summaryrefslogtreecommitdiff
path: root/main/openvpn/sample
diff options
context:
space:
mode:
authorArne Schwabe <arne@rfc2549.org>2015-04-15 00:17:26 +0200
committerArne Schwabe <arne@rfc2549.org>2015-04-15 00:20:23 +0200
commitc3ae4aaac9f0b168aed063d3e86c5196608eaba1 (patch)
tree1a18e7d8751d4dd3682d82d12c8441b335112984 /main/openvpn/sample
parent5e42114d22faefe7c272b1b498fdf5640da494c7 (diff)
Move more to git, add submodules, fix build script, change hgignore to gitignore
Diffstat (limited to 'main/openvpn/sample')
m---------main/openvpn0
-rw-r--r--main/openvpn/sample/Makefile.am34
-rw-r--r--main/openvpn/sample/sample-config-files/README6
-rw-r--r--main/openvpn/sample/sample-config-files/client.conf124
-rwxr-xr-xmain/openvpn/sample/sample-config-files/firewall.sh108
-rwxr-xr-xmain/openvpn/sample/sample-config-files/home.up2
-rw-r--r--main/openvpn/sample/sample-config-files/loopback-client26
-rw-r--r--main/openvpn/sample/sample-config-files/loopback-server26
-rwxr-xr-xmain/openvpn/sample/sample-config-files/office.up2
-rwxr-xr-xmain/openvpn/sample/sample-config-files/openvpn-shutdown.sh5
-rwxr-xr-xmain/openvpn/sample/sample-config-files/openvpn-startup.sh34
-rw-r--r--main/openvpn/sample/sample-config-files/server.conf304
-rw-r--r--main/openvpn/sample/sample-config-files/static-home.conf72
-rw-r--r--main/openvpn/sample/sample-config-files/static-office.conf69
-rw-r--r--main/openvpn/sample/sample-config-files/tls-home.conf83
-rw-r--r--main/openvpn/sample/sample-config-files/tls-office.conf83
-rw-r--r--main/openvpn/sample/sample-config-files/xinetd-client-config11
-rw-r--r--main/openvpn/sample/sample-config-files/xinetd-server-config25
-rw-r--r--main/openvpn/sample/sample-keys/.gitignore1
-rw-r--r--main/openvpn/sample/sample-keys/README19
-rw-r--r--main/openvpn/sample/sample-keys/ca.crt35
-rw-r--r--main/openvpn/sample/sample-keys/ca.key52
-rw-r--r--main/openvpn/sample/sample-keys/client-ec.crt85
-rw-r--r--main/openvpn/sample/sample-keys/client-ec.key5
-rw-r--r--main/openvpn/sample/sample-keys/client-pass.key30
-rw-r--r--main/openvpn/sample/sample-keys/client.crt103
-rw-r--r--main/openvpn/sample/sample-keys/client.key28
-rw-r--r--main/openvpn/sample/sample-keys/client.p12bin4533 -> 0 bytes
-rw-r--r--main/openvpn/sample/sample-keys/dh2048.pem8
-rwxr-xr-xmain/openvpn/sample/sample-keys/gen-sample-keys.sh78
-rw-r--r--main/openvpn/sample/sample-keys/openssl.cnf139
-rw-r--r--main/openvpn/sample/sample-keys/server-ec.crt96
-rw-r--r--main/openvpn/sample/sample-keys/server-ec.key5
-rw-r--r--main/openvpn/sample/sample-keys/server.crt113
-rw-r--r--main/openvpn/sample/sample-keys/server.key28
-rw-r--r--main/openvpn/sample/sample-keys/ta.key21
-rw-r--r--main/openvpn/sample/sample-plugins/defer/README16
-rwxr-xr-xmain/openvpn/sample/sample-plugins/defer/build15
-rw-r--r--main/openvpn/sample/sample-plugins/defer/simple.c305
-rwxr-xr-xmain/openvpn/sample/sample-plugins/defer/simple.def6
-rwxr-xr-xmain/openvpn/sample/sample-plugins/defer/winbuild18
-rwxr-xr-xmain/openvpn/sample/sample-plugins/log/build15
-rw-r--r--main/openvpn/sample/sample-plugins/log/log.c184
-rw-r--r--main/openvpn/sample/sample-plugins/log/log_v3.c252
-rwxr-xr-xmain/openvpn/sample/sample-plugins/log/winbuild18
-rw-r--r--main/openvpn/sample/sample-plugins/simple/README16
-rwxr-xr-xmain/openvpn/sample/sample-plugins/simple/build15
-rw-r--r--main/openvpn/sample/sample-plugins/simple/simple.c120
-rwxr-xr-xmain/openvpn/sample/sample-plugins/simple/simple.def6
-rwxr-xr-xmain/openvpn/sample/sample-plugins/simple/winbuild18
-rwxr-xr-xmain/openvpn/sample/sample-scripts/auth-pam.pl97
-rwxr-xr-xmain/openvpn/sample/sample-scripts/bridge-start39
-rwxr-xr-xmain/openvpn/sample/sample-scripts/bridge-stop18
-rwxr-xr-xmain/openvpn/sample/sample-scripts/ucn.pl11
-rwxr-xr-xmain/openvpn/sample/sample-scripts/verify-cn64
-rwxr-xr-xmain/openvpn/sample/sample-windows/sample.ovpn103
56 files changed, 0 insertions, 3196 deletions
diff --git a/main/openvpn b/main/openvpn
new file mode 160000
+Subproject 7aaf01766f9718375986600216607aeb6397200
diff --git a/main/openvpn/sample/Makefile.am b/main/openvpn/sample/Makefile.am
deleted file mode 100644
index be30c88a..00000000
--- a/main/openvpn/sample/Makefile.am
+++ /dev/null
@@ -1,34 +0,0 @@
-#
-# OpenVPN -- An application to securely tunnel IP networks
-# over a single UDP port, with support for SSL/TLS-based
-# session authentication and key exchange,
-# packet encryption, packet authentication, and
-# packet compression.
-#
-# Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
-# Copyright (C) 2006-2012 Alon Bar-Lev <alon.barlev@gmail.com>
-#
-
-MAINTAINERCLEANFILES = \
- $(srcdir)/Makefile.in
-
-EXTRA_DIST = \
- sample-plugins \
- sample-config-files \
- sample-windows \
- sample-keys \
- sample-scripts
-
-if WIN32
-sample_DATA = \
- client.ovpn \
- server.ovpn \
- sample-windows/sample.ovpn
-
-client.ovpn: sample-config-files/client.conf
- -rm -f client.ovpn
- cp "$(srcdir)/sample-config-files/client.conf" client.ovpn
-server.ovpn: sample-config-files/server.conf
- -rm -f server.ovpn
- cp "$(srcdir)/sample-config-files/server.conf" server.ovpn
-endif
diff --git a/main/openvpn/sample/sample-config-files/README b/main/openvpn/sample/sample-config-files/README
deleted file mode 100644
index d53ac79a..00000000
--- a/main/openvpn/sample/sample-config-files/README
+++ /dev/null
@@ -1,6 +0,0 @@
-Sample OpenVPN Configuration Files.
-
-These files are part of the OpenVPN HOWTO
-which is located at:
-
-http://openvpn.net/howto.html
diff --git a/main/openvpn/sample/sample-config-files/client.conf b/main/openvpn/sample/sample-config-files/client.conf
deleted file mode 100644
index fedcbd6e..00000000
--- a/main/openvpn/sample/sample-config-files/client.conf
+++ /dev/null
@@ -1,124 +0,0 @@
-##############################################
-# Sample client-side OpenVPN 2.0 config file #
-# for connecting to multi-client server. #
-# #
-# This configuration can be used by multiple #
-# clients, however each client should have #
-# its own cert and key files. #
-# #
-# On Windows, you might want to rename this #
-# file so it has a .ovpn extension #
-##############################################
-
-# Specify that we are a client and that we
-# will be pulling certain config file directives
-# from the server.
-client
-
-# Use the same setting as you are using on
-# the server.
-# On most systems, the VPN will not function
-# unless you partially or fully disable
-# the firewall for the TUN/TAP interface.
-;dev tap
-dev tun
-
-# Windows needs the TAP-Win32 adapter name
-# from the Network Connections panel
-# if you have more than one. On XP SP2,
-# you may need to disable the firewall
-# for the TAP adapter.
-;dev-node MyTap
-
-# Are we connecting to a TCP or
-# UDP server? Use the same setting as
-# on the server.
-;proto tcp
-proto udp
-
-# The hostname/IP and port of the server.
-# You can have multiple remote entries
-# to load balance between the servers.
-remote my-server-1 1194
-;remote my-server-2 1194
-
-# Choose a random host from the remote
-# list for load-balancing. Otherwise
-# try hosts in the order specified.
-;remote-random
-
-# Keep trying indefinitely to resolve the
-# host name of the OpenVPN server. Very useful
-# on machines which are not permanently connected
-# to the internet such as laptops.
-resolv-retry infinite
-
-# Most clients don't need to bind to
-# a specific local port number.
-nobind
-
-# Downgrade privileges after initialization (non-Windows only)
-;user nobody
-;group nobody
-
-# Try to preserve some state across restarts.
-persist-key
-persist-tun
-
-# If you are connecting through an
-# HTTP proxy to reach the actual OpenVPN
-# server, put the proxy server/IP and
-# port number here. See the man page
-# if your proxy server requires
-# authentication.
-;http-proxy-retry # retry on connection failures
-;http-proxy [proxy server] [proxy port #]
-
-# Wireless networks often produce a lot
-# of duplicate packets. Set this flag
-# to silence duplicate packet warnings.
-;mute-replay-warnings
-
-# SSL/TLS parms.
-# See the server config file for more
-# description. It's best to use
-# a separate .crt/.key file pair
-# for each client. A single ca
-# file can be used for all clients.
-ca ca.crt
-cert client.crt
-key client.key
-
-# Verify server certificate by checking that the
-# certicate has the correct key usage set.
-# This is an important precaution to protect against
-# a potential attack discussed here:
-# http://openvpn.net/howto.html#mitm
-#
-# To use this feature, you will need to generate
-# your server certificates with the keyUsage set to
-# digitalSignature, keyEncipherment
-# and the extendedKeyUsage to
-# serverAuth
-# EasyRSA can do this for you.
-remote-cert-tls server
-
-# If a tls-auth key is used on the server
-# then every client must also have the key.
-tls-auth ta.key 1
-
-# Select a cryptographic cipher.
-# If the cipher option is used on the server
-# then you must also specify it here.
-;cipher x
-
-# Enable compression on the VPN link.
-# Don't enable this unless it is also
-# enabled in the server config file.
-comp-lzo
-
-# Set log file verbosity.
-verb 3
-
-# Silence repeating messages
-;mute 20
diff --git a/main/openvpn/sample/sample-config-files/firewall.sh b/main/openvpn/sample/sample-config-files/firewall.sh
deleted file mode 100755
index 19d75ee9..00000000
--- a/main/openvpn/sample/sample-config-files/firewall.sh
+++ /dev/null
@@ -1,108 +0,0 @@
-#!/bin/sh
-
-# A Sample OpenVPN-aware firewall.
-
-# eth0 is connected to the internet.
-# eth1 is connected to a private subnet.
-
-# Change this subnet to correspond to your private
-# ethernet subnet. Home will use HOME_NET/24 and
-# Office will use OFFICE_NET/24.
-PRIVATE=10.0.0.0/24
-
-# Loopback address
-LOOP=127.0.0.1
-
-# Delete old iptables rules
-# and temporarily block all traffic.
-iptables -P OUTPUT DROP
-iptables -P INPUT DROP
-iptables -P FORWARD DROP
-iptables -F
-
-# Set default policies
-iptables -P OUTPUT ACCEPT
-iptables -P INPUT DROP
-iptables -P FORWARD DROP
-
-# Prevent external packets from using loopback addr
-iptables -A INPUT -i eth0 -s $LOOP -j DROP
-iptables -A FORWARD -i eth0 -s $LOOP -j DROP
-iptables -A INPUT -i eth0 -d $LOOP -j DROP
-iptables -A FORWARD -i eth0 -d $LOOP -j DROP
-
-# Anything coming from the Internet should have a real Internet address
-iptables -A FORWARD -i eth0 -s 192.168.0.0/16 -j DROP
-iptables -A FORWARD -i eth0 -s 172.16.0.0/12 -j DROP
-iptables -A FORWARD -i eth0 -s 10.0.0.0/8 -j DROP
-iptables -A INPUT -i eth0 -s 192.168.0.0/16 -j DROP
-iptables -A INPUT -i eth0 -s 172.16.0.0/12 -j DROP
-iptables -A INPUT -i eth0 -s 10.0.0.0/8 -j DROP
-
-# Block outgoing NetBios (if you have windows machines running
-# on the private subnet). This will not affect any NetBios
-# traffic that flows over the VPN tunnel, but it will stop
-# local windows machines from broadcasting themselves to
-# the internet.
-iptables -A FORWARD -p tcp --sport 137:139 -o eth0 -j DROP
-iptables -A FORWARD -p udp --sport 137:139 -o eth0 -j DROP
-iptables -A OUTPUT -p tcp --sport 137:139 -o eth0 -j DROP
-iptables -A OUTPUT -p udp --sport 137:139 -o eth0 -j DROP
-
-# Check source address validity on packets going out to internet
-iptables -A FORWARD -s ! $PRIVATE -i eth1 -j DROP
-
-# Allow local loopback
-iptables -A INPUT -s $LOOP -j ACCEPT
-iptables -A INPUT -d $LOOP -j ACCEPT
-
-# Allow incoming pings (can be disabled)
-iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
-
-# Allow services such as www and ssh (can be disabled)
-iptables -A INPUT -p tcp --dport http -j ACCEPT
-iptables -A INPUT -p tcp --dport ssh -j ACCEPT
-
-# Allow incoming OpenVPN packets
-# Duplicate the line below for each
-# OpenVPN tunnel, changing --dport n
-# to match the OpenVPN UDP port.
-#
-# In OpenVPN, the port number is
-# controlled by the --port n option.
-# If you put this option in the config
-# file, you can remove the leading '--'
-#
-# If you taking the stateful firewall
-# approach (see the OpenVPN HOWTO),
-# then comment out the line below.
-
-iptables -A INPUT -p udp --dport 1194 -j ACCEPT
-
-# Allow packets from TUN/TAP devices.
-# When OpenVPN is run in a secure mode,
-# it will authenticate packets prior
-# to their arriving on a tun or tap
-# interface. Therefore, it is not
-# necessary to add any filters here,
-# unless you want to restrict the
-# type of packets which can flow over
-# the tunnel.
-
-iptables -A INPUT -i tun+ -j ACCEPT
-iptables -A FORWARD -i tun+ -j ACCEPT
-iptables -A INPUT -i tap+ -j ACCEPT
-iptables -A FORWARD -i tap+ -j ACCEPT
-
-# Allow packets from private subnets
-iptables -A INPUT -i eth1 -j ACCEPT
-iptables -A FORWARD -i eth1 -j ACCEPT
-
-# Keep state of connections from local machine and private subnets
-iptables -A OUTPUT -m state --state NEW -o eth0 -j ACCEPT
-iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-iptables -A FORWARD -m state --state NEW -o eth0 -j ACCEPT
-iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
-
-# Masquerade local subnet
-iptables -t nat -A POSTROUTING -s $PRIVATE -o eth0 -j MASQUERADE
diff --git a/main/openvpn/sample/sample-config-files/home.up b/main/openvpn/sample/sample-config-files/home.up
deleted file mode 100755
index 9c347cc5..00000000
--- a/main/openvpn/sample/sample-config-files/home.up
+++ /dev/null
@@ -1,2 +0,0 @@
-#!/bin/sh
-route add -net 10.0.0.0 netmask 255.255.255.0 gw $5
diff --git a/main/openvpn/sample/sample-config-files/loopback-client b/main/openvpn/sample/sample-config-files/loopback-client
deleted file mode 100644
index 7117307d..00000000
--- a/main/openvpn/sample/sample-config-files/loopback-client
+++ /dev/null
@@ -1,26 +0,0 @@
-# Perform a TLS loopback test -- client side.
-#
-# This test performs a TLS negotiation once every 10 seconds,
-# and will terminate after 2 minutes.
-#
-# From the root directory of the OpenVPN distribution,
-# after openvpn has been built, run:
-#
-# ./openvpn --config sample-config-files/loopback-client (In one window)
-# ./openvpn --config sample-config-files/loopback-server (Simultaneously in another window)
-
-rport 16000
-lport 16001
-remote localhost
-local localhost
-dev null
-verb 3
-reneg-sec 10
-tls-client
-remote-cert-tls server
-ca sample-keys/ca.crt
-key sample-keys/client.key
-cert sample-keys/client.crt
-tls-auth sample-keys/ta.key 1
-ping 1
-inactive 120 10000000
diff --git a/main/openvpn/sample/sample-config-files/loopback-server b/main/openvpn/sample/sample-config-files/loopback-server
deleted file mode 100644
index 8e1f39cd..00000000
--- a/main/openvpn/sample/sample-config-files/loopback-server
+++ /dev/null
@@ -1,26 +0,0 @@
-# Perform a TLS loopback test -- server side.
-#
-# This test performs a TLS negotiation once every 10 seconds,
-# and will terminate after 2 minutes.
-#
-# From the root directory of the OpenVPN distribution,
-# after openvpn has been built, run:
-#
-# ./openvpn --config sample-config-files/loopback-client (In one window)
-# ./openvpn --config sample-config-files/loopback-server (Simultaneously in another window)
-
-rport 16001
-lport 16000
-remote localhost
-local localhost
-dev null
-verb 3
-reneg-sec 10
-tls-server
-dh sample-keys/dh2048.pem
-ca sample-keys/ca.crt
-key sample-keys/server.key
-cert sample-keys/server.crt
-tls-auth sample-keys/ta.key 0
-ping 1
-inactive 120 10000000
diff --git a/main/openvpn/sample/sample-config-files/office.up b/main/openvpn/sample/sample-config-files/office.up
deleted file mode 100755
index 74a71a33..00000000
--- a/main/openvpn/sample/sample-config-files/office.up
+++ /dev/null
@@ -1,2 +0,0 @@
-#!/bin/sh
-route add -net 10.0.1.0 netmask 255.255.255.0 gw $5
diff --git a/main/openvpn/sample/sample-config-files/openvpn-shutdown.sh b/main/openvpn/sample/sample-config-files/openvpn-shutdown.sh
deleted file mode 100755
index 8ed2d1d5..00000000
--- a/main/openvpn/sample/sample-config-files/openvpn-shutdown.sh
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/sh
-
-# stop all openvpn processes
-
-killall -TERM openvpn
diff --git a/main/openvpn/sample/sample-config-files/openvpn-startup.sh b/main/openvpn/sample/sample-config-files/openvpn-startup.sh
deleted file mode 100755
index 0ee006bc..00000000
--- a/main/openvpn/sample/sample-config-files/openvpn-startup.sh
+++ /dev/null
@@ -1,34 +0,0 @@
-#!/bin/sh
-
-# A sample OpenVPN startup script
-# for Linux.
-
-# openvpn config file directory
-dir=/etc/openvpn
-
-# load the firewall
-$dir/firewall.sh
-
-# load TUN/TAP kernel module
-modprobe tun
-
-# enable IP forwarding
-echo 1 > /proc/sys/net/ipv4/ip_forward
-
-# Invoke openvpn for each VPN tunnel
-# in daemon mode. Alternatively,
-# you could remove "--daemon" from
-# the command line and add "daemon"
-# to the config file.
-#
-# Each tunnel should run on a separate
-# UDP port. Use the "port" option
-# to control this. Like all of
-# OpenVPN's options, you can
-# specify "--port 8000" on the command
-# line or "port 8000" in the config
-# file.
-
-openvpn --cd $dir --daemon --config vpn1.conf
-openvpn --cd $dir --daemon --config vpn2.conf
-openvpn --cd $dir --daemon --config vpn2.conf
diff --git a/main/openvpn/sample/sample-config-files/server.conf b/main/openvpn/sample/sample-config-files/server.conf
deleted file mode 100644
index c85ca0ff..00000000
--- a/main/openvpn/sample/sample-config-files/server.conf
+++ /dev/null
@@ -1,304 +0,0 @@
-#################################################
-# Sample OpenVPN 2.0 config file for #
-# multi-client server. #
-# #
-# This file is for the server side #
-# of a many-clients <-> one-server #
-# OpenVPN configuration. #
-# #
-# OpenVPN also supports #
-# single-machine <-> single-machine #
-# configurations (See the Examples page #
-# on the web site for more info). #
-# #
-# This config should work on Windows #
-# or Linux/BSD systems. Remember on #
-# Windows to quote pathnames and use #
-# double backslashes, e.g.: #
-# "C:\\Program Files\\OpenVPN\\config\\foo.key" #
-# #
-# Comments are preceded with '#' or ';' #
-#################################################
-
-# Which local IP address should OpenVPN
-# listen on? (optional)
-;local a.b.c.d
-
-# Which TCP/UDP port should OpenVPN listen on?
