:50:37: + d9:8d:48:0a:4c:74:3a:ad:94:31:34:fc:b2:d8:ad:80:49:50: + fa:a7:97:6c:9c:e2:28:2c:9e:1f:14:50:22 +-----BEGIN CERTIFICATE----- +MIIB6zCCAXGgAwIBAgICMGgwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ +TiBDQTAeFw0xNzEwMTkwOTMzMjdaFw0yNzEwMTcwOTMzMjdaMBIxEDAOBgNVBAMM +B3JyZW5kZWswdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASTFD8kTkUbuZktP93eNO/+ +0pIEAqcVohNwY8MtfMlM4bk9FtpLgqv0+BL7l2f5XO2on1mmj5UHYFGu0TGi83uE +jiISzxWd8ih5b66Bek+NF8hRQF0Air7XvImcXGp0Jr2jgZYwgZMwCQYDVR0TBAIw +ADAdBgNVHQ4EFgQU3LOkFXqM1DVRlzzO664E8xZuBuwwRQYDVR0jBD4wPIAUNPhc +X7BPtuLvQ4rZq1h00FbIS8+hGaQXMBUxEzARBgNVBAMMCk9wZW5WUE4gQ0GCCQDc +1Qe2VoDP8zATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZI +zj0EAwIDaAAwZQIwUYU/0vvLPLIjOGd0IVfRzjCYznS6JbwdTHiomrOdZeS78xgR +PXg/yw5OhBDR4zb7AjEArEdV8C5PjQQQ8Nfv5iBJUDfZjUgKTHQ6rZQxNPyy2K2A +SVD6p5dsnOIoLJ4fFFAi +-----END CERTIFICATE----- + + + +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBtLhYsFhfQiSZ3tsoP +Ohxtg8tjRVo5xuNdtovcs9sM6JdHVgNTppG2MHE9br37y6yhZANiAASTFD8kTkUb +uZktP93eNO/+0pIEAqcVohNwY8MtfMlM4bk9FtpLgqv0+BL7l2f5XO2on1mmj5UH +YFGu0TGi83uEjiISzxWd8ih5b66Bek+NF8hRQF0Air7XvImcXGp0Jr0= +-----END PRIVATE KEY----- + + + +# +# 2048 bit OpenVPN static key +# +-----BEGIN OpenVPN Static key V1----- +e2c3228e2b7b2e06ea31c36d88f0b025 +a43272d29c5e75ce0e0d848a22455f7f +2fbbe2913630194ca637d987b9c9a62d +4e68ce4cb9cc00a13475e749fdbf98c9 +cae6c8c4ef8e5b8bbf6d0cd30c217625 +382064df6f2fba84d572f0b462530549 +462ef72ebdf83b41bb1c25467d516938 +b9b82d3a5a6ba072c5ca7c1ed54500f1 +932f175f377cbf6a9250690eb36cf05b +8d04c22756cb43d787d5c6efbbe78732 +02cdc11cf66cef8ccf0842f6f3de425a +e0c1f29111e7aaf091b97b3958a35066 +94ba9f615b622339e6151314c6ea6014 +518c7ea5e064965985afab9a4bbba63e +80fb88e0ab45db4f734c1650dcd01810 +c201d2efe838b414674643ce2d05fdab +-----END OpenVPN Static key V1----- + diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/rtoth.conf b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/rtoth.conf new file mode 100644 index 0000000..70db8bb --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/rtoth.conf @@ -0,0 +1,236 @@ +############################################## +# Sample client-side OpenVPN 2.0 config file # +# for connecting to multi-client server. # +# # +# This configuration can be used by multiple # +# clients, however each client should have # +# its own cert and key files. # +# # +# On Windows, you might want to rename this # +# file so it has a .ovpn extension # +############################################## + +# Specify that we are a client and that we +# will be pulling certain config file directives +# from the server. +client + +# Use the same setting as you are using on +# the server. +# On most systems, the VPN will not function +# unless you partially or fully disable +# the firewall for the TUN/TAP interface. +;dev tap +dev tun + +# Windows needs the TAP-Win32 adapter name +# from the Network Connections panel +# if you have more than one. On XP SP2, +# you may need to disable the firewall +# for the TAP adapter. +;dev-node MyTap + +# Are we connecting to a TCP or +# UDP server? Use the same setting as +# on the server. +;proto tcp +proto udp + +# The hostname/IP and port of the server. +# You can have multiple remote entries +# to load balance between the servers. +remote vpn.userrendszerhaz.hu 1194 + +# Choose a random host from the remote +# list for load-balancing. Otherwise +# try hosts in the order specified. +;remote-random + +# Keep trying indefinitely to resolve the +# host name of the OpenVPN server. Very useful +# on machines which are not permanently connected +# to the internet such as laptops. +resolv-retry infinite + +# Most clients don't need to bind to +# a specific local port number. +nobind + +# Downgrade privileges after initialization (non-Windows only) +user nobody +group nobody + +# Try to preserve some state across restarts. +persist-key +persist-tun + +# If you are connecting through an +# HTTP proxy to reach the actual OpenVPN +# server, put the proxy server/IP and +# port number here. See the man page +# if your proxy server requires +# authentication. +;http-proxy-retry # retry on connection failures +;http-proxy [proxy server] [proxy port #] + +# Wireless networks often produce a lot +# of duplicate packets. Set this flag +# to silence duplicate packet warnings. +;mute-replay-warnings + +# SSL/TLS parms. +# See the server config file for more +# description. It's best to use +# a separate .crt/.key file pair +# for each client. A single ca +# file can be used for all clients. +;ca ca.crt +;cert client.crt +;key client.key + +# Verify server certificate by checking that the +# certicate has the correct key usage set. +# This is an important precaution to protect against +# a potential attack discussed here: +# http://openvpn.net/howto.html#mitm +# +# To use this feature, you will need to generate +# your server certificates with the keyUsage set to +# digitalSignature, keyEncipherment +# and the extendedKeyUsage to +# serverAuth +# EasyRSA can do this for you. +remote-cert-tls server + +# If a tls-auth key is used on the server +# then every client must also have the key. +;tls-auth ta.key 1 +key-direction 1 + +# Select a cryptographic cipher. +# If the cipher option is used on the server +# then you must also specify it here. +# Note that v2.4 client/server will automatically +# negotiate AES-256-GCM in TLS mode. +# See also the ncp-cipher option in the manpage +cipher AES-256-CBC + +# Enable compression on the VPN link. +# Don't enable this unless it is also +# enabled in the server config file. +#comp-lzo + +# Set log file verbosity. +verb 3 + +# Silence repeating messages +;mute 20 + + +-----BEGIN CERTIFICATE----- +MIIB4zCCAWmgAwIBAgIJANzVB7ZWgM/zMAoGCCqGSM49BAMCMBUxEzARBgNVBAMM +Ck9wZW5WUE4gQ0EwHhcNMTcxMDE5MDkyNjQ5WhcNMjcxMDE3MDkyNjQ5WjAVMRMw +EQYDVQQDDApPcGVuVlBOIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEZlRYMkM/ +C1BWwdhulSHhjowAkCXaAN8OUprngryT/qA/0Am+LYQmWdwNdef4ElhSTW4xaKQZ +q4d36p1ygnf3lEKRQSkg2u/5mrTCBw1DEZOgg8CS1z4wTlttYqlido0Jo4GEMIGB +MB0GA1UdDgQWBBQ0+FxfsE+24u9DitmrWHTQVshLzzBFBgNVHSMEPjA8gBQ0+Fxf +sE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJANzV +B7ZWgM/zMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqGSM49BAMCA2gA +MGUCMQCzheSmsBg4AbeGKqnuJ9P/uvgQOZcsgxls63EDhpirHcL/eJFGwpF2xj1p +9AnWZfwCMGO/71WFApKPRJo6rFfpbqt3UG/ht2TKE59f2kXNlhW2DS0Vg4FnFRVa ++ARBv6orZw== +-----END CERTIFICATE----- + + + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 12884 (0x3254) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=OpenVPN CA + Validity + Not Before: Oct 19 09:34:10 2017 GMT + Not After : Oct 17 09:34:10 2027 GMT + Subject: CN=rtoth + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:7a:7e:21:3f:34:e9:74:19:bb:bf:7e:9e:2b:c4: + 62:fd:ad:9f:ed:82:83:00:5d:39:53:14:81:44:0f: + 2b:bc:a8:6e:e3:10:00:fd:78:85:d2:76:12:bd:8a: + 3d:0d:8c:45:cc:ef:d2:2e:17:b0:d6:0a:68:c9:7a: + 12:f5:b4:df:44:11:27:da:22:4b:44:8c:4f:d9:d3: + 7c:be:ee:76:a1:5b:4b:ae:cd:fe:40:d1:43:9a:3b: + fd:9a:13:c6:68:b0:38 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 86:F1:74:B7:CD:8B:58:F7:D8:BD:31:75:B5:3F:EE:E1:6A:BB:99:0C + X509v3 Authority Key Identifier: + keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF + DirName:/CN=OpenVPN CA + serial:DC:D5:07:B6:56:80:CF:F3 + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:31:00:b9:da:3e:da:46:23:d5:66:a0:0e:c9:e1:cd: + 09:66:11:30:47:4f:e8:d7:5e:1e:6b:7e:4a:ba:01:d9:2b:8d: + d7:0c:9d:b1:53:a9:90:89:71:4b:18:ea:84:76:26:c1:e4:02: + 30:76:0f:ab:a2:75:cc:8d:b0:5a:b9:b6:1a:32:50:2e:aa:d2: + 3e:fb:be:da:35:e1:d0:17:95:49:fd:b5:63:c6:e8:b6:b9:3c: + 53:6d:b6:4d:ad:00:27:7f:a5:60:f9:1e:db +-----BEGIN CERTIFICATE----- +MIIB6TCCAW+gAwIBAgICMlQwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ +TiBDQTAeFw0xNzEwMTkwOTM0MTBaFw0yNzEwMTcwOTM0MTBaMBAxDjAMBgNVBAMM +BXJ0b3RoMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEen4hPzTpdBm7v36eK8Ri/a2f +7YKDAF05UxSBRA8rvKhu4xAA/XiF0nYSvYo9DYxFzO/SLhew1gpoyXoS9bTfRBEn +2iJLRIxP2dN8vu52oVtLrs3+QNFDmjv9mhPGaLA4o4GWMIGTMAkGA1UdEwQCMAAw +HQYDVR0OBBYEFIbxdLfNi1j32L0xdbU/7uFqu5kMMEUGA1UdIwQ+MDyAFDT4XF+w +T7bi70OK2atYdNBWyEvPoRmkFzAVMRMwEQYDVQQDDApPcGVuVlBOIENBggkA3NUH +tlaAz/MwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqGSM49 +BAMCA2gAMGUCMQC52j7aRiPVZqAOyeHNCWYRMEdP6NdeHmt+SroB2SuN1wydsVOp +kIlxSxjqhHYmweQCMHYPq6J1zI2wWrm2GjJQLqrSPvu+2jXh0BeVSf21Y8botrk8 +U222Ta0AJ3+lYPke2w== +-----END CERTIFICATE----- + + + +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDYZtocWg502oc7z6yZ +5prVXiJHzDxU5ujIdDzWicgPcPHSME2CwewAvXM07n5qXFmhZANiAAR6fiE/NOl0 +Gbu/fp4rxGL9rZ/tgoMAXTlTFIFEDyu8qG7jEAD9eIXSdhK9ij0NjEXM79IuF7DW +CmjJehL1tN9EESfaIktEjE/Z03y+7nahW0uuzf5A0UOaO/2aE8ZosDg= +-----END PRIVATE KEY----- + + + +# +# 2048 bit OpenVPN static key +# +-----BEGIN OpenVPN Static key V1----- +e2c3228e2b7b2e06ea31c36d88f0b025 +a43272d29c5e75ce0e0d848a22455f7f +2fbbe2913630194ca637d987b9c9a62d +4e68ce4cb9cc00a13475e749fdbf98c9 +cae6c8c4ef8e5b8bbf6d0cd30c217625 +382064df6f2fba84d572f0b462530549 +462ef72ebdf83b41bb1c25467d516938 +b9b82d3a5a6ba072c5ca7c1ed54500f1 +932f175f377cbf6a9250690eb36cf05b +8d04c22756cb43d787d5c6efbbe78732 +02cdc11cf66cef8ccf0842f6f3de425a +e0c1f29111e7aaf091b97b3958a35066 +94ba9f615b622339e6151314c6ea6014 +518c7ea5e064965985afab9a4bbba63e +80fb88e0ab45db4f734c1650dcd01810 +c201d2efe838b414674643ce2d05fdab +-----END OpenVPN Static key V1----- + diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/zbartakovics.conf b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/zbartakovics.conf new file mode 100644 index 0000000..250255d --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/zbartakovics.conf @@ -0,0 +1,236 @@ +############################################## +# Sample client-side OpenVPN 2.0 config file # +# for connecting to multi-client server. # +# # +# This configuration can be used by multiple # +# clients, however each client should have # +# its own cert and key files. # +# # +# On Windows, you might want to rename this # +# file so it has a .ovpn extension # +############################################## + +# Specify that we are a client and that we +# will be pulling certain config file directives +# from the server. +client + +# Use the same setting as you are using on +# the server. +# On most systems, the VPN will not function +# unless you partially or fully disable +# the firewall for the TUN/TAP interface. +;dev tap +dev tun + +# Windows needs the TAP-Win32 adapter name +# from the Network Connections panel +# if you have more than one. On XP SP2, +# you may need to disable the firewall +# for the TAP adapter. +;dev-node MyTap + +# Are we connecting to a TCP or +# UDP server? Use the same setting as +# on the server. +;proto tcp +proto udp + +# The hostname/IP and port of the server. +# You can have multiple remote entries +# to load balance between the servers. +remote vpn.userrendszerhaz.hu 1194 + +# Choose a random host from the remote +# list for load-balancing. Otherwise +# try hosts in the order specified. +;remote-random + +# Keep trying indefinitely to resolve the +# host name of the OpenVPN server. Very useful +# on machines which are not permanently connected +# to the internet such as laptops. +resolv-retry infinite + +# Most clients don't need to bind to +# a specific local port number. +nobind + +# Downgrade privileges after initialization (non-Windows only) +user nobody +group nobody + +# Try to preserve some state across restarts. +persist-key +persist-tun + +# If you are connecting through an +# HTTP proxy to reach the actual OpenVPN +# server, put the proxy server/IP and +# port number here. See the man page +# if your proxy server requires +# authentication. +;http-proxy-retry # retry on connection failures +;http-proxy [proxy server] [proxy port #] + +# Wireless networks often produce a lot +# of duplicate packets. Set this flag +# to silence duplicate packet warnings. +;mute-replay-warnings + +# SSL/TLS parms. +# See the server config file for more +# description. It's best to use +# a separate .crt/.key file pair +# for each client. A single ca +# file can be used for all clients. +;ca ca.crt +;cert client.crt +;key client.key + +# Verify server certificate by checking that the +# certicate has the correct key usage set. +# This is an important precaution to protect against +# a potential attack discussed here: +# http://openvpn.net/howto.html#mitm +# +# To use this feature, you will need to generate +# your server certificates with the keyUsage set to +# digitalSignature, keyEncipherment +# and the extendedKeyUsage to +# serverAuth +# EasyRSA can do this for you. +remote-cert-tls server + +# If a tls-auth key is used on the server +# then every client must also have the key. +;tls-auth ta.key 1 +key-direction 1 + +# Select a cryptographic cipher. +# If the cipher option is used on the server +# then you must also specify it here. +# Note that v2.4 client/server will automatically +# negotiate AES-256-GCM in TLS mode. +# See also the ncp-cipher option in the manpage +cipher AES-256-CBC + +# Enable compression on the VPN link. +# Don't enable this unless it is also +# enabled in the server config file. +#comp-lzo + +# Set log file verbosity. +verb 3 + +# Silence repeating messages +;mute 20 + + +-----BEGIN CERTIFICATE----- +MIIB4zCCAWmgAwIBAgIJANzVB7ZWgM/zMAoGCCqGSM49BAMCMBUxEzARBgNVBAMM +Ck9wZW5WUE4gQ0EwHhcNMTcxMDE5MDkyNjQ5WhcNMjcxMDE3MDkyNjQ5WjAVMRMw +EQYDVQQDDApPcGVuVlBOIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEZlRYMkM/ +C1BWwdhulSHhjowAkCXaAN8OUprngryT/qA/0Am+LYQmWdwNdef4ElhSTW4xaKQZ +q4d36p1ygnf3lEKRQSkg2u/5mrTCBw1DEZOgg8CS1z4wTlttYqlido0Jo4GEMIGB +MB0GA1UdDgQWBBQ0+FxfsE+24u9DitmrWHTQVshLzzBFBgNVHSMEPjA8gBQ0+Fxf +sE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJANzV +B7ZWgM/zMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqGSM49BAMCA2gA +MGUCMQCzheSmsBg4AbeGKqnuJ9P/uvgQOZcsgxls63EDhpirHcL/eJFGwpF2xj1p +9AnWZfwCMGO/71WFApKPRJo6rFfpbqt3UG/ht2TKE59f2kXNlhW2DS0Vg4FnFRVa ++ARBv6orZw== +-----END CERTIFICATE----- + + + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 14004 (0x36b4) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=OpenVPN CA + Validity + Not Before: Jan 30 10:47:27 2018 GMT + Not After : Jan 28 10:47:27 2028 GMT + Subject: CN=zbartakovics + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:8e:37:8a:ac:33:b1:25:3b:48:63:b1:8b:49:68: + d3:a2:56:b7:b6:6b:0e:de:ed:9f:7e:0e:c9:8c:8d: + 1f:37:81:de:99:1c:ee:d8:74:ac:e0:73:cb:93:bd: + c6:6f:32:a2:30:ae:d6:87:93:59:0d:b3:09:67:ba: + fc:4b:43:54:ac:d2:86:2c:4a:08:91:08:d5:ef:17: + 4e:b4:65:c3:69:55:3f:65:b5:18:59:31:e8:17:21: + 04:eb:af:11:e3:b0:56 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 99:1D:BF:07:30:49:FC:A7:A7:2C:A2:3C:DD:C4:C8:4C:7A:BF:97:8E + X509v3 Authority Key Identifier: + keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF + DirName:/CN=OpenVPN CA + serial:DC:D5:07:B6:56:80:CF:F3 + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:30:15:70:82:b0:56:64:69:39:d9:05:44:4c:8a:59: + 9f:2f:33:80:19:91:92:de:cb:8b:00:92:0c:0d:7c:0a:43:ec: + bd:b3:dc:ca:d8:3b:ca:d1:b1:39:83:25:2f:00:0b:f8:02:31: + 00:92:db:1d:38:d9:e2:7d:c2:43:8e:c1:7b:45:f3:e5:c0:aa: + d2:d9:f7:be:28:d9:c1:b3:40:04:7d:6f:86:2f:ab:bb:4b:6d: + 3e:ec:af:e2:27:b0:95:ce:2b:fc:0b:1f:b8 +-----BEGIN CERTIFICATE----- +MIIB8DCCAXagAwIBAgICNrQwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ +TiBDQTAeFw0xODAxMzAxMDQ3MjdaFw0yODAxMjgxMDQ3MjdaMBcxFTATBgNVBAMM +DHpiYXJ0YWtvdmljczB2MBAGByqGSM49AgEGBSuBBAAiA2IABI43iqwzsSU7SGOx +i0lo06JWt7ZrDt7tn34OyYyNHzeB3pkc7th0rOBzy5O9xm8yojCu1oeTWQ2zCWe6 +/EtDVKzShixKCJEI1e8XTrRlw2lVP2W1GFkx6BchBOuvEeOwVqOBljCBkzAJBgNV +HRMEAjAAMB0GA1UdDgQWBBSZHb8HMEn8p6csojzdxMhMer+XjjBFBgNVHSMEPjA8 +gBQ0+FxfsE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBD +QYIJANzVB7ZWgM/zMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAK +BggqhkjOPQQDAgNoADBlAjAVcIKwVmRpOdkFREyKWZ8vM4AZkZLey4sAkgwNfApD +7L2z3MrYO8rRsTmDJS8AC/gCMQCS2x042eJ9wkOOwXtF8+XAqtLZ974o2cGzQAR9 +b4Yvq7tLbT7sr+InsJXOK/wLH7g= +-----END CERTIFICATE----- + + + +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDjqbEAqwUzgWCosiqe +HcQFZ3ryCgJ+T91AnFv7rv/ZW6lkQ7tXJZ+F3ZHbMfEnsuShZANiAASON4qsM7El +O0hjsYtJaNOiVre2aw7e7Z9+DsmMjR83gd6ZHO7YdKzgc8uTvcZvMqIwrtaHk1kN +swlnuvxLQ1Ss0oYsSgiRCNXvF060ZcNpVT9ltRhZMegXIQTrrxHjsFY= +-----END PRIVATE KEY----- + + + +# +# 2048 bit OpenVPN static key +# +-----BEGIN OpenVPN Static key V1----- +e2c3228e2b7b2e06ea31c36d88f0b025 +a43272d29c5e75ce0e0d848a22455f7f +2fbbe2913630194ca637d987b9c9a62d +4e68ce4cb9cc00a13475e749fdbf98c9 +cae6c8c4ef8e5b8bbf6d0cd30c217625 +382064df6f2fba84d572f0b462530549 +462ef72ebdf83b41bb1c25467d516938 +b9b82d3a5a6ba072c5ca7c1ed54500f1 +932f175f377cbf6a9250690eb36cf05b +8d04c22756cb43d787d5c6efbbe78732 +02cdc11cf66cef8ccf0842f6f3de425a +e0c1f29111e7aaf091b97b3958a35066 +94ba9f615b622339e6151314c6ea6014 +518c7ea5e064965985afab9a4bbba63e +80fb88e0ab45db4f734c1650dcd01810 +c201d2efe838b414674643ce2d05fdab +-----END OpenVPN Static key V1----- + diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/zfelleg.conf b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/zfelleg.conf new file mode 100644 index 0000000..b7b7945 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/zfelleg.conf @@ -0,0 +1,236 @@ +############################################## +# Sample client-side OpenVPN 2.0 config file # +# for connecting to multi-client server. # +# # +# This configuration can be used by multiple # +# clients, however each client should have # +# its own cert and key files. # +# # +# On Windows, you might want to rename this # +# file so it has a .ovpn extension # +############################################## + +# Specify that we are a client and that we +# will be pulling certain config file directives +# from the server. +client + +# Use the same setting as you are using on +# the server. +# On most systems, the VPN will not function +# unless you partially or fully disable +# the firewall for the TUN/TAP interface. +;dev tap +dev tun + +# Windows needs the TAP-Win32 adapter name +# from the Network Connections panel +# if you have more than one. On XP SP2, +# you may need to disable the firewall +# for the TAP adapter. +;dev-node MyTap + +# Are we connecting to a TCP or +# UDP server? Use the same setting as +# on the server. +;proto tcp +proto udp + +# The hostname/IP and port of the server. +# You can have multiple remote entries +# to load balance between the servers. +remote vpn.userrendszerhaz.hu 1194 + +# Choose a random host from the remote +# list for load-balancing. Otherwise +# try hosts in the order specified. +;remote-random + +# Keep trying indefinitely to resolve the +# host name of the OpenVPN server. Very useful +# on machines which are not permanently connected +# to the internet such as laptops. +resolv-retry infinite + +# Most clients don't need to bind to +# a specific local port number. +nobind + +# Downgrade privileges after initialization (non-Windows only) +user nobody +group nobody + +# Try to preserve some state across restarts. +persist-key +persist-tun + +# If you are connecting through an +# HTTP proxy to reach the actual OpenVPN +# server, put the proxy server/IP and +# port number here. See the man page +# if your proxy server requires +# authentication. +;http-proxy-retry # retry on connection failures +;http-proxy [proxy server] [proxy port #] + +# Wireless networks often produce a lot +# of duplicate packets. Set this flag +# to silence duplicate packet warnings. +;mute-replay-warnings + +# SSL/TLS parms. +# See the server config file for more +# description. It's best to use +# a separate .crt/.key file pair +# for each client. A single ca +# file can be used for all clients. +;ca ca.crt +;cert client.crt +;key client.key + +# Verify server certificate by checking that the +# certicate has the correct key usage set. +# This is an important precaution to protect against +# a potential attack discussed here: +# http://openvpn.net/howto.html#mitm +# +# To use this feature, you will need to generate +# your server certificates with the keyUsage set to +# digitalSignature, keyEncipherment +# and the extendedKeyUsage to +# serverAuth +# EasyRSA can do this for you. +remote-cert-tls server + +# If a tls-auth key is used on the server +# then every client must also have the key. +;tls-auth ta.key 1 +key-direction 1 + +# Select a cryptographic cipher. +# If the cipher option is used on the server +# then you must also specify it here. +# Note that v2.4 client/server will automatically +# negotiate AES-256-GCM in TLS mode. +# See also the ncp-cipher option in the manpage +cipher AES-256-CBC + +# Enable compression on the VPN link. +# Don't enable this unless it is also +# enabled in the server config file. +#comp-lzo + +# Set log file verbosity. +verb 3 + +# Silence repeating messages +;mute 20 + + +-----BEGIN CERTIFICATE----- +MIIB4zCCAWmgAwIBAgIJANzVB7ZWgM/zMAoGCCqGSM49BAMCMBUxEzARBgNVBAMM +Ck9wZW5WUE4gQ0EwHhcNMTcxMDE5MDkyNjQ5WhcNMjcxMDE3MDkyNjQ5WjAVMRMw +EQYDVQQDDApPcGVuVlBOIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEZlRYMkM/ +C1BWwdhulSHhjowAkCXaAN8OUprngryT/qA/0Am+LYQmWdwNdef4ElhSTW4xaKQZ +q4d36p1ygnf3lEKRQSkg2u/5mrTCBw1DEZOgg8CS1z4wTlttYqlido0Jo4GEMIGB +MB0GA1UdDgQWBBQ0+FxfsE+24u9DitmrWHTQVshLzzBFBgNVHSMEPjA8gBQ0+Fxf +sE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJANzV +B7ZWgM/zMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqGSM49BAMCA2gA +MGUCMQCzheSmsBg4AbeGKqnuJ9P/uvgQOZcsgxls63EDhpirHcL/eJFGwpF2xj1p +9AnWZfwCMGO/71WFApKPRJo6rFfpbqt3UG/ht2TKE59f2kXNlhW2DS0Vg4FnFRVa ++ARBv6orZw== +-----END CERTIFICATE----- + + + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 10257 (0x2811) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=OpenVPN CA + Validity + Not Before: Oct 19 09:33:38 2017 GMT + Not After : Oct 17 09:33:38 2027 GMT + Subject: CN=zfelleg + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:cf:d4:8f:88:15:a2:5f:1a:5d:2d:dd:51:2b:0d: + f1:6e:0b:4d:8b:81:67:ac:37:75:0b:1a:fa:fa:08: + 5b:4c:4a:d1:9b:63:df:b6:df:bd:dc:14:75:47:c3: + 77:6c:0e:f6:c1:7b:21:4b:5d:91:7e:93:7e:39:ac: + 07:69:86:15:9f:d8:b2:85:ee:2e:24:24:b7:e1:12: + 2a:d9:04:5b:f3:22:9e:2c:f3:3a:aa:3c:0d:de:28: + 13:8b:7a:b6:72:62:28 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 0E:89:B8:B3:3F:79:44:1B:2D:22:D5:67:BE:BB:FB:4B:F8:52:27:4B + X509v3 Authority Key Identifier: + keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF + DirName:/CN=OpenVPN CA + serial:DC:D5:07:B6:56:80:CF:F3 + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:31:00:ed:61:aa:ec:d9:b6:11:19:58:65:7f:57:3c: + 98:a8:dd:c0:db:3f:c2:43:a4:a6:21:34:98:21:f2:43:2f:81: + c6:a2:b1:f2:c9:eb:ea:37:6a:18:f9:81:ea:33:1a:6a:d4:02: + 30:48:a3:18:1a:4f:2e:8b:5e:67:e5:a9:f3:48:01:25:b9:73: + 0c:48:50:9f:0a:c1:9f:45:d3:e9:70:09:bd:18:38:17:66:0b: + f2:24:a2:77:0e:53:bf:67:be:36:9d:d7:9d +-----BEGIN CERTIFICATE----- +MIIB6zCCAXGgAwIBAgICKBEwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ +TiBDQTAeFw0xNzEwMTkwOTMzMzhaFw0yNzEwMTcwOTMzMzhaMBIxEDAOBgNVBAMM +B3pmZWxsZWcwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATP1I+IFaJfGl0t3VErDfFu +C02LgWesN3ULGvr6CFtMStGbY9+2373cFHVHw3dsDvbBeyFLXZF+k345rAdphhWf +2LKF7i4kJLfhEirZBFvzIp4s8zqqPA3eKBOLerZyYiijgZYwgZMwCQYDVR0TBAIw +ADAdBgNVHQ4EFgQUDom4sz95RBstItVnvrv7S/hSJ0swRQYDVR0jBD4wPIAUNPhc +X7BPtuLvQ4rZq1h00FbIS8+hGaQXMBUxEzARBgNVBAMMCk9wZW5WUE4gQ0GCCQDc +1Qe2VoDP8zATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZI +zj0EAwIDaAAwZQIxAO1hquzZthEZWGV/VzyYqN3A2z/CQ6SmITSYIfJDL4HGorHy +yevqN2oY+YHqMxpq1AIwSKMYGk8ui15n5anzSAEluXMMSFCfCsGfRdPpcAm9GDgX +ZgvyJKJ3DlO/Z742nded +-----END CERTIFICATE----- + + + +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDlCNDXEXfkpMfZ4qrW +tHKzpFEibWhvxc2cYDnXXb4SuZ999Xi1cZXp7McJ1lwntFWhZANiAATP1I+IFaJf +Gl0t3VErDfFuC02LgWesN3ULGvr6CFtMStGbY9+2373cFHVHw3dsDvbBeyFLXZF+ +k345rAdphhWf2LKF7i4kJLfhEirZBFvzIp4s8zqqPA3eKBOLerZyYig= +-----END PRIVATE KEY----- + + + +# +# 2048 bit OpenVPN static key +# +-----BEGIN OpenVPN Static key V1----- +e2c3228e2b7b2e06ea31c36d88f0b025 +a43272d29c5e75ce0e0d848a22455f7f +2fbbe2913630194ca637d987b9c9a62d +4e68ce4cb9cc00a13475e749fdbf98c9 +cae6c8c4ef8e5b8bbf6d0cd30c217625 +382064df6f2fba84d572f0b462530549 +462ef72ebdf83b41bb1c25467d516938 +b9b82d3a5a6ba072c5ca7c1ed54500f1 +932f175f377cbf6a9250690eb36cf05b +8d04c22756cb43d787d5c6efbbe78732 +02cdc11cf66cef8ccf0842f6f3de425a +e0c1f29111e7aaf091b97b3958a35066 +94ba9f615b622339e6151314c6ea6014 +518c7ea5e064965985afab9a4bbba63e +80fb88e0ab45db4f734c1650dcd01810 +c201d2efe838b414674643ce2d05fdab +-----END OpenVPN Static key V1----- + diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/zsnemes.conf b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/zsnemes.conf new file mode 100644 index 0000000..246da14 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/client-config/zsnemes.conf @@ -0,0 +1,236 @@ +############################################## +# Sample client-side OpenVPN 2.0 config file # +# for connecting to multi-client server. # +# # +# This configuration can be used by multiple # +# clients, however each client should have # +# its own cert and key files. # +# # +# On Windows, you might want to rename this # +# file so it has a .ovpn extension # +############################################## + +# Specify that we are a client and that we +# will be pulling certain config file directives +# from the server. +client + +# Use the same setting as you are using on +# the server. +# On most systems, the VPN will not function +# unless you partially or fully disable +# the firewall for the TUN/TAP interface. +;dev tap +dev tun + +# Windows needs the TAP-Win32 adapter name +# from the Network Connections panel +# if you have more than one. On XP SP2, +# you may need to disable the firewall +# for the TAP adapter. +;dev-node MyTap + +# Are we connecting to a TCP or +# UDP server? Use the same setting as +# on the server. +;proto tcp +proto udp + +# The hostname/IP and port of the server. +# You can have multiple remote entries +# to load balance between the servers. +remote vpn.userrendszerhaz.hu 1194 + +# Choose a random host from the remote +# list for load-balancing. Otherwise +# try hosts in the order specified. +;remote-random + +# Keep trying indefinitely to resolve the +# host name of the OpenVPN server. Very useful +# on machines which are not permanently connected +# to the internet such as laptops. +resolv-retry infinite + +# Most clients don't need to bind to +# a specific local port number. +nobind + +# Downgrade privileges after initialization (non-Windows only) +user nobody +group nobody + +# Try to preserve some state across restarts. +persist-key +persist-tun + +# If you are connecting through an +# HTTP proxy to reach the actual OpenVPN +# server, put the proxy server/IP and +# port number here. See the man page +# if your proxy server requires +# authentication. +;http-proxy-retry # retry on connection failures +;http-proxy [proxy server] [proxy port #] + +# Wireless networks often produce a lot +# of duplicate packets. Set this flag +# to silence duplicate packet warnings. +;mute-replay-warnings + +# SSL/TLS parms. +# See the server config file for more +# description. It's best to use +# a separate .crt/.key file pair +# for each client. A single ca +# file can be used for all clients. +;ca ca.crt +;cert client.crt +;key client.key + +# Verify server certificate by checking that the +# certicate has the correct key usage set. +# This is an important precaution to protect against +# a potential attack discussed here: +# http://openvpn.net/howto.html#mitm +# +# To use this feature, you will need to generate +# your server certificates with the keyUsage set to +# digitalSignature, keyEncipherment +# and the extendedKeyUsage to +# serverAuth +# EasyRSA can do this for you. +remote-cert-tls server + +# If a tls-auth key is used on the server +# then every client must also have the key. +;tls-auth ta.key 1 +key-direction 1 + +# Select a cryptographic cipher. +# If the cipher option is used on the server +# then you must also specify it here. +# Note that v2.4 client/server will automatically +# negotiate AES-256-GCM in TLS mode. +# See also the ncp-cipher option in the manpage +cipher AES-256-CBC + +# Enable compression on the VPN link. +# Don't enable this unless it is also +# enabled in the server config file. +#comp-lzo + +# Set log file verbosity. +verb 3 + +# Silence repeating messages +;mute 20 + + +-----BEGIN CERTIFICATE----- +MIIB4zCCAWmgAwIBAgIJANzVB7ZWgM/zMAoGCCqGSM49BAMCMBUxEzARBgNVBAMM +Ck9wZW5WUE4gQ0EwHhcNMTcxMDE5MDkyNjQ5WhcNMjcxMDE3MDkyNjQ5WjAVMRMw +EQYDVQQDDApPcGVuVlBOIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEZlRYMkM/ +C1BWwdhulSHhjowAkCXaAN8OUprngryT/qA/0Am+LYQmWdwNdef4ElhSTW4xaKQZ +q4d36p1ygnf3lEKRQSkg2u/5mrTCBw1DEZOgg8CS1z4wTlttYqlido0Jo4GEMIGB +MB0GA1UdDgQWBBQ0+FxfsE+24u9DitmrWHTQVshLzzBFBgNVHSMEPjA8gBQ0+Fxf +sE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJANzV +B7ZWgM/zMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqGSM49BAMCA2gA +MGUCMQCzheSmsBg4AbeGKqnuJ9P/uvgQOZcsgxls63EDhpirHcL/eJFGwpF2xj1p +9AnWZfwCMGO/71WFApKPRJo6rFfpbqt3UG/ht2TKE59f2kXNlhW2DS0Vg4FnFRVa ++ARBv6orZw== +-----END CERTIFICATE----- + + + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 12097 (0x2f41) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=OpenVPN CA + Validity + Not Before: Oct 19 09:33:49 2017 GMT + Not After : Oct 17 09:33:49 2027 GMT + Subject: CN=zsnemes + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:ef:9d:6d:83:d5:6a:c2:ac:d9:a5:9f:37:e0:8f: + cc:a1:38:66:87:b8:ed:b3:3a:3b:b3:04:de:c9:54: + 72:4c:c5:0e:50:81:0f:9e:8c:cd:27:61:99:25:58: + f6:b4:c8:0c:0b:2e:95:4e:a4:64:b1:25:b7:32:f5: + 18:62:9b:3a:65:de:3c:5f:b3:c3:9d:30:34:b2:a5: + 45:18:b8:17:a6:ef:47:29:48:56:e0:ff:93:4a:a8: + 21:e9:1b:f4:71:63:7e + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 97:0E:42:9E:05:27:59:9E:29:8E:22:AA:1A:85:E0:F9:B8:03:DA:20 + X509v3 Authority Key Identifier: + keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF + DirName:/CN=OpenVPN CA + serial:DC:D5:07:B6:56:80:CF:F3 + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:31:00:86:0d:4d:32:f7:5b:5f:a6:f8:36:52:7c:37: + bd:d3:1a:39:c3:16:0b:42:2e:95:4d:ff:ed:25:05:89:03:11: + 34:c2:30:7c:94:69:a5:90:68:15:7e:eb:1e:87:e4:c5:c1:02: + 30:20:c1:1a:86:89:2c:b5:67:f7:1a:a5:bb:4e:8e:cd:42:78: + 32:e7:75:b6:d0:c3:e5:61:40:48:c1:6b:20:54:42:de:ee:7a: + aa:7e:52:d9:c6:ee:16:90:1a:8c:0a:ae:b3 +-----BEGIN CERTIFICATE----- +MIIB6zCCAXGgAwIBAgICL0EwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ +TiBDQTAeFw0xNzEwMTkwOTMzNDlaFw0yNzEwMTcwOTMzNDlaMBIxEDAOBgNVBAMM +B3pzbmVtZXMwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATvnW2D1WrCrNmlnzfgj8yh +OGaHuO2zOjuzBN7JVHJMxQ5QgQ+ejM0nYZklWPa0yAwLLpVOpGSxJbcy9Rhimzpl +3jxfs8OdMDSypUUYuBem70cpSFbg/5NKqCHpG/RxY36jgZYwgZMwCQYDVR0TBAIw +ADAdBgNVHQ4EFgQUlw5CngUnWZ4pjiKqGoXg+bgD2iAwRQYDVR0jBD4wPIAUNPhc +X7BPtuLvQ4rZq1h00FbIS8+hGaQXMBUxEzARBgNVBAMMCk9wZW5WUE4gQ0GCCQDc +1Qe2VoDP8zATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZI +zj0EAwIDaAAwZQIxAIYNTTL3W1+m+DZSfDe90xo5wxYLQi6VTf/tJQWJAxE0wjB8 +lGmlkGgVfuseh+TFwQIwIMEahokstWf3GqW7To7NQngy53W20MPlYUBIwWsgVELe +7nqqflLZxu4WkBqMCq6z +-----END CERTIFICATE----- + + + +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDANt00lPuqR3fd6Ugh3 +3jI+P1HQ15Nwb3CAE04fzwAA30upq12Dao3oxs90TPen8fuhZANiAATvnW2D1WrC +rNmlnzfgj8yhOGaHuO2zOjuzBN7JVHJMxQ5QgQ+ejM0nYZklWPa0yAwLLpVOpGSx +Jbcy9Rhimzpl3jxfs8OdMDSypUUYuBem70cpSFbg/5NKqCHpG/RxY34= +-----END PRIVATE KEY----- + + + +# +# 2048 bit OpenVPN static key +# +-----BEGIN OpenVPN Static key V1----- +e2c3228e2b7b2e06ea31c36d88f0b025 +a43272d29c5e75ce0e0d848a22455f7f +2fbbe2913630194ca637d987b9c9a62d +4e68ce4cb9cc00a13475e749fdbf98c9 +cae6c8c4ef8e5b8bbf6d0cd30c217625 +382064df6f2fba84d572f0b462530549 +462ef72ebdf83b41bb1c25467d516938 +b9b82d3a5a6ba072c5ca7c1ed54500f1 +932f175f377cbf6a9250690eb36cf05b +8d04c22756cb43d787d5c6efbbe78732 +02cdc11cf66cef8ccf0842f6f3de425a +e0c1f29111e7aaf091b97b3958a35066 +94ba9f615b622339e6151314c6ea6014 +518c7ea5e064965985afab9a4bbba63e +80fb88e0ab45db4f734c1650dcd01810 +c201d2efe838b414674643ce2d05fdab +-----END OpenVPN Static key V1----- + diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/ccd/qqcs b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/ccd/qqcs new file mode 100644 index 0000000..7d8e4b8 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/ccd/qqcs @@ -0,0 +1 @@ +iroute 10.162.104.0 255.255.255.0 diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/easyrsa b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/easyrsa new file mode 100755 index 0000000..6fec288 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/easyrsa @@ -0,0 +1,1217 @@ +#!