| Current Path : /var/mail/etc/o1/client/files/ |
Linux ift1.ift-informatik.de 5.4.0-216-generic #236-Ubuntu SMP Fri Apr 11 19:53:21 UTC 2025 x86_64 |
| Current File : /var/mail/etc/o1/client/files/ift5.ovpn |
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
dev tap
;dev tun
# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one. On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
;dev-node MyTap
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server.
;proto tcp
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote ift-intern.de 1194
;remote my-server-2 1194
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Downgrade privileges after initialization (non-Windows only)
;user nobody
;group nogroup
# Try to preserve some state across restarts.
persist-key
persist-tun
# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN
# server, put the proxy server/IP and
# port number here. See the man page
# if your proxy server requires
# authentication.
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
# Wireless networks often produce a lot
# of duplicate packets. Set this flag
# to silence duplicate packet warnings.
;mute-replay-warnings
# SSL/TLS parms.
# See the server config file for more
# description. It's best to use
# a separate .crt/.key file pair
# for each client. A single ca
# file can be used for all clients.
# ca ca.crt
# cert client.crt
# key client.key
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-server
# script in the easy-rsa folder will do this.
ns-cert-type server
# If a tls-auth key is used on the server
# then every client must also have the key.
tls-auth ta.key 1
key-direction 1
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
cipher AES-128-CBC
auth SHA256
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
comp-lzo
# Set log file verbosity.
verb 3
# Silence repeating messages
;mute 20
route-method exe
route-delay 2
pull
<ca>
-----BEGIN CERTIFICATE-----
MIIDijCCAvOgAwIBAgIJAK32CLIc/KJkMA0GCSqGSIb3DQEBBQUAMIGLMQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmF5ZXJuMQ8wDQYDVQQHEwZGdWVydGgxDzANBgNV
BAoTBklmVDAwMTESMBAGA1UEAxMJSWZUMDAxIENBMQ8wDQYDVQQpEwZzZXJ2ZXIx
JDAiBgkqhkiG9w0BCQEWFWlmdEBpZnQtaW5mb3JtYXRpay5kZTAeFw0xNzA3MTcw
OTUwMzJaFw0yNzA3MTUwOTUwMzJaMIGLMQswCQYDVQQGEwJERTEPMA0GA1UECBMG
QmF5ZXJuMQ8wDQYDVQQHEwZGdWVydGgxDzANBgNVBAoTBklmVDAwMTESMBAGA1UE
AxMJSWZUMDAxIENBMQ8wDQYDVQQpEwZzZXJ2ZXIxJDAiBgkqhkiG9w0BCQEWFWlm
dEBpZnQtaW5mb3JtYXRpay5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
7Y/24TI5tcSY7bB2Z+sXBcQ36cS0F+Pyw2rgKcK1kF977TmyF40nQsMiAmhZ37nt
GXu+ESbzJ8qRTBlrJ8NcgY1zq9hsGr/1lyyWr6P6NtwOhoSVz+FHd92i3s5bzNSR