-# If you want to run multiple OpenVPN instances
-# on the same machine, use a different port
-# number for each one. You will need to
-# open up this port on your firewall.
-port 1194
-
-# TCP or UDP server?
-;proto tcp
-proto udp
-
-# "dev tun" will create a routed IP tunnel,
-# "dev tap" will create an ethernet tunnel.
-# Use "dev tap0" if you are ethernet bridging
-# and have precreated a tap0 virtual interface
-# and bridged it with your ethernet interface.
-# If you want to control access policies
-# over the VPN, you must create firewall
-# rules for the the TUN/TAP interface.
-# On non-Windows systems, you can give
-# an explicit unit number, such as tun0.
-# On Windows, use "dev-node" for this.
-# On most systems, the VPN will not function
-# unless you partially or fully disable
-# the firewall for the TUN/TAP interface.
-;dev tap
-dev tun
-
-# Windows needs the TAP-Win32 adapter name
-# from the Network Connections panel if you
-# have more than one. On XP SP2 or higher,
-# you may need to selectively disable the
-# Windows firewall for the TAP adapter.
-# Non-Windows systems usually don't need this.
-;dev-node MyTap
-
-# SSL/TLS root certificate (ca), certificate
-# (cert), and private key (key). Each client
-# and the server must have their own cert and
-# key file. The server and all clients will
-# use the same ca file.
-#
-# See the "easy-rsa" directory for a series
-# of scripts for generating RSA certificates
-# and private keys. Remember to use
-# a unique Common Name for the server
-# and each of the client certificates.
-#
-# Any X509 key management system can be used.
-# OpenVPN can also use a PKCS #12 formatted key file
-# (see "pkcs12" directive in man page).
-ca ca.crt
-cert server.crt
-key server.key # This file should be kept secret
-
-# Diffie hellman parameters.
-# Generate your own with:
-# openssl dhparam -out dh2048.pem 2048
-dh dh2048.pem
-
-# Network topology
-# Should be subnet (addressing via IP)
-# unless Windows clients v2.0.9 and lower have to
-# be supported (then net30, i.e. a /30 per client)
-# Defaults to net30 (not recommended)
-;topology subnet
-
-# Configure server mode and supply a VPN subnet
-# for OpenVPN to draw client addresses from.
-# The server will take 10.8.0.1 for itself,
-# the rest will be made available to clients.
-# Each client will be able to reach the server
-# on 10.8.0.1. Comment this line out if you are
-# ethernet bridging. See the man page for more info.
-server 10.8.0.0 255.255.255.0
-
-# Maintain a record of client <-> virtual IP address
-# associations in this file. If OpenVPN goes down or
-# is restarted, reconnecting clients can be assigned
-# the same virtual IP address from the pool that was
-# previously assigned.
-ifconfig-pool-persist ipp.txt
-
-# Configure server mode for ethernet bridging.
-# You must first use your OS's bridging capability
-# to bridge the TAP interface with the ethernet
-# NIC interface. Then you must manually set the
-# IP/netmask on the bridge interface, here we
-# assume 10.8.0.4/255.255.255.0. Finally we
-# must set aside an IP range in this subnet
-# (start=10.8.0.50 end=10.8.0.100) to allocate
-# to connecting clients. Leave this line commented
-# out unless you are ethernet bridging.
-;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
-
-# Configure server mode for ethernet bridging
-# using a DHCP-proxy, where clients talk
-# to the OpenVPN server-side DHCP server
-# to receive their IP address allocation
-# and DNS server addresses. You must first use
-# your OS's bridging capability to bridge the TAP
-# interface with the ethernet NIC interface.
-# Note: this mode only works on clients (such as
-# Windows), where the client-side TAP adapter is
-# bound to a DHCP client.
-;server-bridge
-
-# Push routes to the client to allow it
-# to reach other private subnets behind
-# the server. Remember that these
-# private subnets will also need
-# to know to route the OpenVPN client
-# address pool (10.8.0.0/255.255.255.0)
-# back to the OpenVPN server.
-;push "route 192.168.10.0 255.255.255.0"
-;push "route 192.168.20.0 255.255.255.0"
-
-# To assign specific IP addresses to specific
-# clients or if a connecting client has a private
-# subnet behind it that should also have VPN access,
-# use the subdirectory "ccd" for client-specific
-# configuration files (see man page for more info).
-
-# EXAMPLE: Suppose the client
-# having the certificate common name "Thelonious"
-# also has a small subnet behind his connecting
-# machine, such as 192.168.40.128/255.255.255.248.
-# First, uncomment out these lines:
-;client-config-dir ccd
-;route 192.168.40.128 255.255.255.248
-# Then create a file ccd/Thelonious with this line:
-# iroute 192.168.40.128 255.255.255.248
-# This will allow Thelonious' private subnet to
-# access the VPN. This example will only work
-# if you are routing, not bridging, i.e. you are
-# using "dev tun" and "server" directives.
-
-# EXAMPLE: Suppose you want to give
-# Thelonious a fixed VPN IP address of 10.9.0.1.
-# First uncomment out these lines:
-;client-config-dir ccd
-;route 10.9.0.0 255.255.255.252
-# Then add this line to ccd/Thelonious:
-# ifconfig-push 10.9.0.1 10.9.0.2
-
-# Suppose that you want to enable different
-# firewall access policies for different groups
-# of clients. There are two methods:
-# (1) Run multiple OpenVPN daemons, one for each
-# group, and firewall the TUN/TAP interface
-# for each group/daemon appropriately.
-# (2) (Advanced) Create a script to dynamically
-# modify the firewall in response to access
-# from different clients. See man
-# page for more info on learn-address script.
-;learn-address ./script
-
-# If enabled, this directive will configure
-# all clients to redirect their default
-# network gateway through the VPN, causing
-# all IP traffic such as web browsing and
-# and DNS lookups to go through the VPN
-# (The OpenVPN server machine may need to NAT
-# or bridge the TUN/TAP interface to the internet
-# in order for this to work properly).
-;push "redirect-gateway def1 bypass-dhcp"
-
-# Certain Windows-specific network settings
-# can be pushed to clients, such as DNS
-# or WINS server addresses. CAVEAT:
-# http://openvpn.net/faq.html#dhcpcaveats
-# The addresses below refer to the public
-# DNS servers provided by opendns.com.
-;push "dhcp-option DNS 208.67.222.222"
-;push "dhcp-option DNS 208.67.220.220"
-
-# Uncomment this directive to allow different
-# clients to be able to "see" each other.
-# By default, clients will only see the server.
-# To force clients to only see the server, you
-# will also need to appropriately firewall the
-# server's TUN/TAP interface.
-;client-to-client
-
-# Uncomment this directive if multiple clients
-# might connect with the same certificate/key
-# files or common names. This is recommended
-# only for testing purposes. For production use,
-# each client should have its own certificate/key
-# pair.
-#
-# IF YOU HAVE NOT GENERATED INDIVIDUAL
-# CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
-# EACH HAVING ITS OWN UNIQUE "COMMON NAME",
-# UNCOMMENT THIS LINE OUT.
-;duplicate-cn
-
-# The keepalive directive causes ping-like
-# messages to be sent back and forth over
-# the link so that each side knows when
-# the other side has gone down.
-# Ping every 10 seconds, assume that remote
-# peer is down if no ping received during
-# a 120 second time period.
-keepalive 10 120
-
-# For extra security beyond that provided
-# by SSL/TLS, create an "HMAC firewall"
-# to help block DoS attacks and UDP port flooding.
-#
-# Generate with:
-# openvpn --genkey --secret ta.key
-#
-# The server and each client must have
-# a copy of this key.
-# The second parameter should be '0'
-# on the server and '1' on the clients.
-tls-auth ta.key 0 # This file is secret
-
-# Select a cryptographic cipher.
-# This config item must be copied to
-# the client config file as well.
-;cipher BF-CBC # Blowfish (default)
-;cipher AES-128-CBC # AES
-;cipher DES-EDE3-CBC # Triple-DES
-
-# Enable compression on the VPN link.
-# If you enable it here, you must also
-# enable it in the client config file.
-comp-lzo
-
-# The maximum number of concurrently connected
-# clients we want to allow.
-;max-clients 100
-
-# It's a good idea to reduce the OpenVPN
-# daemon's privileges after initialization.
-#
-# You can uncomment this out on
-# non-Windows systems.
-;user nobody
-;group nobody
-
-# The persist options will try to avoid
-# accessing certain resources on restart
-# that may no longer be accessible because
-# of the privilege downgrade.
-persist-key
-persist-tun
-
-# Output a short status file showing
-# current connections, truncated
-# and rewritten every minute.
-status openvpn-status.log
-
-# By default, log messages will go to the syslog (or
-# on Windows, if running as a service, they will go to
-# the "\Program Files\OpenVPN\log" directory).
-# Use log or log-append to override this default.
-# "log" will truncate the log file on OpenVPN startup,
-# while "log-append" will append to it. Use one
-# or the other (but not both).
-;log openvpn.log
-;log-append openvpn.log
-
-# Set the appropriate level of log
-# file verbosity.
-#
-# 0 is silent, except for fatal errors
-# 4 is reasonable for general usage
-# 5 and 6 can help to debug connection problems
-# 9 is extremely verbose
-verb 3
-
-# Silence repeating messages. At most 20
-# sequential messages of the same message
-# category will be output to the log.
-;mute 20
diff --git a/main/openvpn/sample/sample-config-files/static-home.conf b/main/openvpn/sample/sample-config-files/static-home.conf
deleted file mode 100644
index c9666874..00000000
--- a/main/openvpn/sample/sample-config-files/static-home.conf
+++ /dev/null
@@ -1,72 +0,0 @@
-#
-# Sample OpenVPN configuration file for
-# home using a pre-shared static key.
-#
-# '#' or ';' may be used to delimit comments.
-
-# Use a dynamic tun device.
-# For Linux 2.2 or non-Linux OSes,
-# you may want to use an explicit
-# unit number such as "tun1".
-# OpenVPN also supports virtual
-# ethernet "tap" devices.
-dev tun
-
-# Our OpenVPN peer is the office gateway.
-remote 1.2.3.4
-
-# 10.1.0.2 is our local VPN endpoint (home).
-# 10.1.0.1 is our remote VPN endpoint (office).
-ifconfig 10.1.0.2 10.1.0.1
-
-# Our up script will establish routes
-# once the VPN is alive.
-up ./home.up
-
-# Our pre-shared static key
-secret static.key
-
-# OpenVPN 2.0 uses UDP port 1194 by default
-# (official port assignment by iana.org 11/04).
-# OpenVPN 1.x uses UDP port 5000 by default.
-# Each OpenVPN tunnel must use
-# a different port number.
-# lport or rport can be used
-# to denote different ports
-# for local and remote.
-; port 1194
-
-# Downgrade UID and GID to
-# "nobody" after initialization
-# for extra security.
-; user nobody
-; group nobody
-
-# If you built OpenVPN with
-# LZO compression, uncomment
-# out the following line.
-; comp-lzo
-
-# Send a UDP ping to remote once
-# every 15 seconds to keep
-# stateful firewall connection
-# alive. Uncomment this
-# out if you are using a stateful
-# firewall.
-; ping 15
-
-# Uncomment this section for a more reliable detection when a system
-# loses its connection. For example, dial-ups or laptops that
-# travel to other locations.
-; ping 15
-; ping-restart 45
-; ping-timer-rem
-; persist-tun
-; persist-key
-
-# Verbosity level.
-# 0 -- quiet except for fatal errors.
-# 1 -- mostly quiet, but display non-fatal network errors.
-# 3 -- medium output, good for normal operation.
-# 9 -- verbose, good for troubleshooting
-verb 3
diff --git a/main/openvpn/sample/sample-config-files/static-office.conf b/main/openvpn/sample/sample-config-files/static-office.conf
deleted file mode 100644
index 68030cc9..00000000
--- a/main/openvpn/sample/sample-config-files/static-office.conf
+++ /dev/null
@@ -1,69 +0,0 @@
-#
-# Sample OpenVPN configuration file for
-# office using a pre-shared static key.
-#
-# '#' or ';' may be used to delimit comments.
-
-# Use a dynamic tun device.
-# For Linux 2.2 or non-Linux OSes,
-# you may want to use an explicit
-# unit number such as "tun1".
-# OpenVPN also supports virtual
-# ethernet "tap" devices.
-dev tun
-
-# 10.1.0.1 is our local VPN endpoint (office).
-# 10.1.0.2 is our remote VPN endpoint (home).
-ifconfig 10.1.0.1 10.1.0.2
-
-# Our up script will establish routes
-# once the VPN is alive.
-up ./office.up
-
-# Our pre-shared static key
-secret static.key
-
-# OpenVPN 2.0 uses UDP port 1194 by default
-# (official port assignment by iana.org 11/04).
-# OpenVPN 1.x uses UDP port 5000 by default.
-# Each OpenVPN tunnel must use
-# a different port number.
-# lport or rport can be used
-# to denote different ports
-# for local and remote.
-; port 1194
-
-# Downgrade UID and GID to
-# "nobody" after initialization
-# for extra security.
-; user nobody
-; group nobody
-
-# If you built OpenVPN with
-# LZO compression, uncomment
-# out the following line.
-; comp-lzo
-
-# Send a UDP ping to remote once
-# every 15 seconds to keep
-# stateful firewall connection
-# alive. Uncomment this
-# out if you are using a stateful
-# firewall.
-; ping 15
-
-# Uncomment this section for a more reliable detection when a system
-# loses its connection. For example, dial-ups or laptops that
-# travel to other locations.
-; ping 15
-; ping-restart 45
-; ping-timer-rem
-; persist-tun
-; persist-key
-
-# Verbosity level.
-# 0 -- quiet except for fatal errors.
-# 1 -- mostly quiet, but display non-fatal network errors.
-# 3 -- medium output, good for normal operation.
-# 9 -- verbose, good for troubleshooting
-verb 3
diff --git a/main/openvpn/sample/sample-config-files/tls-home.conf b/main/openvpn/sample/sample-config-files/tls-home.conf
deleted file mode 100644
index daa4ea1e..00000000
--- a/main/openvpn/sample/sample-config-files/tls-home.conf
+++ /dev/null
@@ -1,83 +0,0 @@
-#
-# Sample OpenVPN configuration file for
-# home using SSL/TLS mode and RSA certificates/keys.
-#
-# '#' or ';' may be used to delimit comments.
-
-# Use a dynamic tun device.
-# For Linux 2.2 or non-Linux OSes,
-# you may want to use an explicit
-# unit number such as "tun1".
-# OpenVPN also supports virtual
-# ethernet "tap" devices.
-dev tun
-
-# Our OpenVPN peer is the office gateway.
-remote 1.2.3.4
-
-# 10.1.0.2 is our local VPN endpoint (home).
-# 10.1.0.1 is our remote VPN endpoint (office).
-ifconfig 10.1.0.2 10.1.0.1
-
-# Our up script will establish routes
-# once the VPN is alive.
-up ./home.up
-
-# In SSL/TLS key exchange, Office will
-# assume server role and Home
-# will assume client role.
-tls-client
-
-# Certificate Authority file
-ca my-ca.crt
-
-# Our certificate/public key
-cert home.crt
-
-# Our private key
-key home.key
-
-# OpenVPN 2.0 uses UDP port 1194 by default
-# (official port assignment by iana.org 11/04).
-# OpenVPN 1.x uses UDP port 5000 by default.
-# Each OpenVPN tunnel must use
-# a different port number.
-# lport or rport can be used
-# to denote different ports
-# for local and remote.
-; port 1194
-
-# Downgrade UID and GID to
-# "nobody" after initialization
-# for extra security.
-; user nobody
-; group nobody
-
-# If you built OpenVPN with
-# LZO compression, uncomment
-# out the following line.
-; comp-lzo
-
-# Send a UDP ping to remote once
-# every 15 seconds to keep
-# stateful firewall connection
-# alive. Uncomment this
-# out if you are using a stateful
-# firewall.
-; ping 15
-
-# Uncomment this section for a more reliable detection when a system
-# loses its connection. For example, dial-ups or laptops that
-# travel to other locations.
-; ping 15
-; ping-restart 45
-; ping-timer-rem
-; persist-tun
-; persist-key
-
-# Verbosity level.
-# 0 -- quiet except for fatal errors.
-# 1 -- mostly quiet, but display non-fatal network errors.
-# 3 -- medium output, good for normal operation.
-# 9 -- verbose, good for troubleshooting
-verb 3
diff --git a/main/openvpn/sample/sample-config-files/tls-office.conf b/main/openvpn/sample/sample-config-files/tls-office.conf
deleted file mode 100644
index d1961444..00000000
--- a/main/openvpn/sample/sample-config-files/tls-office.conf
+++ /dev/null
@@ -1,83 +0,0 @@
-#
-# Sample OpenVPN configuration file for
-# office using SSL/TLS mode and RSA certificates/keys.
-#
-# '#' or ';' may be used to delimit comments.
-
-# Use a dynamic tun device.
-# For Linux 2.2 or non-Linux OSes,
-# you may want to use an explicit
-# unit number such as "tun1".
-# OpenVPN also supports virtual
-# ethernet "tap" devices.
-dev tun
-
-# 10.1.0.1 is our local VPN endpoint (office).
-# 10.1.0.2 is our remote VPN endpoint (home).
-ifconfig 10.1.0.1 10.1.0.2
-
-# Our up script will establish routes
-# once the VPN is alive.
-up ./office.up
-
-# In SSL/TLS key exchange, Office will
-# assume server role and Home
-# will assume client role.
-tls-server
-
-# Diffie-Hellman Parameters (tls-server only)
-dh dh2048.pem
-
-# Certificate Authority file
-ca my-ca.crt
-
-# Our certificate/public key
-cert office.crt
-
-# Our private key
-key office.key
-
-# OpenVPN 2.0 uses UDP port 1194 by default
-# (official port assignment by iana.org 11/04).
-# OpenVPN 1.x uses UDP port 5000 by default.
-# Each OpenVPN tunnel must use
-# a different port number.
-# lport or rport can be used
-# to denote different ports
-# for local and remote.
-; port 1194
-
-# Downgrade UID and GID to
-# "nobody" after initialization
-# for extra security.
-; user nobody
-; group nobody
-
-# If you built OpenVPN with
-# LZO compression, uncomment
-# out the following line.
-; comp-lzo
-
-# Send a UDP ping to remote once
-# every 15 seconds to keep
-# stateful firewall connection
-# alive. Uncomment this
-# out if you are using a stateful
-# firewall.
-; ping 15
-
-# Uncomment this section for a more reliable detection when a system
-# loses its connection. For example, dial-ups or laptops that
-# travel to other locations.
-; ping 15
-; ping-restart 45
-; ping-timer-rem
-; persist-tun
-; persist-key
-
-# Verbosity level.
-# 0 -- quiet except for fatal errors.
-# 1 -- mostly quiet, but display non-fatal network errors.
-# 3 -- medium output, good for normal operation.
-# 9 -- verbose, good for troubleshooting
-verb 3
diff --git a/main/openvpn/sample/sample-config-files/xinetd-client-config b/main/openvpn/sample/sample-config-files/xinetd-client-config
deleted file mode 100644
index 03c5c1fa..00000000
--- a/main/openvpn/sample/sample-config-files/xinetd-client-config
+++ /dev/null
@@ -1,11 +0,0 @@
-# This OpenVPN config file
-# is the client side counterpart
-# of xinetd-server-config
-
-dev tun
-ifconfig 10.4.0.1 10.4.0.2
-remote my-server
-port 1194
-user nobody
-secret /root/openvpn/key
-inactive 600
diff --git a/main/openvpn/sample/sample-config-files/xinetd-server-config b/main/openvpn/sample/sample-config-files/xinetd-server-config
deleted file mode 100644
index 803a6f8f..00000000
--- a/main/openvpn/sample/sample-config-files/xinetd-server-config
+++ /dev/null
@@ -1,25 +0,0 @@
-# An xinetd configuration file for OpenVPN.
