change certs, new ccds

2019-09-20 15:22:49 +02:00 · 2019-09-20 15:22:49 +02:00 · d283f2e4fd
parent 853b4d2204
commit d283f2e4fd
50 changed files with 135 additions and 2 deletions
--- a/ccd/010003006049
+++ b/ccd/010003006049
@ -0,0 +1 @@
+ifconfig-push 10.3.6.49 255.255.0.0
--- a/ccd/010003006050
+++ b/ccd/010003006050
@ -0,0 +1 @@
+ifconfig-push 10.3.6.50 255.255.0.0
--- a/ccd/010003006051
+++ b/ccd/010003006051
@ -0,0 +1 @@
+ifconfig-push 10.3.6.51 255.255.0.0
--- a/ccd/010003006052
+++ b/ccd/010003006052
@ -0,0 +1 @@
+ifconfig-push 10.3.6.52 255.255.0.0
--- a/ccd/010003006053
+++ b/ccd/010003006053
@ -0,0 +1 @@
+ifconfig-push 10.3.6.53 255.255.0.0
--- a/ccd/010003006054
+++ b/ccd/010003006054
@ -0,0 +1 @@
+ifconfig-push 10.3.6.54 255.255.0.0
--- a/ccd/010003006055
+++ b/ccd/010003006055
@ -0,0 +1 @@
+ifconfig-push 10.3.6.55 255.255.0.0
--- a/ccd/010003006056
+++ b/ccd/010003006056
@ -0,0 +1 @@
+ifconfig-push 10.3.6.56 255.255.0.0
--- a/ccd/010003006057
+++ b/ccd/010003006057
@ -0,0 +1 @@
+ifconfig-push 10.3.6.57 255.255.0.0
--- a/ccd/010003006058
+++ b/ccd/010003006058
@ -0,0 +1 @@
+ifconfig-push 10.3.6.58 255.255.0.0
--- a/ccd/010003006059
+++ b/ccd/010003006059
@ -0,0 +1 @@
+ifconfig-push 10.3.6.59 255.255.0.0
--- a/ccd/010003006060
+++ b/ccd/010003006060
@ -0,0 +1 @@
+ifconfig-push 10.3.6.60 255.255.0.0
--- a/ccd/010003006061
+++ b/ccd/010003006061
@ -0,0 +1 @@
+ifconfig-push 10.3.6.61 255.255.0.0
--- a/ccd/010003006062
+++ b/ccd/010003006062
@ -0,0 +1 @@
+ifconfig-push 10.3.6.62 255.255.0.0
--- a/ccd/010003006063
+++ b/ccd/010003006063
@ -0,0 +1 @@
+ifconfig-push 10.3.6.63 255.255.0.0
--- a/ccd/010003006064
+++ b/ccd/010003006064
@ -0,0 +1 @@
+ifconfig-push 10.3.6.64 255.255.0.0
--- a/ccd/010003006065
+++ b/ccd/010003006065
@ -0,0 +1 @@
+ifconfig-push 10.3.6.65 255.255.0.0
--- a/ccd/010003006066
+++ b/ccd/010003006066
@ -0,0 +1 @@
+ifconfig-push 10.3.6.66 255.255.0.0
--- a/ccd/010003006067
+++ b/ccd/010003006067
@ -0,0 +1 @@
+ifconfig-push 10.3.6.67 255.255.0.0
--- a/ccd/010003006068
+++ b/ccd/010003006068
@ -0,0 +1 @@
+ifconfig-push 10.3.6.68 255.255.0.0
--- a/ccd/010003006069
+++ b/ccd/010003006069
@ -0,0 +1 @@
+ifconfig-push 10.3.6.69 255.255.0.0
--- a/ccd/010003006070
+++ b/ccd/010003006070
@ -0,0 +1 @@
+ifconfig-push 10.3.6.70 255.255.0.0
--- a/ccd/010003006071
+++ b/ccd/010003006071
@ -0,0 +1 @@
+ifconfig-push 10.3.6.71 255.255.0.0
--- a/ccd/010003006072
+++ b/ccd/010003006072
@ -0,0 +1 @@
+ifconfig-push 10.3.6.72 255.255.0.0
--- a/ccd/010003006200
+++ b/ccd/010003006200
@ -0,0 +1 @@
+ifconfig-push 10.3.6.200 255.255.0.0
--- a/ccd/010003006201
+++ b/ccd/010003006201
@ -0,0 +1 @@
+ifconfig-push 10.3.6.201 255.255.0.0
--- a/ccd/010003006202
+++ b/ccd/010003006202
@ -0,0 +1 @@
+ifconfig-push 10.3.6.202 255.255.0.0
--- a/ccd/010003006203
+++ b/ccd/010003006203
@ -0,0 +1 @@
+ifconfig-push 10.3.6.203 255.255.0.0
--- a/ccd/010003006204
+++ b/ccd/010003006204
@ -0,0 +1 @@