LlQlcW1WI9TD7qpyKu2f68fCoTPZCdzq1916X/OUoP0CAwEAAaOB8zCB8DAdBgNV
HQ4EFgQUKfH155Z3fATGDxqf41TWg8PmPz0wgcAGA1UdIwSBuDCBtYAUKfH155Z3
fATGDxqf41TWg8PmPz2hgZGkgY4wgYsxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZC
YXllcm4xDzANBgNVBAcTBkZ1ZXJ0aDEPMA0GA1UEChMGSWZUMDAxMRIwEAYDVQQD
EwlJZlQwMDEgQ0ExDzANBgNVBCkTBnNlcnZlcjEkMCIGCSqGSIb3DQEJARYVaWZ0
QGlmdC1pbmZvcm1hdGlrLmRlggkArfYIshz8omQwDAYDVR0TBAUwAwEB/zANBgkq
hkiG9w0BAQUFAAOBgQCfDJpAncCsf+1tfbwVKlxbCEgKkW9baHiO1w4gI70PcIFz
ooRcS7E7BFGgRWiQmh58f/g1DnPxYX302GTC14XToA1Ri9uKFac+9hOCx9EUvAN7
3vzuKZRc5NITKyjHhZkavn+IfSCr7jc+aoBka+QMFILKgvNwnUZm0xhveruUqQ==
-----END CERTIFICATE-----
</ca>
<cert>
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 44 (0x2c)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=DE, ST=Bayern, L=Fuerth, O=IfT001, CN=IfT001 CA/name=server/emailAddress=ift@ift-informatik.de
Validity
Not Before: May 3 10:44:53 2019 GMT
Not After : Apr 30 10:44:53 2029 GMT
Subject: C=DE, ST=Bayern, L=Fuerth, O=IfT001, CN=ift5/name=ift5/emailAddress=ift5@ift-informatik.de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:f4:dd:27:c8:89:75:86:84:a2:15:7b:03:f7:72:
1f:ae:11:4f:c6:82:64:89:70:e5:29:a3:3c:93:a9:
5f:91:d6:b2:ec:5b:41:39:a9:53:fb:d6:0c:06:bf:
4d:5d:c4:f8:53:f4:8d:4f:0a:20:30:ee:1d:fe:cc:
9a:7f:a7:97:52:0a:ec:d3:18:17:6a:bd:a0:aa:3c:
c7:c5:bc:71:a3:ab:80:9a:34:5c:cc:fa:3d:dc:80:
e2:6a:f1:66:8b:b3:da:a2:5d:1f:54:fd:41:e0:4a:
fc:cd:58:4a:70:eb:4a:4c:f3:62:2d:f2:60:26:0c:
8b:41:8e:3e:04:b6:56:c8:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
62:60:67:DB:78:CF:6A:AF:C3:97:CC:1A:F7:8B:94:A1:7A:13:D6:0C
X509v3 Authority Key Identifier:
keyid:29:F1:F5:E7:96:77:7C:04:C6:0F:1A:9F:E3:54:D6:83:C3:E6:3F:3D
DirName:/C=DE/ST=Bayern/L=Fuerth/O=IfT001/CN=IfT001 CA/name=server/emailAddress=ift@ift-informatik.de
serial:AD:F6:08:B2:1C:FC:A2:64
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
Signature Algorithm: sha1WithRSAEncryption
35:50:da:e7:8a:dc:de:e7:b9:12:e5:d5:16:9a:84:61:12:d5:
a8:2d:51:3a:8e:c1:0c:35:27:a7:4c:2d:d4:1e:29:8e:cb:0e:
d6:93:75:87:62:fd:75:e6:06:4c:c7:17:41:b5:b5:1e:df:7f:
72:fb:ce:3e:73:1b:51:97:a8:4c:0c:4a:d8:c3:f8:72:6e:27:
2a:13:8d:5f:bc:57:97:d4:ce:95:53:5c:80:b1:54:63:95:a2:
df:95:da:65:9d:69:c6:77:b6:ab:3f:f2:d5:c3:e9:cc:73:4f:
a3:b7:b1:0d:02:4e:c8:f5:f4:9b:e1:ac:16:c8:68:10:2a:d3:
a8:c9
-----BEGIN CERTIFICATE-----
MIIDzDCCAzWgAwIBAgIBLDANBgkqhkiG9w0BAQUFADCBizELMAkGA1UEBhMCREUx
DzANBgNVBAgTBkJheWVybjEPMA0GA1UEBxMGRnVlcnRoMQ8wDQYDVQQKEwZJZlQw
MDExEjAQBgNVBAMTCUlmVDAwMSBDQTEPMA0GA1UEKRMGc2VydmVyMSQwIgYJKoZI
hvcNAQkBFhVpZnRAaWZ0LWluZm9ybWF0aWsuZGUwHhcNMTkwNTAzMTA0NDUzWhcN