-#
-# This file should be renamed to openvpn or something suitably
-# descriptive and copied to the /etc/xinetd.d directory.
-# xinetd can then be made aware of this file by restarting
-# it or sending it a SIGHUP signal.
-#
-# For each potential incoming client, create a separate version
-# of this configuration file on a unique port number. Also note
-# that the key file and ifconfig endpoints should be unique for
-# each client. This configuration assumes that the OpenVPN
-# executable and key live in /root/openvpn. Change this to fit
-# your environment.
-
-service openvpn_1
-{
- type = UNLISTED
- port = 1194
- socket_type = dgram
- protocol = udp
- wait = yes
- user = root
- server = /root/openvpn/openvpn
- server_args = --inetd --dev tun --ifconfig 10.4.0.2 10.4.0.1 --secret /root/openvpn/key --inactive 600 --user nobody
-}
diff --git a/main/openvpn/sample/sample-keys/.gitignore b/main/openvpn/sample/sample-keys/.gitignore
deleted file mode 100644
index f1487528..00000000
--- a/main/openvpn/sample/sample-keys/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-sample-ca/
diff --git a/main/openvpn/sample/sample-keys/README b/main/openvpn/sample/sample-keys/README
deleted file mode 100644
index 66dd9454..00000000
--- a/main/openvpn/sample/sample-keys/README
+++ /dev/null
@@ -1,19 +0,0 @@
-Sample RSA and EC keys.
-
-Run ./gen-sample-keys.sh to generate fresh test keys.
-
-See the examples section of the man page for usage examples.
-
-NOTE: THESE KEYS ARE FOR TESTING PURPOSES ONLY.
- DON'T USE THEM FOR ANY REAL WORK BECAUSE
- THEY ARE TOTALLY INSECURE!
-
-ca.{crt,key} -- sample CA key/cert
-server.{crt,key} -- sample server key/cert
-client.{crt,key} -- sample client key/cert
-client-pass.key -- sample client key with password-encrypted key
- password = "password"
-client.p12 -- sample client pkcs12 bundle
- password = "password"
-client-ec.{crt,key} -- sample elliptic curve client key/cert
-server-ec.{crt,key} -- sample elliptic curve server key/cert
diff --git a/main/openvpn/sample/sample-keys/ca.crt b/main/openvpn/sample/sample-keys/ca.crt
deleted file mode 100644
index a11bafa7..00000000
--- a/main/openvpn/sample/sample-keys/ca.crt
+++ /dev/null
@@ -1,35 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIGKDCCBBCgAwIBAgIJAKFO3vqQ8q6BMA0GCSqGSIb3DQEBCwUAMGYxCzAJBgNV
-BAYTAktHMQswCQYDVQQIEwJOQTEQMA4GA1UEBxMHQklTSEtFSzEVMBMGA1UEChMM
-T3BlblZQTi1URVNUMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4w
-HhcNMTQxMDIyMjE1OTUyWhcNMjQxMDE5MjE1OTUyWjBmMQswCQYDVQQGEwJLRzEL
-MAkGA1UECBMCTkExEDAOBgNVBAcTB0JJU0hLRUsxFTATBgNVBAoTDE9wZW5WUE4t
-VEVTVDEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMIICIjANBgkq
-hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAsJVPCqt3vtoDW2U0DII1QIh2Qs0dqh88
-8nivxAIm2LTq93e9fJhsq3P/UVYAYSeCIrekXypR0EQgSgcNTvGBMe20BoHO5yvb
-GjKPmjfLj6XRotCOGy8EDl/hLgRY9efiA8wsVfuvF2q/FblyJQPR/gPiDtTmUiqF
-qXa7AJmMrqFsnWppOuGd7Qc6aTsae4TF1e/gUTCTraa7NeHowDaKhdyFmEEnCYR5
-CeUsx2JlFWAH8PCrxBpHYbmGyvS0kH3+rQkaSM/Pzc2bS4ayHaOYRK5XsGq8XiNG
-KTTLnSaCdPeHsI+3xMHmEh+u5Og2DFGgvyD22gde6W2ezvEKCUDrzR7bsnYqqyUy
-n7LxnkPXGyvR52T06G8KzLKQRmDlPIXhzKMO07qkHmIonXTdF7YI1azwHpAtN4dS
-rUe1bvjiTSoEsQPfOAyvD0RMK/CBfgEZUzAB50e/IlbZ84c0DJfUMOm4xCyft1HF
-YpYeyCf5dxoIjweCPOoP426+aTXM7kqq0ieIr6YxnKV6OGGLKEY+VNZh1DS7enqV
-HP5i8eimyuUYPoQhbK9xtDGMgghnc6Hn8BldPMcvz98HdTEH4rBfA3yNuCxLSNow
-4jJuLjNXh2QeiUtWtkXja7ec+P7VqKTduJoRaX7cs+8E3ImigiRnvmK+npk7Nt1y
-YE9hBRhSoLsCAwEAAaOB2DCB1TAdBgNVHQ4EFgQUK0DlyX319JY46S/jL9lAZMmO
-BZswgZgGA1UdIwSBkDCBjYAUK0DlyX319JY46S/jL9lAZMmOBZuhaqRoMGYxCzAJ
-BgNVBAYTAktHMQswCQYDVQQIEwJOQTEQMA4GA1UEBxMHQklTSEtFSzEVMBMGA1UE
-ChMMT3BlblZQTi1URVNUMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21h
-aW6CCQChTt76kPKugTAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG
-9w0BAQsFAAOCAgEABc77f4C4P8fIS+V8qCJmVNSDU44UZBc+D+J6ZTgW8JeOHUIj
-Bh++XDg3gwat7pIWQ8AU5R7h+fpBI9n3dadyIsMHGwSogHY9Gw7di2RVtSFajEth
-rvrq0JbzpwoYedMh84sJ2qI/DGKW9/Is9+O52fR+3z3dY3gNRDPQ5675BQ5CQW9I
-AJgLOqzD8Q0qrXYi7HaEqzNx6p7RDTuhFgvTd+vS5d5+28Z5fm2umnq+GKHF8W5P
-ylp2Js119FTVO7brusAMKPe5emc7tC2ov8OFFemQvfHR41PLryap2VD81IOgmt/J
-kX/j/y5KGux5HZ3lxXqdJbKcAq4NKYQT0mCkRD4l6szaCEJ+k0SiM9DdTcBDefhR
-9q+pCOyMh7d8QjQ1075mF7T+PGkZQUW1DUjEfrZhICnKgq+iEoUmM0Ee5WtRqcnu
-5BTGQ2mSfc6rV+Vr+eYXqcg7Nxb3vFXYSTod1UhefonVqwdmyJ2sC79zp36Tbo2+
-65NW2WJK7KzPUyOJU0U9bcu0utvDOvGWmG+aHbymJgcoFzvZmlXqMXn97pSFn4jV
-y3SLRgJXOw1QLXL2Y5abcuoBVr4gCOxxk2vBeVxOMRXNqSWZOFIF1bu/PxuDA+Sa
-hEi44aHbPXt9opdssz/hdGfd8Wo7vEJrbg7c6zR6C/Akav1Rzy9oohIdgOw=
------END CERTIFICATE-----
diff --git a/main/openvpn/sample/sample-keys/ca.key b/main/openvpn/sample/sample-keys/ca.key
deleted file mode 100644
index 8b11bc22..00000000
--- a/main/openvpn/sample/sample-keys/ca.key
+++ /dev/null
@@ -1,52 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCwlU8Kq3e+2gNb
-ZTQMgjVAiHZCzR2qHzzyeK/EAibYtOr3d718mGyrc/9RVgBhJ4Iit6RfKlHQRCBK
-Bw1O8YEx7bQGgc7nK9saMo+aN8uPpdGi0I4bLwQOX+EuBFj15+IDzCxV+68Xar8V
-uXIlA9H+A+IO1OZSKoWpdrsAmYyuoWydamk64Z3tBzppOxp7hMXV7+BRMJOtprs1
-4ejANoqF3IWYQScJhHkJ5SzHYmUVYAfw8KvEGkdhuYbK9LSQff6tCRpIz8/NzZtL
-hrIdo5hErlewarxeI0YpNMudJoJ094ewj7fEweYSH67k6DYMUaC/IPbaB17pbZ7O
-8QoJQOvNHtuydiqrJTKfsvGeQ9cbK9HnZPTobwrMspBGYOU8heHMow7TuqQeYiid
-dN0XtgjVrPAekC03h1KtR7Vu+OJNKgSxA984DK8PREwr8IF+ARlTMAHnR78iVtnz
-hzQMl9Qw6bjELJ+3UcVilh7IJ/l3GgiPB4I86g/jbr5pNczuSqrSJ4ivpjGcpXo4
-YYsoRj5U1mHUNLt6epUc/mLx6KbK5Rg+hCFsr3G0MYyCCGdzoefwGV08xy/P3wd1
-MQfisF8DfI24LEtI2jDiMm4uM1eHZB6JS1a2ReNrt5z4/tWopN24mhFpftyz7wTc
-iaKCJGe+Yr6emTs23XJgT2EFGFKguwIDAQABAoICAQCEYPqnihI0PqZjnwQdGIQp
-g+P8gl7pyY9cS0OhUueicEbyDI8+V9qn0kcmx61zKDY0Jq4QNd6tnlUCijTc6Mot
-DwF2G1xsC4GvKxZiy89MOkhloanXETEeQZzDbbjvaM4UgL0AHLWPfZQRCjxbKXkE
-0A5phgvAr2YSvBLHCVXhGN0fScXnwXouVsvgVdGtpcTWdIUa+KrNdQBGDbz6VCkW
-31I76SQFy40d8PPX6ZjUJHDvnM14LycySO6XOkofRIVnXTqaOUiVBb2VKj5fX+Ro
-ILdWZz4d6J3RiGXYwyTr4SGVKLjgxWfgUGZB7x+NrqgugNzuaLYrkuWKSEN42nWq
-yoP6x6xtbAsmB6Fvdqwm/d8BmLhUweaVc0L7AYzXNsOBuT3kubJHMmu3Jv4xgyWk
-l/MAGJQc7i7QQweGgsYZgR8WlbkWkSFpUcgQBDzDibb6nsD2jnYijQrnrrmiEjEI
-R7MO551V+nFw9utiM8U9WIWwqzY0d98ujWkGjVe7uz9ZBVyg0DEAEj/zRi9T54aG
-1V6CB2Cjyw+HzzsDw7yWroWzo4U9YfjbPKCoBsXlqQFLFwY8oL6mEZ7UOobaV1Zl
-WtuHyYw3UNFxuSGPPyxJkFePIQLLvfKvh2R+V0DrT3UJRoKKlt9RejRSN0tOh0Cm
-2YD6d7T/DXnQHomIQKhKEQKCAQEA3sgsDg0eKDK8pUyVE+9wW5kql12nTzpBtnCM
-eg5J9OJcXKhCD/NIyUTIMXoMvZQpLwGUAYLgu4gE04zKWHDouf7MRSFltD5LJ7F2
-7nuYKHZXk0BhgMhdnQot3FKcOMrKCnZcM+RWX9ZJa8wO6whCaYCw7DtS0SSVODQk
-9EwAgX6/Hq60V7ujPZJCyNd3o0bIdAA/0AQRTZUADP3AHgUzh71aysYJt+UKt1v0
-Xc7l6hn7Dn7Ewzpf+WdZ2pV7d3JUSBVKiTDxLV904nDBNOxjMhz0rW01ojR6bzpn
-XhkFPqnmh+yEYGRgfSAAzkvSsSJEAtBFSicupA/6n83Lo2YvswKCAQEAyumuxP4Z
-a7s8x8DFba7vuQ+KVxpkKgEz1sxnGRNQJm18/ss/Y5JiaLFYT3E72VkQfBQ2ngu+
-GrJL3OhiNhzy1KLGS6mrwULtKiuud5MMQDL0Pvkncr9NTy4rBnWzhp2XyPeETu8n
-JpL2i2OK6lY/lgpBckXuap9gAl0fXk+y+BkZ71OoYaGnKpPjs+Xcq/qgPgZ7O3NW
-1g+Bd2AVPSxQpXjuy5rgtQURCN733vkNBzFedKREx7Z6l8UPlK/Exuc7BMIHfn5V
-dd0R3Th+82fkMNVJz6MKmHJ6CJI53M7co/YdAvIkxOFRIPGbO3arL2R69nRgAZBE
-zLawx1JJTRIG2QKCAQATtZXgMFzopYR3A011FAvWrrhL5+czZS4HG/Hxom38kkIl
-mGUv0BAybjlf1zJlW0RBelxDvfZv4Nq8dIo6RNLyEY601v2OcqxneJXTB3AwtDeP
-OXTm1dMiX5IrGcvkYlx5jHsfxCW4GNcqCEWRmYt2lgIRBDaRdjEVZdeXHVo2GqaB
-6mbeFCWe/t+VsSpOcaauTI9YseNt/66fd5uVjFRAwAnWQqr9b/AAxMvbuMAyc9X4
-NFLoCrQO9ovGgM8JhD3cmrWbaY8MupM2rU8KhZdJCbLD3ROPpCDo0jvu4TvLjXBt
-ugkEFh1LNJedqKudLDDkJtTaeJjxvtAnbyeC7zltAoIBAC9TIyzUqq8io0FfZ2x2
-cXiy9CvuftABKcr+L0l85KOhw5ZVZvpdKNCMFDGrEi9WA28886QWzwbA8Mqb9FP0
-mnoXYLJC50kSx+ee+nju9dt/RtHtIFM15N0DwosmJnHODZmUiOo0AuiPPCs0UzDm
-Xrwqtirlvn5ln2nNuEQxyGbuy8qys0HaBvf6OBA8GySNNpRgxJsQAn+4bBSgdzOm
-Q0TkmKUqASCXBusPvbXmVjCIRiRkL5p4p8z/6+tct0NAqNYqPr80zc/IeKMkyw8P
-+vucszNXLmBxyp53JEGoiXNAMnH+ca7tchOB5hePTMun3rneWInk0PcB4OcL/QaZ
-nrkCggEBAN67+SvcWtM1BoLXSz5/apFAE+DicCv94PrvMBOhfvu1oBrElR1rBjiN
-2B83SktkF4WhCXr10GP+RUpjaqPBtT7NW4r3fL5B8EPsHeabL+pg9e6wG1rH8GqG
-toWecmfC9uqK7l1A59h5Oveq5K19bZTRZRjQtv2e4KQknlJR6cwy+TGUU5kAUlMt
-vcivyjzxc0UQwq7zKktJq+xW/TZiSLgd3B32p0sXX378qFUJ4SO2UZ1OCh8R7PY1
-Fx25K/89Q1yGdbYiXb/Dx0a2WB9rP+b6alMl/dxPdqDKj2QXXkdh8+yvhVpQTyZw
-B1RaqQXwzqrCH0F/vw3lRceYhcQvzcQ=
------END PRIVATE KEY-----
diff --git a/main/openvpn/sample/sample-keys/client-ec.crt b/main/openvpn/sample/sample-keys/client-ec.crt
deleted file mode 100644
index 759dabae..00000000
--- a/main/openvpn/sample/sample-keys/client-ec.crt
+++ /dev/null
@@ -1,85 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 4 (0x4)
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: C=KG, ST=NA, L=BISHKEK, O=OpenVPN-TEST/emailAddress=me@myhost.mydomain
- Validity
- Not Before: Oct 22 21:59:53 2014 GMT
- Not After : Oct 19 21:59:53 2024 GMT
- Subject: C=KG, ST=NA, O=OpenVPN-TEST, CN=Test-Client-EC/emailAddress=me@myhost.mydomain
- Subject Public Key Info:
- Public Key Algorithm: id-ecPublicKey
- Public-Key: (256 bit)
- pub:
- 04:3b:ce:62:5d:6f:87:82:75:24:c2:58:f5:0e:88:
- 4d:57:0d:06:b2:71:88:87:58:19:bb:de:5f:7f:52:
- 62:51:a2:48:91:83:48:91:90:3e:87:02:0f:15:51:
- f9:68:97:12:0a:fd:d2:3c:87:83:4b:65:54:00:44:
- 8d:28:76:49:05
- ASN1 OID: secp256k1
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- 64:F6:49:88:E7:74:C1:AB:A5:FA:4F:2B:71:3C:25:13:3D:C8:94:C5
- X509v3 Authority Key Identifier:
- keyid:2B:40:E5:C9:7D:F5:F4:96:38:E9:2F:E3:2F:D9:40:64:C9:8E:05:9B
- DirName:/C=KG/ST=NA/L=BISHKEK/O=OpenVPN-TEST/emailAddress=me@myhost.mydomain
- serial:A1:4E:DE:FA:90:F2:AE:81
-
- Signature Algorithm: sha256WithRSAEncryption
- 32:3d:f0:08:67:dd:03:73:76:cc:76:52:0a:f6:97:d1:c6:fa:
- 5f:d3:e6:28:c9:75:a7:08:a8:34:49:69:cf:eb:ab:da:86:b3:
- 2e:65:17:ee:7e:b6:b5:6b:15:0b:dc:11:3a:b9:5a:b3:80:b8:
- bb:f4:6c:cf:88:3a:10:83:7e:10:a0:82:87:6e:06:ec:78:62:
- d4:d1:44:27:dd:2c:19:d8:1a:a1:ae:f4:a0:00:7f:53:5a:40:
- 8a:c2:83:77:4b:26:7d:53:b0:d3:0f:2f:7c:28:70:ef:74:58:
- 5b:de:81:94:4c:63:19:f0:79:cb:6c:b2:ec:32:1b:4b:e4:62:
- 22:4f:ad:ac:4a:6f:a9:6e:c4:2a:8d:8a:88:19:09:fd:88:93:
- 3c:27:4d:91:95:ff:57:84:13:fd:4a:68:db:20:df:10:e6:81:
- 1d:fd:e7:1d:35:fb:19:02:dd:b5:5f:a0:c1:07:ec:74:b4:ef:
- 8b:f9:33:9a:f2:a6:3b:6e:b6:4a:52:ab:5d:99:76:64:62:c4:
- d5:3a:c6:81:8d:eb:c8:4b:02:af:e1:ca:60:e9:8d:c7:a9:2b:
- ea:4f:56:31:d3:9a:11:c2:9c:83:5c:a2:8d:98:fe:cc:a5:ad:
- 1f:51:c4:6e:cf:ff:a0:51:64:c8:7f:7f:32:05:4c:8d:7f:bf:
- b8:ed:e5:81:5f:81:bd:1d:9b:3f:8a:83:27:26:b4:69:84:8b:
- e5:d9:ea:fd:08:a8:aa:e4:3a:dc:29:4d:80:6c:13:f7:45:ce:
- 92:f2:a9:f3:5f:90:83:d6:23:0f:50:e5:40:09:4c:6b:f2:73:
- aa:d8:49:a7:a9:81:6e:bb:f2:e4:a5:7f:19:39:1d:65:f3:11:
- 97:b1:2b:7c:2f:36:77:7f:75:fd:88:44:90:7c:f2:33:8d:cd:
- 2c:f6:76:60:33:d3:f4:b3:8c:81:d7:85:89:cc:d7:d5:2c:94:
- a9:31:3f:d3:63:a7:dc:82:3f:0a:d8:c5:71:97:69:3b:c1:69:
- cb:f0:1b:be:15:c0:be:aa:fd:e8:13:2c:0c:3f:72:7b:7d:9c:
- 3b:7f:b8:82:36:4b:ad:4d:16:19:b9:1c:b3:2d:d7:5f:8b:f8:
- 14:ce:d4:13:e5:82:7a:1d:40:28:08:65:4a:19:d7:7a:35:09:
- db:36:48:4b:96:44:bd:1f:12:b2:39:08:1e:5b:66:25:9b:e0:
- 16:d3:79:05:e3:f6:90:da:95:95:33:a1:53:a8:3c:a9:f0:b2:
- f5:d0:aa:80:a0:96:ca:8c:45:62:c2:74:04:91:68:27:fb:e9:
- 97:be:3a:87:8a:85:28:2d:6e:a9:60:9b:63:ba:65:98:5e:bb:
- 02:ee:ac:ba:be:f6:42:26
------BEGIN CERTIFICATE-----
-MIIESTCCAjGgAwIBAgIBBDANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQGEwJLRzEL
-MAkGA1UECBMCTkExEDAOBgNVBAcTB0JJU0hLRUsxFTATBgNVBAoTDE9wZW5WUE4t
-VEVTVDEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTE0MTAy
-MjIxNTk1M1oXDTI0MTAxOTIxNTk1M1owbTELMAkGA1UEBhMCS0cxCzAJBgNVBAgT
-Ak5BMRUwEwYDVQQKEwxPcGVuVlBOLVRFU1QxFzAVBgNVBAMTDlRlc3QtQ2xpZW50
-LUVDMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4wVjAQBgcqhkjO
-PQIBBgUrgQQACgNCAAQ7zmJdb4eCdSTCWPUOiE1XDQaycYiHWBm73l9/UmJRokiR
-g0iRkD6HAg8VUflolxIK/dI8h4NLZVQARI0odkkFo4HIMIHFMAkGA1UdEwQCMAAw
-HQYDVR0OBBYEFGT2SYjndMGrpfpPK3E8JRM9yJTFMIGYBgNVHSMEgZAwgY2AFCtA
-5cl99fSWOOkv4y/ZQGTJjgWboWqkaDBmMQswCQYDVQQGEwJLRzELMAkGA1UECBMC
-TkExEDAOBgNVBAcTB0JJU0hLRUsxFTATBgNVBAoTDE9wZW5WUE4tVEVTVDEhMB8G
-CSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluggkAoU7e+pDyroEwDQYJKoZI
