change certs, new ccds

2019-09-20 15:22:49 +02:00 · 2019-09-20 15:22:49 +02:00 · d283f2e4fd
parent 853b4d2204
commit d283f2e4fd
50 changed files with 135 additions and 2 deletions
--- a/ccd/010003006049
+++ b/ccd/010003006049
@ -0,0 +1 @@
 ifconfig-push 10.3.6.49 255.255.0.0
--- a/ccd/010003006050
+++ b/ccd/010003006050
@ -0,0 +1 @@
 ifconfig-push 10.3.6.50 255.255.0.0
--- a/ccd/010003006051
+++ b/ccd/010003006051
@ -0,0 +1 @@
 ifconfig-push 10.3.6.51 255.255.0.0
--- a/ccd/010003006052
+++ b/ccd/010003006052
@ -0,0 +1 @@
 ifconfig-push 10.3.6.52 255.255.0.0
--- a/ccd/010003006053
+++ b/ccd/010003006053
@ -0,0 +1 @@
 ifconfig-push 10.3.6.53 255.255.0.0
--- a/ccd/010003006054
+++ b/ccd/010003006054
@ -0,0 +1 @@
 ifconfig-push 10.3.6.54 255.255.0.0
--- a/ccd/010003006055
+++ b/ccd/010003006055
@ -0,0 +1 @@
 ifconfig-push 10.3.6.55 255.255.0.0
--- a/ccd/010003006056
+++ b/ccd/010003006056
@ -0,0 +1 @@
 ifconfig-push 10.3.6.56 255.255.0.0
--- a/ccd/010003006057
+++ b/ccd/010003006057
@ -0,0 +1 @@
 ifconfig-push 10.3.6.57 255.255.0.0
--- a/ccd/010003006058
+++ b/ccd/010003006058
@ -0,0 +1 @@
 ifconfig-push 10.3.6.58 255.255.0.0
--- a/ccd/010003006059
+++ b/ccd/010003006059
@ -0,0 +1 @@
 ifconfig-push 10.3.6.59 255.255.0.0
--- a/ccd/010003006060
+++ b/ccd/010003006060
@ -0,0 +1 @@
 ifconfig-push 10.3.6.60 255.255.0.0
--- a/ccd/010003006061
+++ b/ccd/010003006061
@ -0,0 +1 @@
 ifconfig-push 10.3.6.61 255.255.0.0
--- a/ccd/010003006062
+++ b/ccd/010003006062
@ -0,0 +1 @@
 ifconfig-push 10.3.6.62 255.255.0.0
--- a/ccd/010003006063
+++ b/ccd/010003006063
@ -0,0 +1 @@
 ifconfig-push 10.3.6.63 255.255.0.0
--- a/ccd/010003006064
+++ b/ccd/010003006064
@ -0,0 +1 @@
 ifconfig-push 10.3.6.64 255.255.0.0
--- a/ccd/010003006065
+++ b/ccd/010003006065
@ -0,0 +1 @@
 ifconfig-push 10.3.6.65 255.255.0.0
--- a/ccd/010003006066
+++ b/ccd/010003006066
@ -0,0 +1 @@
 ifconfig-push 10.3.6.66 255.255.0.0
--- a/ccd/010003006067
+++ b/ccd/010003006067
@ -0,0 +1 @@
 ifconfig-push 10.3.6.67 255.255.0.0
--- a/ccd/010003006068
+++ b/ccd/010003006068
@ -0,0 +1 @@
 ifconfig-push 10.3.6.68 255.255.0.0
--- a/ccd/010003006069
+++ b/ccd/010003006069
@ -0,0 +1 @@
 ifconfig-push 10.3.6.69 255.255.0.0