MjkwNDMwMTA0NDUzWjCBhTELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJheWVybjEP
MA0GA1UEBxMGRnVlcnRoMQ8wDQYDVQQKEwZJZlQwMDExDTALBgNVBAMTBGlmdDUx
DTALBgNVBCkTBGlmdDUxJTAjBgkqhkiG9w0BCQEWFmlmdDVAaWZ0LWluZm9ybWF0
aWsuZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPTdJ8iJdYaEohV7A/dy
H64RT8aCZIlw5SmjPJOpX5HWsuxbQTmpU/vWDAa/TV3E+FP0jU8KIDDuHf7Mmn+n
l1IK7NMYF2q9oKo8x8W8caOrgJo0XMz6PdyA4mrxZouz2qJdH1T9QeBK/M1YSnDr
SkzzYi3yYCYMi0GOPgS2VsjxAgMBAAGjggFCMIIBPjAJBgNVHRMEAjAAMC0GCWCG
SAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0O
BBYEFGJgZ9t4z2qvw5fMGveLlKF6E9YMMIHABgNVHSMEgbgwgbWAFCnx9eeWd3wE
xg8an+NU1oPD5j89oYGRpIGOMIGLMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmF5
ZXJuMQ8wDQYDVQQHEwZGdWVydGgxDzANBgNVBAoTBklmVDAwMTESMBAGA1UEAxMJ
SWZUMDAxIENBMQ8wDQYDVQQpEwZzZXJ2ZXIxJDAiBgkqhkiG9w0BCQEWFWlmdEBp
ZnQtaW5mb3JtYXRpay5kZYIJAK32CLIc/KJkMBMGA1UdJQQMMAoGCCsGAQUFBwMC
MAsGA1UdDwQEAwIHgDANBgkqhkiG9w0BAQUFAAOBgQA1UNrnitze57kS5dUWmoRh
EtWoLVE6jsEMNSenTC3UHimOyw7Wk3WHYv115gZMxxdBtbUe339y+84+cxtRl6hM
DErYw/hybicqE41fvFeX1M6VU1yAsVRjlaLfldplnWnGd7arP/LVw+nMc0+jt7EN
Ak7I9fSb4awWyGgQKtOoyQ==
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAPTdJ8iJdYaEohV7
A/dyH64RT8aCZIlw5SmjPJOpX5HWsuxbQTmpU/vWDAa/TV3E+FP0jU8KIDDuHf7M
mn+nl1IK7NMYF2q9oKo8x8W8caOrgJo0XMz6PdyA4mrxZouz2qJdH1T9QeBK/M1Y
SnDrSkzzYi3yYCYMi0GOPgS2VsjxAgMBAAECgYEAmJP6Bz6IKhMZgHMP7K+DSA7n
e9WiWfYsBb7+rzA6KgDzqs3OHeUCPQmKouWvir+C0aWwK9Eub+7gZ/YMS4EdizzG
MyRwJ9rSSj8e94mg+F1cZNnaqJps2MVmEidsOA1gL+CQGQXerOIWvdgFAANpYqPN
kndtauv2jR9Act7LijECQQD/qsmgUBKQYQJPJpl+9RqQaI0mRPewxBBAsl9UbJ84
k/RZXawwxwiG2MIamaLOg5uEf7PoF47P2Qv+0ZOn+mkVAkEA9S7EY0CwMPJEU5ps
ZdrBjFq0wdEuPbmlBNXfAeVPEurfCD0lMPVeWmG9+q2J8uqtAy9X5nBrsp20D2Ky
+KSfbQJAAIfSM0r3PuV0o8VovCK2E2akJFgwS2WcwwWbvQkcq3ljIGxZVyCSm/UH
Mhbvh44uXHAHZ4vk9/lzVOwKambSoQJAbNkpWML0NZaonNEWxJU8jfoK+2zJcZ/E
UgQ88BOEamqZP4gdxcF49PklpW97qbtjueE/zc8lEPQQZzAzMk2rdQJAFvbiNuLx
3XN/0n3t+ze2rcfFl5KS0uRStyUehaHAKvHwvOWyXTtURO5cKTJXjSCbkJoW9c5f
YUVPncVpZPK5ZA==
-----END PRIVATE KEY-----
</key>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
2bd62930e4ffd4a1279da017f01ffbba
58f3645b4226e1851cae3f4d44e807e9
36ff6f397dcd450dc04c19a6f5d41975
5d402bcba8af7f84d1b65507336ce17d
41aad424a335a7a517f325cfc57f150e
63b177420a2a654818e2cff582a6764d
ebfb48bf0cd40eeaf278bcd8f00e3956
95ce6f9b369f54c6cc596764253c62f6
7c95830bbc62b6067fa49aeab348dcf6
9d74d36194f78379875c7ad7ccc88776
18891b9b69ed864c01c61ed874a121b6
1475a905f635809f7cf07234397034e0
f53666ac55c071153698d2c765b1dbf1
7ac21d37526b55a6fdba6f79e2554f0f
d2bb7674471b08c5e63c948b7e773c14
417093119c5ef39d9cef728143e44093
-----END OpenVPN Static key V1-----
</tls-auth>