-hvcNAQELBQADggIBADI98Ahn3QNzdsx2Ugr2l9HG+l/T5ijJdacIqDRJac/rq9qG
-sy5lF+5+trVrFQvcETq5WrOAuLv0bM+IOhCDfhCggoduBux4YtTRRCfdLBnYGqGu
-9KAAf1NaQIrCg3dLJn1TsNMPL3wocO90WFvegZRMYxnwectssuwyG0vkYiJPraxK
-b6luxCqNiogZCf2IkzwnTZGV/1eEE/1KaNsg3xDmgR395x01+xkC3bVfoMEH7HS0
-74v5M5rypjtutkpSq12ZdmRixNU6xoGN68hLAq/hymDpjcepK+pPVjHTmhHCnINc
-oo2Y/sylrR9RxG7P/6BRZMh/fzIFTI1/v7jt5YFfgb0dmz+KgycmtGmEi+XZ6v0I
-qKrkOtwpTYBsE/dFzpLyqfNfkIPWIw9Q5UAJTGvyc6rYSaepgW678uSlfxk5HWXz
-EZexK3wvNnd/df2IRJB88jONzSz2dmAz0/SzjIHXhYnM19UslKkxP9Njp9yCPwrY
-xXGXaTvBacvwG74VwL6q/egTLAw/cnt9nDt/uII2S61NFhm5HLMt11+L+BTO1BPl
-gnodQCgIZUoZ13o1Cds2SEuWRL0fErI5CB5bZiWb4BbTeQXj9pDalZUzoVOoPKnw
-svXQqoCglsqMRWLCdASRaCf76Ze+OoeKhSgtbqlgm2O6ZZheuwLurLq+9kIm
------END CERTIFICATE-----
diff --git a/main/openvpn/sample/sample-keys/client-ec.key b/main/openvpn/sample/sample-keys/client-ec.key
deleted file mode 100644
index 81313800..00000000
--- a/main/openvpn/sample/sample-keys/client-ec.key
+++ /dev/null
@@ -1,5 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIGEAgEAMBAGByqGSM49AgEGBSuBBAAKBG0wawIBAQQg2RVk/d0yok086M9bLPIi
-eu4DfcBUwphOnkje1/7VSY+hRANCAAQ7zmJdb4eCdSTCWPUOiE1XDQaycYiHWBm7
-3l9/UmJRokiRg0iRkD6HAg8VUflolxIK/dI8h4NLZVQARI0odkkF
------END PRIVATE KEY-----
diff --git a/main/openvpn/sample/sample-keys/client-pass.key b/main/openvpn/sample/sample-keys/client-pass.key
deleted file mode 100644
index 2bb8d4e9..00000000
--- a/main/openvpn/sample/sample-keys/client-pass.key
+++ /dev/null
@@ -1,30 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-Proc-Type: 4,ENCRYPTED
-DEK-Info: AES-256-CBC,ECC1F209896FC2621233FFF6F1FFD045
-
-i6t7VKTyNNELTvrBO464e02nFg9rvYwumxd0sfqcPtaKmRK2mrZmEd/Xh0Nv1WyB
-PyuJo78qQixAtxObRbkSNINzTr5C8IDrE6+wQYCJinvO54U0o+ksv0tsyLngz1cb
-is8ZqHXrRgJ3qGFQWmFRtFKFQvSXOTDX3fLkEB53HfeblQCxBCnJ82Sp7ivnVR/j
-Q8qQRy1RMbzIN0trEGf0Zi4tHEvXL1u7Y+olQzSlmWWaQt20hhXUOMLhMtlRsAo7
-AwjlE94JjAfJ1q1dwIcRN4c9Lk8GkiX6w7nDpRACDpk2S8ifCqi69eGe4+g7owhL
-74bgs64PmM9a2sNXy1v6WE3c/t6sSrZiMvrGsqMo4sBlrQ9WXe0Naon7heBkPcdS
-px0YJjnyBXHMIH+ASmALSJ5JXq9vt2xRFf0dOsGapxhP+7bZJ5Pwyk/yUu5uHFbM
-/aBemlrZJzlKeYiiwpwx2whQAtDwN41zMG+r27EzSU/AaDV40NPiwwycpWt/Bp1e
-z1ag0JuS0an+PK4jmREtzT5U5BeAVM91x8YttOPpmUIpahAa1zwdYPRAIkbmPJ4z
-ZH+9YoPH4hoBQKdIhshYktjdI++xNiKXAUGUz5YoX8S68SsLdmKvhnQ7fu5VvOkA
-2pb7taXGy7zfn+a/fWauhuceV9HPlAXMIu3GsssODoNly3vpcFeiMySKppygJ3Eg
-A3o9n8UepD+jXflKG/R/t7U3hT6LqSIvQWqBqYMEVFMCNzSsJ/ce/4veFvx343zT
-qdxuzYqyiXM74cynpfqHdVa9SFICTesNdVDI0FdOXhSQ4bHJc7Xp9FFJdS0lMRw4
-ACwKxvs8lo4Gx1WFyCqH5OxosKtDHQYzdUJfSWVJlhhOFR3GncR9qSe3O5fkhJfs
-TALnC+xTJyCkSB2k0/bxVLIhlkPdCwzsrN/B6X2CDBdg0mQIo0LaPzGF8VneM20d
-XebYn751XSiL3HKyq8G5AEFwj9AO3Q8gKuP2fPoWdngJ2GT+mt1m2fIw9Igu39J0
-ZMegyUN0wSIiA5AkgryK9U+PJEiJmLzOJ/NGr7E5tPF18eZWapK4KZ8TXC4RNiye
-g+apGa+xZJz2VQp/Mrcdj9D4UDJFQjrvKaS0PXJDoYUXFBoMv3rxijzRVxlhhuJY
-yZ0At+UqZD5wpuWW6DRrgJIpy0HNhbaLmgsU0Co0HKviB0x8hvMJbi/uCoPTOdPz
-sPB7CN2i3oXe7xw1HfSTSFWb4leqjlKwNgfV42ox0QUjkkADeeuY+56g/B2+QmdE
-vXrc6sDwfNUwRUzeMn8yfum/aW1y/wrqF/qPTBQqFd85vlzS+NfXIKDg04cAljTu
-+2BLzvizh9Bb68iG4PykNXbjbAir1EbQG1tCzq1eKhERjgrxdv6+XqAmvchMCeL5
-L6hvfQFBPCo/4xnMpU5wooFarO/kGdKlGr5rXOydgfL618Td18BIX+FHQFb3zzVU
-y2NR4++DslJAZgAU+512zzpW1m3JtaRoyqyoLE2YFPlW804Xc1PBB3Ix6Wyzcegy
-D4qMk5qxjBkXEsBBSCYfVbWoMBeMhnvxkz0b9wkPtAW/jEJCB2Kkn/5yMC0DkePO
------END RSA PRIVATE KEY-----
diff --git a/main/openvpn/sample/sample-keys/client.crt b/main/openvpn/sample/sample-keys/client.crt
deleted file mode 100644
index 1744cb22..00000000
--- a/main/openvpn/sample/sample-keys/client.crt
+++ /dev/null
@@ -1,103 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 2 (0x2)
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: C=KG, ST=NA, L=BISHKEK, O=OpenVPN-TEST/emailAddress=me@myhost.mydomain
- Validity
- Not Before: Oct 22 21:59:53 2014 GMT
- Not After : Oct 19 21:59:53 2024 GMT
- Subject: C=KG, ST=NA, O=OpenVPN-TEST, CN=Test-Client/emailAddress=me@myhost.mydomain
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
- Modulus:
- 00:ec:65:8f:e9:12:c2:1a:5b:e6:56:2a:08:a9:82:
- 3a:2d:44:78:a3:00:3b:b0:9f:e7:27:10:40:93:ef:
- f1:cc:3e:a0:aa:04:a2:80:1b:13:a9:e6:fe:81:d6:
- 70:90:a8:d8:d4:de:30:d8:35:00:d2:be:62:f0:48:
- da:fc:15:8d:c4:c6:6d:0b:99:f1:2b:83:00:0a:d3:
- 2a:23:0b:e5:cd:f9:35:df:43:61:15:72:ad:95:98:
- f6:73:21:41:5e:a0:dd:47:27:a0:d5:9a:d4:41:a8:
- 1c:1d:57:20:71:17:8f:f7:28:9e:3e:07:ce:ec:d5:
- 0e:42:4f:1e:74:47:8e:47:9d:d2:14:28:27:2c:14:
- 10:f5:d1:96:b5:93:74:84:ef:f9:04:de:8d:4a:6f:
- df:77:ab:ea:d1:58:d3:44:fe:5a:04:01:ff:06:7a:
- 97:f7:fd:e3:57:48:e1:f0:df:40:13:9f:66:23:5a:
- e3:55:54:3d:54:39:ee:00:f9:12:f1:d2:df:74:2e:
- ba:d7:f0:8d:c6:dd:18:58:1c:93:22:0b:75:fa:a8:
- d6:e0:b5:2f:2d:b9:d4:fe:b9:4f:86:e2:75:48:16:
- 60:fb:3f:c9:b4:30:42:29:fb:3b:b3:2b:b9:59:81:
- 6a:46:f3:45:83:bf:fd:d5:1a:ff:37:0c:6f:5b:fd:
- 61:f1
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Subject Key Identifier:
- D2:B4:36:0F:B1:FC:DD:A5:EA:2A:F7:C7:23:89:FA:E3:FA:7A:44:1D
- X509v3 Authority Key Identifier:
- keyid:2B:40:E5:C9:7D:F5:F4:96:38:E9:2F:E3:2F:D9:40:64:C9:8E:05:9B
- DirName:/C=KG/ST=NA/L=BISHKEK/O=OpenVPN-TEST/emailAddress=me@myhost.mydomain
- serial:A1:4E:DE:FA:90:F2:AE:81
-
- Signature Algorithm: sha256WithRSAEncryption
- 7f:e0:fe:84:a7:ec:df:62:a5:cd:3c:c1:e6:42:b1:31:12:f0:
- b9:da:a7:9e:3f:bd:96:52:b6:fc:55:74:64:3e:e4:ff:7e:aa:
- f7:3e:06:18:5f:73:85:f8:c8:e0:67:1b:4d:97:ca:05:d0:37:
- 07:33:64:9b:e6:78:77:14:9a:55:bb:2a:ac:c3:7f:c9:15:08:
- 83:5c:c8:c2:61:d3:71:4c:05:0b:2b:cb:a3:87:6d:a0:32:ed:
- b0:b3:27:97:4a:55:8d:01:2a:30:56:68:ab:f2:da:5c:10:73:
- c9:aa:0a:9c:4b:4c:a0:5b:51:6e:0a:7e:6c:53:80:b0:00:e1:
- 1e:9a:4c:0a:37:9e:20:89:bc:c5:e5:79:58:b7:45:ff:d3:c4:
- a1:fd:d9:78:3d:45:16:74:df:82:44:1d:1d:81:50:5a:b9:32:
- 4c:e2:4f:3f:0e:3a:65:5a:64:83:3b:29:31:c4:99:88:bc:c5:
- 84:39:f2:19:12:e1:66:d0:ea:fb:75:b1:d2:27:be:91:59:a3:
- 2b:09:d5:5c:bf:46:8e:d6:67:d6:0b:ec:da:ab:f0:80:19:87:
- 64:07:a9:77:b1:5e:0c:e2:c5:1d:6a:ac:5d:23:f3:30:75:36:
- 4e:ca:c3:4e:b0:4d:8c:2c:ce:52:61:63:de:d5:f5:ef:ef:0a:
- 6b:23:25:26:3c:3a:f2:c3:c2:16:19:3f:a9:32:ba:68:f9:c9:
- 12:3c:3e:c6:1f:ff:9b:4e:f4:90:b0:63:f5:d1:33:00:30:5a:
- e8:24:fa:35:44:9b:6a:80:f3:a6:cc:7b:3c:73:5f:50:c4:30:
- 71:d8:74:90:27:0a:01:4e:a5:5e:b1:f8:da:c2:61:81:11:ae:
- 29:a3:8f:fa:7e:4c:4e:62:b1:00:de:92:e3:8f:6a:2e:da:d9:
- 38:5d:6b:7c:0d:e4:01:aa:c8:c6:6d:8b:cd:c0:c8:6e:e4:57:
- 21:8a:f6:46:30:d9:ad:51:a1:87:96:a6:53:c9:1e:c6:bb:c3:
- eb:55:fe:8c:d6:5c:d5:c6:f3:ca:b0:60:d2:d4:2a:1f:88:94:
- d3:4c:1a:da:0c:94:fe:c1:5d:0d:2a:db:99:29:5d:f6:dd:16:
- c4:c8:4d:74:9e:80:d9:d0:aa:ed:7b:e3:30:e4:47:d8:f5:15:
- c1:71:b8:c6:fd:ee:fc:9e:b2:5f:b5:b7:92:ed:ff:ca:37:f6:
- c7:82:b4:54:13:9b:83:cd:87:8b:7e:64:f6:2e:54:3a:22:b1:
- c5:c1:f4:a5:25:53:9a:4d:a8:0f:e7:35:4b:89:df:19:83:66:
- 64:d9:db:d1:61:2b:24:1b:1d:44:44:fb:49:30:87:b7:49:23:
- 08:02:8a:e0:25:f3:f4:43
------BEGIN CERTIFICATE-----
-MIIFFDCCAvygAwIBAgIBAjANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQGEwJLRzEL
-MAkGA1UECBMCTkExEDAOBgNVBAcTB0JJU0hLRUsxFTATBgNVBAoTDE9wZW5WUE4t
-VEVTVDEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTE0MTAy
-MjIxNTk1M1oXDTI0MTAxOTIxNTk1M1owajELMAkGA1UEBhMCS0cxCzAJBgNVBAgT
-Ak5BMRUwEwYDVQQKEwxPcGVuVlBOLVRFU1QxFDASBgNVBAMTC1Rlc3QtQ2xpZW50
-MSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4wggEiMA0GCSqGSIb3
-DQEBAQUAA4IBDwAwggEKAoIBAQDsZY/pEsIaW+ZWKgipgjotRHijADuwn+cnEECT
-7/HMPqCqBKKAGxOp5v6B1nCQqNjU3jDYNQDSvmLwSNr8FY3Exm0LmfErgwAK0yoj
-C+XN+TXfQ2EVcq2VmPZzIUFeoN1HJ6DVmtRBqBwdVyBxF4/3KJ4+B87s1Q5CTx50
-R45HndIUKCcsFBD10Za1k3SE7/kE3o1Kb993q+rRWNNE/loEAf8Gepf3/eNXSOHw
-30ATn2YjWuNVVD1UOe4A+RLx0t90LrrX8I3G3RhYHJMiC3X6qNbgtS8tudT+uU+G
-4nVIFmD7P8m0MEIp+zuzK7lZgWpG80WDv/3VGv83DG9b/WHxAgMBAAGjgcgwgcUw
-CQYDVR0TBAIwADAdBgNVHQ4EFgQU0rQ2D7H83aXqKvfHI4n64/p6RB0wgZgGA1Ud
-IwSBkDCBjYAUK0DlyX319JY46S/jL9lAZMmOBZuhaqRoMGYxCzAJBgNVBAYTAktH
-MQswCQYDVQQIEwJOQTEQMA4GA1UEBxMHQklTSEtFSzEVMBMGA1UEChMMT3BlblZQ
-Ti1URVNUMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW6CCQChTt76
-kPKugTANBgkqhkiG9w0BAQsFAAOCAgEAf+D+hKfs32KlzTzB5kKxMRLwudqnnj+9
-llK2/FV0ZD7k/36q9z4GGF9zhfjI4GcbTZfKBdA3BzNkm+Z4dxSaVbsqrMN/yRUI
-g1zIwmHTcUwFCyvLo4dtoDLtsLMnl0pVjQEqMFZoq/LaXBBzyaoKnEtMoFtRbgp+
-bFOAsADhHppMCjeeIIm8xeV5WLdF/9PEof3ZeD1FFnTfgkQdHYFQWrkyTOJPPw46
-ZVpkgzspMcSZiLzFhDnyGRLhZtDq+3Wx0ie+kVmjKwnVXL9GjtZn1gvs2qvwgBmH
-ZAepd7FeDOLFHWqsXSPzMHU2TsrDTrBNjCzOUmFj3tX17+8KayMlJjw68sPCFhk/
-qTK6aPnJEjw+xh//m070kLBj9dEzADBa6CT6NUSbaoDzpsx7PHNfUMQwcdh0kCcK
-AU6lXrH42sJhgRGuKaOP+n5MTmKxAN6S449qLtrZOF1rfA3kAarIxm2LzcDIbuRX
-IYr2RjDZrVGhh5amU8kexrvD61X+jNZc1cbzyrBg0tQqH4iU00wa2gyU/sFdDSrb
-mSld9t0WxMhNdJ6A2dCq7XvjMORH2PUVwXG4xv3u/J6yX7W3ku3/yjf2x4K0VBOb
-g82Hi35k9i5UOiKxxcH0pSVTmk2oD+c1S4nfGYNmZNnb0WErJBsdRET7STCHt0kj
-CAKK4CXz9EM=
------END CERTIFICATE-----
diff --git a/main/openvpn/sample/sample-keys/client.key b/main/openvpn/sample/sample-keys/client.key
deleted file mode 100644
index 6d31489a..00000000
--- a/main/openvpn/sample/sample-keys/client.key
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDsZY/pEsIaW+ZW
-KgipgjotRHijADuwn+cnEECT7/HMPqCqBKKAGxOp5v6B1nCQqNjU3jDYNQDSvmLw
-SNr8FY3Exm0LmfErgwAK0yojC+XN+TXfQ2EVcq2VmPZzIUFeoN1HJ6DVmtRBqBwd
-VyBxF4/3KJ4+B87s1Q5CTx50R45HndIUKCcsFBD10Za1k3SE7/kE3o1Kb993q+rR
-WNNE/loEAf8Gepf3/eNXSOHw30ATn2YjWuNVVD1UOe4A+RLx0t90LrrX8I3G3RhY
-HJMiC3X6qNbgtS8tudT+uU+G4nVIFmD7P8m0MEIp+zuzK7lZgWpG80WDv/3VGv83
-DG9b/WHxAgMBAAECggEBAIOdaCpUD02trOh8LqZxowJhBOl7z7/ex0uweMPk67LT
-i5AdVHwOlzwZJ8oSIknoOBEMRBWcLQEojt1JMuL2/R95emzjIKshHHzqZKNulFvB
-TIUpdnwChTKtH0mqUkLlPU3Ienty4IpNlpmfUKimfbkWHERdBJBHbtDsTABhdo3X
-9pCF/yRKqJS2Fy/Mkl3gv1y/NB1OL4Jhl7vQbf+kmgfQN2qdOVe2BOKQ8NlPUDmE
-/1XNIDaE3s6uvUaoFfwowzsCCwN2/8QrRMMKkjvV+lEVtNmQdYxj5Xj5IwS0vkK0
-6icsngW87cpZxxc1zsRWcSTloy5ohub4FgKhlolmigECgYEA+cBlxzLvaMzMlBQY
-kCac9KQMvVL+DIFHlZA5i5L/9pRVp4JJwj3GUoehFJoFhsxnKr8HZyLwBKlCmUVm
-VxnshRWiAU18emUmeAtSGawlAS3QXhikVZDdd/L20YusLT+DXV81wlKR97/r9+17
-klQOLkSdPm9wcMDOWMNHX8bUg8kCgYEA8k+hQv6+TR/+Beao2IIctFtw/EauaJiJ
-wW5ql1cpCLPMAOQUvjs0Km3zqctfBF8mUjdkcyJ4uhL9FZtfywY22EtRIXOJ/8VR
-we65mVo6RLR8YVM54sihanuFOnlyF9LIBWB+9pUfh1/Y7DSebh7W73uxhAxQhi3Y
-QwfIQIFd8OkCgYBalH4VXhLYhpaYCiXSej6ot6rrK2N6c5Tb2MAWMA1nh+r84tMP
-gMoh+pDgYPAqMI4mQbxUmqZEeoLuBe6VHpDav7rPECRaW781AJ4ZM4cEQ3Jz/inz
-4qOAMn10CF081/Ez9ykPPlU0bsYNWHNd4eB2xWnmUBKOwk7UgJatVPaUiQKBgQCI
-f18CVGpzG9CHFnaK8FCnMNOm6VIaTcNcGY0mD81nv5Dt943P054BQMsAHTY7SjZW
-HioRyZtkhonXAB2oSqnekh7zzxgv4sG5k3ct8evdBCcE1FNJc2eqikZ0uDETRoOy
-s7cRxNNr+QxDkyikM+80HOPU1PMPgwfOSrX90GJQ8QKBgEBKohGMV/sNa4t14Iau
-qO8aagoqh/68K9GFXljsl3/iCSa964HIEREtW09Qz1w3dotEgp2w8bsDa+OwWrLy
-0SY7T5jRViM3cDWRlUBLrGGiL0FiwsfqiRiji60y19erJgrgyGVIb1kIgIBRkgFM
-2MMweASzTmZcri4PA/5C0HYb
------END PRIVATE KEY-----
diff --git a/main/openvpn/sample/sample-keys/client.p12 b/main/openvpn/sample/sample-keys/client.p12
deleted file mode 100644
index 8458c797..00000000
--- a/main/openvpn/sample/sample-keys/client.p12
+++ /dev/null
Binary files differ
diff --git a/main/openvpn/sample/sample-keys/dh2048.pem b/main/openvpn/sample/sample-keys/dh2048.pem
deleted file mode 100644
index 8eda59aa..00000000
--- a/main/openvpn/sample/sample-keys/dh2048.pem
+++ /dev/null
@@ -1,8 +0,0 @@
------BEGIN DH PARAMETERS-----
-MIIBCAKCAQEArdnA32xujHPlPI+jPffHSoMUZ+b5gRz1H1Lw9//Gugm5TAsRiYrB
-t2BDSsMKvAjyqN+i5SJv4TOk98kRRKB27iPvyXmiL945VaDQl/UehCySjYlGFUjW
-9nuo+JwQxeSbw0TLiSYoYJZQ8X1CxPl9mgJl277O4cW1Gc8I/bWa+ipU/4K5wv3h
-GI8nt+6A0jN3M/KebotMP101G4k0l0qsY4oRMTmP+z3oAP0qU9NZ1jiuMFVzRlNp
-5FdYF7ctrH+tBF+QmyT4SRKSED4wE4oX6gp420NaBhIEQifIj75wlMDtxQlpkN+x
-QkjsEbPlaPKHGQ4uupssChVUi8IM2yq5EwIBAg==
------END DH PARAMETERS-----
diff --git a/main/openvpn/sample/sample-keys/gen-sample-keys.sh b/main/openvpn/sample/sample-keys/gen-sample-keys.sh
deleted file mode 100755
index 725cfc97..00000000
--- a/main/openvpn/sample/sample-keys/gen-sample-keys.sh
+++ /dev/null
@@ -1,78 +0,0 @@
-#!/bin/sh
-#
-# Run this script to set up a test CA, and test key-certificate pair for a
-# server, and various clients.