/bin/sh + +# Easy-RSA 3 -- A Shell-based CA Utility +# +# Copyright (C) 2013 by the Open-Source OpenVPN development community. +# A full list of contributors can be found in the ChangeLog. +# +# This code released under version 2 of the GNU GPL; see COPYING and the +# Licensing/ directory of this project for full licensing details. + +# Help/usage output to stdout +usage() { + # command help: + print " +Easy-RSA 3 usage and overview + +USAGE: easyrsa [options] COMMAND [command-options] + +A list of commands is shown below. To get detailed usage and help for a +command, run: + ./easyrsa help COMMAND + +For a listing of options that can be supplied before the command, use: + ./easyrsa help options + +Here is the list of commands available with a short syntax reminder. Use the +'help' command above to get full usage details. + + init-pki + build-ca [ cmd-opts ] + gen-dh + gen-req [ cmd-opts ] + sign-req + build-client-full [ cmd-opts ] + build-server-full [ cmd-opts ] + revoke + gen-crl + update-db + show-req [ cmd-opts ] + show-cert [ cmd-opts ] + import-req + export-p7 [ cmd-opts ] + export-p12 [ cmd-opts ] + set-rsa-pass [ cmd-opts ] + set-ec-pass [ cmd-opts ] +" + + # collect/show dir status: + local err_source="Not defined: vars autodetect failed and no value provided" + local work_dir="${EASYRSA:-$err_source}" + local pki_dir="${EASYRSA_PKI:-$err_source}" + print "\ +DIRECTORY STATUS (commands would take effect on these locations) + EASYRSA: $work_dir + PKI: $pki_dir +" +} # => usage() + +# Detailed command help +# When called with no args, calls usage(), otherwise shows help for a command +cmd_help() { + local text opts + case "$1" in + init-pki|clean-all) text=" + init-pki [ cmd-opts ] + Removes & re-initializes the PKI dir for a clean PKI" ;; + build-ca) text=" + build-ca [ cmd-opts ] + Creates a new CA" + opts=" + nopass - do not encrypt the CA key (default is encrypted) + subca - create a sub-CA keypair and request (default is a root CA)" ;; + gen-dh) text=" + gen-dh + Generates DH (Diffie-Hellman) parameters" ;; + gen-req) text=" + gen-req [ cmd-opts ] + Generate a standalone keypair and request (CSR) + + This request is suitable for sending to a remote CA for signing." + opts=" + nopass - do not encrypt the private key (default is encrypted)" ;; + sign|sign-req) text=" + sign-req + Sign a certificate request of the defined type. must be a known + type such as 'client', 'server', or 'ca' (or a user-added type.) + + This request file must exist in the reqs/ dir and have a .req file + extension. See import-req below for importing reqs from other sources." ;; + build|build-client-full|build-server-full) text=" + build-client-full [ cmd-opts ] + build-server-full [ cmd-opts ] + Generate a keypair and sign locally for a client or server + + This mode uses the as the X509 CN." + opts=" + nopass - do not encrypt the private key (default is encrypted)" ;; + revoke) text=" + revoke + Revoke a certificate specified by the filename_base" ;; + gen-crl) text=" + gen-crl + Generate a CRL" ;; + update-db) text=" + update-db + Update the index.txt database + + This command will use the system time to update the status of issued + certificates." ;; + show-req|show-cert) text=" + show-req [ cmd-opts ] + show-cert [ cmd-opts ] + Shows details of the req or cert referenced by filename_base + + Human-readable output is shown, including any requested cert options when + showing a request." + opts=" + full - show full req/cert info, including pubkey/sig data" ;; + import-req) text=" + import-req + Import a certificate request from a file + + This will copy the specified file into the reqs/ dir in + preparation for signing. + The is the filename base to create. + + Example usage: + import-req /some/where/bob_request.req bob" ;; + export-p12) text=" + export-p12 [ cmd-opts ] + Export a PKCS#12 file with the keypair specified by " + opts=" + noca - do not include the ca.crt file in the PKCS12 output + nokey - do not include the private key in the PKCS12 output" ;; + export-p7) text=" + export-p7 [ cmd-opts ] + Export a PKCS#7 file with the pubkey specified by " + opts=" + noca - do not include the ca.crt file in the PKCS7 output" ;; + set-rsa-pass|set-ec-pass) text=" + set-rsa-pass [ cmd-opts ] + set-ec-pass [ cmd-opts ] + Set a new passphrase on an RSA or EC key for the listed ." + opts=" + nopass - use no password and leave the key unencrypted + file - (advanced) treat the file as a raw path, not a short-name" ;; + altname|subjectaltname|san) text=" + --subject-alt-name=SAN_FORMAT_STRING + This global option adds a subjectAltName to the request or issued + certificate. It MUST be in a valid format accepted by openssl or + req/cert generation will fail. Note that including multiple such names + requires them to be comma-separated; further invocations of this + option will REPLACE the value. + + Examples of the SAN_FORMAT_STRING shown below: + DNS:alternate.example.net + DNS:primary.example.net,DNS:alternate.example.net + IP:203.0.113.29 + email:alternate@example.net" ;; + options) + opt_usage ;; + "") + usage ;; + *) text=" + Unknown command: '$1' (try without commands for a list of commands)" ;; + esac + + # display the help text + print "$text" + [ -n "$opts" ] && print " + cmd-opts is an optional set of command options from this list: +$opts" +} # => cmd_help() + +# Options usage +opt_usage() { + print " +Easy-RSA Global Option Flags + +The following options may be provided before the command. Options specified +at runtime override env-vars and any 'vars' file in use. Unless noted, +non-empty values to options are mandatory. + +General options: + +--batch : set automatic (no-prompts when possible) mode +--pki-dir=DIR : declares the PKI directory +--vars=FILE : define a specific 'vars' file to use for Easy-RSA config + +Certificate & Request options: (these impact cert/req field values) + +--days=# : sets the signing validity to the specified number of days +--digest=ALG : digest to use in the requests & certificates +--dn-mode=MODE : DN mode to use (cn_only or org) +--keysize=# : size in bits of keypair to generate +--req-cn=NAME : default CN to use +--subca-len=# : path length of signed sub-CA certs; must be >= 0 if used +--subject-alt-name : Add a subjectAltName. For more info and syntax, see: + ./easyrsa help altname +--use-algo=ALG : crypto alg to use: choose rsa (default) or ec +--curve=NAME : for elliptic curve, sets the named curve to use + +Organizational DN options: (only used with the 'org' DN mode) + (values may be blank for org DN options) + +--req-c=CC : country code (2-letters) +--req-st=NAME : State/Province +--req-city=NAME : City/Locality +--req-org=NAME : Organization +--req-email=NAME : Email addresses +--req-ou=NAME : Organizational Unit + +Deprecated features: + +--ns-cert=YESNO : yes or no to including deprecated NS extensions +--ns-comment=COMMENT : NS comment to include (value may be blank) +" +} # => opt_usage() + +# Wrapper around printf - clobber print since it's not POSIX anyway +print() { printf "%s\n" "$*"; } + +# Exit fatally with a message to stderr +# present even with EASYRSA_BATCH as these are fatal problems +die() { + print " +Easy-RSA error: + +$1" 1>&2 + exit ${2:-1} +} # => die() + +# non-fatal warning output +warn() { + [ ! $EASYRSA_BATCH ] && \ + print " +$1" 1>&2 +} # => warn() + +# informational notices to stdout +notice() { + [ ! $EASYRSA_BATCH ] && \ + print " +$1" +} # => notice() + +# yes/no case-insensitive match (operates on stdin pipe) +# Returns 0 when input contains yes, 1 for no, 2 for no match +# If both strings are present, returns 1; first matching line returns. +awk_yesno() { + local awkscript=' +BEGIN {IGNORECASE=1; r=2} +{ if(match($0,"no")) {r=1; exit} + if(match($0,"yes")) {r=0; exit} +} END {exit r}' + awk "$awkscript" +} # => awk_yesno() + +# intent confirmation helper func +# returns without prompting in EASYRSA_BATCH +confirm() { + [ $EASYRSA_BATCH ] && return + local prompt="$1" value="$2" msg="$3" input + print " +$msg + +Type the word '$value' to continue, or any other input to abort." + printf %s " $prompt" + read input + [ "$input" = "$value" ] && return + notice "Aborting without confirmation." + exit 9 +} # => confirm() + +# remove temp files +clean_temp() { + for f in "$EASYRSA_TEMP_FILE" "$EASYRSA_TEMP_FILE_2" "$EASYRSA_TEMP_FILE_3" + do [ -f "$f" ] && rm "$f" 2>/dev/null + done +} # => clean_temp() + +vars_source_check() { + # Check for defined EASYRSA_PKI + [ -n "$EASYRSA_PKI" ] || die "\ +EASYRSA_PKI env-var undefined" + + # Verify EASYRSA_OPENSSL command gives expected output + if [ -z "$EASYRSA_SSL_OK" ]; then + local val="$("$EASYRSA_OPENSSL" version)" + case "${val%% *}" in + OpenSSL|LibreSSL) ;; + *) die "\ +Missing or invalid OpenSSL +Expected to find openssl command at: $EASYRSA_OPENSSL" + esac + fi + EASYRSA_SSL_OK=1 + + # Verify EASYRSA_SSL_CONF file exists + [ -f "$EASYRSA_SSL_CONF" ] || die "\ +The OpenSSL config file cannot be found. +Expected location: $EASYRSA_SSL_CONF" +} # => vars_source_check() + +# Verify supplied curve exists and generate curve file if needed +verify_curve() { + if ! "$EASYRSA_OPENSSL" ecparam -name "$EASYRSA_CURVE" > /dev/null; then + die "\ +Curve $EASYRSA_CURVE not found. Run openssl ecparam -list_curves to show a +list of supported curves." + fi + + # Check that the ecparams dir exists + [ -d "$EASYRSA_EC_DIR" ] || mkdir "$EASYRSA_EC_DIR" || die "\ +Failed creating ecparams dir (permissions?) at: +$EASYRSA_EC_DIR" + + # Check that the required ecparams file exists + local out="$EASYRSA_EC_DIR/${EASYRSA_CURVE}.pem" + [ -f "$out" ] && return 0 + "$EASYRSA_OPENSSL" ecparam -name "$EASYRSA_CURVE" -out "$out" || die "\ +Failed to generate ecparam file (permissions?) when writing to: +$out" + + # Explicitly return success for caller + return 0 +} + +# Basic sanity-check of PKI init and complain if missing +verify_pki_init() { + local help_note="Run easyrsa without commands for usage and command help." + + # check that the pki dir exists + vars_source_check + [ -d "$EASYRSA_PKI" ] || die "\ +EASYRSA_PKI does not exist (perhaps you need to run init-pki)? +Expected to find the EASYRSA_PKI at: $EASYRSA_PKI +$help_note" + + # verify expected dirs present: + for i in private reqs; do + [ -d "$EASYRSA_PKI/$i" ] || die "\ +Missing expected directory: $i (perhaps you need to run init-pki?) +$help_note" + done +} # => verify_pki_init() + +# Verify core CA files present +verify_ca_init() { + local help_note="Run without commands for usage and command help." + + # First check the PKI has been initialized + verify_pki_init + + # verify expected files present: + for i in serial index.txt ca.crt private/ca.key; do + if [ ! -f "$EASYRSA_PKI/$i" ]; then + [ "$1" = "test" ] && return 1 + die "\ +Missing expected CA file: $i (perhaps you need to run build-ca?) +$help_note" + fi + done + + # When operating in 'test' mode, return success. + # test callers don't care about CA-specific dir structure + [ "$1" = "test" ] && return 0 + + # verify expected CA-specific dirs: + for i in issued certs_by_serial; do + [ -d "$EASYRSA_PKI/$i" ] || die "\ +Missing expected CA dir: $i (perhaps you need to run build-ca?) +$help_note" + done + + # explicitly return success for callers + return 0 + +} # => verify_ca_init() + +# init-pki backend: +init_pki() { + vars_source_check + + # If EASYRSA_PKI exists, confirm before we rm -rf (skiped with EASYRSA_BATCH) + if [ -e "$EASYRSA_PKI" ]; then + confirm "Confirm removal: " "yes" " +WARNING!!! + +You are about to remove the EASYRSA_PKI at: $EASYRSA_PKI +and initialize a fresh PKI here." + # now remove it: + rm -rf "$EASYRSA_PKI" || die "Removal of PKI dir failed. Check/correct errors above" + fi + + # new dirs: + for i in private reqs; do + mkdir -p "$EASYRSA_PKI/$i" || die "Failed to create PKI file structure (permissions?)" + done + + notice "\ +init-pki complete; you may now create a CA or requests. +Your newly created PKI dir is: $EASYRSA_PKI +" + return 0 +} # => init_pki() + +# build-ca backend: +build_ca() { + local opts= sub_ca= + while [ -n "$1" ]; do + case "$1" in + nopass) opts="$opts -nodes" ;; + subca) sub_ca=1 ;; + *) warn "Ignoring unknown command option: '$1'" ;; + esac + shift + done + + verify_pki_init + [ "$EASYRSA_ALGO" = "ec" ] && verify_curve + + # setup for the simpler sub-CA situation and overwrite with root-CA if needed: + local out_file="$EASYRSA_PKI/reqs/ca.req" + local out_key="$EASYRSA_PKI/private/ca.key" + if [ ! $sub_ca ]; then + out_file="$EASYRSA_PKI/ca.crt" + opts="$opts -x509 -days $EASYRSA_CA_EXPIRE" + fi + + # Test for existing CA, and complain if already present + if verify_ca_init test; then + die "\ +Unable to create a CA as you already seem to have one set up. +If you intended to start a new CA, run init-pki first." + fi + # If a private key exists here, a sub-ca was created but not signed. + # Notify the user and require a signed ca.crt or a init-pki: + [ -f "$out_key" ] && \ + die "\ +A CA private key exists but no ca.crt is found in your PKI dir of: +$EASYRSA_PKI +Refusing to create a new CA keypair as this operation would overwrite your +current CA keypair. If you intended to start a new CA, run init-pki first." + + # create necessary files and dirs: + local err_file="Unable to create necessary PKI files (permissions?)" + for i in issued certs_by_serial; do + mkdir -p "$EASYRSA_PKI/$i" || die "$err_file" + done + printf "" > "$EASYRSA_PKI/index.txt" || die "$err_file" + print "01" > "$EASYRSA_PKI/serial" || die "$err_file" + + # Default CN only when not in global EASYRSA_BATCH mode: + [ $EASYRSA_BATCH ] && opts="$opts -batch" || export EASYRSA_REQ_CN="Easy-RSA CA" + + out_key_tmp="$(mktemp -u "$out_key.XXXXXXXXXX")"; EASYRSA_TEMP_FILE_2="$out_key_tmp" + out_file_tmp="$(mktemp -u "$out_file.XXXXXXXXXX")"; EASYRSA_TEMP_FILE_3="$out_file_tmp" + # create the CA keypair: + "$EASYRSA_OPENSSL" req -utf8 -new -newkey $EASYRSA_ALGO:"$EASYRSA_ALGO_PARAMS" \ + -config "$EASYRSA_SSL_CONF" -keyout "$out_key_tmp" -out "$out_file_tmp" $opts || \ + die "Failed to build the CA" + mv "$out_key_tmp" "$out_key"; EASYRSA_TEMP_FILE_2= + mv "$out_file_tmp" "$out_file"; EASYRSA_TEMP_FILE_3= + + # Success messages + if [ $sub_ca ]; then + notice "\ +NOTE: Your sub-CA request is at $out_file +and now must be sent to you parent CA for signing. Place your resulting cert +at $EASYRSA_PKI/ca.crt prior to signing operations. +" + else notice "\ +CA creation complete and you may now import and sign cert requests. +Your new CA certificate file for publishing is at: +$out_file +" + fi + return 0 +} # => build_ca() + +# gen-dh backend: +gen_dh() { + verify_pki_init + + local out_file="$EASYRSA_PKI/dh.pem" + "$EASYRSA_OPENSSL" dhparam -out "$out_file" $EASYRSA_KEY_SIZE || \ + die "Failed to build DH params" + notice "\ +DH parameters of size $EASYRSA_KEY_SIZE created at $out_file +" + return 0 +} # => gen_dh() + +# gen-req backend: +gen_req() { + # pull filename base and use as default interactive CommonName: + [ -n "$1" ] || die "\ +Error: gen-req must have a file base as the first argument. +Run easyrsa without commands for usage and commands." + local key_out="$EASYRSA_PKI/private/$1.key" + local req_out="$EASYRSA_PKI/reqs/$1.req" + [ ! $EASYRSA_BATCH ] && EASYRSA_REQ_CN="$1" + shift + + # function opts support + local opts= + while [ -n "$1" ]; do + case "$1" in + nopass) opts="$opts -nodes" ;; + # batch flag supports internal callers needing silent operation + batch) local EASYRSA_BATCH=1 ;; + *) warn "Ignoring unknown command option: '$1'" ;; + esac + shift + done + + verify_pki_init + [ "$EASYRSA_ALGO" = "ec" ] && verify_curve + + # don't wipe out an existing private key without confirmation + [ -f "$key_out" ] && confirm "Confirm key overwrite: " "yes" "\ + +WARNING!!! + +An existing private key was found at $key_out +Continuing with key generation will replace this key." + + # When EASYRSA_EXTRA_EXTS is defined, append it to openssl's [req] section: + if [ -n "$EASYRSA_EXTRA_EXTS" ]; then + # Setup & insert the extra ext data keyed by a magic line + local extra_exts=" +req_extensions = req_extra +[ req_extra ] +$EASYRSA_EXTRA_EXTS" + local awkscript=' +{if ( match($0, "^#%EXTRA_EXTS%") ) + { while ( getline<"/dev/stdin" ) {print} next } + {print} +}' + print "$extra_exts" | \ + awk "$awkscript" "$EASYRSA_SSL_CONF" \ + > "$EASYRSA_TEMP_FILE" \ + || die "Copying SSL config to temp file failed" + # Use this new SSL config for the rest of this function + local EASYRSA_SSL_CONF="$EASYRSA_TEMP_FILE" + fi + + key_out_tmp="$(mktemp -u "$key_out.XXXXXXXXXX")"; EASYRSA_TEMP_FILE_2="$key_out_tmp" + req_out_tmp="$(mktemp -u "$req_out.XXXXXXXXXX")"; EASYRSA_TEMP_FILE_3="$req_out_tmp" + # generate request + [ $EASYRSA_BATCH ] && opts="$opts -batch" + "$EASYRSA_OPENSSL" req -utf8 -new -newkey $EASYRSA_ALGO:"$EASYRSA_ALGO_PARAMS" \ + -config "$EASYRSA_SSL_CONF" -keyout "$key_out_tmp" -out "$req_out_tmp" $opts \ + || die "Failed to generate request" + mv "$key_out_tmp" "$key_out"; EASYRSA_TEMP_FILE_2= + mv "$req_out_tmp" "$req_out"; EASYRSA_TEMP_FILE_3= + notice "\ +Keypair and certificate request completed. Your files are: +req: $req_out +key: $key_out +" + return 0 +} # => gen_req() + +# common signing backend +sign_req() { + local crt_type="$1" opts= + local req_in="$EASYRSA_PKI/reqs/$2.req" + local crt_out="$EASYRSA_PKI/issued/$2.crt" + + # Support batch by internal caller: + [ "$3" = "batch" ] && local EASYRSA_BATCH=1 + + verify_ca_init + + # Check argument sanity: + [ -n "$2" ] || die "\ +Incorrect number of arguments provided to sign-req: +expected 2, got $# (see command help for usage)" + + # Cert type must exist under the EASYRSA_EXT_DIR + [ -r "$EASYRSA_EXT_DIR/$crt_type" ] || die "\ +Unknown cert type '$crt_type'" + + # Request file must exist + [ -f "$req_in" ] || die "\ +No request found for the input: '$2' +Expected to find the request at: $req_in" + + # Confirm input is a cert req + verify_file req "$req_in" || die "\ +The certificate request file is not in a valid X509 request format. +Offending file: $req_in" + + # Display the request subject in an easy-to-read format + # Confirm the user wishes to sign this request + confirm "Confirm request details: " "yes" " +You are about to sign the following certificate. +Please check over the details shown below for accuracy. Note that this request +has not been cryptographically verified. Please be sure it came from a trusted +source or that you have verified the request checksum with the sender. + +Request subject, to be signed as a $crt_type certificate for $EASYRSA_CERT_EXPIRE days: + +$(display_dn req "$req_in") +" # => confirm end + + # Generate the extensions file for this cert: + { + # Append first any COMMON file (if present) then the cert-type extensions + cat "$EASYRSA_EXT_DIR/COMMON" + cat "$EASYRSA_EXT_DIR/$crt_type" + + # Support a dynamic CA path length when present: + [ "$crt_type" = "ca" ] && [ -n "$EASYRSA_SUBCA_LEN" ] && \ + print "basicConstraints = CA:TRUE, pathlen:$EASYRSA_SUBCA_LEN" + + # Deprecated Netscape extension support, if enabled + if print "$EASYRSA_NS_SUPPORT" | awk_yesno; then + [ -n "$EASYRSA_NS_COMMENT" ] && \ + print "nsComment = \"$EASYRSA_NS_COMMENT\"" + case "$crt_type" in + server) print "nsCertType = server" ;; + client) print "nsCertType = client" ;; + ca) print "nsCertType = sslCA" ;; + esac + fi + + # Add any advanced extensions supplied by env-var: + [ -n "$EASYRSA_EXTRA_EXTS" ] && print "$EASYRSA_EXTRA_EXTS" + + : # needed to keep die from inherting the above test + } > "$EASYRSA_TEMP_FILE" || die "\ +Failed to create temp extension file (bad permissions?) at: +$EASYRSA_TEMP_FILE" + + # sign request + crt_out_tmp="$(mktemp -u "$crt_out.XXXXXXXXXX")"; EASYRSA_TEMP_FILE_2="$crt_out_tmp" + "$EASYRSA_OPENSSL" ca -utf8 -in "$req_in" -out "$crt_out_tmp" -config "$EASYRSA_SSL_CONF" \ + -extfile "$EASYRSA_TEMP_FILE" -days $EASYRSA_CERT_EXPIRE -batch $opts \ + || die "signing failed (openssl output above may have more detail)" + mv "$crt_out_tmp" "$crt_out"; EASYRSA_TEMP_FILE_2= + notice "\ +Certificate created at: $crt_out +" + return 0 +} # => sign_req() + +# common build backend +# used to generate+sign in 1 step +build_full() { + verify_ca_init + + # pull filename base: + [ -n "$2" ] || die "\ +Error: didn't find a file base name as the first argument. +Run easyrsa without commands for usage and commands." + local crt_type="$1" name="$2" + local req_out="$EASYRSA_PKI/reqs/$2.req" + local key_out="$EASYRSA_PKI/private/$2.key" + local crt_out="$EASYRSA_PKI/issued/$2.crt" + shift 2 + + # function opts support + local req_opts= + while [ -n "$1" ]; do + case "$1" in + nopass) req_opts="$req_opts nopass" ;; + *) warn "Ignoring unknown command option: '$1'" ;; + esac + shift + done + + # abort on existing req/key/crt files + local err_exists="\ +file already exists. Aborting build to avoid overwriting this file. +If you wish to continue, please use a different name or remove the file. +Matching file found at: " + [ -f "$req_out" ] && die "Request $err_exists $req_out" + [ -f "$key_out" ] && die "Key $err_exists $key_out" + [ -f "$crt_out" ] && die "Certificate $err_exists $crt_out" + + # create request + EASYRSA_REQ_CN="$name" + gen_req "$name" batch $req_opts + + # Sign it + sign_req "$crt_type" "$name" batch + +} # => build_full() + +# revoke backend +revoke() { + verify_ca_init + + # pull filename base: + [ -n "$1" ] || die "\ +Error: didn't find a file base name as the first argument. +Run easyrsa without commands for usage and command help." + local crt_in="$EASYRSA_PKI/issued/$1.crt" + + verify_file x509 "$crt_in" || die "\ +Unable to revoke as the input file is not a valid certificate. Unexpected +input in file: $crt_in" + + # confirm operation by displaying DN: + confirm "Continue with revocation: " "yes" " +Please confirm you wish to revoke the certificate with the following subject: + +$(display_dn x509 "$crt_in") +" # => confirm end + + # referenced cert must exist: + [ -f "$crt_in" ] || die "\ +Unable to revoke as no certificate was found. Certificate was expected +at: $crt_in" + + "$EASYRSA_OPENSSL" ca -utf8 -revoke "$crt_in" -config "$EASYRSA_SSL_CONF" || die "\ +Failed to revoke certificate: revocation command failed." + + notice "\ +IMPORTANT!!! + +Revocation was successful. You must run gen-crl and upload a CRL to your +infrastructure in order to prevent the revoked cert from being accepted. +" # => notice end + return 0 +} #= revoke() + +# gen-crl backend +gen_crl() { + verify_ca_init + + local out_file="$EASYRSA_PKI/crl.pem" + out_file_tmp="$(mktemp -u "$out_file.XXXXXXXXXX")"; EASYRSA_TEMP_FILE_2="$out_file_tmp" + "$EASYRSA_OPENSSL" ca -utf8 -gencrl -out "$out_file_tmp" -config "$EASYRSA_SSL_CONF" || die "\ +CRL Generation failed. +" + mv "$out_file_tmp" "$out_file"; EASYRSA_TEMP_FILE_2= + + notice "\ +An updated CRL has been created. +CRL file: $out_file +" + return 0 +} # => gen_crl() + +# import-req backend +import_req() { + verify_pki_init + + # pull passed paths + local in_req="$1" short_name="$2" + local out_req="$EASYRSA_PKI/reqs/$2.req" + + [ -n "$short_name" ] || die "\ +Unable to import: incorrect command syntax. +Run easyrsa without commands for usage and command help." + + verify_file req "$in_req" || die "\ +The input file does not appear to be a certificate request. Aborting import. +Offending file: $in_req" + + # destination must not exist + [ -f "$out_req" ] && die "\ +Unable to import the request as the destination file already exists. +Please choose a different name for your imported request file. +Existing file at: $out_req" + + # now import it + cp "$in_req" "$out_req" + + notice "\ +The request has been successfully imported with a short name of: $short_name +You may now use this name to perform signing operations on this request. +" + return 0 +} # => import_req() + +# export pkcs#12 or pkcs#7 +export_pkcs() { + local pkcs_type="$1" + shift + + [ -n "$1" ] || die "\ +Unable to export p12: incorrect command syntax. +Run easyrsa without commands for usage and command help." + + local short_name="$1" + local crt_in="$EASYRSA_PKI/issued/$1.crt" + local key_in="$EASYRSA_PKI/private/$1.key" + local crt_ca="$EASYRSA_PKI/ca.crt" + shift + + verify_pki_init + + # opts support + local want_ca=1 + local want_key=1 + while [ -n "$1" ]; do + case "$1" in + noca) want_ca= ;; + nokey) want_key= ;; + *) warn "Ignoring unknown command option: '$1'" ;; + esac + shift + done + + local pkcs_opts= + if [ $want_ca ]; then + verify_file x509 "$crt_ca" || die "\ +Unable to include CA cert in the $pkcs_type output (missing file, or use noca option.) +Missing file expected at: $crt_ca" + pkcs_opts="$pkcs_opts -certfile $crt_ca" + fi + + # input files must exist + verify_file x509 "$crt_in" || die "\ +Unable to export $pkcs_type for short name '$short_name' without the certificate. +Missing cert expected at: $crt_in" + + case "$pkcs_type" in + p12) + local pkcs_out="$EASYRSA_PKI/private/$short_name.p12" + + if [ $want_key ]; then + [ -f "$key_in" ] || die "\ +Unable to export p12 for short name '$short_name' without the key +(if you want a p12 without the private key, use nokey option.) +Missing key expected at: $key_in" + else + pkcs_opts="$pkcs_opts -nokeys" + fi + + # export the p12: + "$EASYRSA_OPENSSL" pkcs12 -in "$crt_in" -inkey "$key_in" -export \ + -out "$pkcs_out" $pkcs_opts || die "\ +Export of p12 failed: see above for related openssl errors." + ;; + p7) + local pkcs_out="$EASYRSA_PKI/issued/$short_name.p7b" + + # export the p7: + "$EASYRSA_OPENSSL" crl2pkcs7 -nocrl -certfile "$crt_in" \ + -out "$pkcs_out" $pkcs_opts || die "\ +Export of p7 failed: see above for related openssl errors." + ;; +esac + + notice "\ +Successful export of $pkcs_type file. Your exported file is at the following +location: $pkcs_out +" + return 0 +} # => export_pkcs() + +# set-pass backend +set_pass() { + verify_pki_init + + # key type, supplied internally from frontend command call (rsa/ec) + local key_type="$1" + + # values supplied by the user: + local raw_file="$2" + local file="$EASYRSA_PKI/private/$raw_file.key" + [ -n "$raw_file" ] || die "\ +Missing argument to 'set-$key_type-pass' command: no name/file supplied. +See help output for usage details." + + # parse command options + shift 2 + local crypto="-aes256" + while [ -n "$1" ]; do + case "$1" in + nopass) crypto= ;; + file) file="$raw_file" ;; + *) warn "Ignoring unknown command option: '$1'" ;; + esac + shift + done + + [ -f "$file" ] || die "\ +Missing private key: expected to find the private key component at: +$file" + + notice "\ +If the key is currently encrypted you must supply the decryption passphrase. +${crypto:+You will then enter a new PEM passphrase for this key.