+ifconfig-push 10.3.6.204 255.255.0.0
--- a/ccd/010003006205
+++ b/ccd/010003006205
@ -0,0 +1 @@
+ifconfig-push 10.3.6.205 255.255.0.0
--- a/ccd/010003006206
+++ b/ccd/010003006206
@ -0,0 +1 @@
+ifconfig-push 10.3.6.206 255.255.0.0
--- a/ccd/010003006207
+++ b/ccd/010003006207
@ -0,0 +1 @@
+ifconfig-push 10.3.6.207 255.255.0.0
--- a/ccd/010003006208
+++ b/ccd/010003006208
@ -0,0 +1 @@
+ifconfig-push 10.3.6.208 255.255.0.0
--- a/ccd/010003006209
+++ b/ccd/010003006209
@ -0,0 +1 @@
+ifconfig-push 10.3.6.209 255.255.0.0
--- a/ccd/010003006210
+++ b/ccd/010003006210
@ -0,0 +1 @@
+ifconfig-push 10.3.6.210 255.255.0.0
--- a/ccd/010003006211
+++ b/ccd/010003006211
@ -0,0 +1 @@
+ifconfig-push 10.3.6.211 255.255.0.0
--- a/ccd/010003006212
+++ b/ccd/010003006212
@ -0,0 +1 @@
+ifconfig-push 10.3.6.212 255.255.0.0
--- a/ccd/010003006213
+++ b/ccd/010003006213
@ -0,0 +1 @@
+ifconfig-push 10.3.6.213 255.255.0.0
--- a/ccd/010003006214
+++ b/ccd/010003006214
@ -0,0 +1 @@
+ifconfig-push 10.3.6.214 255.255.0.0
--- a/ccd/010003006215
+++ b/ccd/010003006215
@ -0,0 +1 @@
+ifconfig-push 10.3.6.215 255.255.0.0
--- a/ccd/010003006216
+++ b/ccd/010003006216
@ -0,0 +1 @@
+ifconfig-push 10.3.6.216 255.255.0.0
--- a/ccd/010003006217
+++ b/ccd/010003006217
@ -0,0 +1 @@
+ifconfig-push 10.3.6.217 255.255.0.0
--- a/ccd/010003006218
+++ b/ccd/010003006218
@ -0,0 +1 @@
+ifconfig-push 10.3.6.218 255.255.0.0
--- a/ccd/010003006219
+++ b/ccd/010003006219
@ -0,0 +1 @@
+ifconfig-push 10.3.6.219 255.255.0.0
--- a/ccd/010003006220
+++ b/ccd/010003006220
@ -0,0 +1 @@
+ifconfig-push 10.3.6.220 255.255.0.0
--- a/ccd/010003006221
+++ b/ccd/010003006221
@ -0,0 +1 @@
+ifconfig-push 10.3.6.221 255.255.0.0
--- a/certs/ewon.rychiger.com-cert.pem
+++ b/certs/ewon.rychiger.com-cert.pem
@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDizCCAnOgAwIBAgIURwxzomqugQsm+jJlP4ZUDfk7NrAwDQYJKoZIhvcNAQEL
+BQAwOjELMAkGA1UEBhMCQ0gxEzARBgNVBAoTClJ5Y2hpZ2VyQUcxFjAUBgNVBAMT
+DVJ5Y2hpZ2VyQUcgQ0EwHhcNMTkwMjIyMTE1NTAzWhcNMzkwMjE3MTE1NTAzWjBU
+MQswCQYDVQQGEwJDSDEUMBIGA1UEBwwLU3RlZmZpc2J1cmcxEzARBgNVBAoMClJ5
+Y2hpZ2VyQUcxGjAYBgNVBAMMEWV3b24ucnljaGlnZXIuY29tMIGfMA0GCSqGSIb3
+DQEBAQUAA4GNADCBiQKBgQDT5topkMNRWGxpweKb3ZQwcEc/lwvMOZeRQN+L3IAz
+vJawBeVpIknKkCaM+HjP/iqrp8A5kuutsErhYIt4y7GOlG8sUNZpYr9k/v4KZ5Xz
+ETX+Mkea2Q8IRI9nb9+rAP+okAnlnSXFC3nqAcRE7gw2DZ7vdm5L9n0KNEObDG/0
+vQIDAQABo4HyMIHvMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMDcGCWCG
+SAGG+EIBDQQqFihTZXJ2ZXIgQ2VydGlmaWNhdGUgZm9yIGV3b24ucnljaGlnZXIu
+Y29tMB0GA1UdDgQWBBQMAjnkJM2aZCb940uKLajK3MFW4TBiBgNVHSMEWzBZgBQm
+La9T936sM1P1pvOTiRAjTvXr0qE+pDwwOjELMAkGA1UEBhMCQ0gxEzARBgNVBAoT
+ClJ5Y2hpZ2VyQUcxFjAUBgNVBAMTDVJ5Y2hpZ2VyQUcgQ0GCAQEwEwYDVR0lBAww
+CgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBALdWPGhGt2O6Lt0pWqEB38xO
+gZiQIcOI3RuCv8dUyK81rrx1zVNd87wyb0PvPkdLfzVpbW+PL+q5BdXWCwtP43RS
+Gi7UCaJV3J2m+I9SqPLuvKGTFs98BbSq0/aBqCYDeP0MSyEAsaIZQ8bhaslQytGd
+KZbO5HL/89ci9PG1gXaYhhgCIRBNo5RsgzOf4R3t9/4IT5VAsTdJEN7mmWPHxlex