-#
-# Copyright (C) 2014 Steffan Karger <steffan@karger.me>
-set -eu
-
-command -v openssl >/dev/null 2>&1 || { echo >&2 "Unable to find openssl. Please make sure openssl is installed and in your path."; exit 1; }
-
-if [ ! -f openssl.cnf ]
-then
- echo "Please run this script from the sample directory"
- exit 1
-fi
-
-# Generate static key for tls-auth (or static key mode)
-$(dirname ${0})/../../src/openvpn/openvpn --genkey --secret ta.key
-
-# Create required directories and files
-mkdir -p sample-ca
-rm -f sample-ca/index.txt
-touch sample-ca/index.txt
-echo "01" > sample-ca/serial
-
-# Generate CA key and cert
-openssl req -new -newkey rsa:4096 -days 3650 -nodes -x509 \
- -extensions easyrsa_ca -keyout sample-ca/ca.key -out sample-ca/ca.crt \
- -subj "/C=KG/ST=NA/L=BISHKEK/O=OpenVPN-TEST/emailAddress=me@myhost.mydomain" \
- -config openssl.cnf
-
-# Create server key and cert
-openssl req -new -nodes -config openssl.cnf -extensions server \
- -keyout sample-ca/server.key -out sample-ca/server.csr \
- -subj "/C=KG/ST=NA/O=OpenVPN-TEST/CN=Test-Server/emailAddress=me@myhost.mydomain"
-openssl ca -batch -config openssl.cnf -extensions server \
- -out sample-ca/server.crt -in sample-ca/server.csr
-
-# Create client key and cert
-openssl req -new -nodes -config openssl.cnf \
- -keyout sample-ca/client.key -out sample-ca/client.csr \
- -subj "/C=KG/ST=NA/O=OpenVPN-TEST/CN=Test-Client/emailAddress=me@myhost.mydomain"
-openssl ca -batch -config openssl.cnf \
- -out sample-ca/client.crt -in sample-ca/client.csr
-
-# Create password protected key file
-openssl rsa -aes256 -passout pass:password \
- -in sample-ca/client.key -out sample-ca/client-pass.key
-
-# Create pkcs#12 client bundle
-openssl pkcs12 -export -nodes -password pass:password \
- -out sample-ca/client.p12 -inkey sample-ca/client.key \
- -in sample-ca/client.crt -certfile sample-ca/ca.crt
-
-
-# Create EC server and client cert (signed by 'regular' RSA CA)
-openssl ecparam -out sample-ca/secp256k1.pem -name secp256k1
-
-openssl req -new -newkey ec:sample-ca/secp256k1.pem -nodes -config openssl.cnf \
- -extensions server \
- -keyout sample-ca/server-ec.key -out sample-ca/server-ec.csr \
- -subj "/C=KG/ST=NA/O=OpenVPN-TEST/CN=Test-Server-EC/emailAddress=me@myhost.mydomain"
-openssl ca -batch -config openssl.cnf -extensions server \
- -out sample-ca/server-ec.crt -in sample-ca/server-ec.csr
-
-openssl req -new -newkey ec:sample-ca/secp256k1.pem -nodes -config openssl.cnf \
- -keyout sample-ca/client-ec.key -out sample-ca/client-ec.csr \
- -subj "/C=KG/ST=NA/O=OpenVPN-TEST/CN=Test-Client-EC/emailAddress=me@myhost.mydomain"
-openssl ca -batch -config openssl.cnf \
- -out sample-ca/client-ec.crt -in sample-ca/client-ec.csr
-
-# Generate DH parameters
-openssl dhparam -out dh2048.pem 2048
-
-# Copy keys and certs to working directory
-cp sample-ca/*.key .
-cp sample-ca/*.crt .
-cp sample-ca/*.p12 .
diff --git a/main/openvpn/sample/sample-keys/openssl.cnf b/main/openvpn/sample/sample-keys/openssl.cnf
deleted file mode 100644
index aabfd48f..00000000
--- a/main/openvpn/sample/sample-keys/openssl.cnf
+++ /dev/null
@@ -1,139 +0,0 @@
-# Heavily borrowed from EasyRSA 3, for use with OpenSSL 1.0.*
-
-####################################################################
-[ ca ]
-default_ca = CA_default # The default ca section
-
-####################################################################
-[ CA_default ]
-
-dir = sample-ca # Where everything is kept
-certs = $dir # Where the issued certs are kept
-crl_dir = $dir # Where the issued crl are kept
-database = $dir/index.txt # database index file.
-new_certs_dir = $dir # default place for new certs.
-
-certificate = $dir/ca.crt # The CA certificate
-serial = $dir/serial # The current serial number
-crl = $dir/crl.pem # The current CRL
-private_key = $dir/ca.key # The private key
-RANDFILE = $dir/.rand # private random number file
-
-x509_extensions = basic_exts # The extentions to add to the cert
-
-# This allows a V2 CRL. Ancient browsers don't like it, but anything Easy-RSA
-# is designed for will. In return, we get the Issuer attached to CRLs.
-crl_extensions = crl_ext
-
-default_days = 3650 # how long to certify for
-default_crl_days= 30 # how long before next CRL
-default_md = sha256 # use public key default MD
-preserve = no # keep passed DN ordering
-
-# A few difference way of specifying how similar the request should look
-# For type CA, the listed attributes must be the same, and the optional
-# and supplied fields are just that :-)
-policy = policy_anything
-
-# For the 'anything' policy, which defines allowed DN fields
-[ policy_anything ]
-countryName = optional
-stateOrProvinceName = optional
-localityName = optional
-organizationName = optional
-organizationalUnitName = optional
-commonName = supplied
-name = optional
-emailAddress = optional
-
-####################################################################
-# Easy-RSA request handling
-# We key off $DN_MODE to determine how to format the DN
-[ req ]
-default_bits = 2048
-default_keyfile = privkey.pem
-default_md = sha256
-distinguished_name = cn_only
-x509_extensions = easyrsa_ca # The extentions to add to the self signed cert
-
-# A placeholder to handle the $EXTRA_EXTS feature:
-#%EXTRA_EXTS% # Do NOT remove or change this line as $EXTRA_EXTS support requires it
-
-####################################################################
-# Easy-RSA DN (Subject) handling
-
-# Easy-RSA DN for cn_only support:
-[ cn_only ]
-commonName = Common Name (eg: your user, host, or server name)
-commonName_max = 64
-commonName_default = changeme
-
-# Easy-RSA DN for org support:
-[ org ]
-countryName = Country Name (2 letter code)
-countryName_default = KG
-countryName_min = 2
-countryName_max = 2
-
-stateOrProvinceName = State or Province Name (full name)
-stateOrProvinceName_default = NA
-
-localityName = Locality Name (eg, city)
-localityName_default = BISHKEK
-
-0.organizationName = Organization Name (eg, company)
-0.organizationName_default = OpenVPN-TEST
-
-organizationalUnitName = Organizational Unit Name (eg, section)
-organizationalUnitName_default =
-
-commonName = Common Name (eg: your user, host, or server name)
-commonName_max = 64
-commonName_default =
-
-emailAddress = Email Address
-emailAddress_default = me@myhost.mydomain
-emailAddress_max = 64
-
-####################################################################
-
-[ basic_exts ]
-basicConstraints = CA:FALSE
-subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid,issuer:always
-
-# The Easy-RSA CA extensions
-[ easyrsa_ca ]
-
-# PKIX recommendations:
-
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid:always,issuer:always
-
-# This could be marked critical, but it's nice to support reading by any
-# broken clients who attempt to do so.
-basicConstraints = CA:true
-
-# Limit key usage to CA tasks. If you really want to use the generated pair as
-# a self-signed cert, comment this out.
-keyUsage = cRLSign, keyCertSign
-
-# CRL extensions.
-[ crl_ext ]
-
-# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
-
-# issuerAltName=issuer:copy
-authorityKeyIdentifier=keyid:always,issuer:always
-
-
-# Server extensions.
-[ server ]
-
-basicConstraints = CA:FALSE
-nsCertType = server
-nsComment = "OpenSSL Generated Server Certificate"
-subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid,issuer:always
-extendedKeyUsage = serverAuth
-keyUsage = digitalSignature, keyEncipherment
diff --git a/main/openvpn/sample/sample-keys/server-ec.crt b/main/openvpn/sample/sample-keys/server-ec.crt
deleted file mode 100644
index 7c7645a5..00000000
--- a/main/openvpn/sample/sample-keys/server-ec.crt
+++ /dev/null
@@ -1,96 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 3 (0x3)
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: C=KG, ST=NA, L=BISHKEK, O=OpenVPN-TEST/emailAddress=me@myhost.mydomain
- Validity
- Not Before: Oct 22 21:59:53 2014 GMT
- Not After : Oct 19 21:59:53 2024 GMT
- Subject: C=KG, ST=NA, O=OpenVPN-TEST, CN=Test-Server-EC/emailAddress=me@myhost.mydomain
- Subject Public Key Info:
- Public Key Algorithm: id-ecPublicKey
- Public-Key: (256 bit)
- pub:
- 04:21:09:ac:27:e6:00:3a:57:f4:f6:c7:78:a9:b1:
- f4:d7:d7:45:59:39:e4:a3:d3:2c:94:f9:61:4a:e6:
- b9:e9:87:57:c8:0f:88:03:a0:56:ee:34:e7:e4:4e:
- 20:63:6c:c1:6e:c1:04:ac:b9:2f:a9:76:69:d3:7d:
- 49:ff:f1:34:cb
- ASN1 OID: secp256k1
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- Netscape Cert Type:
- SSL Server
- Netscape Comment:
- OpenSSL Generated Server Certificate
- X509v3 Subject Key Identifier:
- 33:1A:42:61:9E:88:08:3F:6F:1F:98:88:3A:DD:2D:C7:07:3D:F6:9B
- X509v3 Authority Key Identifier:
- keyid:2B:40:E5:C9:7D:F5:F4:96:38:E9:2F:E3:2F:D9:40:64:C9:8E:05:9B
- DirName:/C=KG/ST=NA/L=BISHKEK/O=OpenVPN-TEST/emailAddress=me@myhost.mydomain
- serial:A1:4E:DE:FA:90:F2:AE:81
-
- X509v3 Extended Key Usage:
- TLS Web Server Authentication
- X509v3 Key Usage:
- Digital Signature, Key Encipherment
- Signature Algorithm: sha256WithRSAEncryption
- 9d:89:f6:7e:0b:43:05:22:63:e5:b3:45:a8:d9:ef:33:3c:b7:
- 19:37:28:87:27:43:43:86:a3:3f:b9:23:27:0f:96:4f:de:01:
- 80:38:6b:d9:c8:94:77:1f:06:08:34:65:77:ad:57:0c:23:99:
- f1:51:12:5f:32:d8:9c:7c:93:f1:f6:72:2a:05:61:ff:62:aa:
- 33:aa:ef:a3:4d:d6:93:56:40:ff:38:2e:73:1c:69:fb:71:a1:
- fa:64:19:6a:04:1c:8b:20:a8:ee:a5:18:63:f8:84:f4:ca:84:
- 8e:b6:05:48:c6:f3:f7:81:90:4d:9e:00:cd:4a:92:83:d4:93:
- 67:05:dc:16:8b:78:fa:b1:82:48:c6:86:74:44:b1:06:7e:8a:
- c8:64:0b:82:3a:e2:f5:56:60:ea:50:70:03:da:9f:fc:28:20:
- 6b:7d:04:e0:eb:8d:e2:f1:be:82:2f:ba:51:50:2b:6c:d2:fc:
- 11:cd:69:85:3b:9e:14:19:dd:bc:14:cf:61:b0:7a:07:cb:e8:
- e0:fc:c3:1f:a4:cb:cf:c1:e9:62:0f:d2:53:f8:ce:06:f4:f8:
- 2f:55:13:aa:67:44:b6:b8:e8:3e:82:af:66:f5:f0:7c:fe:41:
- e6:9d:c0:9f:78:fd:00:85:02:40:63:37:fa:00:e6:3c:a6:9f:
- 35:4f:1d:a6:f1:cb:8b:04:e0:67:98:56:d1:87:58:b6:39:f6:
- d3:fe:a8:40:50:80:7f:e6:4a:36:d0:c0:a5:61:64:1d:3a:87:
- ad:78:72:c9:3f:98:44:35:f9:cf:32:b2:18:4c:b0:72:fa:5e:
- 6c:62:1e:d4:31:0c:c8:9b:74:f0:00:9e:70:c3:1e:c7:a4:9d:
- 03:a4:ac:1a:09:1f:86:23:65:51:34:50:86:68:1e:68:4d:9a:
- 4b:78:10:1c:bd:51:09:bb:fe:16:a3:c7:19:b4:05:44:a1:e6:
- c6:23:76:d5:b8:3a:eb:a5:17:1d:2b:2e:fe:85:7c:88:4f:f1:
- e8:34:32:e0:c5:96:87:c3:e8:c9:5f:89:24:10:0e:1e:07:0b:
- 2c:f8:d0:49:1b:63:5e:63:44:e9:2a:43:e2:9c:d6:f2:43:99:
- 47:f8:9b:49:1a:a7:d1:e0:53:67:1d:cb:14:b6:b0:2c:4d:b3:
- f2:c5:62:c2:a6:09:7a:c0:6c:59:3e:73:83:0c:6c:de:30:77:
- 4d:1b:ed:b0:7f:77:87:8d:55:1d:d3:ed:f7:66:bd:06:2a:f8:
- fd:00:e7:c0:31:e2:ff:53:9e:25:97:c6:64:84:9d:8d:61:8e:
- c9:1f:6c:55:a1:7c:59:aa:eb:e8:2a:b2:2d:c7:09:cd:b5:3d:
- d8:74:4f:6e:9c:3b:d5:6d
------BEGIN CERTIFICATE-----
-MIIEtTCCAp2gAwIBAgIBAzANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQGEwJLRzEL
-MAkGA1UECBMCTkExEDAOBgNVBAcTB0JJU0hLRUsxFTATBgNVBAoTDE9wZW5WUE4t
-VEVTVDEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTE0MTAy
-MjIxNTk1M1oXDTI0MTAxOTIxNTk1M1owbTELMAkGA1UEBhMCS0cxCzAJBgNVBAgT
-Ak5BMRUwEwYDVQQKEwxPcGVuVlBOLVRFU1QxFzAVBgNVBAMTDlRlc3QtU2VydmVy
-LUVDMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4wVjAQBgcqhkjO
-PQIBBgUrgQQACgNCAAQhCawn5gA6V/T2x3ipsfTX10VZOeSj0yyU+WFK5rnph1fI
-D4gDoFbuNOfkTiBjbMFuwQSsuS+pdmnTfUn/8TTLo4IBMzCCAS8wCQYDVR0TBAIw
-ADARBglghkgBhvhCAQEEBAMCBkAwMwYJYIZIAYb4QgENBCYWJE9wZW5TU0wgR2Vu
-ZXJhdGVkIFNlcnZlciBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUMxpCYZ6ICD9vH5iI
-Ot0txwc99pswgZgGA1UdIwSBkDCBjYAUK0DlyX319JY46S/jL9lAZMmOBZuhaqRo
-MGYxCzAJBgNVBAYTAktHMQswCQYDVQQIEwJOQTEQMA4GA1UEBxMHQklTSEtFSzEV
-MBMGA1UEChMMT3BlblZQTi1URVNUMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3Qu
-bXlkb21haW6CCQChTt76kPKugTATBgNVHSUEDDAKBggrBgEFBQcDATALBgNVHQ8E
-BAMCBaAwDQYJKoZIhvcNAQELBQADggIBAJ2J9n4LQwUiY+WzRajZ7zM8txk3KIcn
-Q0OGoz+5IycPlk/eAYA4a9nIlHcfBgg0ZXetVwwjmfFREl8y2Jx8k/H2cioFYf9i
-qjOq76NN1pNWQP84LnMcaftxofpkGWoEHIsgqO6lGGP4hPTKhI62BUjG8/eBkE2e
-AM1KkoPUk2cF3BaLePqxgkjGhnREsQZ+ishkC4I64vVWYOpQcAPan/woIGt9BODr
-jeLxvoIvulFQK2zS/BHNaYU7nhQZ3bwUz2GwegfL6OD8wx+ky8/B6WIP0lP4zgb0
-+C9VE6pnRLa46D6Cr2b18Hz+QeadwJ94/QCFAkBjN/oA5jymnzVPHabxy4sE4GeY
-VtGHWLY59tP+qEBQgH/mSjbQwKVhZB06h614csk/mEQ1+c8yshhMsHL6XmxiHtQx
