From d283f2e4fde60191ede5900a850a8776f76fa622 Mon Sep 17 00:00:00 2001 From: Joerg Lehmann Date: Fri, 20 Sep 2019 15:22:49 +0200 Subject: [PATCH] change certs, new ccds --- ccd/010003006049 | 1 + ccd/010003006050 | 1 + ccd/010003006051 | 1 + ccd/010003006052 | 1 + ccd/010003006053 | 1 + ccd/010003006054 | 1 + ccd/010003006055 | 1 + ccd/010003006056 | 1 + ccd/010003006057 | 1 + ccd/010003006058 | 1 + ccd/010003006059 | 1 + ccd/010003006060 | 1 + ccd/010003006061 | 1 + ccd/010003006062 | 1 + ccd/010003006063 | 1 + ccd/010003006064 | 1 + ccd/010003006065 | 1 + ccd/010003006066 | 1 + ccd/010003006067 | 1 + ccd/010003006068 | 1 + ccd/010003006069 | 1 + ccd/010003006070 | 1 + ccd/010003006071 | 1 + ccd/010003006072 | 1 + ccd/010003006200 | 1 + ccd/010003006201 | 1 + ccd/010003006202 | 1 + ccd/010003006203 | 1 + ccd/010003006204 | 1 + ccd/010003006205 | 1 + ccd/010003006206 | 1 + ccd/010003006207 | 1 + ccd/010003006208 | 1 + ccd/010003006209 | 1 + ccd/010003006210 | 1 + ccd/010003006211 | 1 + ccd/010003006212 | 1 + ccd/010003006213 | 1 + ccd/010003006214 | 1 + ccd/010003006215 | 1 + ccd/010003006216 | 1 + ccd/010003006217 | 1 + ccd/010003006218 | 1 + ccd/010003006219 | 1 + ccd/010003006220 | 1 + ccd/010003006221 | 1 + certs/ewon.rychiger.com-cert.pem | 21 +++++++++++++ config/server-443.conf | 4 +-- config/server-443.conf.22feb2019 | 51 +++++++++++++++++++++++++++++++ private/ewon.rychiger.com-key.pem | 15 +++++++++ 50 files changed, 135 insertions(+), 2 deletions(-) create mode 100644 ccd/010003006049 create mode 100644 ccd/010003006050 create mode 100644 ccd/010003006051 create mode 100644 ccd/010003006052 create mode 100644 ccd/010003006053 create mode 100644 ccd/010003006054 create mode 100644 ccd/010003006055 create mode 100644 ccd/010003006056 create mode 100644 ccd/010003006057 create mode 100644 ccd/010003006058 create mode 100644 ccd/010003006059 create mode 100644 ccd/010003006060 create mode 100644 ccd/010003006061 create mode 100644 ccd/010003006062 create mode 100644 ccd/010003006063 create mode 100644 ccd/010003006064 create mode 100644 ccd/010003006065 create mode 100644 ccd/010003006066 create mode 100644 ccd/010003006067 create mode 100644 ccd/010003006068 create mode 100644 ccd/010003006069 create mode 100644 ccd/010003006070 create mode 100644 ccd/010003006071 create mode 100644 ccd/010003006072 create mode 100644 ccd/010003006200 create mode 100644 ccd/010003006201 create mode 100644 ccd/010003006202 create mode 100644 ccd/010003006203 create mode 100644 ccd/010003006204 create mode 100644 ccd/010003006205 create mode 100644 ccd/010003006206 create mode 100644 ccd/010003006207 create mode 100644 ccd/010003006208 create mode 100644 ccd/010003006209 