--- a/ccd/010003006070
+++ b/ccd/010003006070
@ -0,0 +1 @@
 ifconfig-push 10.3.6.70 255.255.0.0
--- a/ccd/010003006071
+++ b/ccd/010003006071
@ -0,0 +1 @@
 ifconfig-push 10.3.6.71 255.255.0.0
--- a/ccd/010003006072
+++ b/ccd/010003006072
@ -0,0 +1 @@
 ifconfig-push 10.3.6.72 255.255.0.0
--- a/ccd/010003006200
+++ b/ccd/010003006200
@ -0,0 +1 @@
 ifconfig-push 10.3.6.200 255.255.0.0
--- a/ccd/010003006201
+++ b/ccd/010003006201
@ -0,0 +1 @@
 ifconfig-push 10.3.6.201 255.255.0.0
--- a/ccd/010003006202
+++ b/ccd/010003006202
@ -0,0 +1 @@
 ifconfig-push 10.3.6.202 255.255.0.0
--- a/ccd/010003006203
+++ b/ccd/010003006203
@ -0,0 +1 @@
 ifconfig-push 10.3.6.203 255.255.0.0
--- a/ccd/010003006204
+++ b/ccd/010003006204
@ -0,0 +1 @@
 ifconfig-push 10.3.6.204 255.255.0.0
--- a/ccd/010003006205
+++ b/ccd/010003006205
@ -0,0 +1 @@
 ifconfig-push 10.3.6.205 255.255.0.0
--- a/ccd/010003006206
+++ b/ccd/010003006206
@ -0,0 +1 @@
 ifconfig-push 10.3.6.206 255.255.0.0
--- a/ccd/010003006207
+++ b/ccd/010003006207
@ -0,0 +1 @@
 ifconfig-push 10.3.6.207 255.255.0.0
--- a/ccd/010003006208
+++ b/ccd/010003006208
@ -0,0 +1 @@
 ifconfig-push 10.3.6.208 255.255.0.0
--- a/ccd/010003006209
+++ b/ccd/010003006209
@ -0,0 +1 @@
 ifconfig-push 10.3.6.209 255.255.0.0
--- a/ccd/010003006210
+++ b/ccd/010003006210
@ -0,0 +1 @@
 ifconfig-push 10.3.6.210 255.255.0.0
--- a/ccd/010003006211
+++ b/ccd/010003006211
@ -0,0 +1 @@
 ifconfig-push 10.3.6.211 255.255.0.0
--- a/ccd/010003006212
+++ b/ccd/010003006212
@ -0,0 +1 @@
 ifconfig-push 10.3.6.212 255.255.0.0
--- a/ccd/010003006213
+++ b/ccd/010003006213
@ -0,0 +1 @@
 ifconfig-push 10.3.6.213 255.255.0.0
--- a/ccd/010003006214
+++ b/ccd/010003006214
@ -0,0 +1 @@
 ifconfig-push 10.3.6.214 255.255.0.0
--- a/ccd/010003006215
+++ b/ccd/010003006215
@ -0,0 +1 @@
 ifconfig-push 10.3.6.215 255.255.0.0
--- a/ccd/010003006216
+++ b/ccd/010003006216
@ -0,0 +1 @@
 ifconfig-push 10.3.6.216 255.255.0.0
--- a/ccd/010003006217
+++ b/ccd/010003006217
@ -0,0 +1 @@
 ifconfig-push 10.3.6.217 255.255.0.0
--- a/ccd/010003006218
+++ b/ccd/010003006218
@ -0,0 +1 @@
 ifconfig-push 10.3.6.218 255.255.0.0
--- a/ccd/010003006219
+++ b/ccd/010003006219
@ -0,0 +1 @@