$NL}" + + "$EASYRSA_OPENSSL" $key_type -in "$file" -out "$file" $crypto || die "\ +Failed to change the private key passphrase. See above for possible openssl +error messages." + + notice "Key passphrase successfully changed" + +} # => set_pass() + +# update-db backend +update_db() { + verify_ca_init + + "$EASYRSA_OPENSSL" ca -utf8 -updatedb -config "$EASYRSA_SSL_CONF" || die "\ +Failed to perform update-db: see above for related openssl errors." + return 0 +} # => update_db() + +# display cert DN info on a req/X509, passed by full pathname +display_dn() { + local format="$1" path="$2" + print "$("$EASYRSA_OPENSSL" $format -in "$path" -noout -subject -nameopt multiline)" +} # => display_dn() + +# verify a file seems to be a valid req/X509 +verify_file() { + local format="$1" path="$2" + "$EASYRSA_OPENSSL" $format -in "$path" -noout 2>/dev/null || return 1 + return 0 +} # => verify_x509() + +# show-* command backend +# Prints req/cert details in a readable format +show() { + local type="$1" name="$2" in_file format + [ -n "$name" ] || die "\ +Missing expected filename_base argument. +Run easyrsa without commands for usage help." + shift 2 + + # opts support + local opts="-${type}opt no_pubkey,no_sigdump" + while [ -n "$1" ]; do + case "$1" in + full) opts= ;; + *) warn "Ignoring unknown command option: '$1'" ;; + esac + shift + done + + # Determine cert/req type + if [ "$type" = "cert" ]; then + verify_ca_init + in_file="$EASYRSA_PKI/issued/${name}.crt" + format="x509" + else + verify_pki_init + in_file="$EASYRSA_PKI/reqs/${name}.req" + format="req" + fi + + # Verify file exists and is of the correct type + [ -f "$in_file" ] || die "\ +No such $type file with a basename of '$name' is present. +Expected to find this file at: +$in_file" + verify_file $format "$in_file" || die "\ +This file is not a valid $type file: +$in_file" + + notice "\ +Showing $type details for '$name'. +This file is stored at: +$in_file +" + "$EASYRSA_OPENSSL" $format -in "$in_file" -noout -text\ + -nameopt multiline $opts || die "\ +OpenSSL failure to process the input" +} # => show() + +# vars setup +# Here sourcing of 'vars' if present occurs. If not present, defaults are used +# to support running without a sourced config format +vars_setup() { + # Try to locate a 'vars' file in order of location preference. + # If one is found, source it + local vars= + + # set up program path + local prog_vars="${0%/*}/vars" + + # command-line path: + if [ -f "$EASYRSA_VARS_FILE" ]; then + vars="$EASYRSA_VARS_FILE" + # EASYRSA_PKI, if defined: + elif [ -n "$EASYRSA_PKI" ] && [ -f "$EASYRSA_PKI/vars" ]; then + vars="$EASYRSA_PKI/vars" + # EASYRSA, if defined: + elif [ -n "$EASYRSA" ] && [ -f "$EASYRSA/vars" ]; then + vars="$EASYRSA/vars" + # program location: + elif [ -f "$prog_vars" ]; then + vars="$prog_vars" + fi + + # If a vars file was located, source it + # If $EASYRSA_NO_VARS is defined (not blank) this is skipped + if [ -z "$EASYRSA_NO_VARS" ] && [ -n "$vars" ]; then + EASYRSA_CALLER=1 . "$vars" + notice "\ +Note: using Easy-RSA configuration from: $vars" + fi + + # Set defaults, preferring existing env-vars if present + set_var EASYRSA "$PWD" + set_var EASYRSA_OPENSSL openssl + set_var EASYRSA_PKI "$EASYRSA/pki" + set_var EASYRSA_DN cn_only + set_var EASYRSA_REQ_COUNTRY "US" + set_var EASYRSA_REQ_PROVINCE "California" + set_var EASYRSA_REQ_CITY "San Francisco" + set_var EASYRSA_REQ_ORG "Copyleft Certificate Co" + set_var EASYRSA_REQ_EMAIL me@example.net + set_var EASYRSA_REQ_OU "My Organizational Unit" + set_var EASYRSA_ALGO rsa + set_var EASYRSA_KEY_SIZE 2048 + set_var EASYRSA_CURVE secp384r1 + set_var EASYRSA_EC_DIR "$EASYRSA_PKI/ecparams" + set_var EASYRSA_CA_EXPIRE 3650 + set_var EASYRSA_CERT_EXPIRE 3650 + set_var EASYRSA_CRL_DAYS 180 + set_var EASYRSA_NS_SUPPORT no + set_var EASYRSA_NS_COMMENT "Easy-RSA Generated Certificate" + set_var EASYRSA_TEMP_FILE "$EASYRSA_PKI/extensions.temp" + set_var EASYRSA_TEMP_FILE_2 "" + set_var EASYRSA_TEMP_FILE_3 "" + set_var EASYRSA_REQ_CN ChangeMe + set_var EASYRSA_DIGEST sha256 + + # Detect openssl config, preferring EASYRSA_PKI over EASYRSA + if [ -f "$EASYRSA_PKI/openssl-1.0.cnf" ]; then + set_var EASYRSA_SSL_CONF "$EASYRSA_PKI/openssl-1.0.cnf" + else set_var EASYRSA_SSL_CONF "$EASYRSA/openssl-1.0.cnf" + fi + + # Same as above for the x509-types extensions dir + if [ -d "$EASYRSA_PKI/x509-types" ]; then + set_var EASYRSA_EXT_DIR "$EASYRSA_PKI/x509-types" + else set_var EASYRSA_EXT_DIR "$EASYRSA/x509-types" + fi + + # EASYRSA_ALGO_PARAMS must be set depending on selected algo + if [ "ec" = "$EASYRSA_ALGO" ]; then + EASYRSA_ALGO_PARAMS="$EASYRSA_EC_DIR/${EASYRSA_CURVE}.pem" + elif [ "rsa" = "$EASYRSA_ALGO" ]; then + EASYRSA_ALGO_PARAMS="${EASYRSA_KEY_SIZE}" + else + die "Alg '$EASYRSA_ALGO' is invalid: must be 'rsa' or 'ec'" + fi + + # Setting OPENSSL_CONF prevents bogus warnings (especially useful on win32) + export OPENSSL_CONF="$EASYRSA_SSL_CONF" +} # vars_setup() + +# variable assignment by indirection when undefined; merely exports +# the variable when it is already defined (even if currently null) +# Sets $1 as the value contained in $2 and exports (may be blank) +set_var() { + local var=$1 + shift + local value="$*" + eval "export $var=\"\${$var-$value}\"" +} #=> set_var() + +######################################## +# Invocation entry point: + +NL=' +' + +# Be secure with a restrictive umask +[ -z "$EASYRSA_NO_UMASK" ] && umask 077 + +# Parse options +while :; do + # Separate option from value: + opt="${1%%=*}" + val="${1#*=}" + empty_ok= # Empty values are not allowed unless excepted + + case "$opt" in + --days) + export EASYRSA_CERT_EXPIRE="$val" + export EASYRSA_CA_EXPIRE="$val" + export EASYRSA_CRL_DAYS="$val" + ;; + --pki-dir) + export EASYRSA_PKI="$val" ;; + --use-algo) + export EASYRSA_ALGO="$val" ;; + --keysize) + export EASYRSA_KEY_SIZE="$val" ;; + --curve) + export EASYRSA_CURVE="$val" ;; + --dn-mode) + export EASYRSA_DN="$val" ;; + --req-cn) + export EASYRSA_REQ_CN="$val" ;; + --digest) + export EASYRSA_DIGEST="$val" ;; + --req-c) + empty_ok=1 + export EASYRSA_REQ_COUNTRY="$val" ;; + --req-st) + empty_ok=1 + export EASYRSA_REQ_PROVINCE="$val" ;; + --req-city) + empty_ok=1 + export EASYRSA_REQ_CITY="$val" ;; + --req-org) + empty_ok=1 + export EASYRSA_REQ_ORG="$val" ;; + --req-email) + empty_ok=1 + export EASYRSA_REQ_EMAIL="$val" ;; + --req-ou) + empty_ok=1 + export EASYRSA_REQ_OU="$val" ;; + --ns-cert) + export EASYRSA_NS_SUPPORT="$val" ;; + --ns-comment) + empty_ok=1 + export EASYRSA_NS_COMMENT="$val" ;; + --batch) + empty_ok=1 + export EASYRSA_BATCH=1 ;; + --subca-len) + export EASYRSA_SUBCA_LEN="$val" ;; + --vars) + export EASYRSA_VARS_FILE="$val" ;; + --subject-alt-name) + export EASYRSA_EXTRA_EXTS="\ +$EASYRSA_EXTRA_EXTS +subjectAltName = $val" ;; + *) + break ;; + esac + + # fatal error when no value was provided + if [ ! $empty_ok ] && { [ "$val" = "$1" ] || [ -z "$val" ]; }; then + die "Missing value to option: $opt" + fi + + shift +done + +# Intelligent env-var detection and auto-loading: +vars_setup + +# Register clean_temp on EXIT +trap "clean_temp" EXIT + +# determine how we were called, then hand off to the function responsible +cmd="$1" +[ -n "$1" ] && shift # scrape off command +case "$cmd" in + init-pki|clean-all) + init_pki "$@" + ;; + build-ca) + build_ca "$@" + ;; + gen-dh) + gen_dh + ;; + gen-req) + gen_req "$@" + ;; + sign|sign-req) + sign_req "$@" + ;; + build-client-full) + build_full client "$@" + ;; + build-server-full) + build_full server "$@" + ;; + gen-crl) + gen_crl + ;; + revoke) + revoke "$@" + ;; + import-req) + import_req "$@" + ;; + export-p12) + export_pkcs p12 "$@" + ;; + export-p7) + export_pkcs p7 "$@" + ;; + set-rsa-pass) + set_pass rsa "$@" + ;; + set-ec-pass) + set_pass ec "$@" + ;; + update-db) + update_db + ;; + show-req) + show req "$@" + ;; + show-cert) + show cert "$@" + ;; + ""|help|-h|--help|--usage) + cmd_help "$1" + exit 0 + ;; + *) + die "Unknown command '$cmd'. Run without commands for usage help." + ;; +esac + +# vim: ft=sh nu ai sw=8 ts=8 diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/openssl-1.0.cnf b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/openssl-1.0.cnf new file mode 100644 index 0000000..d9109b5 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/openssl-1.0.cnf @@ -0,0 +1,137 @@ +# For use with Easy-RSA 3.0 and OpenSSL 1.0.* + +RANDFILE = $ENV::EASYRSA_PKI/.rnd + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = $ENV::EASYRSA_PKI # Where everything is kept +certs = $dir # Where the issued certs are kept +crl_dir = $dir # Where the issued crl are kept +database = $dir/index.txt # database index file. +new_certs_dir = $dir/certs_by_serial # default place for new certs. + +certificate = $dir/ca.crt # The CA certificate +serial = $dir/serial # The current serial number +crl = $dir/crl.pem # The current CRL +private_key = $dir/private/ca.key # The private key +RANDFILE = $dir/.rand # private random number file + +x509_extensions = basic_exts # The extentions to add to the cert + +# This allows a V2 CRL. Ancient browsers don't like it, but anything Easy-RSA +# is designed for will. In return, we get the Issuer attached to CRLs. +crl_extensions = crl_ext + +default_days = $ENV::EASYRSA_CERT_EXPIRE # how long to certify for +default_crl_days= $ENV::EASYRSA_CRL_DAYS # how long before next CRL +default_md = $ENV::EASYRSA_DIGEST # use public key default MD +preserve = no # keep passed DN ordering + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_anything + +# For the 'anything' policy, which defines allowed DN fields +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +name = optional +emailAddress = optional + +#################################################################### +# Easy-RSA request handling +# We key off $DN_MODE to determine how to format the DN +[ req ] +default_bits = $ENV::EASYRSA_KEY_SIZE +default_keyfile = privkey.pem +default_md = $ENV::EASYRSA_DIGEST +distinguished_name = $ENV::EASYRSA_DN +x509_extensions = easyrsa_ca # The extentions to add to the self signed cert + +# A placeholder to handle the $EXTRA_EXTS feature: +#%EXTRA_EXTS% # Do NOT remove or change this line as $EXTRA_EXTS support requires it + +#################################################################### +# Easy-RSA DN (Subject) handling + +# Easy-RSA DN for cn_only support: +[ cn_only ] +commonName = Common Name (eg: your user, host, or server name) +commonName_max = 64 +commonName_default = $ENV::EASYRSA_REQ_CN + +# Easy-RSA DN for org support: +[ org ] +countryName = Country Name (2 letter code) +countryName_default = $ENV::EASYRSA_REQ_COUNTRY +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = $ENV::EASYRSA_REQ_PROVINCE + +localityName = Locality Name (eg, city) +localityName_default = $ENV::EASYRSA_REQ_CITY + +0.organizationName = Organization Name (eg, company) +0.organizationName_default = $ENV::EASYRSA_REQ_ORG + +organizationalUnitName = Organizational Unit Name (eg, section) +organizationalUnitName_default = $ENV::EASYRSA_REQ_OU + +commonName = Common Name (eg: your user, host, or server name) +commonName_max = 64 +commonName_default = $ENV::EASYRSA_REQ_CN + +emailAddress = Email Address +emailAddress_default = $ENV::EASYRSA_REQ_EMAIL +emailAddress_max = 64 + +#################################################################### +# Easy-RSA cert extension handling + +# This section is effectively unused as the main script sets extensions +# dynamically. This core section is left to support the odd usecase where +# a user calls openssl directly. +[ basic_exts ] +basicConstraints = CA:FALSE +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer:always + +# The Easy-RSA CA extensions +[ easyrsa_ca ] + +# PKIX recommendations: + +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer:always + +# This could be marked critical, but it's nice to support reading by any +# broken clients who attempt to do so. +basicConstraints = CA:true + +# Limit key usage to CA tasks. If you really want to use the generated pair as +# a self-signed cert, comment this out. +keyUsage = cRLSign, keyCertSign + +# nsCertType omitted by default. Let's try to let the deprecated stuff die. +# nsCertType = sslCA + +# CRL extensions. +[ crl_ext ] + +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +# issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always,issuer:always + diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/ca.crt b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/ca.crt new file mode 100644 index 0000000..24a4072 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/ca.crt @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB4zCCAWmgAwIBAgIJANzVB7ZWgM/zMAoGCCqGSM49BAMCMBUxEzARBgNVBAMM +Ck9wZW5WUE4gQ0EwHhcNMTcxMDE5MDkyNjQ5WhcNMjcxMDE3MDkyNjQ5WjAVMRMw +EQYDVQQDDApPcGVuVlBOIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEZlRYMkM/ +C1BWwdhulSHhjowAkCXaAN8OUprngryT/qA/0Am+LYQmWdwNdef4ElhSTW4xaKQZ +q4d36p1ygnf3lEKRQSkg2u/5mrTCBw1DEZOgg8CS1z4wTlttYqlido0Jo4GEMIGB +MB0GA1UdDgQWBBQ0+FxfsE+24u9DitmrWHTQVshLzzBFBgNVHSMEPjA8gBQ0+Fxf +sE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJANzV +B7ZWgM/zMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqGSM49BAMCA2gA +MGUCMQCzheSmsBg4AbeGKqnuJ9P/uvgQOZcsgxls63EDhpirHcL/eJFGwpF2xj1p +9AnWZfwCMGO/71WFApKPRJo6rFfpbqt3UG/ht2TKE59f2kXNlhW2DS0Vg4FnFRVa ++ARBv6orZw== +-----END CERTIFICATE----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/01.pem b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/01.pem new file mode 100644 index 0000000..f48b9c8 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/01.pem @@ -0,0 +1,57 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=OpenVPN CA + Validity + Not Before: Oct 19 09:26:59 2017 GMT + Not After : Oct 17 09:26:59 2027 GMT + Subject: CN=server + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:f3:0e:85:4d:7a:51:75:26:35:e7:56:09:01:4f: + a7:b4:75:c7:98:55:a7:ca:21:88:bf:0d:7a:29:c0: + ed:f8:e5:fa:bb:4b:f7:73:63:9c:b5:37:bc:b6:b3: + 24:3c:46:73:d0:46:4f:25:7c:b6:98:2f:03:85:b0: + 13:11:6f:c1:0a:a4:ce:d1:70:1f:f4:60:fc:cc:29: + 25:c0:b9:22:61:58:22:d6:3f:d2:f6:67:9f:06:ec: + da:9f:b3:ca:1f:da:9d + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 1C:77:A0:CE:67:4B:FE:FC:6F:51:C0:C1:5D:E3:94:FD:26:CE:63:3E + X509v3 Authority Key Identifier: + keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF + DirName:/CN=OpenVPN CA + serial:DC:D5:07:B6:56:80:CF:F3 + + X509v3 Extended Key Usage: + TLS Web Server Authentication + X509v3 Key Usage: + Digital Signature, Key Encipherment + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:31:00:88:ec:52:55:18:34:d6:8c:e4:d2:26:c1:ec: + ac:8a:09:74:7f:3b:0f:ae:28:30:de:04:2b:5c:5a:25:8a:f9: + 6a:49:e8:a9:aa:1d:a3:86:17:f7:46:9f:3c:d0:fb:0b:98:02: + 30:4e:a5:cf:fc:18:9e:89:c3:b3:48:3c:20:b4:2c:d8:8b:f7: + 10:0f:80:e8:d9:40:ab:a4:3b:87:e3:57:a2:e5:15:2f:1a:10: + c6:7a:e1:2b:c9:9c:20:49:a8:20:94:6b:d8 +-----BEGIN CERTIFICATE----- +MIIB6TCCAW+gAwIBAgIBATAKBggqhkjOPQQDAjAVMRMwEQYDVQQDDApPcGVuVlBO +IENBMB4XDTE3MTAxOTA5MjY1OVoXDTI3MTAxNzA5MjY1OVowETEPMA0GA1UEAwwG +c2VydmVyMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8w6FTXpRdSY151YJAU+ntHXH +mFWnyiGIvw16KcDt+OX6u0v3c2OctTe8trMkPEZz0EZPJXy2mC8DhbATEW/BCqTO +0XAf9GD8zCklwLkiYVgi1j/S9mefBuzan7PKH9qdo4GWMIGTMAkGA1UdEwQCMAAw +HQYDVR0OBBYEFBx3oM5nS/78b1HAwV3jlP0mzmM+MEUGA1UdIwQ+MDyAFDT4XF+w +T7bi70OK2atYdNBWyEvPoRmkFzAVMRMwEQYDVQQDDApPcGVuVlBOIENBggkA3NUH +tlaAz/MwEwYDVR0lBAwwCgYIKwYBBQUHAwEwCwYDVR0PBAQDAgWgMAoGCCqGSM49 +BAMCA2gAMGUCMQCI7FJVGDTWjOTSJsHsrIoJdH87D64oMN4EK1xaJYr5aknoqaod +o4YX90afPND7C5gCME6lz/wYnonDs0g8ILQs2Iv3EA+A6NlAq6Q7h+NXouUVLxoQ +xnrhK8mcIEmoIJRr2A== +-----END CERTIFICATE----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/2811.pem b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/2811.pem new file mode 100644 index 0000000..d9f073b --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/2811.pem @@ -0,0 +1,57 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 10257 (0x2811) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=OpenVPN CA + Validity + Not Before: Oct 19 09:33:38 2017 GMT + Not After : Oct 17 09:33:38 2027 GMT + Subject: CN=zfelleg + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:cf:d4:8f:88:15:a2:5f:1a:5d:2d:dd:51:2b:0d: + f1:6e:0b:4d:8b:81:67:ac:37:75:0b:1a:fa:fa:08: + 5b:4c:4a:d1:9b:63:df:b6:df:bd:dc:14:75:47:c3: + 77:6c:0e:f6:c1:7b:21:4b:5d:91:7e:93:7e:39:ac: + 07:69:86:15:9f:d8:b2:85:ee:2e:24:24:b7:e1:12: + 2a:d9:04:5b:f3:22:9e:2c:f3:3a:aa:3c:0d:de:28: + 13:8b:7a:b6:72:62:28 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 0E:89:B8:B3:3F:79:44:1B:2D:22:D5:67:BE:BB:FB:4B:F8:52:27:4B + X509v3 Authority Key Identifier: + keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF + DirName:/CN=OpenVPN CA + serial:DC:D5:07:B6:56:80:CF:F3 + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:31:00:ed:61:aa:ec:d9:b6:11:19:58:65:7f:57:3c: + 98:a8:dd:c0:db:3f:c2:43:a4:a6:21:34:98:21:f2:43:2f:81: + c6:a2:b1:f2:c9:eb:ea:37:6a:18:f9:81:ea:33:1a:6a:d4:02: + 30:48:a3:18:1a:4f:2e:8b:5e:67:e5:a9:f3:48:01:25:b9:73: + 0c:48:50:9f:0a:c1:9f:45:d3:e9:70:09:bd:18:38:17:66:0b: + f2:24:a2:77:0e:53:bf:67:be:36:9d:d7:9d +-----BEGIN CERTIFICATE----- +MIIB6zCCAXGgAwIBAgICKBEwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ +TiBDQTAeFw0xNzEwMTkwOTMzMzhaFw0yNzEwMTcwOTMzMzhaMBIxEDAOBgNVBAMM +B3pmZWxsZWcwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATP1I+IFaJfGl0t3VErDfFu +C02LgWesN3ULGvr6CFtMStGbY9+2373cFHVHw3dsDvbBeyFLXZF+k345rAdphhWf +2LKF7i4kJLfhEirZBFvzIp4s8zqqPA3eKBOLerZyYiijgZYwgZMwCQYDVR0TBAIw +ADAdBgNVHQ4EFgQUDom4sz95RBstItVnvrv7S/hSJ0swRQYDVR0jBD4wPIAUNPhc +X7BPtuLvQ4rZq1h00FbIS8+hGaQXMBUxEzARBgNVBAMMCk9wZW5WUE4gQ0GCCQDc +1Qe2VoDP8zATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZI +zj0EAwIDaAAwZQIxAO1hquzZthEZWGV/VzyYqN3A2z/CQ6SmITSYIfJDL4HGorHy +yevqN2oY+YHqMxpq1AIwSKMYGk8ui15n5anzSAEluXMMSFCfCsGfRdPpcAm9GDgX +ZgvyJKJ3DlO/Z742nded +-----END CERTIFICATE----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/2AC2.pem b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/2AC2.pem new file mode 100644 index 0000000..94cabe9 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/2AC2.pem @@ -0,0 +1,57 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 10946 (0x2ac2) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=OpenVPN CA + Validity + Not Before: May 8 11:24:40 2018 GMT + Not After : May 5 11:24:40 2028 GMT + Subject: CN=cslevai + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:a1:0f:74:b8:b8:de:43:c0:f5:a6:5c:24:49:fb: + 38:bc:80:d7:b7:af:a3:be:8d:f6:08:87:0b:13:8b: + 2f:c0:1c:d6:1a:27:78:26:d5:3b:0f:01:f3:8b:a0: + 3f:a0:dc:b5:2a:88:8d:7d:31:b2:98:ab:71:43:8c: + d3:d7:c2:84:a4:db:e8:40:e6:83:d8:6f:7d:8c:c5: + cf:87:5d:bc:6e:b2:6e:5a:07:64:cb:a6:57:e0:05: + 78:35:ae:71:da:5e:b7 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + C0:FE:8D:CF:21:47:D9:22:05:1A:A9:0F:5C:9A:0C:DF:78:13:21:6A + X509v3 Authority Key Identifier: + keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF + DirName:/CN=OpenVPN CA + serial:DC:D5:07:B6:56:80:CF:F3 + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:30:31:1e:7f:c1:2c:49:3e:d4:d9:d4:c0:3e:ad:f7: + 54:40:d9:f7:e5:1e:34:16:ef:52:35:51:92:d0:f1:9f:07:b0: + d8:aa:1d:75:4c:73:27:a5:e7:7e:7c:fa:11:40:d2:55:02:31: + 00:95:9a:5e:2d:20:ab:c6:93:30:7f:2a:91:e8:46:34:aa:90: + 4f:3e:b0:63:c0:e1:01:36:23:61:03:20:01:51:ba:fc:3d:29: + 74:50:0b:e0:5e:20:8a:33:58:f4:db:24:21 +-----BEGIN CERTIFICATE----- +MIIB6zCCAXGgAwIBAgICKsIwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ +TiBDQTAeFw0xODA1MDgxMTI0NDBaFw0yODA1MDUxMTI0NDBaMBIxEDAOBgNVBAMM +B2NzbGV2YWkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAShD3S4uN5DwPWmXCRJ+zi8 +gNe3r6O+jfYIhwsTiy/AHNYaJ3gm1TsPAfOLoD+g3LUqiI19MbKYq3FDjNPXwoSk +2+hA5oPYb32Mxc+HXbxusm5aB2TLplfgBXg1rnHaXrejgZYwgZMwCQYDVR0TBAIw +ADAdBgNVHQ4EFgQUwP6NzyFH2SIFGqkPXJoM33gTIWowRQYDVR0jBD4wPIAUNPhc +X7BPtuLvQ4rZq1h00FbIS8+hGaQXMBUxEzARBgNVBAMMCk9wZW5WUE4gQ0GCCQDc +1Qe2VoDP8zATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZI +zj0EAwIDaAAwZQIwMR5/wSxJPtTZ1MA+rfdUQNn35R40Fu9SNVGS0PGfB7DYqh11 +THMnped+fPoRQNJVAjEAlZpeLSCrxpMwfyqR6EY0qpBPPrBjwOEBNiNhAyABUbr8 +PSl0UAvgXiCKM1j02yQh +-----END CERTIFICATE----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/2B1C.pem b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/2B1C.pem new file mode 100644 index 0000000..2bca6a6 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/2B1C.pem @@ -0,0 +1,57 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 11036 (0x2b1c) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=OpenVPN CA + Validity + Not Before: Oct 19 09:31:11 2017 GMT + Not After : Oct 17 09:31:11 2027 GMT + Subject: CN=akosztolanyi + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:8f:3c:74:2e:5d:d7:90:ac:5c:2f:e8:fe:f3:8a: + 8d:6b:6b:96:98:a7:63:e3:03:42:4c:2b:49:22:a8: + 07:c2:ac:06:89:a8:80:04:26:5e:68:79:a8:b9:84: + 79:3e:da:98:56:15:36:f2:7c:09:f8:41:78:5c:8e: + 2c:de:1b:18:8a:49:4c:8f:fe:ed:95:8f:0f:cb:5b: + e2:64:b1:63:ef:3d:d1:95:49:f1:4e:73:47:a7:11: + 94:1c:36:da:e6:55:cf + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + B1:A3:E4:CB:16:E0:E1:12:E2:70:12:2B:8F:DA:D8:99:D6:63:A4:FC + X509v3 Authority Key Identifier: + keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF + DirName:/CN=OpenVPN CA + serial:DC:D5:07:B6:56:80:CF:F3 + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:66:02:31:00:b7:e6:6c:6c:e6:75:bd:45:00:d2:29:3e:55: + 07:c4:33:b8:50:77:09:1b:d2:9b:1d:4d:48:ed:74:a3:2d:c0: + 99:0a:06:7a:08:b6:c7:41:e0:58:a9:2c:3c:6e:3f:62:a3:02: + 31:00:a9:80:0c:db:0c:c4:7c:79:44:ec:09:a5:2d:02:ef:31: + a7:84:0b:c2:7e:a6:0b:0c:c1:e3:84:d5:35:7f:1d:ac:21:7f: + f0:83:a7:2b:db:d8:06:61:f2:86:ee:1b:6f:1f +-----BEGIN CERTIFICATE----- +MIIB8TCCAXagAwIBAgICKxwwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ +TiBDQTAeFw0xNzEwMTkwOTMxMTFaFw0yNzEwMTcwOTMxMTFaMBcxFTATBgNVBAMM +DGFrb3N6dG9sYW55aTB2MBAGByqGSM49AgEGBSuBBAAiA2IABI88dC5d15CsXC/o +/vOKjWtrlpinY+MDQkwrSSKoB8KsBomogAQmXmh5qLmEeT7amFYVNvJ8CfhBeFyO +LN4bGIpJTI/+7ZWPD8tb4mSxY+890ZVJ8U5zR6cRlBw22uZVz6OBljCBkzAJBgNV +HRMEAjAAMB0GA1UdDgQWBBSxo+TLFuDhEuJwEiuP2tiZ1mOk/DBFBgNVHSMEPjA8 +gBQ0+FxfsE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBD +QYIJANzVB7ZWgM/zMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAK +BggqhkjOPQQDAgNpADBmAjEAt+ZsbOZ1vUUA0ik+VQfEM7hQdwkb0psdTUjtdKMt +wJkKBnoItsdB4FipLDxuP2KjAjEAqYAM2wzEfHlE7AmlLQLvMaeEC8J+pgsMweOE +1TV/Hawhf/CDpyvb2AZh8obuG28f +-----END CERTIFICATE----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/2BAE.pem b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/2BAE.pem new file mode 100644 index 0000000..4ae8d97 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/2BAE.pem @@ -0,0 +1,57 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 11182 (0x2bae) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=OpenVPN CA + Validity + Not Before: Oct 19 09:32:30 2017 GMT + Not After : Oct 17 09:32:30 2027 GMT + Subject: CN=khorvath + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:ab:61:3a:de:89:4e:0e:63:ea:c8:6b:98:1a:8b: + c4:f9:72:f4:bf:b2:0e:eb:94:ef:04:6c:a9:e4:78: + 53:f9:a8:af:6a:14:9b:27:e9:17:45:c7:f9:9e:e4: + d3:59:43:9c:13:c7:15:63:80:8e:aa:ac:fc:9a:55: + 59:64:7c:62:3d:2c:50:20:97:d1:c1:1e:22:94:53: + 74:4a:5f:30:fb:a0:3d:ba:e0:9d:2e:e2:70:af:73: + a5:c0:32:45:77:2e:20 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 1D:C8:C2:9E:05:CF:12:BB:33:C2:D9:24:C7:ED:A4:8D:86:23:75:CF + X509v3 Authority Key Identifier: + keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF + DirName:/CN=OpenVPN CA + serial:DC:D5:07:B6:56:80:CF:F3 + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:66:02:31:00:98:ba:ed:a5:45:71:05:76:b6:40:76:4e:a3: + 31:bd:38:7e:7d:0b:71:13:6f:1a:ee:58:1a:89:eb:ee:50:b2: + 86:2b:c6:4b:dc:8b:a5:ee:4b:c7:06:c9:65:55:10:7c:95:02: + 31:00:88:07:18:6d:65:2f:bf:79:42:d7:df:5c:88:f9:ff:81: + 8a:3d:25:80:8b:76:33:59:a9:28:20:82:30:40:67:88:49:34: + 51:f2:36:0a:22:49:2e:e5:d7:35:c3:4e:c8:2b +-----BEGIN CERTIFICATE----- +MIIB7TCCAXKgAwIBAgICK64wCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ +TiBDQTAeFw0xNzEwMTkwOTMyMzBaFw0yNzEwMTcwOTMyMzBaMBMxETAPBgNVBAMM +CGtob3J2YXRoMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEq2E63olODmPqyGuYGovE ++XL0v7IO65TvBGyp5HhT+aivahSbJ+kXRcf5nuTTWUOcE8cVY4COqqz8mlVZZHxi +PSxQIJfRwR4ilFN0Sl8w+6A9uuCdLuJwr3OlwDJFdy4go4GWMIGTMAkGA1UdEwQC +MAAwHQYDVR0OBBYEFB3Iwp4FzxK7M8LZJMftpI2GI3XPMEUGA1UdIwQ+MDyAFDT4 +XF+wT7bi70OK2atYdNBWyEvPoRmkFzAVMRMwEQYDVQQDDApPcGVuVlBOIENBggkA +3NUHtlaAz/MwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqG +SM49BAMCA2kAMGYCMQCYuu2lRXEFdrZAdk6jMb04fn0LcRNvGu5YGonr7lCyhivG +S9yLpe5LxwbJZVUQfJUCMQCIBxhtZS+/eULX31yI+f+Bij0lgIt2M1mpKCCCMEBn +iEk0UfI2CiJJLuXXNcNOyCs= +-----END CERTIFICATE----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/2CA3.pem b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/2CA3.pem new file mode 100644 index 0000000..e5e08e0 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/2CA3.pem @@ -0,0 +1,57 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 11427 (0x2ca3) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=OpenVPN CA + Validity + Not Before: Oct 19 09:31:22 2017 GMT + Not After : Oct 17 09:31:22 2027 GMT + Subject: CN=azsamboki + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:37:66:66:c1:b8:90:03:80:8d:75:22:db:61:2e: + 72:0e:78:04:91:9d:da:99:39:1d:89:0b:0e:34:90: + 06:0d:3d:8c:25:2f:fc:56:75:bc:85:ab:24:54:14: + f4:27:39:49:10:11:80:4a:07:7b:72:ed:79:8d:95: + 34:e3:07:13:3b:da:51:eb:8a:b5:77:b6:71:e4:97: + e6:05:4f:27:3e:0a:c1:f6:1f:ff:bf:a4:5e:43:ca: + bc:42:fd:3f:49:c3:5b + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + DE:CA:E6:F5:11:A9:62:D9:9C:93:4A:B3:2B:A4:9B:31:B1:1E:66:61 + X509v3 Authority Key Identifier: + keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF + DirName:/CN=OpenVPN CA + serial:DC:D5:07:B6:56:80:CF:F3 + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:66:02:31:00:cb:c2:a4:ad:cd:f0:de:75:3b:7e:bb:c8:c1: + 45:2a:bf:01:8e:83:b7:7b:15:98:7d:21:2c:86:83:bb:2d:21: + f6:be:b8:0d:fb:91:d2:57:fb:21:e4:6c:4f:90:b8:29:eb:02: + 31:00:f2:98:41:ca:42:df:94:78:e5:c7:9e:93:fc:e4:f2:5f: + cc:5d:5d:e9:f8:97:84:1a:78:15:90:04:06:99:77:9b:dd:3c: + 3a:93:55:d0:2b:f6:59:80:ae:c7:1d:85:32:61 +-----BEGIN CERTIFICATE----- +MIIB7jCCAXOgAwIBAgICLKMwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ +TiBDQTAeFw0xNzEwMTkwOTMxMjJaFw0yNzEwMTcwOTMxMjJaMBQxEjAQBgNVBAMM +CWF6c2FtYm9raTB2MBAGByqGSM49AgEGBSuBBAAiA2IABDdmZsG4kAOAjXUi22Eu +cg54BJGd2pk5HYkLDjSQBg09jCUv/FZ1vIWrJFQU9Cc5SRARgEoHe3LteY2VNOMH +EzvaUeuKtXe2ceSX5gVPJz4KwfYf/7+kXkPKvEL9P0nDW6OBljCBkzAJBgNVHRME +AjAAMB0GA1UdDgQWBBTeyub1Eali2ZyTSrMrpJsxsR5mYTBFBgNVHSMEPjA8gBQ0 ++FxfsE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJ +ANzVB7ZWgM/zMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAKBggq +hkjOPQQDAgNpADBmAjEAy8Kkrc3w3nU7frvIwUUqvwGOg7d7FZh9ISyGg7stIfa+ +uA37kdJX+yHkbE+QuCnrAjEA8phBykLflHjlx56T/OTyX8xdXen4l4QaeBWQBAaZ +d5vdPDqTVdAr9lmArscdhTJh +-----END CERTIFICATE----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/2DB5.pem b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/2DB5.pem new file mode 100644 index 0000000..46a3a44 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/2DB5.pem @@ -0,0 +1,57 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 11701 (0x2db5) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=OpenVPN CA + Validity + Not Before: Oct 19 09:32:51 2017 GMT + Not After : Oct 17 09:32:51 2027 GMT + Subject: CN=kschaffer + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:fc:5e:b3:e4:29:34:b3:d0:28:23:12:b9:4a:aa: + 85:61:2a:cd:16:9b:f9:38:dc:06:32:b1:39:0f:89: + 9f:df:aa:6e:1c:70:99:db:e9:aa:5d:21:eb:f6:6d: + 8f:e6:6b:25:bd:f6:e6:48:2f:75:ee:16:10:a5:e5: + 54:d7:32:7e:6e:26:1d:c2:8e:78:80:9e:69:3f:50: + 38:36:43:36:42:95:f5:42:b3:22:2f:6c:8b:bd:ca: + 2c:40:ea:3f:84:ce:be + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + B6:58:C0:94:45:C5:AC:E8:0A:30:D5:FA:15:AB:DC:7C:53:DC:88:06 + X509v3 Authority Key Identifier: + keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF + DirName:/CN=OpenVPN CA + serial:DC:D5:07:B6:56:80:CF:F3 + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:66:02:31:00:95:e3:da:70:d6:17:f5:85:18:a7:2d:db:31: + 5d:22:a2:98:9a:24:8f:15:75:a6:60:2f:5a:67:46:bc:14:cc: + 38:d2:bc:b8:dd:f1:0d:4c:15:45:37:0f:cb:79:3e:d8:32:02: + 31:00:95:0d:83:ef:33:b0:da:d2:bc:ba:99:27:10:c0:fc:b2: + 9d:31:d7:e8:60:95:0a:0e:59:df:92:59:86:70:cc:7f:64:94: + 76:df:f7:1f:b9:5c:e2:14:85:9c:61:76:b0:cb +-----BEGIN CERTIFICATE----- +MIIB7jCCAXOgAwIBAgICLbUwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ +TiBDQTAeFw0xNzEwMTkwOTMyNTFaFw0yNzEwMTcwOTMyNTFaMBQxEjAQBgNVBAMM +CWtzY2hhZmZlcjB2MBAGByqGSM49AgEGBSuBBAAiA2IABPxes+QpNLPQKCMSuUqq +hWEqzRab+TjcBjKxOQ+Jn9+qbhxwmdvpql0h6/Ztj+ZrJb325kgvde4WEKXlVNcy +fm4mHcKOeICeaT9QODZDNkKV9UKzIi9si73KLEDqP4TOvqOBljCBkzAJBgNVHRME +AjAAMB0GA1UdDgQWBBS2WMCURcWs6Aow1foVq9x8U9yIBjBFBgNVHSMEPjA8gBQ0 ++FxfsE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJ +ANzVB7ZWgM/zMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAKBggq +hkjOPQQDAgNpADBmAjEAlePacNYX9YUYpy3bMV0iopiaJI8VdaZgL1pnRrwUzDjS +vLjd8Q1MFUU3D8t5PtgyAjEAlQ2D7zOw2tK8upknEMD8sp0x1+hglQoOWd+SWYZw +zH9klHbf9x+5XOIUhZxhdrDL +-----END CERTIFICATE----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/2E00.pem b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/2E00.pem new file mode 100644 index 0000000..d3f1af9 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/2E00.pem @@ -0,0 +1,57 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 11776 (0x2e00) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=OpenVPN CA + Validity + Not Before: Oct 19 09:33:17 2017 GMT + Not After : Oct 17 09:33:17 2027 GMT + Subject: CN=ptombor + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:b0:7a:62:43:10:8b:4b:ae:3e:13:cb:10:b3:8c: + 85:4d:bb:74:df:61:bb:2b:0a:08:fb:15:e2:85:09: + 05:ee:8f:f4:65:43:4b:fe:ef:3c:58:ac:06:11:e8: + e4:d4:eb:7c:e3:dd:41:e0:24:f7:19:07:ee:48:fd: + 69:96:74:1e:fa:f2:b9:15:41:c8:70:64:53:7d:70: + 0a:46:f0:fe:f1:63:73:cc:bc:bc:e0:68:0d:e9:82: + 52:f3:19:53:a4:13:cd + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 5C:60:32:8A:63:F9:49:95:B7:4E:5E:28:41:CB:E2:EB:38:47:A7:76 + X509v3 Authority Key Identifier: + keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF + DirName:/CN=OpenVPN CA + serial:DC:D5:07:B6:56:80:CF:F3 + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:64:02:30:35:ab:49:b6:56:25:02:8f:d8:fe:85:29:52:dd: + bb:ed:4f:52:83:1b:7b:09:ff:29:c3:18:84:48:04:df:34:dd: + fd:19:a4:93:cb:29:bd:6f:e5:83:ec:d7:6a:17:99:02:02:30: + 63:e7:11:4d:c2:f0:b7:50:50:d1:20:c1:9f:d8:27:a8:fd:dd: + a1:57:c4:9a:cd:e4:ff:93:36:e4:32:a7:59:51:24:7b:f3:17: + ff:49:2d:b6:82:da:a1:f9:bf:dc:35:29 +-----BEGIN CERTIFICATE----- +MIIB6jCCAXGgAwIBAgICLgAwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ +TiBDQTAeFw0xNzEwMTkwOTMzMTdaFw0yNzEwMTcwOTMzMTdaMBIxEDAOBgNVBAMM +B3B0b21ib3IwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASwemJDEItLrj4TyxCzjIVN +u3TfYbsrCgj7FeKFCQXuj/RlQ0v+7zxYrAYR6OTU63zj3UHgJPcZB+5I/WmWdB76 +8rkVQchwZFN9cApG8P7xY3PMvLzgaA3pglLzGVOkE82jgZYwgZMwCQYDVR0TBAIw +ADAdBgNVHQ4EFgQUXGAyimP5SZW3Tl4oQcvi6zhHp3YwRQYDVR0jBD4wPIAUNPhc +X7BPtuLvQ4rZq1h00FbIS8+hGaQXMBUxEzARBgNVBAMMCk9wZW5WUE4gQ0GCCQDc +1Qe2VoDP8zATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZI +zj0EAwIDZwAwZAIwNatJtlYlAo/Y/oUpUt277U9Sgxt7Cf8pwxiESATfNN39GaST +yym9b+WD7NdqF5kCAjBj5xFNwvC3UFDRIMGf2Ceo/d2hV8SazeT/kzbkMqdZUSR7 +8xf/SS22gtqh+b/cNSk= +-----END CERTIFICATE----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/2EEA.pem b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/2EEA.pem new file mode 100644 index 0000000..06df7ed --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/2EEA.pem @@ -0,0 +1,57 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 12010 (0x2eea) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=OpenVPN CA + Validity + Not Before: Oct 19 09:30:53 2017 GMT + Not After : Oct 17 09:30:53 2027 GMT + Subject: CN=acsiba + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:da:c2:53:06:83:f7:48:e5:6a:f8:89:fc:d5:bd: + db:d0:b9:7c:e0:d9:83:2c:63:7b:d2:5f:81:a7:81: + fc:c8:3d:ff:33:a8:48:f0:aa:7b:07:68:1b:aa:01: + 70:5e:d8:d1:18:a6:12:c9:65:42:2a:43:bc:37:19: + 41:57:a2:bc:e5:fb:9b:4a:0b:88:47:50:e2:ad:3e: + 79:22:54:c0:e9:ac:2a:2f:e7:ed:0d:a0:c1:38:86: + 9e:45:ec:14:12:a3:73 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 15:17:AB:54:ED:F7:6C:D1:1E:AD:12:A6:20:4F:04:78:22:83:6C:A0 + X509v3 Authority Key Identifier: + keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF + DirName:/CN=OpenVPN CA + serial:DC:D5:07:B6:56:80:CF:F3 + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:31:00:a9:f0:bc:0c:01:70:39:9f:99:f1:c9:ce:5f: + d0:f2:b3:66:64:38:7e:9b:36:51:1c:5e:69:6f:7a:4b:bd:32: + 0f:50:7a:c9:8a:dc:f5:18:a3:f3:69:02:20:c2:3c:f1:95:02: + 30:78:72:d5:53:c2:2e:b2:5c:91:a7:a6:78:b4:3f:0f:2e:3e: + 22:20:22:3f:b2:67:96:e8:79:89:f0:b0:a8:bb:1d:d6:70:f1: + c9:1b:22:31:e3:40:36:6e:40:da:7d:64:d7 +-----BEGIN CERTIFICATE----- +MIIB6jCCAXCgAwIBAgICLuowCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ +TiBDQTAeFw0xNzEwMTkwOTMwNTNaFw0yNzEwMTcwOTMwNTNaMBExDzANBgNVBAMM +BmFjc2liYTB2MBAGByqGSM49AgEGBSuBBAAiA2IABNrCUwaD90jlaviJ/NW929C5 +fODZgyxje9JfgaeB/Mg9/zOoSPCqewdoG6oBcF7Y0RimEsllQipDvDcZQVeivOX7 +m0oLiEdQ4q0+eSJUwOmsKi/n7Q2gwTiGnkXsFBKjc6OBljCBkzAJBgNVHRMEAjAA +MB0GA1UdDgQWBBQVF6tU7fds0R6tEqYgTwR4IoNsoDBFBgNVHSMEPjA8gBQ0+Fxf +sE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJANzV +B7ZWgM/zMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAKBggqhkjO +PQQDAgNoADBlAjEAqfC8DAFwOZ+Z8cnOX9Dys2ZkOH6bNlEcXmlveku9Mg9QesmK +3PUYo/NpAiDCPPGVAjB4ctVTwi6yXJGnpni0Pw8uPiIgIj+yZ5boeYnwsKi7HdZw +8ckbIjHjQDZuQNp9ZNc= +-----END CERTIFICATE----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/2F41.pem b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/2F41.pem new file mode 100644 index 0000000..8b6d7cd --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/2F41.pem @@ -0,0 +1,57 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 12097 (0x2f41) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=OpenVPN CA + Validity + Not Before: Oct 19 09:33:49 2017 GMT + Not After : Oct 17 09:33:49 2027 GMT + Subject: CN=zsnemes + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:ef:9d:6d:83:d5:6a:c2:ac:d9:a5:9f:37:e0:8f: + cc:a1:38:66:87:b8:ed:b3:3a:3b:b3:04:de:c9:54: + 72:4c:c5:0e:50:81:0f:9e:8c:cd:27:61:99:25:58: + f6:b4:c8:0c:0b:2e:95:4e:a4:64:b1:25:b7:32:f5: + 18:62:9b:3a:65:de:3c:5f:b3:c3:9d:30:34:b2:a5: + 45:18:b8:17:a6:ef:47:29:48:56:e0:ff:93:4a:a8: + 21:e9:1b:f4:71:63:7e + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 97:0E:42:9E:05:27:59:9E:29:8E:22:AA:1A:85:E0:F9:B8:03:DA:20 + X509v3 Authority Key Identifier: + keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF + DirName:/CN=OpenVPN CA + serial:DC:D5:07:B6:56:80:CF:F3 + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:31:00:86:0d:4d:32:f7:5b:5f:a6:f8:36:52:7c:37: + bd:d3:1a:39:c3:16:0b:42:2e:95:4d:ff:ed:25:05:89:03:11: + 34:c2:30:7c:94:69:a5:90:68:15:7e:eb:1e:87:e4:c5:c1:02: + 30:20:c1:1a:86:89:2c:b5:67:f7:1a:a5:bb:4e:8e:cd:42:78: + 32:e7:75:b6:d0:c3:e5:61:40:48:c1:6b:20:54:42:de:ee:7a: + aa:7e:52:d9:c6:ee:16:90:1a:8c:0a:ae:b3 +-----BEGIN CERTIFICATE----- +MIIB6zCCAXGgAwIBAgICL0EwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ +TiBDQTAeFw0xNzEwMTkwOTMzNDlaFw0yNzEwMTcwOTMzNDlaMBIxEDAOBgNVBAMM +B3pzbmVtZXMwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATvnW2D1WrCrNmlnzfgj8yh +OGaHuO2zOjuzBN7JVHJMxQ5QgQ+ejM0nYZklWPa0yAwLLpVOpGSxJbcy9Rhimzpl +3jxfs8OdMDSypUUYuBem70cpSFbg/5NKqCHpG/RxY36jgZYwgZMwCQYDVR0TBAIw +ADAdBgNVHQ4EFgQUlw5CngUnWZ4pjiKqGoXg+bgD2iAwRQYDVR0jBD4wPIAUNPhc +X7BPtuLvQ4rZq1h00FbIS8+hGaQXMBUxEzARBgNVBAMMCk9wZW5WUE4gQ0GCCQDc +1Qe2VoDP8zATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZI +zj0EAwIDaAAwZQIxAIYNTTL3W1+m+DZSfDe90xo5wxYLQi6VTf/tJQWJAxE0wjB8 +lGmlkGgVfuseh+TFwQIwIMEahokstWf3GqW7To7NQngy53W20MPlYUBIwWsgVELe +7nqqflLZxu4WkBqMCq6z +-----END CERTIFICATE----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/2FCF.pem b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/2FCF.pem new file mode 100644 index 0000000..f43820c --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/2FCF.pem @@ -0,0 +1,57 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 12239 (0x2fcf) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=OpenVPN CA + Validity + Not Before: Oct 19 09:31:36 2017 GMT + Not After : Oct 17 09:31:36 2027 GMT + Subject: CN=csgulyas + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:f2:18:09:ae:cd:31:69:80:cf:9b:ca:1b:ff:67: + d8:40:61:dc:48:60:b5:19:f9:40:aa:0b:92:0b:2b: + d9:7c:1f:01:23:cd:7a:62:51:0a:6a:57:18:49:dd: + d3:6b:71:48:4e:31:69:7c:56:b9:68:ed:a4:e8:a7: + cb:bb:6c:f8:95:f4:76:64:07:14:8f:4f:04:e9:26: + a2:74:46:a5:10:77:67:18:28:9c:8d:29:10:f7:7f: + 92:b2:83:75:19:8d:74 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 23:BC:13:C4:79:E6:B1:98:F7:D3:0D:AB:BB:B2:7F:C6:08:19:D5:15 + X509v3 Authority Key Identifier: + keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF + DirName:/CN=OpenVPN CA + serial:DC:D5:07:B6:56:80:CF:F3 + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:66:02:31:00:d9:f1:2c:76:09:e3:5b:ed:20:3a:a7:47:48: + b8:55:d1:eb:37:51:3a:9f:33:48:03:c3:ec:82:9b:72:d5:94: + 24:58:7d:55:34:69:68:86:f4:57:85:1b:91:a5:57:c1:fb:02: + 31:00:f3:8f:50:60:25:14:b9:48:73:a8:d0:a0:ee:b1:a4:f9: + a3:6f:a8:29:d1:8c:fe:d0:be:7d:2f:67:e7:9d:02:85:ac:54: + d4:da:0f:68:85:53:04:7a:9c:14:28:91:7b:c3 +-----BEGIN CERTIFICATE----- +MIIB7TCCAXKgAwIBAgICL88wCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ +TiBDQTAeFw0xNzEwMTkwOTMxMzZaFw0yNzEwMTcwOTMxMzZaMBMxETAPBgNVBAMM +CGNzZ3VseWFzMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8hgJrs0xaYDPm8ob/2fY +QGHcSGC1GflAqguSCyvZfB8BI816YlEKalcYSd3Ta3FITjFpfFa5aO2k6KfLu2z4 +lfR2ZAcUj08E6SaidEalEHdnGCicjSkQ93+SsoN1GY10o4GWMIGTMAkGA1UdEwQC +MAAwHQYDVR0OBBYEFCO8E8R55rGY99MNq7uyf8YIGdUVMEUGA1UdIwQ+MDyAFDT4 +XF+wT7bi70OK2atYdNBWyEvPoRmkFzAVMRMwEQYDVQQDDApPcGVuVlBOIENBggkA +3NUHtlaAz/MwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqG +SM49BAMCA2kAMGYCMQDZ8Sx2CeNb7SA6p0dIuFXR6zdROp8zSAPD7IKbctWUJFh9 +VTRpaIb0V4UbkaVXwfsCMQDzj1BgJRS5SHOo0KDusaT5o2+oKdGM/tC+fS9n550C +haxU1NoPaIVTBHqcFCiRe8M= +-----END CERTIFICATE----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/305F.pem b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/305F.pem new file mode 100644 index 0000000..cdccc90 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/305F.pem @@ -0,0 +1,57 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 12383 (0x305f) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=OpenVPN CA + Validity + Not Before: Oct 19 09:31:47 2017 GMT + Not After : Oct 17 09:31:47 2027 GMT + Subject: CN=dvasary + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:e6:2e:65:84:8a:05:e7:d2:32:6b:85:20:26:cd: + 0d:dc:a2:e6:cc:23:36:f4:33:7b:f0:6c:0d:a0:8d: + f8:0c:13:77:57:f7:6e:02:b7:1a:35:b0:ee:31:26: + 0d:57:31:df:11:fa:15:73:bd:d3:3e:e6:bc:97:9b: + 5e:da:41:b0:36:a2:95:98:3b:a6:4e:f5:18:8c:9e: + ff:26:8f:3e:00:93:b0:14:84:4d:43:f0:01:fa:95: + 6d:32:f2:41:0e:4f:5e + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + CD:19:31:60:F7:8A:AB:3D:A9:4F:C8:83:0D:B0:5A:D0:EB:69:44:4B + X509v3 Authority Key Identifier: + keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF + DirName:/CN=OpenVPN CA + serial:DC:D5:07:B6:56:80:CF:F3 + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:31:00:c8:72:bd:64:1d:57:d1:87:d9:1c:ef:e9:4f: + 7a:c9:b5:80:58:fb:ff:47:50:43:13:eb:80:4d:ab:ab:d6:9b: + 90:65:ae:58:88:43:da:3a:56:ba:ea:24:c0:03:42:a6:b1:02: + 30:22:fa:c5:a0:7d:b7:97:54:5a:e7:65:25:6a:02:f8:53:99: + 08:64:5e:a9:70:27:84:b0:03:df:d1:39:c9:9a:b7:ca:be:60: + d5:45:22:18:a7:ca:da:56:bd:15:d5:30:66 +-----BEGIN CERTIFICATE----- +MIIB6zCCAXGgAwIBAgICMF8wCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ +TiBDQTAeFw0xNzEwMTkwOTMxNDdaFw0yNzEwMTcwOTMxNDdaMBIxEDAOBgNVBAMM +B2R2YXNhcnkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATmLmWEigXn0jJrhSAmzQ3c +oubMIzb0M3vwbA2gjfgME3dX924Ctxo1sO4xJg1XMd8R+hVzvdM+5ryXm17aQbA2 +opWYO6ZO9RiMnv8mjz4Ak7AUhE1D8AH6lW0y8kEOT16jgZYwgZMwCQYDVR0TBAIw +ADAdBgNVHQ4EFgQUzRkxYPeKqz2pT8iDDbBa0OtpREswRQYDVR0jBD4wPIAUNPhc +X7BPtuLvQ4rZq1h00FbIS8+hGaQXMBUxEzARBgNVBAMMCk9wZW5WUE4gQ0GCCQDc +1Qe2VoDP8zATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZI +zj0EAwIDaAAwZQIxAMhyvWQdV9GH2Rzv6U96ybWAWPv/R1BDE+uATaur1puQZa5Y +iEPaOla66iTAA0KmsQIwIvrFoH23l1Ra52UlagL4U5kIZF6pcCeEsAPf0TnJmrfK +vmDVRSIYp8raVr0V1TBm +-----END CERTIFICATE----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/3068.pem b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/3068.pem new file mode 100644 index 0000000..16edb9e --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/3068.pem @@ -0,0 +1,57 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 12392 (0x3068) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=OpenVPN CA + Validity + Not Before: Oct 19 09:33:27 2017 GMT + Not After : Oct 17 09:33:27 2027 GMT + Subject: CN=rrendek + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:93:14:3f:24:4e:45:1b:b9:99:2d:3f:dd:de:34: + ef:fe:d2:92:04:02:a7:15:a2:13:70:63:c3:2d:7c: + c9:4c:e1:b9:3d:16:da:4b:82:ab:f4:f8:12:fb:97: + 67:f9:5c:ed:a8:9f:59:a6:8f:95:07:60:51:ae:d1: + 31:a2:f3:7b:84:8e:22:12:cf:15:9d:f2:28:79:6f: + ae:81:7a:4f:8d:17:c8:51:40:5d:00:8a:be:d7:bc: + 89:9c:5c:6a:74:26:bd + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + DC:B3:A4:15:7A:8C:D4:35:51:97:3C:CE:EB:AE:04:F3:16:6E:06:EC + X509v3 Authority Key Identifier: + keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF + DirName:/CN=OpenVPN CA + serial:DC:D5:07:B6:56:80:CF:F3 + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:30:51:85:3f:d2:fb:cb:3c:b2:23:38:67:74:21:57: + d1:ce:30:98:ce:74:ba:25:bc:1d:4c:78:a8:9a:b3:9d:65:e4: + bb:f3:18:11:3d:78:3f:cb:0e:4e:84:10:d1:e3:36:fb:02:31: + 00:ac:47:55:f0:2e:4f:8d:04:10:f0:d7:ef:e6:20:49:50:37: + d9:8d:48:0a:4c:74:3a:ad:94:31:34:fc:b2:d8:ad:80:49:50: + fa:a7:97:6c:9c:e2:28:2c:9e:1f:14:50:22 +-----BEGIN CERTIFICATE----- +MIIB6zCCAXGgAwIBAgICMGgwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ +TiBDQTAeFw0xNzEwMTkwOTMzMjdaFw0yNzEwMTcwOTMzMjdaMBIxEDAOBgNVBAMM +B3JyZW5kZWswdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASTFD8kTkUbuZktP93eNO/+ +0pIEAqcVohNwY8MtfMlM4bk9FtpLgqv0+BL7l2f5XO2on1mmj5UHYFGu0TGi83uE +jiISzxWd8ih5b66Bek+NF8hRQF0Air7XvImcXGp0Jr2jgZYwgZMwCQYDVR0TBAIw +ADAdBgNVHQ4EFgQU3LOkFXqM1DVRlzzO664E8xZuBuwwRQYDVR0jBD4wPIAUNPhc +X7BPtuLvQ4rZq1h00FbIS8+hGaQXMBUxEzARBgNVBAMMCk9wZW5WUE4gQ0GCCQDc +1Qe2VoDP8zATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZI +zj0EAwIDaAAwZQIwUYU/0vvLPLIjOGd0IVfRzjCYznS6JbwdTHiomrOdZeS78xgR +PXg/yw5OhBDR4zb7AjEArEdV8C5PjQQQ8Nfv5iBJUDfZjUgKTHQ6rZQxNPyy2K2A +SVD6p5dsnOIoLJ4fFFAi +-----END CERTIFICATE----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/31EE.pem b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/31EE.pem new file mode 100644 index 0000000..c937054 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/31EE.pem @@ -0,0 +1,57 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 12782 (0x31ee) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=OpenVPN CA + Validity + Not Before: Oct 19 09:30:45 2017 GMT + Not After : Oct 17 09:30:45 2027 GMT + Subject: CN=aborza + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:ca:81:c1:4a:ea:59:0a:e6:b5:34:90:78:60:ae: + 9a:b9:5c:d8:52:3e:ec:8f:30:00:96:c0:6b:5e:17: + 60:ab:72:09:73:e3:3e:31:5b:f7:fe:ed:31:48:94: + 6f:e9:a0:4a:70:76:55:5b:41:07:ea:af:e2:8a:b1: + 5f:5c:95:e4:f4:b4:60:1d:91:c8:0f:fb:57:f6:53: + 79:07:3a:2e:c9:6f:96:6a:7d:1e:1c:f6:74:19:76: + 8c:bb:c1:dd:dd:ff:6d + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 8D:C0:A1:00:5B:E9:79:9B:65:3D:0B:DA:CD:18:C0:80:D7:11:49:7A + X509v3 Authority Key Identifier: + keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF + DirName:/CN=OpenVPN CA + serial:DC:D5:07:B6:56:80:CF:F3 + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:30:70:1e:e8:7c:51:73:46:96:78:64:df:35:e8:90: + 28:60:66:c3:a1:9c:ce:46:c6:09:95:c3:99:80:ce:70:84:10: + 2f:a2:8b:ad:53:8f:0e:67:ad:05:88:71:4b:dc:a4:4a:02:31: + 00:83:2b:87:a9:6e:6e:14:49:ff:53:61:8c:6b:8a:f3:cf:b4: + 4a:b7:ec:19:e3:05:bd:4f:43:49:bb:cb:df:aa:ba:27:e7:5e: + 07:4a:f8:32:c6:f0:f1:22:31:a0:7f:f8:22 +-----BEGIN CERTIFICATE----- +MIIB6jCCAXCgAwIBAgICMe4wCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ +TiBDQTAeFw0xNzEwMTkwOTMwNDVaFw0yNzEwMTcwOTMwNDVaMBExDzANBgNVBAMM +BmFib3J6YTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMqBwUrqWQrmtTSQeGCumrlc +2FI+7I8wAJbAa14XYKtyCXPjPjFb9/7tMUiUb+mgSnB2VVtBB+qv4oqxX1yV5PS0 +YB2RyA/7V/ZTeQc6Lslvlmp9Hhz2dBl2jLvB3d3/baOBljCBkzAJBgNVHRMEAjAA +MB0GA1UdDgQWBBSNwKEAW+l5m2U9C9rNGMCA1xFJejBFBgNVHSMEPjA8gBQ0+Fxf +sE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJANzV +B7ZWgM/zMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAKBggqhkjO +PQQDAgNoADBlAjBwHuh8UXNGlnhk3zXokChgZsOhnM5GxgmVw5mAznCEEC+ii61T +jw5nrQWIcUvcpEoCMQCDK4epbm4USf9TYYxrivPPtEq37BnjBb1PQ0m7y9+quifn +XgdK+DLG8PEiMaB/+CI= +-----END CERTIFICATE----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/3254.pem b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/3254.pem new file mode 100644 index 0000000..cb2cbc3 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/3254.pem @@ -0,0 +1,57 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 12884 (0x3254) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=OpenVPN CA + Validity + Not Before: Oct 19 09:34:10 2017 GMT + Not After : Oct 17 09:34:10 2027 GMT + Subject: CN=rtoth + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:7a:7e:21:3f:34:e9:74:19:bb:bf:7e:9e:2b:c4: + 62:fd:ad:9f:ed:82:83:00:5d:39:53:14:81:44:0f: + 2b:bc:a8:6e:e3:10:00:fd:78:85:d2:76:12:bd:8a: + 3d:0d:8c:45:cc:ef:d2:2e:17:b0:d6:0a:68:c9:7a: + 12:f5:b4:df:44:11:27:da:22:4b:44:8c:4f:d9:d3: + 7c:be:ee:76:a1:5b:4b:ae:cd:fe:40:d1:43:9a:3b: + fd:9a:13:c6:68:b0:38 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 86:F1:74:B7:CD:8B:58:F7:D8:BD:31:75:B5:3F:EE:E1:6A:BB:99:0C + X509v3 Authority Key Identifier: + keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF + DirName:/CN=OpenVPN CA + serial:DC:D5:07:B6:56:80:CF:F3 + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:31:00:b9:da:3e:da:46:23:d5:66:a0:0e:c9:e1:cd: + 09:66:11:30:47:4f:e8:d7:5e:1e:6b:7e:4a:ba:01:d9:2b:8d: + d7:0c:9d:b1:53:a9:90:89:71:4b:18:ea:84:76:26:c1:e4:02: + 30:76:0f:ab:a2:75:cc:8d:b0:5a:b9:b6:1a:32:50:2e:aa:d2: + 3e:fb:be:da:35:e1:d0:17:95:49:fd:b5:63:c6:e8:b6:b9:3c: + 53:6d:b6:4d:ad:00:27:7f:a5:60:f9:1e:db +-----BEGIN CERTIFICATE----- +MIIB6TCCAW+gAwIBAgICMlQwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ +TiBDQTAeFw0xNzEwMTkwOTM0MTBaFw0yNzEwMTcwOTM0MTBaMBAxDjAMBgNVBAMM +BXJ0b3RoMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEen4hPzTpdBm7v36eK8Ri/a2f +7YKDAF05UxSBRA8rvKhu4xAA/XiF0nYSvYo9DYxFzO/SLhew1gpoyXoS9bTfRBEn +2iJLRIxP2dN8vu52oVtLrs3+QNFDmjv9mhPGaLA4o4GWMIGTMAkGA1UdEwQCMAAw +HQYDVR0OBBYEFIbxdLfNi1j32L0xdbU/7uFqu5kMMEUGA1UdIwQ+MDyAFDT4XF+w +T7bi70OK2atYdNBWyEvPoRmkFzAVMRMwEQYDVQQDDApPcGVuVlBOIENBggkA3NUH +tlaAz/MwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqGSM49 +BAMCA2gAMGUCMQC52j7aRiPVZqAOyeHNCWYRMEdP6NdeHmt+SroB2SuN1wydsVOp +kIlxSxjqhHYmweQCMHYPq6J1zI2wWrm2GjJQLqrSPvu+2jXh0BeVSf21Y8botrk8 +U222Ta0AJ3+lYPke2w== +-----END CERTIFICATE----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/3274.pem b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/3274.pem new file mode 100644 index 0000000..3b4c9b3 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/3274.pem @@ -0,0 +1,57 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 12916 (0x3274) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=OpenVPN CA + Validity + Not Before: Oct 19 09:32:40 2017 GMT + Not After : Oct 17 09:32:40 2027 GMT + Subject: CN=kkele + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:25:3e:a3:bd:c9:27:5e:ba:c6:30:68:0f:90:17: + 94:89:69:30:04:70:6a:ba:16:40:3d:04:08:ed:00: + 2d:a2:c4:45:aa:db:af:85:d2:a6:40:7b:69:85:bc: + cf:9a:41:66:0b:4d:1a:c4:82:53:b0:d1:cb:53:98: + 39:90:11:11:5e:e7:98:a7:b3:71:31:b1:55:be:07: + ef:ed:6a:e7:dc:e9:38:fd:03:fc:d5:52:ed:a8:da: + de:88:22:6d:c2:80:0a + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 05:94:51:39:17:98:AD:AD:A6:A0:4D:7F:79:9C:81:1F:3C:BB:8A:88 + X509v3 Authority Key Identifier: + keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF + DirName:/CN=OpenVPN CA + serial:DC:D5:07:B6:56:80:CF:F3 + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:64:02:30:6c:81:f6:f7:47:45:a0:a2:2b:20:6f:2c:22:7d: + 40:79:45:2a:66:9e:04:5d:75:b9:d9:f9:a7:98:c8:81:c9:6e: + bd:9c:35:e8:67:2c:9c:2f:52:62:3c:b4:5f:4a:33:68:02:30: + 72:86:06:98:6e:ab:ff:2e:00:0d:20:1a:35:1f:86:33:ed:7c: + 36:31:69:89:98:6e:3e:22:39:71:c3:e3:62:26:20:aa:56:77: + 5f:1e:e3:60:45:dd:37:ca:6b:4f:f6:66 +-----BEGIN CERTIFICATE----- +MIIB6DCCAW+gAwIBAgICMnQwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ +TiBDQTAeFw0xNzEwMTkwOTMyNDBaFw0yNzEwMTcwOTMyNDBaMBAxDjAMBgNVBAMM +BWtrZWxlMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEJT6jvcknXrrGMGgPkBeUiWkw +BHBquhZAPQQI7QAtosRFqtuvhdKmQHtphbzPmkFmC00axIJTsNHLU5g5kBERXueY +p7NxMbFVvgfv7Wrn3Ok4/QP81VLtqNreiCJtwoAKo4GWMIGTMAkGA1UdEwQCMAAw +HQYDVR0OBBYEFAWUUTkXmK2tpqBNf3mcgR88u4qIMEUGA1UdIwQ+MDyAFDT4XF+w +T7bi70OK2atYdNBWyEvPoRmkFzAVMRMwEQYDVQQDDApPcGVuVlBOIENBggkA3NUH +tlaAz/MwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqGSM49 +BAMCA2cAMGQCMGyB9vdHRaCiKyBvLCJ9QHlFKmaeBF11udn5p5jIgcluvZw16Gcs +nC9SYjy0X0ozaAIwcoYGmG6r/y4ADSAaNR+GM+18NjFpiZhuPiI5ccPjYiYgqlZ3 +Xx7jYEXdN8prT/Zm +-----END CERTIFICATE----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/3301.pem b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/3301.pem new file mode 100644 index 0000000..13bc21a --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/3301.pem @@ -0,0 +1,57 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 13057 (0x3301) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=OpenVPN CA + Validity + Not Before: Oct 19 09:32:15 2017 GMT + Not After : Oct 17 09:32:15 2027 GMT + Subject: CN=fschnell + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:53:8d:f8:f4:fd:5f:c9:b3:4c:57:f6:c4:93:7f: + 94:43:31:09:62:ca:ef:5a:d8:12:54:59:58:84:21: + aa:59:8b:5a:23:a9:b7:1b:e8:e6:e3:a6:76:14:75: + 45:c7:d5:0c:89:5c:e7:9e:f1:56:2a:6d:25:b8:30: + 6f:4a:dd:80:08:b0:a6:07:c8:98:d6:f3:0a:07:d9: + 60:d0:00:58:7f:f6:a5:6b:78:53:82:44:5a:81:01: + 54:18:6f:1b:f4:99:f9 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + C8:6F:89:82:1D:8F:8C:70:84:6F:E9:35:BD:92:9C:3E:56:DC:40:CD + X509v3 Authority Key Identifier: + keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF + DirName:/CN=OpenVPN CA + serial:DC:D5:07:B6:56:80:CF:F3 + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:66:02:31:00:f7:04:12:3d:b3:98:22:bc:aa:06:62:be:31: + ac:32:26:c9:80:1b:aa:17:e0:85:82:0b:14:b8:35:09:8f:e4: + 7c:2b:8f:82:a6:c2:08:9d:91:7a:43:19:30:a2:94:e6:2b:02: + 31:00:fb:61:02:d5:e4:9b:a8:a3:d9:5e:e6:cf:4e:8f:5c:17: + 4e:59:c4:20:78:bb:d6:2a:cc:8c:92:e5:78:aa:6b:2c:ce:db: + 94:46:86:16:76:14:ac:64:41:d1:78:d2:a9:ec +-----BEGIN CERTIFICATE----- +MIIB7TCCAXKgAwIBAgICMwEwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ +TiBDQTAeFw0xNzEwMTkwOTMyMTVaFw0yNzEwMTcwOTMyMTVaMBMxETAPBgNVBAMM +CGZzY2huZWxsMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEU4349P1fybNMV/bEk3+U +QzEJYsrvWtgSVFlYhCGqWYtaI6m3G+jm46Z2FHVFx9UMiVznnvFWKm0luDBvSt2A +CLCmB8iY1vMKB9lg0ABYf/ala3hTgkRagQFUGG8b9Jn5o4GWMIGTMAkGA1UdEwQC +MAAwHQYDVR0OBBYEFMhviYIdj4xwhG/pNb2SnD5W3EDNMEUGA1UdIwQ+MDyAFDT4 +XF+wT7bi70OK2atYdNBWyEvPoRmkFzAVMRMwEQYDVQQDDApPcGVuVlBOIENBggkA +3NUHtlaAz/MwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqG +SM49BAMCA2kAMGYCMQD3BBI9s5givKoGYr4xrDImyYAbqhfghYILFLg1CY/kfCuP +gqbCCJ2RekMZMKKU5isCMQD7YQLV5Juoo9le5s9Oj1wXTlnEIHi71irMjJLleKpr +LM7blEaGFnYUrGRB0XjSqew= +-----END CERTIFICATE----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/333C.pem b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/333C.pem new file mode 100644 index 0000000..aa68a42 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/333C.pem @@ -0,0 +1,57 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 13116 (0x333c) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=OpenVPN CA + Validity + Not Before: Oct 19 09:32:00 2017 GMT + Not After : Oct 17 09:32:00 2027 GMT + Subject: CN=fritter + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:2c:40:ec:81:89:ad:1b:ae:c8:1c:3e:5d:62:2f: + 5e:27:33:d2:42:ba:b9:6c:38:34:ea:90:d6:dd:10: + e6:b3:19:f5:02:4a:fe:8c:b4:77:cf:6f:c5:ab:81: + 82:88:3c:4e:9b:82:c3:22:c2:1f:c8:c7:53:af:18: + f9:9b:92:cf:18:51:8f:95:67:6b:04:9f:f4:95:b8: + 8b:1a:6a:d4:4c:23:c5:33:46:20:d2:e5:15:bf:bd: + af:1c:68:44:98:85:82 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + F6:A5:72:FC:DA:1E:8B:69:98:1A:0E:1E:21:31:3F:A3:CD:57:59:D2 + X509v3 Authority Key Identifier: + keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF + DirName:/CN=OpenVPN CA + serial:DC:D5:07:B6:56:80:CF:F3 + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:31:00:ce:de:f9:f5:30:65:f1:0c:19:dd:a5:8d:42: + e7:b5:5b:66:96:45:7f:d2:00:de:d2:9f:7a:7d:cc:0a:a8:6e: + 0e:ce:f3:1a:4e:1e:33:50:48:9c:84:d4:47:47:d8:81:98:02: + 30:0b:13:67:f6:2a:d8:0d:86:2b:15:18:e5:41:f3:dc:3b:1c: + 15:a4:09:a6:82:03:d5:16:7e:4b:6b:0b:51:70:1a:01:92:e1: + 4f:61:58:1b:ed:b8:d9:17:90:78:70:85:bc +-----BEGIN CERTIFICATE----- +MIIB6zCCAXGgAwIBAgICMzwwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ +TiBDQTAeFw0xNzEwMTkwOTMyMDBaFw0yNzEwMTcwOTMyMDBaMBIxEDAOBgNVBAMM +B2ZyaXR0ZXIwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQsQOyBia0brsgcPl1iL14n +M9JCurlsODTqkNbdEOazGfUCSv6MtHfPb8WrgYKIPE6bgsMiwh/Ix1OvGPmbks8Y +UY+VZ2sEn/SVuIsaatRMI8UzRiDS5RW/va8caESYhYKjgZYwgZMwCQYDVR0TBAIw +ADAdBgNVHQ4EFgQU9qVy/Noei2mYGg4eITE/o81XWdIwRQYDVR0jBD4wPIAUNPhc +X7BPtuLvQ4rZq1h00FbIS8+hGaQXMBUxEzARBgNVBAMMCk9wZW5WUE4gQ0GCCQDc +1Qe2VoDP8zATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZI +zj0EAwIDaAAwZQIxAM7e+fUwZfEMGd2ljULntVtmlkV/0gDe0p96fcwKqG4OzvMa +Th4zUEichNRHR9iBmAIwCxNn9irYDYYrFRjlQfPcOxwVpAmmggPVFn5LawtRcBoB +kuFPYVgb7bjZF5B4cIW8 +-----END CERTIFICATE----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/3349.pem b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/3349.pem new file mode 100644 index 0000000..ed6b42a --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/3349.pem @@ -0,0 +1,57 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 13129 (0x3349) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=OpenVPN CA + Validity + Not Before: Oct 19 09:33:02 2017 GMT + Not After : Oct 17 09:33:02 2027 GMT + Subject: CN=mszabo + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:69:c0:86:27:a1:fa:74:2a:18:21:dc:d4:d1:4b: + b3:6e:d5:16:06:b7:50:8d:3a:5c:86:ea:b9:25:84: + bd:4e:65:d9:7c:33:13:8e:63:64:cb:70:39:3a:ac: + a5:d0:68:4d:f5:aa:f1:56:8c:55:11:26:d3:c3:c0: + 4a:10:78:35:7d:ba:56:f6:9a:f5:af:3d:6b:be:ad: + e7:e2:9c:0e:ec:42:b2:49:e3:f8:d6:36:0d:dd:56: + fb:e3:c0:7d:34:e5:2e + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 28:55:A2:FF:1C:FC:9B:E2:22:C8:45:93:ED:DE:A6:8E:50:A6:86:0A + X509v3 Authority Key Identifier: + keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF + DirName:/CN=OpenVPN CA + serial:DC:D5:07:B6:56:80:CF:F3 + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:66:02:31:00:9e:5f:d5:2d:55:0f:44:fa:9f:67:9b:eb:11: + a9:ef:a4:7e:2e:f1:c7:a4:99:11:d3:b3:05:30:bb:80:a9:0e: + 0d:b4:57:30:a4:4b:c4:94:49:9e:f9:7a:b6:07:7a:02:02:02: + 31:00:81:c9:96:28:0f:c6:47:84:e1:a2:86:17:a1:f3:c1:39: + 55:ca:a9:ce:8c:fc:e9:ea:70:a9:de:be:8c:83:e5:25:1a:cf: + 30:cb:f9:51:b5:3b:59:7d:15:df:9d:f2:2a:4f +-----BEGIN CERTIFICATE----- +MIIB6zCCAXCgAwIBAgICM0kwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ +TiBDQTAeFw0xNzEwMTkwOTMzMDJaFw0yNzEwMTcwOTMzMDJaMBExDzANBgNVBAMM +Bm1zemFibzB2MBAGByqGSM49AgEGBSuBBAAiA2IABGnAhieh+nQqGCHc1NFLs27V +Fga3UI06XIbquSWEvU5l2XwzE45jZMtwOTqspdBoTfWq8VaMVREm08PAShB4NX26 +Vvaa9a89a76t5+KcDuxCsknj+NY2Dd1W++PAfTTlLqOBljCBkzAJBgNVHRMEAjAA +MB0GA1UdDgQWBBQoVaL/HPyb4iLIRZPt3qaOUKaGCjBFBgNVHSMEPjA8gBQ0+Fxf +sE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJANzV +B7ZWgM/zMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAKBggqhkjO +PQQDAgNpADBmAjEAnl/VLVUPRPqfZ5vrEanvpH4u8cekmRHTswUwu4CpDg20VzCk +S8SUSZ75erYHegICAjEAgcmWKA/GR4ThooYXofPBOVXKqc6M/OnqcKnevoyD5SUa +zzDL+VG1O1l9Fd+d8ipP +-----END CERTIFICATE----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/3374.pem b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/3374.pem new file mode 100644 index 0000000..e549825 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/3374.pem @@ -0,0 +1,57 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 13172 (0x3374) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=OpenVPN CA + Validity + Not Before: May 8 11:24:56 2018 GMT + Not After : May 5 11:24:56 2028 GMT + Subject: CN=ifabian + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:21:0d:77:39:b7:b1:43:2d:e9:a2:e9:a9:3b:88: + cd:93:d5:05:4d:b5:58:04:1f:43:76:1b:93:1e:c3: + d2:d8:15:37:df:3f:d4:75:c7:81:cc:78:f8:63:84: + 8d:49:0d:49:b2:71:5e:b3:73:0b:ab:0c:5b:ff:9a: + 68:39:1b:6a:c2:8e:b0:0f:bc:cd:69:93:79:73:f2: + c3:b9:04:66:87:20:90:1c:4b:c7:c4:e9:77:86:a6: + a5:8f:59:a0:6d:03:4b + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 47:CB:B8:DB:88:B9:FB:59:61:4B:66:B6:03:EB:5F:A5:30:2F:64:AC + X509v3 Authority Key Identifier: + keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF + DirName:/CN=OpenVPN CA + serial:DC:D5:07:B6:56:80:CF:F3 + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:30:2c:e5:1b:07:5f:bd:0b:75:e1:cb:fa:7c:30:1b: + 09:31:ae:9d:83:1b:ec:23:04:96:67:14:7b:8c:3a:64:02:10: + 0f:e6:f2:35:f9:44:2f:b4:7f:8f:ee:c9:dd:7c:4d:29:02:31: + 00:e2:34:be:b9:77:34:3b:0e:89:c7:00:5b:2d:c3:36:fc:86: + c6:8b:d8:10:64:28:d5:7c:84:f2:0a:b2:67:ad:7b:1e:8c:c6: + 46:80:18:89:f1:16:d2:fb:61:53:2d:6f:61 +-----BEGIN CERTIFICATE----- +MIIB6zCCAXGgAwIBAgICM3QwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ +TiBDQTAeFw0xODA1MDgxMTI0NTZaFw0yODA1MDUxMTI0NTZaMBIxEDAOBgNVBAMM +B2lmYWJpYW4wdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQhDXc5t7FDLemi6ak7iM2T +1QVNtVgEH0N2G5Mew9LYFTffP9R1x4HMePhjhI1JDUmycV6zcwurDFv/mmg5G2rC +jrAPvM1pk3lz8sO5BGaHIJAcS8fE6XeGpqWPWaBtA0ujgZYwgZMwCQYDVR0TBAIw +ADAdBgNVHQ4EFgQUR8u424i5+1lhS2a2A+tfpTAvZKwwRQYDVR0jBD4wPIAUNPhc +X7BPtuLvQ4rZq1h00FbIS8+hGaQXMBUxEzARBgNVBAMMCk9wZW5WUE4gQ0GCCQDc +1Qe2VoDP8zATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZI +zj0EAwIDaAAwZQIwLOUbB1+9C3Xhy/p8MBsJMa6dgxvsIwSWZxR7jDpkAhAP5vI1 ++UQvtH+P7sndfE0pAjEA4jS+uXc0Ow6JxwBbLcM2/IbGi9gQZCjVfITyCrJnrXse +jMZGgBiJ8RbS+2FTLW9h +-----END CERTIFICATE----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/33E9.pem b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/33E9.pem new file mode 100644 index 0000000..d6b8d89 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/33E9.pem @@ -0,0 +1,57 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 13289 (0x33e9) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=OpenVPN CA + Validity + Not Before: Oct 19 09:34:00 2017 GMT + Not After : Oct 17 09:34:00 2027 GMT + Subject: CN=qqcs + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:9a:b6:99:d8:c9:2c:92:54:2a:9c:58:a3:1a:87: + 7c:d3:90:4b:31:09:71:9a:65:6f:9e:04:8f:52:dc: + 13:23:0f:d0:43:6f:6f:cd:87:1b:f6:43:e1:b8:45: + e2:c2:21:e2:c1:ca:13:f8:5c:d4:7c:44:c4:8e:d2: + d8:d4:c2:5e:76:89:93:1b:74:37:88:2e:c3:1e:3e: + 80:b2:d0:2f:62:44:a6:cb:73:20:67:94:ed:b1:0a: + 64:40:71:64:22:f8:6a + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + AA:02:0F:AC:73:99:75:38:B2:AA:0C:93:26:26:1C:16:CB:8E:0F:C6 + X509v3 Authority Key Identifier: + keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF + DirName:/CN=OpenVPN CA + serial:DC:D5:07:B6:56:80:CF:F3 + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:30:21:83:0b:d3:2f:23:d3:94:5b:ec:f8:39:ab:eb: + 8c:2b:d3:2d:d3:8c:02:91:c9:aa:27:43:94:2f:0b:4c:0a:3d: + d3:5e:4e:f7:ce:00:a6:64:27:50:59:23:1c:ce:29:77:02:31: + 00:cf:63:11:48:62:02:45:7c:4a:e2:b8:41:3a:28:9b:dc:24: + c1:6e:04:19:fb:a5:0f:c0:46:85:ec:9c:c7:09:b2:c5:ca:a3: + 2c:51:73:f1:8f:e0:83:3d:9e:61:a2:a1:30 +-----BEGIN CERTIFICATE----- +MIIB6DCCAW6gAwIBAgICM+kwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ +TiBDQTAeFw0xNzEwMTkwOTM0MDBaFw0yNzEwMTcwOTM0MDBaMA8xDTALBgNVBAMM +BHFxY3MwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASatpnYySySVCqcWKMah3zTkEsx +CXGaZW+eBI9S3BMjD9BDb2/Nhxv2Q+G4ReLCIeLByhP4XNR8RMSO0tjUwl52iZMb +dDeILsMePoCy0C9iRKbLcyBnlO2xCmRAcWQi+GqjgZYwgZMwCQYDVR0TBAIwADAd +BgNVHQ4EFgQUqgIPrHOZdTiyqgyTJiYcFsuOD8YwRQYDVR0jBD4wPIAUNPhcX7BP +tuLvQ4rZq1h00FbIS8+hGaQXMBUxEzARBgNVBAMMCk9wZW5WUE4gQ0GCCQDc1Qe2 +VoDP8zATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZIzj0E +AwIDaAAwZQIwIYML0y8j05Rb7Pg5q+uMK9Mt04wCkcmqJ0OULwtMCj3TXk73zgCm +ZCdQWSMczil3AjEAz2MRSGICRXxK4rhBOiib3CTBbgQZ+6UPwEaF7JzHCbLFyqMs +UXPxj+CDPZ5hoqEw +-----END CERTIFICATE----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/36B4.pem b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/36B4.pem new file mode 100644 index 0000000..898f41e --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/certs_by_serial/36B4.pem @@ -0,0 +1,57 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 14004 (0x36b4) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=OpenVPN CA + Validity + Not Before: Jan 30 10:47:27 2018 GMT + Not After : Jan 28 10:47:27 2028 GMT + Subject: CN=zbartakovics + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:8e:37:8a:ac:33:b1:25:3b:48:63:b1:8b:49:68: + d3:a2:56:b7:b6:6b:0e:de:ed:9f:7e:0e:c9:8c:8d: + 1f:37:81:de:99:1c:ee:d8:74:ac:e0:73:cb:93:bd: + c6:6f:32:a2:30:ae:d6:87:93:59:0d:b3:09:67:ba: + fc:4b:43:54:ac:d2:86:2c:4a:08:91:08:d5:ef:17: + 4e:b4:65:c3:69:55:3f:65:b5:18:59:31:e8:17:21: + 04:eb:af:11:e3:b0:56 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 99:1D:BF:07:30:49:FC:A7:A7:2C:A2:3C:DD:C4:C8:4C:7A:BF:97:8E + X509v3 Authority Key Identifier: + keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF + DirName:/CN=OpenVPN CA + serial:DC:D5:07:B6:56:80:CF:F3 + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:30:15:70:82:b0:56:64:69:39:d9:05:44:4c:8a:59: + 9f:2f:33:80:19:91:92:de:cb:8b:00:92:0c:0d:7c:0a:43:ec: + bd:b3:dc:ca:d8:3b:ca:d1:b1:39:83:25:2f:00:0b:f8:02:31: + 00:92:db:1d:38:d9:e2:7d:c2:43:8e:c1:7b:45:f3:e5:c0:aa: + d2:d9:f7:be:28:d9:c1:b3:40:04:7d:6f:86:2f:ab:bb:4b:6d: + 3e:ec:af:e2:27:b0:95:ce:2b:fc:0b:1f:b8 +-----BEGIN CERTIFICATE----- +MIIB8DCCAXagAwIBAgICNrQwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ +TiBDQTAeFw0xODAxMzAxMDQ3MjdaFw0yODAxMjgxMDQ3MjdaMBcxFTATBgNVBAMM +DHpiYXJ0YWtvdmljczB2MBAGByqGSM49AgEGBSuBBAAiA2IABI43iqwzsSU7SGOx +i0lo06JWt7ZrDt7tn34OyYyNHzeB3pkc7th0rOBzy5O9xm8yojCu1oeTWQ2zCWe6 +/EtDVKzShixKCJEI1e8XTrRlw2lVP2W1GFkx6BchBOuvEeOwVqOBljCBkzAJBgNV +HRMEAjAAMB0GA1UdDgQWBBSZHb8HMEn8p6csojzdxMhMer+XjjBFBgNVHSMEPjA8 +gBQ0+FxfsE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBD +QYIJANzVB7ZWgM/zMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAK +BggqhkjOPQQDAgNoADBlAjAVcIKwVmRpOdkFREyKWZ8vM4AZkZLey4sAkgwNfApD +7L2z3MrYO8rRsTmDJS8AC/gCMQCS2x042eJ9wkOOwXtF8+XAqtLZ974o2cGzQAR9 +b4Yvq7tLbT7sr+InsJXOK/wLH7g= +-----END CERTIFICATE----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/crl.pem b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/crl.pem new file mode 100644 index 0000000..02ce4e1 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/crl.pem @@ -0,0 +1,9 @@ +-----BEGIN X509 CRL----- +MIIBHzCBpgIBATAKBggqhkjOPQQDAjAVMRMwEQYDVQQDDApPcGVuVlBOIENBFw0x +ODEwMTMwODM5NDlaFw0xOTA0MTEwODM5NDlaMBUwEwICLgAXDTE4MDgwOTA5NTcy +MFqgSTBHMEUGA1UdIwQ+MDyAFDT4XF+wT7bi70OK2atYdNBWyEvPoRmkFzAVMRMw +EQYDVQQDDApPcGVuVlBOIENBggkA3NUHtlaAz/MwCgYIKoZIzj0EAwIDaAAwZQIx +AKc1dDbNfBROolgs/frUj3g8TtOBVLD4oYkHl8DLAZ1badd7jKyTZe5PRTm4rWDO +PAIwQy8pppUhsHClimepGdjen6sHFEsfW04WdzrWceN3U7fUsh+2SjQHrK5OogV8 +m5ru +-----END X509 CRL----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/dh.pem b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/dh.pem new file mode 100644 index 0000000..aacf250 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/dh.pem @@ -0,0 +1,8 @@ +-----BEGIN DH PARAMETERS----- +MIIBCAKCAQEAqkkmABC9P/tNOud15pJqJ3ZhHMafkwuzn3mhhXobcT8lKFSrq6lp +I1lY/6MhgTWGmOTrFMBcR3TRuNh6SFrHAvkZDbXIl+g9oKJ8oZzTd4/kxQbVxigT +I1XGj3Csurw+Nhc1gMG847XPiw4bdlGT2SNXzLMFL/tO+Ok9t+gPYtElL39kt9Hl +2u1xEIdBwpUr+I3R5y1buwtQemZ5aEdCp7/WJZRyabIG7e8ERlmHyuov29p9IGKG +OszUDoP0zIXXBB+/Co65lx7YbxA4eITpU5upB67JcOPD3SLHuTt8OknKWV2aG9ms +3pCcr5aDq1zXElDqpcEh7ROwZIyGxY4yIwIBAg== +-----END DH PARAMETERS----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/ecparams/secp384r1.pem b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/ecparams/secp384r1.pem new file mode 100644 index 0000000..ceed209 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/ecparams/secp384r1.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BgUrgQQAIg== +-----END EC PARAMETERS----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/index.txt b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/index.txt new file mode 100644 index 0000000..7030acf --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/index.txt @@ -0,0 +1,22 @@ +V 271017092659Z 01 unknown /CN=server +V 271017093045Z 31EE unknown /CN=aborza +V 271017093053Z 2EEA unknown /CN=acsiba +V 271017093111Z 2B1C unknown /CN=akosztolanyi +V 271017093122Z 2CA3 unknown /CN=azsamboki +V 271017093136Z 2FCF unknown /CN=csgulyas +V 271017093147Z 305F unknown /CN=dvasary +V 271017093200Z 333C unknown /CN=fritter +V 271017093215Z 3301 unknown /CN=fschnell +V 271017093230Z 2BAE unknown /CN=khorvath +V 271017093240Z 3274 unknown /CN=kkele +V 271017093251Z 2DB5 unknown /CN=kschaffer +V 271017093302Z 3349 unknown /CN=mszabo +R 271017093317Z 180809095720Z 2E00 unknown /CN=ptombor +V 271017093327Z 3068 unknown /CN=rrendek +V 271017093338Z 2811 unknown /CN=zfelleg +V 271017093349Z 2F41 unknown /CN=zsnemes +V 271017093400Z 33E9 unknown /CN=qqcs +V 271017093410Z 3254 unknown /CN=rtoth +V 280128104727Z 36B4 unknown /CN=zbartakovics +V 280505112440Z 2AC2 unknown /CN=cslevai +V 280505112456Z 3374 unknown /CN=ifabian diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/index.txt.attr b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/index.txt.attr new file mode 100644 index 0000000..8f7e63a --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/index.txt.attr @@ -0,0 +1 @@ +unique_subject = yes diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/index.txt.attr.old b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/index.txt.attr.old new file mode 100644 index 0000000..8f7e63a --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/index.txt.attr.old @@ -0,0 +1 @@ +unique_subject = yes diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/index.txt.old b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/index.txt.old new file mode 100644 index 0000000..1f80db9 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/index.txt.old @@ -0,0 +1,22 @@ +V 271017092659Z 01 unknown /CN=server +V 271017093045Z 31EE unknown /CN=aborza +V 271017093053Z 2EEA unknown /CN=acsiba +V 271017093111Z 2B1C unknown /CN=akosztolanyi +V 271017093122Z 2CA3 unknown /CN=azsamboki +V 271017093136Z 2FCF unknown /CN=csgulyas +V 271017093147Z 305F unknown /CN=dvasary +V 271017093200Z 333C unknown /CN=fritter +V 271017093215Z 3301 unknown /CN=fschnell +V 271017093230Z 2BAE unknown /CN=khorvath +V 271017093240Z 3274 unknown /CN=kkele +V 271017093251Z 2DB5 unknown /CN=kschaffer +V 271017093302Z 3349 unknown /CN=mszabo +V 271017093317Z 2E00 unknown /CN=ptombor +V 271017093327Z 3068 unknown /CN=rrendek +V 271017093338Z 2811 unknown /CN=zfelleg +V 271017093349Z 2F41 unknown /CN=zsnemes +V 271017093400Z 33E9 unknown /CN=qqcs +V 271017093410Z 3254 unknown /CN=rtoth +V 280128104727Z 36B4 unknown /CN=zbartakovics +V 280505112440Z 2AC2 unknown /CN=cslevai +V 280505112456Z 3374 unknown /CN=ifabian diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/aborza.crt b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/aborza.crt new file mode 100644 index 0000000..c937054 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/aborza.crt @@ -0,0 +1,57 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 12782 (0x31ee) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=OpenVPN CA + Validity + Not Before: Oct 19 09:30:45 2017 GMT + Not After : Oct 17 09:30:45 2027 GMT + Subject: CN=aborza + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:ca:81:c1:4a:ea:59:0a:e6:b5:34:90:78:60:ae: + 9a:b9:5c:d8:52:3e:ec:8f:30:00:96:c0:6b:5e:17: + 60:ab:72:09:73:e3:3e:31:5b:f7:fe:ed:31:48:94: + 6f:e9:a0:4a:70:76:55:5b:41:07:ea:af:e2:8a:b1: + 5f:5c:95:e4:f4:b4:60:1d:91:c8:0f:fb:57:f6:53: + 79:07:3a:2e:c9:6f:96:6a:7d:1e:1c:f6:74:19:76: + 8c:bb:c1:dd:dd:ff:6d + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 8D:C0:A1:00:5B:E9:79:9B:65:3D:0B:DA:CD:18:C0:80:D7:11:49:7A + X509v3 Authority Key Identifier: + keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF + DirName:/CN=OpenVPN CA + serial:DC:D5:07:B6:56:80:CF:F3 + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:30:70:1e:e8:7c:51:73:46:96:78:64:df:35:e8:90: + 28:60:66:c3:a1:9c:ce:46:c6:09:95:c3:99:80:ce:70:84:10: + 2f:a2:8b:ad:53:8f:0e:67:ad:05:88:71:4b:dc:a4:4a:02:31: + 00:83:2b:87:a9:6e:6e:14:49:ff:53:61:8c:6b:8a:f3:cf:b4: + 4a:b7:ec:19:e3:05:bd:4f:43:49:bb:cb:df:aa:ba:27:e7:5e: + 07:4a:f8:32:c6:f0:f1:22:31:a0:7f:f8:22 +-----BEGIN CERTIFICATE----- +MIIB6jCCAXCgAwIBAgICMe4wCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ +TiBDQTAeFw0xNzEwMTkwOTMwNDVaFw0yNzEwMTcwOTMwNDVaMBExDzANBgNVBAMM +BmFib3J6YTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMqBwUrqWQrmtTSQeGCumrlc +2FI+7I8wAJbAa14XYKtyCXPjPjFb9/7tMUiUb+mgSnB2VVtBB+qv4oqxX1yV5PS0 +YB2RyA/7V/ZTeQc6Lslvlmp9Hhz2dBl2jLvB3d3/baOBljCBkzAJBgNVHRMEAjAA +MB0GA1UdDgQWBBSNwKEAW+l5m2U9C9rNGMCA1xFJejBFBgNVHSMEPjA8gBQ0+Fxf +sE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJANzV +B7ZWgM/zMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAKBggqhkjO +PQQDAgNoADBlAjBwHuh8UXNGlnhk3zXokChgZsOhnM5GxgmVw5mAznCEEC+ii61T +jw5nrQWIcUvcpEoCMQCDK4epbm4USf9TYYxrivPPtEq37BnjBb1PQ0m7y9+quifn +XgdK+DLG8PEiMaB/+CI= +-----END CERTIFICATE----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/acsiba.crt b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/acsiba.crt new file mode 100644 index 0000000..06df7ed --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/acsiba.crt @@ -0,0 +1,57 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 12010 (0x2eea) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=OpenVPN CA + Validity + Not Before: Oct 19 09:30:53 2017 GMT + Not After : Oct 17 09:30:53 2027 GMT + Subject: CN=acsiba + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:da:c2:53:06:83:f7:48:e5:6a:f8:89:fc:d5:bd: + db:d0:b9:7c:e0:d9:83:2c:63:7b:d2:5f:81:a7:81: + fc:c8:3d:ff:33:a8:48:f0:aa:7b:07:68:1b:aa:01: + 70:5e:d8:d1:18:a6:12:c9:65:42:2a:43:bc:37:19: + 41:57:a2:bc:e5:fb:9b:4a:0b:88:47:50:e2:ad:3e: + 79:22:54:c0:e9:ac:2a:2f:e7:ed:0d:a0:c1:38:86: + 9e:45:ec:14:12:a3:73 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 15:17:AB:54:ED:F7:6C:D1:1E:AD:12:A6:20:4F:04:78:22:83:6C:A0 + X509v3 Authority Key Identifier: + keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF + DirName:/CN=OpenVPN CA + serial:DC:D5:07:B6:56:80:CF:F3 + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:31:00:a9:f0:bc:0c:01:70:39:9f:99:f1:c9:ce:5f: + d0:f2:b3:66:64:38:7e:9b:36:51:1c:5e:69:6f:7a:4b:bd:32: + 0f:50:7a:c9:8a:dc:f5:18:a3:f3:69:02:20:c2:3c:f1:95:02: + 30:78:72:d5:53:c2:2e:b2:5c:91:a7:a6:78:b4:3f:0f:2e:3e: + 22:20:22:3f:b2:67:96:e8:79:89:f0:b0:a8:bb:1d:d6:70:f1: + c9:1b:22:31:e3:40:36:6e:40:da:7d:64:d7 +-----BEGIN CERTIFICATE----- +MIIB6jCCAXCgAwIBAgICLuowCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ +TiBDQTAeFw0xNzEwMTkwOTMwNTNaFw0yNzEwMTcwOTMwNTNaMBExDzANBgNVBAMM +BmFjc2liYTB2MBAGByqGSM49AgEGBSuBBAAiA2IABNrCUwaD90jlaviJ/NW929C5 +fODZgyxje9JfgaeB/Mg9/zOoSPCqewdoG6oBcF7Y0RimEsllQipDvDcZQVeivOX7 +m0oLiEdQ4q0+eSJUwOmsKi/n7Q2gwTiGnkXsFBKjc6OBljCBkzAJBgNVHRMEAjAA +MB0GA1UdDgQWBBQVF6tU7fds0R6tEqYgTwR4IoNsoDBFBgNVHSMEPjA8gBQ0+Fxf +sE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJANzV +B7ZWgM/zMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAKBggqhkjO +PQQDAgNoADBlAjEAqfC8DAFwOZ+Z8cnOX9Dys2ZkOH6bNlEcXmlveku9Mg9QesmK +3PUYo/NpAiDCPPGVAjB4ctVTwi6yXJGnpni0Pw8uPiIgIj+yZ5boeYnwsKi7HdZw +8ckbIjHjQDZuQNp9ZNc= +-----END CERTIFICATE----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/akosztolanyi.crt b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/akosztolanyi.crt new file mode 100644 index 0000000..2bca6a6 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/akosztolanyi.crt @@ -0,0 +1,57 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 11036 (0x2b1c) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=OpenVPN CA + Validity + Not Before: Oct 19 09:31:11 2017 GMT + Not After : Oct 17 09:31:11 2027 GMT + Subject: CN=akosztolanyi + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:8f:3c:74:2e:5d:d7:90:ac:5c:2f:e8:fe:f3:8a: + 8d:6b:6b:96:98:a7:63:e3:03:42:4c:2b:49:22:a8: + 07:c2:ac:06:89:a8:80:04:26:5e:68:79:a8:b9:84: + 79:3e:da:98:56:15:36:f2:7c:09:f8:41:78:5c:8e: + 2c:de:1b:18:8a:49:4c:8f:fe:ed:95:8f:0f:cb:5b: + e2:64:b1:63:ef:3d:d1:95:49:f1:4e:73:47:a7:11: + 94:1c:36:da:e6:55:cf + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + B1:A3:E4:CB:16:E0:E1:12:E2:70:12:2B:8F:DA:D8:99:D6:63:A4:FC + X509v3 Authority Key Identifier: + keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF + DirName:/CN=OpenVPN CA + serial:DC:D5:07:B6:56:80:CF:F3 + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:66:02:31:00:b7:e6:6c:6c:e6:75:bd:45:00:d2:29:3e:55: + 07:c4:33:b8:50:77:09:1b:d2:9b:1d:4d:48:ed:74:a3:2d:c0: + 99:0a:06:7a:08:b6:c7:41:e0:58:a9:2c:3c:6e:3f:62:a3:02: + 31:00:a9:80:0c:db:0c:c4:7c:79:44:ec:09:a5:2d:02:ef:31: + a7:84:0b:c2:7e:a6:0b:0c:c1:e3:84:d5:35:7f:1d:ac:21:7f: + f0:83:a7:2b:db:d8:06:61:f2:86:ee:1b:6f:1f +-----BEGIN CERTIFICATE----- +MIIB8TCCAXagAwIBAgICKxwwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ +TiBDQTAeFw0xNzEwMTkwOTMxMTFaFw0yNzEwMTcwOTMxMTFaMBcxFTATBgNVBAMM +DGFrb3N6dG9sYW55aTB2MBAGByqGSM49AgEGBSuBBAAiA2IABI88dC5d15CsXC/o +/vOKjWtrlpinY+MDQkwrSSKoB8KsBomogAQmXmh5qLmEeT7amFYVNvJ8CfhBeFyO +LN4bGIpJTI/+7ZWPD8tb4mSxY+890ZVJ8U5zR6cRlBw22uZVz6OBljCBkzAJBgNV +HRMEAjAAMB0GA1UdDgQWBBSxo+TLFuDhEuJwEiuP2tiZ1mOk/DBFBgNVHSMEPjA8 +gBQ0+FxfsE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBD +QYIJANzVB7ZWgM/zMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAK +BggqhkjOPQQDAgNpADBmAjEAt+ZsbOZ1vUUA0ik+VQfEM7hQdwkb0psdTUjtdKMt +wJkKBnoItsdB4FipLDxuP2KjAjEAqYAM2wzEfHlE7AmlLQLvMaeEC8J+pgsMweOE +1TV/Hawhf/CDpyvb2AZh8obuG28f +-----END CERTIFICATE----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/azsamboki.crt b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/azsamboki.crt new file mode 100644 index 0000000..e5e08e0 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/azsamboki.crt @@ -0,0 +1,57 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 11427 (0x2ca3) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=OpenVPN CA + Validity + Not Before: Oct 19 09:31:22 2017 GMT + Not After : Oct 17 09:31:22 2027 GMT + Subject: CN=azsamboki + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:37:66:66:c1:b8:90:03:80:8d:75:22:db:61:2e: + 72:0e:78:04:91:9d:da:99:39:1d:89:0b:0e:34:90: + 06:0d:3d:8c:25:2f:fc:56:75:bc:85:ab:24:54:14: + f4:27:39:49:10:11:80:4a:07:7b:72:ed:79:8d:95: + 34:e3:07:13:3b:da:51:eb:8a:b5:77:b6:71:e4:97: + e6:05:4f:27:3e:0a:c1:f6:1f:ff:bf:a4:5e:43:ca: + bc:42:fd:3f:49:c3:5b + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + DE:CA:E6:F5:11:A9:62:D9:9C:93:4A:B3:2B:A4:9B:31:B1:1E:66:61 + X509v3 Authority Key Identifier: + keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF + DirName:/CN=OpenVPN CA + serial:DC:D5:07:B6:56:80:CF:F3 + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:66:02:31:00:cb:c2:a4:ad:cd:f0:de:75:3b:7e:bb:c8:c1: + 45:2a:bf:01:8e:83:b7:7b:15:98:7d:21:2c:86:83:bb:2d:21: + f6:be:b8:0d:fb:91:d2:57:fb:21:e4:6c:4f:90:b8:29:eb:02: + 31:00:f2:98:41:ca:42:df:94:78:e5:c7:9e:93:fc:e4:f2:5f: + cc:5d:5d:e9:f8:97:84:1a:78:15:90:04:06:99:77:9b:dd:3c: + 3a:93:55:d0:2b:f6:59:80:ae:c7:1d:85:32:61 +-----BEGIN CERTIFICATE----- +MIIB7jCCAXOgAwIBAgICLKMwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ +TiBDQTAeFw0xNzEwMTkwOTMxMjJaFw0yNzEwMTcwOTMxMjJaMBQxEjAQBgNVBAMM +CWF6c2FtYm9raTB2MBAGByqGSM49AgEGBSuBBAAiA2IABDdmZsG4kAOAjXUi22Eu +cg54BJGd2pk5HYkLDjSQBg09jCUv/FZ1vIWrJFQU9Cc5SRARgEoHe3LteY2VNOMH +EzvaUeuKtXe2ceSX5gVPJz4KwfYf/7+kXkPKvEL9P0nDW6OBljCBkzAJBgNVHRME +AjAAMB0GA1UdDgQWBBTeyub1Eali2ZyTSrMrpJsxsR5mYTBFBgNVHSMEPjA8gBQ0 ++FxfsE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJ +ANzVB7ZWgM/zMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAKBggq +hkjOPQQDAgNpADBmAjEAy8Kkrc3w3nU7frvIwUUqvwGOg7d7FZh9ISyGg7stIfa+ +uA37kdJX+yHkbE+QuCnrAjEA8phBykLflHjlx56T/OTyX8xdXen4l4QaeBWQBAaZ +d5vdPDqTVdAr9lmArscdhTJh +-----END CERTIFICATE----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/csgulyas.crt b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/csgulyas.crt new file mode 100644 index 0000000..f43820c --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/csgulyas.crt @@ -0,0 +1,57 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 12239 (0x2fcf) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=OpenVPN CA + Validity + Not Before: Oct 19 09:31:36 2017 GMT + Not After : Oct 17 09:31:36 2027 GMT + Subject: CN=csgulyas + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:f2:18:09:ae:cd:31:69:80:cf:9b:ca:1b:ff:67: + d8:40:61:dc:48:60:b5:19:f9:40:aa:0b:92:0b:2b: + d9:7c:1f:01:23:cd:7a:62:51:0a:6a:57:18:49:dd: + d3:6b:71:48:4e:31:69:7c:56:b9:68:ed:a4:e8:a7: + cb:bb:6c:f8:95:f4:76:64:07:14:8f:4f:04:e9:26: + a2:74:46:a5:10:77:67:18:28:9c:8d:29:10:f7:7f: + 92:b2:83:75:19:8d:74 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 23:BC:13:C4:79:E6:B1:98:F7:D3:0D:AB:BB:B2:7F:C6:08:19:D5:15 + X509v3 Authority Key Identifier: + keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF + DirName:/CN=OpenVPN CA + serial:DC:D5:07:B6:56:80:CF:F3 + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:66:02:31:00:d9:f1:2c:76:09:e3:5b:ed:20:3a:a7:47:48: + b8:55:d1:eb:37:51:3a:9f:33:48:03:c3:ec:82:9b:72:d5:94: + 24:58:7d:55:34:69:68:86:f4:57:85:1b:91:a5:57:c1:fb:02: + 31:00:f3:8f:50:60:25:14:b9:48:73:a8:d0:a0:ee:b1:a4:f9: + a3:6f:a8:29:d1:8c:fe:d0:be:7d:2f:67:e7:9d:02:85:ac:54: + d4:da:0f:68:85:53:04:7a:9c:14:28:91:7b:c3 +-----BEGIN CERTIFICATE----- +MIIB7TCCAXKgAwIBAgICL88wCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ +TiBDQTAeFw0xNzEwMTkwOTMxMzZaFw0yNzEwMTcwOTMxMzZaMBMxETAPBgNVBAMM +CGNzZ3VseWFzMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8hgJrs0xaYDPm8ob/2fY +QGHcSGC1GflAqguSCyvZfB8BI816YlEKalcYSd3Ta3FITjFpfFa5aO2k6KfLu2z4 +lfR2ZAcUj08E6SaidEalEHdnGCicjSkQ93+SsoN1GY10o4GWMIGTMAkGA1UdEwQC +MAAwHQYDVR0OBBYEFCO8E8R55rGY99MNq7uyf8YIGdUVMEUGA1UdIwQ+MDyAFDT4 +XF+wT7bi70OK2atYdNBWyEvPoRmkFzAVMRMwEQYDVQQDDApPcGVuVlBOIENBggkA +3NUHtlaAz/MwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqG +SM49BAMCA2kAMGYCMQDZ8Sx2CeNb7SA6p0dIuFXR6zdROp8zSAPD7IKbctWUJFh9 +VTRpaIb0V4UbkaVXwfsCMQDzj1BgJRS5SHOo0KDusaT5o2+oKdGM/tC+fS9n550C +haxU1NoPaIVTBHqcFCiRe8M= +-----END CERTIFICATE----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/cslevai.crt b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/cslevai.crt new file mode 100644 index 0000000..94cabe9 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/cslevai.crt @@ -0,0 +1,57 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 10946 (0x2ac2) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=OpenVPN CA + Validity + Not Before: May 8 11:24:40 2018 GMT + Not After : May 5 11:24:40 2028 GMT + Subject: CN=cslevai + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:a1:0f:74:b8:b8:de:43:c0:f5:a6:5c:24:49:fb: + 38:bc:80:d7:b7:af:a3:be:8d:f6:08:87:0b:13:8b: + 2f:c0:1c:d6:1a:27:78:26:d5:3b:0f:01:f3:8b:a0: + 3f:a0:dc:b5:2a:88:8d:7d:31:b2:98:ab:71:43:8c: + d3:d7:c2:84:a4:db:e8:40:e6:83:d8:6f:7d:8c:c5: + cf:87:5d:bc:6e:b2:6e:5a:07:64:cb:a6:57:e0:05: + 78:35:ae:71:da:5e:b7 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + C0:FE:8D:CF:21:47:D9:22:05:1A:A9:0F:5C:9A:0C:DF:78:13:21:6A + X509v3 Authority Key Identifier: + keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF + DirName:/CN=OpenVPN CA + serial:DC:D5:07:B6:56:80:CF:F3 + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:30:31:1e:7f:c1:2c:49:3e:d4:d9:d4:c0:3e:ad:f7: + 54:40:d9:f7:e5:1e:34:16:ef:52:35:51:92:d0:f1:9f:07:b0: + d8:aa:1d:75:4c:73:27:a5:e7:7e:7c:fa:11:40:d2:55:02:31: + 00:95:9a:5e:2d:20:ab:c6:93:30:7f:2a:91:e8:46:34:aa:90: + 4f:3e:b0:63:c0:e1:01:36:23:61:03:20:01:51:ba:fc:3d:29: + 74:50:0b:e0:5e:20:8a:33:58:f4:db:24:21 +-----BEGIN CERTIFICATE----- +MIIB6zCCAXGgAwIBAgICKsIwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ +TiBDQTAeFw0xODA1MDgxMTI0NDBaFw0yODA1MDUxMTI0NDBaMBIxEDAOBgNVBAMM +B2NzbGV2YWkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAShD3S4uN5DwPWmXCRJ+zi8 +gNe3r6O+jfYIhwsTiy/AHNYaJ3gm1TsPAfOLoD+g3LUqiI19MbKYq3FDjNPXwoSk +2+hA5oPYb32Mxc+HXbxusm5aB2TLplfgBXg1rnHaXrejgZYwgZMwCQYDVR0TBAIw +ADAdBgNVHQ4EFgQUwP6NzyFH2SIFGqkPXJoM33gTIWowRQYDVR0jBD4wPIAUNPhc +X7BPtuLvQ4rZq1h00FbIS8+hGaQXMBUxEzARBgNVBAMMCk9wZW5WUE4gQ0GCCQDc +1Qe2VoDP8zATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZI +zj0EAwIDaAAwZQIwMR5/wSxJPtTZ1MA+rfdUQNn35R40Fu9SNVGS0PGfB7DYqh11 +THMnped+fPoRQNJVAjEAlZpeLSCrxpMwfyqR6EY0qpBPPrBjwOEBNiNhAyABUbr8 +PSl0UAvgXiCKM1j02yQh +-----END CERTIFICATE----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/dvasary.crt b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/dvasary.crt new file mode 100644 index 0000000..cdccc90 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/dvasary.crt @@ -0,0 +1,57 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 12383 (0x305f) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=OpenVPN CA + Validity + Not Before: Oct 19 09:31:47 2017 GMT + Not After : Oct 17 09:31:47 2027 GMT + Subject: CN=dvasary + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:e6:2e:65:84:8a:05:e7:d2:32:6b:85:20:26:cd: + 0d:dc:a2:e6:cc:23:36:f4:33:7b:f0:6c:0d:a0:8d: + f8:0c:13:77:57:f7:6e:02:b7:1a:35:b0:ee:31:26: + 0d:57:31:df:11:fa:15:73:bd:d3:3e:e6:bc:97:9b: + 5e:da:41:b0:36:a2:95:98:3b:a6:4e:f5:18:8c:9e: + ff:26:8f:3e:00:93:b0:14:84:4d:43:f0:01:fa:95: + 6d:32:f2:41:0e:4f:5e + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + CD:19:31:60:F7:8A:AB:3D:A9:4F:C8:83:0D:B0:5A:D0:EB:69:44:4B + X509v3 Authority Key Identifier: + keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF + DirName:/CN=OpenVPN CA + serial:DC:D5:07:B6:56:80:CF:F3 + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:31:00:c8:72:bd:64:1d:57:d1:87:d9:1c:ef:e9:4f: + 7a:c9:b5:80:58:fb:ff:47:50:43:13:eb:80:4d:ab:ab:d6:9b: + 90:65:ae:58:88:43:da:3a:56:ba:ea:24:c0:03:42:a6:b1:02: + 30:22:fa:c5:a0:7d:b7:97:54:5a:e7:65:25:6a:02:f8:53:99: + 08:64:5e:a9:70:27:84:b0:03:df:d1:39:c9:9a:b7:ca:be:60: + d5:45:22:18:a7:ca:da:56:bd:15:d5:30:66 +-----BEGIN CERTIFICATE----- +MIIB6zCCAXGgAwIBAgICMF8wCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ +TiBDQTAeFw0xNzEwMTkwOTMxNDdaFw0yNzEwMTcwOTMxNDdaMBIxEDAOBgNVBAMM +B2R2YXNhcnkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATmLmWEigXn0jJrhSAmzQ3c +oubMIzb0M3vwbA2gjfgME3dX924Ctxo1sO4xJg1XMd8R+hVzvdM+5ryXm17aQbA2 +opWYO6ZO9RiMnv8mjz4Ak7AUhE1D8AH6lW0y8kEOT16jgZYwgZMwCQYDVR0TBAIw +ADAdBgNVHQ4EFgQUzRkxYPeKqz2pT8iDDbBa0OtpREswRQYDVR0jBD4wPIAUNPhc +X7BPtuLvQ4rZq1h00FbIS8+hGaQXMBUxEzARBgNVBAMMCk9wZW5WUE4gQ0GCCQDc +1Qe2VoDP8zATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZI +zj0EAwIDaAAwZQIxAMhyvWQdV9GH2Rzv6U96ybWAWPv/R1BDE+uATaur1puQZa5Y +iEPaOla66iTAA0KmsQIwIvrFoH23l1Ra52UlagL4U5kIZF6pcCeEsAPf0TnJmrfK +vmDVRSIYp8raVr0V1TBm +-----END CERTIFICATE----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/fritter.crt b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/fritter.crt new file mode 100644 index 0000000..aa68a42 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/fritter.crt @@ -0,0 +1,57 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 13116 (0x333c) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=OpenVPN CA + Validity + Not Before: Oct 19 09:32:00 2017 GMT + Not After : Oct 17 09:32:00 2027 GMT + Subject: CN=fritter + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:2c:40:ec:81:89:ad:1b:ae:c8:1c:3e:5d:62:2f: + 5e:27:33:d2:42:ba:b9:6c:38:34:ea:90:d6:dd:10: + e6:b3:19:f5:02:4a:fe:8c:b4:77:cf:6f:c5:ab:81: + 82:88:3c:4e:9b:82:c3:22:c2:1f:c8:c7:53:af:18: + f9:9b:92:cf:18:51:8f:95:67:6b:04:9f:f4:95:b8: + 8b:1a:6a:d4:4c:23:c5:33:46:20:d2:e5:15:bf:bd: + af:1c:68:44:98:85:82 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + F6:A5:72:FC:DA:1E:8B:69:98:1A:0E:1E:21:31:3F:A3:CD:57:59:D2 + X509v3 Authority Key Identifier: + keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF + DirName:/CN=OpenVPN CA + serial:DC:D5:07:B6:56:80:CF:F3 + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:31:00:ce:de:f9:f5:30:65:f1:0c:19:dd:a5:8d:42: + e7:b5:5b:66:96:45:7f:d2:00:de:d2:9f:7a:7d:cc:0a:a8:6e: + 0e:ce:f3:1a:4e:1e:33:50:48:9c:84:d4:47:47:d8:81:98:02: + 30:0b:13:67:f6:2a:d8:0d:86:2b:15:18:e5:41:f3:dc:3b:1c: + 15:a4:09:a6:82:03:d5:16:7e:4b:6b:0b:51:70:1a:01:92:e1: + 4f:61:58:1b:ed:b8:d9:17:90:78:70:85:bc +-----BEGIN CERTIFICATE----- +MIIB6zCCAXGgAwIBAgICMzwwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ +TiBDQTAeFw0xNzEwMTkwOTMyMDBaFw0yNzEwMTcwOTMyMDBaMBIxEDAOBgNVBAMM +B2ZyaXR0ZXIwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQsQOyBia0brsgcPl1iL14n +M9JCurlsODTqkNbdEOazGfUCSv6MtHfPb8WrgYKIPE6bgsMiwh/Ix1OvGPmbks8Y +UY+VZ2sEn/SVuIsaatRMI8UzRiDS5RW/va8caESYhYKjgZYwgZMwCQYDVR0TBAIw +ADAdBgNVHQ4EFgQU9qVy/Noei2mYGg4eITE/o81XWdIwRQYDVR0jBD4wPIAUNPhc +X7BPtuLvQ4rZq1h00FbIS8+hGaQXMBUxEzARBgNVBAMMCk9wZW5WUE4gQ0GCCQDc +1Qe2VoDP8zATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZI +zj0EAwIDaAAwZQIxAM7e+fUwZfEMGd2ljULntVtmlkV/0gDe0p96fcwKqG4OzvMa +Th4zUEichNRHR9iBmAIwCxNn9irYDYYrFRjlQfPcOxwVpAmmggPVFn5LawtRcBoB +kuFPYVgb7bjZF5B4cIW8 +-----END CERTIFICATE----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/fschnell.crt b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/fschnell.crt new file mode 100644 index 0000000..13bc21a --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/fschnell.crt @@ -0,0 +1,57 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 13057 (0x3301) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=OpenVPN CA + Validity + Not Before: Oct 19 09:32:15 2017 GMT + Not After : Oct 17 09:32:15 2027 GMT + Subject: CN=fschnell + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:53:8d:f8:f4:fd:5f:c9:b3:4c:57:f6:c4:93:7f: + 94:43:31:09:62:ca:ef:5a:d8:12:54:59:58:84:21: + aa:59:8b:5a:23:a9:b7:1b:e8:e6:e3:a6:76:14:75: + 45:c7:d5:0c:89:5c:e7:9e:f1:56:2a:6d:25:b8:30: + 6f:4a:dd:80:08:b0:a6:07:c8:98:d6:f3:0a:07:d9: + 60:d0:00:58:7f:f6:a5:6b:78:53:82:44:5a:81:01: + 54:18:6f:1b:f4:99:f9 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + C8:6F:89:82:1D:8F:8C:70:84:6F:E9:35:BD:92:9C:3E:56:DC:40:CD + X509v3 Authority Key Identifier: + keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF + DirName:/CN=OpenVPN CA + serial:DC:D5:07:B6:56:80:CF:F3 + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:66:02:31:00:f7:04:12:3d:b3:98:22:bc:aa:06:62:be:31: + ac:32:26:c9:80:1b:aa:17:e0:85:82:0b:14:b8:35:09:8f:e4: + 7c:2b:8f:82:a6:c2:08:9d:91:7a:43:19:30:a2:94:e6:2b:02: + 31:00:fb:61:02:d5:e4:9b:a8:a3:d9:5e:e6:cf:4e:8f:5c:17: + 4e:59:c4:20:78:bb:d6:2a:cc:8c:92:e5:78:aa:6b:2c:ce:db: + 94:46:86:16:76:14:ac:64:41:d1:78:d2:a9:ec +-----BEGIN CERTIFICATE----- +MIIB7TCCAXKgAwIBAgICMwEwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ +TiBDQTAeFw0xNzEwMTkwOTMyMTVaFw0yNzEwMTcwOTMyMTVaMBMxETAPBgNVBAMM +CGZzY2huZWxsMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEU4349P1fybNMV/bEk3+U +QzEJYsrvWtgSVFlYhCGqWYtaI6m3G+jm46Z2FHVFx9UMiVznnvFWKm0luDBvSt2A +CLCmB8iY1vMKB9lg0ABYf/ala3hTgkRagQFUGG8b9Jn5o4GWMIGTMAkGA1UdEwQC +MAAwHQYDVR0OBBYEFMhviYIdj4xwhG/pNb2SnD5W3EDNMEUGA1UdIwQ+MDyAFDT4 +XF+wT7bi70OK2atYdNBWyEvPoRmkFzAVMRMwEQYDVQQDDApPcGVuVlBOIENBggkA +3NUHtlaAz/MwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqG +SM49BAMCA2kAMGYCMQD3BBI9s5givKoGYr4xrDImyYAbqhfghYILFLg1CY/kfCuP +gqbCCJ2RekMZMKKU5isCMQD7YQLV5Juoo9le5s9Oj1wXTlnEIHi71irMjJLleKpr +LM7blEaGFnYUrGRB0XjSqew= +-----END CERTIFICATE----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/ifabian.crt b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/ifabian.crt new file mode 100644 index 0000000..e549825 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/ifabian.crt @@ -0,0 +1,57 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 13172 (0x3374) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=OpenVPN CA + Validity + Not Before: May 8 11:24:56 2018 GMT + Not After : May 5 11:24:56 2028 GMT + Subject: CN=ifabian + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:21:0d:77:39:b7:b1:43:2d:e9:a2:e9:a9:3b:88: + cd:93:d5:05:4d:b5:58:04:1f:43:76:1b:93:1e:c3: + d2:d8:15:37:df:3f:d4:75:c7:81:cc:78:f8:63:84: + 8d:49:0d:49:b2:71:5e:b3:73:0b:ab:0c:5b:ff:9a: + 68:39:1b:6a:c2:8e:b0:0f:bc:cd:69:93:79:73:f2: + c3:b9:04:66:87:20:90:1c:4b:c7:c4:e9:77:86:a6: + a5:8f:59:a0:6d:03:4b + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 47:CB:B8:DB:88:B9:FB:59:61:4B:66:B6:03:EB:5F:A5:30:2F:64:AC + X509v3 Authority Key Identifier: + keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF + DirName:/CN=OpenVPN CA + serial:DC:D5:07:B6:56:80:CF:F3 + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:30:2c:e5:1b:07:5f:bd:0b:75:e1:cb:fa:7c:30:1b: + 09:31:ae:9d:83:1b:ec:23:04:96:67:14:7b:8c:3a:64:02:10: + 0f:e6:f2:35:f9:44:2f:b4:7f:8f:ee:c9:dd:7c:4d:29:02:31: + 00:e2:34:be:b9:77:34:3b:0e:89:c7:00:5b:2d:c3:36:fc:86: + c6:8b:d8:10:64:28:d5:7c:84:f2:0a:b2:67:ad:7b:1e:8c:c6: + 46:80:18:89:f1:16:d2:fb:61:53:2d:6f:61 +-----BEGIN CERTIFICATE----- +MIIB6zCCAXGgAwIBAgICM3QwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ +TiBDQTAeFw0xODA1MDgxMTI0NTZaFw0yODA1MDUxMTI0NTZaMBIxEDAOBgNVBAMM +B2lmYWJpYW4wdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQhDXc5t7FDLemi6ak7iM2T +1QVNtVgEH0N2G5Mew9LYFTffP9R1x4HMePhjhI1JDUmycV6zcwurDFv/mmg5G2rC +jrAPvM1pk3lz8sO5BGaHIJAcS8fE6XeGpqWPWaBtA0ujgZYwgZMwCQYDVR0TBAIw +ADAdBgNVHQ4EFgQUR8u424i5+1lhS2a2A+tfpTAvZKwwRQYDVR0jBD4wPIAUNPhc +X7BPtuLvQ4rZq1h00FbIS8+hGaQXMBUxEzARBgNVBAMMCk9wZW5WUE4gQ0GCCQDc +1Qe2VoDP8zATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZI +zj0EAwIDaAAwZQIwLOUbB1+9C3Xhy/p8MBsJMa6dgxvsIwSWZxR7jDpkAhAP5vI1 ++UQvtH+P7sndfE0pAjEA4jS+uXc0Ow6JxwBbLcM2/IbGi9gQZCjVfITyCrJnrXse +jMZGgBiJ8RbS+2FTLW9h +-----END CERTIFICATE----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/khorvath.crt b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/khorvath.crt new file mode 100644 index 0000000..4ae8d97 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/khorvath.crt @@ -0,0 +1,57 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 11182 (0x2bae) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=OpenVPN CA + Validity + Not Before: Oct 19 09:32:30 2017 GMT + Not After : Oct 17 09:32:30 2027 GMT + Subject: CN=khorvath + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:ab:61:3a:de:89:4e:0e:63:ea:c8:6b:98:1a:8b: + c4:f9:72:f4:bf:b2:0e:eb:94:ef:04:6c:a9:e4:78: + 53:f9:a8:af:6a:14:9b:27:e9:17:45:c7:f9:9e:e4: + d3:59:43:9c:13:c7:15:63:80:8e:aa:ac:fc:9a:55: + 59:64:7c:62:3d:2c:50:20:97:d1:c1:1e:22:94:53: + 74:4a:5f:30:fb:a0:3d:ba:e0:9d:2e:e2:70:af:73: + a5:c0:32:45:77:2e:20 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 1D:C8:C2:9E:05:CF:12:BB:33:C2:D9:24:C7:ED:A4:8D:86:23:75:CF + X509v3 Authority Key Identifier: + keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF + DirName:/CN=OpenVPN CA + serial:DC:D5:07:B6:56:80:CF:F3 + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:66:02:31:00:98:ba:ed:a5:45:71:05:76:b6:40:76:4e:a3: + 31:bd:38:7e:7d:0b:71:13:6f:1a:ee:58:1a:89:eb:ee:50:b2: + 86:2b:c6:4b:dc:8b:a5:ee:4b:c7:06:c9:65:55:10:7c:95:02: + 31:00:88:07:18:6d:65:2f:bf:79:42:d7:df:5c:88:f9:ff:81: + 8a:3d:25:80:8b:76:33:59:a9:28:20:82:30:40:67:88:49:34: + 51:f2:36:0a:22:49:2e:e5:d7:35:c3:4e:c8:2b +-----BEGIN CERTIFICATE----- +MIIB7TCCAXKgAwIBAgICK64wCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ +TiBDQTAeFw0xNzEwMTkwOTMyMzBaFw0yNzEwMTcwOTMyMzBaMBMxETAPBgNVBAMM +CGtob3J2YXRoMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEq2E63olODmPqyGuYGovE ++XL0v7IO65TvBGyp5HhT+aivahSbJ+kXRcf5nuTTWUOcE8cVY4COqqz8mlVZZHxi +PSxQIJfRwR4ilFN0Sl8w+6A9uuCdLuJwr3OlwDJFdy4go4GWMIGTMAkGA1UdEwQC +MAAwHQYDVR0OBBYEFB3Iwp4FzxK7M8LZJMftpI2GI3XPMEUGA1UdIwQ+MDyAFDT4 +XF+wT7bi70OK2atYdNBWyEvPoRmkFzAVMRMwEQYDVQQDDApPcGVuVlBOIENBggkA +3NUHtlaAz/MwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqG +SM49BAMCA2kAMGYCMQCYuu2lRXEFdrZAdk6jMb04fn0LcRNvGu5YGonr7lCyhivG +S9yLpe5LxwbJZVUQfJUCMQCIBxhtZS+/eULX31yI+f+Bij0lgIt2M1mpKCCCMEBn +iEk0UfI2CiJJLuXXNcNOyCs= +-----END CERTIFICATE----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/kkele.crt b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/kkele.crt new file mode 100644 index 0000000..3b4c9b3 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/kkele.crt @@ -0,0 +1,57 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 12916 (0x3274) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=OpenVPN CA + Validity + Not Before: Oct 19 09:32:40 2017 GMT + Not After : Oct 17 09:32:40 2027 GMT + Subject: CN=kkele + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:25:3e:a3:bd:c9:27:5e:ba:c6:30:68:0f:90:17: + 94:89:69:30:04:70:6a:ba:16:40:3d:04:08:ed:00: + 2d:a2:c4:45:aa:db:af:85:d2:a6:40:7b:69:85:bc: + cf:9a:41:66:0b:4d:1a:c4:82:53:b0:d1:cb:53:98: + 39:90:11:11:5e:e7:98:a7:b3:71:31:b1:55:be:07: + ef:ed:6a:e7:dc:e9:38:fd:03:fc:d5:52:ed:a8:da: + de:88:22:6d:c2:80:0a + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 05:94:51:39:17:98:AD:AD:A6:A0:4D:7F:79:9C:81:1F:3C:BB:8A:88 + X509v3 Authority Key Identifier: + keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF + DirName:/CN=OpenVPN CA + serial:DC:D5:07:B6:56:80:CF:F3 + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:64:02:30:6c:81:f6:f7:47:45:a0:a2:2b:20:6f:2c:22:7d: + 40:79:45:2a:66:9e:04:5d:75:b9:d9:f9:a7:98:c8:81:c9:6e: + bd:9c:35:e8:67:2c:9c:2f:52:62:3c:b4:5f:4a:33:68:02:30: + 72:86:06:98:6e:ab:ff:2e:00:0d:20:1a:35:1f:86:33:ed:7c: + 36:31:69:89:98:6e:3e:22:39:71:c3:e3:62:26:20:aa:56:77: + 5f:1e:e3:60:45:dd:37:ca:6b:4f:f6:66 +-----BEGIN CERTIFICATE----- +MIIB6DCCAW+gAwIBAgICMnQwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ +TiBDQTAeFw0xNzEwMTkwOTMyNDBaFw0yNzEwMTcwOTMyNDBaMBAxDjAMBgNVBAMM +BWtrZWxlMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEJT6jvcknXrrGMGgPkBeUiWkw +BHBquhZAPQQI7QAtosRFqtuvhdKmQHtphbzPmkFmC00axIJTsNHLU5g5kBERXueY +p7NxMbFVvgfv7Wrn3Ok4/QP81VLtqNreiCJtwoAKo4GWMIGTMAkGA1UdEwQCMAAw +HQYDVR0OBBYEFAWUUTkXmK2tpqBNf3mcgR88u4qIMEUGA1UdIwQ+MDyAFDT4XF+w +T7bi70OK2atYdNBWyEvPoRmkFzAVMRMwEQYDVQQDDApPcGVuVlBOIENBggkA3NUH +tlaAz/MwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqGSM49 +BAMCA2cAMGQCMGyB9vdHRaCiKyBvLCJ9QHlFKmaeBF11udn5p5jIgcluvZw16Gcs +nC9SYjy0X0ozaAIwcoYGmG6r/y4ADSAaNR+GM+18NjFpiZhuPiI5ccPjYiYgqlZ3 +Xx7jYEXdN8prT/Zm +-----END CERTIFICATE----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/kschaffer.crt b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/kschaffer.crt new file mode 100644 index 0000000..46a3a44 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/kschaffer.crt @@ -0,0 +1,57 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 11701 (0x2db5) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=OpenVPN CA + Validity + Not Before: Oct 19 09:32:51 2017 GMT + Not After : Oct 17 09:32:51 2027 GMT + Subject: CN=kschaffer + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:fc:5e:b3:e4:29:34:b3:d0:28:23:12:b9:4a:aa: + 85:61:2a:cd:16:9b:f9:38:dc:06:32:b1:39:0f:89: + 9f:df:aa:6e:1c:70:99:db:e9:aa:5d:21:eb:f6:6d: + 8f:e6:6b:25:bd:f6:e6:48:2f:75:ee:16:10:a5:e5: + 54:d7:32:7e:6e:26:1d:c2:8e:78:80:9e:69:3f:50: + 38:36:43:36:42:95:f5:42:b3:22:2f:6c:8b:bd:ca: + 2c:40:ea:3f:84:ce:be + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + B6:58:C0:94:45:C5:AC:E8:0A:30:D5:FA:15:AB:DC:7C:53:DC:88:06 + X509v3 Authority Key Identifier: + keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF + DirName:/CN=OpenVPN CA + serial:DC:D5:07:B6:56:80:CF:F3 + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:66:02:31:00:95:e3:da:70:d6:17:f5:85:18:a7:2d:db:31: + 5d:22:a2:98:9a:24:8f:15:75:a6:60:2f:5a:67:46:bc:14:cc: + 38:d2:bc:b8:dd:f1:0d:4c:15:45:37:0f:cb:79:3e:d8:32:02: + 31:00:95:0d:83:ef:33:b0:da:d2:bc:ba:99:27:10:c0:fc:b2: + 9d:31:d7:e8:60:95:0a:0e:59:df:92:59:86:70:cc:7f:64:94: + 76:df:f7:1f:b9:5c:e2:14:85:9c:61:76:b0:cb +-----BEGIN CERTIFICATE----- +MIIB7jCCAXOgAwIBAgICLbUwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ +TiBDQTAeFw0xNzEwMTkwOTMyNTFaFw0yNzEwMTcwOTMyNTFaMBQxEjAQBgNVBAMM +CWtzY2hhZmZlcjB2MBAGByqGSM49AgEGBSuBBAAiA2IABPxes+QpNLPQKCMSuUqq +hWEqzRab+TjcBjKxOQ+Jn9+qbhxwmdvpql0h6/Ztj+ZrJb325kgvde4WEKXlVNcy +fm4mHcKOeICeaT9QODZDNkKV9UKzIi9si73KLEDqP4TOvqOBljCBkzAJBgNVHRME +AjAAMB0GA1UdDgQWBBS2WMCURcWs6Aow1foVq9x8U9yIBjBFBgNVHSMEPjA8gBQ0 ++FxfsE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJ +ANzVB7ZWgM/zMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAKBggq +hkjOPQQDAgNpADBmAjEAlePacNYX9YUYpy3bMV0iopiaJI8VdaZgL1pnRrwUzDjS +vLjd8Q1MFUU3D8t5PtgyAjEAlQ2D7zOw2tK8upknEMD8sp0x1+hglQoOWd+SWYZw +zH9klHbf9x+5XOIUhZxhdrDL +-----END CERTIFICATE----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/mszabo.crt b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/mszabo.crt new file mode 100644 index 0000000..ed6b42a --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/mszabo.crt @@ -0,0 +1,57 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 13129 (0x3349) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=OpenVPN CA + Validity + Not Before: Oct 19 09:33:02 2017 GMT + Not After : Oct 17 09:33:02 2027 GMT + Subject: CN=mszabo + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:69:c0:86:27:a1:fa:74:2a:18:21:dc:d4:d1:4b: + b3:6e:d5:16:06:b7:50:8d:3a:5c:86:ea:b9:25:84: + bd:4e:65:d9:7c:33:13:8e:63:64:cb:70:39:3a:ac: + a5:d0:68:4d:f5:aa:f1:56:8c:55:11:26:d3:c3:c0: + 4a:10:78:35:7d:ba:56:f6:9a:f5:af:3d:6b:be:ad: + e7:e2:9c:0e:ec:42:b2:49:e3:f8:d6:36:0d:dd:56: + fb:e3:c0:7d:34:e5:2e + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 28:55:A2:FF:1C:FC:9B:E2:22:C8:45:93:ED:DE:A6:8E:50:A6:86:0A + X509v3 Authority Key Identifier: + keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF + DirName:/CN=OpenVPN CA + serial:DC:D5:07:B6:56:80:CF:F3 + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:66:02:31:00:9e:5f:d5:2d:55:0f:44:fa:9f:67:9b:eb:11: + a9:ef:a4:7e:2e:f1:c7:a4:99:11:d3:b3:05:30:bb:80:a9:0e: + 0d:b4:57:30:a4:4b:c4:94:49:9e:f9:7a:b6:07:7a:02:02:02: + 31:00:81:c9:96:28:0f:c6:47:84:e1:a2:86:17:a1:f3:c1:39: + 55:ca:a9:ce:8c:fc:e9:ea:70:a9:de:be:8c:83:e5:25:1a:cf: + 30:cb:f9:51:b5:3b:59:7d:15:df:9d:f2:2a:4f +-----BEGIN CERTIFICATE----- +MIIB6zCCAXCgAwIBAgICM0kwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ +TiBDQTAeFw0xNzEwMTkwOTMzMDJaFw0yNzEwMTcwOTMzMDJaMBExDzANBgNVBAMM +Bm1zemFibzB2MBAGByqGSM49AgEGBSuBBAAiA2IABGnAhieh+nQqGCHc1NFLs27V +Fga3UI06XIbquSWEvU5l2XwzE45jZMtwOTqspdBoTfWq8VaMVREm08PAShB4NX26 +Vvaa9a89a76t5+KcDuxCsknj+NY2Dd1W++PAfTTlLqOBljCBkzAJBgNVHRMEAjAA +MB0GA1UdDgQWBBQoVaL/HPyb4iLIRZPt3qaOUKaGCjBFBgNVHSMEPjA8gBQ0+Fxf +sE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJANzV +B7ZWgM/zMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAKBggqhkjO +PQQDAgNpADBmAjEAnl/VLVUPRPqfZ5vrEanvpH4u8cekmRHTswUwu4CpDg20VzCk +S8SUSZ75erYHegICAjEAgcmWKA/GR4ThooYXofPBOVXKqc6M/OnqcKnevoyD5SUa +zzDL+VG1O1l9Fd+d8ipP +-----END CERTIFICATE----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/ptombor.crt b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/ptombor.crt new file mode 100644 index 0000000..d3f1af9 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/ptombor.crt @@ -0,0 +1,57 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 11776 (0x2e00) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=OpenVPN CA + Validity + Not Before: Oct 19 09:33:17 2017 GMT + Not After : Oct 17 09:33:17 2027 GMT + Subject: CN=ptombor + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:b0:7a:62:43:10:8b:4b:ae:3e:13:cb:10:b3:8c: + 85:4d:bb:74:df:61:bb:2b:0a:08:fb:15:e2:85:09: + 05:ee:8f:f4:65:43:4b:fe:ef:3c:58:ac:06:11:e8: + e4:d4:eb:7c:e3:dd:41:e0:24:f7:19:07:ee:48:fd: + 69:96:74:1e:fa:f2:b9:15:41:c8:70:64:53:7d:70: + 0a:46:f0:fe:f1:63:73:cc:bc:bc:e0:68:0d:e9:82: + 52:f3:19:53:a4:13:cd + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 5C:60:32:8A:63:F9:49:95:B7:4E:5E:28:41:CB:E2:EB:38:47:A7:76 + X509v3 Authority Key Identifier: + keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF + DirName:/CN=OpenVPN CA + serial:DC:D5:07:B6:56:80:CF:F3 + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:64:02:30:35:ab:49:b6:56:25:02:8f:d8:fe:85:29:52:dd: + bb:ed:4f:52:83:1b:7b:09:ff:29:c3:18:84:48:04:df:34:dd: + fd:19:a4:93:cb:29:bd:6f:e5:83:ec:d7:6a:17:99:02:02:30: + 63:e7:11:4d:c2:f0:b7:50:50:d1:20:c1:9f:d8:27:a8:fd:dd: + a1:57:c4:9a:cd:e4:ff:93:36:e4:32:a7:59:51:24:7b:f3:17: + ff:49:2d:b6:82:da:a1:f9:bf:dc:35:29 +-----BEGIN CERTIFICATE----- +MIIB6jCCAXGgAwIBAgICLgAwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ +TiBDQTAeFw0xNzEwMTkwOTMzMTdaFw0yNzEwMTcwOTMzMTdaMBIxEDAOBgNVBAMM +B3B0b21ib3IwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASwemJDEItLrj4TyxCzjIVN +u3TfYbsrCgj7FeKFCQXuj/RlQ0v+7zxYrAYR6OTU63zj3UHgJPcZB+5I/WmWdB76 +8rkVQchwZFN9cApG8P7xY3PMvLzgaA3pglLzGVOkE82jgZYwgZMwCQYDVR0TBAIw +ADAdBgNVHQ4EFgQUXGAyimP5SZW3Tl4oQcvi6zhHp3YwRQYDVR0jBD4wPIAUNPhc +X7BPtuLvQ4rZq1h00FbIS8+hGaQXMBUxEzARBgNVBAMMCk9wZW5WUE4gQ0GCCQDc +1Qe2VoDP8zATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZI +zj0EAwIDZwAwZAIwNatJtlYlAo/Y/oUpUt277U9Sgxt7Cf8pwxiESATfNN39GaST +yym9b+WD7NdqF5kCAjBj5xFNwvC3UFDRIMGf2Ceo/d2hV8SazeT/kzbkMqdZUSR7 +8xf/SS22gtqh+b/cNSk= +-----END CERTIFICATE----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/qqcs.crt b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/qqcs.crt new file mode 100644 index 0000000..d6b8d89 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/qqcs.crt @@ -0,0 +1,57 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 13289 (0x33e9) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=OpenVPN CA + Validity + Not Before: Oct 19 09:34:00 2017 GMT + Not After : Oct 17 09:34:00 2027 GMT + Subject: CN=qqcs + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:9a:b6:99:d8:c9:2c:92:54:2a:9c:58:a3:1a:87: + 7c:d3:90:4b:31:09:71:9a:65:6f:9e:04:8f:52:dc: + 13:23:0f:d0:43:6f:6f:cd:87:1b:f6:43:e1:b8:45: + e2:c2:21:e2:c1:ca:13:f8:5c:d4:7c:44:c4:8e:d2: + d8:d4:c2:5e:76:89:93:1b:74:37:88:2e:c3:1e:3e: + 80:b2:d0:2f:62:44:a6:cb:73:20:67:94:ed:b1:0a: + 64:40:71:64:22:f8:6a + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + AA:02:0F:AC:73:99:75:38:B2:AA:0C:93:26:26:1C:16:CB:8E:0F:C6 + X509v3 Authority Key Identifier: + keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF + DirName:/CN=OpenVPN CA + serial:DC:D5:07:B6:56:80:CF:F3 + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:30:21:83:0b:d3:2f:23:d3:94:5b:ec:f8:39:ab:eb: + 8c:2b:d3:2d:d3:8c:02:91:c9:aa:27:43:94:2f:0b:4c:0a:3d: + d3:5e:4e:f7:ce:00:a6:64:27:50:59:23:1c:ce:29:77:02:31: + 00:cf:63:11:48:62:02:45:7c:4a:e2:b8:41:3a:28:9b:dc:24: + c1:6e:04:19:fb:a5:0f:c0:46:85:ec:9c:c7:09:b2:c5:ca:a3: + 2c:51:73:f1:8f:e0:83:3d:9e:61:a2:a1:30 +-----BEGIN CERTIFICATE----- +MIIB6DCCAW6gAwIBAgICM+kwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ +TiBDQTAeFw0xNzEwMTkwOTM0MDBaFw0yNzEwMTcwOTM0MDBaMA8xDTALBgNVBAMM +BHFxY3MwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASatpnYySySVCqcWKMah3zTkEsx +CXGaZW+eBI9S3BMjD9BDb2/Nhxv2Q+G4ReLCIeLByhP4XNR8RMSO0tjUwl52iZMb +dDeILsMePoCy0C9iRKbLcyBnlO2xCmRAcWQi+GqjgZYwgZMwCQYDVR0TBAIwADAd +BgNVHQ4EFgQUqgIPrHOZdTiyqgyTJiYcFsuOD8YwRQYDVR0jBD4wPIAUNPhcX7BP +tuLvQ4rZq1h00FbIS8+hGaQXMBUxEzARBgNVBAMMCk9wZW5WUE4gQ0GCCQDc1Qe2 +VoDP8zATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZIzj0E +AwIDaAAwZQIwIYML0y8j05Rb7Pg5q+uMK9Mt04wCkcmqJ0OULwtMCj3TXk73zgCm +ZCdQWSMczil3AjEAz2MRSGICRXxK4rhBOiib3CTBbgQZ+6UPwEaF7JzHCbLFyqMs +UXPxj+CDPZ5hoqEw +-----END CERTIFICATE----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/rrendek.crt b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/rrendek.crt new file mode 100644 index 0000000..16edb9e --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/rrendek.crt @@ -0,0 +1,57 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 12392 (0x3068) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=OpenVPN CA + Validity + Not Before: Oct 19 09:33:27 2017 GMT + Not After : Oct 17 09:33:27 2027 GMT + Subject: CN=rrendek + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:93:14:3f:24:4e:45:1b:b9:99:2d:3f:dd:de:34: + ef:fe:d2:92:04:02:a7:15:a2:13:70:63:c3:2d:7c: + c9:4c:e1:b9:3d:16:da:4b:82:ab:f4:f8:12:fb:97: + 67:f9:5c:ed:a8:9f:59:a6:8f:95:07:60:51:ae:d1: + 31:a2:f3:7b:84:8e:22:12:cf:15:9d:f2:28:79:6f: + ae:81:7a:4f:8d:17:c8:51:40:5d:00:8a:be:d7:bc: + 89:9c:5c:6a:74:26:bd + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + DC:B3:A4:15:7A:8C:D4:35:51:97:3C:CE:EB:AE:04:F3:16:6E:06:EC + X509v3 Authority Key Identifier: + keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF + DirName:/CN=OpenVPN CA + serial:DC:D5:07:B6:56:80:CF:F3 + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:30:51:85:3f:d2:fb:cb:3c:b2:23:38:67:74:21:57: + d1:ce:30:98:ce:74:ba:25:bc:1d:4c:78:a8:9a:b3:9d:65:e4: + bb:f3:18:11:3d:78:3f:cb:0e:4e:84:10:d1:e3:36:fb:02:31: + 00:ac:47:55:f0:2e:4f:8d:04:10:f0:d7:ef:e6:20:49:50:37: + d9:8d:48:0a:4c:74:3a:ad:94:31:34:fc:b2:d8:ad:80:49:50: + fa:a7:97:6c:9c:e2:28:2c:9e:1f:14:50:22 +-----BEGIN CERTIFICATE----- +MIIB6zCCAXGgAwIBAgICMGgwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ +TiBDQTAeFw0xNzEwMTkwOTMzMjdaFw0yNzEwMTcwOTMzMjdaMBIxEDAOBgNVBAMM +B3JyZW5kZWswdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASTFD8kTkUbuZktP93eNO/+ +0pIEAqcVohNwY8MtfMlM4bk9FtpLgqv0+BL7l2f5XO2on1mmj5UHYFGu0TGi83uE +jiISzxWd8ih5b66Bek+NF8hRQF0Air7XvImcXGp0Jr2jgZYwgZMwCQYDVR0TBAIw +ADAdBgNVHQ4EFgQU3LOkFXqM1DVRlzzO664E8xZuBuwwRQYDVR0jBD4wPIAUNPhc +X7BPtuLvQ4rZq1h00FbIS8+hGaQXMBUxEzARBgNVBAMMCk9wZW5WUE4gQ0GCCQDc +1Qe2VoDP8zATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZI +zj0EAwIDaAAwZQIwUYU/0vvLPLIjOGd0IVfRzjCYznS6JbwdTHiomrOdZeS78xgR +PXg/yw5OhBDR4zb7AjEArEdV8C5PjQQQ8Nfv5iBJUDfZjUgKTHQ6rZQxNPyy2K2A +SVD6p5dsnOIoLJ4fFFAi +-----END CERTIFICATE----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/rtoth.crt b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/rtoth.crt new file mode 100644 index 0000000..cb2cbc3 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/rtoth.crt @@ -0,0 +1,57 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 12884 (0x3254) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=OpenVPN CA + Validity + Not Before: Oct 19 09:34:10 2017 GMT + Not After : Oct 17 09:34:10 2027 GMT + Subject: CN=rtoth + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:7a:7e:21:3f:34:e9:74:19:bb:bf:7e:9e:2b:c4: + 62:fd:ad:9f:ed:82:83:00:5d:39:53:14:81:44:0f: + 2b:bc:a8:6e:e3:10:00:fd:78:85:d2:76:12:bd:8a: + 3d:0d:8c:45:cc:ef:d2:2e:17:b0:d6:0a:68:c9:7a: + 12:f5:b4:df:44:11:27:da:22:4b:44:8c:4f:d9:d3: + 7c:be:ee:76:a1:5b:4b:ae:cd:fe:40:d1:43:9a:3b: + fd:9a:13:c6:68:b0:38 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 86:F1:74:B7:CD:8B:58:F7:D8:BD:31:75:B5:3F:EE:E1:6A:BB:99:0C + X509v3 Authority Key Identifier: + keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF + DirName:/CN=OpenVPN CA + serial:DC:D5:07:B6:56:80:CF:F3 + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:31:00:b9:da:3e:da:46:23:d5:66:a0:0e:c9:e1:cd: + 09:66:11:30:47:4f:e8:d7:5e:1e:6b:7e:4a:ba:01:d9:2b:8d: + d7:0c:9d:b1:53:a9:90:89:71:4b:18:ea:84:76:26:c1:e4:02: + 30:76:0f:ab:a2:75:cc:8d:b0:5a:b9:b6:1a:32:50:2e:aa:d2: + 3e:fb:be:da:35:e1:d0:17:95:49:fd:b5:63:c6:e8:b6:b9:3c: + 53:6d:b6:4d:ad:00:27:7f:a5:60:f9:1e:db +-----BEGIN CERTIFICATE----- +MIIB6TCCAW+gAwIBAgICMlQwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ +TiBDQTAeFw0xNzEwMTkwOTM0MTBaFw0yNzEwMTcwOTM0MTBaMBAxDjAMBgNVBAMM +BXJ0b3RoMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEen4hPzTpdBm7v36eK8Ri/a2f +7YKDAF05UxSBRA8rvKhu4xAA/XiF0nYSvYo9DYxFzO/SLhew1gpoyXoS9bTfRBEn +2iJLRIxP2dN8vu52oVtLrs3+QNFDmjv9mhPGaLA4o4GWMIGTMAkGA1UdEwQCMAAw +HQYDVR0OBBYEFIbxdLfNi1j32L0xdbU/7uFqu5kMMEUGA1UdIwQ+MDyAFDT4XF+w +T7bi70OK2atYdNBWyEvPoRmkFzAVMRMwEQYDVQQDDApPcGVuVlBOIENBggkA3NUH +tlaAz/MwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqGSM49 +BAMCA2gAMGUCMQC52j7aRiPVZqAOyeHNCWYRMEdP6NdeHmt+SroB2SuN1wydsVOp +kIlxSxjqhHYmweQCMHYPq6J1zI2wWrm2GjJQLqrSPvu+2jXh0BeVSf21Y8botrk8 +U222Ta0AJ3+lYPke2w== +-----END CERTIFICATE----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/server.crt b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/server.crt new file mode 100644 index 0000000..f48b9c8 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/server.crt @@ -0,0 +1,57 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=OpenVPN CA + Validity + Not Before: Oct 19 09:26:59 2017 GMT + Not After : Oct 17 09:26:59 2027 GMT + Subject: CN=server + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:f3:0e:85:4d:7a:51:75:26:35:e7:56:09:01:4f: + a7:b4:75:c7:98:55:a7:ca:21:88:bf:0d:7a:29:c0: + ed:f8:e5:fa:bb:4b:f7:73:63:9c:b5:37:bc:b6:b3: + 24:3c:46:73:d0:46:4f:25:7c:b6:98:2f:03:85:b0: + 13:11:6f:c1:0a:a4:ce:d1:70:1f:f4:60:fc:cc:29: + 25:c0:b9:22:61:58:22:d6:3f:d2:f6:67:9f:06:ec: + da:9f:b3:ca:1f:da:9d + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 1C:77:A0:CE:67:4B:FE:FC:6F:51:C0:C1:5D:E3:94:FD:26:CE:63:3E + X509v3 Authority Key Identifier: + keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF + DirName:/CN=OpenVPN CA + serial:DC:D5:07:B6:56:80:CF:F3 + + X509v3 Extended Key Usage: + TLS Web Server Authentication + X509v3 Key Usage: + Digital Signature, Key Encipherment + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:31:00:88:ec:52:55:18:34:d6:8c:e4:d2:26:c1:ec: + ac:8a:09:74:7f:3b:0f:ae:28:30:de:04:2b:5c:5a:25:8a:f9: + 6a:49:e8:a9:aa:1d:a3:86:17:f7:46:9f:3c:d0:fb:0b:98:02: + 30:4e:a5:cf:fc:18:9e:89:c3:b3:48:3c:20:b4:2c:d8:8b:f7: + 10:0f:80:e8:d9:40:ab:a4:3b:87:e3:57:a2:e5:15:2f:1a:10: + c6:7a:e1:2b:c9:9c:20:49:a8:20:94:6b:d8 +-----BEGIN CERTIFICATE----- +MIIB6TCCAW+gAwIBAgIBATAKBggqhkjOPQQDAjAVMRMwEQYDVQQDDApPcGVuVlBO +IENBMB4XDTE3MTAxOTA5MjY1OVoXDTI3MTAxNzA5MjY1OVowETEPMA0GA1UEAwwG +c2VydmVyMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8w6FTXpRdSY151YJAU+ntHXH +mFWnyiGIvw16KcDt+OX6u0v3c2OctTe8trMkPEZz0EZPJXy2mC8DhbATEW/BCqTO +0XAf9GD8zCklwLkiYVgi1j/S9mefBuzan7PKH9qdo4GWMIGTMAkGA1UdEwQCMAAw +HQYDVR0OBBYEFBx3oM5nS/78b1HAwV3jlP0mzmM+MEUGA1UdIwQ+MDyAFDT4XF+w +T7bi70OK2atYdNBWyEvPoRmkFzAVMRMwEQYDVQQDDApPcGVuVlBOIENBggkA3NUH +tlaAz/MwEwYDVR0lBAwwCgYIKwYBBQUHAwEwCwYDVR0PBAQDAgWgMAoGCCqGSM49 +BAMCA2gAMGUCMQCI7FJVGDTWjOTSJsHsrIoJdH87D64oMN4EK1xaJYr5aknoqaod +o4YX90afPND7C5gCME6lz/wYnonDs0g8ILQs2Iv3EA+A6NlAq6Q7h+NXouUVLxoQ +xnrhK8mcIEmoIJRr2A== +-----END CERTIFICATE----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/zbartakovics.crt b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/zbartakovics.crt new file mode 100644 index 0000000..898f41e --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/zbartakovics.crt @@ -0,0 +1,57 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 14004 (0x36b4) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=OpenVPN CA + Validity + Not Before: Jan 30 10:47:27 2018 GMT + Not After : Jan 28 10:47:27 2028 GMT + Subject: CN=zbartakovics + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:8e:37:8a:ac:33:b1:25:3b:48:63:b1:8b:49:68: + d3:a2:56:b7:b6:6b:0e:de:ed:9f:7e:0e:c9:8c:8d: + 1f:37:81:de:99:1c:ee:d8:74:ac:e0:73:cb:93:bd: + c6:6f:32:a2:30:ae:d6:87:93:59:0d:b3:09:67:ba: + fc:4b:43:54:ac:d2:86:2c:4a:08:91:08:d5:ef:17: + 4e:b4:65:c3:69:55:3f:65:b5:18:59:31:e8:17:21: + 04:eb:af:11:e3:b0:56 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 99:1D:BF:07:30:49:FC:A7:A7:2C:A2:3C:DD:C4:C8:4C:7A:BF:97:8E + X509v3 Authority Key Identifier: + keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF + DirName:/CN=OpenVPN CA + serial:DC:D5:07:B6:56:80:CF:F3 + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:30:15:70:82:b0:56:64:69:39:d9:05:44:4c:8a:59: + 9f:2f:33:80:19:91:92:de:cb:8b:00:92:0c:0d:7c:0a:43:ec: + bd:b3:dc:ca:d8:3b:ca:d1:b1:39:83:25:2f:00:0b:f8:02:31: + 00:92:db:1d:38:d9:e2:7d:c2:43:8e:c1:7b:45:f3:e5:c0:aa: + d2:d9:f7:be:28:d9:c1:b3:40:04:7d:6f:86:2f:ab:bb:4b:6d: + 3e:ec:af:e2:27:b0:95:ce:2b:fc:0b:1f:b8 +-----BEGIN CERTIFICATE----- +MIIB8DCCAXagAwIBAgICNrQwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ +TiBDQTAeFw0xODAxMzAxMDQ3MjdaFw0yODAxMjgxMDQ3MjdaMBcxFTATBgNVBAMM +DHpiYXJ0YWtvdmljczB2MBAGByqGSM49AgEGBSuBBAAiA2IABI43iqwzsSU7SGOx +i0lo06JWt7ZrDt7tn34OyYyNHzeB3pkc7th0rOBzy5O9xm8yojCu1oeTWQ2zCWe6 +/EtDVKzShixKCJEI1e8XTrRlw2lVP2W1GFkx6BchBOuvEeOwVqOBljCBkzAJBgNV +HRMEAjAAMB0GA1UdDgQWBBSZHb8HMEn8p6csojzdxMhMer+XjjBFBgNVHSMEPjA8 +gBQ0+FxfsE+24u9DitmrWHTQVshLz6EZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBD +QYIJANzVB7ZWgM/zMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAK +BggqhkjOPQQDAgNoADBlAjAVcIKwVmRpOdkFREyKWZ8vM4AZkZLey4sAkgwNfApD +7L2z3MrYO8rRsTmDJS8AC/gCMQCS2x042eJ9wkOOwXtF8+XAqtLZ974o2cGzQAR9 +b4Yvq7tLbT7sr+InsJXOK/wLH7g= +-----END CERTIFICATE----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/zfelleg.crt b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/zfelleg.crt new file mode 100644 index 0000000..d9f073b --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/zfelleg.crt @@ -0,0 +1,57 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 10257 (0x2811) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=OpenVPN CA + Validity + Not Before: Oct 19 09:33:38 2017 GMT + Not After : Oct 17 09:33:38 2027 GMT + Subject: CN=zfelleg + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:cf:d4:8f:88:15:a2:5f:1a:5d:2d:dd:51:2b:0d: + f1:6e:0b:4d:8b:81:67:ac:37:75:0b:1a:fa:fa:08: + 5b:4c:4a:d1:9b:63:df:b6:df:bd:dc:14:75:47:c3: + 77:6c:0e:f6:c1:7b:21:4b:5d:91:7e:93:7e:39:ac: + 07:69:86:15:9f:d8:b2:85:ee:2e:24:24:b7:e1:12: + 2a:d9:04:5b:f3:22:9e:2c:f3:3a:aa:3c:0d:de:28: + 13:8b:7a:b6:72:62:28 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 0E:89:B8:B3:3F:79:44:1B:2D:22:D5:67:BE:BB:FB:4B:F8:52:27:4B + X509v3 Authority Key Identifier: + keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF + DirName:/CN=OpenVPN CA + serial:DC:D5:07:B6:56:80:CF:F3 + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:31:00:ed:61:aa:ec:d9:b6:11:19:58:65:7f:57:3c: + 98:a8:dd:c0:db:3f:c2:43:a4:a6:21:34:98:21:f2:43:2f:81: + c6:a2:b1:f2:c9:eb:ea:37:6a:18:f9:81:ea:33:1a:6a:d4:02: + 30:48:a3:18:1a:4f:2e:8b:5e:67:e5:a9:f3:48:01:25:b9:73: + 0c:48:50:9f:0a:c1:9f:45:d3:e9:70:09:bd:18:38:17:66:0b: + f2:24:a2:77:0e:53:bf:67:be:36:9d:d7:9d +-----BEGIN CERTIFICATE----- +MIIB6zCCAXGgAwIBAgICKBEwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ +TiBDQTAeFw0xNzEwMTkwOTMzMzhaFw0yNzEwMTcwOTMzMzhaMBIxEDAOBgNVBAMM +B3pmZWxsZWcwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATP1I+IFaJfGl0t3VErDfFu +C02LgWesN3ULGvr6CFtMStGbY9+2373cFHVHw3dsDvbBeyFLXZF+k345rAdphhWf +2LKF7i4kJLfhEirZBFvzIp4s8zqqPA3eKBOLerZyYiijgZYwgZMwCQYDVR0TBAIw +ADAdBgNVHQ4EFgQUDom4sz95RBstItVnvrv7S/hSJ0swRQYDVR0jBD4wPIAUNPhc +X7BPtuLvQ4rZq1h00FbIS8+hGaQXMBUxEzARBgNVBAMMCk9wZW5WUE4gQ0GCCQDc +1Qe2VoDP8zATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZI +zj0EAwIDaAAwZQIxAO1hquzZthEZWGV/VzyYqN3A2z/CQ6SmITSYIfJDL4HGorHy +yevqN2oY+YHqMxpq1AIwSKMYGk8ui15n5anzSAEluXMMSFCfCsGfRdPpcAm9GDgX +ZgvyJKJ3DlO/Z742nded +-----END CERTIFICATE----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/zsnemes.crt b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/zsnemes.crt new file mode 100644 index 0000000..8b6d7cd --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/issued/zsnemes.crt @@ -0,0 +1,57 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 12097 (0x2f41) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=OpenVPN CA + Validity + Not Before: Oct 19 09:33:49 2017 GMT + Not After : Oct 17 09:33:49 2027 GMT + Subject: CN=zsnemes + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:ef:9d:6d:83:d5:6a:c2:ac:d9:a5:9f:37:e0:8f: + cc:a1:38:66:87:b8:ed:b3:3a:3b:b3:04:de:c9:54: + 72:4c:c5:0e:50:81:0f:9e:8c:cd:27:61:99:25:58: + f6:b4:c8:0c:0b:2e:95:4e:a4:64:b1:25:b7:32:f5: + 18:62:9b:3a:65:de:3c:5f:b3:c3:9d:30:34:b2:a5: + 45:18:b8:17:a6:ef:47:29:48:56:e0:ff:93:4a:a8: + 21:e9:1b:f4:71:63:7e + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 97:0E:42:9E:05:27:59:9E:29:8E:22:AA:1A:85:E0:F9:B8:03:DA:20 + X509v3 Authority Key Identifier: + keyid:34:F8:5C:5F:B0:4F:B6:E2:EF:43:8A:D9:AB:58:74:D0:56:C8:4B:CF + DirName:/CN=OpenVPN CA + serial:DC:D5:07:B6:56:80:CF:F3 + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:31:00:86:0d:4d:32:f7:5b:5f:a6:f8:36:52:7c:37: + bd:d3:1a:39:c3:16:0b:42:2e:95:4d:ff:ed:25:05:89:03:11: + 34:c2:30:7c:94:69:a5:90:68:15:7e:eb:1e:87:e4:c5:c1:02: + 30:20:c1:1a:86:89:2c:b5:67:f7:1a:a5:bb:4e:8e:cd:42:78: + 32:e7:75:b6:d0:c3:e5:61:40:48:c1:6b:20:54:42:de:ee:7a: + aa:7e:52:d9:c6:ee:16:90:1a:8c:0a:ae:b3 +-----BEGIN CERTIFICATE----- +MIIB6zCCAXGgAwIBAgICL0EwCgYIKoZIzj0EAwIwFTETMBEGA1UEAwwKT3BlblZQ +TiBDQTAeFw0xNzEwMTkwOTMzNDlaFw0yNzEwMTcwOTMzNDlaMBIxEDAOBgNVBAMM +B3pzbmVtZXMwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATvnW2D1WrCrNmlnzfgj8yh +OGaHuO2zOjuzBN7JVHJMxQ5QgQ+ejM0nYZklWPa0yAwLLpVOpGSxJbcy9Rhimzpl +3jxfs8OdMDSypUUYuBem70cpSFbg/5NKqCHpG/RxY36jgZYwgZMwCQYDVR0TBAIw +ADAdBgNVHQ4EFgQUlw5CngUnWZ4pjiKqGoXg+bgD2iAwRQYDVR0jBD4wPIAUNPhc +X7BPtuLvQ4rZq1h00FbIS8+hGaQXMBUxEzARBgNVBAMMCk9wZW5WUE4gQ0GCCQDc +1Qe2VoDP8zATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZI +zj0EAwIDaAAwZQIxAIYNTTL3W1+m+DZSfDe90xo5wxYLQi6VTf/tJQWJAxE0wjB8 +lGmlkGgVfuseh+TFwQIwIMEahokstWf3GqW7To7NQngy53W20MPlYUBIwWsgVELe +7nqqflLZxu4WkBqMCq6z +-----END CERTIFICATE----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/aborza.key b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/aborza.key new file mode 100644 index 0000000..fc6171e --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/aborza.key @@ -0,0 +1,6 @@ +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDXDmyQ4XF5iPRhk/8g +XXdZ5ECp/D3r7OnQDsORGakLdezeXNdK0ZgdIBX0R5/Vg1mhZANiAATKgcFK6lkK +5rU0kHhgrpq5XNhSPuyPMACWwGteF2Crcglz4z4xW/f+7TFIlG/poEpwdlVbQQfq +r+KKsV9cleT0tGAdkcgP+1f2U3kHOi7Jb5ZqfR4c9nQZdoy7wd3d/20= +-----END PRIVATE KEY----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/acsiba.key b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/acsiba.key new file mode 100644 index 0000000..9fc3016 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/acsiba.key @@ -0,0 +1,6 @@ +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBWJGEFVc/SmIhR0WOU +yvUkd77l0e1NWkcUaVzR9ImZR8hVKPHkSH7mxgZW8ntIWBShZANiAATawlMGg/dI +5Wr4ifzVvdvQuXzg2YMsY3vSX4GngfzIPf8zqEjwqnsHaBuqAXBe2NEYphLJZUIq +Q7w3GUFXorzl+5tKC4hHUOKtPnkiVMDprCov5+0NoME4hp5F7BQSo3M= +-----END PRIVATE KEY----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/akosztolanyi.key b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/akosztolanyi.key new file mode 100644 index 0000000..7eb5e85 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/akosztolanyi.key @@ -0,0 +1,6 @@ +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDAcQQScflm1tSD4BQhX +fWc/SL9jTmJnJC4hHlFyr6u558vkhOn49nOv62bdtGUKQjGhZANiAASPPHQuXdeQ +rFwv6P7zio1ra5aYp2PjA0JMK0kiqAfCrAaJqIAEJl5oeai5hHk+2phWFTbyfAn4 +QXhcjizeGxiKSUyP/u2Vjw/LW+JksWPvPdGVSfFOc0enEZQcNtrmVc8= +-----END PRIVATE KEY----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/azsamboki.key b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/azsamboki.key new file mode 100644 index 0000000..a82c655 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/azsamboki.key @@ -0,0 +1,6 @@ +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDArFkY/hBHoHVjQTRyX +IrGy0dove2XopHBruMLhyoCeALqMVf71yMiC5ULPfcHa832hZANiAAQ3ZmbBuJAD +gI11ItthLnIOeASRndqZOR2JCw40kAYNPYwlL/xWdbyFqyRUFPQnOUkQEYBKB3ty +7XmNlTTjBxM72lHrirV3tnHkl+YFTyc+CsH2H/+/pF5DyrxC/T9Jw1s= +-----END PRIVATE KEY----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/ca.key b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/ca.key new file mode 100644 index 0000000..91f0c2b --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/ca.key @@ -0,0 +1,6 @@ +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDe4Jpe920R6SnsUcPv +m1PNDzITYzGgFBfuQgAsx6xyVacWYTjDoezx18adTrxebB6hZANiAARmVFgyQz8L +UFbB2G6VIeGOjACQJdoA3w5SmueCvJP+oD/QCb4thCZZ3A115/gSWFJNbjFopBmr +h3fqnXKCd/eUQpFBKSDa7/matMIHDUMRk6CDwJLXPjBOW21iqWJ2jQk= +-----END PRIVATE KEY----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/csgulyas.key b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/csgulyas.key new file mode 100644 index 0000000..6594498 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/csgulyas.key @@ -0,0 +1,6 @@ +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDCsHP52L0UObr9/psSM +ua2cxeyl2m92YG5GgOAml76NIMUFfeFQgqGSW1slknJISZqhZANiAATyGAmuzTFp +gM+byhv/Z9hAYdxIYLUZ+UCqC5ILK9l8HwEjzXpiUQpqVxhJ3dNrcUhOMWl8Vrlo +7aTop8u7bPiV9HZkBxSPTwTpJqJ0RqUQd2cYKJyNKRD3f5Kyg3UZjXQ= +-----END PRIVATE KEY----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/cslevai.key b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/cslevai.key new file mode 100644 index 0000000..778192d --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/cslevai.key @@ -0,0 +1,6 @@ +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDAiyNiQ4nY7MGLfAJwW +spibaY/IOE/swPb1Ho2hwLXe7FTeGh1xSGH/NKlUE+KafoOhZANiAAShD3S4uN5D +wPWmXCRJ+zi8gNe3r6O+jfYIhwsTiy/AHNYaJ3gm1TsPAfOLoD+g3LUqiI19MbKY +q3FDjNPXwoSk2+hA5oPYb32Mxc+HXbxusm5aB2TLplfgBXg1rnHaXrc= +-----END PRIVATE KEY----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/dvasary.key b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/dvasary.key new file mode 100644 index 0000000..5a9fcce --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/dvasary.key @@ -0,0 +1,6 @@ +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDARoRvzkpzAcOI8m67x +hCTeRoMbGd40xLhjrm+wAufAwpw3qqJe/LHNP12sOuEHbGihZANiAATmLmWEigXn +0jJrhSAmzQ3coubMIzb0M3vwbA2gjfgME3dX924Ctxo1sO4xJg1XMd8R+hVzvdM+ +5ryXm17aQbA2opWYO6ZO9RiMnv8mjz4Ak7AUhE1D8AH6lW0y8kEOT14= +-----END PRIVATE KEY----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/fritter.key b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/fritter.key new file mode 100644 index 0000000..9ee889e --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/fritter.key @@ -0,0 +1,6 @@ +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDATa0Ldyit4RAnORuqq +C4y/tAt7nJCaZkGnOsL7NE2V2iKSNyfQ0cH3go0Rb9db/i6hZANiAAQsQOyBia0b +rsgcPl1iL14nM9JCurlsODTqkNbdEOazGfUCSv6MtHfPb8WrgYKIPE6bgsMiwh/I +x1OvGPmbks8YUY+VZ2sEn/SVuIsaatRMI8UzRiDS5RW/va8caESYhYI= +-----END PRIVATE KEY----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/fschnell.key b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/fschnell.key new file mode 100644 index 0000000..14f892b --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/fschnell.key @@ -0,0 +1,6 @@ +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDAxNEO7csy6z8FIuKh0 +cUYc7KxGcFNiRb1U0ArLkuTxcFCMBar/1RbshVlrM6ecWQKhZANiAARTjfj0/V/J +s0xX9sSTf5RDMQliyu9a2BJUWViEIapZi1ojqbcb6ObjpnYUdUXH1QyJXOee8VYq +bSW4MG9K3YAIsKYHyJjW8woH2WDQAFh/9qVreFOCRFqBAVQYbxv0mfk= +-----END PRIVATE KEY----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/ifabian.key b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/ifabian.key new file mode 100644 index 0000000..59b493e --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/ifabian.key @@ -0,0 +1,6 @@ +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBlmrzRa0VPDEy4dULf +z8bt4hVQI0iuIVr7VP7WkGqyfaJXGZlH6OUcsISxn2xTKWChZANiAAQhDXc5t7FD +Lemi6ak7iM2T1QVNtVgEH0N2G5Mew9LYFTffP9R1x4HMePhjhI1JDUmycV6zcwur +DFv/mmg5G2rCjrAPvM1pk3lz8sO5BGaHIJAcS8fE6XeGpqWPWaBtA0s= +-----END PRIVATE KEY----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/khorvath.key b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/khorvath.key new file mode 100644 index 0000000..9b2e168 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/khorvath.key @@ -0,0 +1,6 @@ +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDA5CxtZG7mg0mVsbSQS +QM45ehcXPIjeWufTSVmDFGXG3ON+mmjr/H7/N4yOY3Clj7+hZANiAASrYTreiU4O +Y+rIa5gai8T5cvS/sg7rlO8EbKnkeFP5qK9qFJsn6RdFx/me5NNZQ5wTxxVjgI6q +rPyaVVlkfGI9LFAgl9HBHiKUU3RKXzD7oD264J0u4nCvc6XAMkV3LiA= +-----END PRIVATE KEY----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/kkele.key b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/kkele.key new file mode 100644 index 0000000..493cd7b --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/kkele.key @@ -0,0 +1,6 @@ +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDApjJ+iDz8X3qtoQVtC +jUgcydPDcz6VjstIZ5PGAsYw1QiWbC+7OvnEy+oMETvEzxahZANiAAQlPqO9ySde +usYwaA+QF5SJaTAEcGq6FkA9BAjtAC2ixEWq26+F0qZAe2mFvM+aQWYLTRrEglOw +0ctTmDmQERFe55ins3ExsVW+B+/taufc6Tj9A/zVUu2o2t6IIm3CgAo= +-----END PRIVATE KEY----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/kschaffer.key b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/kschaffer.key new file mode 100644 index 0000000..ce1735c --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/kschaffer.key @@ -0,0 +1,6 @@ +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDAGMS95Xt2w9eVSEIRz +QiRQPN5zL1INxTsHy5flZSBvIe/1++f8Il+/vhSssmQeeBmhZANiAAT8XrPkKTSz +0CgjErlKqoVhKs0Wm/k43AYysTkPiZ/fqm4ccJnb6apdIev2bY/mayW99uZIL3Xu +FhCl5VTXMn5uJh3CjniAnmk/UDg2QzZClfVCsyIvbIu9yixA6j+Ezr4= +-----END PRIVATE KEY----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/mszabo.key b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/mszabo.key new file mode 100644 index 0000000..458fafd --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/mszabo.key @@ -0,0 +1,6 @@ +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDCDTjabyjcmnlfQF/VI +cCppGo1RnOkZwbaw9uxuZt11AY9YidT/5HW7aKo/U8ie4cGhZANiAARpwIYnofp0 +Khgh3NTRS7Nu1RYGt1CNOlyG6rklhL1OZdl8MxOOY2TLcDk6rKXQaE31qvFWjFUR +JtPDwEoQeDV9ulb2mvWvPWu+refinA7sQrJJ4/jWNg3dVvvjwH005S4= +-----END PRIVATE KEY----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/ptombor.key b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/ptombor.key new file mode 100644 index 0000000..f795ef7 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/ptombor.key @@ -0,0 +1,6 @@ +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDAWd4gq0fjrX6niP1sy +BWNPL4IH/XsTCC6H7YzbUq3G6/m5B67/P6TLidyEjKAdx1WhZANiAASwemJDEItL +rj4TyxCzjIVNu3TfYbsrCgj7FeKFCQXuj/RlQ0v+7zxYrAYR6OTU63zj3UHgJPcZ +B+5I/WmWdB768rkVQchwZFN9cApG8P7xY3PMvLzgaA3pglLzGVOkE80= +-----END PRIVATE KEY----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/qqcs.key b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/qqcs.key new file mode 100644 index 0000000..3ccafcc --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/qqcs.key @@ -0,0 +1,6 @@ +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDCPSKMchbxya5tE3BvA +aVwiGkpkGTYbBvB/2JSNYCyY9NlPJE740SiHT4k2722T6cihZANiAASatpnYySyS +VCqcWKMah3zTkEsxCXGaZW+eBI9S3BMjD9BDb2/Nhxv2Q+G4ReLCIeLByhP4XNR8 +RMSO0tjUwl52iZMbdDeILsMePoCy0C9iRKbLcyBnlO2xCmRAcWQi+Go= +-----END PRIVATE KEY----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/rrendek.key b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/rrendek.key new file mode 100644 index 0000000..a2e0062 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/rrendek.key @@ -0,0 +1,6 @@ +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBtLhYsFhfQiSZ3tsoP +Ohxtg8tjRVo5xuNdtovcs9sM6JdHVgNTppG2MHE9br37y6yhZANiAASTFD8kTkUb +uZktP93eNO/+0pIEAqcVohNwY8MtfMlM4bk9FtpLgqv0+BL7l2f5XO2on1mmj5UH +YFGu0TGi83uEjiISzxWd8ih5b66Bek+NF8hRQF0Air7XvImcXGp0Jr0= +-----END PRIVATE KEY----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/rtoth.key b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/rtoth.key new file mode 100644 index 0000000..bd6de1b --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/rtoth.key @@ -0,0 +1,6 @@ +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDYZtocWg502oc7z6yZ +5prVXiJHzDxU5ujIdDzWicgPcPHSME2CwewAvXM07n5qXFmhZANiAAR6fiE/NOl0 +Gbu/fp4rxGL9rZ/tgoMAXTlTFIFEDyu8qG7jEAD9eIXSdhK9ij0NjEXM79IuF7DW +CmjJehL1tN9EESfaIktEjE/Z03y+7nahW0uuzf5A0UOaO/2aE8ZosDg= +-----END PRIVATE KEY----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/server.key b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/server.key new file mode 100644 index 0000000..8d5ef79 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/server.key @@ -0,0 +1,6 @@ +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDAX1a49j7Quu74cFXmJ +IupkeE9mTr/tKPgPGiUCv0kyEVauuNkEpyBLO8nPQ81As9mhZANiAATzDoVNelF1 +JjXnVgkBT6e0dceYVafKIYi/DXopwO345fq7S/dzY5y1N7y2syQ8RnPQRk8lfLaY +LwOFsBMRb8EKpM7RcB/0YPzMKSXAuSJhWCLWP9L2Z58G7Nqfs8of2p0= +-----END PRIVATE KEY----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/zbartakovics.key b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/zbartakovics.key new file mode 100644 index 0000000..3cfc700 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/zbartakovics.key @@ -0,0 +1,6 @@ +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDjqbEAqwUzgWCosiqe +HcQFZ3ryCgJ+T91AnFv7rv/ZW6lkQ7tXJZ+F3ZHbMfEnsuShZANiAASON4qsM7El +O0hjsYtJaNOiVre2aw7e7Z9+DsmMjR83gd6ZHO7YdKzgc8uTvcZvMqIwrtaHk1kN +swlnuvxLQ1Ss0oYsSgiRCNXvF060ZcNpVT9ltRhZMegXIQTrrxHjsFY= +-----END PRIVATE KEY----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/zfelleg.key b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/zfelleg.key new file mode 100644 index 0000000..d1ebd5a --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/zfelleg.key @@ -0,0 +1,6 @@ +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDlCNDXEXfkpMfZ4qrW +tHKzpFEibWhvxc2cYDnXXb4SuZ999Xi1cZXp7McJ1lwntFWhZANiAATP1I+IFaJf +Gl0t3VErDfFuC02LgWesN3ULGvr6CFtMStGbY9+2373cFHVHw3dsDvbBeyFLXZF+ +k345rAdphhWf2LKF7i4kJLfhEirZBFvzIp4s8zqqPA3eKBOLerZyYig= +-----END PRIVATE KEY----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/zsnemes.key b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/zsnemes.key new file mode 100644 index 0000000..dd081e4 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/private/zsnemes.key @@ -0,0 +1,6 @@ +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDANt00lPuqR3fd6Ugh3 +3jI+P1HQ15Nwb3CAE04fzwAA30upq12Dao3oxs90TPen8fuhZANiAATvnW2D1WrC +rNmlnzfgj8yhOGaHuO2zOjuzBN7JVHJMxQ5QgQ+ejM0nYZklWPa0yAwLLpVOpGSx +Jbcy9Rhimzpl3jxfs8OdMDSypUUYuBem70cpSFbg/5NKqCHpG/RxY34= +-----END PRIVATE KEY----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/aborza.req b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/aborza.req new file mode 100644 index 0000000..fa87eac --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/aborza.req @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBCTCBkAIBADARMQ8wDQYDVQQDDAZhYm9yemEwdjAQBgcqhkjOPQIBBgUrgQQA +IgNiAATKgcFK6lkK5rU0kHhgrpq5XNhSPuyPMACWwGteF2Crcglz4z4xW/f+7TFI +lG/poEpwdlVbQQfqr+KKsV9cleT0tGAdkcgP+1f2U3kHOi7Jb5ZqfR4c9nQZdoy7 +wd3d/22gADAKBggqhkjOPQQDAgNoADBlAjAHn6n+wwImEU6d8tn4wMlC5rk28Jn3 +VtZfeKd4k540CFx4J73Lzc9PzQaNgUDm2vQCMQC+wOh3T/Is8VLDw76Ht8WK74jd +JyR3lWuNW+GXqA22/Zka4fkD0ihiQWOhwo/t5M0= +-----END CERTIFICATE REQUEST----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/acsiba.req b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/acsiba.req new file mode 100644 index 0000000..4cf87b8 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/acsiba.req @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBCTCBkAIBADARMQ8wDQYDVQQDDAZhY3NpYmEwdjAQBgcqhkjOPQIBBgUrgQQA +IgNiAATawlMGg/dI5Wr4ifzVvdvQuXzg2YMsY3vSX4GngfzIPf8zqEjwqnsHaBuq +AXBe2NEYphLJZUIqQ7w3GUFXorzl+5tKC4hHUOKtPnkiVMDprCov5+0NoME4hp5F +7BQSo3OgADAKBggqhkjOPQQDAgNoADBlAjEAw69iohBTC/k5P1SNegtRvj7xNr8z +qpCLNWpwpD+R7fQn/2oGrFcP8n1UUD2FCrRSAjBxvguhMfxhfB/6Zl3SLCSVTO1U +zo4dJN1h/jjUEXaxYxNho6Rn3pKJIULn+aWp+v8= +-----END CERTIFICATE REQUEST----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/akosztolanyi.req b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/akosztolanyi.req new file mode 100644 index 0000000..2d3405f --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/akosztolanyi.req @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBDzCBlgIBADAXMRUwEwYDVQQDDAxha29zenRvbGFueWkwdjAQBgcqhkjOPQIB +BgUrgQQAIgNiAASPPHQuXdeQrFwv6P7zio1ra5aYp2PjA0JMK0kiqAfCrAaJqIAE +Jl5oeai5hHk+2phWFTbyfAn4QXhcjizeGxiKSUyP/u2Vjw/LW+JksWPvPdGVSfFO +c0enEZQcNtrmVc+gADAKBggqhkjOPQQDAgNoADBlAjEA1B8DJJV3T4P1QS/u4jC4 +xQ146ioh9foP0Qk7/K2WTF+cnXNDCTCPUKeeen4h2J/OAjB2tJwM9FWvhQklgHQh +0bbpFz3wUG9e98//hGBbAcylvPsXzIQLUvhIwdcCjlLI51I= +-----END CERTIFICATE REQUEST----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/azsamboki.req b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/azsamboki.req new file mode 100644 index 0000000..ba6b3ff --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/azsamboki.req @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBCzCBkwIBADAUMRIwEAYDVQQDDAlhenNhbWJva2kwdjAQBgcqhkjOPQIBBgUr +gQQAIgNiAAQ3ZmbBuJADgI11ItthLnIOeASRndqZOR2JCw40kAYNPYwlL/xWdbyF +qyRUFPQnOUkQEYBKB3ty7XmNlTTjBxM72lHrirV3tnHkl+YFTyc+CsH2H/+/pF5D +yrxC/T9Jw1ugADAKBggqhkjOPQQDAgNnADBkAjAORjxnyGtfv8E0QjnlDG3HgnLW +dDTL58ucnYnipQ9XuDwdeYD+8dorvsm92jqFcA0CMAGy+ISAWh2n397dqeI4Xlml +m9nCpnjUf/PHpYmEFEzcryU2BZL6ZT2z3DdJqIv6bQ== +-----END CERTIFICATE REQUEST----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/csgulyas.req b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/csgulyas.req new file mode 100644 index 0000000..a4d9e80 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/csgulyas.req @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBCzCBkgIBADATMREwDwYDVQQDDAhjc2d1bHlhczB2MBAGByqGSM49AgEGBSuB +BAAiA2IABPIYCa7NMWmAz5vKG/9n2EBh3EhgtRn5QKoLkgsr2XwfASPNemJRCmpX +GEnd02txSE4xaXxWuWjtpOiny7ts+JX0dmQHFI9PBOkmonRGpRB3ZxgonI0pEPd/ +krKDdRmNdKAAMAoGCCqGSM49BAMCA2gAMGUCMQCREMfh5Pi8JhC/zDaG2JJ6eY4X +o1NMcUwfjBpwAvonaC0jo1U76Gg1zxsdVxJAPuACMB/Nxz1UNWsTydwyTS3JyaAT +QstJL5PIYCAR37fUrU9K4EpQd3z3Edi32JIGlb9wiA== +-----END CERTIFICATE REQUEST----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/cslevai.req b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/cslevai.req new file mode 100644 index 0000000..33125ae --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/cslevai.req @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBCjCBkQIBADASMRAwDgYDVQQDDAdjc2xldmFpMHYwEAYHKoZIzj0CAQYFK4EE +ACIDYgAEoQ90uLjeQ8D1plwkSfs4vIDXt6+jvo32CIcLE4svwBzWGid4JtU7DwHz +i6A/oNy1KoiNfTGymKtxQ4zT18KEpNvoQOaD2G99jMXPh128brJuWgdky6ZX4AV4 +Na5x2l63oAAwCgYIKoZIzj0EAwIDaAAwZQIwfkWR5WF3c1o+uV7ZWoYV/BEKl0m7 +8YiH8VrV1WXtZPW+1zzzpwCBGlRJ2FwBuqSMAjEAjx6g0IRQ/Zzw4Y6aCGOH6mP2 +aKqp5VAIJJFjJ/gPovPDxDgJFWhFuFlzcdm2Venv +-----END CERTIFICATE REQUEST----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/dvasary.req b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/dvasary.req new file mode 100644 index 0000000..007ca5c --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/dvasary.req @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBCTCBkQIBADASMRAwDgYDVQQDDAdkdmFzYXJ5MHYwEAYHKoZIzj0CAQYFK4EE +ACIDYgAE5i5lhIoF59Iya4UgJs0N3KLmzCM29DN78GwNoI34DBN3V/duArcaNbDu +MSYNVzHfEfoVc73TPua8l5te2kGwNqKVmDumTvUYjJ7/Jo8+AJOwFIRNQ/AB+pVt +MvJBDk9eoAAwCgYIKoZIzj0EAwIDZwAwZAIwQgDM/EyEAz0G+0Vqel9bMbddmnmD +u5otbshs7IIRjEUgtaaM3zOgClgMNuDDc1GcAjAwvERdKdEyIwYRuWviRmHyOpI9 +0nvmEbPS52Vkdgu2WJpSEUC7TKUkElk2kmL9V10= +-----END CERTIFICATE REQUEST----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/fritter.req b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/fritter.req new file mode 100644 index 0000000..bb542d6 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/fritter.req @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBCzCBkQIBADASMRAwDgYDVQQDDAdmcml0dGVyMHYwEAYHKoZIzj0CAQYFK4EE +ACIDYgAELEDsgYmtG67IHD5dYi9eJzPSQrq5bDg06pDW3RDmsxn1Akr+jLR3z2/F +q4GCiDxOm4LDIsIfyMdTrxj5m5LPGFGPlWdrBJ/0lbiLGmrUTCPFM0Yg0uUVv72v +HGhEmIWCoAAwCgYIKoZIzj0EAwIDaQAwZgIxAJ2V46Z1RFtSNPPOaUkeHmNlT/vT +VMiRYLCILaQiVXfu+z7ac23UsPex1QIDlxlIxgIxANSjHlc5G0suEd/8Ci+/MKMO +oM0RrNFiT7N/yaeZN/kETTez0Ff6uXNwQK4yvqILQQ== +-----END CERTIFICATE REQUEST----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/fschnell.req b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/fschnell.req new file mode 100644 index 0000000..f409c55 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/fschnell.req @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBCzCBkgIBADATMREwDwYDVQQDDAhmc2NobmVsbDB2MBAGByqGSM49AgEGBSuB +BAAiA2IABFON+PT9X8mzTFf2xJN/lEMxCWLK71rYElRZWIQhqlmLWiOptxvo5uOm +dhR1RcfVDIlc557xViptJbgwb0rdgAiwpgfImNbzCgfZYNAAWH/2pWt4U4JEWoEB +VBhvG/SZ+aAAMAoGCCqGSM49BAMCA2gAMGUCMEsBzT78nmPLpK2HRJJxK/BJPcMl +E70gcIm2YIR9qn2L/IQhktELOqoeILMURnR2qAIxAPiSkyKoVp7iRfyq8MvbiJB8 +aIo/blqnEDgi1m0Y/s/wuHRwJAsIn1nK6B55S3jjyA== +-----END CERTIFICATE REQUEST----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/ifabian.req b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/ifabian.req new file mode 100644 index 0000000..3f5f8a1 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/ifabian.req @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBCjCBkQIBADASMRAwDgYDVQQDDAdpZmFiaWFuMHYwEAYHKoZIzj0CAQYFK4EE +ACIDYgAEIQ13ObexQy3poumpO4jNk9UFTbVYBB9DdhuTHsPS2BU33z/UdceBzHj4 +Y4SNSQ1JsnFes3MLqwxb/5poORtqwo6wD7zNaZN5c/LDuQRmhyCQHEvHxOl3hqal +j1mgbQNLoAAwCgYIKoZIzj0EAwIDaAAwZQIxANNPYThD0Cil9d7rU6DohzuVDgYz +TD0zUWxoZh6IuyCkhueEgO7v3zI+7HHwUdF0mwIwFTMXmxUmGFcIkFziUk2Ccwf2 +WAwQHouAeMguwDd5XVl7+6pFmJ9bXXHm+sPumuFs +-----END CERTIFICATE REQUEST----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/khorvath.req b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/khorvath.req new file mode 100644 index 0000000..d290384 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/khorvath.req @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBCzCBkgIBADATMREwDwYDVQQDDAhraG9ydmF0aDB2MBAGByqGSM49AgEGBSuB +BAAiA2IABKthOt6JTg5j6shrmBqLxPly9L+yDuuU7wRsqeR4U/mor2oUmyfpF0XH ++Z7k01lDnBPHFWOAjqqs/JpVWWR8Yj0sUCCX0cEeIpRTdEpfMPugPbrgnS7icK9z +pcAyRXcuIKAAMAoGCCqGSM49BAMCA2gAMGUCMQChfy+YUCLrhvagP6wcWV9dSu5x +7PrKDJGAuqcdufaFxn6PGG+K4szyrBkvGh5y6UcCMB0dpGJcz9ObOclOdg8XT2om +5xqYIwcmh1P94/Nu41VCudq9XfTo3uovuleqhFfIXw== +-----END CERTIFICATE REQUEST----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/kkele.req b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/kkele.req new file mode 100644 index 0000000..80ad5d1 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/kkele.req @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBCDCBjwIBADAQMQ4wDAYDVQQDDAVra2VsZTB2MBAGByqGSM49AgEGBSuBBAAi +A2IABCU+o73JJ166xjBoD5AXlIlpMARwaroWQD0ECO0ALaLERarbr4XSpkB7aYW8 +z5pBZgtNGsSCU7DRy1OYOZAREV7nmKezcTGxVb4H7+1q59zpOP0D/NVS7aja3ogi +bcKACqAAMAoGCCqGSM49BAMCA2gAMGUCMQC5ojkTrBXwECnhKwXfpjPyD3X4QHKV +wMU8UkTW7GrcFujaRmrwdAmaX6FaN53Tls4CMB9NYoHASiHQ6LBFFGF5VV4VIhhU +JOAXEGDvA7n4OZIqSWBHKsl9ZMFdJFR8NqTE7g== +-----END CERTIFICATE REQUEST----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/kschaffer.req b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/kschaffer.req new file mode 100644 index 0000000..442c381 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/kschaffer.req @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBCzCBkwIBADAUMRIwEAYDVQQDDAlrc2NoYWZmZXIwdjAQBgcqhkjOPQIBBgUr +gQQAIgNiAAT8XrPkKTSz0CgjErlKqoVhKs0Wm/k43AYysTkPiZ/fqm4ccJnb6apd +Iev2bY/mayW99uZIL3XuFhCl5VTXMn5uJh3CjniAnmk/UDg2QzZClfVCsyIvbIu9 +yixA6j+Ezr6gADAKBggqhkjOPQQDAgNnADBkAjBk4JB3mbZLPtoFbXPWPM3lfVpw +PHE7VkQtQ+E0BX8IrFU8R4T1nImdk2XIVWxsNQcCMEyksu0iBhXGmYeMOeyROERD +L2/cc1nKZlgksMZgRV9jtisRGqEz5xk8R06jF9CuKQ== +-----END CERTIFICATE REQUEST----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/mszabo.req b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/mszabo.req new file mode 100644 index 0000000..61bd9d8 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/mszabo.req @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBCjCBkAIBADARMQ8wDQYDVQQDDAZtc3phYm8wdjAQBgcqhkjOPQIBBgUrgQQA +IgNiAARpwIYnofp0Khgh3NTRS7Nu1RYGt1CNOlyG6rklhL1OZdl8MxOOY2TLcDk6 +rKXQaE31qvFWjFURJtPDwEoQeDV9ulb2mvWvPWu+refinA7sQrJJ4/jWNg3dVvvj +wH005S6gADAKBggqhkjOPQQDAgNpADBmAjEA4dPM+R0J+e6PZUREJgSuu19ZTJ55 +d724QwCa9e4g183kbH4tFDKw+AbGh/Mqa9aFAjEA2WoHY3D8qjqqHIg1y8AL3emC +NWIKOC6CcDIdIEDW9K2ozHFWsrFl/v/V95acH1yb +-----END CERTIFICATE REQUEST----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/ptombor.req b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/ptombor.req new file mode 100644 index 0000000..451a340 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/ptombor.req @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBCjCBkQIBADASMRAwDgYDVQQDDAdwdG9tYm9yMHYwEAYHKoZIzj0CAQYFK4EE +ACIDYgAEsHpiQxCLS64+E8sQs4yFTbt032G7KwoI+xXihQkF7o/0ZUNL/u88WKwG +Eejk1Ot8491B4CT3GQfuSP1plnQe+vK5FUHIcGRTfXAKRvD+8WNzzLy84GgN6YJS +8xlTpBPNoAAwCgYIKoZIzj0EAwIDaAAwZQIxAIN3/Ml9/EUkSfmMocYrw7o2FhjD +JPwT4CwoXhHOi0v3G+oiYUngpSu/MrNH8Cv6WQIwO5rXLP+JSoq7JuwhcTaq/Wvk +6DHRBNQruYut4L9XkKuQMFx+SWtVey4lbGv/Q2WB +-----END CERTIFICATE REQUEST----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/qqcs.req b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/qqcs.req new file mode 100644 index 0000000..3f14732 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/qqcs.req @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBBzCBjgIBADAPMQ0wCwYDVQQDDARxcWNzMHYwEAYHKoZIzj0CAQYFK4EEACID +YgAEmraZ2MksklQqnFijGod805BLMQlxmmVvngSPUtwTIw/QQ29vzYcb9kPhuEXi +wiHiwcoT+FzUfETEjtLY1MJedomTG3Q3iC7DHj6AstAvYkSmy3MgZ5TtsQpkQHFk +IvhqoAAwCgYIKoZIzj0EAwIDaAAwZQIxANIOQeE5+Y+D7xxSr09YKCkxDu+hTEAJ +0Jdl6RsN1yAYXwQC+uDpuLFtFK6wCfkkTwIwYfHncH/VLj3FiGU9r020n1Ty7Kgm +fzBqu2obFv7v0SoRuVaY8lMEo1kLMel3uaGI +-----END CERTIFICATE REQUEST----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/rrendek.req b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/rrendek.req new file mode 100644 index 0000000..ddaf795 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/rrendek.req @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBCTCBkQIBADASMRAwDgYDVQQDDAdycmVuZGVrMHYwEAYHKoZIzj0CAQYFK4EE +ACIDYgAEkxQ/JE5FG7mZLT/d3jTv/tKSBAKnFaITcGPDLXzJTOG5PRbaS4Kr9PgS ++5dn+VztqJ9Zpo+VB2BRrtExovN7hI4iEs8VnfIoeW+ugXpPjRfIUUBdAIq+17yJ +nFxqdCa9oAAwCgYIKoZIzj0EAwIDZwAwZAIwU1YFf95rKyPzWcPqh6J7T86anGPp +u4JOI3owLMqVkmNDRFHaX0MiKC0fK2K6F9KhAjB9PNfnF+U+XUzURgBk/k1gmhN3 +dIP8qzSNG7xr/q2zX9T2+kWwr8cujVk9SdMZvs8= +-----END CERTIFICATE REQUEST----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/rtoth.req b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/rtoth.req new file mode 100644 index 0000000..d9187e4 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/rtoth.req @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBCTCBjwIBADAQMQ4wDAYDVQQDDAVydG90aDB2MBAGByqGSM49AgEGBSuBBAAi +A2IABHp+IT806XQZu79+nivEYv2tn+2CgwBdOVMUgUQPK7yobuMQAP14hdJ2Er2K +PQ2MRczv0i4XsNYKaMl6EvW030QRJ9oiS0SMT9nTfL7udqFbS67N/kDRQ5o7/ZoT +xmiwOKAAMAoGCCqGSM49BAMCA2kAMGYCMQC5dDTbGjhQEFuZePDLLuofjiATkKWT +uUCYIL/BejVZGrsWJr2gVfPvaqfKTlWPJoACMQCXPk3IxAlRRYT0j/OVGyHn+/zd +/2zfmtoy7va1LXKTs0C0nZN68kF7UrKvtKxyFMg= +-----END CERTIFICATE REQUEST----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/server.req b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/server.req new file mode 100644 index 0000000..a501508 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/server.req @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBCTCBkAIBADARMQ8wDQYDVQQDDAZzZXJ2ZXIwdjAQBgcqhkjOPQIBBgUrgQQA +IgNiAATzDoVNelF1JjXnVgkBT6e0dceYVafKIYi/DXopwO345fq7S/dzY5y1N7y2 +syQ8RnPQRk8lfLaYLwOFsBMRb8EKpM7RcB/0YPzMKSXAuSJhWCLWP9L2Z58G7Nqf +s8of2p2gADAKBggqhkjOPQQDAgNoADBlAjAi4XYb4RfwUZhl6anNeeyPjC+hc0a7 ++VDfP7JO/jT1ZJMUu2pWyxWYSQnQeDLcDagCMQDXSrimsm3eOCxtHArtRmnaQ2co +wyrc2q+Nf/7+7O8NIsdAWEcIDDmO4hNw0Gn+LBM= +-----END CERTIFICATE REQUEST----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/zbartakovics.req b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/zbartakovics.req new file mode 100644 index 0000000..26b7fec --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/zbartakovics.req @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBDzCBlgIBADAXMRUwEwYDVQQDDAx6YmFydGFrb3ZpY3MwdjAQBgcqhkjOPQIB +BgUrgQQAIgNiAASON4qsM7ElO0hjsYtJaNOiVre2aw7e7Z9+DsmMjR83gd6ZHO7Y +dKzgc8uTvcZvMqIwrtaHk1kNswlnuvxLQ1Ss0oYsSgiRCNXvF060ZcNpVT9ltRhZ +MegXIQTrrxHjsFagADAKBggqhkjOPQQDAgNoADBlAjEAtI4zlXdoRKDV6MsMmQlj +HcNTayQ6SFCc8uZzXOS+GvKWNN05yJX7aJVpKhV64XbMAjBe20XbfTvkdOLrVYb5 +mnJ27Jj9aobYl3ILafAPOgthBX/t9YA2UCzCr5eJujxmLZM= +-----END CERTIFICATE REQUEST----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/zfelleg.req b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/zfelleg.req new file mode 100644 index 0000000..e3f69c4 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/zfelleg.req @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBCzCBkQIBADASMRAwDgYDVQQDDAd6ZmVsbGVnMHYwEAYHKoZIzj0CAQYFK4EE +ACIDYgAEz9SPiBWiXxpdLd1RKw3xbgtNi4FnrDd1Cxr6+ghbTErRm2Pftt+93BR1 +R8N3bA72wXshS12RfpN+OawHaYYVn9iyhe4uJCS34RIq2QRb8yKeLPM6qjwN3igT +i3q2cmIooAAwCgYIKoZIzj0EAwIDaQAwZgIxAN9ivd74Lzh+SsAoemHUqu6rhugM +/wd54dqiap/Ckjr5SkEh2LxEGqlnMI6P9UpuzQIxAJzLyLFUg7OseNKzLCuXGJNu +AOj3ZW41qcegZuZ1hEsWtkpdCLmrQIMRh0hNNT5JeQ== +-----END CERTIFICATE REQUEST----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/zsnemes.req b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/zsnemes.req new file mode 100644 index 0000000..609e648 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/reqs/zsnemes.req @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBCzCBkQIBADASMRAwDgYDVQQDDAd6c25lbWVzMHYwEAYHKoZIzj0CAQYFK4EE +ACIDYgAE751tg9VqwqzZpZ834I/MoThmh7jtszo7swTeyVRyTMUOUIEPnozNJ2GZ +JVj2tMgMCy6VTqRksSW3MvUYYps6Zd48X7PDnTA0sqVFGLgXpu9HKUhW4P+TSqgh +6Rv0cWN+oAAwCgYIKoZIzj0EAwIDaQAwZgIxAORI2d67T/kCfaAb3HmYNzE8tJSV +a0JlXSbyNNR8qzE4y99kg+2Y45FqDiFwMWHrkgIxAIB2LM6T0Pr3bgM1dSanGIMy +6A/alMG5hUjyZrDE9R9GmS/kqEw5IVMWwzCA8I8vKA== +-----END CERTIFICATE REQUEST----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/serial b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/serial new file mode 100644 index 0000000..039d4ac --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/serial @@ -0,0 +1 @@ +3375 diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/serial.old b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/serial.old new file mode 100644 index 0000000..eb698d4 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/serial.old @@ -0,0 +1 @@ +3374 diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/ta.key b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/ta.key new file mode 100644 index 0000000..5ba97ef --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/pki/ta.key @@ -0,0 +1,21 @@ +# +# 2048 bit OpenVPN static key +# +-----BEGIN OpenVPN Static key V1----- +e2c3228e2b7b2e06ea31c36d88f0b025 +a43272d29c5e75ce0e0d848a22455f7f +2fbbe2913630194ca637d987b9c9a62d +4e68ce4cb9cc00a13475e749fdbf98c9 +cae6c8c4ef8e5b8bbf6d0cd30c217625 +382064df6f2fba84d572f0b462530549 +462ef72ebdf83b41bb1c25467d516938 +b9b82d3a5a6ba072c5ca7c1ed54500f1 +932f175f377cbf6a9250690eb36cf05b +8d04c22756cb43d787d5c6efbbe78732 +02cdc11cf66cef8ccf0842f6f3de425a +e0c1f29111e7aaf091b97b3958a35066 +94ba9f615b622339e6151314c6ea6014 +518c7ea5e064965985afab9a4bbba63e +80fb88e0ab45db4f734c1650dcd01810 +c201d2efe838b414674643ce2d05fdab +-----END OpenVPN Static key V1----- diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/vars b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/vars new file mode 100644 index 0000000..4567b93 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/vars @@ -0,0 +1,199 @@ +# Easy-RSA 3 parameter settings + +# NOTE: If you installed Easy-RSA from your distro's package manager, don't edit +# this file in place -- instead, you should copy the entire easy-rsa directory +# to another location so future upgrades don't wipe out your changes. + +# HOW TO USE THIS FILE +# +# vars.example contains built-in examples to Easy-RSA settings. You MUST name +# this file 'vars' if you want it to be used as a configuration file. If you do +# not, it WILL NOT be automatically read when you call easyrsa commands. +# +# It is not necessary to use this config file unless you wish to change +# operational defaults. These defaults should be fine for many uses without the +# need to copy and edit the 'vars' file. +# +# All of the editable settings are shown commented and start with the command +# 'set_var' -- this means any set_var command that is uncommented has been +# modified by the user. If you're happy with a default, there is no need to +# define the value to its default. + +# NOTES FOR WINDOWS USERS +# +# Paths for Windows *MUST* use forward slashes, or optionally double-esscaped +# backslashes (single forward slashes are recommended.) This means your path to +# the openssl binary might look like this: +# "C:/Program Files/OpenSSL-Win32/bin/openssl.exe" + +# A little housekeeping: DON'T EDIT THIS SECTION +# +# Easy-RSA 3.x doesn't source into the environment directly. +# Complain if a user tries to do this: +if [ -z "$EASYRSA_CALLER" ]; then + echo "You appear to be sourcing an Easy-RSA 'vars' file." >&2 + echo "This is no longer necessary and is disallowed. See the section called" >&2 + echo "'How to use this file' near the top comments for more details." >&2 + return 1 +fi + +# DO YOUR EDITS BELOW THIS POINT + +# This variable should point to the top level of the easy-rsa tree. By default, +# this is taken to be the directory you are currently in. + +#set_var EASYRSA "$PWD" + +# If your OpenSSL command is not in the system PATH, you will need to define the +# path to it here. Normally this means a full path to the executable, otherwise +# you could have left it undefined here and the shown default would be used. +# +# Windows users, remember to use paths with forward-slashes (or escaped +# back-slashes.) Windows users should declare the full path to the openssl +# binary here if it is not in their system PATH. + +#set_var EASYRSA_OPENSSL "openssl" +# +# This sample is in Windows syntax -- edit it for your path if not using PATH: +#set_var EASYRSA_OPENSSL "C:/Program Files/OpenSSL-Win32/bin/openssl.exe" + +# Edit this variable to point to your soon-to-be-created key directory. +# +# WARNING: init-pki will do a rm -rf on this directory so make sure you define +# it correctly! (Interactive mode will prompt before acting.) + +#set_var EASYRSA_PKI "$EASYRSA/pki" + +# Define X509 DN mode. +# This is used to adjust what elements are included in the Subject field as the DN +# (this is the "Distinguished Name.") +# Note that in cn_only mode the Organizational fields further below aren't used. +# +# Choices are: +# cn_only - use just a CN value +# org - use the "traditional" Country/Province/City/Org/OU/email/CN format + +#set_var EASYRSA_DN "cn_only" + +# Organizational fields (used with 'org' mode and ignored in 'cn_only' mode.) +# These are the default values for fields which will be placed in the +# certificate. Don't leave any of these fields blank, although interactively +# you may omit any specific field by typing the "." symbol (not valid for +# email.) + +#set_var EASYRSA_REQ_COUNTRY "US" +#set_var EASYRSA_REQ_PROVINCE "California" +#set_var EASYRSA_REQ_CITY "San Francisco" +#set_var EASYRSA_REQ_ORG "Copyleft Certificate Co" +#set_var EASYRSA_REQ_EMAIL "me@example.net" +#set_var EASYRSA_REQ_OU "My Organizational Unit" + +# Choose a size in bits for your keypairs. The recommended value is 2048. Using +# 2048-bit keys is considered more than sufficient for many years into the +# future. Larger keysizes will slow down TLS negotiation and make key/DH param +# generation take much longer. Values up to 4096 should be accepted by most +# software. Only used when the crypto alg is rsa (see below.) + +#set_var EASYRSA_KEY_SIZE 2048 + +# The default crypto mode is rsa; ec can enable elliptic curve support. +# Note that not all software supports ECC, so use care when enabling it. +# Choices for crypto alg are: (each in lower-case) +# * rsa +# * ec + +set_var EASYRSA_ALGO ec + +# Define the named curve, used in ec mode only: + +#set_var EASYRSA_CURVE secp384r1 + +# In how many days should the root CA key expire? + +#set_var EASYRSA_CA_EXPIRE 3650 + +# In how many days should certificates expire? + +#set_var EASYRSA_CERT_EXPIRE 3650 + +# How many days until the next CRL publish date? Note that the CRL can still be +# parsed after this timeframe passes. It is only used for an expected next +# publication date. + +#set_var EASYRSA_CRL_DAYS 180 + +# Support deprecated "Netscape" extensions? (choices "yes" or "no".) The default +# is "no" to discourage use of deprecated extensions. If you require this +# feature to use with --ns-cert-type, set this to "yes" here. This support +# should be replaced with the more modern --remote-cert-tls feature. If you do +# not use --ns-cert-type in your configs, it is safe (and recommended) to leave +# this defined to "no". When set to "yes", server-signed certs get the +# nsCertType=server attribute, and also get any NS_COMMENT defined below in the +# nsComment field. + +#set_var EASYRSA_NS_SUPPORT "no" + +# When NS_SUPPORT is set to "yes", this field is added as the nsComment field. +# Set this blank to omit it. With NS_SUPPORT set to "no" this field is ignored. + +#set_var EASYRSA_NS_COMMENT "Easy-RSA Generated Certificate" + +# A temp file used to stage cert extensions during signing. The default should +# be fine for most users; however, some users might want an alternative under a +# RAM-based FS, such as /dev/shm or /tmp on some systems. + +#set_var EASYRSA_TEMP_FILE "$EASYRSA_PKI/extensions.temp" + +# !! +# NOTE: ADVANCED OPTIONS BELOW THIS POINT +# PLAY WITH THEM AT YOUR OWN RISK +# !! + +# Broken shell command aliases: If you have a largely broken shell that is +# missing any of these POSIX-required commands used by Easy-RSA, you will need +# to define an alias to the proper path for the command. The symptom will be +# some form of a 'command not found' error from your shell. This means your +# shell is BROKEN, but you can hack around it here if you really need. These +# shown values are not defaults: it is up to you to know what you're doing if +# you touch these. +# +#alias awk="/alt/bin/awk" +#alias cat="/alt/bin/cat" + +# X509 extensions directory: +# If you want to customize the X509 extensions used, set the directory to look +# for extensions here. Each cert type you sign must have a matching filename, +# and an optional file named 'COMMON' is included first when present. Note that +# when undefined here, default behaviour is to look in $EASYRSA_PKI first, then +# fallback to $EASYRSA for the 'x509-types' dir. You may override this +# detection with an explicit dir here. +# +#set_var EASYRSA_EXT_DIR "$EASYRSA/x509-types" + +# OpenSSL config file: +# If you need to use a specific openssl config file, you can reference it here. +# Normally this file is auto-detected from a file named openssl-1.0.cnf from the +# EASYRSA_PKI or EASYRSA dir (in that order.) NOTE that this file is Easy-RSA +# specific and you cannot just use a standard config file, so this is an +# advanced feature. + +#set_var EASYRSA_SSL_CONF "$EASYRSA/openssl-1.0.cnf" + +# Default CN: +# This is best left alone. Interactively you will set this manually, and BATCH +# callers are expected to set this themselves. + +#set_var EASYRSA_REQ_CN "ChangeMe" + +# Cryptographic digest to use. +# Do not change this default unless you understand the security implications. +# Valid choices include: md5, sha1, sha256, sha224, sha384, sha512 + +#set_var EASYRSA_DIGEST "sha256" + +# Batch mode. Leave this disabled unless you intend to call Easy-RSA explicitly +# in batch mode without any user input, confirmation on dangerous operations, +# or most output. Setting this to any non-blank string enables batch mode. + +#set_var EASYRSA_BATCH "" + diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/x509-types/COMMON b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/x509-types/COMMON new file mode 100644 index 0000000..3e9b633 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/x509-types/COMMON @@ -0,0 +1,7 @@ +# X509 extensions added to every signed cert + +# This file is included for every cert signed, and by default does nothing. +# It could be used to add values every cert should have, such as a CDP as +# demonstrated in the following example: + +#crlDistributionPoints = URI:http://example.net/pki/my_ca.crl diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/x509-types/ca b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/x509-types/ca new file mode 100644 index 0000000..ef525b6 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/x509-types/ca @@ -0,0 +1,13 @@ +# X509 extensions for a ca + +# Note that basicConstraints will be overridden by Easy-RSA when defining a +# CA_PATH_LEN for CA path length limits. You could also do this here +# manually as in the following example in place of the existing line: +# +# basicConstraints = CA:TRUE, pathlen:1 + +basicConstraints = CA:TRUE +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer:always +keyUsage = cRLSign, keyCertSign + diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/x509-types/client b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/x509-types/client new file mode 100644 index 0000000..a7d81af --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/x509-types/client @@ -0,0 +1,8 @@ +# X509 extensions for a client + +basicConstraints = CA:FALSE +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer:always +extendedKeyUsage = clientAuth +keyUsage = digitalSignature + diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/x509-types/server b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/x509-types/server new file mode 100644 index 0000000..bc024be --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/easy-rsa/x509-types/server @@ -0,0 +1,8 @@ +# X509 extensions for a server + +basicConstraints = CA:FALSE +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer:always +extendedKeyUsage = serverAuth +keyUsage = digitalSignature,keyEncipherment + diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/server.conf b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/server.conf new file mode 100644 index 0000000..e3b8c91 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/server/server.conf @@ -0,0 +1,323 @@ +################################################# +# Sample OpenVPN 2.0 config file for # +# multi-client server. # +# # +# This file is for the server side # +# of a many-clients <-> one-server # +# OpenVPN configuration. # +# # +# OpenVPN also supports # +# single-machine <-> single-machine # +# configurations (See the Examples page # +# on the web site for more info). # +# # +# This config should work on Windows # +# or Linux/BSD systems. Remember on # +# Windows to quote pathnames and use # +# double backslashes, e.g.: # +# "C:\\Program Files\\OpenVPN\\config\\foo.key" # +# # +# Comments are preceded with '#' or ';' # +################################################# + +# Which local IP address should OpenVPN +# listen on? (optional) +;local a.b.c.d + +# Which TCP/UDP port should OpenVPN listen on? +# If you want to run multiple OpenVPN instances +# on the same machine, use a different port +# number for each one. You will need to +# open up this port on your firewall. +port 1194 + +# TCP or UDP server? +;proto tcp +proto udp + +# "dev tun" will create a routed IP tunnel, +# "dev tap" will create an ethernet tunnel. +# Use "dev tap0" if you are ethernet bridging +# and have precreated a tap0 virtual interface +# and bridged it with your ethernet interface. +# If you want to control access policies +# over the VPN, you must create firewall +# rules for the the TUN/TAP interface. +# On non-Windows systems, you can give +# an explicit unit number, such as tun0. +# On Windows, use "dev-node" for this. +# On most systems, the VPN will not function +# unless you partially or fully disable +# the firewall for the TUN/TAP interface. +;dev tap +dev tun + +# Windows needs the TAP-Win32 adapter name +# from the Network Connections panel if you +# have more than one. On XP SP2 or higher, +# you may need to selectively disable the +# Windows firewall for the TAP adapter. +# Non-Windows systems usually don't need this. +;dev-node MyTap + +# SSL/TLS root certificate (ca), certificate +# (cert), and private key (key). Each client +# and the server must have their own cert and +# key file. The server and all clients will +# use the same ca file. +# +# See the "easy-rsa" directory for a series +# of scripts for generating RSA certificates +# and private keys. Remember to use +# a unique Common Name for the server +# and each of the client certificates. +# +# Any X509 key management system can be used. +# OpenVPN can also use a PKCS #12 formatted key file +# (see "pkcs12" directive in man page). +ca easy-rsa/pki/ca.crt +cert easy-rsa/pki/issued/server.crt +key easy-rsa/pki/private/server.key # This file should be kept secret +crl-verify easy-rsa/pki/crl.pem + +# Diffie hellman parameters. +# Generate your own with: +# openssl dhparam -out dh2048.pem 2048 +#dh dh2048.pem +dh easy-rsa/pki/dh.pem + +# Network topology +# Should be subnet (addressing via IP) +# unless Windows clients v2.0.9 and lower have to +# be supported (then net30, i.e. a /30 per client) +# Defaults to net30 (not recommended) +;topology subnet + +# Configure server mode and supply a VPN subnet +# for OpenVPN to draw client addresses from. +# The server will take 10.8.0.1 for itself, +# the rest will be made available to clients. +# Each client will be able to reach the server +# on 10.8.0.1. Comment this line out if you are +# ethernet bridging. See the man page for more info. +server 172.16.223.0 255.255.255.0 + +# Maintain a record of client <-> virtual IP address +# associations in this file. If OpenVPN goes down or +# is restarted, reconnecting clients can be assigned +# the same virtual IP address from the pool that was +# previously assigned. +ifconfig-pool-persist ipp.txt + +# Configure server mode for ethernet bridging. +# You must first use your OS's bridging capability +# to bridge the TAP interface with the ethernet +# NIC interface. Then you must manually set the +# IP/netmask on the bridge interface, here we +# assume 10.8.0.4/255.255.255.0. Finally we +# must set aside an IP range in this subnet +# (start=10.8.0.50 end=10.8.0.100) to allocate +# to connecting clients. Leave this line commented +# out unless you are ethernet bridging. +;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100 + +# Configure server mode for ethernet bridging +# using a DHCP-proxy, where clients talk +# to the OpenVPN server-side DHCP server +# to receive their IP address allocation +# and DNS server addresses. You must first use +# your OS's bridging capability to bridge the TAP +# interface with the ethernet NIC interface. +# Note: this mode only works on clients (such as +# Windows), where the client-side TAP adapter is +# bound to a DHCP client. +;server-bridge + +# Push routes to the client to allow it +# to reach other private subnets behind +# the server. Remember that these +# private subnets will also need +# to know to route the OpenVPN client +# address pool (10.8.0.0/255.255.255.0) +# back to the OpenVPN server. +;push "route 192.168.10.0 255.255.255.0" +;push "route 192.168.20.0 255.255.255.0" +push "route 10.228.0.0 255.255.0.0" +push "route 192.168.42.0 255.255.255.0" +push "route 192.168.43.0 255.255.255.0" + +# To assign specific IP addresses to specific +# clients or if a connecting client has a private +# subnet behind it that should also have VPN access, +# use the subdirectory "ccd" for client-specific +# configuration files (see man page for more info). +client-config-dir ccd +route 10.162.104.0 255.255.255.0 + +# EXAMPLE: Suppose the client +# having the certificate common name "Thelonious" +# also has a small subnet behind his connecting +# machine, such as 192.168.40.128/255.255.255.248. +# First, uncomment out these lines: +;client-config-dir ccd +;route 192.168.40.128 255.255.255.248 +# Then create a file ccd/Thelonious with this line: +# iroute 192.168.40.128 255.255.255.248 +# This will allow Thelonious' private subnet to +# access the VPN. This example will only work +# if you are routing, not bridging, i.e. you are +# using "dev tun" and "server" directives. + +# EXAMPLE: Suppose you want to give +# Thelonious a fixed VPN IP address of 10.9.0.1. +# First uncomment out these lines: +;client-config-dir ccd +;route 10.9.0.0 255.255.255.252 +# Then add this line to ccd/Thelonious: +# ifconfig-push 10.9.0.1 10.9.0.2 + +# Suppose that you want to enable different +# firewall access policies for different groups +# of clients. There are two methods: +# (1) Run multiple OpenVPN daemons, one for each +# group, and firewall the TUN/TAP interface +# for each group/daemon appropriately. +# (2) (Advanced) Create a script to dynamically +# modify the firewall in response to access +# from different clients. See man +# page for more info on learn-address script. +;learn-address ./script + +# If enabled, this directive will configure +# all clients to redirect their default +# network gateway through the VPN, causing +# all IP traffic such as web browsing and +# and DNS lookups to go through the VPN +# (The OpenVPN server machine may need to NAT +# or bridge the TUN/TAP interface to the internet +# in order for this to work properly). +;push "redirect-gateway def1 bypass-dhcp" + +# Certain Windows-specific network settings +# can be pushed to clients, such as DNS +# or WINS server addresses. CAVEAT: +# http://openvpn.net/faq.html#dhcpcaveats +# The addresses below refer to the public +# DNS servers provided by opendns.com. +;push "dhcp-option DNS 208.67.222.222" +;push "dhcp-option DNS 208.67.220.220" +push "dhcp-option DNS 10.228.109.253" + +# Uncomment this directive to allow different +# clients to be able to "see" each other. +# By default, clients will only see the server. +# To force clients to only see the server, you +# will also need to appropriately firewall the +# server's TUN/TAP interface. +;client-to-client + +# Uncomment this directive if multiple clients +# might connect with the same certificate/key +# files or common names. This is recommended +# only for testing purposes. For production use, +# each client should have its own certificate/key +# pair. +# +# IF YOU HAVE NOT GENERATED INDIVIDUAL +# CERTIFICATE/KEY PAIRS FOR EACH CLIENT, +# EACH HAVING ITS OWN UNIQUE "COMMON NAME", +# UNCOMMENT THIS LINE OUT. +;duplicate-cn + +# The keepalive directive causes ping-like +# messages to be sent back and forth over +# the link so that each side knows when +# the other side has gone down. +# Ping every 10 seconds, assume that remote +# peer is down if no ping received during +# a 120 second time period. +keepalive 10 120 + +# For extra security beyond that provided +# by SSL/TLS, create an "HMAC firewall" +# to help block DoS attacks and UDP port flooding. +# +# Generate with: +# openvpn --genkey --secret ta.key +# +# The server and each client must have +# a copy of this key. +# The second parameter should be '0' +# on the server and '1' on the clients. +tls-auth easy-rsa/pki/ta.key 0 # This file is secret + +# Select a cryptographic cipher. +# This config item must be copied to +# the client config file as well. +# Note that 2.4 client/server will automatically +# negotiate AES-256-GCM in TLS mode. +# See also the ncp-cipher option in the manpage +cipher AES-256-CBC + +# Enable compression on the VPN link and push the +# option to the client (2.4+ only, for earlier +# versions see below) +;compress lz4-v2 +;push "compress lz4-v2" + +# For compression compatible with older clients use comp-lzo +# If you enable it here, you must also +# enable it in the client config file. +;comp-lzo + +# The maximum number of concurrently connected +# clients we want to allow. +;max-clients 100 + +# It's a good idea to reduce the OpenVPN +# daemon's privileges after initialization. +# +# You can uncomment this out on +# non-Windows systems. +user nobody +group nobody + +# The persist options will try to avoid +# accessing certain resources on restart +# that may no longer be accessible because +# of the privilege downgrade. +persist-key +persist-tun + +# Output a short status file showing +# current connections, truncated +# and rewritten every minute. +status openvpn-status.log + +# By default, log messages will go to the syslog (or +# on Windows, if running as a service, they will go to +# the "\Program Files\OpenVPN\log" directory). +# Use log or log-append to override this default. +# "log" will truncate the log file on OpenVPN startup, +# while "log-append" will append to it. Use one +# or the other (but not both). +;log openvpn.log +;log-append openvpn.log + +# Set the appropriate level of log +# file verbosity. +# +# 0 is silent, except for fatal errors +# 4 is reasonable for general usage +# 5 and 6 can help to debug connection problems +# 9 is extremely verbose +verb 3 + +# Silence repeating messages. At most 20 +# sequential messages of the same message +# category will be output to the log. +;mute 20 + +# Notify the client that when the server restarts so it +# can automatically reconnect. +explicit-exit-notify 1 diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/setupscripts/10_setupserver.sh b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/setupscripts/10_setupserver.sh new file mode 100755 index 0000000..7a5ca1f --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/setupscripts/10_setupserver.sh @@ -0,0 +1,57 @@ +#!/bin/sh + + +REAL_PATH=$(realpath $(dirname $0)) +ERSA_PATH=/etc/openvpn/server/easy-rsa +ERSA_VERSION=$(rpm --query --queryformat "%{VERSION}\n" easy-rsa) +PKI_PATH=$ERSA_PATH/pki + + +if [ ! -d $PKI_PATH ] +then + if [ -d $ERSA_PATH ] + then + mv $ERSA_PATH ${ERSA_PATH}.orig + fi + mkdir $ERSA_PATH + cp -a /usr/share/doc/easy-rsa/vars.example $ERSA_PATH/vars + cp -a /usr/share/easy-rsa/$ERSA_VERSION/easyrsa $ERSA_PATH + cp -a /usr/share/easy-rsa/$ERSA_VERSION/openssl-1.0.cnf $ERSA_PATH + cp -a /usr/share/easy-rsa/$ERSA_VERSION/x509-types $ERSA_PATH + cd $ERSA_PATH + echo "Edit (review only) $ERSA_PATH/openssl-1.0.cnf" + read + vi $ERSA_PATH/openssl-1.0.cnf + echo "Edit (set EASYRSA_ALGO to ec) $ERSA_PATH/vars" + echo "Optionally set EASYRSA_CURVE to one of \$(openssl ecparam -list_curves)" + read + vi $ERSA_PATH/vars + + echo "Run ./easyrsa init-pki" + read + ./easyrsa init-pki + echo "Run ./easyrsa build-ca nopass" + read + ./easyrsa build-ca nopass + echo "Run ./easyrsa gen-crl" + read + ./easyrsa gen-crl + echo "Run ./easyrsa gen-req server nopass" + read + ./easyrsa gen-req server nopass + echo "Run ./easyrsa sign-req server server" + read + ./easyrsa sign-req server server + echo "Run ./easyrsa gen-dh" + read + ./easyrsa gen-dh + echo "Run openvpn --genkey --secret pki/ta.key" + read + openvpn --genkey --secret pki/ta.key + echo "Check server.conf" + read + #echo "Run ./easyrsa gen-req nopass" + #echo "Run ./easyrsa sign-req client " + echo "Run ./20_getuids.sh" + echo "Run ./30_create_client.sh" +fi diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/setupscripts/20_getuids.sh b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/setupscripts/20_getuids.sh new file mode 100755 index 0000000..c5e7e01 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/setupscripts/20_getuids.sh @@ -0,0 +1,35 @@ +#!/bin/sh + + +REAL_PATH=$(realpath $(dirname $0)) + + +>$REAL_PATH/SEED.txt +>$REAL_PATH/UIDS.txt +grep '^[a-z]' $REAL_PATH/NAMES.txt | while read LOGIN_NAME +do + LOGIN_MD5SUM=$(echo $LOGIN_NAME | md5sum | awk '{print $1}') + UID_POSITION=30 + UID_IS_UNIQUE=0 + while [ $UID_IS_UNIQUE -eq 0 ] + do + LOGIN_UID=$(echo $LOGIN_MD5SUM | cut -c ${UID_POSITION}- | cut -c 1-3) + grep $LOGIN_UID $REAL_PATH/SEED.txt >/dev/null 2>&1 + if [ $? -eq 1 ] + then + INT_UID=$(python3 -c "print(10000 + int('$LOGIN_UID', 16))") + HEX_UID=$(python3 -c "print(hex($INT_UID))") + echo $LOGIN_NAME $LOGIN_MD5SUM $LOGIN_UID $INT_UID $HEX_UID + echo $LOGIN_UID >>$REAL_PATH/SEED.txt + echo $LOGIN_NAME $INT_UID $HEX_UID >>$REAL_PATH/UIDS.txt + UID_IS_UNIQUE=1 + else + UID_POSITION=$(( $UID_POSITION - 1 )) + if [ $UID_POSITION -eq 0 ] + then + echo "Cannot generate unique uid for $LOGIN_NAME" >&2 + exit 1 + fi + fi + done +done diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/setupscripts/30_create_client.sh b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/setupscripts/30_create_client.sh new file mode 100755 index 0000000..54ed5a9 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/setupscripts/30_create_client.sh @@ -0,0 +1,52 @@ +#!/bin/sh + + +REAL_PATH=$(realpath $(dirname $0)) +OVPN_PATH=/etc/openvpn +ERSA_PATH=$OVPN_PATH/server/easy-rsa +PKI_PATH=$ERSA_PATH/pki +CCFG_PATH=$OVPN_PATH/client-config + + +if [ -z "$1" ] +then + echo "Usage: $(basename $0) clientname" +fi + +NAME=$1 +LINE=$(grep "^$NAME " UIDS.txt) +if [ -z "$LINE" ] +then + echo "$NAME not found." >&2 + exit 1 +fi + +SERIAL=$(echo $LINE | awk '{print $3}' | cut -c 3-6) + +if [ -f $CCFG_PATH/${NAME}.conf ] +then + echo "Configuration for $NAME already exists." +else + echo "Generating configuration for ${NAME}." + cd $ERSA_PATH + echo $SERIAL >${PKI_PATH}/serial + ./easyrsa gen-req $NAME nopass + ./easyrsa sign-req client $NAME + cp -a $CCFG_PATH/client.conf.template $CCFG_PATH/${NAME}.conf + echo >>$CCFG_PATH/${NAME}.conf + echo '' >>$CCFG_PATH/${NAME}.conf + cat $PKI_PATH/ca.crt >>$CCFG_PATH/${NAME}.conf + echo '' >>$CCFG_PATH/${NAME}.conf + echo >>$CCFG_PATH/${NAME}.conf + echo '' >>$CCFG_PATH/${NAME}.conf + cat $PKI_PATH/issued/${NAME}.crt >>$CCFG_PATH/${NAME}.conf + echo '' >>$CCFG_PATH/${NAME}.conf + echo >>$CCFG_PATH/${NAME}.conf + echo '' >>$CCFG_PATH/${NAME}.conf + cat $PKI_PATH/private/${NAME}.key >>$CCFG_PATH/${NAME}.conf + echo '' >>$CCFG_PATH/${NAME}.conf + echo >>$CCFG_PATH/${NAME}.conf + echo '' >>$CCFG_PATH/${NAME}.conf + cat $PKI_PATH/ta.key >>$CCFG_PATH/${NAME}.conf + echo '' >>$CCFG_PATH/${NAME}.conf +fi diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/setupscripts/40_create_all_clients.sh b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/setupscripts/40_create_all_clients.sh new file mode 100755 index 0000000..b37fd02 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/setupscripts/40_create_all_clients.sh @@ -0,0 +1,8 @@ +#!/bin/sh + + +cat UIDS.txt | while read LINE +do + NAME=$(echo $LINE | awk '{print $1}') + ./30_create_client.sh $NAME +done diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/setupscripts/99_cleanup.sh b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/setupscripts/99_cleanup.sh new file mode 100755 index 0000000..b87f2f4 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/setupscripts/99_cleanup.sh @@ -0,0 +1,6 @@ +#!/bin/sh + + +REAL_PATH=$(dirname $(realpath $0)) + +echo rm -Rf $REAL_PATH diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/setupscripts/NAMES.txt b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/setupscripts/NAMES.txt new file mode 100644 index 0000000..12f2ae7 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/setupscripts/NAMES.txt @@ -0,0 +1,19 @@ +# Regular users +acsiba +akosztolanyi +azsamboki +bcsoka +csgulyas +dvasary +fritter +fschnell +khorvath +kkele +mszabo +rrendek +zbak +zbartakovics +zfelleg + +# zfelleg's home network +qqcs diff --git a/sources/vpn.usr.f29/postinstall/install/etc/openvpn/setupscripts/README.txt b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/setupscripts/README.txt new file mode 100644 index 0000000..3f768d3 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/openvpn/setupscripts/README.txt @@ -0,0 +1,2 @@ +login name -> uid: 10000+last 3 digits of md5sum(login name) + in case of collision: shift the 3 digits diff --git a/sources/vpn.usr.f29/postinstall/install/etc/sysctl.d/01-ipv4.conf b/sources/vpn.usr.f29/postinstall/install/etc/sysctl.d/01-ipv4.conf new file mode 100644 index 0000000..fb3c483 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/sysctl.d/01-ipv4.conf @@ -0,0 +1,2 @@ +# Enable IPv4 packet forwarding +net.ipv4.ip_forward = 1 diff --git a/sources/vpn.usr.f29/postinstall/install/etc/sysctl.d/01-ipv6.conf b/sources/vpn.usr.f29/postinstall/install/etc/sysctl.d/01-ipv6.conf new file mode 100644 index 0000000..0690211 --- /dev/null +++ b/sources/vpn.usr.f29/postinstall/install/etc/sysctl.d/01-ipv6.conf @@ -0,0 +1,2 @@ +net.ipv6.conf.all.disable_ipv6 = 1 +net.ipv6.conf.svc.disable_ipv6 = 1 -- 2.54.0