-DMibdPAAnnDDHseknQOkrBoJH4YjZVE0UIZoHmhNmkt4EBy9UQm7/hajxxm0BUSh
-5sYjdtW4OuulFx0rLv6FfIhP8eg0MuDFlofD6MlfiSQQDh4HCyz40EkbY15jROkq
-Q+Kc1vJDmUf4m0kap9HgU2cdyxS2sCxNs/LFYsKmCXrAbFk+c4MMbN4wd00b7bB/
-d4eNVR3T7fdmvQYq+P0A58Ax4v9TniWXxmSEnY1hjskfbFWhfFmq6+gqsi3HCc21
-Pdh0T26cO9Vt
------END CERTIFICATE-----
diff --git a/main/openvpn/sample/sample-keys/server-ec.key b/main/openvpn/sample/sample-keys/server-ec.key
deleted file mode 100644
index 8f2c914e..00000000
--- a/main/openvpn/sample/sample-keys/server-ec.key
+++ /dev/null
@@ -1,5 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIGEAgEAMBAGByqGSM49AgEGBSuBBAAKBG0wawIBAQQgLHGYqSlzoRaogmJfrC+E
-ozTothB9bORaQ1C/3FmeQ6ehRANCAAQhCawn5gA6V/T2x3ipsfTX10VZOeSj0yyU
-+WFK5rnph1fID4gDoFbuNOfkTiBjbMFuwQSsuS+pdmnTfUn/8TTL
------END PRIVATE KEY-----
diff --git a/main/openvpn/sample/sample-keys/server.crt b/main/openvpn/sample/sample-keys/server.crt
deleted file mode 100644
index 76b40448..00000000
--- a/main/openvpn/sample/sample-keys/server.crt
+++ /dev/null
@@ -1,113 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 1 (0x1)
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: C=KG, ST=NA, L=BISHKEK, O=OpenVPN-TEST/emailAddress=me@myhost.mydomain
- Validity
- Not Before: Oct 22 21:59:52 2014 GMT
- Not After : Oct 19 21:59:52 2024 GMT
- Subject: C=KG, ST=NA, O=OpenVPN-TEST, CN=Test-Server/emailAddress=me@myhost.mydomain
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
- Modulus:
- 00:a5:b8:a2:ee:ce:b1:a6:0f:6a:b2:9f:d3:22:17:
- 79:de:09:98:71:78:fa:a7:ce:36:51:54:57:c7:31:
- 99:56:d1:8a:d6:c5:fd:52:e6:88:0e:7b:f9:ea:27:
- 7a:bf:3f:14:ec:aa:d2:ff:8b:56:58:ac:ca:51:77:
- c5:3c:b6:e4:83:6f:22:06:2d:5b:eb:e7:59:d4:ab:
- 42:c8:d5:a9:87:73:b3:73:36:51:2f:a5:d0:90:a2:
- 87:64:54:6c:12:d3:b8:76:47:69:af:ae:8f:00:b3:
- 70:b9:e7:67:3f:8c:6a:3d:79:5f:81:27:a3:0e:aa:
- a7:3d:81:48:10:b1:18:6c:38:2e:8f:7a:7b:c5:3d:
- 21:c8:f9:a0:7f:17:2b:88:4f:ba:f2:ec:6d:24:8e:
- 6c:f1:0a:5c:d9:5b:b1:b0:fc:49:cb:4a:d2:58:c6:
- 2a:25:b0:97:84:c3:9e:ff:34:8c:10:46:7f:0f:fb:
- 3c:59:7a:a6:29:0c:ae:8e:50:3a:f2:53:84:40:2d:
- d5:91:7b:0a:37:8e:82:77:ce:66:2f:34:77:5c:a5:
- 45:3b:00:19:a7:07:d1:92:e6:66:b9:3b:4e:e9:63:
- fc:33:98:1a:ae:7b:08:7d:0a:df:7a:ba:aa:59:6d:
- 86:82:0a:64:2b:da:59:a7:4c:4e:ef:3d:bd:04:a2:
- 4b:31
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- Netscape Cert Type:
- SSL Server
- Netscape Comment:
- OpenSSL Generated Server Certificate
- X509v3 Subject Key Identifier:
- B3:9D:81:E6:16:92:64:C4:86:87:F5:29:10:1B:5E:2F:74:F7:ED:B1
- X509v3 Authority Key Identifier:
- keyid:2B:40:E5:C9:7D:F5:F4:96:38:E9:2F:E3:2F:D9:40:64:C9:8E:05:9B
- DirName:/C=KG/ST=NA/L=BISHKEK/O=OpenVPN-TEST/emailAddress=me@myhost.mydomain
- serial:A1:4E:DE:FA:90:F2:AE:81
-
- X509v3 Extended Key Usage:
- TLS Web Server Authentication
- X509v3 Key Usage:
- Digital Signature, Key Encipherment
- Signature Algorithm: sha256WithRSAEncryption
- 4e:25:80:1b:cb:b0:42:ff:bb:3f:e8:0d:58:c1:80:db:cf:d0:
- 90:df:ca:c1:e6:41:e1:48:7f:a7:1e:c7:35:9f:9c:6d:7c:3e:
- 82:e8:de:7e:ae:82:16:00:33:0f:02:23:f1:9d:fe:2b:06:16:
- 05:55:16:89:dc:63:ac:5f:1a:31:13:79:21:a3:6e:60:28:e8:
- e7:6b:54:00:22:a1:b7:69:5a:17:31:ce:0f:c2:a6:dd:a3:6f:
- de:ea:19:6c:d2:d2:cb:35:9d:dd:87:51:33:68:cd:c3:9b:90:
- 55:f1:80:3d:5c:b8:09:b6:e1:3c:13:a4:5d:4a:ce:a5:11:9e:
- f9:08:ee:be:e3:54:1d:06:4c:bb:1b:72:13:ee:7d:a0:45:cc:
- fe:d1:3b:02:03:c1:d4:ea:45:2d:a8:c9:97:e7:f3:8a:7a:a0:
- 2f:dd:48:3a:75:c9:42:28:94:fc:af:44:52:16:68:98:d6:ad:
- a8:65:b1:cd:ac:60:41:70:e5:44:e8:5a:f2:e7:fc:3b:fe:45:
- 89:17:1d:6d:85:c6:f0:fc:69:87:d1:1d:07:f3:cb:7b:54:8d:
- aa:a3:cc:e3:c6:fc:d6:05:76:35:d0:26:63:8e:d1:a8:b7:ff:
- 61:42:8a:2c:63:1f:d4:ec:14:47:6b:1e:e3:81:61:12:3b:8c:
- 16:b5:cf:87:6a:2d:42:21:83:9c:0e:3a:90:3a:1e:c1:36:61:
- 41:f9:fb:4e:5d:ea:f4:df:23:92:33:2b:9b:14:9f:a0:f5:d3:
- c4:f8:1f:2f:9c:11:36:af:2a:22:61:95:32:0b:c4:1c:2d:b1:
- c1:0a:2a:97:c0:43:4a:6c:3e:db:00:cd:29:15:9e:7e:41:75:
- 36:a8:56:86:8c:82:9e:46:20:e5:06:1e:60:d2:03:5f:9f:9e:
- 69:bb:bf:c2:b4:43:e2:7d:85:17:83:18:41:b0:cb:a9:04:1b:
- 18:52:9f:89:8b:76:9f:94:59:81:4f:60:5b:33:18:fc:c7:52:
- d0:d2:69:fc:0b:a2:63:32:75:43:99:e9:d7:f8:6d:c7:55:31:
- 0c:f3:ef:1a:71:e1:0a:57:e1:9d:13:b2:1e:fe:1d:ef:e4:f1:
- 51:d9:95:b3:fd:28:28:93:91:4a:29:c5:37:0e:ab:d8:85:6a:
- fe:a8:83:1f:7b:80:5d:1f:04:79:b7:a9:08:6e:0d:d6:2e:aa:
- 7c:f6:63:7d:41:de:70:13:32:ce:dd:58:cc:a6:73:d4:72:7e:
- d7:ac:74:a8:35:ba:c3:1b:2a:64:d7:5a:37:97:56:94:34:2b:
- 2a:71:60:bc:69:ab:00:85:b9:4f:67:32:17:51:c3:da:57:3a:
- 37:89:66:c4:7a:51:da:5f
------BEGIN CERTIFICATE-----
-MIIFgDCCA2igAwIBAgIBATANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQGEwJLRzEL
-MAkGA1UECBMCTkExEDAOBgNVBAcTB0JJU0hLRUsxFTATBgNVBAoTDE9wZW5WUE4t
-VEVTVDEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTE0MTAy
-MjIxNTk1MloXDTI0MTAxOTIxNTk1MlowajELMAkGA1UEBhMCS0cxCzAJBgNVBAgT
-Ak5BMRUwEwYDVQQKEwxPcGVuVlBOLVRFU1QxFDASBgNVBAMTC1Rlc3QtU2VydmVy
-MSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4wggEiMA0GCSqGSIb3
-DQEBAQUAA4IBDwAwggEKAoIBAQCluKLuzrGmD2qyn9MiF3neCZhxePqnzjZRVFfH
-MZlW0YrWxf1S5ogOe/nqJ3q/PxTsqtL/i1ZYrMpRd8U8tuSDbyIGLVvr51nUq0LI
-1amHc7NzNlEvpdCQoodkVGwS07h2R2mvro8As3C552c/jGo9eV+BJ6MOqqc9gUgQ
-sRhsOC6PenvFPSHI+aB/FyuIT7ry7G0kjmzxClzZW7Gw/EnLStJYxiolsJeEw57/
-NIwQRn8P+zxZeqYpDK6OUDryU4RALdWRewo3joJ3zmYvNHdcpUU7ABmnB9GS5ma5
-O07pY/wzmBquewh9Ct96uqpZbYaCCmQr2lmnTE7vPb0EoksxAgMBAAGjggEzMIIB
-LzAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIGQDAzBglghkgBhvhCAQ0EJhYk
-T3BlblNTTCBHZW5lcmF0ZWQgU2VydmVyIENlcnRpZmljYXRlMB0GA1UdDgQWBBSz
-nYHmFpJkxIaH9SkQG14vdPftsTCBmAYDVR0jBIGQMIGNgBQrQOXJffX0ljjpL+Mv
-2UBkyY4Fm6FqpGgwZjELMAkGA1UEBhMCS0cxCzAJBgNVBAgTAk5BMRAwDgYDVQQH
-EwdCSVNIS0VLMRUwEwYDVQQKEwxPcGVuVlBOLVRFU1QxITAfBgkqhkiG9w0BCQEW
-Em1lQG15aG9zdC5teWRvbWFpboIJAKFO3vqQ8q6BMBMGA1UdJQQMMAoGCCsGAQUF
-BwMBMAsGA1UdDwQEAwIFoDANBgkqhkiG9w0BAQsFAAOCAgEATiWAG8uwQv+7P+gN
-WMGA28/QkN/KweZB4Uh/px7HNZ+cbXw+gujefq6CFgAzDwIj8Z3+KwYWBVUWidxj
-rF8aMRN5IaNuYCjo52tUACKht2laFzHOD8Km3aNv3uoZbNLSyzWd3YdRM2jNw5uQ
-VfGAPVy4CbbhPBOkXUrOpRGe+QjuvuNUHQZMuxtyE+59oEXM/tE7AgPB1OpFLajJ
-l+fzinqgL91IOnXJQiiU/K9EUhZomNatqGWxzaxgQXDlROha8uf8O/5FiRcdbYXG
-8Pxph9EdB/PLe1SNqqPM48b81gV2NdAmY47RqLf/YUKKLGMf1OwUR2se44FhEjuM
-FrXPh2otQiGDnA46kDoewTZhQfn7Tl3q9N8jkjMrmxSfoPXTxPgfL5wRNq8qImGV
-MgvEHC2xwQoql8BDSmw+2wDNKRWefkF1NqhWhoyCnkYg5QYeYNIDX5+eabu/wrRD
-4n2FF4MYQbDLqQQbGFKfiYt2n5RZgU9gWzMY/MdS0NJp/AuiYzJ1Q5np1/htx1Ux
-DPPvGnHhClfhnROyHv4d7+TxUdmVs/0oKJORSinFNw6r2IVq/qiDH3uAXR8Eebep
-CG4N1i6qfPZjfUHecBMyzt1YzKZz1HJ+16x0qDW6wxsqZNdaN5dWlDQrKnFgvGmr
-AIW5T2cyF1HD2lc6N4lmxHpR2l8=
------END CERTIFICATE-----
diff --git a/main/openvpn/sample/sample-keys/server.key b/main/openvpn/sample/sample-keys/server.key
deleted file mode 100644
index 011df12e..00000000
--- a/main/openvpn/sample/sample-keys/server.key
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCluKLuzrGmD2qy
-n9MiF3neCZhxePqnzjZRVFfHMZlW0YrWxf1S5ogOe/nqJ3q/PxTsqtL/i1ZYrMpR
-d8U8tuSDbyIGLVvr51nUq0LI1amHc7NzNlEvpdCQoodkVGwS07h2R2mvro8As3C5
-52c/jGo9eV+BJ6MOqqc9gUgQsRhsOC6PenvFPSHI+aB/FyuIT7ry7G0kjmzxClzZ
-W7Gw/EnLStJYxiolsJeEw57/NIwQRn8P+zxZeqYpDK6OUDryU4RALdWRewo3joJ3
-zmYvNHdcpUU7ABmnB9GS5ma5O07pY/wzmBquewh9Ct96uqpZbYaCCmQr2lmnTE7v
-Pb0EoksxAgMBAAECggEAPMOMin+jR75TYxeTNObiunVOPh0b2zeTVxLT9KfND7ZZ
-cBK8pg79SEJRCnhbW5BnvbeNEkIm8PC6ZlDCM1bkRwUStq0fDUqQ95esLzOYq5/S
-5qW98viblszhU/pYfja/Zi8dI1uf96PT63Zbt0NnGQ9N42+DLDeKhtTGdchZqiQA
-LeSR0bQanY4tUUtCNYvBT8E3pzhoIsUzVwzIK53oovRpcOX3pMXVYZsmNhXdFFRy
-YkjMXpj7fGyaAJK0QsC+PsgrKuhXDzDttsG2lI/mq9+7RXB3d/pzhmBVWynVH2lw
-iQ7ONkSz7akDz/4I4WmxJep+FfQJYgK6rnLAlQqauQKBgQDammSAprnvDvNhSEp8
-W+xt7jQnFqaENbGgP0/D/OZMXc4khgexqlKFmSnBCRDmQ6JvLTWqDXC4+aqAbFQz
-zAIjiKaT+so8xvFRob+rBMJY5JLYKNa+zUUanfORUNYLFJPvFqnrWGaJ9uufdaM7
-0a5bu95PN74NXee3DBbpBv8HLwKBgQDCEk+IjNbjMT+Neq0ywUeM5rFrUKi92abe
-AgsVpjbighRV+6jA2lZFJcize+xYJ9wiOR1/TEI9PZ2OtBkqpwVdvTEHTagRLcvd
-NfGcptREDnNLoNWA22buQpztiEduutACWQsrd+JQmqbUicUdW4zw86/oCMbYCW3V
-QmYOLns7nwKBgHHUX20WZE91S4pmqFKlUzHTDdkk1ESX6Qx2q0R01j8BwawHFs6O
-0DW9EZ7w55nfsh+OPRl1sjK/3ubMgfQO0TZLm+IGf3Sya0qEnVeiPMkpDMX+TgRA
-wzEe+ou6uho+9uFSvdxMxeglaYA5M2ycvNwLsbEyZ4ZyVYxdgTiKahYFAoGAcIfP
-iD0qKQiYcj/tB94cz+3AeJqHjbYT1O1YYhBECOkmQ4kuG80+cs/q5W/45lEOiuWV
-Xgfo7Lu6jVGOujWoneci87oqtvNYH4e09oGh2WiLoBG9Wv9dWtBTUERSLzmxfXsG
-SAk2uEhEbj8IhfJc8iZLHH9iVUh6YEslBBodqL8CgYEAlAhvcqAvw5SzsfBR5Mcu
-4Nql6mXEVhHCvS4hdFCGaNF0z9A6eBORKJpdLWnqhpquDQDsghWE+Ga4QKSNFIi1
-fnAaykmZuY3ToqNOIaVlYM6HpMEz0wHQbTWfDLGcTFcElLZgMAk7VlDyiYVOco+E
-QX9lXOO1PGpLzXhlDxSe63Y=
------END PRIVATE KEY-----
diff --git a/main/openvpn/sample/sample-keys/ta.key b/main/openvpn/sample/sample-keys/ta.key
deleted file mode 100644
index 16690368..00000000
--- a/main/openvpn/sample/sample-keys/ta.key
+++ /dev/null
@@ -1,21 +0,0 @@
-#
-# 2048 bit OpenVPN static key
-#
------BEGIN OpenVPN Static key V1-----
-a863b1cbdb911ff4ef3360ce135157e7
-241a465f5045f51cf9a92ebc24da34fd
-5fc48456778c977e374d55a8a7298aef
-40d0ab0c60b5e09838510526b73473a0
-8da46a8c352572dd86d4a871700a915b
-6aaa58a9dac560db2dfdd7ef15a202e1
-fca6913d7ee79c678c5798fbf7bd920c
-caa7a64720908da7254598b052d07f55
-5e31dc5721932cffbdd8965d04107415
-46c86823da18b66aab347e4522cc05ff
-634968889209c96b1024909cd4ce574c
-f829aa9c17d5df4a66043182ee23635d
-8cabf5a7ba02345ad94a3aa25a63d55c
-e13f4ad235a0825e3fe17f9419baff1c
-e73ad1dd652f1e48c7102fe8ee181e54
-10a160ae255f63fd01db1f29e6efcb8e
------END OpenVPN Static key V1-----
diff --git a/main/openvpn/sample/sample-plugins/defer/README b/main/openvpn/sample/sample-plugins/defer/README
deleted file mode 100644
index d8990f8b..00000000
--- a/main/openvpn/sample/sample-plugins/defer/README
+++ /dev/null
@@ -1,16 +0,0 @@
-OpenVPN plugin examples.
-
-Examples provided:
-
-simple.c -- using the --auth-user-pass-verify callback,
- test deferred authentication.
-
-To build:
-
- ./build simple (Linux/BSD/etc.)
- ./winbuild simple (MinGW on Windows)
-
-To use in OpenVPN, add to config file:
-
- plugin simple.so (Linux/BSD/etc.)
- plugin simple.dll (MinGW on Windows)
diff --git a/main/openvpn/sample/sample-plugins/defer/build b/main/openvpn/sample/sample-plugins/defer/build
deleted file mode 100755
index ba41a39f..00000000
--- a/main/openvpn/sample/sample-plugins/defer/build
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/bin/sh
-
-#
-# Build an OpenVPN plugin module on *nix. The argument should
-# be the base name of the C source file (without the .c).
-#
-
-# This directory is where we will look for openvpn-plugin.h
-CPPFLAGS="${CPPFLAGS:--I../../../include}"
-
-CC="${CC:-gcc}"
-CFLAGS="${CFLAGS:--O2 -Wall -g}"
-
-$CC $CPPFLAGS $CFLAGS -fPIC -c $1.c && \
-$CC $CFLAGS -fPIC -shared ${LDFLAGS} -Wl,-soname,$1.so -o $1.so $1.o -lc
diff --git a/main/openvpn/sample/sample-plugins/defer/simple.c b/main/openvpn/sample/sample-plugins/defer/simple.c
deleted file mode 100644
index 65398657..00000000
--- a/main/openvpn/sample/sample-plugins/defer/simple.c
+++ /dev/null
@@ -1,305 +0,0 @@
-/*
- * OpenVPN -- An application to securely tunnel IP networks
- * over a single TCP/UDP port, with support for SSL/TLS-based
- * session authentication and key exchange,
- * packet encryption, packet authentication, and
- * packet compression.
- *
- * Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program (see the file COPYING included with this
- * distribution); if not, write to the Free Software Foundation, Inc.,
- * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- */
-
-/*
- * This file implements a simple OpenVPN plugin module which
- * will test deferred authentication and packet filtering.
- *
- * Will run on Windows or *nix.
- *
- * Sample usage:
- *
- * setenv test_deferred_auth 20
- * setenv test_packet_filter 10
- * plugin plugin/defer/simple.so
- *
- * This will enable deferred authentication to occur 20
- * seconds after the normal TLS authentication process,
- * and will cause a packet filter file to be generated 10
- * seconds after the initial TLS negotiation, using
- * {common-name}.pf as the source.
- *
- * Sample packet filter configuration:
- *
- * [CLIENTS DROP]
- * +otherclient
- * [SUBNETS DROP]
- * +10.0.0.0/8
- * -10.10.0.8
- * [END]
- *
- * See the README file for build instructions.