 ifconfig-push 10.3.6.219 255.255.0.0
--- a/ccd/010003006220
+++ b/ccd/010003006220
@ -0,0 +1 @@
 ifconfig-push 10.3.6.220 255.255.0.0
--- a/ccd/010003006221
+++ b/ccd/010003006221
@ -0,0 +1 @@
 ifconfig-push 10.3.6.221 255.255.0.0
--- a/certs/ewon.rychiger.com-cert.pem
+++ b/certs/ewon.rychiger.com-cert.pem
@ -0,0 +1,21 @@
 -----BEGIN CERTIFICATE-----
 MIIDizCCAnOgAwIBAgIURwxzomqugQsm+jJlP4ZUDfk7NrAwDQYJKoZIhvcNAQEL
 BQAwOjELMAkGA1UEBhMCQ0gxEzARBgNVBAoTClJ5Y2hpZ2VyQUcxFjAUBgNVBAMT
 DVJ5Y2hpZ2VyQUcgQ0EwHhcNMTkwMjIyMTE1NTAzWhcNMzkwMjE3MTE1NTAzWjBU
 MQswCQYDVQQGEwJDSDEUMBIGA1UEBwwLU3RlZmZpc2J1cmcxEzARBgNVBAoMClJ5
 Y2hpZ2VyQUcxGjAYBgNVBAMMEWV3b24ucnljaGlnZXIuY29tMIGfMA0GCSqGSIb3
 DQEBAQUAA4GNADCBiQKBgQDT5topkMNRWGxpweKb3ZQwcEc/lwvMOZeRQN+L3IAz
 vJawBeVpIknKkCaM+HjP/iqrp8A5kuutsErhYIt4y7GOlG8sUNZpYr9k/v4KZ5Xz
 ETX+Mkea2Q8IRI9nb9+rAP+okAnlnSXFC3nqAcRE7gw2DZ7vdm5L9n0KNEObDG/0
 vQIDAQABo4HyMIHvMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMDcGCWCG
 SAGG+EIBDQQqFihTZXJ2ZXIgQ2VydGlmaWNhdGUgZm9yIGV3b24ucnljaGlnZXIu
 Y29tMB0GA1UdDgQWBBQMAjnkJM2aZCb940uKLajK3MFW4TBiBgNVHSMEWzBZgBQm
 La9T936sM1P1pvOTiRAjTvXr0qE+pDwwOjELMAkGA1UEBhMCQ0gxEzARBgNVBAoT
 ClJ5Y2hpZ2VyQUcxFjAUBgNVBAMTDVJ5Y2hpZ2VyQUcgQ0GCAQEwEwYDVR0lBAww
 CgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBALdWPGhGt2O6Lt0pWqEB38xO
 gZiQIcOI3RuCv8dUyK81rrx1zVNd87wyb0PvPkdLfzVpbW+PL+q5BdXWCwtP43RS
 Gi7UCaJV3J2m+I9SqPLuvKGTFs98BbSq0/aBqCYDeP0MSyEAsaIZQ8bhaslQytGd
 KZbO5HL/89ci9PG1gXaYhhgCIRBNo5RsgzOf4R3t9/4IT5VAsTdJEN7mmWPHxlex
 M7//9cLruV6/mY0NeekXMK/YCReY9pLEhqa2t0IPo47JTrElYN0KTdlCCd9tMrBq
 hQrzaJUEpQWatboAOswonpagsbrI4CNK4MJvL0DXPOQx7CUShVVMrhOiGqjiCVk=
 -----END CERTIFICATE-----
--- a/config/server-443.conf
+++ b/config/server-443.conf
@ -38,8 +38,8 @@ management localhost 6667
 ; certificates and authentication
 dh   /opt/openvpn/private/dh1024.pem
 ca   /opt/openvpn/ca/cacert.pem
-cert /opt/openvpn/certs/hostcert.pem
+cert /opt/openvpn/certs/ewon.rychiger.com-cert.pem
-key  /opt/openvpn/private/hostkey.pem
+key  /opt/openvpn/private/ewon.rychiger.com-key.pem
 verify-client-cert none
 username-as-common-name
 auth-user-pass-verify /opt/openvpn/scripts/openvpn-auth.py via-env
--- a/config/server-443.conf.22feb2019