create mode 100644 ccd/010003006210 create mode 100644 ccd/010003006211 create mode 100644 ccd/010003006212 create mode 100644 ccd/010003006213 create mode 100644 ccd/010003006214 create mode 100644 ccd/010003006215 create mode 100644 ccd/010003006216 create mode 100644 ccd/010003006217 create mode 100644 ccd/010003006218 create mode 100644 ccd/010003006219 create mode 100644 ccd/010003006220 create mode 100644 ccd/010003006221 create mode 100644 certs/ewon.rychiger.com-cert.pem create mode 100644 config/server-443.conf.22feb2019 create mode 100644 private/ewon.rychiger.com-key.pem diff --git a/ccd/010003006049 b/ccd/010003006049 new file mode 100644 index 0000000..1095d84 --- /dev/null +++ b/ccd/010003006049 @@ -0,0 +1 @@ +ifconfig-push 10.3.6.49 255.255.0.0 diff --git a/ccd/010003006050 b/ccd/010003006050 new file mode 100644 index 0000000..ac82f05 --- /dev/null +++ b/ccd/010003006050 @@ -0,0 +1 @@ +ifconfig-push 10.3.6.50 255.255.0.0 diff --git a/ccd/010003006051 b/ccd/010003006051 new file mode 100644 index 0000000..512a176 --- /dev/null +++ b/ccd/010003006051 @@ -0,0 +1 @@ +ifconfig-push 10.3.6.51 255.255.0.0 diff --git a/ccd/010003006052 b/ccd/010003006052 new file mode 100644 index 0000000..02d5022 --- /dev/null +++ b/ccd/010003006052 @@ -0,0 +1 @@ +ifconfig-push 10.3.6.52 255.255.0.0 diff --git a/ccd/010003006053 b/ccd/010003006053 new file mode 100644 index 0000000..ad854a1 --- /dev/null +++ b/ccd/010003006053 @@ -0,0 +1 @@ +ifconfig-push 10.3.6.53 255.255.0.0 diff --git a/ccd/010003006054 b/ccd/010003006054 new file mode 100644 index 0000000..d93f710 --- /dev/null +++ b/ccd/010003006054 @@ -0,0 +1 @@ +ifconfig-push 10.3.6.54 255.255.0.0 diff --git a/ccd/010003006055 b/ccd/010003006055 new file mode 100644 index 0000000..cf152ed --- /dev/null +++ b/ccd/010003006055 @@ -0,0 +1 @@ +ifconfig-push 10.3.6.55 255.255.0.0 diff --git a/ccd/010003006056 b/ccd/010003006056 new file mode 100644 index 0000000..02c2758 --- /dev/null +++ b/ccd/010003006056 @@ -0,0 +1 @@ +ifconfig-push 10.3.6.56 255.255.0.0 diff --git a/ccd/010003006057 b/ccd/010003006057 new file mode 100644 index 0000000..8d5538b --- /dev/null +++ b/ccd/010003006057 @@ -0,0 +1 @@ +ifconfig-push 10.3.6.57 255.255.0.0 diff --git a/ccd/010003006058 b/ccd/010003006058 new file mode 100644 index 0000000..0067e9f --- /dev/null +++ b/ccd/010003006058 @@ -0,0 +1 @@ +ifconfig-push 10.3.6.58 255.255.0.0 diff --git a/ccd/010003006059 b/ccd/010003006059 new file mode 100644 index 0000000..d4889bd --- /dev/null +++ b/ccd/010003006059 @@ -0,0 +1 @@ +ifconfig-push 10.3.6.59 255.255.0.0 diff --git a/ccd/010003006060 b/ccd/010003006060 new file mode 100644 index 0000000..8a92df3 --- /dev/null +++ b/ccd/010003006060 @@ -0,0 +1 @@ +ifconfig-push 10.3.6.60 255.255.0.0 diff --git a/ccd/010003006061 b/ccd/010003006061 new file mode 100644 index 0000000..a1188fc --- /dev/null +++ b/ccd/010003006061 @@ -0,0 +1 @@ +ifconfig-push 10.3.6.61 255.255.0.0 diff --git a/ccd/010003006062 b/ccd/010003006062 new file mode 100644 index 0000000..ff11a5d --- /dev/null +++ b/ccd/010003006062 @@ -0,0 +1 @@ +ifconfig-push 10.3.6.62 255.255.0.0 diff --git a/ccd/010003006063 b/ccd/010003006063 new file mode 100644 index 0000000..1d85cf0 --- /dev/null +++ b/ccd/010003006063 @@ -0,0 +1 @@ +ifconfig-push 10.3.6.63 255.255.0.0 diff --git a/ccd/010003006064 b/ccd/010003006064 new file mode 100644 index 0000000..cd18365 --- /dev/null +++ b/ccd/010003006064 @@ -0,0 +1 @@ +ifconfig-push 10.3.6.64 255.255.0.0 diff --git a/ccd/010003006065 b/ccd/010003006065 new file mode 100644 index 0000000..e075cbd --- /dev/null +++ b/ccd/010003006065 @@ -0,0 +1 @@ +ifconfig-push 10.3.6.65 255.255.0.0 diff --git a/ccd/010003006066 b/ccd/010003006066 new file mode 100644 index 0000000..dbdd82c --- /dev/null +++ b/ccd/010003006066 @@ -0,0 +1 @@ +ifconfig-push 10.3.6.66 255.255.0.0 diff --git a/ccd/010003006067 b/ccd/010003006067 new file mode 100644 index 0000000..20e32f9 --- /dev/null +++ b/ccd/010003006067 @@ -0,0 +1 @@ +ifconfig-push 10.3.6.67 255.255.0.0 diff --git a/ccd/010003006068 b/ccd/010003006068 new file mode 100644 index 0000000..1d146fc --- /dev/null +++ b/ccd/010003006068 @@ -0,0 +1 @@ +ifconfig-push 10.3.6.68 255.255.0.0 diff --git a/ccd/010003006069 b/ccd/010003006069 new file mode 100644 index 0000000..d11a27e --- /dev/null +++ b/ccd/010003006069 @@ -0,0 +1 @@ +ifconfig-push 10.3.6.69 255.255.0.0 diff --git a/ccd/010003006070 b/ccd/010003006070 new file mode 100644 index 0000000..3d54a6e --- /dev/null +++ b/ccd/010003006070 @@ -0,0 +1 @@ +ifconfig-push 10.3.6.70 255.255.0.0 diff --git a/ccd/010003006071 b/ccd/010003006071 new file mode 100644 index 0000000..2b50cde --- /dev/null +++ b/ccd/010003006071 @@ -0,0 +1 @@ +ifconfig-push 10.3.6.71 255.255.0.0 diff --git a/ccd/010003006072 b/ccd/010003006072 new file mode 100644 index 0000000..552164c --- /dev/null +++ b/ccd/010003006072 @@ -0,0 +1 @@ +ifconfig-push 10.3.6.72 255.255.0.0 diff --git a/ccd/010003006200 b/ccd/010003006200 new file mode 100644 index 0000000..0b49033 --- /dev/null +++ b/ccd/010003006200 @@ -0,0 +1 @@ +ifconfig-push 10.3.6.200 255.255.0.0 diff --git a/ccd/010003006201 b/ccd/010003006201 new file mode 100644 index 0000000..91d1c5c --- /dev/null +++ b/ccd/010003006201 @@ -0,0 +1 @@ +ifconfig-push 10.3.6.201 255.255.0.0 diff --git a/ccd/010003006202 b/ccd/010003006202 new file mode 100644 index 0000000..16dd4ff --- /dev/null +++ b/ccd/010003006202 @@ -0,0 +1 @@ +ifconfig-push 10.3.6.202 255.255.0.0 diff --git a/ccd/010003006203 b/ccd/010003006203 new file mode 100644 index 0000000..05d2f9b --- /dev/null +++ b/ccd/010003006203 @@ -0,0 +1 @@ +ifconfig-push 10.3.6.203 255.255.0.0 diff --git a/ccd/010003006204 b/ccd/010003006204 new file mode 100644 index 0000000..f13f872 --- /dev/null +++ b/ccd/010003006204 @@ -0,0 +1 @@ +ifconfig-push 10.3.6.204 255.255.0.0 diff --git a/ccd/010003006205 b/ccd/010003006205 new file mode 100644 index 0000000..655dd66 --- /dev/null +++ b/ccd/010003006205 @@ -0,0 +1 @@ +ifconfig-push 10.3.6.205 255.255.0.0 diff --git a/ccd/010003006206 b/ccd/010003006206 new file mode 100644 index 0000000..c028fc3 --- /dev/null +++ b/ccd/010003006206 @@ -0,0 +1 @@ +ifconfig-push 10.3.6.206 255.255.0.0 diff --git a/ccd/010003006207 b/ccd/010003006207 new file mode 100644 index 0000000..54a06fc --- /dev/null +++ b/ccd/010003006207 @@ -0,0 +1 @@ +ifconfig-push 10.3.6.207 255.255.0.0 diff --git a/ccd/010003006208 b/ccd/010003006208 new file mode 100644 index 0000000..c8b4426 --- /dev/null +++ b/ccd/010003006208 @@ -0,0 +1 @@ +ifconfig-push 10.3.6.208 255.255.0.0 diff --git a/ccd/010003006209 b/ccd/010003006209 new file mode 100644 index 0000000..3c3a2e5 --- /dev/null +++ b/ccd/010003006209 @@ -0,0 +1 @@ +ifconfig-push 10.3.6.209 255.255.0.0 diff --git a/ccd/010003006210 b/ccd/010003006210 new file mode 100644 index 0000000..4ced11e --- /dev/null +++ b/ccd/010003006210 @@ -0,0 +1 @@ +ifconfig-push 10.3.6.210 255.255.0.0 diff --git a/ccd/010003006211 b/ccd/010003006211 new file mode 100644 index 0000000..c7a554e --- /dev/null +++ b/ccd/010003006211 @@ -0,0 +1 @@ +ifconfig-push 10.3.6.211 255.255.0.0 diff --git a/ccd/010003006212 b/ccd/010003006212 new file mode 100644 index 0000000..6fb0555 --- /dev/null +++ b/ccd/010003006212 @@ -0,0 +1 @@ +ifconfig-push 10.3.6.212 255.255.0.0 diff --git a/ccd/010003006213 b/ccd/010003006213 new file mode 100644 index 0000000..cc9eced --- /dev/null +++ b/ccd/010003006213 @@ -0,0 +1 @@ +ifconfig-push 10.3.6.213 255.255.0.0 diff --git a/ccd/010003006214 b/ccd/010003006214 new file mode 100644 index 0000000..ab77339 --- /dev/null +++ b/ccd/010003006214 @@ -0,0 +1 @@ +ifconfig-push 10.3.6.214 255.255.0.0 diff --git a/ccd/010003006215 b/ccd/010003006215 new file mode 100644 index 0000000..c5f496e --- /dev/null +++ b/ccd/010003006215 @@ -0,0 +1 @@ +ifconfig-push 10.3.6.215 255.255.0.0 diff --git a/ccd/010003006216 b/ccd/010003006216 new file mode 100644 index 0000000..78d534c --- /dev/null +++ b/ccd/010003006216 @@ -0,0 +1 @@ +ifconfig-push 10.3.6.216 255.255.0.0 diff --git a/ccd/010003006217 b/ccd/010003006217 new file mode 100644 