| Current Path : /var/mail/etc/o1/client/files/ |
Linux ift1.ift-informatik.de 5.4.0-216-generic #236-Ubuntu SMP Fri Apr 11 19:53:21 UTC 2025 x86_64 |
| Current File : /var/mail/etc/o1/client/files/cpkettner51.ovpn |
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
dev tap
;dev tun
# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one. On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
;dev-node MyTap
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server.
;proto tcp
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote ift-intern.de 1194
;remote my-server-2 1194
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Downgrade privileges after initialization (non-Windows only)
;user nobody
;group nogroup
# Try to preserve some state across restarts.
persist-key
persist-tun
# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN
# server, put the proxy server/IP and
# port number here. See the man page
# if your proxy server requires
# authentication.
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
# Wireless networks often produce a lot
# of duplicate packets. Set this flag
# to silence duplicate packet warnings.
;mute-replay-warnings
# SSL/TLS parms.
# See the server config file for more
# description. It's best to use
# a separate .crt/.key file pair
# for each client. A single ca
# file can be used for all clients.
# ca ca.crt
# cert client.crt
# key client.key
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-server
# script in the easy-rsa folder will do this.
ns-cert-type server
# If a tls-auth key is used on the server
# then every client must also have the key.
tls-auth ta.key 1
key-direction 1
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
cipher AES-128-CBC
auth SHA256
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
comp-lzo
# Set log file verbosity.
verb 3
# Silence repeating messages
;mute 20
route-method exe
route-delay 2
pull
<ca>
-----BEGIN CERTIFICATE-----
MIIDijCCAvOgAwIBAgIJAK32CLIc/KJkMA0GCSqGSIb3DQEBBQUAMIGLMQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmF5ZXJuMQ8wDQYDVQQHEwZGdWVydGgxDzANBgNV
BAoTBklmVDAwMTESMBAGA1UEAxMJSWZUMDAxIENBMQ8wDQYDVQQpEwZzZXJ2ZXIx
JDAiBgkqhkiG9w0BCQEWFWlmdEBpZnQtaW5mb3JtYXRpay5kZTAeFw0xNzA3MTcw
OTUwMzJaFw0yNzA3MTUwOTUwMzJaMIGLMQswCQYDVQQGEwJERTEPMA0GA1UECBMG
QmF5ZXJuMQ8wDQYDVQQHEwZGdWVydGgxDzANBgNVBAoTBklmVDAwMTESMBAGA1UE
AxMJSWZUMDAxIENBMQ8wDQYDVQQpEwZzZXJ2ZXIxJDAiBgkqhkiG9w0BCQEWFWlm
dEBpZnQtaW5mb3JtYXRpay5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
7Y/24TI5tcSY7bB2Z+sXBcQ36cS0F+Pyw2rgKcK1kF977TmyF40nQsMiAmhZ37nt
GXu+ESbzJ8qRTBlrJ8NcgY1zq9hsGr/1lyyWr6P6NtwOhoSVz+FHd92i3s5bzNSR
LlQlcW1WI9TD7qpyKu2f68fCoTPZCdzq1916X/OUoP0CAwEAAaOB8zCB8DAdBgNV