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-
-#include "openvpn-plugin.h"
-
-/* bool definitions */
-#define bool int
-#define true 1
-#define false 0
-
-/*
- * Our context, where we keep our state.
- */
-
-struct plugin_context {
- int test_deferred_auth;
- int test_packet_filter;
-};
-
-struct plugin_per_client_context {
- int n_calls;
- bool generated_pf_file;
-};
-
-/*
- * Given an environmental variable name, search
- * the envp array for its value, returning it
- * if found or NULL otherwise.
- */
-static const char *
-get_env (const char *name, const char *envp[])
-{
- if (envp)
- {
- int i;
- const int namelen = strlen (name);
- for (i = 0; envp[i]; ++i)
- {
- if (!strncmp (envp[i], name, namelen))
- {
- const char *cp = envp[i] + namelen;
- if (*cp == '=')
- return cp + 1;
- }
- }
- }
- return NULL;
-}
-
-/* used for safe printf of possible NULL strings */
-static const char *
-np (const char *str)
-{
- if (str)
- return str;
- else
- return "[NULL]";
-}
-
-static int
-atoi_null0 (const char *str)
-{
- if (str)
- return atoi (str);
- else
- return 0;
-}
-
-OPENVPN_EXPORT openvpn_plugin_handle_t
-openvpn_plugin_open_v1 (unsigned int *type_mask, const char *argv[], const char *envp[])
-{
- struct plugin_context *context;
-
- printf ("FUNC: openvpn_plugin_open_v1\n");
-
- /*
- * Allocate our context
- */
- context = (struct plugin_context *) calloc (1, sizeof (struct plugin_context));
-
- context->test_deferred_auth = atoi_null0 (get_env ("test_deferred_auth", envp));
- printf ("TEST_DEFERRED_AUTH %d\n", context->test_deferred_auth);
-
- context->test_packet_filter = atoi_null0 (get_env ("test_packet_filter", envp));
- printf ("TEST_PACKET_FILTER %d\n", context->test_packet_filter);
-
- /*
- * Which callbacks to intercept.
- */
- *type_mask =
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_UP) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_DOWN) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_ROUTE_UP) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_IPCHANGE) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_TLS_VERIFY) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_CLIENT_CONNECT_V2) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_CLIENT_DISCONNECT) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_LEARN_ADDRESS) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_TLS_FINAL) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_ENABLE_PF);
-
- return (openvpn_plugin_handle_t) context;
-}
-
-static int
-auth_user_pass_verify (struct plugin_context *context, struct plugin_per_client_context *pcc, const char *argv[], const char *envp[])
-{
- if (context->test_deferred_auth)
- {
- /* get username/password from envp string array */
- const char *username = get_env ("username", envp);
- const char *password = get_env ("password", envp);
-
- /* get auth_control_file filename from envp string array*/
- const char *auth_control_file = get_env ("auth_control_file", envp);
-
- printf ("DEFER u='%s' p='%s' acf='%s'\n",
- np(username),
- np(password),
- np(auth_control_file));
-
- /* Authenticate asynchronously in n seconds */
- if (auth_control_file)
- {
- char buf[256];
- int auth = 2;
- sscanf (username, "%d", &auth);
- snprintf (buf, sizeof(buf), "( sleep %d ; echo AUTH %s %d ; echo %d >%s ) &",
- context->test_deferred_auth,
- auth_control_file,
- auth,
- pcc->n_calls < auth,
- auth_control_file);
- printf ("%s\n", buf);
- system (buf);
- pcc->n_calls++;
- return OPENVPN_PLUGIN_FUNC_DEFERRED;
- }
- else
- return OPENVPN_PLUGIN_FUNC_ERROR;
- }
- else
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
-}
-
-static int
-tls_final (struct plugin_context *context, struct plugin_per_client_context *pcc, const char *argv[], const char *envp[])
-{
- if (context->test_packet_filter)
- {
- if (!pcc->generated_pf_file)
- {
- const char *pff = get_env ("pf_file", envp);
- const char *cn = get_env ("username", envp);
- if (pff && cn)
- {
- char buf[256];
- snprintf (buf, sizeof(buf), "( sleep %d ; echo PF %s/%s ; cp \"%s.pf\" \"%s\" ) &",
- context->test_packet_filter, cn, pff, cn, pff);
- printf ("%s\n", buf);
- system (buf);
- pcc->generated_pf_file = true;
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
- }
- else
- return OPENVPN_PLUGIN_FUNC_ERROR;
- }
- else
- return OPENVPN_PLUGIN_FUNC_ERROR;
- }
- else
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
-}
-
-OPENVPN_EXPORT int
-openvpn_plugin_func_v2 (openvpn_plugin_handle_t handle,
- const int type,
- const char *argv[],
- const char *envp[],
- void *per_client_context,
- struct openvpn_plugin_string_list **return_list)
-{
- struct plugin_context *context = (struct plugin_context *) handle;
- struct plugin_per_client_context *pcc = (struct plugin_per_client_context *) per_client_context;
- switch (type)
- {
- case OPENVPN_PLUGIN_UP:
- printf ("OPENVPN_PLUGIN_UP\n");
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
- case OPENVPN_PLUGIN_DOWN:
- printf ("OPENVPN_PLUGIN_DOWN\n");
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
- case OPENVPN_PLUGIN_ROUTE_UP:
- printf ("OPENVPN_PLUGIN_ROUTE_UP\n");
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
- case OPENVPN_PLUGIN_IPCHANGE:
- printf ("OPENVPN_PLUGIN_IPCHANGE\n");
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
- case OPENVPN_PLUGIN_TLS_VERIFY:
- printf ("OPENVPN_PLUGIN_TLS_VERIFY\n");
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
- case OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY:
- printf ("OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY\n");
- return auth_user_pass_verify (context, pcc, argv, envp);
- case OPENVPN_PLUGIN_CLIENT_CONNECT_V2:
- printf ("OPENVPN_PLUGIN_CLIENT_CONNECT_V2\n");
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
- case OPENVPN_PLUGIN_CLIENT_DISCONNECT:
- printf ("OPENVPN_PLUGIN_CLIENT_DISCONNECT\n");
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
- case OPENVPN_PLUGIN_LEARN_ADDRESS:
- printf ("OPENVPN_PLUGIN_LEARN_ADDRESS\n");
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
- case OPENVPN_PLUGIN_TLS_FINAL:
- printf ("OPENVPN_PLUGIN_TLS_FINAL\n");
- return tls_final (context, pcc, argv, envp);
- case OPENVPN_PLUGIN_ENABLE_PF:
- printf ("OPENVPN_PLUGIN_ENABLE_PF\n");
- if (context->test_packet_filter)
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
- else
- return OPENVPN_PLUGIN_FUNC_ERROR;
- default:
- printf ("OPENVPN_PLUGIN_?\n");
- return OPENVPN_PLUGIN_FUNC_ERROR;
- }
-}
-
-OPENVPN_EXPORT void *
-openvpn_plugin_client_constructor_v1 (openvpn_plugin_handle_t handle)
-{
- printf ("FUNC: openvpn_plugin_client_constructor_v1\n");
- return calloc (1, sizeof (struct plugin_per_client_context));
-}
-
-OPENVPN_EXPORT void
-openvpn_plugin_client_destructor_v1 (openvpn_plugin_handle_t handle, void *per_client_context)
-{
- printf ("FUNC: openvpn_plugin_client_destructor_v1\n");
- free (per_client_context);
-}
-
-OPENVPN_EXPORT void
-openvpn_plugin_close_v1 (openvpn_plugin_handle_t handle)
-{
- struct plugin_context *context = (struct plugin_context *) handle;
- printf ("FUNC: openvpn_plugin_close_v1\n");
- free (context);
-}
diff --git a/main/openvpn/sample/sample-plugins/defer/simple.def b/main/openvpn/sample/sample-plugins/defer/simple.def
deleted file mode 100755
index a87507d1..00000000
--- a/main/openvpn/sample/sample-plugins/defer/simple.def
+++ /dev/null
@@ -1,6 +0,0 @@
-LIBRARY OpenVPN_PLUGIN_SAMPLE
-DESCRIPTION "Sample OpenVPN plug-in module."
-EXPORTS
- openvpn_plugin_open_v1 @1
- openvpn_plugin_func_v1 @2
- openvpn_plugin_close_v1 @3
diff --git a/main/openvpn/sample/sample-plugins/defer/winbuild b/main/openvpn/sample/sample-plugins/defer/winbuild
deleted file mode 100755
index 82927d96..00000000
--- a/main/openvpn/sample/sample-plugins/defer/winbuild
+++ /dev/null
@@ -1,18 +0,0 @@
-#
-# Build an OpenVPN plugin module on Windows/MinGW.
-# The argument should be the base name of the C source file
-# (without the .c).
-#
-
-# This directory is where we will look for openvpn-plugin.h
-INCLUDE="-I../../../build"
-
-CC_FLAGS="-O2 -Wall"
-
-gcc -DBUILD_DLL $CC_FLAGS $INCLUDE -c $1.c
-gcc --disable-stdcall-fixup -mdll -DBUILD_DLL -o junk.tmp -Wl,--base-file,base.tmp $1.o
-rm junk.tmp
-dlltool --dllname $1.dll --base-file base.tmp --output-exp temp.exp --input-def $1.def
-rm base.tmp
-gcc --enable-stdcall-fixup -mdll -DBUILD_DLL -o $1.dll $1.o -Wl,temp.exp
-rm temp.exp
diff --git a/main/openvpn/sample/sample-plugins/log/build b/main/openvpn/sample/sample-plugins/log/build
deleted file mode 100755
index c07ec408..00000000
--- a/main/openvpn/sample/sample-plugins/log/build
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/bin/sh
-
-#
-# Build an OpenVPN plugin module on *nix. The argument should
-# be the base name of the C source file (without the .c).
-#
-
-# This directory is where we will look for openvpn-plugin.h
-CPPFLAGS="${CPPFLAGS:--I../../../include}"
-
-CC="${CC:-gcc}"
-CFLAGS="${CFLAGS:--O2 -Wall -g}"
-
-$CC $CPPFLAGS $CFLAGS -fPIC -c $1.c && \
-$CC $CFLAGS -fPIC -shared $LDFLAGS -Wl,-soname,$1.so -o $1.so $1.o -lc
diff --git a/main/openvpn/sample/sample-plugins/log/log.c b/main/openvpn/sample/sample-plugins/log/log.c
deleted file mode 100644
index 1cc4650e..00000000
--- a/main/openvpn/sample/sample-plugins/log/log.c
+++ /dev/null
@@ -1,184 +0,0 @@
-/*
- * OpenVPN -- An application to securely tunnel IP networks
- * over a single TCP/UDP port, with support for SSL/TLS-based
- * session authentication and key exchange,
- * packet encryption, packet authentication, and
- * packet compression.
- *
- * Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program (see the file COPYING included with this
- * distribution); if not, write to the Free Software Foundation, Inc.,
- * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- */
-
-/*
- * This plugin is similar to simple.c, except it also logs extra information
- * to stdout for every plugin method called by OpenVPN.
- *
- * See the README file for build instructions.
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-
-#include "openvpn-plugin.h"
-
-/*
- * Our context, where we keep our state.
- */
-struct plugin_context {
- const char *username;
- const char *password;
-};
-
-/*
- * Given an environmental variable name, search
- * the envp array for its value, returning it
- * if found or NULL otherwise.
- */
-static const char *
-get_env (const char *name, const char *envp[])
-{
- if (envp)
- {
- int i;
- const int namelen = strlen (name);
- for (i = 0; envp[i]; ++i)
- {
- if (!strncmp (envp[i], name, namelen))
- {
- const char *cp = envp[i] + namelen;
- if (*cp == '=')
- return cp + 1;
- }
- }
- }
- return NULL;
-}
-
-OPENVPN_EXPORT openvpn_plugin_handle_t
-openvpn_plugin_open_v1 (unsigned int *type_mask, const char *argv[], const char *envp[])
-{
- struct plugin_context *context;
-
- /*
- * Allocate our context
- */
- context = (struct plugin_context *) calloc (1, sizeof (struct plugin_context));
-
- /*
- * Set the username/password we will require.
- */
- context->username = "foo";
- context->password = "bar";
-
- /*
- * Which callbacks to intercept.
- */
- *type_mask =
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_UP) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_DOWN) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_ROUTE_UP) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_IPCHANGE) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_TLS_VERIFY) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_CLIENT_CONNECT_V2) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_CLIENT_DISCONNECT) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_LEARN_ADDRESS) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_TLS_FINAL);
-
- return (openvpn_plugin_handle_t) context;
-}
-
-void
-show (const int type, const char *argv[], const char *envp[])
-{
- size_t i;
- switch (type)
- {
- case OPENVPN_PLUGIN_UP:
- printf ("OPENVPN_PLUGIN_UP\n");
- break;
- case OPENVPN_PLUGIN_DOWN:
- printf ("OPENVPN_PLUGIN_DOWN\n");
- break;
- case OPENVPN_PLUGIN_ROUTE_UP:
- printf ("OPENVPN_PLUGIN_ROUTE_UP\n");
- break;
- case OPENVPN_PLUGIN_IPCHANGE:
- printf ("OPENVPN_PLUGIN_IPCHANGE\n");
- break;
- case OPENVPN_PLUGIN_TLS_VERIFY:
- printf ("OPENVPN_PLUGIN_TLS_VERIFY\n");
- break;
- case OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY:
- printf ("OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY\n");
- break;
- case OPENVPN_PLUGIN_CLIENT_CONNECT_V2:
- printf ("OPENVPN_PLUGIN_CLIENT_CONNECT_V2\n");
- break;
- case OPENVPN_PLUGIN_CLIENT_DISCONNECT:
- printf ("OPENVPN_PLUGIN_CLIENT_DISCONNECT\n");
- break;
- case OPENVPN_PLUGIN_LEARN_ADDRESS:
- printf ("OPENVPN_PLUGIN_LEARN_ADDRESS\n");
- break;
- case OPENVPN_PLUGIN_TLS_FINAL:
- printf ("OPENVPN_PLUGIN_TLS_FINAL\n");
- break;
- default:
- printf ("OPENVPN_PLUGIN_?\n");
- break;
- }
-
- printf ("ARGV\n");
- for (i = 0; argv[i] != NULL; ++i)
- printf ("%d '%s'\n", (int)i, argv[i]);
-
- printf ("ENVP\n");
- for (i = 0; envp[i] != NULL; ++i)
- printf ("%d '%s'\n", (int)i, envp[i]);
-}
-
-OPENVPN_EXPORT int
-openvpn_plugin_func_v1 (openvpn_plugin_handle_t handle, const int type, const char *argv[], const char *envp[])
-{
- struct plugin_context *context = (struct plugin_context *) handle;
-
- show (type, argv, envp);
-
- /* check entered username/password against what we require */
- if (type == OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY)
- {
- /* get username/password from envp string array */
- const char *username = get_env ("username", envp);
- const char *password = get_env ("password", envp);
-
- if (username && !strcmp (username, context->username)
- && password && !strcmp (password, context->password))
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
- else
- return OPENVPN_PLUGIN_FUNC_ERROR;
- }
- else
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
-}
-
-OPENVPN_EXPORT void
-openvpn_plugin_close_v1 (openvpn_plugin_handle_t handle)
-{
- struct plugin_context *context = (struct plugin_context *) handle;
- free (context);
-}
diff --git a/main/openvpn/sample/sample-plugins/log/log_v3.c b/main/openvpn/sample/sample-plugins/log/log_v3.c
deleted file mode 100644
index bf1a15c8..00000000
--- a/main/openvpn/sample/sample-plugins/log/log_v3.c
+++ /dev/null
@@ -1,252 +0,0 @@
-/*
- * OpenVPN -- An application to securely tunnel IP networks
- * over a single TCP/UDP port, with support for SSL/TLS-based
- * session authentication and key exchange,
- * packet encryption, packet authentication, and
- * packet compression.
- *
- * Copyright (C) 2002-2009 OpenVPN Technologies, Inc. <sales@openvpn.net>
- * Copyright (C) 2010 David Sommerseth <dazo@users.sourceforge.net>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program (see the file COPYING included with this
- * distribution); if not, write to the Free Software Foundation, Inc.,
- * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- */
-
-/*
- * This plugin is similar to simple.c, except it also logs extra information
- * to stdout for every plugin method called by OpenVPN. The only difference
- * between this (log_v3.c) and log.c is that this module uses the v3 plug-in
- * API.
- *
- * See the README file for build instructions.
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-
-#define ENABLE_CRYPTO
-
-#include "openvpn-plugin.h"
-
-/*
- * Our context, where we keep our state.
- */
-struct plugin_context {
- const char *username;
- const char *password;
-};
-
-/*
- * Given an environmental variable name, search
- * the envp array for its value, returning it
- * if found or NULL otherwise.
- */
-static const char *
-get_env (const char *name, const char *envp[])
-{
- if (envp)
- {
- int i;
- const int namelen = strlen (name);
- for (i = 0; envp[i]; ++i)
- {
- if (!strncmp (envp[i], name, namelen))
- {
- const char *cp = envp[i] + namelen;
- if (*cp == '=')
- return cp + 1;
- }
- }
- }
- return NULL;
-}
-
-OPENVPN_EXPORT int
-openvpn_plugin_open_v3 (const int v3structver,
- struct openvpn_plugin_args_open_in const *args,
- struct openvpn_plugin_args_open_return *ret)
-{
- struct plugin_context *context = NULL;
-
- /* Check that we are API compatible */
- if( v3structver != OPENVPN_PLUGINv3_STRUCTVER ) {
- return OPENVPN_PLUGIN_FUNC_ERROR;
- }
-
- if( args->ssl_api != SSLAPI_OPENSSL ) {
- printf("This plug-in can only be used against OpenVPN with OpenSSL\n");
- return OPENVPN_PLUGIN_FUNC_ERROR;
- }
-
- /* Which callbacks to intercept. */
- ret->type_mask =
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_UP) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_DOWN) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_ROUTE_UP) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_IPCHANGE) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_TLS_VERIFY) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_CLIENT_CONNECT_V2) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_CLIENT_DISCONNECT) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_LEARN_ADDRESS) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_TLS_FINAL);
-
-
- /* Allocate our context */
- context = (struct plugin_context *) calloc (1, sizeof (struct plugin_context));
-
- /* Set the username/password we will require. */
- context->username = "foo";
- context->password = "bar";
-
- /* Point the global context handle to our newly created context */
- ret->handle = (void *) context;
-
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
-}
-
-void
-show (const int type, const char *argv[], const char *envp[])
-{
- size_t i;
- switch (type)
- {
- case OPENVPN_PLUGIN_UP:
- printf ("OPENVPN_PLUGIN_UP\n");
- break;
- case OPENVPN_PLUGIN_DOWN:
- printf ("OPENVPN_PLUGIN_DOWN\n");
- break;
- case OPENVPN_PLUGIN_ROUTE_UP:
- printf ("OPENVPN_PLUGIN_ROUTE_UP\n");
- break;
- case OPENVPN_PLUGIN_IPCHANGE:
- printf ("OPENVPN_PLUGIN_IPCHANGE\n");
- break;
- case OPENVPN_PLUGIN_TLS_VERIFY:
- printf ("OPENVPN_PLUGIN_TLS_VERIFY\n");
- break;
- case OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY:
- printf ("OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY\n");
- break;
- case OPENVPN_PLUGIN_CLIENT_CONNECT_V2:
- printf ("OPENVPN_PLUGIN_CLIENT_CONNECT_V2\n");
- break;
- case OPENVPN_PLUGIN_CLIENT_DISCONNECT:
- printf ("OPENVPN_PLUGIN_CLIENT_DISCONNECT\n");
- break;
- case OPENVPN_PLUGIN_LEARN_ADDRESS:
- printf ("OPENVPN_PLUGIN_LEARN_ADDRESS\n");
- break;
- case OPENVPN_PLUGIN_TLS_FINAL:
- printf ("OPENVPN_PLUGIN_TLS_FINAL\n");
- break;
- default:
- printf ("OPENVPN_PLUGIN_?\n");
- break;
- }
-
- printf ("ARGV\n");
- for (i = 0; argv[i] != NULL; ++i)
- printf ("%d '%s'\n", (int)i, argv[i]);
-
- printf ("ENVP\n");
- for (i = 0; envp[i] != NULL; ++i)
- printf ("%d '%s'\n", (int)i, envp[i]);
-}
-
-static void
-x509_print_info (X509 *x509crt)
-{
- int i, n;
- int fn_nid;
- ASN1_OBJECT *fn;
- ASN1_STRING *val;
- X509_NAME *x509_name;
- X509_NAME_ENTRY *ent;
- const char *objbuf;
- unsigned char *buf;
-
- x509_name = X509_get_subject_name (x509crt);
- n = X509_NAME_entry_count (x509_name);
- for (i = 0; i < n; ++i)
- {
- ent = X509_NAME_get_entry (x509_name, i);
- if (!ent)
- continue;
- fn = X509_NAME_ENTRY_get_object (ent);
- if (!fn)
- continue;
- val = X509_NAME_ENTRY_get_data (ent);
- if (!val)
- continue;
- fn_nid = OBJ_obj2nid (fn);
- if (fn_nid == NID_undef)
- continue;
- objbuf = OBJ_nid2sn (fn_nid);
- if (!objbuf)
- continue;
- buf = (unsigned char *)1; /* bug in OpenSSL 0.9.6b ASN1_STRING_to_UTF8 requires this workaround */
- if (ASN1_STRING_to_UTF8 (&buf, val) <= 0)
- continue;
-
- printf("X509 %s: %s\n", objbuf, (char *)buf);
- OPENSSL_free (buf);
- }
-}
-
-
-
-OPENVPN_EXPORT int
-openvpn_plugin_func_v3 (const int version,
- struct openvpn_plugin_args_func_in const *args,
- struct openvpn_plugin_args_func_return *retptr)
-{
- struct plugin_context *context = (struct plugin_context *) args->handle;
-
- printf("\nopenvpn_plugin_func_v3() :::::>> ");
- show (args->type, args->argv, args->envp);
-
- /* Dump some X509 information if we're in the TLS_VERIFY phase */
- if ((args->type == OPENVPN_PLUGIN_TLS_VERIFY) && args->current_cert ) {
- printf("---- X509 Subject information ----\n");
- printf("Certificate depth: %i\n", args->current_cert_depth);
- x509_print_info(args->current_cert);
- printf("----------------------------------\n");
- }
-
- /* check entered username/password against what we require */
- if (args->type == OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY)
- {
- /* get username/password from envp string array */
- const char *username = get_env ("username", args->envp);
- const char *password = get_env ("password", args->envp);
-
- if (username && !strcmp (username, context->username)
- && password && !strcmp (password, context->password))
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
- else
- return OPENVPN_PLUGIN_FUNC_ERROR;
- }
- else
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
-}
-
-OPENVPN_EXPORT void
-openvpn_plugin_close_v1 (openvpn_plugin_handle_t handle)
-{
- struct plugin_context *context = (struct plugin_context *) handle;
- free (context);
-}
diff --git a/main/openvpn/sample/sample-plugins/log/winbuild b/main/openvpn/sample/sample-plugins/log/winbuild
deleted file mode 100755
index decf05f8..00000000
--- a/main/openvpn/sample/sample-plugins/log/winbuild
+++ /dev/null
@@ -1,18 +0,0 @@
-#
-# Build an OpenVPN plugin module on Windows/MinGW.