+++ b/config/server-443.conf.22feb2019
@ -0,0 +1,51 @@
 mode server
 daemon
 tls-server
 proto tcp
 port  443
 local 192.168.99.11
 client-config-dir /opt/openvpn/ccd
 script-security 3
 writepid /var/run/openvpn-server/myopenvpn-443.pid
 ; ciphers
 tls-cipher "DEFAULT"
 ; tunnel configuration
 dev tap1
 server-bridge 10.3.5.1 255.255.0.0 10.3.6.1 10.3.7.254
 passtos
 comp-lzo
 persist-key
 persist-tun
 persist-local-ip
 persist-remote-ip
 ; loggin and status
 ifconfig-pool-persist /opt/openvpn/leases/openvpn-443.leases
 status-version 2
 status /opt/openvpn/status/openvpnserver-status-443.log 5;
 verb 3
 client-connect     /opt/openvpn/scripts/logon.sh
 client-disconnect  /opt/openvpn/scripts/logoff.sh
 ; routing
 ;push "route 10.3.0.0 255.255.0.0"
 ; management 
 management localhost 6667
 ; certificates and authentication
 dh   /opt/openvpn/private/dh1024.pem
 ca   /opt/openvpn/ca/cacert.pem
 cert /opt/openvpn/certs/hostcert.pem
 key  /opt/openvpn/private/hostkey.pem
 verify-client-cert none
 username-as-common-name
 auth-user-pass-verify /opt/openvpn/scripts/openvpn-auth.py via-env
 ;client-to-client
 keepalive 10 60
 max-clients 50
 ; explicit exit
 push "explicit-exit-notify"
--- a/private/ewon.rychiger.com-key.pem
+++ b/private/ewon.rychiger.com-key.pem
@ -0,0 +1,15 @@
 -----BEGIN RSA PRIVATE KEY-----
 MIICXgIBAAKBgQDT5topkMNRWGxpweKb3ZQwcEc/lwvMOZeRQN+L3IAzvJawBeVp
 IknKkCaM+HjP/iqrp8A5kuutsErhYIt4y7GOlG8sUNZpYr9k/v4KZ5XzETX+Mkea
 2Q8IRI9nb9+rAP+okAnlnSXFC3nqAcRE7gw2DZ7vdm5L9n0KNEObDG/0vQIDAQAB
 AoGBAKUW/zNRAIr4vAYtMxLCL/kJEMlfMabb29Uj2MZLdWpZbIEZJuGhACKb6hz8
 XIuXdsEjwaRZbdp1NfGfWSo0cFC9GcacvURuvTiPx75R8fvrk20R9DohhdjOArUU
 KTXYUJSNt9c2qk0xloBDVj1jnWZ2CvQP5uEX1Tx6irHo2Vz1AkEA7mmgF24WhUru
 v0aK43g2ZlBcdQeMHQWtD5nC9kj9GOfx1jYng1UnV+vXXCa5zgmkGvTLPVL72yYi
 i4NsQdimDwJBAOOIkzS1zmPkUs5ogUwrqn/ulAUC6KLG781C63stMFQB+DRoYJNk
 Y4Bs+jm5zDHpDznHRCRGTSPbNSx7jTBI5HMCQQCHfbXCuwjHdb9bKv7xqTbZTKBO
 zhw9viUNMahQCUj1Z5PT1nD8PV+fouOAdm2v/2CpBSef0VJayEBnoyfaAALXAkEA
 uQ1Z0/PNYRbQdgkup3mYGKY8AntkIwcy/zje9fZBqQFVEaKWcSmjd06qkApZVXpc
 JLy44du/X1soOv5dTRjrmwJAdl6tL+3YFLqLEaPXBlJX43oGCYVhXWRnx7AsPAGC
 +yqnZM1tsz2X4rTfxGgu1PEf6lfRaN8pFqlLqfq/YhZzXA==
 -----END RSA PRIVATE KEY-----