From ac53fa77f168daf7657a7acc972b7f1304bd7d2a Mon Sep 17 00:00:00 2001 From: =?utf8?q?Zolt=C3=A1n=20Felleg?= Date: Tue, 7 Apr 2020 18:50:24 +0200 Subject: [PATCH] Updated vpn.in (added client configurations). --- .../openvpn/client-config/akosztolanyi.conf | 238 ++++++++++++++++++ .../etc/openvpn/client-config/azsamboki.conf | 238 ++++++++++++++++++ .../etc/openvpn/client-config/bcsoka.conf | 238 ++++++++++++++++++ .../etc/openvpn/client-config/bme.conf | 237 +++++++++++++++++ .../etc/openvpn/client-config/csgulyas.conf | 238 ++++++++++++++++++ .../etc/openvpn/client-config/cslevai.conf | 238 ++++++++++++++++++ .../etc/openvpn/client-config/dhorvath.conf | 238 ++++++++++++++++++ .../etc/openvpn/client-config/dvasary.conf | 238 ++++++++++++++++++ .../etc/openvpn/client-config/fritter.conf | 238 ++++++++++++++++++ .../etc/openvpn/client-config/fschnell.conf | 238 ++++++++++++++++++ .../etc/openvpn/client-config/ifabian.conf | 238 ++++++++++++++++++ .../etc/openvpn/client-config/khorvath.conf | 238 ++++++++++++++++++ .../etc/openvpn/client-config/kkancz.conf | 238 ++++++++++++++++++ .../etc/openvpn/client-config/kkele.conf | 237 +++++++++++++++++ .../etc/openvpn/client-config/mszabo.conf | 238 ++++++++++++++++++ .../etc/openvpn/client-config/qqcs.conf | 237 +++++++++++++++++ .../etc/openvpn/client-config/rrendek.conf | 238 ++++++++++++++++++ .../etc/openvpn/client-config/thering.conf | 238 ++++++++++++++++++ .../etc/openvpn/client-config/tsuhajda.conf | 238 ++++++++++++++++++ .../openvpn/client-config/zbartakovics.conf | 238 ++++++++++++++++++ .../etc/openvpn/client-config/zfelleg.conf | 238 ++++++++++++++++++ 21 files changed, 4995 insertions(+) create mode 100644 sources/vpn.usr/postinstall/install/etc/openvpn/client-config/akosztolanyi.conf create mode 100644 sources/vpn.usr/postinstall/install/etc/openvpn/client-config/azsamboki.conf create mode 100644 sources/vpn.usr/postinstall/install/etc/openvpn/client-config/bcsoka.conf create mode 100644 sources/vpn.usr/postinstall/install/etc/openvpn/client-config/bme.conf create mode 100644 sources/vpn.usr/postinstall/install/etc/openvpn/client-config/csgulyas.conf create mode 100644 sources/vpn.usr/postinstall/install/etc/openvpn/client-config/cslevai.conf create mode 100644 sources/vpn.usr/postinstall/install/etc/openvpn/client-config/dhorvath.conf create mode 100644 sources/vpn.usr/postinstall/install/etc/openvpn/client-config/dvasary.conf create mode 100644 sources/vpn.usr/postinstall/install/etc/openvpn/client-config/fritter.conf create mode 100644 sources/vpn.usr/postinstall/install/etc/openvpn/client-config/fschnell.conf create mode 100644 sources/vpn.usr/postinstall/install/etc/openvpn/client-config/ifabian.conf create mode 100644 sources/vpn.usr/postinstall/install/etc/openvpn/client-config/khorvath.conf create mode 100644 sources/vpn.usr/postinstall/install/etc/openvpn/client-config/kkancz.conf create mode 100644 sources/vpn.usr/postinstall/install/etc/openvpn/client-config/kkele.conf create mode 100644 sources/vpn.usr/postinstall/install/etc/openvpn/client-config/mszabo.conf create mode 100644 sources/vpn.usr/postinstall/install/etc/openvpn/client-config/qqcs.conf create mode 100644 sources/vpn.usr/postinstall/install/etc/openvpn/client-config/rrendek.conf create mode 100644 sources/vpn.usr/postinstall/install/etc/openvpn/client-config/thering.conf create mode 100644 sources/vpn.usr/postinstall/install/etc/openvpn/client-config/tsuhajda.conf create mode 100644 sources/vpn.usr/postinstall/install/etc/openvpn/client-config/zbartakovics.conf create mode 100644 sources/vpn.usr/postinstall/install/etc/openvpn/client-config/zfelleg.conf diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/client-config/akosztolanyi.conf b/sources/vpn.usr/postinstall/install/etc/openvpn/client-config/akosztolanyi.conf new file mode 100644 index 0000000..7e9233e --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/client-config/akosztolanyi.conf @@ -0,0 +1,238 @@ +############################################## +# Sample client-side OpenVPN 2.0 config file # +# for connecting to multi-client server. # +# # +# This configuration can be used by multiple # +# clients, however each client should have # +# its own cert and key files. # +# # +# On Windows, you might want to rename this # +# file so it has a .ovpn extension # +############################################## + +# Specify that we are a client and that we +# will be pulling certain config file directives +# from the server. +client + +# Use the same setting as you are using on +# the server. +# On most systems, the VPN will not function +# unless you partially or fully disable +# the firewall for the TUN/TAP interface. +;dev tap +dev tun + +# Windows needs the TAP-Win32 adapter name +# from the Network Connections panel +# if you have more than one. On XP SP2, +# you may need to disable the firewall +# for the TAP adapter. +;dev-node MyTap + +# Are we connecting to a TCP or +# UDP server? Use the same setting as +# on the server. +;proto tcp +proto udp + +# The hostname/IP and port of the server. +# You can have multiple remote entries +# to load balance between the servers. +remote vpn.userrendszerhaz.hu 1194 + +# Choose a random host from the remote +# list for load-balancing. Otherwise +# try hosts in the order specified. +;remote-random + +# Keep trying indefinitely to resolve the +# host name of the OpenVPN server. Very useful +# on machines which are not permanently connected +# to the internet such as laptops. +resolv-retry infinite + +# Most clients don't need to bind to +# a specific local port number. +nobind + +# Downgrade privileges after initialization (non-Windows only) +user nobody +group nobody + +# Try to preserve some state across restarts. +persist-key +persist-tun + +# If you are connecting through an +# HTTP proxy to reach the actual OpenVPN +# server, put the proxy server/IP and +# port number here. See the man page +# if your proxy server requires +# authentication. +;http-proxy-retry # retry on connection failures +;http-proxy [proxy server] [proxy port #] + +# Wireless networks often produce a lot +# of duplicate packets. Set this flag +# to silence duplicate packet warnings. +;mute-replay-warnings + +# SSL/TLS parms. +# See the server config file for more +# description. It's best to use +# a separate .crt/.key file pair +# for each client. A single ca +# file can be used for all clients. +;ca ca.crt +;cert client.crt +;key client.key + +# Verify server certificate by checking that the +# certicate has the correct key usage set. +# This is an important precaution to protect against +# a potential attack discussed here: +# http://openvpn.net/howto.html#mitm +# +# To use this feature, you will need to generate +# your server certificates with the keyUsage set to +# digitalSignature, keyEncipherment +# and the extendedKeyUsage to +# serverAuth +# EasyRSA can do this for you. +remote-cert-tls server + +# If a tls-auth key is used on the server +# then every client must also have the key. +;tls-auth ta.key 1 +key-direction 1 + +# Select a cryptographic cipher. +# If the cipher option is used on the server +# then you must also specify it here. +# Note that v2.4 client/server will automatically +# negotiate AES-256-GCM in TLS mode. +# See also the ncp-cipher option in the manpage +cipher AES-256-CBC + +# Enable compression on the VPN link. +# Don't enable this unless it is also +# enabled in the server config file. +#comp-lzo + +# Set log file verbosity. +verb 3 + +# Silence repeating messages +;mute 20 + + +-----BEGIN CERTIFICATE----- +MIICCDCCAY6gAwIBAgIUFpM3siy07jymSvRE5W3KA5SgaewwCgYIKoZIzj0EAwIw +GjEYMBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMB4XDTE5MDczMDEzMDQyMFoXDTI5 +MDcyNzEzMDQyMFowGjEYMBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMHYwEAYHKoZI +zj0CAQYFK4EEACIDYgAEf0Vp3WUOyNyNadbV0wXRxNws3Vfj0DtLOWS+PqHnpqQR +DDoiX0VgP22UPewYdBM0G+8rY69V7/T0I2c1MOxehEJpwzDtrPSwWFIYlovhrTm5 +aCXFWv7Emjc2lzff7796o4GUMIGRMB0GA1UdDgQWBBTbN0eikCKafCP5MWLoyV7R +ZUYZ1jBVBgNVHSMETjBMgBTbN0eikCKafCP5MWLoyV7RZUYZ1qEepBwwGjEYMBYG +A1UEAwwPVVNFUiBPcGVuVlBOIENBghQWkzeyLLTuPKZK9ETlbcoDlKBp7DAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqhkjOPQQDAgNoADBlAjEAhPooIL9r +CPdBnbm7odHvnvllUvR+iwwfcJSB17uV7Zt/XrobItEvMkrj1pBNz/OHAjAL+ktb +q0j0Zxzt35PA8oNPttbKNAUXT7KYSQ4KYstqX3NRvoXKOAj48p1IjkuUC3k= +-----END CERTIFICATE----- + + + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 26:84:6a:96:d0:db:00:70:3b:7d:c8:aa:d6:0a:5b:07 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=USER OpenVPN CA + Validity + Not Before: Jul 30 13:12:51 2019 GMT + Not After : Jul 14 13:12:51 2022 GMT + Subject: CN=akosztolanyi + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:97:d4:89:82:0c:1b:ad:c4:4b:dd:4c:19:a5:f5: + d8:3c:42:9d:d2:b0:0d:9e:6c:a6:a8:62:9a:bf:fd: + 78:9d:76:f4:02:ad:51:9f:97:12:59:bc:c1:a3:a0: + 17:35:76:2f:74:ea:b9:d3:72:4b:35:94:40:f3:7e: + b5:1c:af:51:d1:b4:d3:7a:69:3d:7f:1e:51:97:fe: + e3:4a:ec:01:c6:e9:89:e9:8e:b7:94:a3:72:12:6e: + 66:c5:a2:de:ad:27:e2 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + E9:6C:48:68:A1:BA:B9:7D:A3:9C:BF:89:F3:87:51:9B:B1:6C:9B:16 + X509v3 Authority Key Identifier: + keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6 + DirName:/CN=USER OpenVPN CA + serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:30:6c:e9:e9:01:19:c4:53:40:ff:e6:bb:36:1f:51: + cd:1f:40:88:1d:e2:b3:8d:61:48:5d:ec:de:f8:20:c1:21:b1: + 38:5e:0b:c3:f7:ae:9c:41:38:36:73:a0:06:b6:a4:55:02:31: + 00:cc:50:fa:3f:7a:6c:6b:90:bf:6a:c6:af:1e:94:88:b7:90: + 5d:b7:27:cf:b3:28:bc:ee:31:99:f0:9b:87:48:06:d2:6d:24: + f0:d1:ad:be:94:b8:22:64:63:0f:d0:2d:85 +-----BEGIN CERTIFICATE----- +MIICEzCCAZmgAwIBAgIQJoRqltDbAHA7fciq1gpbBzAKBggqhkjOPQQDAjAaMRgw +FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkwNzMwMTMxMjUxWhcNMjIwNzE0 +MTMxMjUxWjAXMRUwEwYDVQQDDAxha29zenRvbGFueWkwdjAQBgcqhkjOPQIBBgUr +gQQAIgNiAASX1ImCDButxEvdTBml9dg8Qp3SsA2ebKaoYpq//XiddvQCrVGflxJZ +vMGjoBc1di906rnTcks1lEDzfrUcr1HRtNN6aT1/HlGX/uNK7AHG6YnpjreUo3IS +bmbFot6tJ+KjgaYwgaMwCQYDVR0TBAIwADAdBgNVHQ4EFgQU6WxIaKG6uX2jnL+J +84dRm7FsmxYwVQYDVR0jBE4wTIAU2zdHopAimnwj+TFi6Mle0WVGGdahHqQcMBox +GDAWBgNVBAMMD1VTRVIgT3BlblZQTiBDQYIUFpM3siy07jymSvRE5W3KA5Sgaeww +EwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqGSM49BAMCA2gA +MGUCMGzp6QEZxFNA/+a7Nh9RzR9AiB3is41hSF3s3vggwSGxOF4Lw/eunEE4NnOg +BrakVQIxAMxQ+j96bGuQv2rGrx6UiLeQXbcnz7MovO4xmfCbh0gG0m0k8NGtvpS4 +ImRjD9AthQ== +-----END CERTIFICATE----- + + + +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDAAawl07oNQMZCfcl3T +oCd6VLq2esm4lDOpS6pk79zJuxrVrgWXWZ3DJdVPE939ZZyhZANiAASX1ImCDBut +xEvdTBml9dg8Qp3SsA2ebKaoYpq//XiddvQCrVGflxJZvMGjoBc1di906rnTcks1 +lEDzfrUcr1HRtNN6aT1/HlGX/uNK7AHG6YnpjreUo3ISbmbFot6tJ+I= +-----END PRIVATE KEY----- + + + +# +# 2048 bit OpenVPN static key +# +-----BEGIN OpenVPN Static key V1----- +ea8f1c83226838b22597668f903e9929 +6b77ff8cf2afd8d9f839344c47f85693 +d4280a82bc743e01159f17545f7d7e23 +1e91d5292c53c26c353618495b7a4013 +8df9a1de2a3278ea55ac22d1a85b11bb +b155df61c10e835b49b2960a52840aa1 +64ea57bc98da062b695e06e3aca108c8 +d755dbd543d0d816546d7647d326aaea +8e02195160d37f131ffe52a1f39c017e +69fcb995e6fab1ee7a64c8b5a3946faa +38613b3bdbdd95443a7ec3b17386dce9 +b070e4a7cb7ce59152a37985e8a7d881 +b2c1da898f177dba80e0b53e7bbf53c0 +c7431ebce43cfebc92fa4e4ac49a146c +84ae27231334ca1dac42dea1f964d48f +eb7313175e956356f6ecefd289864a1a +-----END OpenVPN Static key V1----- + diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/client-config/azsamboki.conf b/sources/vpn.usr/postinstall/install/etc/openvpn/client-config/azsamboki.conf new file mode 100644 index 0000000..8b2b93c --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/client-config/azsamboki.conf @@ -0,0 +1,238 @@ +############################################## +# Sample client-side OpenVPN 2.0 config file # +# for connecting to multi-client server. # +# # +# This configuration can be used by multiple # +# clients, however each client should have # +# its own cert and key files. # +# # +# On Windows, you might want to rename this # +# file so it has a .ovpn extension # +############################################## + +# Specify that we are a client and that we +# will be pulling certain config file directives +# from the server. +client + +# Use the same setting as you are using on +# the server. +# On most systems, the VPN will not function +# unless you partially or fully disable +# the firewall for the TUN/TAP interface. +;dev tap +dev tun + +# Windows needs the TAP-Win32 adapter name +# from the Network Connections panel +# if you have more than one. On XP SP2, +# you may need to disable the firewall +# for the TAP adapter. +;dev-node MyTap + +# Are we connecting to a TCP or +# UDP server? Use the same setting as +# on the server. +;proto tcp +proto udp + +# The hostname/IP and port of the server. +# You can have multiple remote entries +# to load balance between the servers. +remote vpn.userrendszerhaz.hu 1194 + +# Choose a random host from the remote +# list for load-balancing. Otherwise +# try hosts in the order specified. +;remote-random + +# Keep trying indefinitely to resolve the +# host name of the OpenVPN server. Very useful +# on machines which are not permanently connected +# to the internet such as laptops. +resolv-retry infinite + +# Most clients don't need to bind to +# a specific local port number. +nobind + +# Downgrade privileges after initialization (non-Windows only) +user nobody +group nobody + +# Try to preserve some state across restarts. +persist-key +persist-tun + +# If you are connecting through an +# HTTP proxy to reach the actual OpenVPN +# server, put the proxy server/IP and +# port number here. See the man page +# if your proxy server requires +# authentication. +;http-proxy-retry # retry on connection failures +;http-proxy [proxy server] [proxy port #] + +# Wireless networks often produce a lot +# of duplicate packets. Set this flag +# to silence duplicate packet warnings. +;mute-replay-warnings + +# SSL/TLS parms. +# See the server config file for more +# description. It's best to use +# a separate .crt/.key file pair +# for each client. A single ca +# file can be used for all clients. +;ca ca.crt +;cert client.crt +;key client.key + +# Verify server certificate by checking that the +# certicate has the correct key usage set. +# This is an important precaution to protect against +# a potential attack discussed here: +# http://openvpn.net/howto.html#mitm +# +# To use this feature, you will need to generate +# your server certificates with the keyUsage set to +# digitalSignature, keyEncipherment +# and the extendedKeyUsage to +# serverAuth +# EasyRSA can do this for you. +remote-cert-tls server + +# If a tls-auth key is used on the server +# then every client must also have the key. +;tls-auth ta.key 1 +key-direction 1 + +# Select a cryptographic cipher. +# If the cipher option is used on the server +# then you must also specify it here. +# Note that v2.4 client/server will automatically +# negotiate AES-256-GCM in TLS mode. +# See also the ncp-cipher option in the manpage +cipher AES-256-CBC + +# Enable compression on the VPN link. +# Don't enable this unless it is also +# enabled in the server config file. +#comp-lzo + +# Set log file verbosity. +verb 3 + +# Silence repeating messages +;mute 20 + + +-----BEGIN CERTIFICATE----- +MIICCDCCAY6gAwIBAgIUFpM3siy07jymSvRE5W3KA5SgaewwCgYIKoZIzj0EAwIw +GjEYMBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMB4XDTE5MDczMDEzMDQyMFoXDTI5 +MDcyNzEzMDQyMFowGjEYMBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMHYwEAYHKoZI +zj0CAQYFK4EEACIDYgAEf0Vp3WUOyNyNadbV0wXRxNws3Vfj0DtLOWS+PqHnpqQR +DDoiX0VgP22UPewYdBM0G+8rY69V7/T0I2c1MOxehEJpwzDtrPSwWFIYlovhrTm5 +aCXFWv7Emjc2lzff7796o4GUMIGRMB0GA1UdDgQWBBTbN0eikCKafCP5MWLoyV7R +ZUYZ1jBVBgNVHSMETjBMgBTbN0eikCKafCP5MWLoyV7RZUYZ1qEepBwwGjEYMBYG +A1UEAwwPVVNFUiBPcGVuVlBOIENBghQWkzeyLLTuPKZK9ETlbcoDlKBp7DAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqhkjOPQQDAgNoADBlAjEAhPooIL9r +CPdBnbm7odHvnvllUvR+iwwfcJSB17uV7Zt/XrobItEvMkrj1pBNz/OHAjAL+ktb +q0j0Zxzt35PA8oNPttbKNAUXT7KYSQ4KYstqX3NRvoXKOAj48p1IjkuUC3k= +-----END CERTIFICATE----- + + + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 29:f1:f8:31:17:93:d7:58:d5:ad:0e:ce:a7:26:70:33 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=USER OpenVPN CA + Validity + Not Before: Jul 30 13:13:11 2019 GMT + Not After : Jul 14 13:13:11 2022 GMT + Subject: CN=azsamboki + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:34:0d:f3:0e:e6:05:69:f3:24:7d:ef:19:0c:ce: + 04:bd:24:34:e3:8c:e5:2b:7e:3f:70:39:55:9b:2e: + 73:fa:c6:4e:44:42:95:69:82:13:85:98:63:5a:25: + dc:1c:b2:32:9c:97:01:b5:fb:c4:dd:59:05:8a:ab: + b6:c1:b2:13:03:0a:e3:8b:e7:ea:62:c1:71:1b:4f: + 20:74:9c:0b:df:46:56:6c:03:d5:8c:d8:4c:02:e9: + 6e:62:3a:1f:b3:0e:ba + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 19:A1:EF:03:DB:DF:4F:40:2A:FD:35:E0:C9:ED:DD:75:47:2F:32:1B + X509v3 Authority Key Identifier: + keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6 + DirName:/CN=USER OpenVPN CA + serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:31:00:d2:08:c6:1b:75:81:72:2e:c6:46:cd:47:11: + 2e:7c:3e:ba:e2:75:1c:8c:48:e1:4f:ac:61:5b:07:26:97:cc: + 0a:38:7f:0d:e4:63:35:c6:a5:8e:39:f3:4c:18:79:6d:0a:02: + 30:54:57:e5:dd:49:2b:8e:3e:89:ef:87:2f:d4:f4:ef:a3:95: + 2d:f5:87:5a:3a:1f:93:58:7d:c5:fe:9a:45:f1:8f:d1:44:13: + 30:b0:07:c0:b6:80:35:3f:b8:a8:96:c7:8c +-----BEGIN CERTIFICATE----- +MIICEDCCAZagAwIBAgIQKfH4MReT11jVrQ7OpyZwMzAKBggqhkjOPQQDAjAaMRgw +FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkwNzMwMTMxMzExWhcNMjIwNzE0 +MTMxMzExWjAUMRIwEAYDVQQDDAlhenNhbWJva2kwdjAQBgcqhkjOPQIBBgUrgQQA +IgNiAAQ0DfMO5gVp8yR97xkMzgS9JDTjjOUrfj9wOVWbLnP6xk5EQpVpghOFmGNa +JdwcsjKclwG1+8TdWQWKq7bBshMDCuOL5+piwXEbTyB0nAvfRlZsA9WM2EwC6W5i +Oh+zDrqjgaYwgaMwCQYDVR0TBAIwADAdBgNVHQ4EFgQUGaHvA9vfT0Aq/TXgye3d +dUcvMhswVQYDVR0jBE4wTIAU2zdHopAimnwj+TFi6Mle0WVGGdahHqQcMBoxGDAW +BgNVBAMMD1VTRVIgT3BlblZQTiBDQYIUFpM3siy07jymSvRE5W3KA5SgaewwEwYD +VR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqGSM49BAMCA2gAMGUC +MQDSCMYbdYFyLsZGzUcRLnw+uuJ1HIxI4U+sYVsHJpfMCjh/DeRjNcaljjnzTBh5 +bQoCMFRX5d1JK44+ie+HL9T076OVLfWHWjofk1h9xf6aRfGP0UQTMLAHwLaANT+4 +qJbHjA== +-----END CERTIFICATE----- + + + +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDVEmbLHw/XijB+525e +66kG1MP6JphJr44lPXVQvIujmajoE+MTm78fNuiGTdATr9uhZANiAAQ0DfMO5gVp +8yR97xkMzgS9JDTjjOUrfj9wOVWbLnP6xk5EQpVpghOFmGNaJdwcsjKclwG1+8Td +WQWKq7bBshMDCuOL5+piwXEbTyB0nAvfRlZsA9WM2EwC6W5iOh+zDro= +-----END PRIVATE KEY----- + + + +# +# 2048 bit OpenVPN static key +# +-----BEGIN OpenVPN Static key V1----- +ea8f1c83226838b22597668f903e9929 +6b77ff8cf2afd8d9f839344c47f85693 +d4280a82bc743e01159f17545f7d7e23 +1e91d5292c53c26c353618495b7a4013 +8df9a1de2a3278ea55ac22d1a85b11bb +b155df61c10e835b49b2960a52840aa1 +64ea57bc98da062b695e06e3aca108c8 +d755dbd543d0d816546d7647d326aaea +8e02195160d37f131ffe52a1f39c017e +69fcb995e6fab1ee7a64c8b5a3946faa +38613b3bdbdd95443a7ec3b17386dce9 +b070e4a7cb7ce59152a37985e8a7d881 +b2c1da898f177dba80e0b53e7bbf53c0 +c7431ebce43cfebc92fa4e4ac49a146c +84ae27231334ca1dac42dea1f964d48f +eb7313175e956356f6ecefd289864a1a +-----END OpenVPN Static key V1----- + diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/client-config/bcsoka.conf b/sources/vpn.usr/postinstall/install/etc/openvpn/client-config/bcsoka.conf new file mode 100644 index 0000000..35ac75d --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/client-config/bcsoka.conf @@ -0,0 +1,238 @@ +############################################## +# Sample client-side OpenVPN 2.0 config file # +# for connecting to multi-client server. # +# # +# This configuration can be used by multiple # +# clients, however each client should have # +# its own cert and key files. # +# # +# On Windows, you might want to rename this # +# file so it has a .ovpn extension # +############################################## + +# Specify that we are a client and that we +# will be pulling certain config file directives +# from the server. +client + +# Use the same setting as you are using on +# the server. +# On most systems, the VPN will not function +# unless you partially or fully disable +# the firewall for the TUN/TAP interface. +;dev tap +dev tun + +# Windows needs the TAP-Win32 adapter name +# from the Network Connections panel +# if you have more than one. On XP SP2, +# you may need to disable the firewall +# for the TAP adapter. +;dev-node MyTap + +# Are we connecting to a TCP or +# UDP server? Use the same setting as +# on the server. +;proto tcp +proto udp + +# The hostname/IP and port of the server. +# You can have multiple remote entries +# to load balance between the servers. +remote vpn.userrendszerhaz.hu 1194 + +# Choose a random host from the remote +# list for load-balancing. Otherwise +# try hosts in the order specified. +;remote-random + +# Keep trying indefinitely to resolve the +# host name of the OpenVPN server. Very useful +# on machines which are not permanently connected +# to the internet such as laptops. +resolv-retry infinite + +# Most clients don't need to bind to +# a specific local port number. +nobind + +# Downgrade privileges after initialization (non-Windows only) +user nobody +group nobody + +# Try to preserve some state across restarts. +persist-key +persist-tun + +# If you are connecting through an +# HTTP proxy to reach the actual OpenVPN +# server, put the proxy server/IP and +# port number here. See the man page +# if your proxy server requires +# authentication. +;http-proxy-retry # retry on connection failures +;http-proxy [proxy server] [proxy port #] + +# Wireless networks often produce a lot +# of duplicate packets. Set this flag +# to silence duplicate packet warnings. +;mute-replay-warnings + +# SSL/TLS parms. +# See the server config file for more +# description. It's best to use +# a separate .crt/.key file pair +# for each client. A single ca +# file can be used for all clients. +;ca ca.crt +;cert client.crt +;key client.key + +# Verify server certificate by checking that the +# certicate has the correct key usage set. +# This is an important precaution to protect against +# a potential attack discussed here: +# http://openvpn.net/howto.html#mitm +# +# To use this feature, you will need to generate +# your server certificates with the keyUsage set to +# digitalSignature, keyEncipherment +# and the extendedKeyUsage to +# serverAuth +# EasyRSA can do this for you. +remote-cert-tls server + +# If a tls-auth key is used on the server +# then every client must also have the key. +;tls-auth ta.key 1 +key-direction 1 + +# Select a cryptographic cipher. +# If the cipher option is used on the server +# then you must also specify it here. +# Note that v2.4 client/server will automatically +# negotiate AES-256-GCM in TLS mode. +# See also the ncp-cipher option in the manpage +cipher AES-256-CBC + +# Enable compression on the VPN link. +# Don't enable this unless it is also +# enabled in the server config file. +#comp-lzo + +# Set log file verbosity. +verb 3 + +# Silence repeating messages +;mute 20 + + +-----BEGIN CERTIFICATE----- +MIICCDCCAY6gAwIBAgIUFpM3siy07jymSvRE5W3KA5SgaewwCgYIKoZIzj0EAwIw +GjEYMBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMB4XDTE5MDczMDEzMDQyMFoXDTI5 +MDcyNzEzMDQyMFowGjEYMBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMHYwEAYHKoZI +zj0CAQYFK4EEACIDYgAEf0Vp3WUOyNyNadbV0wXRxNws3Vfj0DtLOWS+PqHnpqQR +DDoiX0VgP22UPewYdBM0G+8rY69V7/T0I2c1MOxehEJpwzDtrPSwWFIYlovhrTm5 +aCXFWv7Emjc2lzff7796o4GUMIGRMB0GA1UdDgQWBBTbN0eikCKafCP5MWLoyV7R +ZUYZ1jBVBgNVHSMETjBMgBTbN0eikCKafCP5MWLoyV7RZUYZ1qEepBwwGjEYMBYG +A1UEAwwPVVNFUiBPcGVuVlBOIENBghQWkzeyLLTuPKZK9ETlbcoDlKBp7DAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqhkjOPQQDAgNoADBlAjEAhPooIL9r +CPdBnbm7odHvnvllUvR+iwwfcJSB17uV7Zt/XrobItEvMkrj1pBNz/OHAjAL+ktb +q0j0Zxzt35PA8oNPttbKNAUXT7KYSQ4KYstqX3NRvoXKOAj48p1IjkuUC3k= +-----END CERTIFICATE----- + + + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 46:6e:f0:8c:89:77:64:34:62:2c:ea:be:e1:df:93:68 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=USER OpenVPN CA + Validity + Not Before: Jul 30 13:13:22 2019 GMT + Not After : Jul 14 13:13:22 2022 GMT + Subject: CN=bcsoka + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:a7:95:bf:6c:8e:0f:34:9c:ca:14:8b:33:4d:80: + 55:98:1e:10:c3:e9:84:7f:72:4d:f2:61:68:70:59: + c7:6f:6d:02:c4:22:cf:58:80:e7:35:18:6e:ee:11: + fe:29:01:c3:ea:79:85:83:e6:0c:6f:c5:d8:7f:9f: + d5:55:27:7b:a8:17:14:2d:94:e5:c4:a4:9f:ac:b8: + 38:02:c0:41:5a:1a:8a:63:e5:c3:52:27:62:57:0b: + 14:6b:36:cc:8e:51:3f + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 5A:57:D9:73:6A:27:49:66:7D:18:9E:2A:96:1F:4C:49:7E:AD:9C:15 + X509v3 Authority Key Identifier: + keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6 + DirName:/CN=USER OpenVPN CA + serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:30:2b:52:16:40:fb:43:11:6a:9a:45:62:58:5b:f5: + 19:34:3f:32:fe:f7:d0:82:4a:32:98:61:0f:22:22:99:9a:16: + b3:94:79:46:fe:a2:7a:9c:9a:86:a6:31:4e:72:f4:54:02:31: + 00:94:2c:a6:21:e6:78:73:3e:d9:93:89:c6:72:72:8e:1d:17: + 87:07:27:22:2c:5d:2c:00:f1:38:1f:17:fb:0e:c1:c9:52:80: + 52:ba:1c:79:93:69:c1:59:0e:f0:a0:cd:76 +-----BEGIN CERTIFICATE----- +MIICDTCCAZOgAwIBAgIQRm7wjIl3ZDRiLOq+4d+TaDAKBggqhkjOPQQDAjAaMRgw +FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkwNzMwMTMxMzIyWhcNMjIwNzE0 +MTMxMzIyWjARMQ8wDQYDVQQDDAZiY3Nva2EwdjAQBgcqhkjOPQIBBgUrgQQAIgNi +AASnlb9sjg80nMoUizNNgFWYHhDD6YR/ck3yYWhwWcdvbQLEIs9YgOc1GG7uEf4p +AcPqeYWD5gxvxdh/n9VVJ3uoFxQtlOXEpJ+suDgCwEFaGopj5cNSJ2JXCxRrNsyO +UT+jgaYwgaMwCQYDVR0TBAIwADAdBgNVHQ4EFgQUWlfZc2onSWZ9GJ4qlh9MSX6t +nBUwVQYDVR0jBE4wTIAU2zdHopAimnwj+TFi6Mle0WVGGdahHqQcMBoxGDAWBgNV +BAMMD1VTRVIgT3BlblZQTiBDQYIUFpM3siy07jymSvRE5W3KA5SgaewwEwYDVR0l +BAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqGSM49BAMCA2gAMGUCMCtS +FkD7QxFqmkViWFv1GTQ/Mv730IJKMphhDyIimZoWs5R5Rv6iepyahqYxTnL0VAIx +AJQspiHmeHM+2ZOJxnJyjh0XhwcnIixdLADxOB8X+w7ByVKAUroceZNpwVkO8KDN +dg== +-----END CERTIFICATE----- + + + +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDW2V2Xoel5TxZHAr05 +sZS3frZowpcmgSGHc5yQagP0O0qR6qZFC78bee0wsOy/fG2hZANiAASnlb9sjg80 +nMoUizNNgFWYHhDD6YR/ck3yYWhwWcdvbQLEIs9YgOc1GG7uEf4pAcPqeYWD5gxv +xdh/n9VVJ3uoFxQtlOXEpJ+suDgCwEFaGopj5cNSJ2JXCxRrNsyOUT8= +-----END PRIVATE KEY----- + + + +# +# 2048 bit OpenVPN static key +# +-----BEGIN OpenVPN Static key V1----- +ea8f1c83226838b22597668f903e9929 +6b77ff8cf2afd8d9f839344c47f85693 +d4280a82bc743e01159f17545f7d7e23 +1e91d5292c53c26c353618495b7a4013 +8df9a1de2a3278ea55ac22d1a85b11bb +b155df61c10e835b49b2960a52840aa1 +64ea57bc98da062b695e06e3aca108c8 +d755dbd543d0d816546d7647d326aaea +8e02195160d37f131ffe52a1f39c017e +69fcb995e6fab1ee7a64c8b5a3946faa +38613b3bdbdd95443a7ec3b17386dce9 +b070e4a7cb7ce59152a37985e8a7d881 +b2c1da898f177dba80e0b53e7bbf53c0 +c7431ebce43cfebc92fa4e4ac49a146c +84ae27231334ca1dac42dea1f964d48f +eb7313175e956356f6ecefd289864a1a +-----END OpenVPN Static key V1----- + diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/client-config/bme.conf b/sources/vpn.usr/postinstall/install/etc/openvpn/client-config/bme.conf new file mode 100644 index 0000000..9ce297e --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/client-config/bme.conf @@ -0,0 +1,237 @@ +############################################## +# Sample client-side OpenVPN 2.0 config file # +# for connecting to multi-client server. # +# # +# This configuration can be used by multiple # +# clients, however each client should have # +# its own cert and key files. # +# # +# On Windows, you might want to rename this # +# file so it has a .ovpn extension # +############################################## + +# Specify that we are a client and that we +# will be pulling certain config file directives +# from the server. +client + +# Use the same setting as you are using on +# the server. +# On most systems, the VPN will not function +# unless you partially or fully disable +# the firewall for the TUN/TAP interface. +;dev tap +dev tun + +# Windows needs the TAP-Win32 adapter name +# from the Network Connections panel +# if you have more than one. On XP SP2, +# you may need to disable the firewall +# for the TAP adapter. +;dev-node MyTap + +# Are we connecting to a TCP or +# UDP server? Use the same setting as +# on the server. +;proto tcp +proto udp + +# The hostname/IP and port of the server. +# You can have multiple remote entries +# to load balance between the servers. +remote vpn.userrendszerhaz.hu 1194 + +# Choose a random host from the remote +# list for load-balancing. Otherwise +# try hosts in the order specified. +;remote-random + +# Keep trying indefinitely to resolve the +# host name of the OpenVPN server. Very useful +# on machines which are not permanently connected +# to the internet such as laptops. +resolv-retry infinite + +# Most clients don't need to bind to +# a specific local port number. +nobind + +# Downgrade privileges after initialization (non-Windows only) +user nobody +group nobody + +# Try to preserve some state across restarts. +persist-key +persist-tun + +# If you are connecting through an +# HTTP proxy to reach the actual OpenVPN +# server, put the proxy server/IP and +# port number here. See the man page +# if your proxy server requires +# authentication. +;http-proxy-retry # retry on connection failures +;http-proxy [proxy server] [proxy port #] + +# Wireless networks often produce a lot +# of duplicate packets. Set this flag +# to silence duplicate packet warnings. +;mute-replay-warnings + +# SSL/TLS parms. +# See the server config file for more +# description. It's best to use +# a separate .crt/.key file pair +# for each client. A single ca +# file can be used for all clients. +;ca ca.crt +;cert client.crt +;key client.key + +# Verify server certificate by checking that the +# certicate has the correct key usage set. +# This is an important precaution to protect against +# a potential attack discussed here: +# http://openvpn.net/howto.html#mitm +# +# To use this feature, you will need to generate +# your server certificates with the keyUsage set to +# digitalSignature, keyEncipherment +# and the extendedKeyUsage to +# serverAuth +# EasyRSA can do this for you. +remote-cert-tls server + +# If a tls-auth key is used on the server +# then every client must also have the key. +;tls-auth ta.key 1 +key-direction 1 + +# Select a cryptographic cipher. +# If the cipher option is used on the server +# then you must also specify it here. +# Note that v2.4 client/server will automatically +# negotiate AES-256-GCM in TLS mode. +# See also the ncp-cipher option in the manpage +cipher AES-256-CBC + +# Enable compression on the VPN link. +# Don't enable this unless it is also +# enabled in the server config file. +#comp-lzo + +# Set log file verbosity. +verb 3 + +# Silence repeating messages +;mute 20 + + +-----BEGIN CERTIFICATE----- +MIICCDCCAY6gAwIBAgIUFpM3siy07jymSvRE5W3KA5SgaewwCgYIKoZIzj0EAwIw +GjEYMBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMB4XDTE5MDczMDEzMDQyMFoXDTI5 +MDcyNzEzMDQyMFowGjEYMBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMHYwEAYHKoZI +zj0CAQYFK4EEACIDYgAEf0Vp3WUOyNyNadbV0wXRxNws3Vfj0DtLOWS+PqHnpqQR +DDoiX0VgP22UPewYdBM0G+8rY69V7/T0I2c1MOxehEJpwzDtrPSwWFIYlovhrTm5 +aCXFWv7Emjc2lzff7796o4GUMIGRMB0GA1UdDgQWBBTbN0eikCKafCP5MWLoyV7R +ZUYZ1jBVBgNVHSMETjBMgBTbN0eikCKafCP5MWLoyV7RZUYZ1qEepBwwGjEYMBYG +A1UEAwwPVVNFUiBPcGVuVlBOIENBghQWkzeyLLTuPKZK9ETlbcoDlKBp7DAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqhkjOPQQDAgNoADBlAjEAhPooIL9r +CPdBnbm7odHvnvllUvR+iwwfcJSB17uV7Zt/XrobItEvMkrj1pBNz/OHAjAL+ktb +q0j0Zxzt35PA8oNPttbKNAUXT7KYSQ4KYstqX3NRvoXKOAj48p1IjkuUC3k= +-----END CERTIFICATE----- + + + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 6c:ec:ac:4a:d5:4f:bc:03:e4:72:a5:9b:07:27:af:32 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=USER OpenVPN CA + Validity + Not Before: Oct 8 08:57:29 2019 GMT + Not After : Sep 22 08:57:29 2022 GMT + Subject: CN=bme + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:86:d3:5d:6e:be:3e:91:90:d7:a3:2c:d2:6a:2a: + 4f:bb:cd:52:4e:46:5b:1b:60:f0:cb:aa:5b:b4:88: + 71:f4:71:00:e4:b8:cb:74:ce:b8:9d:c1:fd:5c:69: + a7:28:66:21:43:11:4a:35:06:cb:1c:57:0b:37:9b: + f1:2f:78:2a:d2:1d:01:49:66:71:25:74:74:0e:be: + 93:75:40:6c:cb:0a:81:0e:23:7c:b7:f9:9b:e1:d0: + c4:d2:1c:6d:da:ca:f2 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + F9:F8:F4:23:C5:01:A0:4F:6A:66:BB:D9:A0:AB:2E:5A:4D:05:10:96 + X509v3 Authority Key Identifier: + keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6 + DirName:/CN=USER OpenVPN CA + serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:64:02:30:1c:97:83:ea:9d:3f:9e:9b:99:26:1f:42:df:01: + b0:d5:33:0b:b5:40:9d:be:20:1c:c2:ef:ab:7e:1b:14:d6:72: + e2:43:19:6c:ec:2b:db:cf:ab:bf:21:27:2e:4f:0f:80:02:30: + 7e:e7:f7:c3:21:78:67:a5:71:7b:cb:45:cd:6f:8c:07:36:de: + fb:77:0a:08:f6:c7:3b:06:eb:f8:37:f0:2c:06:6b:c6:2a:95: + 0c:02:e4:87:34:ee:f9:af:93:27:b1:b5 +-----BEGIN CERTIFICATE----- +MIICCTCCAZCgAwIBAgIQbOysStVPvAPkcqWbByevMjAKBggqhkjOPQQDAjAaMRgw +FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkxMDA4MDg1NzI5WhcNMjIwOTIy +MDg1NzI5WjAOMQwwCgYDVQQDDANibWUwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASG +011uvj6RkNejLNJqKk+7zVJORlsbYPDLqlu0iHH0cQDkuMt0zridwf1caacoZiFD +EUo1BsscVws3m/EveCrSHQFJZnEldHQOvpN1QGzLCoEOI3y3+Zvh0MTSHG3ayvKj +gaYwgaMwCQYDVR0TBAIwADAdBgNVHQ4EFgQU+fj0I8UBoE9qZrvZoKsuWk0FEJYw +VQYDVR0jBE4wTIAU2zdHopAimnwj+TFi6Mle0WVGGdahHqQcMBoxGDAWBgNVBAMM +D1VTRVIgT3BlblZQTiBDQYIUFpM3siy07jymSvRE5W3KA5SgaewwEwYDVR0lBAww +CgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqGSM49BAMCA2cAMGQCMByXg+qd +P56bmSYfQt8BsNUzC7VAnb4gHMLvq34bFNZy4kMZbOwr28+rvyEnLk8PgAIwfuf3 +wyF4Z6Vxe8tFzW+MBzbe+3cKCPbHOwbr+DfwLAZrxiqVDALkhzTu+a+TJ7G1 +-----END CERTIFICATE----- + + + +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDGOiNJILhTWN7SPHdY +gpwEUN8RoQ0ZNV1vZGV8yKqoQbfc58QwZ7b1HLT95z79oeuhZANiAASG011uvj6R +kNejLNJqKk+7zVJORlsbYPDLqlu0iHH0cQDkuMt0zridwf1caacoZiFDEUo1Bssc +Vws3m/EveCrSHQFJZnEldHQOvpN1QGzLCoEOI3y3+Zvh0MTSHG3ayvI= +-----END PRIVATE KEY----- + + + +# +# 2048 bit OpenVPN static key +# +-----BEGIN OpenVPN Static key V1----- +ea8f1c83226838b22597668f903e9929 +6b77ff8cf2afd8d9f839344c47f85693 +d4280a82bc743e01159f17545f7d7e23 +1e91d5292c53c26c353618495b7a4013 +8df9a1de2a3278ea55ac22d1a85b11bb +b155df61c10e835b49b2960a52840aa1 +64ea57bc98da062b695e06e3aca108c8 +d755dbd543d0d816546d7647d326aaea +8e02195160d37f131ffe52a1f39c017e +69fcb995e6fab1ee7a64c8b5a3946faa +38613b3bdbdd95443a7ec3b17386dce9 +b070e4a7cb7ce59152a37985e8a7d881 +b2c1da898f177dba80e0b53e7bbf53c0 +c7431ebce43cfebc92fa4e4ac49a146c +84ae27231334ca1dac42dea1f964d48f +eb7313175e956356f6ecefd289864a1a +-----END OpenVPN Static key V1----- + diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/client-config/csgulyas.conf b/sources/vpn.usr/postinstall/install/etc/openvpn/client-config/csgulyas.conf new file mode 100644 index 0000000..54e3d04 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/client-config/csgulyas.conf @@ -0,0 +1,238 @@ +############################################## +# Sample client-side OpenVPN 2.0 config file # +# for connecting to multi-client server. # +# # +# This configuration can be used by multiple # +# clients, however each client should have # +# its own cert and key files. # +# # +# On Windows, you might want to rename this # +# file so it has a .ovpn extension # +############################################## + +# Specify that we are a client and that we +# will be pulling certain config file directives +# from the server. +client + +# Use the same setting as you are using on +# the server. +# On most systems, the VPN will not function +# unless you partially or fully disable +# the firewall for the TUN/TAP interface. +;dev tap +dev tun + +# Windows needs the TAP-Win32 adapter name +# from the Network Connections panel +# if you have more than one. On XP SP2, +# you may need to disable the firewall +# for the TAP adapter. +;dev-node MyTap + +# Are we connecting to a TCP or +# UDP server? Use the same setting as +# on the server. +;proto tcp +proto udp + +# The hostname/IP and port of the server. +# You can have multiple remote entries +# to load balance between the servers. +remote vpn.userrendszerhaz.hu 1194 + +# Choose a random host from the remote +# list for load-balancing. Otherwise +# try hosts in the order specified. +;remote-random + +# Keep trying indefinitely to resolve the +# host name of the OpenVPN server. Very useful +# on machines which are not permanently connected +# to the internet such as laptops. +resolv-retry infinite + +# Most clients don't need to bind to +# a specific local port number. +nobind + +# Downgrade privileges after initialization (non-Windows only) +user nobody +group nobody + +# Try to preserve some state across restarts. +persist-key +persist-tun + +# If you are connecting through an +# HTTP proxy to reach the actual OpenVPN +# server, put the proxy server/IP and +# port number here. See the man page +# if your proxy server requires +# authentication. +;http-proxy-retry # retry on connection failures +;http-proxy [proxy server] [proxy port #] + +# Wireless networks often produce a lot +# of duplicate packets. Set this flag +# to silence duplicate packet warnings. +;mute-replay-warnings + +# SSL/TLS parms. +# See the server config file for more +# description. It's best to use +# a separate .crt/.key file pair +# for each client. A single ca +# file can be used for all clients. +;ca ca.crt +;cert client.crt +;key client.key + +# Verify server certificate by checking that the +# certicate has the correct key usage set. +# This is an important precaution to protect against +# a potential attack discussed here: +# http://openvpn.net/howto.html#mitm +# +# To use this feature, you will need to generate +# your server certificates with the keyUsage set to +# digitalSignature, keyEncipherment +# and the extendedKeyUsage to +# serverAuth +# EasyRSA can do this for you. +remote-cert-tls server + +# If a tls-auth key is used on the server +# then every client must also have the key. +;tls-auth ta.key 1 +key-direction 1 + +# Select a cryptographic cipher. +# If the cipher option is used on the server +# then you must also specify it here. +# Note that v2.4 client/server will automatically +# negotiate AES-256-GCM in TLS mode. +# See also the ncp-cipher option in the manpage +cipher AES-256-CBC + +# Enable compression on the VPN link. +# Don't enable this unless it is also +# enabled in the server config file. +#comp-lzo + +# Set log file verbosity. +verb 3 + +# Silence repeating messages +;mute 20 + + +-----BEGIN CERTIFICATE----- +MIICCDCCAY6gAwIBAgIUFpM3siy07jymSvRE5W3KA5SgaewwCgYIKoZIzj0EAwIw +GjEYMBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMB4XDTE5MDczMDEzMDQyMFoXDTI5 +MDcyNzEzMDQyMFowGjEYMBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMHYwEAYHKoZI +zj0CAQYFK4EEACIDYgAEf0Vp3WUOyNyNadbV0wXRxNws3Vfj0DtLOWS+PqHnpqQR +DDoiX0VgP22UPewYdBM0G+8rY69V7/T0I2c1MOxehEJpwzDtrPSwWFIYlovhrTm5 +aCXFWv7Emjc2lzff7796o4GUMIGRMB0GA1UdDgQWBBTbN0eikCKafCP5MWLoyV7R +ZUYZ1jBVBgNVHSMETjBMgBTbN0eikCKafCP5MWLoyV7RZUYZ1qEepBwwGjEYMBYG +A1UEAwwPVVNFUiBPcGVuVlBOIENBghQWkzeyLLTuPKZK9ETlbcoDlKBp7DAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqhkjOPQQDAgNoADBlAjEAhPooIL9r +CPdBnbm7odHvnvllUvR+iwwfcJSB17uV7Zt/XrobItEvMkrj1pBNz/OHAjAL+ktb +q0j0Zxzt35PA8oNPttbKNAUXT7KYSQ4KYstqX3NRvoXKOAj48p1IjkuUC3k= +-----END CERTIFICATE----- + + + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + a1:74:ec:e4:d9:52:56:fa:d7:ad:43:1c:5e:3a:e2:84 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=USER OpenVPN CA + Validity + Not Before: Jul 30 13:13:36 2019 GMT + Not After : Jul 14 13:13:36 2022 GMT + Subject: CN=csgulyas + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:82:03:91:ad:e7:76:b7:8d:51:86:6d:cc:e3:15: + 91:6c:ac:31:e7:6d:e1:44:0d:c3:29:95:7c:5e:e1: + e8:37:aa:00:f6:47:74:18:e7:28:90:95:16:6c:08: + e2:9f:d7:24:55:46:22:1c:19:9f:06:4b:9b:8e:96: + 4b:5d:bb:c0:ad:35:5a:06:73:10:36:32:1d:89:e6: + b1:9e:f3:62:0d:8f:85:70:72:4c:48:4a:47:f0:fa: + eb:f6:7b:9c:7f:a8:7a + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 7E:44:12:28:E0:31:C6:7D:40:5A:E4:D5:86:5D:90:10:CC:14:12:33 + X509v3 Authority Key Identifier: + keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6 + DirName:/CN=USER OpenVPN CA + serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:30:2c:e3:e6:64:cd:43:ae:4a:9c:d7:40:66:cb:b2: + 1e:90:c3:97:17:32:f8:df:62:fd:54:32:d3:85:ee:bb:71:5e: + 4a:e2:23:ea:a4:cb:75:3a:72:ac:ca:f6:1b:f5:6b:57:02:31: + 00:e7:0a:38:06:b4:97:17:2c:f3:76:cc:aa:1e:6e:8d:be:12: + 7e:0a:ef:d6:34:fa:42:37:e1:6d:d3:bb:1f:75:39:a3:c5:40: + 32:37:7e:ba:c1:18:d4:cb:1b:55:62:ad:1b +-----BEGIN CERTIFICATE----- +MIICEDCCAZagAwIBAgIRAKF07OTZUlb6161DHF464oQwCgYIKoZIzj0EAwIwGjEY +MBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMB4XDTE5MDczMDEzMTMzNloXDTIyMDcx +NDEzMTMzNlowEzERMA8GA1UEAwwIY3NndWx5YXMwdjAQBgcqhkjOPQIBBgUrgQQA +IgNiAASCA5Gt53a3jVGGbczjFZFsrDHnbeFEDcMplXxe4eg3qgD2R3QY5yiQlRZs +COKf1yRVRiIcGZ8GS5uOlktdu8CtNVoGcxA2Mh2J5rGe82INj4VwckxISkfw+uv2 +e5x/qHqjgaYwgaMwCQYDVR0TBAIwADAdBgNVHQ4EFgQUfkQSKOAxxn1AWuTVhl2Q +EMwUEjMwVQYDVR0jBE4wTIAU2zdHopAimnwj+TFi6Mle0WVGGdahHqQcMBoxGDAW +BgNVBAMMD1VTRVIgT3BlblZQTiBDQYIUFpM3siy07jymSvRE5W3KA5SgaewwEwYD +VR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqGSM49BAMCA2gAMGUC +MCzj5mTNQ65KnNdAZsuyHpDDlxcy+N9i/VQy04Xuu3FeSuIj6qTLdTpyrMr2G/Vr +VwIxAOcKOAa0lxcs83bMqh5ujb4Sfgrv1jT6QjfhbdO7H3U5o8VAMjd+usEY1Msb +VWKtGw== +-----END CERTIFICATE----- + + + +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDByGpeF+ILcYFWX4cH9 +SxRUvZUkSb1ejVW5jVjfr8UyyfDaAR35ZNCZ1JLgdSWC0g2hZANiAASCA5Gt53a3 +jVGGbczjFZFsrDHnbeFEDcMplXxe4eg3qgD2R3QY5yiQlRZsCOKf1yRVRiIcGZ8G +S5uOlktdu8CtNVoGcxA2Mh2J5rGe82INj4VwckxISkfw+uv2e5x/qHo= +-----END PRIVATE KEY----- + + + +# +# 2048 bit OpenVPN static key +# +-----BEGIN OpenVPN Static key V1----- +ea8f1c83226838b22597668f903e9929 +6b77ff8cf2afd8d9f839344c47f85693 +d4280a82bc743e01159f17545f7d7e23 +1e91d5292c53c26c353618495b7a4013 +8df9a1de2a3278ea55ac22d1a85b11bb +b155df61c10e835b49b2960a52840aa1 +64ea57bc98da062b695e06e3aca108c8 +d755dbd543d0d816546d7647d326aaea +8e02195160d37f131ffe52a1f39c017e +69fcb995e6fab1ee7a64c8b5a3946faa +38613b3bdbdd95443a7ec3b17386dce9 +b070e4a7cb7ce59152a37985e8a7d881 +b2c1da898f177dba80e0b53e7bbf53c0 +c7431ebce43cfebc92fa4e4ac49a146c +84ae27231334ca1dac42dea1f964d48f +eb7313175e956356f6ecefd289864a1a +-----END OpenVPN Static key V1----- + diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/client-config/cslevai.conf b/sources/vpn.usr/postinstall/install/etc/openvpn/client-config/cslevai.conf new file mode 100644 index 0000000..8de8157 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/client-config/cslevai.conf @@ -0,0 +1,238 @@ +############################################## +# Sample client-side OpenVPN 2.0 config file # +# for connecting to multi-client server. # +# # +# This configuration can be used by multiple # +# clients, however each client should have # +# its own cert and key files. # +# # +# On Windows, you might want to rename this # +# file so it has a .ovpn extension # +############################################## + +# Specify that we are a client and that we +# will be pulling certain config file directives +# from the server. +client + +# Use the same setting as you are using on +# the server. +# On most systems, the VPN will not function +# unless you partially or fully disable +# the firewall for the TUN/TAP interface. +;dev tap +dev tun + +# Windows needs the TAP-Win32 adapter name +# from the Network Connections panel +# if you have more than one. On XP SP2, +# you may need to disable the firewall +# for the TAP adapter. +;dev-node MyTap + +# Are we connecting to a TCP or +# UDP server? Use the same setting as +# on the server. +;proto tcp +proto udp + +# The hostname/IP and port of the server. +# You can have multiple remote entries +# to load balance between the servers. +remote vpn.userrendszerhaz.hu 1194 + +# Choose a random host from the remote +# list for load-balancing. Otherwise +# try hosts in the order specified. +;remote-random + +# Keep trying indefinitely to resolve the +# host name of the OpenVPN server. Very useful +# on machines which are not permanently connected +# to the internet such as laptops. +resolv-retry infinite + +# Most clients don't need to bind to +# a specific local port number. +nobind + +# Downgrade privileges after initialization (non-Windows only) +user nobody +group nobody + +# Try to preserve some state across restarts. +persist-key +persist-tun + +# If you are connecting through an +# HTTP proxy to reach the actual OpenVPN +# server, put the proxy server/IP and +# port number here. See the man page +# if your proxy server requires +# authentication. +;http-proxy-retry # retry on connection failures +;http-proxy [proxy server] [proxy port #] + +# Wireless networks often produce a lot +# of duplicate packets. Set this flag +# to silence duplicate packet warnings. +;mute-replay-warnings + +# SSL/TLS parms. +# See the server config file for more +# description. It's best to use +# a separate .crt/.key file pair +# for each client. A single ca +# file can be used for all clients. +;ca ca.crt +;cert client.crt +;key client.key + +# Verify server certificate by checking that the +# certicate has the correct key usage set. +# This is an important precaution to protect against +# a potential attack discussed here: +# http://openvpn.net/howto.html#mitm +# +# To use this feature, you will need to generate +# your server certificates with the keyUsage set to +# digitalSignature, keyEncipherment +# and the extendedKeyUsage to +# serverAuth +# EasyRSA can do this for you. +remote-cert-tls server + +# If a tls-auth key is used on the server +# then every client must also have the key. +;tls-auth ta.key 1 +key-direction 1 + +# Select a cryptographic cipher. +# If the cipher option is used on the server +# then you must also specify it here. +# Note that v2.4 client/server will automatically +# negotiate AES-256-GCM in TLS mode. +# See also the ncp-cipher option in the manpage +cipher AES-256-CBC + +# Enable compression on the VPN link. +# Don't enable this unless it is also +# enabled in the server config file. +#comp-lzo + +# Set log file verbosity. +verb 3 + +# Silence repeating messages +;mute 20 + + +-----BEGIN CERTIFICATE----- +MIICCDCCAY6gAwIBAgIUFpM3siy07jymSvRE5W3KA5SgaewwCgYIKoZIzj0EAwIw +GjEYMBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMB4XDTE5MDczMDEzMDQyMFoXDTI5 +MDcyNzEzMDQyMFowGjEYMBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMHYwEAYHKoZI +zj0CAQYFK4EEACIDYgAEf0Vp3WUOyNyNadbV0wXRxNws3Vfj0DtLOWS+PqHnpqQR +DDoiX0VgP22UPewYdBM0G+8rY69V7/T0I2c1MOxehEJpwzDtrPSwWFIYlovhrTm5 +aCXFWv7Emjc2lzff7796o4GUMIGRMB0GA1UdDgQWBBTbN0eikCKafCP5MWLoyV7R +ZUYZ1jBVBgNVHSMETjBMgBTbN0eikCKafCP5MWLoyV7RZUYZ1qEepBwwGjEYMBYG +A1UEAwwPVVNFUiBPcGVuVlBOIENBghQWkzeyLLTuPKZK9ETlbcoDlKBp7DAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqhkjOPQQDAgNoADBlAjEAhPooIL9r +CPdBnbm7odHvnvllUvR+iwwfcJSB17uV7Zt/XrobItEvMkrj1pBNz/OHAjAL+ktb +q0j0Zxzt35PA8oNPttbKNAUXT7KYSQ4KYstqX3NRvoXKOAj48p1IjkuUC3k= +-----END CERTIFICATE----- + + + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 12:23:21:70:b0:f9:e3:c1:fe:60:d8:6e:ec:97:35:12 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=USER OpenVPN CA + Validity + Not Before: Jul 30 13:13:49 2019 GMT + Not After : Jul 14 13:13:49 2022 GMT + Subject: CN=cslevai + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:4b:d4:e1:4f:a7:5b:1e:c4:7d:40:27:19:de:bc: + cc:78:6b:5a:86:13:48:c4:c0:40:09:4e:1d:cd:b4: + f0:8d:14:2e:44:7c:8e:2d:7b:75:27:00:c4:9b:5c: + 71:1d:35:ff:f6:91:01:e2:3f:22:4d:f4:59:45:e4: + 85:61:a2:30:bb:7f:8e:7f:86:db:79:7a:da:61:00: + 72:3d:60:0b:3a:7b:d3:8e:43:d5:21:f9:e5:ef:01: + 02:48:0e:aa:07:e0:df + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + A5:71:47:49:34:D9:70:4C:8E:A6:06:51:69:AC:4D:2F:61:9F:3F:D2 + X509v3 Authority Key Identifier: + keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6 + DirName:/CN=USER OpenVPN CA + serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:64:02:30:79:11:b6:e8:91:42:c8:db:cd:fa:27:07:1d:5b: + cc:9f:b2:f3:d2:0f:79:7f:7e:83:3a:e9:4b:86:a0:ba:c1:10: + 9a:87:21:f0:2c:26:e9:c5:fc:fc:7c:6c:45:79:29:d3:02:30: + 0b:74:ab:68:f6:25:3f:d3:2b:eb:a9:13:1d:3d:b1:a8:80:9c: + 1f:8f:6f:de:de:2f:a7:7f:ad:5a:a5:18:29:05:99:65:5f:63: + 50:31:6e:78:90:e6:12:3e:83:f1:d8:b0 +-----BEGIN CERTIFICATE----- +MIICDTCCAZSgAwIBAgIQEiMhcLD548H+YNhu7Jc1EjAKBggqhkjOPQQDAjAaMRgw +FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkwNzMwMTMxMzQ5WhcNMjIwNzE0 +MTMxMzQ5WjASMRAwDgYDVQQDDAdjc2xldmFpMHYwEAYHKoZIzj0CAQYFK4EEACID +YgAES9ThT6dbHsR9QCcZ3rzMeGtahhNIxMBACU4dzbTwjRQuRHyOLXt1JwDEm1xx +HTX/9pEB4j8iTfRZReSFYaIwu3+Of4bbeXraYQByPWALOnvTjkPVIfnl7wECSA6q +B+Dfo4GmMIGjMAkGA1UdEwQCMAAwHQYDVR0OBBYEFKVxR0k02XBMjqYGUWmsTS9h +nz/SMFUGA1UdIwROMEyAFNs3R6KQIpp8I/kxYujJXtFlRhnWoR6kHDAaMRgwFgYD +VQQDDA9VU0VSIE9wZW5WUE4gQ0GCFBaTN7IstO48pkr0ROVtygOUoGnsMBMGA1Ud +JQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAKBggqhkjOPQQDAgNnADBkAjB5 +EbbokULI2836JwcdW8yfsvPSD3l/foM66UuGoLrBEJqHIfAsJunF/Px8bEV5KdMC +MAt0q2j2JT/TK+upEx09saiAnB+Pb97eL6d/rVqlGCkFmWVfY1AxbniQ5hI+g/HY +sA== +-----END CERTIFICATE----- + + + +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBcc3FEyoXLKwyy5rTO +jo9SMOdGwdkwZFGBHDUYB65z/JrmvW6ArIv/XuYS3eCOg3mhZANiAARL1OFPp1se +xH1AJxnevMx4a1qGE0jEwEAJTh3NtPCNFC5EfI4te3UnAMSbXHEdNf/2kQHiPyJN +9FlF5IVhojC7f45/htt5etphAHI9YAs6e9OOQ9Uh+eXvAQJIDqoH4N8= +-----END PRIVATE KEY----- + + + +# +# 2048 bit OpenVPN static key +# +-----BEGIN OpenVPN Static key V1----- +ea8f1c83226838b22597668f903e9929 +6b77ff8cf2afd8d9f839344c47f85693 +d4280a82bc743e01159f17545f7d7e23 +1e91d5292c53c26c353618495b7a4013 +8df9a1de2a3278ea55ac22d1a85b11bb +b155df61c10e835b49b2960a52840aa1 +64ea57bc98da062b695e06e3aca108c8 +d755dbd543d0d816546d7647d326aaea +8e02195160d37f131ffe52a1f39c017e +69fcb995e6fab1ee7a64c8b5a3946faa +38613b3bdbdd95443a7ec3b17386dce9 +b070e4a7cb7ce59152a37985e8a7d881 +b2c1da898f177dba80e0b53e7bbf53c0 +c7431ebce43cfebc92fa4e4ac49a146c +84ae27231334ca1dac42dea1f964d48f +eb7313175e956356f6ecefd289864a1a +-----END OpenVPN Static key V1----- + diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/client-config/dhorvath.conf b/sources/vpn.usr/postinstall/install/etc/openvpn/client-config/dhorvath.conf new file mode 100644 index 0000000..f883465 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/client-config/dhorvath.conf @@ -0,0 +1,238 @@ +############################################## +# Sample client-side OpenVPN 2.0 config file # +# for connecting to multi-client server. # +# # +# This configuration can be used by multiple # +# clients, however each client should have # +# its own cert and key files. # +# # +# On Windows, you might want to rename this # +# file so it has a .ovpn extension # +############################################## + +# Specify that we are a client and that we +# will be pulling certain config file directives +# from the server. +client + +# Use the same setting as you are using on +# the server. +# On most systems, the VPN will not function +# unless you partially or fully disable +# the firewall for the TUN/TAP interface. +;dev tap +dev tun + +# Windows needs the TAP-Win32 adapter name +# from the Network Connections panel +# if you have more than one. On XP SP2, +# you may need to disable the firewall +# for the TAP adapter. +;dev-node MyTap + +# Are we connecting to a TCP or +# UDP server? Use the same setting as +# on the server. +;proto tcp +proto udp + +# The hostname/IP and port of the server. +# You can have multiple remote entries +# to load balance between the servers. +remote vpn.userrendszerhaz.hu 1194 + +# Choose a random host from the remote +# list for load-balancing. Otherwise +# try hosts in the order specified. +;remote-random + +# Keep trying indefinitely to resolve the +# host name of the OpenVPN server. Very useful +# on machines which are not permanently connected +# to the internet such as laptops. +resolv-retry infinite + +# Most clients don't need to bind to +# a specific local port number. +nobind + +# Downgrade privileges after initialization (non-Windows only) +user nobody +group nobody + +# Try to preserve some state across restarts. +persist-key +persist-tun + +# If you are connecting through an +# HTTP proxy to reach the actual OpenVPN +# server, put the proxy server/IP and +# port number here. See the man page +# if your proxy server requires +# authentication. +;http-proxy-retry # retry on connection failures +;http-proxy [proxy server] [proxy port #] + +# Wireless networks often produce a lot +# of duplicate packets. Set this flag +# to silence duplicate packet warnings. +;mute-replay-warnings + +# SSL/TLS parms. +# See the server config file for more +# description. It's best to use +# a separate .crt/.key file pair +# for each client. A single ca +# file can be used for all clients. +;ca ca.crt +;cert client.crt +;key client.key + +# Verify server certificate by checking that the +# certicate has the correct key usage set. +# This is an important precaution to protect against +# a potential attack discussed here: +# http://openvpn.net/howto.html#mitm +# +# To use this feature, you will need to generate +# your server certificates with the keyUsage set to +# digitalSignature, keyEncipherment +# and the extendedKeyUsage to +# serverAuth +# EasyRSA can do this for you. +remote-cert-tls server + +# If a tls-auth key is used on the server +# then every client must also have the key. +;tls-auth ta.key 1 +key-direction 1 + +# Select a cryptographic cipher. +# If the cipher option is used on the server +# then you must also specify it here. +# Note that v2.4 client/server will automatically +# negotiate AES-256-GCM in TLS mode. +# See also the ncp-cipher option in the manpage +cipher AES-256-CBC + +# Enable compression on the VPN link. +# Don't enable this unless it is also +# enabled in the server config file. +#comp-lzo + +# Set log file verbosity. +verb 3 + +# Silence repeating messages +;mute 20 + + +-----BEGIN CERTIFICATE----- +MIICCDCCAY6gAwIBAgIUFpM3siy07jymSvRE5W3KA5SgaewwCgYIKoZIzj0EAwIw +GjEYMBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMB4XDTE5MDczMDEzMDQyMFoXDTI5 +MDcyNzEzMDQyMFowGjEYMBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMHYwEAYHKoZI +zj0CAQYFK4EEACIDYgAEf0Vp3WUOyNyNadbV0wXRxNws3Vfj0DtLOWS+PqHnpqQR +DDoiX0VgP22UPewYdBM0G+8rY69V7/T0I2c1MOxehEJpwzDtrPSwWFIYlovhrTm5 +aCXFWv7Emjc2lzff7796o4GUMIGRMB0GA1UdDgQWBBTbN0eikCKafCP5MWLoyV7R +ZUYZ1jBVBgNVHSMETjBMgBTbN0eikCKafCP5MWLoyV7RZUYZ1qEepBwwGjEYMBYG +A1UEAwwPVVNFUiBPcGVuVlBOIENBghQWkzeyLLTuPKZK9ETlbcoDlKBp7DAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqhkjOPQQDAgNoADBlAjEAhPooIL9r +CPdBnbm7odHvnvllUvR+iwwfcJSB17uV7Zt/XrobItEvMkrj1pBNz/OHAjAL+ktb +q0j0Zxzt35PA8oNPttbKNAUXT7KYSQ4KYstqX3NRvoXKOAj48p1IjkuUC3k= +-----END CERTIFICATE----- + + + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + ee:43:78:cd:16:7f:a5:7c:d5:10:b8:71:1f:5e:50:4e + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=USER OpenVPN CA + Validity + Not Before: Aug 2 08:47:52 2019 GMT + Not After : Jul 17 08:47:52 2022 GMT + Subject: CN=dhorvath + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:c2:77:2a:57:01:7b:d9:0b:e0:e0:69:7e:2a:df: + 05:b8:91:4e:50:51:e9:52:bd:a5:fa:01:ad:62:0a: + 69:10:82:6f:aa:84:64:33:71:d9:96:ca:9c:05:ce: + d9:13:99:b0:d9:d5:4d:d9:1a:43:8c:41:d5:e7:0a: + ae:92:6c:f6:7f:bf:73:b6:ff:bd:a4:bb:fc:d9:0c: + 36:0d:e2:f4:78:24:bb:cd:ac:e9:04:d6:9c:a5:2b: + ce:d7:0e:85:85:10:f1 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + D7:31:77:61:74:16:36:31:0A:BF:D2:E5:EA:44:1E:FD:CE:E3:7E:26 + X509v3 Authority Key Identifier: + keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6 + DirName:/CN=USER OpenVPN CA + serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:66:02:31:00:cc:88:44:5d:a2:1b:e2:d5:1f:f6:17:f7:4f: + fe:11:b1:6a:e7:9b:cd:bb:35:21:90:9d:a5:07:e8:34:1c:b4: + 29:b6:a1:ff:d1:d9:d3:60:a1:04:ed:47:17:d5:81:53:bf:02: + 31:00:db:af:26:de:3e:0a:b9:2b:e7:43:a0:34:10:96:fb:7c: + 25:4a:dd:e6:82:bc:5a:f0:f9:ea:cc:10:3f:2f:18:09:eb:32: + f3:83:d4:49:b1:7b:30:d4:d0:3f:9c:00:75:7b +-----BEGIN CERTIFICATE----- +MIICETCCAZagAwIBAgIRAO5DeM0Wf6V81RC4cR9eUE4wCgYIKoZIzj0EAwIwGjEY +MBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMB4XDTE5MDgwMjA4NDc1MloXDTIyMDcx +NzA4NDc1MlowEzERMA8GA1UEAwwIZGhvcnZhdGgwdjAQBgcqhkjOPQIBBgUrgQQA +IgNiAATCdypXAXvZC+DgaX4q3wW4kU5QUelSvaX6Aa1iCmkQgm+qhGQzcdmWypwF +ztkTmbDZ1U3ZGkOMQdXnCq6SbPZ/v3O2/72ku/zZDDYN4vR4JLvNrOkE1pylK87X +DoWFEPGjgaYwgaMwCQYDVR0TBAIwADAdBgNVHQ4EFgQU1zF3YXQWNjEKv9Ll6kQe +/c7jfiYwVQYDVR0jBE4wTIAU2zdHopAimnwj+TFi6Mle0WVGGdahHqQcMBoxGDAW +BgNVBAMMD1VTRVIgT3BlblZQTiBDQYIUFpM3siy07jymSvRE5W3KA5SgaewwEwYD +VR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqGSM49BAMCA2kAMGYC +MQDMiERdohvi1R/2F/dP/hGxauebzbs1IZCdpQfoNBy0Kbah/9HZ02ChBO1HF9WB +U78CMQDbrybePgq5K+dDoDQQlvt8JUrd5oK8WvD56swQPy8YCesy84PUSbF7MNTQ +P5wAdXs= +-----END CERTIFICATE----- + + + +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDAiHqPToF5VeW4qNuAu +JwWSuOhHA5ZoB1jVj28Cxtnd2nbtrVwpIKlKOMiQy4WhyoKhZANiAATCdypXAXvZ +C+DgaX4q3wW4kU5QUelSvaX6Aa1iCmkQgm+qhGQzcdmWypwFztkTmbDZ1U3ZGkOM +QdXnCq6SbPZ/v3O2/72ku/zZDDYN4vR4JLvNrOkE1pylK87XDoWFEPE= +-----END PRIVATE KEY----- + + + +# +# 2048 bit OpenVPN static key +# +-----BEGIN OpenVPN Static key V1----- +ea8f1c83226838b22597668f903e9929 +6b77ff8cf2afd8d9f839344c47f85693 +d4280a82bc743e01159f17545f7d7e23 +1e91d5292c53c26c353618495b7a4013 +8df9a1de2a3278ea55ac22d1a85b11bb +b155df61c10e835b49b2960a52840aa1 +64ea57bc98da062b695e06e3aca108c8 +d755dbd543d0d816546d7647d326aaea +8e02195160d37f131ffe52a1f39c017e +69fcb995e6fab1ee7a64c8b5a3946faa +38613b3bdbdd95443a7ec3b17386dce9 +b070e4a7cb7ce59152a37985e8a7d881 +b2c1da898f177dba80e0b53e7bbf53c0 +c7431ebce43cfebc92fa4e4ac49a146c +84ae27231334ca1dac42dea1f964d48f +eb7313175e956356f6ecefd289864a1a +-----END OpenVPN Static key V1----- + diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/client-config/dvasary.conf b/sources/vpn.usr/postinstall/install/etc/openvpn/client-config/dvasary.conf new file mode 100644 index 0000000..957bda2 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/client-config/dvasary.conf @@ -0,0 +1,238 @@ +############################################## +# Sample client-side OpenVPN 2.0 config file # +# for connecting to multi-client server. # +# # +# This configuration can be used by multiple # +# clients, however each client should have # +# its own cert and key files. # +# # +# On Windows, you might want to rename this # +# file so it has a .ovpn extension # +############################################## + +# Specify that we are a client and that we +# will be pulling certain config file directives +# from the server. +client + +# Use the same setting as you are using on +# the server. +# On most systems, the VPN will not function +# unless you partially or fully disable +# the firewall for the TUN/TAP interface. +;dev tap +dev tun + +# Windows needs the TAP-Win32 adapter name +# from the Network Connections panel +# if you have more than one. On XP SP2, +# you may need to disable the firewall +# for the TAP adapter. +;dev-node MyTap + +# Are we connecting to a TCP or +# UDP server? Use the same setting as +# on the server. +;proto tcp +proto udp + +# The hostname/IP and port of the server. +# You can have multiple remote entries +# to load balance between the servers. +remote vpn.userrendszerhaz.hu 1194 + +# Choose a random host from the remote +# list for load-balancing. Otherwise +# try hosts in the order specified. +;remote-random + +# Keep trying indefinitely to resolve the +# host name of the OpenVPN server. Very useful +# on machines which are not permanently connected +# to the internet such as laptops. +resolv-retry infinite + +# Most clients don't need to bind to +# a specific local port number. +nobind + +# Downgrade privileges after initialization (non-Windows only) +user nobody +group nobody + +# Try to preserve some state across restarts. +persist-key +persist-tun + +# If you are connecting through an +# HTTP proxy to reach the actual OpenVPN +# server, put the proxy server/IP and +# port number here. See the man page +# if your proxy server requires +# authentication. +;http-proxy-retry # retry on connection failures +;http-proxy [proxy server] [proxy port #] + +# Wireless networks often produce a lot +# of duplicate packets. Set this flag +# to silence duplicate packet warnings. +;mute-replay-warnings + +# SSL/TLS parms. +# See the server config file for more +# description. It's best to use +# a separate .crt/.key file pair +# for each client. A single ca +# file can be used for all clients. +;ca ca.crt +;cert client.crt +;key client.key + +# Verify server certificate by checking that the +# certicate has the correct key usage set. +# This is an important precaution to protect against +# a potential attack discussed here: +# http://openvpn.net/howto.html#mitm +# +# To use this feature, you will need to generate +# your server certificates with the keyUsage set to +# digitalSignature, keyEncipherment +# and the extendedKeyUsage to +# serverAuth +# EasyRSA can do this for you. +remote-cert-tls server + +# If a tls-auth key is used on the server +# then every client must also have the key. +;tls-auth ta.key 1 +key-direction 1 + +# Select a cryptographic cipher. +# If the cipher option is used on the server +# then you must also specify it here. +# Note that v2.4 client/server will automatically +# negotiate AES-256-GCM in TLS mode. +# See also the ncp-cipher option in the manpage +cipher AES-256-CBC + +# Enable compression on the VPN link. +# Don't enable this unless it is also +# enabled in the server config file. +#comp-lzo + +# Set log file verbosity. +verb 3 + +# Silence repeating messages +;mute 20 + + +-----BEGIN CERTIFICATE----- +MIICCDCCAY6gAwIBAgIUFpM3siy07jymSvRE5W3KA5SgaewwCgYIKoZIzj0EAwIw +GjEYMBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMB4XDTE5MDczMDEzMDQyMFoXDTI5 +MDcyNzEzMDQyMFowGjEYMBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMHYwEAYHKoZI +zj0CAQYFK4EEACIDYgAEf0Vp3WUOyNyNadbV0wXRxNws3Vfj0DtLOWS+PqHnpqQR +DDoiX0VgP22UPewYdBM0G+8rY69V7/T0I2c1MOxehEJpwzDtrPSwWFIYlovhrTm5 +aCXFWv7Emjc2lzff7796o4GUMIGRMB0GA1UdDgQWBBTbN0eikCKafCP5MWLoyV7R +ZUYZ1jBVBgNVHSMETjBMgBTbN0eikCKafCP5MWLoyV7RZUYZ1qEepBwwGjEYMBYG +A1UEAwwPVVNFUiBPcGVuVlBOIENBghQWkzeyLLTuPKZK9ETlbcoDlKBp7DAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqhkjOPQQDAgNoADBlAjEAhPooIL9r +CPdBnbm7odHvnvllUvR+iwwfcJSB17uV7Zt/XrobItEvMkrj1pBNz/OHAjAL+ktb +q0j0Zxzt35PA8oNPttbKNAUXT7KYSQ4KYstqX3NRvoXKOAj48p1IjkuUC3k= +-----END CERTIFICATE----- + + + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 07:5b:cc:38:0a:a7:60:e4:33:ea:dc:63:5f:da:65:bb + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=USER OpenVPN CA + Validity + Not Before: Jul 30 13:14:04 2019 GMT + Not After : Jul 14 13:14:04 2022 GMT + Subject: CN=dvasary + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:83:4f:51:7b:f1:30:dc:76:25:db:21:fd:11:8a: + 39:fc:6f:4a:0f:f5:38:9d:8e:3c:18:c3:e2:b9:9a: + 7e:d8:25:9d:69:f1:40:f2:1c:f8:bd:7c:98:e9:1d: + 86:78:d0:d5:7b:b1:e6:8a:cb:44:e9:42:6c:61:c4: + d9:32:c5:16:f0:76:71:90:58:0f:13:f4:cb:01:02: + 68:fa:bb:3e:cb:24:47:e2:87:2d:f2:c6:d9:5f:b8: + 16:de:47:aa:bf:02:65 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 61:47:26:E4:48:A5:C7:F8:38:0A:5F:06:FE:F6:35:DC:BB:71:F1:36 + X509v3 Authority Key Identifier: + keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6 + DirName:/CN=USER OpenVPN CA + serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:66:02:31:00:8a:59:88:96:eb:a1:b6:5d:51:39:39:63:b6: + 53:c1:1e:01:ae:35:ff:3e:a5:ba:ed:17:a9:0b:2d:a9:86:c3: + ae:c1:47:55:9b:16:9f:d7:29:71:28:06:92:6c:da:86:75:02: + 31:00:b3:f1:55:67:51:44:2f:fa:5f:c0:65:ce:45:c3:ef:88: + f4:80:98:65:69:e5:db:7b:42:71:6f:16:f2:06:5c:ad:e1:ce: + fb:dc:fc:46:1f:b2:79:61:5a:c9:81:b5:24:c3 +-----BEGIN CERTIFICATE----- +MIICDzCCAZSgAwIBAgIQB1vMOAqnYOQz6txjX9pluzAKBggqhkjOPQQDAjAaMRgw +FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkwNzMwMTMxNDA0WhcNMjIwNzE0 +MTMxNDA0WjASMRAwDgYDVQQDDAdkdmFzYXJ5MHYwEAYHKoZIzj0CAQYFK4EEACID +YgAEg09Re/Ew3HYl2yH9EYo5/G9KD/U4nY48GMPiuZp+2CWdafFA8hz4vXyY6R2G +eNDVe7HmistE6UJsYcTZMsUW8HZxkFgPE/TLAQJo+rs+yyRH4oct8sbZX7gW3keq +vwJlo4GmMIGjMAkGA1UdEwQCMAAwHQYDVR0OBBYEFGFHJuRIpcf4OApfBv72Ndy7 +cfE2MFUGA1UdIwROMEyAFNs3R6KQIpp8I/kxYujJXtFlRhnWoR6kHDAaMRgwFgYD +VQQDDA9VU0VSIE9wZW5WUE4gQ0GCFBaTN7IstO48pkr0ROVtygOUoGnsMBMGA1Ud +JQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAKBggqhkjOPQQDAgNpADBmAjEA +ilmIluuhtl1ROTljtlPBHgGuNf8+pbrtF6kLLamGw67BR1WbFp/XKXEoBpJs2oZ1 +AjEAs/FVZ1FEL/pfwGXORcPviPSAmGVp5dt7QnFvFvIGXK3hzvvc/EYfsnlhWsmB +tSTD +-----END CERTIFICATE----- + + + +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBlosRzur9E4uOwMzTj +/x+I2VSe0jDyJr/CDV50ElawBO6bEvw4a5m2HjNW7HcAF4yhZANiAASDT1F78TDc +diXbIf0Rijn8b0oP9TidjjwYw+K5mn7YJZ1p8UDyHPi9fJjpHYZ40NV7seaKy0Tp +QmxhxNkyxRbwdnGQWA8T9MsBAmj6uz7LJEfihy3yxtlfuBbeR6q/AmU= +-----END PRIVATE KEY----- + + + +# +# 2048 bit OpenVPN static key +# +-----BEGIN OpenVPN Static key V1----- +ea8f1c83226838b22597668f903e9929 +6b77ff8cf2afd8d9f839344c47f85693 +d4280a82bc743e01159f17545f7d7e23 +1e91d5292c53c26c353618495b7a4013 +8df9a1de2a3278ea55ac22d1a85b11bb +b155df61c10e835b49b2960a52840aa1 +64ea57bc98da062b695e06e3aca108c8 +d755dbd543d0d816546d7647d326aaea +8e02195160d37f131ffe52a1f39c017e +69fcb995e6fab1ee7a64c8b5a3946faa +38613b3bdbdd95443a7ec3b17386dce9 +b070e4a7cb7ce59152a37985e8a7d881 +b2c1da898f177dba80e0b53e7bbf53c0 +c7431ebce43cfebc92fa4e4ac49a146c +84ae27231334ca1dac42dea1f964d48f +eb7313175e956356f6ecefd289864a1a +-----END OpenVPN Static key V1----- + diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/client-config/fritter.conf b/sources/vpn.usr/postinstall/install/etc/openvpn/client-config/fritter.conf new file mode 100644 index 0000000..c81b86b --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/client-config/fritter.conf @@ -0,0 +1,238 @@ +############################################## +# Sample client-side OpenVPN 2.0 config file # +# for connecting to multi-client server. # +# # +# This configuration can be used by multiple # +# clients, however each client should have # +# its own cert and key files. # +# # +# On Windows, you might want to rename this # +# file so it has a .ovpn extension # +############################################## + +# Specify that we are a client and that we +# will be pulling certain config file directives +# from the server. +client + +# Use the same setting as you are using on +# the server. +# On most systems, the VPN will not function +# unless you partially or fully disable +# the firewall for the TUN/TAP interface. +;dev tap +dev tun + +# Windows needs the TAP-Win32 adapter name +# from the Network Connections panel +# if you have more than one. On XP SP2, +# you may need to disable the firewall +# for the TAP adapter. +;dev-node MyTap + +# Are we connecting to a TCP or +# UDP server? Use the same setting as +# on the server. +;proto tcp +proto udp + +# The hostname/IP and port of the server. +# You can have multiple remote entries +# to load balance between the servers. +remote vpn.userrendszerhaz.hu 1194 + +# Choose a random host from the remote +# list for load-balancing. Otherwise +# try hosts in the order specified. +;remote-random + +# Keep trying indefinitely to resolve the +# host name of the OpenVPN server. Very useful +# on machines which are not permanently connected +# to the internet such as laptops. +resolv-retry infinite + +# Most clients don't need to bind to +# a specific local port number. +nobind + +# Downgrade privileges after initialization (non-Windows only) +user nobody +group nobody + +# Try to preserve some state across restarts. +persist-key +persist-tun + +# If you are connecting through an +# HTTP proxy to reach the actual OpenVPN +# server, put the proxy server/IP and +# port number here. See the man page +# if your proxy server requires +# authentication. +;http-proxy-retry # retry on connection failures +;http-proxy [proxy server] [proxy port #] + +# Wireless networks often produce a lot +# of duplicate packets. Set this flag +# to silence duplicate packet warnings. +;mute-replay-warnings + +# SSL/TLS parms. +# See the server config file for more +# description. It's best to use +# a separate .crt/.key file pair +# for each client. A single ca +# file can be used for all clients. +;ca ca.crt +;cert client.crt +;key client.key + +# Verify server certificate by checking that the +# certicate has the correct key usage set. +# This is an important precaution to protect against +# a potential attack discussed here: +# http://openvpn.net/howto.html#mitm +# +# To use this feature, you will need to generate +# your server certificates with the keyUsage set to +# digitalSignature, keyEncipherment +# and the extendedKeyUsage to +# serverAuth +# EasyRSA can do this for you. +remote-cert-tls server + +# If a tls-auth key is used on the server +# then every client must also have the key. +;tls-auth ta.key 1 +key-direction 1 + +# Select a cryptographic cipher. +# If the cipher option is used on the server +# then you must also specify it here. +# Note that v2.4 client/server will automatically +# negotiate AES-256-GCM in TLS mode. +# See also the ncp-cipher option in the manpage +cipher AES-256-CBC + +# Enable compression on the VPN link. +# Don't enable this unless it is also +# enabled in the server config file. +#comp-lzo + +# Set log file verbosity. +verb 3 + +# Silence repeating messages +;mute 20 + + +-----BEGIN CERTIFICATE----- +MIICCDCCAY6gAwIBAgIUFpM3siy07jymSvRE5W3KA5SgaewwCgYIKoZIzj0EAwIw +GjEYMBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMB4XDTE5MDczMDEzMDQyMFoXDTI5 +MDcyNzEzMDQyMFowGjEYMBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMHYwEAYHKoZI +zj0CAQYFK4EEACIDYgAEf0Vp3WUOyNyNadbV0wXRxNws3Vfj0DtLOWS+PqHnpqQR +DDoiX0VgP22UPewYdBM0G+8rY69V7/T0I2c1MOxehEJpwzDtrPSwWFIYlovhrTm5 +aCXFWv7Emjc2lzff7796o4GUMIGRMB0GA1UdDgQWBBTbN0eikCKafCP5MWLoyV7R +ZUYZ1jBVBgNVHSMETjBMgBTbN0eikCKafCP5MWLoyV7RZUYZ1qEepBwwGjEYMBYG +A1UEAwwPVVNFUiBPcGVuVlBOIENBghQWkzeyLLTuPKZK9ETlbcoDlKBp7DAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqhkjOPQQDAgNoADBlAjEAhPooIL9r +CPdBnbm7odHvnvllUvR+iwwfcJSB17uV7Zt/XrobItEvMkrj1pBNz/OHAjAL+ktb +q0j0Zxzt35PA8oNPttbKNAUXT7KYSQ4KYstqX3NRvoXKOAj48p1IjkuUC3k= +-----END CERTIFICATE----- + + + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 32:06:af:0b:00:a2:dd:98:26:61:13:a2:f8:c5:f8:e7 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=USER OpenVPN CA + Validity + Not Before: Jul 30 13:14:15 2019 GMT + Not After : Jul 14 13:14:15 2022 GMT + Subject: CN=fritter + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:01:16:61:9a:29:9b:00:34:c6:d8:d0:31:87:e7: + 2c:fd:7a:7e:e0:6e:f7:26:1a:62:7f:d4:7d:aa:8d: + 0e:83:bd:c2:51:8c:cb:34:2b:3d:04:40:4f:2c:6f: + 8b:86:9b:7f:de:a2:79:a4:0a:03:4c:70:71:34:ba: + f6:f8:d1:e8:92:18:32:d6:78:3d:5d:29:5c:70:a0: + b6:80:7f:21:e2:63:09:57:c1:46:fd:9b:d9:7a:2a: + b8:13:f2:f7:83:cc:32 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + B1:1A:69:80:EF:74:B3:58:F8:3B:86:7A:86:DF:8C:50:30:56:12:04 + X509v3 Authority Key Identifier: + keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6 + DirName:/CN=USER OpenVPN CA + serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:66:02:31:00:da:29:1d:b3:22:d6:c9:b3:16:e6:14:41:77: + fb:87:e7:9c:39:0b:a4:40:42:bf:45:0a:b0:4e:53:89:c9:a9: + 6b:90:b7:88:85:bd:f0:9b:a0:a4:4b:fb:e3:2e:6f:d1:ff:02: + 31:00:82:ce:d7:ed:cd:94:17:96:d4:65:97:82:11:ae:dd:22: + 2c:2f:f2:64:55:ef:e7:25:c9:89:c3:bf:fc:cf:5f:c5:60:00: + 2c:e9:7d:36:7b:6b:b8:c0:08:c2:66:f2:f7:ef +-----BEGIN CERTIFICATE----- +MIICDzCCAZSgAwIBAgIQMgavCwCi3ZgmYROi+MX45zAKBggqhkjOPQQDAjAaMRgw +FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkwNzMwMTMxNDE1WhcNMjIwNzE0 +MTMxNDE1WjASMRAwDgYDVQQDDAdmcml0dGVyMHYwEAYHKoZIzj0CAQYFK4EEACID +YgAEARZhmimbADTG2NAxh+cs/Xp+4G73Jhpif9R9qo0Og73CUYzLNCs9BEBPLG+L +hpt/3qJ5pAoDTHBxNLr2+NHokhgy1ng9XSlccKC2gH8h4mMJV8FG/ZvZeiq4E/L3 +g8wyo4GmMIGjMAkGA1UdEwQCMAAwHQYDVR0OBBYEFLEaaYDvdLNY+DuGeobfjFAw +VhIEMFUGA1UdIwROMEyAFNs3R6KQIpp8I/kxYujJXtFlRhnWoR6kHDAaMRgwFgYD +VQQDDA9VU0VSIE9wZW5WUE4gQ0GCFBaTN7IstO48pkr0ROVtygOUoGnsMBMGA1Ud +JQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAKBggqhkjOPQQDAgNpADBmAjEA +2ikdsyLWybMW5hRBd/uH55w5C6RAQr9FCrBOU4nJqWuQt4iFvfCboKRL++Mub9H/ +AjEAgs7X7c2UF5bUZZeCEa7dIiwv8mRV7+clyYnDv/zPX8VgACzpfTZ7a7jACMJm +8vfv +-----END CERTIFICATE----- + + + +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDaUFU/AcO1aLWRrpXF +pdIp3a8bUuIn0Sf/p2z+xd96uy8q/k4ldwJuAFpDqIWU7EehZANiAAQBFmGaKZsA +NMbY0DGH5yz9en7gbvcmGmJ/1H2qjQ6DvcJRjMs0Kz0EQE8sb4uGm3/eonmkCgNM +cHE0uvb40eiSGDLWeD1dKVxwoLaAfyHiYwlXwUb9m9l6KrgT8veDzDI= +-----END PRIVATE KEY----- + + + +# +# 2048 bit OpenVPN static key +# +-----BEGIN OpenVPN Static key V1----- +ea8f1c83226838b22597668f903e9929 +6b77ff8cf2afd8d9f839344c47f85693 +d4280a82bc743e01159f17545f7d7e23 +1e91d5292c53c26c353618495b7a4013 +8df9a1de2a3278ea55ac22d1a85b11bb +b155df61c10e835b49b2960a52840aa1 +64ea57bc98da062b695e06e3aca108c8 +d755dbd543d0d816546d7647d326aaea +8e02195160d37f131ffe52a1f39c017e +69fcb995e6fab1ee7a64c8b5a3946faa +38613b3bdbdd95443a7ec3b17386dce9 +b070e4a7cb7ce59152a37985e8a7d881 +b2c1da898f177dba80e0b53e7bbf53c0 +c7431ebce43cfebc92fa4e4ac49a146c +84ae27231334ca1dac42dea1f964d48f +eb7313175e956356f6ecefd289864a1a +-----END OpenVPN Static key V1----- + diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/client-config/fschnell.conf b/sources/vpn.usr/postinstall/install/etc/openvpn/client-config/fschnell.conf new file mode 100644 index 0000000..252ca71 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/client-config/fschnell.conf @@ -0,0 +1,238 @@ +############################################## +# Sample client-side OpenVPN 2.0 config file # +# for connecting to multi-client server. # +# # +# This configuration can be used by multiple # +# clients, however each client should have # +# its own cert and key files. # +# # +# On Windows, you might want to rename this # +# file so it has a .ovpn extension # +############################################## + +# Specify that we are a client and that we +# will be pulling certain config file directives +# from the server. +client + +# Use the same setting as you are using on +# the server. +# On most systems, the VPN will not function +# unless you partially or fully disable +# the firewall for the TUN/TAP interface. +;dev tap +dev tun + +# Windows needs the TAP-Win32 adapter name +# from the Network Connections panel +# if you have more than one. On XP SP2, +# you may need to disable the firewall +# for the TAP adapter. +;dev-node MyTap + +# Are we connecting to a TCP or +# UDP server? Use the same setting as +# on the server. +;proto tcp +proto udp + +# The hostname/IP and port of the server. +# You can have multiple remote entries +# to load balance between the servers. +remote vpn.userrendszerhaz.hu 1194 + +# Choose a random host from the remote +# list for load-balancing. Otherwise +# try hosts in the order specified. +;remote-random + +# Keep trying indefinitely to resolve the +# host name of the OpenVPN server. Very useful +# on machines which are not permanently connected +# to the internet such as laptops. +resolv-retry infinite + +# Most clients don't need to bind to +# a specific local port number. +nobind + +# Downgrade privileges after initialization (non-Windows only) +user nobody +group nobody + +# Try to preserve some state across restarts. +persist-key +persist-tun + +# If you are connecting through an +# HTTP proxy to reach the actual OpenVPN +# server, put the proxy server/IP and +# port number here. See the man page +# if your proxy server requires +# authentication. +;http-proxy-retry # retry on connection failures +;http-proxy [proxy server] [proxy port #] + +# Wireless networks often produce a lot +# of duplicate packets. Set this flag +# to silence duplicate packet warnings. +;mute-replay-warnings + +# SSL/TLS parms. +# See the server config file for more +# description. It's best to use +# a separate .crt/.key file pair +# for each client. A single ca +# file can be used for all clients. +;ca ca.crt +;cert client.crt +;key client.key + +# Verify server certificate by checking that the +# certicate has the correct key usage set. +# This is an important precaution to protect against +# a potential attack discussed here: +# http://openvpn.net/howto.html#mitm +# +# To use this feature, you will need to generate +# your server certificates with the keyUsage set to +# digitalSignature, keyEncipherment +# and the extendedKeyUsage to +# serverAuth +# EasyRSA can do this for you. +remote-cert-tls server + +# If a tls-auth key is used on the server +# then every client must also have the key. +;tls-auth ta.key 1 +key-direction 1 + +# Select a cryptographic cipher. +# If the cipher option is used on the server +# then you must also specify it here. +# Note that v2.4 client/server will automatically +# negotiate AES-256-GCM in TLS mode. +# See also the ncp-cipher option in the manpage +cipher AES-256-CBC + +# Enable compression on the VPN link. +# Don't enable this unless it is also +# enabled in the server config file. +#comp-lzo + +# Set log file verbosity. +verb 3 + +# Silence repeating messages +;mute 20 + + +-----BEGIN CERTIFICATE----- +MIICCDCCAY6gAwIBAgIUFpM3siy07jymSvRE5W3KA5SgaewwCgYIKoZIzj0EAwIw +GjEYMBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMB4XDTE5MDczMDEzMDQyMFoXDTI5 +MDcyNzEzMDQyMFowGjEYMBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMHYwEAYHKoZI +zj0CAQYFK4EEACIDYgAEf0Vp3WUOyNyNadbV0wXRxNws3Vfj0DtLOWS+PqHnpqQR +DDoiX0VgP22UPewYdBM0G+8rY69V7/T0I2c1MOxehEJpwzDtrPSwWFIYlovhrTm5 +aCXFWv7Emjc2lzff7796o4GUMIGRMB0GA1UdDgQWBBTbN0eikCKafCP5MWLoyV7R +ZUYZ1jBVBgNVHSMETjBMgBTbN0eikCKafCP5MWLoyV7RZUYZ1qEepBwwGjEYMBYG +A1UEAwwPVVNFUiBPcGVuVlBOIENBghQWkzeyLLTuPKZK9ETlbcoDlKBp7DAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqhkjOPQQDAgNoADBlAjEAhPooIL9r +CPdBnbm7odHvnvllUvR+iwwfcJSB17uV7Zt/XrobItEvMkrj1pBNz/OHAjAL+ktb +q0j0Zxzt35PA8oNPttbKNAUXT7KYSQ4KYstqX3NRvoXKOAj48p1IjkuUC3k= +-----END CERTIFICATE----- + + + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 62:de:03:11:22:c6:4b:00:ac:33:d5:e5:8a:25:0f:ff + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=USER OpenVPN CA + Validity + Not Before: Jul 30 13:14:27 2019 GMT + Not After : Jul 14 13:14:27 2022 GMT + Subject: CN=fschnell + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:c1:66:71:37:bb:f5:b6:2c:b0:a0:d6:8c:85:2c: + 31:28:d1:5e:d6:23:71:ae:b7:6f:79:12:50:7a:b5: + 6c:ee:eb:a0:a9:9b:1a:d5:f3:5d:72:fd:cd:f1:0d: + 23:3f:6e:44:7b:1f:c9:8a:1e:fb:51:ad:e2:bf:c8: + 12:0d:d0:7a:11:de:ee:c2:6e:06:af:67:c7:51:13: + 8c:cf:75:9f:a9:80:42:f2:9c:5a:78:af:29:57:df: + b0:c1:d6:d6:3b:42:60 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + B9:32:14:86:9B:D6:96:CB:A1:D9:29:28:C4:F7:93:25:5F:2A:A1:1C + X509v3 Authority Key Identifier: + keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6 + DirName:/CN=USER OpenVPN CA + serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:64:02:30:61:aa:3e:2c:c7:81:3c:56:1a:87:fe:c8:42:6a: + b1:61:dd:1c:6a:21:ac:81:90:ef:04:4c:2f:fc:9f:b7:75:e1: + b2:2a:60:f8:67:f0:9a:b4:7f:18:cd:81:68:bf:ae:1b:02:30: + 33:0e:e6:86:5d:2e:bc:64:4e:4c:fd:8d:05:45:a6:c0:3d:d8: + af:53:fa:37:2f:e5:84:8e:ea:30:80:82:60:96:8e:5d:8f:1f: + f2:4f:d1:f7:c0:d1:a0:19:d7:93:95:82 +-----BEGIN CERTIFICATE----- +MIICDjCCAZWgAwIBAgIQYt4DESLGSwCsM9XliiUP/zAKBggqhkjOPQQDAjAaMRgw +FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkwNzMwMTMxNDI3WhcNMjIwNzE0 +MTMxNDI3WjATMREwDwYDVQQDDAhmc2NobmVsbDB2MBAGByqGSM49AgEGBSuBBAAi +A2IABMFmcTe79bYssKDWjIUsMSjRXtYjca63b3kSUHq1bO7roKmbGtXzXXL9zfEN +Iz9uRHsfyYoe+1Gt4r/IEg3QehHe7sJuBq9nx1ETjM91n6mAQvKcWnivKVffsMHW +1jtCYKOBpjCBozAJBgNVHRMEAjAAMB0GA1UdDgQWBBS5MhSGm9aWy6HZKSjE95Ml +XyqhHDBVBgNVHSMETjBMgBTbN0eikCKafCP5MWLoyV7RZUYZ1qEepBwwGjEYMBYG +A1UEAwwPVVNFUiBPcGVuVlBOIENBghQWkzeyLLTuPKZK9ETlbcoDlKBp7DATBgNV +HSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZIzj0EAwIDZwAwZAIw +Yao+LMeBPFYah/7IQmqxYd0caiGsgZDvBEwv/J+3deGyKmD4Z/CatH8YzYFov64b +AjAzDuaGXS68ZE5M/Y0FRabAPdivU/o3L+WEjuowgIJglo5djx/yT9H3wNGgGdeT +lYI= +-----END CERTIFICATE----- + + + +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDJrT8LYg3Z3J0bN6Zo +Hu+9iFCXEwyBg21YcYlkT+Ugp2+VCgT27UByvVcOCBWffvGhZANiAATBZnE3u/W2 +LLCg1oyFLDEo0V7WI3Gut295ElB6tWzu66CpmxrV811y/c3xDSM/bkR7H8mKHvtR +reK/yBIN0HoR3u7CbgavZ8dRE4zPdZ+pgELynFp4rylX37DB1tY7QmA= +-----END PRIVATE KEY----- + + + +# +# 2048 bit OpenVPN static key +# +-----BEGIN OpenVPN Static key V1----- +ea8f1c83226838b22597668f903e9929 +6b77ff8cf2afd8d9f839344c47f85693 +d4280a82bc743e01159f17545f7d7e23 +1e91d5292c53c26c353618495b7a4013 +8df9a1de2a3278ea55ac22d1a85b11bb +b155df61c10e835b49b2960a52840aa1 +64ea57bc98da062b695e06e3aca108c8 +d755dbd543d0d816546d7647d326aaea +8e02195160d37f131ffe52a1f39c017e +69fcb995e6fab1ee7a64c8b5a3946faa +38613b3bdbdd95443a7ec3b17386dce9 +b070e4a7cb7ce59152a37985e8a7d881 +b2c1da898f177dba80e0b53e7bbf53c0 +c7431ebce43cfebc92fa4e4ac49a146c +84ae27231334ca1dac42dea1f964d48f +eb7313175e956356f6ecefd289864a1a +-----END OpenVPN Static key V1----- + diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/client-config/ifabian.conf b/sources/vpn.usr/postinstall/install/etc/openvpn/client-config/ifabian.conf new file mode 100644 index 0000000..769b18c --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/client-config/ifabian.conf @@ -0,0 +1,238 @@ +############################################## +# Sample client-side OpenVPN 2.0 config file # +# for connecting to multi-client server. # +# # +# This configuration can be used by multiple # +# clients, however each client should have # +# its own cert and key files. # +# # +# On Windows, you might want to rename this # +# file so it has a .ovpn extension # +############################################## + +# Specify that we are a client and that we +# will be pulling certain config file directives +# from the server. +client + +# Use the same setting as you are using on +# the server. +# On most systems, the VPN will not function +# unless you partially or fully disable +# the firewall for the TUN/TAP interface. +;dev tap +dev tun + +# Windows needs the TAP-Win32 adapter name +# from the Network Connections panel +# if you have more than one. On XP SP2, +# you may need to disable the firewall +# for the TAP adapter. +;dev-node MyTap + +# Are we connecting to a TCP or +# UDP server? Use the same setting as +# on the server. +;proto tcp +proto udp + +# The hostname/IP and port of the server. +# You can have multiple remote entries +# to load balance between the servers. +remote vpn.userrendszerhaz.hu 1194 + +# Choose a random host from the remote +# list for load-balancing. Otherwise +# try hosts in the order specified. +;remote-random + +# Keep trying indefinitely to resolve the +# host name of the OpenVPN server. Very useful +# on machines which are not permanently connected +# to the internet such as laptops. +resolv-retry infinite + +# Most clients don't need to bind to +# a specific local port number. +nobind + +# Downgrade privileges after initialization (non-Windows only) +user nobody +group nobody + +# Try to preserve some state