+M7//9cLruV6/mY0NeekXMK/YCReY9pLEhqa2t0IPo47JTrElYN0KTdlCCd9tMrBq
+hQrzaJUEpQWatboAOswonpagsbrI4CNK4MJvL0DXPOQx7CUShVVMrhOiGqjiCVk=
+-----END CERTIFICATE-----
--- a/config/server-443.conf
+++ b/config/server-443.conf
@ -38,8 +38,8 @@ management localhost 6667
 ; certificates and authentication
 dh   /opt/openvpn/private/dh1024.pem
 ca   /opt/openvpn/ca/cacert.pem
-cert /opt/openvpn/certs/hostcert.pem
-key  /opt/openvpn/private/hostkey.pem
+cert /opt/openvpn/certs/ewon.rychiger.com-cert.pem
+key  /opt/openvpn/private/ewon.rychiger.com-key.pem
 verify-client-cert none
 username-as-common-name
 auth-user-pass-verify /opt/openvpn/scripts/openvpn-auth.py via-env
--- a/config/server-443.conf.22feb2019
+++ b/config/server-443.conf.22feb2019
@ -0,0 +1,51 @@
+mode server
+daemon
+tls-server
+proto tcp
+port  443
+local 192.168.99.11
+client-config-dir /opt/openvpn/ccd
+script-security 3
+writepid /var/run/openvpn-server/myopenvpn-443.pid
+
+; ciphers
+tls-cipher "DEFAULT"
+
+; tunnel configuration
+dev tap1
+server-bridge 10.3.5.1 255.255.0.0 10.3.6.1 10.3.7.254
+passtos
+comp-lzo
+persist-key
+persist-tun
+persist-local-ip
+persist-remote-ip
+
+; loggin and status
+ifconfig-pool-persist /opt/openvpn/leases/openvpn-443.leases
+status-version 2
+status /opt/openvpn/status/openvpnserver-status-443.log 5;
+verb 3
+client-connect     /opt/openvpn/scripts/logon.sh
+client-disconnect  /opt/openvpn/scripts/logoff.sh
+
+; routing
+;push "route 10.3.0.0 255.255.0.0"
+
+; management 
+management localhost 6667
+
+; certificates and authentication
+dh   /opt/openvpn/private/dh1024.pem
+ca   /opt/openvpn/ca/cacert.pem
+cert /opt/openvpn/certs/hostcert.pem
+key  /opt/openvpn/private/hostkey.pem
+verify-client-cert none
+username-as-common-name
+auth-user-pass-verify /opt/openvpn/scripts/openvpn-auth.py via-env
+;client-to-client
+keepalive 10 60
+max-clients 50
+
+; explicit exit
+push "explicit-exit-notify"
--- a/private/ewon.rychiger.com-key.pem
+++ b/private/ewon.rychiger.com-key.pem
@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXgIBAAKBgQDT5topkMNRWGxpweKb3ZQwcEc/lwvMOZeRQN+L3IAzvJawBeVp
+IknKkCaM+HjP/iqrp8A5kuutsErhYIt4y7GOlG8sUNZpYr9k/v4KZ5XzETX+Mkea
+2Q8IRI9nb9+rAP+okAnlnSXFC3nqAcRE7gw2DZ7vdm5L9n0KNEObDG/0vQIDAQAB
+AoGBAKUW/zNRAIr4vAYtMxLCL/kJEMlfMabb29Uj2MZLdWpZbIEZJuGhACKb6hz8
+XIuXdsEjwaRZbdp1NfGfWSo0cFC9GcacvURuvTiPx75R8fvrk20R9DohhdjOArUU
+KTXYUJSNt9c2qk0xloBDVj1jnWZ2CvQP5uEX1Tx6irHo2Vz1AkEA7mmgF24WhUru
+v0aK43g2ZlBcdQeMHQWtD5nC9kj9GOfx1jYng1UnV+vXXCa5zgmkGvTLPVL72yYi
+i4NsQdimDwJBAOOIkzS1zmPkUs5ogUwrqn/ulAUC6KLG781C63stMFQB+DRoYJNk
+Y4Bs+jm5zDHpDznHRCRGTSPbNSx7jTBI5HMCQQCHfbXCuwjHdb9bKv7xqTbZTKBO
+zhw9viUNMahQCUj1Z5PT1nD8PV+fouOAdm2v/2CpBSef0VJayEBnoyfaAALXAkEA
+uQ1Z0/PNYRbQdgkup3mYGKY8AntkIwcy/zje9fZBqQFVEaKWcSmjd06qkApZVXpc
+JLy44du/X1soOv5dTRjrmwJAdl6tL+3YFLqLEaPXBlJX43oGCYVhXWRnx7AsPAGC
+yqnZM1tsz2X4rTfxGgu1PEf6lfRaN8pFqlLqfq/YhZzXA==
+-----END RSA PRIVATE KEY-----