HQ4EFgQUKfH155Z3fATGDxqf41TWg8PmPz0wgcAGA1UdIwSBuDCBtYAUKfH155Z3
fATGDxqf41TWg8PmPz2hgZGkgY4wgYsxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZC
YXllcm4xDzANBgNVBAcTBkZ1ZXJ0aDEPMA0GA1UEChMGSWZUMDAxMRIwEAYDVQQD
EwlJZlQwMDEgQ0ExDzANBgNVBCkTBnNlcnZlcjEkMCIGCSqGSIb3DQEJARYVaWZ0
QGlmdC1pbmZvcm1hdGlrLmRlggkArfYIshz8omQwDAYDVR0TBAUwAwEB/zANBgkq
hkiG9w0BAQUFAAOBgQCfDJpAncCsf+1tfbwVKlxbCEgKkW9baHiO1w4gI70PcIFz
ooRcS7E7BFGgRWiQmh58f/g1DnPxYX302GTC14XToA1Ri9uKFac+9hOCx9EUvAN7
3vzuKZRc5NITKyjHhZkavn+IfSCr7jc+aoBka+QMFILKgvNwnUZm0xhveruUqQ==
-----END CERTIFICATE-----
</ca>
<cert>
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 40 (0x28)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=DE, ST=Bayern, L=Fuerth, O=IfT001, CN=IfT001 CA/name=server/emailAddress=ift@ift-informatik.de
Validity
Not Before: Oct 26 10:21:53 2018 GMT
Not After : Oct 23 10:21:53 2028 GMT
Subject: C=DE, ST=Bayern, L=Fuerth, O=IfT001, CN=cpkettner51/name=cpkettner/emailAddress=cpkettner@ift-informatik.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:ce:6c:9b:ee:63:95:0e:4e:dc:8b:fa:e2:17:cb:
1b:9f:e8:cd:34:05:e0:b9:28:40:5f:13:7a:9a:db:
4d:25:24:1c:12:39:fa:4b:2c:11:e0:0b:19:3e:41:
d3:8b:d4:53:72:5e:c4:78:0d:04:1c:48:ce:77:74:
b6:e8:32:f4:3e:31:2e:7f:f4:70:43:f0:72:26:de:
c3:c5:ec:25:5a:14:6c:38:8a:91:35:f9:d0:e4:10:
a8:26:23:ab:bc:42:28:2f:8d:68:29:86:48:ae:27:
13:3d:fd:43:51:ee:6e:48:93:6d:00:21:36:de:30:
85:de:b2:ea:a2:50:cc:2c:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
9A:67:63:43:BA:51:14:F8:0C:07:52:02:12:5A:A1:15:FB:83:2D:21
X509v3 Authority Key Identifier:
keyid:29:F1:F5:E7:96:77:7C:04:C6:0F:1A:9F:E3:54:D6:83:C3:E6:3F:3D
DirName:/C=DE/ST=Bayern/L=Fuerth/O=IfT001/CN=IfT001 CA/name=server/emailAddress=ift@ift-informatik.de
serial:AD:F6:08:B2:1C:FC:A2:64
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
Signature Algorithm: sha1WithRSAEncryption
70:cc:e1:61:c5:b9:e0:f1:91:7e:cb:a0:19:0a:57:93:e9:f0:
6f:17:7b:54:bd:8f:b0:ee:a8:5b:46:dd:0d:03:94:5f:f3:2c:
d6:b5:80:26:16:27:9e:ed:69:8d:16:cb:1e:82:c7:5b:f1:0e:
e7:6e:5e:89:60:7d:c7:44:44:77:c3:ef:84:a0:f7:fa:bb:45:
bf:ef:fe:18:99:cc:f8:01:dd:ce:86:e0:3d:93:1e:1d:42:81:
7d:18:e0:e2:47:4f:a1:01:91:f8:a4:fd:26:1b:a3:ef:ea:0b:
6d:b3:3f:61:f0:07:9d:2b:bc:d5:22:76:93:a1:4a:a1:c7:fd:
70:94
-----BEGIN CERTIFICATE-----
MIID3TCCA0agAwIBAgIBKDANBgkqhkiG9w0BAQUFADCBizELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJheWVybjEPMA0GA1UEBxMGRnVlcnRoMQ8wDQYDVQQKEwZJZlQw
MDExEjAQBgNVBAMTCUlmVDAwMSBDQTEPMA0GA1UEKRMGc2VydmVyMSQwIgYJKoZI
hvcNAQkBFhVpZnRAaWZ0LWluZm9ybWF0aWsuZGUwHhcNMTgxMDI2MTAyMTUzWhcN
MjgxMDIzMTAyMTUzWjCBljELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJheWVybjEP
MA0GA1UEBxMGRnVlcnRoMQ8wDQYDVQQKEwZJZlQwMDExFDASBgNVBAMTC2Nwa2V0
dG5lcjUxMRIwEAYDVQQpEwljcGtldHRuZXIxKjAoBgkqhkiG9w0BCQEWG2Nwa2V0
dG5lckBpZnQtaW5mb3JtYXRpay5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
gYEAzmyb7mOVDk7ci/riF8sbn+jNNAXguShAXxN6mttNJSQcEjn6SywR4AsZPkHT
i9RTcl7EeA0EHEjOd3S26DL0PjEuf/RwQ/ByJt7DxewlWhRsOIqRNfnQ5BCoJiOr
vEIoL41oKYZIricTPf1DUe5uSJNtACE23jCF3rLqolDMLF8CAwEAAaOCAUIwggE+
MAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBD
ZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUmmdjQ7pRFPgMB1ICElqhFfuDLSEwgcAGA1Ud
IwSBuDCBtYAUKfH155Z3fATGDxqf41TWg8PmPz2hgZGkgY4wgYsxCzAJBgNVBAYT
AkRFMQ8wDQYDVQQIEwZCYXllcm4xDzANBgNVBAcTBkZ1ZXJ0aDEPMA0GA1UEChMG
SWZUMDAxMRIwEAYDVQQDEwlJZlQwMDEgQ0ExDzANBgNVBCkTBnNlcnZlcjEkMCIG
CSqGSIb3DQEJARYVaWZ0QGlmdC1pbmZvcm1hdGlrLmRlggkArfYIshz8omQwEwYD
VR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMA0GCSqGSIb3DQEBBQUAA4GB
AHDM4WHFueDxkX7LoBkKV5Pp8G8Xe1S9j7DuqFtG3Q0DlF/zLNa1gCYWJ57taY0W
yx6Cx1vxDuduXolgfcdERHfD74Sg9/q7Rb/v/hiZzPgB3c6G4D2THh1CgX0Y4OJH
T6EBkfik/SYbo+/qC22zP2HwB50rvNUidpOhSqHH/XCU
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
MIICeQIBADANBgkqhkiG9w0BAQEFAASCAmMwggJfAgEAAoGBAM5sm+5jlQ5O3Iv6
4hfLG5/ozTQF4LkoQF8TeprbTSUkHBI5+kssEeALGT5B04vUU3JexHgNBBxIznd0
tugy9D4xLn/0cEPwcibew8XsJVoUbDiKkTX50OQQqCYjq7xCKC+NaCmGSK4nEz39
Q1HubkiTbQAhNt4whd6y6qJQzCxfAgMBAAECgYEAs0+zEBye4UPt3wa7GZIMWBch
Eby9XfmyGSTRju1LESVR4R9N5bjNekIJ1oPV4JQ7PJFHt0UPOgagmzHepMuGT2LS
k2V+dBiyicwIVT9ObGbUwDRWxqbh7JhtD/Yjh/sJMjR4jbzU0QIAqrqcDPpRP9mu
4adtQNzxJRUYTtcVrpkCQQD8HpkY3P2VKUuph9QkoeIGvBU4xzcmcN+SjJFE5aEV
hRuh0sVcEkYYiANWUIzqRUkn7GQMg+5oxTgzM4jg8a6dAkEA0Zn2Y7MRusEBPVPv
DAGY6241tOUOsAJozmnlhRrYB5dijaVYV0uVMBQDzry8z/gLZAsY1um3OQg573Ng
nY+4KwJBAKY+Ttk0LwnCFyAMbnhRPkcOkjfENLtmRiXOBqQVfmhAQv4rivOxIQNf
/ENYDfMUCK8IktglznjLQsmQO7uH4YkCQQCI8cIUw9OqpB2uNx+xRX3nHJvEdAAT
qY9WhcPrIm3RD+zZRRWh+4Ue44TVV2U5sAOpOsLg79TBU4me1FBkwZj/AkEApr9H
XIhVxoW2vQyHnxRy6ZQEw/xbcfBrFtp/9to7yXNWchQtOufbjgllYDxo9e/UphjZ
K+ZUQoVDW8fvhw5zMQ==
-----END PRIVATE KEY-----
</key>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
2bd62930e4ffd4a1279da017f01ffbba
58f3645b4226e1851cae3f4d44e807e9
36ff6f397dcd450dc04c19a6f5d41975
5d402bcba8af7f84d1b65507336ce17d
41aad424a335a7a517f325cfc57f150e
63b177420a2a654818e2cff582a6764d
ebfb48bf0cd40eeaf278bcd8f00e3956
95ce6f9b369f54c6cc596764253c62f6
7c95830bbc62b6067fa49aeab348dcf6
9d74d36194f78379875c7ad7ccc88776
18891b9b69ed864c01c61ed874a121b6
1475a905f635809f7cf07234397034e0
f53666ac55c071153698d2c765b1dbf1
7ac21d37526b55a6fdba6f79e2554f0f
d2bb7674471b08c5e63c948b7e773c14
417093119c5ef39d9cef728143e44093
-----END OpenVPN Static key V1-----
</tls-auth>