across restarts. +persist-key +persist-tun + +# If you are connecting through an +# HTTP proxy to reach the actual OpenVPN +# server, put the proxy server/IP and +# port number here. See the man page +# if your proxy server requires +# authentication. +;http-proxy-retry # retry on connection failures +;http-proxy [proxy server] [proxy port #] + +# Wireless networks often produce a lot +# of duplicate packets. Set this flag +# to silence duplicate packet warnings. +;mute-replay-warnings + +# SSL/TLS parms. +# See the server config file for more +# description. It's best to use +# a separate .crt/.key file pair +# for each client. A single ca +# file can be used for all clients. +;ca ca.crt +;cert client.crt +;key client.key + +# Verify server certificate by checking that the +# certicate has the correct key usage set. +# This is an important precaution to protect against +# a potential attack discussed here: +# http://openvpn.net/howto.html#mitm +# +# To use this feature, you will need to generate +# your server certificates with the keyUsage set to +# digitalSignature, keyEncipherment +# and the extendedKeyUsage to +# serverAuth +# EasyRSA can do this for you. +remote-cert-tls server + +# If a tls-auth key is used on the server +# then every client must also have the key. +;tls-auth ta.key 1 +key-direction 1 + +# Select a cryptographic cipher. +# If the cipher option is used on the server +# then you must also specify it here. +# Note that v2.4 client/server will automatically +# negotiate AES-256-GCM in TLS mode. +# See also the ncp-cipher option in the manpage +cipher AES-256-CBC + +# Enable compression on the VPN link. +# Don't enable this unless it is also +# enabled in the server config file. +#comp-lzo + +# Set log file verbosity. +verb 3 + +# Silence repeating messages +;mute 20 + + +-----BEGIN CERTIFICATE----- +MIICCDCCAY6gAwIBAgIUFpM3siy07jymSvRE5W3KA5SgaewwCgYIKoZIzj0EAwIw +GjEYMBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMB4XDTE5MDczMDEzMDQyMFoXDTI5 +MDcyNzEzMDQyMFowGjEYMBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMHYwEAYHKoZI +zj0CAQYFK4EEACIDYgAEf0Vp3WUOyNyNadbV0wXRxNws3Vfj0DtLOWS+PqHnpqQR +DDoiX0VgP22UPewYdBM0G+8rY69V7/T0I2c1MOxehEJpwzDtrPSwWFIYlovhrTm5 +aCXFWv7Emjc2lzff7796o4GUMIGRMB0GA1UdDgQWBBTbN0eikCKafCP5MWLoyV7R +ZUYZ1jBVBgNVHSMETjBMgBTbN0eikCKafCP5MWLoyV7RZUYZ1qEepBwwGjEYMBYG +A1UEAwwPVVNFUiBPcGVuVlBOIENBghQWkzeyLLTuPKZK9ETlbcoDlKBp7DAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqhkjOPQQDAgNoADBlAjEAhPooIL9r +CPdBnbm7odHvnvllUvR+iwwfcJSB17uV7Zt/XrobItEvMkrj1pBNz/OHAjAL+ktb +q0j0Zxzt35PA8oNPttbKNAUXT7KYSQ4KYstqX3NRvoXKOAj48p1IjkuUC3k= +-----END CERTIFICATE----- + + + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 46:9e:0b:aa:82:d0:07:b1:9d:fc:c4:87:c5:6c:9e:80 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=USER OpenVPN CA + Validity + Not Before: Jul 30 13:14:38 2019 GMT + Not After : Jul 14 13:14:38 2022 GMT + Subject: CN=ifabian + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:ba:65:94:67:08:34:86:c7:0f:94:00:5f:e2:38: + 5b:9e:29:5f:76:7a:87:43:5b:37:a4:44:ab:39:72: + be:37:0e:3f:c5:ba:55:8b:6c:bd:22:ed:74:54:88: + a2:1c:ec:f8:24:37:3f:b3:b2:e3:56:0e:e5:81:cb: + ef:48:1d:e5:ea:1f:67:51:5f:20:8b:2f:aa:fe:fe: + 8e:d4:be:91:28:94:b6:cc:04:74:90:72:90:10:a0: + 7c:42:a2:e3:4c:7f:49 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 0B:41:AE:87:A5:73:BB:DC:4E:16:2E:F3:A0:20:FA:D5:38:52:40:AA + X509v3 Authority Key Identifier: + keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6 + DirName:/CN=USER OpenVPN CA + serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:30:1f:f9:44:c2:c2:63:91:08:c2:c8:ca:22:28:7d: + 9b:84:3d:d1:f7:89:43:26:b0:a6:e7:2c:e5:63:e9:bd:86:81: + e5:ad:1a:c2:bb:30:31:05:eb:e9:d3:71:d1:6e:c0:df:02:31: + 00:d3:38:d5:bb:9f:d2:a2:92:6e:0e:2a:b4:d9:d6:a9:c9:eb: + 5c:c9:ef:33:1c:66:d4:3c:a0:86:07:39:38:14:0c:61:8b:67: + 75:20:06:d8:79:0c:65:a2:2d:87:fc:00:04 +-----BEGIN CERTIFICATE----- +MIICDjCCAZSgAwIBAgIQRp4LqoLQB7Gd/MSHxWyegDAKBggqhkjOPQQDAjAaMRgw +FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkwNzMwMTMxNDM4WhcNMjIwNzE0 +MTMxNDM4WjASMRAwDgYDVQQDDAdpZmFiaWFuMHYwEAYHKoZIzj0CAQYFK4EEACID +YgAEumWUZwg0hscPlABf4jhbnilfdnqHQ1s3pESrOXK+Nw4/xbpVi2y9Iu10VIii +HOz4JDc/s7LjVg7lgcvvSB3l6h9nUV8giy+q/v6O1L6RKJS2zAR0kHKQEKB8QqLj +TH9Jo4GmMIGjMAkGA1UdEwQCMAAwHQYDVR0OBBYEFAtBroelc7vcThYu86Ag+tU4 +UkCqMFUGA1UdIwROMEyAFNs3R6KQIpp8I/kxYujJXtFlRhnWoR6kHDAaMRgwFgYD +VQQDDA9VU0VSIE9wZW5WUE4gQ0GCFBaTN7IstO48pkr0ROVtygOUoGnsMBMGA1Ud +JQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAKBggqhkjOPQQDAgNoADBlAjAf ++UTCwmORCMLIyiIofZuEPdH3iUMmsKbnLOVj6b2GgeWtGsK7MDEF6+nTcdFuwN8C +MQDTONW7n9Kikm4OKrTZ1qnJ61zJ7zMcZtQ8oIYHOTgUDGGLZ3UgBth5DGWiLYf8 +AAQ= +-----END CERTIFICATE----- + + + +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBJtymPakZLlMwR+KYJ +QWARrF1lWXrsteVeTa36Rx5Hj/VVVvDBIdnd6jJ8ZYtFkP6hZANiAAS6ZZRnCDSG +xw+UAF/iOFueKV92eodDWzekRKs5cr43Dj/FulWLbL0i7XRUiKIc7PgkNz+zsuNW +DuWBy+9IHeXqH2dRXyCLL6r+/o7UvpEolLbMBHSQcpAQoHxCouNMf0k= +-----END PRIVATE KEY----- + + + +# +# 2048 bit OpenVPN static key +# +-----BEGIN OpenVPN Static key V1----- +ea8f1c83226838b22597668f903e9929 +6b77ff8cf2afd8d9f839344c47f85693 +d4280a82bc743e01159f17545f7d7e23 +1e91d5292c53c26c353618495b7a4013 +8df9a1de2a3278ea55ac22d1a85b11bb +b155df61c10e835b49b2960a52840aa1 +64ea57bc98da062b695e06e3aca108c8 +d755dbd543d0d816546d7647d326aaea +8e02195160d37f131ffe52a1f39c017e +69fcb995e6fab1ee7a64c8b5a3946faa +38613b3bdbdd95443a7ec3b17386dce9 +b070e4a7cb7ce59152a37985e8a7d881 +b2c1da898f177dba80e0b53e7bbf53c0 +c7431ebce43cfebc92fa4e4ac49a146c +84ae27231334ca1dac42dea1f964d48f +eb7313175e956356f6ecefd289864a1a +-----END OpenVPN Static key V1----- + diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/client-config/khorvath.conf b/sources/vpn.usr/postinstall/install/etc/openvpn/client-config/khorvath.conf new file mode 100644 index 0000000..f21b408 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/client-config/khorvath.conf @@ -0,0 +1,238 @@ +############################################## +# Sample client-side OpenVPN 2.0 config file # +# for connecting to multi-client server. # +# # +# This configuration can be used by multiple # +# clients, however each client should have # +# its own cert and key files. # +# # +# On Windows, you might want to rename this # +# file so it has a .ovpn extension # +############################################## + +# Specify that we are a client and that we +# will be pulling certain config file directives +# from the server. +client + +# Use the same setting as you are using on +# the server. +# On most systems, the VPN will not function +# unless you partially or fully disable +# the firewall for the TUN/TAP interface. +;dev tap +dev tun + +# Windows needs the TAP-Win32 adapter name +# from the Network Connections panel +# if you have more than one. On XP SP2, +# you may need to disable the firewall +# for the TAP adapter. +;dev-node MyTap + +# Are we connecting to a TCP or +# UDP server? Use the same setting as +# on the server. +;proto tcp +proto udp + +# The hostname/IP and port of the server. +# You can have multiple remote entries +# to load balance between the servers. +remote vpn.userrendszerhaz.hu 1194 + +# Choose a random host from the remote +# list for load-balancing. Otherwise +# try hosts in the order specified. +;remote-random + +# Keep trying indefinitely to resolve the +# host name of the OpenVPN server. Very useful +# on machines which are not permanently connected +# to the internet such as laptops. +resolv-retry infinite + +# Most clients don't need to bind to +# a specific local port number. +nobind + +# Downgrade privileges after initialization (non-Windows only) +user nobody +group nobody + +# Try to preserve some state across restarts. +persist-key +persist-tun + +# If you are connecting through an +# HTTP proxy to reach the actual OpenVPN +# server, put the proxy server/IP and +# port number here. See the man page +# if your proxy server requires +# authentication. +;http-proxy-retry # retry on connection failures +;http-proxy [proxy server] [proxy port #] + +# Wireless networks often produce a lot +# of duplicate packets. Set this flag +# to silence duplicate packet warnings. +;mute-replay-warnings + +# SSL/TLS parms. +# See the server config file for more +# description. It's best to use +# a separate .crt/.key file pair +# for each client. A single ca +# file can be used for all clients. +;ca ca.crt +;cert client.crt +;key client.key + +# Verify server certificate by checking that the +# certicate has the correct key usage set. +# This is an important precaution to protect against +# a potential attack discussed here: +# http://openvpn.net/howto.html#mitm +# +# To use this feature, you will need to generate +# your server certificates with the keyUsage set to +# digitalSignature, keyEncipherment +# and the extendedKeyUsage to +# serverAuth +# EasyRSA can do this for you. +remote-cert-tls server + +# If a tls-auth key is used on the server +# then every client must also have the key. +;tls-auth ta.key 1 +key-direction 1 + +# Select a cryptographic cipher. +# If the cipher option is used on the server +# then you must also specify it here. +# Note that v2.4 client/server will automatically +# negotiate AES-256-GCM in TLS mode. +# See also the ncp-cipher option in the manpage +cipher AES-256-CBC + +# Enable compression on the VPN link. +# Don't enable this unless it is also +# enabled in the server config file. +#comp-lzo + +# Set log file verbosity. +verb 3 + +# Silence repeating messages +;mute 20 + + +-----BEGIN CERTIFICATE----- +MIICCDCCAY6gAwIBAgIUFpM3siy07jymSvRE5W3KA5SgaewwCgYIKoZIzj0EAwIw +GjEYMBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMB4XDTE5MDczMDEzMDQyMFoXDTI5 +MDcyNzEzMDQyMFowGjEYMBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMHYwEAYHKoZI +zj0CAQYFK4EEACIDYgAEf0Vp3WUOyNyNadbV0wXRxNws3Vfj0DtLOWS+PqHnpqQR +DDoiX0VgP22UPewYdBM0G+8rY69V7/T0I2c1MOxehEJpwzDtrPSwWFIYlovhrTm5 +aCXFWv7Emjc2lzff7796o4GUMIGRMB0GA1UdDgQWBBTbN0eikCKafCP5MWLoyV7R +ZUYZ1jBVBgNVHSMETjBMgBTbN0eikCKafCP5MWLoyV7RZUYZ1qEepBwwGjEYMBYG +A1UEAwwPVVNFUiBPcGVuVlBOIENBghQWkzeyLLTuPKZK9ETlbcoDlKBp7DAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqhkjOPQQDAgNoADBlAjEAhPooIL9r +CPdBnbm7odHvnvllUvR+iwwfcJSB17uV7Zt/XrobItEvMkrj1pBNz/OHAjAL+ktb +q0j0Zxzt35PA8oNPttbKNAUXT7KYSQ4KYstqX3NRvoXKOAj48p1IjkuUC3k= +-----END CERTIFICATE----- + + + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 68:02:68:8c:e3:bb:71:c1:e8:67:ca:49:0a:9d:0b:4c + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=USER OpenVPN CA + Validity + Not Before: Jul 30 13:14:53 2019 GMT + Not After : Jul 14 13:14:53 2022 GMT + Subject: CN=khorvath + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:10:d0:a2:68:66:ea:40:36:f3:9d:13:e2:bc:e7: + 87:92:d4:ca:f2:e6:13:a9:0b:d0:92:b7:a0:24:f0: + e4:ce:69:08:e4:e2:c0:66:e0:2a:2a:79:06:e3:d4: + 33:e8:6b:94:a7:fb:71:9a:e7:9a:a1:f9:1a:3b:28: + 3f:3b:0c:99:5f:2e:cf:17:98:60:10:16:22:c3:1f: + 7e:61:62:97:85:36:0a:0a:e9:26:0e:76:c3:88:b8: + 8e:e4:80:78:52:b5:9c + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 42:88:C3:F8:81:2A:78:1F:C8:3F:D2:7D:BA:E9:44:09:4A:36:3A:B1 + X509v3 Authority Key Identifier: + keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6 + DirName:/CN=USER OpenVPN CA + serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:30:27:4e:d4:b0:5a:4b:af:6a:d6:a0:b7:ae:b4:57: + d1:dc:4e:77:9c:bf:06:c0:bd:3d:06:c3:90:7e:e4:7a:24:1e: + e9:a4:76:51:4b:2f:3d:8a:1c:6e:93:0d:de:b1:3c:63:02:31: + 00:fb:48:45:89:a8:e7:74:16:4a:1d:5e:a1:ad:b2:d3:34:9f: + 95:04:ed:92:1f:a8:ad:05:6f:81:ee:d0:8c:fc:9d:6c:e3:5d: + 5a:1b:e8:27:86:20:a0:e4:78:a2:4f:63:b3 +-----BEGIN CERTIFICATE----- +MIICDzCCAZWgAwIBAgIQaAJojOO7ccHoZ8pJCp0LTDAKBggqhkjOPQQDAjAaMRgw +FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkwNzMwMTMxNDUzWhcNMjIwNzE0 +MTMxNDUzWjATMREwDwYDVQQDDAhraG9ydmF0aDB2MBAGByqGSM49AgEGBSuBBAAi +A2IABBDQomhm6kA2850T4rznh5LUyvLmE6kL0JK3oCTw5M5pCOTiwGbgKip5BuPU +M+hrlKf7cZrnmqH5GjsoPzsMmV8uzxeYYBAWIsMffmFil4U2CgrpJg52w4i4juSA +eFK1nKOBpjCBozAJBgNVHRMEAjAAMB0GA1UdDgQWBBRCiMP4gSp4H8g/0n266UQJ +SjY6sTBVBgNVHSMETjBMgBTbN0eikCKafCP5MWLoyV7RZUYZ1qEepBwwGjEYMBYG +A1UEAwwPVVNFUiBPcGVuVlBOIENBghQWkzeyLLTuPKZK9ETlbcoDlKBp7DATBgNV +HSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZIzj0EAwIDaAAwZQIw +J07UsFpLr2rWoLeutFfR3E53nL8GwL09BsOQfuR6JB7ppHZRSy89ihxukw3esTxj +AjEA+0hFiajndBZKHV6hrbLTNJ+VBO2SH6itBW+B7tCM/J1s411aG+gnhiCg5Hii +T2Oz +-----END CERTIFICATE----- + + + +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDCHVXyxB2Mu+VF6/KPn +CMn4rSmKCw0bg6ui1SzGZj+A8F334h0AnMFdygwAWFFwjI+hZANiAAQQ0KJoZupA +NvOdE+K854eS1Mry5hOpC9CSt6Ak8OTOaQjk4sBm4CoqeQbj1DPoa5Sn+3Ga55qh ++Ro7KD87DJlfLs8XmGAQFiLDH35hYpeFNgoK6SYOdsOIuI7kgHhStZw= +-----END PRIVATE KEY----- + + + +# +# 2048 bit OpenVPN static key +# +-----BEGIN OpenVPN Static key V1----- +ea8f1c83226838b22597668f903e9929 +6b77ff8cf2afd8d9f839344c47f85693 +d4280a82bc743e01159f17545f7d7e23 +1e91d5292c53c26c353618495b7a4013 +8df9a1de2a3278ea55ac22d1a85b11bb +b155df61c10e835b49b2960a52840aa1 +64ea57bc98da062b695e06e3aca108c8 +d755dbd543d0d816546d7647d326aaea +8e02195160d37f131ffe52a1f39c017e +69fcb995e6fab1ee7a64c8b5a3946faa +38613b3bdbdd95443a7ec3b17386dce9 +b070e4a7cb7ce59152a37985e8a7d881 +b2c1da898f177dba80e0b53e7bbf53c0 +c7431ebce43cfebc92fa4e4ac49a146c +84ae27231334ca1dac42dea1f964d48f +eb7313175e956356f6ecefd289864a1a +-----END OpenVPN Static key V1----- + diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/client-config/kkancz.conf b/sources/vpn.usr/postinstall/install/etc/openvpn/client-config/kkancz.conf new file mode 100644 index 0000000..a41af05 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/client-config/kkancz.conf @@ -0,0 +1,238 @@ +############################################## +# Sample client-side OpenVPN 2.0 config file # +# for connecting to multi-client server. # +# # +# This configuration can be used by multiple # +# clients, however each client should have # +# its own cert and key files. # +# # +# On Windows, you might want to rename this # +# file so it has a .ovpn extension # +############################################## + +# Specify that we are a client and that we +# will be pulling certain config file directives +# from the server. +client + +# Use the same setting as you are using on +# the server. +# On most systems, the VPN will not function +# unless you partially or fully disable +# the firewall for the TUN/TAP interface. +;dev tap +dev tun + +# Windows needs the TAP-Win32 adapter name +# from the Network Connections panel +# if you have more than one. On XP SP2, +# you may need to disable the firewall +# for the TAP adapter. +;dev-node MyTap + +# Are we connecting to a TCP or +# UDP server? Use the same setting as +# on the server. +;proto tcp +proto udp + +# The hostname/IP and port of the server. +# You can have multiple remote entries +# to load balance between the servers. +remote vpn.userrendszerhaz.hu 1194 + +# Choose a random host from the remote +# list for load-balancing. Otherwise +# try hosts in the order specified. +;remote-random + +# Keep trying indefinitely to resolve the +# host name of the OpenVPN server. Very useful +# on machines which are not permanently connected +# to the internet such as laptops. +resolv-retry infinite + +# Most clients don't need to bind to +# a specific local port number. +nobind + +# Downgrade privileges after initialization (non-Windows only) +user nobody +group nobody + +# Try to preserve some state across restarts. +persist-key +persist-tun + +# If you are connecting through an +# HTTP proxy to reach the actual OpenVPN +# server, put the proxy server/IP and +# port number here. See the man page +# if your proxy server requires +# authentication. +;http-proxy-retry # retry on connection failures +;http-proxy [proxy server] [proxy port #] + +# Wireless networks often produce a lot +# of duplicate packets. Set this flag +# to silence duplicate packet warnings. +;mute-replay-warnings + +# SSL/TLS parms. +# See the server config file for more +# description. It's best to use +# a separate .crt/.key file pair +# for each client. A single ca +# file can be used for all clients. +;ca ca.crt +;cert client.crt +;key client.key + +# Verify server certificate by checking that the +# certicate has the correct key usage set. +# This is an important precaution to protect against +# a potential attack discussed here: +# http://openvpn.net/howto.html#mitm +# +# To use this feature, you will need to generate +# your server certificates with the keyUsage set to +# digitalSignature, keyEncipherment +# and the extendedKeyUsage to +# serverAuth +# EasyRSA can do this for you. +remote-cert-tls server + +# If a tls-auth key is used on the server +# then every client must also have the key. +;tls-auth ta.key 1 +key-direction 1 + +# Select a cryptographic cipher. +# If the cipher option is used on the server +# then you must also specify it here. +# Note that v2.4 client/server will automatically +# negotiate AES-256-GCM in TLS mode. +# See also the ncp-cipher option in the manpage +cipher AES-256-CBC + +# Enable compression on the VPN link. +# Don't enable this unless it is also +# enabled in the server config file. +#comp-lzo + +# Set log file verbosity. +verb 3 + +# Silence repeating messages +;mute 20 + + +-----BEGIN CERTIFICATE----- +MIICCDCCAY6gAwIBAgIUFpM3siy07jymSvRE5W3KA5SgaewwCgYIKoZIzj0EAwIw +GjEYMBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMB4XDTE5MDczMDEzMDQyMFoXDTI5 +MDcyNzEzMDQyMFowGjEYMBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMHYwEAYHKoZI +zj0CAQYFK4EEACIDYgAEf0Vp3WUOyNyNadbV0wXRxNws3Vfj0DtLOWS+PqHnpqQR +DDoiX0VgP22UPewYdBM0G+8rY69V7/T0I2c1MOxehEJpwzDtrPSwWFIYlovhrTm5 +aCXFWv7Emjc2lzff7796o4GUMIGRMB0GA1UdDgQWBBTbN0eikCKafCP5MWLoyV7R +ZUYZ1jBVBgNVHSMETjBMgBTbN0eikCKafCP5MWLoyV7RZUYZ1qEepBwwGjEYMBYG +A1UEAwwPVVNFUiBPcGVuVlBOIENBghQWkzeyLLTuPKZK9ETlbcoDlKBp7DAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqhkjOPQQDAgNoADBlAjEAhPooIL9r +CPdBnbm7odHvnvllUvR+iwwfcJSB17uV7Zt/XrobItEvMkrj1pBNz/OHAjAL+ktb +q0j0Zxzt35PA8oNPttbKNAUXT7KYSQ4KYstqX3NRvoXKOAj48p1IjkuUC3k= +-----END CERTIFICATE----- + + + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 58:5a:a9:7d:7c:ca:b5:2c:49:57:bb:bf:91:37:42:61 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=USER OpenVPN CA + Validity + Not Before: Mar 26 10:41:27 2020 GMT + Not After : Mar 11 10:41:27 2023 GMT + Subject: CN=kkancz + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:16:c3:cc:4c:19:91:e6:b3:53:89:7d:7a:1e:ae: + 57:89:52:19:d7:e5:c7:d0:68:74:a6:0d:92:e9:09: + e7:81:5e:11:02:ea:87:89:20:e7:57:b1:ca:44:b6: + cf:5f:01:58:73:94:89:3a:0a:67:fa:9f:c8:c9:16: + 8d:e7:72:75:94:8d:52:de:f1:0f:47:a3:15:83:c3: + cd:67:c8:14:af:b2:f5:63:08:0c:25:d5:d5:0a:ba: + fb:9b:0f:df:e0:45:b4 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 61:CB:25:BC:82:6D:D5:01:DE:15:AF:18:59:C3:D7:34:16:B7:A6:94 + X509v3 Authority Key Identifier: + keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6 + DirName:/CN=USER OpenVPN CA + serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:31:00:ca:f1:79:0b:1b:e1:0f:15:b4:6e:3e:69:9b: + 92:a8:bc:fe:2f:5c:96:c0:ad:d7:02:97:e0:ea:f7:08:77:43: + 31:22:93:50:19:24:88:91:63:39:b1:1a:80:bf:9d:bf:f1:02: + 30:38:5b:c1:af:a7:58:0d:de:b5:19:77:00:33:31:7d:41:c5: + 3c:bb:b2:9e:cd:86:66:f6:1a:84:4d:80:b6:28:b5:2b:04:5f: + 1c:a3:49:cd:89:2d:21:0a:5f:65:eb:d0:36 +-----BEGIN CERTIFICATE----- +MIICDTCCAZOgAwIBAgIQWFqpfXzKtSxJV7u/kTdCYTAKBggqhkjOPQQDAjAaMRgw +FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMjAwMzI2MTA0MTI3WhcNMjMwMzEx +MTA0MTI3WjARMQ8wDQYDVQQDDAZra2FuY3owdjAQBgcqhkjOPQIBBgUrgQQAIgNi +AAQWw8xMGZHms1OJfXoerleJUhnX5cfQaHSmDZLpCeeBXhEC6oeJIOdXscpEts9f +AVhzlIk6Cmf6n8jJFo3ncnWUjVLe8Q9HoxWDw81nyBSvsvVjCAwl1dUKuvubD9/g +RbSjgaYwgaMwCQYDVR0TBAIwADAdBgNVHQ4EFgQUYcslvIJt1QHeFa8YWcPXNBa3 +ppQwVQYDVR0jBE4wTIAU2zdHopAimnwj+TFi6Mle0WVGGdahHqQcMBoxGDAWBgNV +BAMMD1VTRVIgT3BlblZQTiBDQYIUFpM3siy07jymSvRE5W3KA5SgaewwEwYDVR0l +BAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqGSM49BAMCA2gAMGUCMQDK +8XkLG+EPFbRuPmmbkqi8/i9clsCt1wKX4Or3CHdDMSKTUBkkiJFjObEagL+dv/EC +MDhbwa+nWA3etRl3ADMxfUHFPLuyns2GZvYahE2Atii1KwRfHKNJzYktIQpfZevQ +Ng== +-----END CERTIFICATE----- + + + +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDC6hDj7GpCg6mhd+Ih0 +NNNHxi0brgmGC0T53l8asSES2Af/Ot8NgmKXCLncufiW/DyhZANiAAQWw8xMGZHm +s1OJfXoerleJUhnX5cfQaHSmDZLpCeeBXhEC6oeJIOdXscpEts9fAVhzlIk6Cmf6 +n8jJFo3ncnWUjVLe8Q9HoxWDw81nyBSvsvVjCAwl1dUKuvubD9/gRbQ= +-----END PRIVATE KEY----- + + + +# +# 2048 bit OpenVPN static key +# +-----BEGIN OpenVPN Static key V1----- +ea8f1c83226838b22597668f903e9929 +6b77ff8cf2afd8d9f839344c47f85693 +d4280a82bc743e01159f17545f7d7e23 +1e91d5292c53c26c353618495b7a4013 +8df9a1de2a3278ea55ac22d1a85b11bb +b155df61c10e835b49b2960a52840aa1 +64ea57bc98da062b695e06e3aca108c8 +d755dbd543d0d816546d7647d326aaea +8e02195160d37f131ffe52a1f39c017e +69fcb995e6fab1ee7a64c8b5a3946faa +38613b3bdbdd95443a7ec3b17386dce9 +b070e4a7cb7ce59152a37985e8a7d881 +b2c1da898f177dba80e0b53e7bbf53c0 +c7431ebce43cfebc92fa4e4ac49a146c +84ae27231334ca1dac42dea1f964d48f +eb7313175e956356f6ecefd289864a1a +-----END OpenVPN Static key V1----- + diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/client-config/kkele.conf b/sources/vpn.usr/postinstall/install/etc/openvpn/client-config/kkele.conf new file mode 100644 index 0000000..863c4f0 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/client-config/kkele.conf @@ -0,0 +1,237 @@ +############################################## +# Sample client-side OpenVPN 2.0 config file # +# for connecting to multi-client server. # +# # +# This configuration can be used by multiple # +# clients, however each client should have # +# its own cert and key files. # +# # +# On Windows, you might want to rename this # +# file so it has a .ovpn extension # +############################################## + +# Specify that we are a client and that we +# will be pulling certain config file directives +# from the server. +client + +# Use the same setting as you are using on +# the server. +# On most systems, the VPN will not function +# unless you partially or fully disable +# the firewall for the TUN/TAP interface. +;dev tap +dev tun + +# Windows needs the TAP-Win32 adapter name +# from the Network Connections panel +# if you have more than one. On XP SP2, +# you may need to disable the firewall +# for the TAP adapter. +;dev-node MyTap + +# Are we connecting to a TCP or +# UDP server? Use the same setting as +# on the server. +;proto tcp +proto udp + +# The hostname/IP and port of the server. +# You can have multiple remote entries +# to load balance between the servers. +remote vpn.userrendszerhaz.hu 1194 + +# Choose a random host from the remote +# list for load-balancing. Otherwise +# try hosts in the order specified. +;remote-random + +# Keep trying indefinitely to resolve the +# host name of the OpenVPN server. Very useful +# on machines which are not permanently connected +# to the internet such as laptops. +resolv-retry infinite + +# Most clients don't need to bind to +# a specific local port number. +nobind + +# Downgrade privileges after initialization (non-Windows only) +user nobody +group nobody + +# Try to preserve some state across restarts. +persist-key +persist-tun + +# If you are connecting through an +# HTTP proxy to reach the actual OpenVPN +# server, put the proxy server/IP and +# port number here. See the man page +# if your proxy server requires +# authentication. +;http-proxy-retry # retry on connection failures +;http-proxy [proxy server] [proxy port #] + +# Wireless networks often produce a lot +# of duplicate packets. Set this flag +# to silence duplicate packet warnings. +;mute-replay-warnings + +# SSL/TLS parms. +# See the server config file for more +# description. It's best to use +# a separate .crt/.key file pair +# for each client. A single ca +# file can be used for all clients. +;ca ca.crt +;cert client.crt +;key client.key + +# Verify server certificate by checking that the +# certicate has the correct key usage set. +# This is an important precaution to protect against +# a potential attack discussed here: +# http://openvpn.net/howto.html#mitm +# +# To use this feature, you will need to generate +# your server certificates with the keyUsage set to +# digitalSignature, keyEncipherment +# and the extendedKeyUsage to +# serverAuth +# EasyRSA can do this for you. +remote-cert-tls server + +# If a tls-auth key is used on the server +# then every client must also have the key. +;tls-auth ta.key 1 +key-direction 1 + +# Select a cryptographic cipher. +# If the cipher option is used on the server +# then you must also specify it here. +# Note that v2.4 client/server will automatically +# negotiate AES-256-GCM in TLS mode. +# See also the ncp-cipher option in the manpage +cipher AES-256-CBC + +# Enable compression on the VPN link. +# Don't enable this unless it is also +# enabled in the server config file. +#comp-lzo + +# Set log file verbosity. +verb 3 + +# Silence repeating messages +;mute 20 + + +-----BEGIN CERTIFICATE----- +MIICCDCCAY6gAwIBAgIUFpM3siy07jymSvRE5W3KA5SgaewwCgYIKoZIzj0EAwIw +GjEYMBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMB4XDTE5MDczMDEzMDQyMFoXDTI5 +MDcyNzEzMDQyMFowGjEYMBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMHYwEAYHKoZI +zj0CAQYFK4EEACIDYgAEf0Vp3WUOyNyNadbV0wXRxNws3Vfj0DtLOWS+PqHnpqQR +DDoiX0VgP22UPewYdBM0G+8rY69V7/T0I2c1MOxehEJpwzDtrPSwWFIYlovhrTm5 +aCXFWv7Emjc2lzff7796o4GUMIGRMB0GA1UdDgQWBBTbN0eikCKafCP5MWLoyV7R +ZUYZ1jBVBgNVHSMETjBMgBTbN0eikCKafCP5MWLoyV7RZUYZ1qEepBwwGjEYMBYG +A1UEAwwPVVNFUiBPcGVuVlBOIENBghQWkzeyLLTuPKZK9ETlbcoDlKBp7DAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqhkjOPQQDAgNoADBlAjEAhPooIL9r +CPdBnbm7odHvnvllUvR+iwwfcJSB17uV7Zt/XrobItEvMkrj1pBNz/OHAjAL+ktb +q0j0Zxzt35PA8oNPttbKNAUXT7KYSQ4KYstqX3NRvoXKOAj48p1IjkuUC3k= +-----END CERTIFICATE----- + + + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 39:4b:dd:54:1c:10:82:ea:c5:cd:4d:9d:fe:b6:d4:d3 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=USER OpenVPN CA + Validity + Not Before: Jul 30 13:15:02 2019 GMT + Not After : Jul 14 13:15:02 2022 GMT + Subject: CN=kkele + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:0a:e8:ed:f9:1a:f5:b6:17:d7:5f:ff:9e:9c:1e: + 1d:11:cf:12:7f:01:11:ca:a2:b1:e0:b5:bc:30:6b: + 5c:ff:5e:d2:06:2b:55:a9:0f:55:3a:ae:ee:a6:5e: + 74:0d:f6:43:b6:a4:1d:17:2b:0f:87:7b:c2:39:47: + 1d:e7:fb:e4:64:d1:00:60:bb:1c:eb:e0:40:82:8d: + 77:09:85:d1:1c:37:c8:3e:d5:64:51:0f:1d:71:71: + 04:3a:21:6c:a2:57:36 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + B0:47:56:D8:59:56:0D:E2:68:86:01:E8:12:30:4C:EF:D9:7D:EE:F7 + X509v3 Authority Key Identifier: + keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6 + DirName:/CN=USER OpenVPN CA + serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:31:00:df:6c:06:c1:07:aa:bb:76:58:d8:ea:dc:60: + ce:e0:5c:a9:32:c0:20:c9:8b:da:3b:7e:98:74:94:96:83:0e: + 9f:71:8f:4e:af:72:d0:49:29:06:d0:c8:e9:12:88:67:67:02: + 30:77:f4:e3:b5:89:dd:e6:6e:83:65:64:77:09:8e:52:2d:47: + 04:80:27:14:25:51:08:97:01:86:e9:23:0d:04:fa:44:89:35: + c4:4e:18:84:09:86:cf:5a:7b:6c:0e:09:fd +-----BEGIN CERTIFICATE----- +MIICDDCCAZKgAwIBAgIQOUvdVBwQgurFzU2d/rbU0zAKBggqhkjOPQQDAjAaMRgw +FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkwNzMwMTMxNTAyWhcNMjIwNzE0 +MTMxNTAyWjAQMQ4wDAYDVQQDDAVra2VsZTB2MBAGByqGSM49AgEGBSuBBAAiA2IA +BAro7fka9bYX11//npweHRHPEn8BEcqiseC1vDBrXP9e0gYrVakPVTqu7qZedA32 +Q7akHRcrD4d7wjlHHef75GTRAGC7HOvgQIKNdwmF0Rw3yD7VZFEPHXFxBDohbKJX +NqOBpjCBozAJBgNVHRMEAjAAMB0GA1UdDgQWBBSwR1bYWVYN4miGAegSMEzv2X3u +9zBVBgNVHSMETjBMgBTbN0eikCKafCP5MWLoyV7RZUYZ1qEepBwwGjEYMBYGA1UE +AwwPVVNFUiBPcGVuVlBOIENBghQWkzeyLLTuPKZK9ETlbcoDlKBp7DATBgNVHSUE +DDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZIzj0EAwIDaAAwZQIxAN9s +BsEHqrt2WNjq3GDO4FypMsAgyYvaO36YdJSWgw6fcY9Or3LQSSkG0MjpEohnZwIw +d/TjtYnd5m6DZWR3CY5SLUcEgCcUJVEIlwGG6SMNBPpEiTXEThiECYbPWntsDgn9 +-----END CERTIFICATE----- + + + +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDCZCcP1YRtj97FZBxtE +5Axn4mV2pTI/8RH0/SBivyOK4NsnVPQeiXI1XOBgXKRafIWhZANiAAQK6O35GvW2 +F9df/56cHh0RzxJ/ARHKorHgtbwwa1z/XtIGK1WpD1U6ru6mXnQN9kO2pB0XKw+H +e8I5Rx3n++Rk0QBguxzr4ECCjXcJhdEcN8g+1WRRDx1xcQQ6IWyiVzY= +-----END PRIVATE KEY----- + + + +# +# 2048 bit OpenVPN static key +# +-----BEGIN OpenVPN Static key V1----- +ea8f1c83226838b22597668f903e9929 +6b77ff8cf2afd8d9f839344c47f85693 +d4280a82bc743e01159f17545f7d7e23 +1e91d5292c53c26c353618495b7a4013 +8df9a1de2a3278ea55ac22d1a85b11bb +b155df61c10e835b49b2960a52840aa1 +64ea57bc98da062b695e06e3aca108c8 +d755dbd543d0d816546d7647d326aaea +8e02195160d37f131ffe52a1f39c017e +69fcb995e6fab1ee7a64c8b5a3946faa +38613b3bdbdd95443a7ec3b17386dce9 +b070e4a7cb7ce59152a37985e8a7d881 +b2c1da898f177dba80e0b53e7bbf53c0 +c7431ebce43cfebc92fa4e4ac49a146c +84ae27231334ca1dac42dea1f964d48f +eb7313175e956356f6ecefd289864a1a +-----END OpenVPN Static key V1----- + diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/client-config/mszabo.conf b/sources/vpn.usr/postinstall/install/etc/openvpn/client-config/mszabo.conf new file mode 100644 index 0000000..f5f6661 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/client-config/mszabo.conf @@ -0,0 +1,238 @@ +############################################## +# Sample client-side OpenVPN 2.0 config file # +# for connecting to multi-client server. # +# # +# This configuration can be used by multiple # +# clients, however each client should have # +# its own cert and key files. # +# # +# On Windows, you might want to rename this # +# file so it has a .ovpn extension # +############################################## + +# Specify that we are a client and that we +# will be pulling certain config file directives +# from the server. +client + +# Use the same setting as you are using on +# the server. +# On most systems, the VPN will not function +# unless you partially or fully disable +# the firewall for the TUN/TAP interface. +;dev tap +dev tun + +# Windows needs the TAP-Win32 adapter name +# from the Network Connections panel +# if you have more than one. On XP SP2, +# you may need to disable the firewall +# for the TAP adapter. +;dev-node MyTap + +# Are we connecting to a TCP or +# UDP server? Use the same setting as +# on the server. +;proto tcp +proto udp + +# The hostname/IP and port of the server. +# You can have multiple remote entries +# to load balance between the servers. +remote vpn.userrendszerhaz.hu 1194 + +# Choose a random host from the remote +# list for load-balancing. Otherwise +# try hosts in the order specified. +;remote-random + +# Keep trying indefinitely to resolve the +# host name of the OpenVPN server. Very useful +# on machines which are not permanently connected +# to the internet such as laptops. +resolv-retry infinite + +# Most clients don't need to bind to +# a specific local port number. +nobind + +# Downgrade privileges after initialization (non-Windows only) +user nobody +group nobody + +# Try to preserve some state across restarts. +persist-key +persist-tun + +# If you are connecting through an +# HTTP proxy to reach the actual OpenVPN +# server, put the proxy server/IP and +# port number here. See the man page +# if your proxy server requires +# authentication. +;http-proxy-retry # retry on connection failures +;http-proxy [proxy server] [proxy port #] + +# Wireless networks often produce a lot +# of duplicate packets. Set this flag +# to silence duplicate packet warnings. +;mute-replay-warnings + +# SSL/TLS parms. +# See the server config file for more +# description. It's best to use +# a separate .crt/.key file pair +# for each client. A single ca +# file can be used for all clients. +;ca ca.crt +;cert client.crt +;key client.key + +# Verify server certificate by checking that the +# certicate has the correct key usage set. +# This is an important precaution to protect against +# a potential attack discussed here: +# http://openvpn.net/howto.html#mitm +# +# To use this feature, you will need to generate +# your server certificates with the keyUsage set to +# digitalSignature, keyEncipherment +# and the extendedKeyUsage to +# serverAuth +# EasyRSA can do this for you. +remote-cert-tls server + +# If a tls-auth key is used on the server +# then every client must also have the key. +;tls-auth ta.key 1 +key-direction 1 + +# Select a cryptographic cipher. +# If the cipher option is used on the server +# then you must also specify it here. +# Note that v2.4 client/server will automatically +# negotiate AES-256-GCM in TLS mode. +# See also the ncp-cipher option in the manpage +cipher AES-256-CBC + +# Enable compression on the VPN link. +# Don't enable this unless it is also +# enabled in the server config file. +#comp-lzo + +# Set log file verbosity. +verb 3 + +# Silence repeating messages +;mute 20 + + +-----BEGIN CERTIFICATE----- +MIICCDCCAY6gAwIBAgIUFpM3siy07jymSvRE5W3KA5SgaewwCgYIKoZIzj0EAwIw +GjEYMBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMB4XDTE5MDczMDEzMDQyMFoXDTI5 +MDcyNzEzMDQyMFowGjEYMBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMHYwEAYHKoZI +zj0CAQYFK4EEACIDYgAEf0Vp3WUOyNyNadbV0wXRxNws3Vfj0DtLOWS+PqHnpqQR +DDoiX0VgP22UPewYdBM0G+8rY69V7/T0I2c1MOxehEJpwzDtrPSwWFIYlovhrTm5 +aCXFWv7Emjc2lzff7796o4GUMIGRMB0GA1UdDgQWBBTbN0eikCKafCP5MWLoyV7R +ZUYZ1jBVBgNVHSMETjBMgBTbN0eikCKafCP5MWLoyV7RZUYZ1qEepBwwGjEYMBYG +A1UEAwwPVVNFUiBPcGVuVlBOIENBghQWkzeyLLTuPKZK9ETlbcoDlKBp7DAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqhkjOPQQDAgNoADBlAjEAhPooIL9r +CPdBnbm7odHvnvllUvR+iwwfcJSB17uV7Zt/XrobItEvMkrj1pBNz/OHAjAL+ktb +q0j0Zxzt35PA8oNPttbKNAUXT7KYSQ4KYstqX3NRvoXKOAj48p1IjkuUC3k= +-----END CERTIFICATE----- + + + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 23:7b:c7:68:f3:7b:5c:8e:17:63:b5:67:3e:d3:10:1c + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=USER OpenVPN CA + Validity + Not Before: Jul 30 13:15:16 2019 GMT + Not After : Jul 14 13:15:16 2022 GMT + Subject: CN=mszabo + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:d4:de:f0:4a:f4:a0:8a:bd:52:97:87:c0:f5:28: + 87:7d:7b:4c:f3:3d:13:be:6b:f6:61:23:f8:91:fd: + 2a:59:db:38:2e:ec:d6:5d:21:c2:b9:e0:8c:38:36: + c9:bb:2c:f9:87:f3:c5:53:28:d1:94:03:d3:24:c0: + fa:95:b3:19:4a:42:95:94:22:11:4f:82:ea:bf:16: + 42:42:90:f1:9e:e9:68:48:2e:b9:db:71:be:48:4a: + eb:06:61:63:73:77:18 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 8B:C8:96:C9:E3:FD:F0:F2:13:BD:F3:32:17:FD:4F:40:19:3D:2A:5F + X509v3 Authority Key Identifier: + keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6 + DirName:/CN=USER OpenVPN CA + serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:66:02:31:00:84:81:10:d7:e4:4f:e6:1d:de:3f:6c:9d:f9: + 45:2f:6c:74:c1:ce:65:da:b9:0f:56:2d:3c:08:2d:a9:62:d2: + ec:45:46:50:7d:da:d1:0d:73:8c:e9:57:57:3e:2d:49:14:02: + 31:00:9e:6a:e2:fa:4f:6d:04:6f:3f:6b:35:9e:1b:6a:94:b8: + 3b:f3:79:db:9b:cd:2c:84:48:e9:7a:a9:13:d2:08:b0:d0:f2: + c6:22:7e:87:3b:f4:6d:d0:b7:db:c4:b5:ad:5d +-----BEGIN CERTIFICATE----- +MIICDjCCAZOgAwIBAgIQI3vHaPN7XI4XY7VnPtMQHDAKBggqhkjOPQQDAjAaMRgw +FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkwNzMwMTMxNTE2WhcNMjIwNzE0 +MTMxNTE2WjARMQ8wDQYDVQQDDAZtc3phYm8wdjAQBgcqhkjOPQIBBgUrgQQAIgNi +AATU3vBK9KCKvVKXh8D1KId9e0zzPRO+a/ZhI/iR/SpZ2zgu7NZdIcK54Iw4Nsm7 +LPmH88VTKNGUA9MkwPqVsxlKQpWUIhFPguq/FkJCkPGe6WhILrnbcb5ISusGYWNz +dxijgaYwgaMwCQYDVR0TBAIwADAdBgNVHQ4EFgQUi8iWyeP98PITvfMyF/1PQBk9 +Kl8wVQYDVR0jBE4wTIAU2zdHopAimnwj+TFi6Mle0WVGGdahHqQcMBoxGDAWBgNV +BAMMD1VTRVIgT3BlblZQTiBDQYIUFpM3siy07jymSvRE5W3KA5SgaewwEwYDVR0l +BAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqGSM49BAMCA2kAMGYCMQCE +gRDX5E/mHd4/bJ35RS9sdMHOZdq5D1YtPAgtqWLS7EVGUH3a0Q1zjOlXVz4tSRQC +MQCeauL6T20Ebz9rNZ4bapS4O/N525vNLIRI6XqpE9IIsNDyxiJ+hzv0bdC328S1 +rV0= +-----END CERTIFICATE----- + + + +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDlaHtUEb8WUjje5qw7 +TWC4QX2Cpc2Cp9yZfsw2l18Iz5G/fwCCzsYbfOstnZyIiJahZANiAATU3vBK9KCK +vVKXh8D1KId9e0zzPRO+a/ZhI/iR/SpZ2zgu7NZdIcK54Iw4Nsm7LPmH88VTKNGU +A9MkwPqVsxlKQpWUIhFPguq/FkJCkPGe6WhILrnbcb5ISusGYWNzdxg= +-----END PRIVATE KEY----- + + + +# +# 2048 bit OpenVPN static key +# +-----BEGIN OpenVPN Static key V1----- +ea8f1c83226838b22597668f903e9929 +6b77ff8cf2afd8d9f839344c47f85693 +d4280a82bc743e01159f17545f7d7e23 +1e91d5292c53c26c353618495b7a4013 +8df9a1de2a3278ea55ac22d1a85b11bb +b155df61c10e835b49b2960a52840aa1 +64ea57bc98da062b695e06e3aca108c8 +d755dbd543d0d816546d7647d326aaea +8e02195160d37f131ffe52a1f39c017e +69fcb995e6fab1ee7a64c8b5a3946faa +38613b3bdbdd95443a7ec3b17386dce9 +b070e4a7cb7ce59152a37985e8a7d881 +b2c1da898f177dba80e0b53e7bbf53c0 +c7431ebce43cfebc92fa4e4ac49a146c +84ae27231334ca1dac42dea1f964d48f +eb7313175e956356f6ecefd289864a1a +-----END OpenVPN Static key V1----- + diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/client-config/qqcs.conf b/sources/vpn.usr/postinstall/install/etc/openvpn/client-config/qqcs.conf new file mode 100644 index 0000000..bc31262 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/client-config/qqcs.conf @@ -0,0 +1,237 @@ +############################################## +# Sample client-side OpenVPN 2.0 config file # +# for connecting to multi-client server. # +# # +# This configuration can be used by multiple # +# clients, however each client should have # +# its own cert and key files. # +# # +# On Windows, you might want to rename this # +# file so it has a .ovpn extension # +############################################## + +# Specify that we are a client and that we +# will be pulling certain config file directives +# from the server. +client + +# Use the same setting as you are using on +# the server. +# On most systems, the VPN will not function +# unless you partially or fully disable +# the firewall for the TUN/TAP interface. +;dev tap +dev tun + +# Windows needs the TAP-Win32 adapter name +# from the Network Connections panel +# if you have more than one. On XP SP2, +# you may need to disable the firewall +# for the TAP adapter. +;dev-node MyTap + +# Are we connecting to a TCP or +# UDP server? Use the same setting as +# on the server. +;proto tcp +proto udp + +# The hostname/IP and port of the server. +# You can have multiple remote entries +# to load balance between the servers. +remote vpn.userrendszerhaz.hu 1194 + +# Choose a random host from the remote +# list for load-balancing. Otherwise +# try hosts in the order specified. +;remote-random + +# Keep trying indefinitely to resolve the +# host name of the OpenVPN server. Very useful +# on machines which are not permanently connected +# to the internet such as laptops. +resolv-retry infinite + +# Most clients don't need to bind to +# a specific local port number. +nobind + +# Downgrade privileges after initialization (non-Windows only) +user nobody +group nobody + +# Try to preserve some state across restarts. +persist-key +persist-tun + +# If you are connecting through an +# HTTP proxy to reach the actual OpenVPN +# server, put the proxy server/IP and +# port number here. See the man page +# if your proxy server requires +# authentication. +;http-proxy-retry # retry on connection failures +;http-proxy [proxy server] [proxy port #] + +# Wireless networks often produce a lot +# of duplicate packets. Set this flag +# to silence duplicate packet warnings. +;mute-replay-warnings + +# SSL/TLS parms. +# See the server config file for more +# description. It's best to use +# a separate .crt/.key file pair +# for each client. A single ca +# file can be used for all clients. +;ca ca.crt +;cert client.crt +;key client.key + +# Verify server certificate by checking that the +# certicate has the correct key usage set. +# This is an important precaution to protect against +# a potential attack discussed here: +# http://openvpn.net/howto.html#mitm +# +# To use this feature, you will need to generate +# your server certificates with the keyUsage set to +# digitalSignature, keyEncipherment +# and the extendedKeyUsage to +# serverAuth +# EasyRSA can do this for you. +remote-cert-tls server + +# If a tls-auth key is used on the server +# then every client must also have the key. +;tls-auth ta.key 1 +key-direction 1 + +# Select a cryptographic cipher. +# If the cipher option is used on the server +# then you must also specify it here. +# Note that v2.4 client/server will automatically +# negotiate AES-256-GCM in TLS mode. +# See also the ncp-cipher option in the manpage +cipher AES-256-CBC + +# Enable compression on the VPN link. +# Don't enable this unless it is also +# enabled in the server config file. +#comp-lzo + +# Set log file verbosity. +verb 3 + +# Silence repeating messages +;mute 20 + + +-----BEGIN CERTIFICATE----- +MIICCDCCAY6gAwIBAgIUFpM3siy07jymSvRE5W3KA5SgaewwCgYIKoZIzj0EAwIw +GjEYMBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMB4XDTE5MDczMDEzMDQyMFoXDTI5 +MDcyNzEzMDQyMFowGjEYMBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMHYwEAYHKoZI +zj0CAQYFK4EEACIDYgAEf0Vp3WUOyNyNadbV0wXRxNws3Vfj0DtLOWS+PqHnpqQR +DDoiX0VgP22UPewYdBM0G+8rY69V7/T0I2c1MOxehEJpwzDtrPSwWFIYlovhrTm5 +aCXFWv7Emjc2lzff7796o4GUMIGRMB0GA1UdDgQWBBTbN0eikCKafCP5MWLoyV7R +ZUYZ1jBVBgNVHSMETjBMgBTbN0eikCKafCP5MWLoyV7RZUYZ1qEepBwwGjEYMBYG +A1UEAwwPVVNFUiBPcGVuVlBOIENBghQWkzeyLLTuPKZK9ETlbcoDlKBp7DAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqhkjOPQQDAgNoADBlAjEAhPooIL9r +CPdBnbm7odHvnvllUvR+iwwfcJSB17uV7Zt/XrobItEvMkrj1pBNz/OHAjAL+ktb +q0j0Zxzt35PA8oNPttbKNAUXT7KYSQ4KYstqX3NRvoXKOAj48p1IjkuUC3k= +-----END CERTIFICATE----- + + + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + ac:b6:49:fd:c2:e3:b8:1c:54:2c:66:1f:04:12:e1:b6 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=USER OpenVPN CA + Validity + Not Before: Jul 30 13:16:25 2019 GMT + Not After : Jul 14 13:16:25 2022 GMT + Subject: CN=qqcs + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:4a:c3:a5:30:3e:35:30:99:34:68:48:48:08:05: + 96:c9:b4:40:cc:e5:09:81:e3:47:07:84:59:63:59: + f8:c5:92:7f:35:ba:68:1b:14:d2:f3:da:39:14:97: + e3:11:09:d8:4f:34:61:9d:b2:75:d6:73:ab:d9:eb: + ed:0e:e8:e5:7b:28:c6:9d:04:b1:ed:47:97:2b:d3: + 62:01:b3:83:e7:6c:c8:c7:11:82:f3:c8:c0:97:27: + 52:8d:54:da:42:98:fb + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 8B:85:13:8E:D2:D4:4D:3F:AE:DD:0D:38:D0:65:84:40:E9:2A:3F:02 + X509v3 Authority Key Identifier: + keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6 + DirName:/CN=USER OpenVPN CA + serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:30:28:fe:ea:a7:50:e0:71:a6:51:36:4e:19:42:f7: + 01:c4:d0:fd:a2:66:f3:4c:28:15:81:51:9d:75:33:88:3e:6e: + 96:02:e4:67:be:26:cf:05:81:18:c3:e6:96:7f:73:2a:02:31: + 00:fc:ea:f1:0c:28:55:3b:9e:d1:5f:46:c7:41:0f:da:48:c5: + a6:35:45:19:07:f1:ad:59:2a:ae:0b:60:c6:f3:7d:a8:af:4f: + 71:50:5d:bb:fb:a7:55:7c:6c:b2:ce:12:c4 +-----BEGIN CERTIFICATE----- +MIICDDCCAZKgAwIBAgIRAKy2Sf3C47gcVCxmHwQS4bYwCgYIKoZIzj0EAwIwGjEY +MBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMB4XDTE5MDczMDEzMTYyNVoXDTIyMDcx +NDEzMTYyNVowDzENMAsGA1UEAwwEcXFjczB2MBAGByqGSM49AgEGBSuBBAAiA2IA +BErDpTA+NTCZNGhISAgFlsm0QMzlCYHjRweEWWNZ+MWSfzW6aBsU0vPaORSX4xEJ +2E80YZ2yddZzq9nr7Q7o5Xsoxp0Ese1HlyvTYgGzg+dsyMcRgvPIwJcnUo1U2kKY ++6OBpjCBozAJBgNVHRMEAjAAMB0GA1UdDgQWBBSLhROO0tRNP67dDTjQZYRA6So/ +AjBVBgNVHSMETjBMgBTbN0eikCKafCP5MWLoyV7RZUYZ1qEepBwwGjEYMBYGA1UE +AwwPVVNFUiBPcGVuVlBOIENBghQWkzeyLLTuPKZK9ETlbcoDlKBp7DATBgNVHSUE +DDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZIzj0EAwIDaAAwZQIwKP7q +p1DgcaZRNk4ZQvcBxND9ombzTCgVgVGddTOIPm6WAuRnvibPBYEYw+aWf3MqAjEA +/OrxDChVO57RX0bHQQ/aSMWmNUUZB/GtWSquC2DG832or09xUF27+6dVfGyyzhLE +-----END CERTIFICATE----- + + + +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBJVj3xLzZDW0wggPR3 +JPZUDXSKsfeXT+1IyjY7IKpB0Ku+jIOzCt1ma3S4iUK/F4ChZANiAARKw6UwPjUw +mTRoSEgIBZbJtEDM5QmB40cHhFljWfjFkn81umgbFNLz2jkUl+MRCdhPNGGdsnXW +c6vZ6+0O6OV7KMadBLHtR5cr02IBs4PnbMjHEYLzyMCXJ1KNVNpCmPs= +-----END PRIVATE KEY----- + + + +# +# 2048 bit OpenVPN static key +# +-----BEGIN OpenVPN Static key V1----- +ea8f1c83226838b22597668f903e9929 +6b77ff8cf2afd8d9f839344c47f85693 +d4280a82bc743e01159f17545f7d7e23 +1e91d5292c53c26c353618495b7a4013 +8df9a1de2a3278ea55ac22d1a85b11bb +b155df61c10e835b49b2960a52840aa1 +64ea57bc98da062b695e06e3aca108c8 +d755dbd543d0d816546d7647d326aaea +8e02195160d37f131ffe52a1f39c017e +69fcb995e6fab1ee7a64c8b5a3946faa +38613b3bdbdd95443a7ec3b17386dce9 +b070e4a7cb7ce59152a37985e8a7d881 +b2c1da898f177dba80e0b53e7bbf53c0 +c7431ebce43cfebc92fa4e4ac49a146c +84ae27231334ca1dac42dea1f964d48f +eb7313175e956356f6ecefd289864a1a +-----END OpenVPN Static key V1----- + diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/client-config/rrendek.conf b/sources/vpn.usr/postinstall/install/etc/openvpn/client-config/rrendek.conf new file mode 100644 index 0000000..4e61a7f --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/client-config/rrendek.conf @@ -0,0 +1,238 @@ +############################################## +# Sample client-side OpenVPN 2.0 config file # +# for connecting to multi-client server. # +# # +# This configuration can be used by multiple # +# clients, however each client should have # +# its own cert and key files. # +# # +# On Windows, you might want to rename this # +# file so it has a .ovpn extension # +############################################## + +# Specify that we are a client and that we +# will be pulling certain config file directives +# from the server. +client + +# Use the same setting as you are using on +# the server. +# On most systems, the VPN will not function +# unless you partially or fully disable +# the firewall for the TUN/TAP interface. +;dev tap +dev tun + +# Windows needs the TAP-Win32 adapter name +# from the Network Connections panel +# if you have more than one. On XP SP2, +# you may need to disable the firewall +# for the TAP adapter. +;dev-node MyTap + +# Are we connecting to a TCP or +# UDP server? Use the same setting as +# on the server. +;proto tcp +proto udp + +# The hostname/IP and port of the server. +# You can have multiple remote entries +# to load balance between the servers. +remote vpn.userrendszerhaz.hu 1194 + +# Choose a random host from the remote +# list for load-balancing. Otherwise +# try hosts in the order specified. +;remote-random + +# Keep trying indefinitely to resolve the +# host name of the OpenVPN server. Very useful +# on machines which are not permanently connected +# to the internet such as laptops. +resolv-retry infinite + +# Most clients don't need to bind to +# a specific local port number. +nobind + +# Downgrade privileges after initialization (non-Windows only) +user nobody +group nobody + +# Try to preserve some state across restarts. +persist-key +persist-tun + +# If you are connecting through an +# HTTP proxy to reach the actual OpenVPN +# server, put the proxy server/IP and +# port number here. See the man page +# if your proxy server requires +# authentication. +;http-proxy-retry # retry on connection failures +;http-proxy [proxy server] [proxy port #] + +# Wireless networks often produce a lot +# of duplicate packets. Set this flag +# to silence duplicate packet warnings. +;mute-replay-warnings + +# SSL/TLS parms. +# See the server config file for more +# description. It's best to use +# a separate .crt/.key file pair +# for each client. A single ca +# file can be used for all clients. +;ca ca.crt +;cert client.crt +;key client.key + +# Verify server certificate by checking that the +# certicate has the correct key usage set. +# This is an important precaution to protect against +# a potential attack discussed here: +# http://openvpn.net/howto.html#mitm +# +# To use this feature, you will need to generate +# your server certificates with the keyUsage set to +# digitalSignature, keyEncipherment +# and the extendedKeyUsage to +# serverAuth +# EasyRSA can do this for you. +remote-cert-tls server + +# If a tls-auth key is used on the server +# then every client must also have the key. +;tls-auth ta.key 1 +key-direction 1 + +# Select a cryptographic cipher. +# If the cipher option is used on the server +# then you must also specify it here. +# Note that v2.4 client/server will automatically +# negotiate AES-256-GCM in TLS mode. +# See also the ncp-cipher option in the manpage +cipher AES-256-CBC + +# Enable compression on the VPN link. +# Don't enable this unless it is also +# enabled in the server config file. +#comp-lzo + +# Set log file verbosity. +verb 3 + +# Silence repeating messages +;mute 20 + + +-----BEGIN CERTIFICATE----- +MIICCDCCAY6gAwIBAgIUFpM3siy07jymSvRE5W3KA5SgaewwCgYIKoZIzj0EAwIw +GjEYMBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMB4XDTE5MDczMDEzMDQyMFoXDTI5 +MDcyNzEzMDQyMFowGjEYMBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMHYwEAYHKoZI +zj0CAQYFK4EEACIDYgAEf0Vp3WUOyNyNadbV0wXRxNws3Vfj0DtLOWS+PqHnpqQR +DDoiX0VgP22UPewYdBM0G+8rY69V7/T0I2c1MOxehEJpwzDtrPSwWFIYlovhrTm5 +aCXFWv7Emjc2lzff7796o4GUMIGRMB0GA1UdDgQWBBTbN0eikCKafCP5MWLoyV7R +ZUYZ1jBVBgNVHSMETjBMgBTbN0eikCKafCP5MWLoyV7RZUYZ1qEepBwwGjEYMBYG +A1UEAwwPVVNFUiBPcGVuVlBOIENBghQWkzeyLLTuPKZK9ETlbcoDlKBp7DAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqhkjOPQQDAgNoADBlAjEAhPooIL9r +CPdBnbm7odHvnvllUvR+iwwfcJSB17uV7Zt/XrobItEvMkrj1pBNz/OHAjAL+ktb +q0j0Zxzt35PA8oNPttbKNAUXT7KYSQ4KYstqX3NRvoXKOAj48p1IjkuUC3k= +-----END CERTIFICATE----- + + + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + f6:01:86:d6:4b:85:3a:3d:d9:f8:79:9f:b8:17:c3:01 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=USER OpenVPN CA + Validity + Not Before: Jul 30 13:15:29 2019 GMT + Not After : Jul 14 13:15:29 2022 GMT + Subject: CN=rrendek + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:ea:c4:ab:e1:24:42:91:06:17:73:d6:d9:87:17: + 29:a8:05:73:be:5a:54:38:3e:c9:dd:78:55:ca:e2: + 27:e6:44:1a:22:5b:3a:15:68:61:bf:ae:ce:05:a5: + c9:98:f7:a3:ff:0e:b9:db:8e:fc:15:ac:76:41:c8: + 6e:de:85:38:cb:1f:b1:98:41:df:4e:18:62:24:04: + 95:5a:16:6b:0b:fd:13:e3:26:8b:76:d3:9a:54:6c: + 9b:19:3c:55:de:d0:2e + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + D5:73:9E:FA:32:4C:D8:2A:E0:33:CF:15:F6:C0:D5:E9:56:5A:D0:EE + X509v3 Authority Key Identifier: + keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6 + DirName:/CN=USER OpenVPN CA + serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:30:49:21:38:44:26:a9:96:15:98:29:c4:4f:04:25: + be:35:90:bc:44:00:60:0d:6a:f7:f8:d4:ed:58:ea:28:45:f2: + 99:33:d1:e3:2e:82:4e:04:bb:e5:27:10:ea:64:b8:83:02:31: + 00:c3:59:fe:dc:8a:a1:e4:d1:30:09:51:2a:d8:d2:76:af:dc: + 28:b2:d3:0d:ad:f3:19:91:b5:92:e6:8b:b4:77:d8:c3:87:f8: + 7b:39:94:ab:f2:c0:06:c1:c4:43:b8:0e:16 +-----BEGIN CERTIFICATE----- +MIICDzCCAZWgAwIBAgIRAPYBhtZLhTo92fh5n7gXwwEwCgYIKoZIzj0EAwIwGjEY +MBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMB4XDTE5MDczMDEzMTUyOVoXDTIyMDcx +NDEzMTUyOVowEjEQMA4GA1UEAwwHcnJlbmRlazB2MBAGByqGSM49AgEGBSuBBAAi +A2IABOrEq+EkQpEGF3PW2YcXKagFc75aVDg+yd14VcriJ+ZEGiJbOhVoYb+uzgWl +yZj3o/8OuduO/BWsdkHIbt6FOMsfsZhB304YYiQElVoWawv9E+Mmi3bTmlRsmxk8 +Vd7QLqOBpjCBozAJBgNVHRMEAjAAMB0GA1UdDgQWBBTVc576MkzYKuAzzxX2wNXp +VlrQ7jBVBgNVHSMETjBMgBTbN0eikCKafCP5MWLoyV7RZUYZ1qEepBwwGjEYMBYG +A1UEAwwPVVNFUiBPcGVuVlBOIENBghQWkzeyLLTuPKZK9ETlbcoDlKBp7DATBgNV +HSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZIzj0EAwIDaAAwZQIw +SSE4RCaplhWYKcRPBCW+NZC8RABgDWr3+NTtWOooRfKZM9HjLoJOBLvlJxDqZLiD +AjEAw1n+3Iqh5NEwCVEq2NJ2r9wostMNrfMZkbWS5ou0d9jDh/h7OZSr8sAGwcRD +uA4W +-----END CERTIFICATE----- + + + +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDCsxtcmrcd9xqynDZ3a +foxPCtPVy9dGZ9GYZY0umi1aXddSZmTQLis9HcQZsg6fqpuhZANiAATqxKvhJEKR +Bhdz1tmHFymoBXO+WlQ4PsndeFXK4ifmRBoiWzoVaGG/rs4FpcmY96P/DrnbjvwV +rHZByG7ehTjLH7GYQd9OGGIkBJVaFmsL/RPjJot205pUbJsZPFXe0C4= +-----END PRIVATE KEY----- + + + +# +# 2048 bit OpenVPN static key +# +-----BEGIN OpenVPN Static key V1----- +ea8f1c83226838b22597668f903e9929 +6b77ff8cf2afd8d9f839344c47f85693 +d4280a82bc743e01159f17545f7d7e23 +1e91d5292c53c26c353618495b7a4013 +8df9a1de2a3278ea55ac22d1a85b11bb +b155df61c10e835b49b2960a52840aa1 +64ea57bc98da062b695e06e3aca108c8 +d755dbd543d0d816546d7647d326aaea +8e02195160d37f131ffe52a1f39c017e +69fcb995e6fab1ee7a64c8b5a3946faa +38613b3bdbdd95443a7ec3b17386dce9 +b070e4a7cb7ce59152a37985e8a7d881 +b2c1da898f177dba80e0b53e7bbf53c0 +c7431ebce43cfebc92fa4e4ac49a146c +84ae27231334ca1dac42dea1f964d48f +eb7313175e956356f6ecefd289864a1a +-----END OpenVPN Static key V1----- + diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/client-config/thering.conf b/sources/vpn.usr/postinstall/install/etc/openvpn/client-config/thering.conf new file mode 100644 index 0000000..8a119b8 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/client-config/thering.conf @@ -0,0 +1,238 @@ +############################################## +# Sample client-side OpenVPN 2.0 config file # +# for connecting to multi-client server. # +# # +# This configuration can be used by multiple # +# clients, however each client should have # +# its own cert and key files. # +# # +# On Windows, you might want to rename this # +# file so it has a .ovpn extension # +############################################## + +# Specify that we are a client and that we +# will be pulling certain config file directives +# from the server. +client + +# Use the same setting as you are using on +# the server. +# On most systems, the VPN will not function +# unless you partially or fully disable +# the firewall for the TUN/TAP interface. +;dev tap +dev tun + +# Windows needs the TAP-Win32 adapter name +# from the Network Connections panel +# if you have more than one. On XP SP2, +# you may need to disable the firewall +# for the TAP adapter. +;dev-node MyTap + +# Are we connecting to a TCP or +# UDP server? Use the same setting as +# on the server. +;proto tcp +proto udp + +# The hostname/IP and port of the server. +# You can have multiple remote entries +# to load balance between the servers. +remote vpn.userrendszerhaz.hu 1194 + +# Choose a random host from the remote +# list for load-balancing. Otherwise +# try hosts in the order specified. +;remote-random + +# Keep trying indefinitely to resolve the +# host name of the OpenVPN server. Very useful +# on machines which are not permanently connected +# to the internet such as laptops. +resolv-retry infinite + +# Most clients don't need to bind to +# a specific local port number. +nobind + +# Downgrade privileges after initialization (non-Windows only) +user nobody +group nobody + +# Try to preserve some state across restarts. +persist-key +persist-tun + +# If you are connecting through an +# HTTP proxy to reach the actual OpenVPN +# server, put the proxy server/IP and +# port number here. See the man page +# if your proxy server requires +# authentication. +;http-proxy-retry # retry on connection failures +;http-proxy [proxy server] [proxy port #] + +# Wireless networks often produce a lot +# of duplicate packets. Set this flag +# to silence duplicate packet warnings. +;mute-replay-warnings + +# SSL/TLS parms. +# See the server config file for more +# description. It's best to use +# a separate .crt/.key file pair +# for each client. A single ca +# file can be used for all clients. +;ca ca.crt +;cert client.crt +;key client.key + +# Verify server certificate by checking that the +# certicate has the correct key usage set. +# This is an important precaution to protect against +# a potential attack discussed here: +# http://openvpn.net/howto.html#mitm +# +# To use this feature, you will need to generate +# your server certificates with the keyUsage set to +# digitalSignature, keyEncipherment +# and the extendedKeyUsage to +# serverAuth +# EasyRSA can do this for you. +remote-cert-tls server + +# If a tls-auth key is used on the server +# then every client must also have the key. +;tls-auth ta.key 1 +key-direction 1 + +# Select a cryptographic cipher. +# If the cipher option is used on the server +# then you must also specify it here. +# Note that v2.4 client/server will automatically +# negotiate AES-256-GCM in TLS mode. +# See also the ncp-cipher option in the manpage +cipher AES-256-CBC + +# Enable compression on the VPN link. +# Don't enable this unless it is also +# enabled in the server config file. +#comp-lzo + +# Set log file verbosity. +verb 3 + +# Silence repeating messages +;mute 20 + + +-----BEGIN CERTIFICATE----- +MIICCDCCAY6gAwIBAgIUFpM3siy07jymSvRE5W3KA5SgaewwCgYIKoZIzj0EAwIw +GjEYMBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMB4XDTE5MDczMDEzMDQyMFoXDTI5 +MDcyNzEzMDQyMFowGjEYMBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMHYwEAYHKoZI +zj0CAQYFK4EEACIDYgAEf0Vp3WUOyNyNadbV0wXRxNws3Vfj0DtLOWS+PqHnpqQR +DDoiX0VgP22UPewYdBM0G+8rY69V7/T0I2c1MOxehEJpwzDtrPSwWFIYlovhrTm5 +aCXFWv7Emjc2lzff7796o4GUMIGRMB0GA1UdDgQWBBTbN0eikCKafCP5MWLoyV7R +ZUYZ1jBVBgNVHSMETjBMgBTbN0eikCKafCP5MWLoyV7RZUYZ1qEepBwwGjEYMBYG +A1UEAwwPVVNFUiBPcGVuVlBOIENBghQWkzeyLLTuPKZK9ETlbcoDlKBp7DAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqhkjOPQQDAgNoADBlAjEAhPooIL9r +CPdBnbm7odHvnvllUvR+iwwfcJSB17uV7Zt/XrobItEvMkrj1pBNz/OHAjAL+ktb +q0j0Zxzt35PA8oNPttbKNAUXT7KYSQ4KYstqX3NRvoXKOAj48p1IjkuUC3k= +-----END CERTIFICATE----- + + + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + b5:63:ff:7c:ff:87:23:f8:fd:6c:cd:82:85:1f:fa:31 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=USER OpenVPN CA + Validity + Not Before: Mar 26 10:41:42 2020 GMT + Not After : Mar 11 10:41:42 2023 GMT + Subject: CN=thering + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:18:e6:74:25:a4:09:6a:83:9f:bc:71:e8:8e:c1: + 44:73:6c:60:17:3a:29:a4:11:40:94:9d:ad:aa:f4: + 37:03:cc:83:a7:28:5b:58:c8:0b:40:bf:ec:c8:83: + 6e:41:db:56:24:37:56:7f:ba:25:57:09:76:82:27: + 45:93:e9:65:25:aa:55:f1:cb:48:d8:8b:d2:65:dc: + 8e:51:71:e8:60:d1:2e:88:34:f4:d1:f3:c2:81:3a: + 36:9a:9c:08:7f:ac:c7 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + DE:BA:42:67:DA:26:9A:79:0C:E4:D7:AB:BA:DA:0A:02:71:D0:48:FE + X509v3 Authority Key Identifier: + keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6 + DirName:/CN=USER OpenVPN CA + serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:31:00:87:c1:1b:d1:15:d9:85:62:f9:58:ff:0b:30: + a0:3b:c7:31:ca:46:0c:71:0c:55:9d:83:a3:a9:32:93:94:7a: + 6b:b4:54:e2:a3:e6:be:de:aa:29:bc:77:a7:9e:1b:cc:6f:02: + 30:66:a5:9a:15:42:7f:e4:ad:00:be:0b:73:70:20:1b:c1:65: + 40:15:22:28:51:8a:d1:7a:06:3a:50:2c:d2:56:0d:48:2c:7a: + f4:b1:63:3e:ac:7f:01:c8:ac:bc:04:ce:b9 +-----BEGIN CERTIFICATE----- +MIICDzCCAZWgAwIBAgIRALVj/3z/hyP4/WzNgoUf+jEwCgYIKoZIzj0EAwIwGjEY +MBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMB4XDTIwMDMyNjEwNDE0MloXDTIzMDMx +MTEwNDE0MlowEjEQMA4GA1UEAwwHdGhlcmluZzB2MBAGByqGSM49AgEGBSuBBAAi +A2IABBjmdCWkCWqDn7xx6I7BRHNsYBc6KaQRQJSdrar0NwPMg6coW1jIC0C/7MiD +bkHbViQ3Vn+6JVcJdoInRZPpZSWqVfHLSNiL0mXcjlFx6GDRLog09NHzwoE6Npqc +CH+sx6OBpjCBozAJBgNVHRMEAjAAMB0GA1UdDgQWBBTeukJn2iaaeQzk16u62goC +cdBI/jBVBgNVHSMETjBMgBTbN0eikCKafCP5MWLoyV7RZUYZ1qEepBwwGjEYMBYG +A1UEAwwPVVNFUiBPcGVuVlBOIENBghQWkzeyLLTuPKZK9ETlbcoDlKBp7DATBgNV +HSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZIzj0EAwIDaAAwZQIx +AIfBG9EV2YVi+Vj/CzCgO8cxykYMcQxVnYOjqTKTlHprtFTio+a+3qopvHennhvM +bwIwZqWaFUJ/5K0AvgtzcCAbwWVAFSIoUYrRegY6UCzSVg1ILHr0sWM+rH8ByKy8 +BM65 +-----END CERTIFICATE----- + + + +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDCboZiI4T9fQqhuUhZ1 +lsZw4yXdJ5COxryQGbWBWZanAdbF2JG/wNgYVcYHmU+IpEyhZANiAAQY5nQlpAlq +g5+8ceiOwURzbGAXOimkEUCUna2q9DcDzIOnKFtYyAtAv+zIg25B21YkN1Z/uiVX +CXaCJ0WT6WUlqlXxy0jYi9Jl3I5Rcehg0S6INPTR88KBOjaanAh/rMc= +-----END PRIVATE KEY----- + + + +# +# 2048 bit OpenVPN static key +# +-----BEGIN OpenVPN Static key V1----- +ea8f1c83226838b22597668f903e9929 +6b77ff8cf2afd8d9f839344c47f85693 +d4280a82bc743e01159f17545f7d7e23 +1e91d5292c53c26c353618495b7a4013 +8df9a1de2a3278ea55ac22d1a85b11bb +b155df61c10e835b49b2960a52840aa1 +64ea57bc98da062b695e06e3aca108c8 +d755dbd543d0d816546d7647d326aaea +8e02195160d37f131ffe52a1f39c017e +69fcb995e6fab1ee7a64c8b5a3946faa +38613b3bdbdd95443a7ec3b17386dce9 +b070e4a7cb7ce59152a37985e8a7d881 +b2c1da898f177dba80e0b53e7bbf53c0 +c7431ebce43cfebc92fa4e4ac49a146c +84ae27231334ca1dac42dea1f964d48f +eb7313175e956356f6ecefd289864a1a +-----END OpenVPN Static key V1----- + diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/client-config/tsuhajda.conf b/sources/vpn.usr/postinstall/install/etc/openvpn/client-config/tsuhajda.conf new file mode 100644 index 0000000..e768201 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/client-config/tsuhajda.conf @@ -0,0 +1,238 @@ +############################################## +# Sample client-side OpenVPN 2.0 config file # +# for connecting to multi-client server. # +# # +# This configuration can be used by multiple # +# clients, however each client should have # +# its own cert and key files. # +# # +# On Windows, you might want to rename this # +# file so it has a .ovpn extension # +############################################## + +# Specify that we are a client and that we +# will be pulling certain config file directives +# from the server. +client + +# Use the same setting as you are using on +# the server. +# On most systems, the VPN will not function +# unless you partially or fully disable +# the firewall for the TUN/TAP interface. +;dev tap +dev tun + +# Windows needs the TAP-Win32 adapter name +# from the Network Connections panel +# if you have more than one. On XP SP2, +# you may need to disable the firewall +# for the TAP adapter. +;dev-node MyTap + +# Are we connecting to a TCP or +# UDP server? Use the same setting as +# on the server. +;proto tcp +proto udp + +# The hostname/IP and port of the server. +# You can have multiple remote entries +# to load balance between the servers. +remote vpn.userrendszerhaz.hu 1194 + +# Choose a random host from the remote +# list for load-balancing. Otherwise +# try hosts in the order specified. +;remote-random + +# Keep trying indefinitely to resolve the +# host name of the OpenVPN server. Very useful +# on machines which are not permanently connected +# to the internet such as laptops. +resolv-retry infinite + +# Most clients don't need to bind to +# a specific local port number. +nobind + +# Downgrade privileges after initialization (non-Windows only) +user nobody +group nobody + +# Try to preserve some state across restarts. +persist-key +persist-tun + +# If you are connecting through an +# HTTP proxy to reach the actual OpenVPN +# server, put the proxy server/IP and +# port number here. See the man page +# if your proxy server requires +# authentication. +;http-proxy-retry # retry on connection failures +;http-proxy [proxy server] [proxy port #] + +# Wireless networks often produce a lot +# of duplicate packets. Set this flag +# to silence duplicate packet warnings. +;mute-replay-warnings + +# SSL/TLS parms. +# See the server config file for more +# description. It's best to use +# a separate .crt/.key file pair +# for each client. A single ca +# file can be used for all clients. +;ca ca.crt +;cert client.crt +;key client.key + +# Verify server certificate by checking that the +# certicate has the correct key usage set. +# This is an important precaution to protect against +# a potential attack discussed here: +# http://openvpn.net/howto.html#mitm +# +# To use this feature, you will need to generate +# your server certificates with the keyUsage set to +# digitalSignature, keyEncipherment +# and the extendedKeyUsage to +# serverAuth +# EasyRSA can do this for you. +remote-cert-tls server + +# If a tls-auth key is used on the server +# then every client must also have the key. +;tls-auth ta.key 1 +key-direction 1 + +# Select a cryptographic cipher. +# If the cipher option is used on the server +# then you must also specify it here. +# Note that v2.4 client/server will automatically +# negotiate AES-256-GCM in TLS mode. +# See also the ncp-cipher option in the manpage +cipher AES-256-CBC + +# Enable compression on the VPN link. +# Don't enable this unless it is also +# enabled in the server config file. +#comp-lzo + +# Set log file verbosity. +verb 3 + +# Silence repeating messages +;mute 20 + + +-----BEGIN CERTIFICATE----- +MIICCDCCAY6gAwIBAgIUFpM3siy07jymSvRE5W3KA5SgaewwCgYIKoZIzj0EAwIw +GjEYMBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMB4XDTE5MDczMDEzMDQyMFoXDTI5 +MDcyNzEzMDQyMFowGjEYMBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMHYwEAYHKoZI +zj0CAQYFK4EEACIDYgAEf0Vp3WUOyNyNadbV0wXRxNws3Vfj0DtLOWS+PqHnpqQR +DDoiX0VgP22UPewYdBM0G+8rY69V7/T0I2c1MOxehEJpwzDtrPSwWFIYlovhrTm5 +aCXFWv7Emjc2lzff7796o4GUMIGRMB0GA1UdDgQWBBTbN0eikCKafCP5MWLoyV7R +ZUYZ1jBVBgNVHSMETjBMgBTbN0eikCKafCP5MWLoyV7RZUYZ1qEepBwwGjEYMBYG +A1UEAwwPVVNFUiBPcGVuVlBOIENBghQWkzeyLLTuPKZK9ETlbcoDlKBp7DAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqhkjOPQQDAgNoADBlAjEAhPooIL9r +CPdBnbm7odHvnvllUvR+iwwfcJSB17uV7Zt/XrobItEvMkrj1pBNz/OHAjAL+ktb +q0j0Zxzt35PA8oNPttbKNAUXT7KYSQ4KYstqX3NRvoXKOAj48p1IjkuUC3k= +-----END CERTIFICATE----- + + + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 4b:df:84:b3:7b:17:ce:e1:09:87:9b:67:05:4b:27:91 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=USER OpenVPN CA + Validity + Not Before: Jul 30 13:15:51 2019 GMT + Not After : Jul 14 13:15:51 2022 GMT + Subject: CN=tsuhajda + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:6a:52:47:b4:82:6f:88:07:39:d2:55:37:5b:de: + e8:37:fd:12:c8:2e:2a:c5:b4:9b:54:cf:2b:7c:73: + dd:9c:89:37:d7:a9:09:50:11:bb:ae:8e:8d:3f:e7: + d0:c9:7e:89:f5:7f:29:28:2d:d6:49:5b:69:b9:47: + da:82:87:1e:a9:e8:7a:98:e2:fe:2b:b6:b0:c2:fd: + aa:18:af:c3:d5:b0:c3:51:8b:77:8e:4d:68:60:47: + 41:28:4d:30:81:4d:7c + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 60:FA:D3:CB:9A:38:0E:08:58:0C:11:BB:A1:C8:18:FB:36:31:2A:67 + X509v3 Authority Key Identifier: + keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6 + DirName:/CN=USER OpenVPN CA + serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:66:02:31:00:c2:3b:36:d4:ec:38:f3:3f:11:b3:74:6b:34: + 27:2f:bd:77:41:c1:20:55:e8:39:b5:1b:ad:04:a1:ab:ca:19: + 1e:31:6f:32:4e:12:80:f9:c9:fc:96:f4:7b:81:34:87:07:02: + 31:00:92:a4:26:4c:73:29:b6:4f:be:37:a7:98:50:33:4f:10: + cd:f2:a0:2d:e6:f1:dd:18:7e:0a:51:1d:81:36:5a:36:3c:17: + f8:d3:2c:cb:c1:16:5d:38:1d:57:97:9a:be:69 +-----BEGIN CERTIFICATE----- +MIICEDCCAZWgAwIBAgIQS9+Es3sXzuEJh5tnBUsnkTAKBggqhkjOPQQDAjAaMRgw +FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkwNzMwMTMxNTUxWhcNMjIwNzE0 +MTMxNTUxWjATMREwDwYDVQQDDAh0c3VoYWpkYTB2MBAGByqGSM49AgEGBSuBBAAi +A2IABGpSR7SCb4gHOdJVN1ve6Df9EsguKsW0m1TPK3xz3ZyJN9epCVARu66OjT/n +0Ml+ifV/KSgt1klbablH2oKHHqnoepji/iu2sML9qhivw9Www1GLd45NaGBHQShN +MIFNfKOBpjCBozAJBgNVHRMEAjAAMB0GA1UdDgQWBBRg+tPLmjgOCFgMEbuhyBj7 +NjEqZzBVBgNVHSMETjBMgBTbN0eikCKafCP5MWLoyV7RZUYZ1qEepBwwGjEYMBYG +A1UEAwwPVVNFUiBPcGVuVlBOIENBghQWkzeyLLTuPKZK9ETlbcoDlKBp7DATBgNV +HSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZIzj0EAwIDaQAwZgIx +AMI7NtTsOPM/EbN0azQnL713QcEgVeg5tRutBKGryhkeMW8yThKA+cn8lvR7gTSH +BwIxAJKkJkxzKbZPvjenmFAzTxDN8qAt5vHdGH4KUR2BNlo2PBf40yzLwRZdOB1X +l5q+aQ== +-----END CERTIFICATE----- + + + +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDA3FfCdgRHmr7R09vcV +oMIHICl1w6SEHkvJWvu/kgBvfUTDa+8xO6TcfLj3bcN7SUKhZANiAARqUke0gm+I +BznSVTdb3ug3/RLILirFtJtUzyt8c92ciTfXqQlQEbuujo0/59DJfon1fykoLdZJ +W2m5R9qChx6p6HqY4v4rtrDC/aoYr8PVsMNRi3eOTWhgR0EoTTCBTXw= +-----END PRIVATE KEY----- + + + +# +# 2048 bit OpenVPN static key +# +-----BEGIN OpenVPN Static key V1----- +ea8f1c83226838b22597668f903e9929 +6b77ff8cf2afd8d9f839344c47f85693 +d4280a82bc743e01159f17545f7d7e23 +1e91d5292c53c26c353618495b7a4013 +8df9a1de2a3278ea55ac22d1a85b11bb +b155df61c10e835b49b2960a52840aa1 +64ea57bc98da062b695e06e3aca108c8 +d755dbd543d0d816546d7647d326aaea +8e02195160d37f131ffe52a1f39c017e +69fcb995e6fab1ee7a64c8b5a3946faa +38613b3bdbdd95443a7ec3b17386dce9 +b070e4a7cb7ce59152a37985e8a7d881 +b2c1da898f177dba80e0b53e7bbf53c0 +c7431ebce43cfebc92fa4e4ac49a146c +84ae27231334ca1dac42dea1f964d48f +eb7313175e956356f6ecefd289864a1a +-----END OpenVPN Static key V1----- + diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/client-config/zbartakovics.conf b/sources/vpn.usr/postinstall/install/etc/openvpn/client-config/zbartakovics.conf new file mode 100644 index 0000000..3e8513c --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/client-config/zbartakovics.conf @@ -0,0 +1,238 @@ +############################################## +# Sample client-side OpenVPN 2.0 config file # +# for connecting to multi-client server. # +# # +# This configuration can be used by multiple # +# clients, however each client should have # +# its own cert and key files. # +# # +# On Windows, you might want to rename this # +# file so it has a .ovpn extension # +############################################## + +# Specify that we are a client and that we +# will be pulling certain config file directives +# from the server. +client + +# Use the same setting as you are using on +# the server. +# On most systems, the VPN will not function +# unless you partially or fully disable +# the firewall for the TUN/TAP interface. +;dev tap +dev tun + +# Windows needs the TAP-Win32 adapter name +# from the Network Connections panel +# if you have more than one. On XP SP2, +# you may need to disable the firewall +# for the TAP adapter. +;dev-node MyTap + +# Are we connecting to a TCP or +# UDP server? Use the same setting as +# on the server. +;proto tcp +proto udp + +# The hostname/IP and port of the server. +# You can have multiple remote entries +# to load balance between the servers. +remote vpn.userrendszerhaz.hu 1194 + +# Choose a random host from the remote +# list for load-balancing. Otherwise +# try hosts in the order specified. +;remote-random + +# Keep trying indefinitely to resolve the +# host name of the OpenVPN server. Very useful +# on machines which are not permanently connected +# to the internet such as laptops. +resolv-retry infinite + +# Most clients don't need to bind to +# a specific local port number. +nobind + +# Downgrade privileges after initialization (non-Windows only) +user nobody +group nobody + +# Try to preserve some state across restarts. +persist-key +persist-tun + +# If you are connecting through an +# HTTP proxy to reach the actual OpenVPN +# server, put the proxy server/IP and +# port number here. See the man page +# if your proxy server requires +# authentication. +;http-proxy-retry # retry on connection failures +;http-proxy [proxy server] [proxy port #] + +# Wireless networks often produce a lot +# of duplicate packets. Set this flag +# to silence duplicate packet warnings. +;mute-replay-warnings + +# SSL/TLS parms. +# See the server config file for more +# description. It's best to use +# a separate .crt/.key file pair +# for each client. A single ca +# file can be used for all clients. +;ca ca.crt +;cert client.crt +;key client.key + +# Verify server certificate by checking that the +# certicate has the correct key usage set. +# This is an important precaution to protect against +# a potential attack discussed here: +# http://openvpn.net/howto.html#mitm +# +# To use this feature, you will need to generate +# your server certificates with the keyUsage set to +# digitalSignature, keyEncipherment +# and the extendedKeyUsage to +# serverAuth +# EasyRSA can do this for you. +remote-cert-tls server + +# If a tls-auth key is used on the server +# then every client must also have the key. +;tls-auth ta.key 1 +key-direction 1 + +# Select a cryptographic cipher. +# If the cipher option is used on the server +# then you must also specify it here. +# Note that v2.4 client/server will automatically +# negotiate AES-256-GCM in TLS mode. +# See also the ncp-cipher option in the manpage +cipher AES-256-CBC + +# Enable compression on the VPN link. +# Don't enable this unless it is also +# enabled in the server config file. +#comp-lzo + +# Set log file verbosity. +verb 3 + +# Silence repeating messages +;mute 20 + + +-----BEGIN CERTIFICATE----- +MIICCDCCAY6gAwIBAgIUFpM3siy07jymSvRE5W3KA5SgaewwCgYIKoZIzj0EAwIw +GjEYMBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMB4XDTE5MDczMDEzMDQyMFoXDTI5 +MDcyNzEzMDQyMFowGjEYMBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMHYwEAYHKoZI +zj0CAQYFK4EEACIDYgAEf0Vp3WUOyNyNadbV0wXRxNws3Vfj0DtLOWS+PqHnpqQR +DDoiX0VgP22UPewYdBM0G+8rY69V7/T0I2c1MOxehEJpwzDtrPSwWFIYlovhrTm5 +aCXFWv7Emjc2lzff7796o4GUMIGRMB0GA1UdDgQWBBTbN0eikCKafCP5MWLoyV7R +ZUYZ1jBVBgNVHSMETjBMgBTbN0eikCKafCP5MWLoyV7RZUYZ1qEepBwwGjEYMBYG +A1UEAwwPVVNFUiBPcGVuVlBOIENBghQWkzeyLLTuPKZK9ETlbcoDlKBp7DAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqhkjOPQQDAgNoADBlAjEAhPooIL9r +CPdBnbm7odHvnvllUvR+iwwfcJSB17uV7Zt/XrobItEvMkrj1pBNz/OHAjAL+ktb +q0j0Zxzt35PA8oNPttbKNAUXT7KYSQ4KYstqX3NRvoXKOAj48p1IjkuUC3k= +-----END CERTIFICATE----- + + + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 6b:9d:83:08:3d:87:cc:88:0a:de:bc:cd:3b:5c:ef:4d + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=USER OpenVPN CA + Validity + Not Before: Jul 30 13:16:02 2019 GMT + Not After : Jul 14 13:16:02 2022 GMT + Subject: CN=zbartakovics + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:0f:68:0b:c6:8e:81:3c:ef:a7:cb:71:84:f3:84: + 12:e5:9c:28:13:15:e1:ab:bf:2f:92:3c:db:40:2c: + e5:f7:c9:61:94:d2:23:08:10:75:53:7a:ec:39:3c: + a1:9c:d3:73:0e:79:db:4c:15:94:77:11:a4:30:e2: + bc:73:fa:66:0e:17:90:e2:a3:4c:17:82:41:87:c2: + 94:8a:c3:28:47:40:76:76:59:c7:16:47:07:8b:ec: + dd:22:6c:3c:af:26:25 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 36:50:AD:4A:3A:69:D8:C0:00:F4:3C:7C:FF:B0:7D:E2:94:B9:7C:8A + X509v3 Authority Key Identifier: + keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6 + DirName:/CN=USER OpenVPN CA + serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:64:02:30:7e:1a:02:39:9f:2d:c8:dd:5b:4a:2b:9a:2e:61: + 60:a5:e2:60:92:29:d4:7e:f2:32:5a:be:90:72:89:42:1a:74: + 74:72:c3:e8:32:0b:63:82:52:65:fa:2f:b3:13:4f:16:02:30: + 1e:a0:79:e7:55:d1:45:54:97:8d:a0:fb:50:ce:47:b0:1f:d0: + 78:47:21:dc:21:d1:7d:f4:1a:da:48:55:fc:43:ce:28:ae:b9: + 96:c0:72:2b:29:e4:61:b7:6b:9a:b2:92 +-----BEGIN CERTIFICATE----- +MIICEjCCAZmgAwIBAgIQa52DCD2HzIgK3rzNO1zvTTAKBggqhkjOPQQDAjAaMRgw +FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkwNzMwMTMxNjAyWhcNMjIwNzE0 +MTMxNjAyWjAXMRUwEwYDVQQDDAx6YmFydGFrb3ZpY3MwdjAQBgcqhkjOPQIBBgUr +gQQAIgNiAAQPaAvGjoE876fLcYTzhBLlnCgTFeGrvy+SPNtALOX3yWGU0iMIEHVT +euw5PKGc03MOedtMFZR3EaQw4rxz+mYOF5Dio0wXgkGHwpSKwyhHQHZ2WccWRweL +7N0ibDyvJiWjgaYwgaMwCQYDVR0TBAIwADAdBgNVHQ4EFgQUNlCtSjpp2MAA9Dx8 +/7B94pS5fIowVQYDVR0jBE4wTIAU2zdHopAimnwj+TFi6Mle0WVGGdahHqQcMBox +GDAWBgNVBAMMD1VTRVIgT3BlblZQTiBDQYIUFpM3siy07jymSvRE5W3KA5Sgaeww +EwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMAoGCCqGSM49BAMCA2cA +MGQCMH4aAjmfLcjdW0ormi5hYKXiYJIp1H7yMlq+kHKJQhp0dHLD6DILY4JSZfov +sxNPFgIwHqB551XRRVSXjaD7UM5HsB/QeEch3CHRffQa2khV/EPOKK65lsByKynk +YbdrmrKS +-----END CERTIFICATE----- + + + +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDA0fa139CTqeLKWJaqU +GKH5EIpDoFGwek9AW9Td5BTuYxpTREQwi3vMbEZ4sULZI2ehZANiAAQPaAvGjoE8 +76fLcYTzhBLlnCgTFeGrvy+SPNtALOX3yWGU0iMIEHVTeuw5PKGc03MOedtMFZR3 +EaQw4rxz+mYOF5Dio0wXgkGHwpSKwyhHQHZ2WccWRweL7N0ibDyvJiU= +-----END PRIVATE KEY----- + + + +# +# 2048 bit OpenVPN static key +# +-----BEGIN OpenVPN Static key V1----- +ea8f1c83226838b22597668f903e9929 +6b77ff8cf2afd8d9f839344c47f85693 +d4280a82bc743e01159f17545f7d7e23 +1e91d5292c53c26c353618495b7a4013 +8df9a1de2a3278ea55ac22d1a85b11bb +b155df61c10e835b49b2960a52840aa1 +64ea57bc98da062b695e06e3aca108c8 +d755dbd543d0d816546d7647d326aaea +8e02195160d37f131ffe52a1f39c017e +69fcb995e6fab1ee7a64c8b5a3946faa +38613b3bdbdd95443a7ec3b17386dce9 +b070e4a7cb7ce59152a37985e8a7d881 +b2c1da898f177dba80e0b53e7bbf53c0 +c7431ebce43cfebc92fa4e4ac49a146c +84ae27231334ca1dac42dea1f964d48f +eb7313175e956356f6ecefd289864a1a +-----END OpenVPN Static key V1----- + diff --git a/sources/vpn.usr/postinstall/install/etc/openvpn/client-config/zfelleg.conf b/sources/vpn.usr/postinstall/install/etc/openvpn/client-config/zfelleg.conf new file mode 100644 index 0000000..34126b8 --- /dev/null +++ b/sources/vpn.usr/postinstall/install/etc/openvpn/client-config/zfelleg.conf @@ -0,0 +1,238 @@ +############################################## +# Sample client-side OpenVPN 2.0 config file # +# for connecting to multi-client server. # +# # +# This configuration can be used by multiple # +# clients, however each client should have # +# its own cert and key files. # +# # +# On Windows, you might want to rename this # +# file so it has a .ovpn extension # +############################################## + +# Specify that we are a client and that we +# will be pulling certain config file directives +# from the server. +client + +# Use the same setting as you are using on +# the server. +# On most systems, the VPN will not function +# unless you partially or fully disable +# the firewall for the TUN/TAP interface. +;dev tap +dev tun + +# Windows needs the TAP-Win32 adapter name +# from the Network Connections panel +# if you have more than one. On XP SP2, +# you may need to disable the firewall +# for the TAP adapter. +;dev-node MyTap + +# Are we connecting to a TCP or +# UDP server? Use the same setting as +# on the server. +;proto tcp +proto udp + +# The hostname/IP and port of the server. +# You can have multiple remote entries +# to load balance between the servers. +remote vpn.userrendszerhaz.hu 1194 + +# Choose a random host from the remote +# list for load-balancing. Otherwise +# try hosts in the order specified. +;remote-random + +# Keep trying indefinitely to resolve the +# host name of the OpenVPN server. Very useful +# on machines which are not permanently connected +# to the internet such as laptops. +resolv-retry infinite + +# Most clients don't need to bind to +# a specific local port number. +nobind + +# Downgrade privileges after initialization (non-Windows only) +user nobody +group nobody + +# Try to preserve some state across restarts. +persist-key +persist-tun + +# If you are connecting through an +# HTTP proxy to reach the actual OpenVPN +# server, put the proxy server/IP and +# port number here. See the man page +# if your proxy server requires +# authentication. +;http-proxy-retry # retry on connection failures +;http-proxy [proxy server] [proxy port #] + +# Wireless networks often produce a lot +# of duplicate packets. Set this flag +# to silence duplicate packet warnings. +;mute-replay-warnings + +# SSL/TLS parms. +# See the server config file for more +# description. It's best to use +# a separate .crt/.key file pair +# for each client. A single ca +# file can be used for all clients. +;ca ca.crt +;cert client.crt +;key client.key + +# Verify server certificate by checking that the +# certicate has the correct key usage set. +# This is an important precaution to protect against +# a potential attack discussed here: +# http://openvpn.net/howto.html#mitm +# +# To use this feature, you will need to generate +# your server certificates with the keyUsage set to +# digitalSignature, keyEncipherment +# and the extendedKeyUsage to +# serverAuth +# EasyRSA can do this for you. +remote-cert-tls server + +# If a tls-auth key is used on the server +# then every client must also have the key. +;tls-auth ta.key 1 +key-direction 1 + +# Select a cryptographic cipher. +# If the cipher option is used on the server +# then you must also specify it here. +# Note that v2.4 client/server will automatically +# negotiate AES-256-GCM in TLS mode. +# See also the ncp-cipher option in the manpage +cipher AES-256-CBC + +# Enable compression on the VPN link. +# Don't enable this unless it is also +# enabled in the server config file. +#comp-lzo + +# Set log file verbosity. +verb 3 + +# Silence repeating messages +;mute 20 + + +-----BEGIN CERTIFICATE----- +MIICCDCCAY6gAwIBAgIUFpM3siy07jymSvRE5W3KA5SgaewwCgYIKoZIzj0EAwIw +GjEYMBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMB4XDTE5MDczMDEzMDQyMFoXDTI5 +MDcyNzEzMDQyMFowGjEYMBYGA1UEAwwPVVNFUiBPcGVuVlBOIENBMHYwEAYHKoZI +zj0CAQYFK4EEACIDYgAEf0Vp3WUOyNyNadbV0wXRxNws3Vfj0DtLOWS+PqHnpqQR +DDoiX0VgP22UPewYdBM0G+8rY69V7/T0I2c1MOxehEJpwzDtrPSwWFIYlovhrTm5 +aCXFWv7Emjc2lzff7796o4GUMIGRMB0GA1UdDgQWBBTbN0eikCKafCP5MWLoyV7R +ZUYZ1jBVBgNVHSMETjBMgBTbN0eikCKafCP5MWLoyV7RZUYZ1qEepBwwGjEYMBYG +A1UEAwwPVVNFUiBPcGVuVlBOIENBghQWkzeyLLTuPKZK9ETlbcoDlKBp7DAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqhkjOPQQDAgNoADBlAjEAhPooIL9r +CPdBnbm7odHvnvllUvR+iwwfcJSB17uV7Zt/XrobItEvMkrj1pBNz/OHAjAL+ktb +q0j0Zxzt35PA8oNPttbKNAUXT7KYSQ4KYstqX3NRvoXKOAj48p1IjkuUC3k= +-----END CERTIFICATE----- + + + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 34:13:80:3e:21:7f:3b:dd:0a:af:d5:cb:0d:17:4b:3c + Signature Algorithm: ecdsa-with-SHA256 + Issuer: CN=USER OpenVPN CA + Validity + Not Before: Jul 30 13:16:17 2019 GMT + Not After : Jul 14 13:16:17 2022 GMT + Subject: CN=zfelleg + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:83:a4:95:4c:f4:18:92:47:f1:fe:26:d4:2c:3a: + a1:65:73:7b:ef:cd:26:ef:dc:d7:7a:dc:95:9a:8b: + 66:3f:e9:c9:2e:f6:ac:0a:0e:a1:8f:bd:a5:00:42: + 3a:30:03:9c:0a:5b:4a:c3:3c:bc:62:05:60:37:36: + 99:e4:e7:27:2d:ae:a9:c1:a2:57:35:8e:d2:59:77: + 29:16:64:50:94:16:ca:1a:19:31:1a:83:8c:41:07: + 7f:7d:e7:fc:98:80:73 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 40:51:B5:0A:53:CE:54:25:34:5C:DC:E5:70:74:B3:6F:D4:D3:01:84 + X509v3 Authority Key Identifier: + keyid:DB:37:47:A2:90:22:9A:7C:23:F9:31:62:E8:C9:5E:D1:65:46:19:D6 + DirName:/CN=USER OpenVPN CA + serial:16:93:37:B2:2C:B4:EE:3C:A6:4A:F4:44:E5:6D:CA:03:94:A0:69:EC + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: ecdsa-with-SHA256 + 30:65:02:30:7e:24:b4:72:c8:67:13:4f:a0:ba:09:76:d0:33: + 36:35:d4:d0:df:e7:a5:25:25:af:ce:36:67:42:22:bf:42:fb: + ab:96:52:73:c1:b2:a0:58:3a:90:b1:8a:78:70:eb:c9:02:31: + 00:d9:4a:41:83:7a:5d:1b:6c:e2:d0:2d:b7:c3:b9:b7:11:26: + 90:fa:9c:cb:20:e6:c4:cf:06:65:8b:8e:6b:00:c7:ec:77:f0: + 85:75:17:58:0b:ef:06:8b:13:0b:57:61:25 +-----BEGIN CERTIFICATE----- +MIICDjCCAZSgAwIBAgIQNBOAPiF/O90Kr9XLDRdLPDAKBggqhkjOPQQDAjAaMRgw +FgYDVQQDDA9VU0VSIE9wZW5WUE4gQ0EwHhcNMTkwNzMwMTMxNjE3WhcNMjIwNzE0 +MTMxNjE3WjASMRAwDgYDVQQDDAd6ZmVsbGVnMHYwEAYHKoZIzj0CAQYFK4EEACID +YgAEg6SVTPQYkkfx/ibULDqhZXN7780m79zXetyVmotmP+nJLvasCg6hj72lAEI6 +MAOcCltKwzy8YgVgNzaZ5OcnLa6pwaJXNY7SWXcpFmRQlBbKGhkxGoOMQQd/fef8 +mIBzo4GmMIGjMAkGA1UdEwQCMAAwHQYDVR0OBBYEFEBRtQpTzlQlNFzc5XB0s2/U +0wGEMFUGA1UdIwROMEyAFNs3R6KQIpp8I/kxYujJXtFlRhnWoR6kHDAaMRgwFgYD +VQQDDA9VU0VSIE9wZW5WUE4gQ0GCFBaTN7IstO48pkr0ROVtygOUoGnsMBMGA1Ud +JQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAKBggqhkjOPQQDAgNoADBlAjB+ +JLRyyGcTT6C6CXbQMzY11NDf56UlJa/ONmdCIr9C+6uWUnPBsqBYOpCxinhw68kC +MQDZSkGDel0bbOLQLbfDubcRJpD6nMsg5sTPBmWLjmsAx+x38IV1F1gL7waLEwtX +YSU= +-----END CERTIFICATE----- + + + +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDrR6bejMZ+YEKPLqFW +EcqqktxOsksvQB6WL0olu99MczjNpHbWRJdzF0b1CxYYTKChZANiAASDpJVM9BiS +R/H+JtQsOqFlc3vvzSbv3Nd63JWai2Y/6cku9qwKDqGPvaUAQjowA5wKW0rDPLxi +BWA3Npnk5yctrqnBolc1jtJZdykWZFCUFsoaGTEag4xBB3995/yYgHM= +-----END PRIVATE KEY----- + + + +# +# 2048 bit OpenVPN static key +# +-----BEGIN OpenVPN Static key V1----- +ea8f1c83226838b22597668f903e9929 +6b77ff8cf2afd8d9f839344c47f85693 +d4280a82bc743e01159f17545f7d7e23 +1e91d5292c53c26c353618495b7a4013 +8df9a1de2a3278ea55ac22d1a85b11bb +b155df61c10e835b49b2960a52840aa1 +64ea57bc98da062b695e06e3aca108c8 +d755dbd543d0d816546d7647d326aaea +8e02195160d37f131ffe52a1f39c017e +69fcb995e6fab1ee7a64c8b5a3946faa +38613b3bdbdd95443a7ec3b17386dce9 +b070e4a7cb7ce59152a37985e8a7d881 +b2c1da898f177dba80e0b53e7bbf53c0 +c7431ebce43cfebc92fa4e4ac49a146c +84ae27231334ca1dac42dea1f964d48f +eb7313175e956356f6ecefd289864a1a +-----END OpenVPN Static key V1----- + -- 2.54.0