index 0000000..a0219c3 --- /dev/null +++ b/ccd/010003006217 @@ -0,0 +1 @@ +ifconfig-push 10.3.6.217 255.255.0.0 diff --git a/ccd/010003006218 b/ccd/010003006218 new file mode 100644 index 0000000..2c67e27 --- /dev/null +++ b/ccd/010003006218 @@ -0,0 +1 @@ +ifconfig-push 10.3.6.218 255.255.0.0 diff --git a/ccd/010003006219 b/ccd/010003006219 new file mode 100644 index 0000000..8b60019 --- /dev/null +++ b/ccd/010003006219 @@ -0,0 +1 @@ +ifconfig-push 10.3.6.219 255.255.0.0 diff --git a/ccd/010003006220 b/ccd/010003006220 new file mode 100644 index 0000000..0118576 --- /dev/null +++ b/ccd/010003006220 @@ -0,0 +1 @@ +ifconfig-push 10.3.6.220 255.255.0.0 diff --git a/ccd/010003006221 b/ccd/010003006221 new file mode 100644 index 0000000..3a17630 --- /dev/null +++ b/ccd/010003006221 @@ -0,0 +1 @@ +ifconfig-push 10.3.6.221 255.255.0.0 diff --git a/certs/ewon.rychiger.com-cert.pem b/certs/ewon.rychiger.com-cert.pem new file mode 100644 index 0000000..e42c9dc --- /dev/null +++ b/certs/ewon.rychiger.com-cert.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDizCCAnOgAwIBAgIURwxzomqugQsm+jJlP4ZUDfk7NrAwDQYJKoZIhvcNAQEL +BQAwOjELMAkGA1UEBhMCQ0gxEzARBgNVBAoTClJ5Y2hpZ2VyQUcxFjAUBgNVBAMT +DVJ5Y2hpZ2VyQUcgQ0EwHhcNMTkwMjIyMTE1NTAzWhcNMzkwMjE3MTE1NTAzWjBU +MQswCQYDVQQGEwJDSDEUMBIGA1UEBwwLU3RlZmZpc2J1cmcxEzARBgNVBAoMClJ5 +Y2hpZ2VyQUcxGjAYBgNVBAMMEWV3b24ucnljaGlnZXIuY29tMIGfMA0GCSqGSIb3 +DQEBAQUAA4GNADCBiQKBgQDT5topkMNRWGxpweKb3ZQwcEc/lwvMOZeRQN+L3IAz +vJawBeVpIknKkCaM+HjP/iqrp8A5kuutsErhYIt4y7GOlG8sUNZpYr9k/v4KZ5Xz +ETX+Mkea2Q8IRI9nb9+rAP+okAnlnSXFC3nqAcRE7gw2DZ7vdm5L9n0KNEObDG/0 +vQIDAQABo4HyMIHvMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMDcGCWCG +SAGG+EIBDQQqFihTZXJ2ZXIgQ2VydGlmaWNhdGUgZm9yIGV3b24ucnljaGlnZXIu +Y29tMB0GA1UdDgQWBBQMAjnkJM2aZCb940uKLajK3MFW4TBiBgNVHSMEWzBZgBQm +La9T936sM1P1pvOTiRAjTvXr0qE+pDwwOjELMAkGA1UEBhMCQ0gxEzARBgNVBAoT +ClJ5Y2hpZ2VyQUcxFjAUBgNVBAMTDVJ5Y2hpZ2VyQUcgQ0GCAQEwEwYDVR0lBAww +CgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBALdWPGhGt2O6Lt0pWqEB38xO +gZiQIcOI3RuCv8dUyK81rrx1zVNd87wyb0PvPkdLfzVpbW+PL+q5BdXWCwtP43RS +Gi7UCaJV3J2m+I9SqPLuvKGTFs98BbSq0/aBqCYDeP0MSyEAsaIZQ8bhaslQytGd +KZbO5HL/89ci9PG1gXaYhhgCIRBNo5RsgzOf4R3t9/4IT5VAsTdJEN7mmWPHxlex +M7//9cLruV6/mY0NeekXMK/YCReY9pLEhqa2t0IPo47JTrElYN0KTdlCCd9tMrBq +hQrzaJUEpQWatboAOswonpagsbrI4CNK4MJvL0DXPOQx7CUShVVMrhOiGqjiCVk= +-----END CERTIFICATE----- diff --git a/config/server-443.conf b/config/server-443.conf index afbff88..d3b8e12 100644 --- a/config/server-443.conf +++ b/config/server-443.conf @@ -38,8 +38,8 @@ management localhost 6667 ; certificates and authentication dh /opt/openvpn/private/dh1024.pem ca /opt/openvpn/ca/cacert.pem -cert /opt/openvpn/certs/hostcert.pem -key /opt/openvpn/private/hostkey.pem +cert /opt/openvpn/certs/ewon.rychiger.com-cert.pem +key /opt/openvpn/private/ewon.rychiger.com-key.pem verify-client-cert none username-as-common-name auth-user-pass-verify /opt/openvpn/scripts/openvpn-auth.py via-env diff --git a/config/server-443.conf.22feb2019 b/config/server-443.conf.22feb2019 new file mode 100644 index 0000000..afbff88 --- /dev/null +++ b/config/server-443.conf.22feb2019 @@ -0,0 +1,51 @@ +mode server +daemon +tls-server +proto tcp +port 443 +local 192.168.99.11 +client-config-dir /opt/openvpn/ccd +script-security 3 +writepid /var/run/openvpn-server/myopenvpn-443.pid + +; ciphers +tls-cipher "DEFAULT" + +; tunnel configuration +dev tap1 +server-bridge 10.3.5.1 255.255.0.0 10.3.6.1 10.3.7.254 +passtos +comp-lzo +persist-key +persist-tun +persist-local-ip +persist-remote-ip + +; loggin and status +ifconfig-pool-persist /opt/openvpn/leases/openvpn-443.leases +status-version 2 +status /opt/openvpn/status/openvpnserver-status-443.log 5; +verb 3 +client-connect /opt/openvpn/scripts/logon.sh +client-disconnect /opt/openvpn/scripts/logoff.sh + +; routing +;push "route 10.3.0.0 255.255.0.0" + +; management +management localhost 6667 + +; certificates and authentication +dh /opt/openvpn/private/dh1024.pem +ca /opt/openvpn/ca/cacert.pem +cert /opt/openvpn/certs/hostcert.pem +key /opt/openvpn/private/hostkey.pem +verify-client-cert none +username-as-common-name +auth-user-pass-verify /opt/openvpn/scripts/openvpn-auth.py via-env +;client-to-client +keepalive 10 60 +max-clients 50 + +; explicit exit +push "explicit-exit-notify" diff --git a/private/ewon.rychiger.com-key.pem b/private/ewon.rychiger.com-key.pem new file mode 100644 index 0000000..03b9c34 --- /dev/null +++ b/private/ewon.rychiger.com-key.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXgIBAAKBgQDT5topkMNRWGxpweKb3ZQwcEc/lwvMOZeRQN+L3IAzvJawBeVp +IknKkCaM+HjP/iqrp8A5kuutsErhYIt4y7GOlG8sUNZpYr9k/v4KZ5XzETX+Mkea +2Q8IRI9nb9+rAP+okAnlnSXFC3nqAcRE7gw2DZ7vdm5L9n0KNEObDG/0vQIDAQAB +AoGBAKUW/zNRAIr4vAYtMxLCL/kJEMlfMabb29Uj2MZLdWpZbIEZJuGhACKb6hz8 +XIuXdsEjwaRZbdp1NfGfWSo0cFC9GcacvURuvTiPx75R8fvrk20R9DohhdjOArUU +KTXYUJSNt9c2qk0xloBDVj1jnWZ2CvQP5uEX1Tx6irHo2Vz1AkEA7mmgF24WhUru +v0aK43g2ZlBcdQeMHQWtD5nC9kj9GOfx1jYng1UnV+vXXCa5zgmkGvTLPVL72yYi +i4NsQdimDwJBAOOIkzS1zmPkUs5ogUwrqn/ulAUC6KLG781C63stMFQB+DRoYJNk +Y4Bs+jm5zDHpDznHRCRGTSPbNSx7jTBI5HMCQQCHfbXCuwjHdb9bKv7xqTbZTKBO +zhw9viUNMahQCUj1Z5PT1nD8PV+fouOAdm2v/2CpBSef0VJayEBnoyfaAALXAkEA +uQ1Z0/PNYRbQdgkup3mYGKY8AntkIwcy/zje9fZBqQFVEaKWcSmjd06qkApZVXpc +JLy44du/X1soOv5dTRjrmwJAdl6tL+3YFLqLEaPXBlJX43oGCYVhXWRnx7AsPAGC ++yqnZM1tsz2X4rTfxGgu1PEf6lfRaN8pFqlLqfq/YhZzXA== +-----END RSA PRIVATE KEY-----