-# The argument should be the base name of the C source file
-# (without the .c).
-#
-
-# This directory is where we will look for openvpn-plugin.h
-INCLUDE="-I../../../include"
-
-CC_FLAGS="-O2 -Wall"
-
-gcc -DBUILD_DLL $CC_FLAGS $INCLUDE -c $1.c
-gcc --disable-stdcall-fixup -mdll -DBUILD_DLL -o junk.tmp -Wl,--base-file,base.tmp $1.o
-rm junk.tmp
-dlltool --dllname $1.dll --base-file base.tmp --output-exp temp.exp --input-def $1.def
-rm base.tmp
-gcc --enable-stdcall-fixup -mdll -DBUILD_DLL -o $1.dll $1.o -Wl,temp.exp
-rm temp.exp
diff --git a/main/openvpn/sample/sample-plugins/simple/README b/main/openvpn/sample/sample-plugins/simple/README
deleted file mode 100644
index 4400cd30..00000000
--- a/main/openvpn/sample/sample-plugins/simple/README
+++ /dev/null
@@ -1,16 +0,0 @@
-OpenVPN plugin examples.
-
-Examples provided:
-
-simple.c -- using the --auth-user-pass-verify callback, verify
- that the username/password is "foo"/"bar".
-
-To build:
-
- ./build simple (Linux/BSD/etc.)
- ./winbuild simple (MinGW on Windows)
-
-To use in OpenVPN, add to config file:
-
- plugin simple.so (Linux/BSD/etc.)
- plugin simple.dll (MinGW on Windows)
diff --git a/main/openvpn/sample/sample-plugins/simple/build b/main/openvpn/sample/sample-plugins/simple/build
deleted file mode 100755
index bbb05f7c..00000000
--- a/main/openvpn/sample/sample-plugins/simple/build
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/bin/sh
-
-#
-# Build an OpenVPN plugin module on *nix. The argument should
-# be the base name of the C source file (without the .c).
-#
-
-# This directory is where we will look for openvpn-plugin.h
-CPPFLAGS="${CPPFLAGS:--I../../..}"
-
-CC="${CC:-gcc}"
-CFLAGS="${CFLAGS:--O2 -Wall -g}"
-
-$CC $CPPFLAGS $CFLAGS -fPIC -c $1.c && \
-$CC $CFLAGS -fPIC -shared $LDFLAGS -Wl,-soname,$1.so -o $1.so $1.o -lc
diff --git a/main/openvpn/sample/sample-plugins/simple/simple.c b/main/openvpn/sample/sample-plugins/simple/simple.c
deleted file mode 100644
index f26d89f6..00000000
--- a/main/openvpn/sample/sample-plugins/simple/simple.c
+++ /dev/null
@@ -1,120 +0,0 @@
-/*
- * OpenVPN -- An application to securely tunnel IP networks
- * over a single TCP/UDP port, with support for SSL/TLS-based
- * session authentication and key exchange,
- * packet encryption, packet authentication, and
- * packet compression.
- *
- * Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program (see the file COPYING included with this
- * distribution); if not, write to the Free Software Foundation, Inc.,
- * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- */
-
-/*
- * This file implements a simple OpenVPN plugin module which
- * will examine the username/password provided by a client,
- * and make an accept/deny determination. Will run
- * on Windows or *nix.
- *
- * See the README file for build instructions.
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-
-#include "openvpn-plugin.h"
-
-/*
- * Our context, where we keep our state.
- */
-struct plugin_context {
- const char *username;
- const char *password;
-};
-
-/*
- * Given an environmental variable name, search
- * the envp array for its value, returning it
- * if found or NULL otherwise.
- */
-static const char *
-get_env (const char *name, const char *envp[])
-{
- if (envp)
- {
- int i;
- const int namelen = strlen (name);
- for (i = 0; envp[i]; ++i)
- {
- if (!strncmp (envp[i], name, namelen))
- {
- const char *cp = envp[i] + namelen;
- if (*cp == '=')
- return cp + 1;
- }
- }
- }
- return NULL;
-}
-
-OPENVPN_EXPORT openvpn_plugin_handle_t
-openvpn_plugin_open_v1 (unsigned int *type_mask, const char *argv[], const char *envp[])
-{
- struct plugin_context *context;
-
- /*
- * Allocate our context
- */
- context = (struct plugin_context *) calloc (1, sizeof (struct plugin_context));
-
- /*
- * Set the username/password we will require.
- */
- context->username = "foo";
- context->password = "bar";
-
- /*
- * We are only interested in intercepting the
- * --auth-user-pass-verify callback.
- */
- *type_mask = OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY);
-
- return (openvpn_plugin_handle_t) context;
-}
-
-OPENVPN_EXPORT int
-openvpn_plugin_func_v1 (openvpn_plugin_handle_t handle, const int type, const char *argv[], const char *envp[])
-{
- struct plugin_context *context = (struct plugin_context *) handle;
-
- /* get username/password from envp string array */
- const char *username = get_env ("username", envp);
- const char *password = get_env ("password", envp);
-
- /* check entered username/password against what we require */
- if (username && !strcmp (username, context->username)
- && password && !strcmp (password, context->password))
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
- else
- return OPENVPN_PLUGIN_FUNC_ERROR;
-}
-
-OPENVPN_EXPORT void
-openvpn_plugin_close_v1 (openvpn_plugin_handle_t handle)
-{
- struct plugin_context *context = (struct plugin_context *) handle;
- free (context);
-}
diff --git a/main/openvpn/sample/sample-plugins/simple/simple.def b/main/openvpn/sample/sample-plugins/simple/simple.def
deleted file mode 100755
index a87507d1..00000000
--- a/main/openvpn/sample/sample-plugins/simple/simple.def
+++ /dev/null
@@ -1,6 +0,0 @@
-LIBRARY OpenVPN_PLUGIN_SAMPLE
-DESCRIPTION "Sample OpenVPN plug-in module."
-EXPORTS
- openvpn_plugin_open_v1 @1
- openvpn_plugin_func_v1 @2
- openvpn_plugin_close_v1 @3
diff --git a/main/openvpn/sample/sample-plugins/simple/winbuild b/main/openvpn/sample/sample-plugins/simple/winbuild
deleted file mode 100755
index decf05f8..00000000
--- a/main/openvpn/sample/sample-plugins/simple/winbuild
+++ /dev/null
@@ -1,18 +0,0 @@
-#
-# Build an OpenVPN plugin module on Windows/MinGW.
-# The argument should be the base name of the C source file
-# (without the .c).
-#
-
-# This directory is where we will look for openvpn-plugin.h
-INCLUDE="-I../../../include"
-
-CC_FLAGS="-O2 -Wall"
-
-gcc -DBUILD_DLL $CC_FLAGS $INCLUDE -c $1.c
-gcc --disable-stdcall-fixup -mdll -DBUILD_DLL -o junk.tmp -Wl,--base-file,base.tmp $1.o
-rm junk.tmp
-dlltool --dllname $1.dll --base-file base.tmp --output-exp temp.exp --input-def $1.def
-rm base.tmp
-gcc --enable-stdcall-fixup -mdll -DBUILD_DLL -o $1.dll $1.o -Wl,temp.exp
-rm temp.exp
diff --git a/main/openvpn/sample/sample-scripts/auth-pam.pl b/main/openvpn/sample/sample-scripts/auth-pam.pl
deleted file mode 100755
index 5333badc..00000000
--- a/main/openvpn/sample/sample-scripts/auth-pam.pl
+++ /dev/null
@@ -1,97 +0,0 @@
-#!/usr/bin/perl -t
-
-# OpenVPN PAM AUTHENTICATON
-# This script can be used to add PAM-based authentication
-# to OpenVPN 2.0. The OpenVPN client must provide
-# a username/password, using the --auth-user-pass directive.
-# The OpenVPN server should specify --auth-user-pass-verify
-# with this script as the argument and the 'via-file' method
-# specified. The server can also optionally specify
-# --client-cert-not-required and/or --username-as-common-name.
-
-# SCRIPT OPERATION
-# Return success or failure status based on whether or not a
-# given username/password authenticates using PAM.
-# Caller should write username/password as two lines in a file
-# which is passed to this script as a command line argument.
-
-# CAVEATS
-# * Requires Authen::PAM module, which may also
-# require the pam-devel package.
-# * May need to be run as root in order to
-# access username/password file.
-
-# NOTES
-# * This script is provided mostly as a demonstration of the
-# --auth-user-pass-verify script capability in OpenVPN.
-# For real world usage, see the auth-pam module in the plugin
-# folder.
-
-use Authen::PAM;
-use POSIX;
-
-# This "conversation function" will pass
-# $password to PAM when it asks for it.
-
-sub my_conv_func {
- my @res;
- while ( @_ ) {
- my $code = shift;
- my $msg = shift;
- my $ans = "";
-
- $ans = $password if $msg =~ /[Pp]assword/;
-
- push @res, (PAM_SUCCESS(),$ans);
- }
- push @res, PAM_SUCCESS();
- return @res;
-}
-
-# Identify service type to PAM
-$service = "login";
-
-# Get username/password from file
-
-if ($ARG = shift @ARGV) {
- if (!open (UPFILE, "<$ARG")) {
- print "Could not open username/password file: $ARG\n";
- exit 1;
- }
-} else {
- print "No username/password file specified on command line\n";
- exit 1;
-}
-
-$username = <UPFILE>;
-$password = <UPFILE>;
-
-if (!$username || !$password) {
- print "Username/password not found in file: $ARG\n";
- exit 1;
-}
-
-chomp $username;
-chomp $password;
-
-close (UPFILE);
-
-# Initialize PAM object
-
-if (!ref($pamh = new Authen::PAM($service, $username, \&my_conv_func))) {
- print "Authen::PAM init failed\n";
- exit 1;
-}
-
-# Authenticate with PAM
-
-$res = $pamh->pam_authenticate;
-
-# Return success or failure
-
-if ($res == PAM_SUCCESS()) {
- exit 0;
-} else {
- print "Auth '$username' failed, PAM said: ", $pamh->pam_strerror($res), "\n";
- exit 1;
-}
diff --git a/main/openvpn/sample/sample-scripts/bridge-start b/main/openvpn/sample/sample-scripts/bridge-start
deleted file mode 100755
index d20a2603..00000000
--- a/main/openvpn/sample/sample-scripts/bridge-start
+++ /dev/null
@@ -1,39 +0,0 @@
-#!/bin/sh
-
-#################################
-# Set up Ethernet bridge on Linux
-# Requires: bridge-utils
-#################################
-
-# Define Bridge Interface
-br="br0"
-
-# Define list of TAP interfaces to be bridged,
-# for example tap="tap0 tap1 tap2".
-tap="tap0"
-
-# Define physical ethernet interface to be bridged
-# with TAP interface(s) above.
-eth="eth0"
-eth_ip="192.168.8.4"
-eth_netmask="255.255.255.0"
-eth_broadcast="192.168.8.255"
-
-for t in $tap; do
- openvpn --mktun --dev $t
-done
-
-brctl addbr $br
-brctl addif $br $eth
-
-for t in $tap; do
- brctl addif $br $t
-done
-
-for t in $tap; do
- ifconfig $t 0.0.0.0 promisc up
-done
-
-ifconfig $eth 0.0.0.0 promisc up
-
-ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast
diff --git a/main/openvpn/sample/sample-scripts/bridge-stop b/main/openvpn/sample/sample-scripts/bridge-stop
deleted file mode 100755
index 81927794..00000000
--- a/main/openvpn/sample/sample-scripts/bridge-stop
+++ /dev/null
@@ -1,18 +0,0 @@
-#!/bin/sh
-
-####################################
-# Tear Down Ethernet bridge on Linux
-####################################
-
-# Define Bridge Interface
-br="br0"
-
-# Define list of TAP interfaces to be bridged together
-tap="tap0"
-
-ifconfig $br down
-brctl delbr $br
-
-for t in $tap; do
- openvpn --rmtun --dev $t
-done
diff --git a/main/openvpn/sample/sample-scripts/ucn.pl b/main/openvpn/sample/sample-scripts/ucn.pl
deleted file mode 100755
index 6d708f82..00000000
--- a/main/openvpn/sample/sample-scripts/ucn.pl
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/usr/bin/perl -t
-
-# OpenVPN --auth-user-pass-verify script.
-# Only authenticate if username equals common_name.
-# In OpenVPN config file:
-# auth-user-pass-verify ./ucn.pl via-env
-
-$username = $ENV{'username'};
-$common_name = $ENV{'common_name'};
-
-exit !(length($username) > 0 && length($common_name) > 0 && $username eq $common_name);
diff --git a/main/openvpn/sample/sample-scripts/verify-cn b/main/openvpn/sample/sample-scripts/verify-cn
deleted file mode 100755
index 6e747ef1..00000000
--- a/main/openvpn/sample/sample-scripts/verify-cn
+++ /dev/null
@@ -1,64 +0,0 @@
-#!/usr/bin/perl
-
-# verify-cn -- a sample OpenVPN tls-verify script
-#
-# Return 0 if cn matches the common name component of
-# subject, 1 otherwise.
-#
-# For example in OpenVPN, you could use the directive:
-#
-# tls-verify "./verify-cn /etc/openvpn/allowed_clients"
-#
-# This would cause the connection to be dropped unless
-# the client common name is listed on a line in the
-# allowed_clients file.
-
-die "usage: verify-cn cnfile certificate_depth subject" if (@ARGV != 3);
-
-# Parse out arguments:
-# cnfile -- The file containing the list of common names, one per
-# line, which the client is required to have,
-# taken from the argument to the tls-verify directive
-# in the OpenVPN config file.
-# The file can have blank lines and comment lines that begin
-# with the # character.
-# depth -- The current certificate chain depth. In a typical
-# bi-level chain, the root certificate will be at level
-# 1 and the client certificate will be at level 0.
-# This script will be called separately for each level.
-# x509 -- the X509 subject string as extracted by OpenVPN from
-# the client's provided certificate.
-($cnfile, $depth, $x509) = @ARGV;
-
-if ($depth == 0) {
- # If depth is zero, we know that this is the final
- # certificate in the chain (i.e. the client certificate),
- # and the one we are interested in examining.
- # If so, parse out the common name substring in
- # the X509 subject string.
-
- if ($x509 =~ / CN=([^,]+)/) {
- $cn = $1;
- # Accept the connection if the X509 common name
- # string matches the passed cn argument.
- open(FH, '<', $cnfile) or exit 1; # can't open, nobody authenticates!
- while (defined($line = <FH>)) {
- if ($line !~ /^[[:space:]]*(#|$)/o) {
- chop($line);
- if ($line eq $cn) {
- exit 0;
- }
- }
- }
- close(FH);
- }
-
- # Authentication failed -- Either we could not parse
- # the X509 subject string, or the common name in the
- # subject string didn't match the passed cn argument.
- exit 1;
-}
-
-# If depth is nonzero, tell OpenVPN to continue processing
-# the certificate chain.
-exit 0;
diff --git a/main/openvpn/sample/sample-windows/sample.ovpn b/main/openvpn/sample/sample-windows/sample.ovpn
deleted file mode 100755
index 5accd573..00000000
--- a/main/openvpn/sample/sample-windows/sample.ovpn
+++ /dev/null
@@ -1,103 +0,0 @@
-# Edit this file, and save to a .ovpn extension
-# so that OpenVPN will activate it when run
-# as a service.
-
-# Change 'myremote' to be your remote host,
-# or comment out to enter a listening
-# server mode.
-remote myremote
-
-# Uncomment this line to use a different
-# port number than the default of 1194.
-; port 1194
-
-# Choose one of three protocols supported by
-# OpenVPN. If left commented out, defaults
-# to udp.
-; proto [tcp-server | tcp-client | udp]
-
-# You must specify one of two possible network
-# protocols, 'dev tap' or 'dev tun' to be used
-# on both sides of the connection. 'tap' creates
-# a VPN using the ethernet protocol while 'tun'
-# uses the IP protocol. You must use 'tap'
-# if you are ethernet bridging or want to route
-# broadcasts. 'tun' is somewhat more efficient
-# but requires configuration of client software
-# to not depend on broadcasts. Some platforms
-# such as Solaris, OpenBSD, and Mac OS X only
-# support 'tun' interfaces, so if you are
-# connecting to such a platform, you must also
-# use a 'tun' interface on the Windows side.
-
-# Enable 'dev tap' or 'dev tun' but not both!
-dev tap
-
-# This is a 'dev tap' ifconfig that creates
-# a virtual ethernet subnet.
-# 10.3.0.1 is the local VPN IP address
-# and 255.255.255.0 is the VPN subnet.
-# Only define this option for 'dev tap'.
-ifconfig 10.3.0.1 255.255.255.0
-
-# This is a 'dev tun' ifconfig that creates
-# a point-to-point IP link.
-# 10.3.0.1 is the local VPN IP address and
-# 10.3.0.2 is the remote VPN IP address.
-# Only define this option for 'dev tun'.
-# Make sure to include the "tun-mtu" option
-# on the remote machine, but swap the order
-# of the ifconfig addresses.
-;tun-mtu 1500
-;ifconfig 10.3.0.1 10.3.0.2
-
-# If you have fragmentation issues or misconfigured
-# routers in the path which block Path MTU discovery,
-# lower the TCP MSS and internally fragment non-TCP
-# protocols.
-;fragment 1300
-;mssfix
-
-# If you have set up more than one TAP-Win32 adapter
-# on your system, you must refer to it by name.
-;dev-node my-tap
-
-# You can generate a static OpenVPN key
-# by selecting the Generate Key option
-# in the start menu.
-#
-# You can also generate key.txt manually
-# with the following command:
-# openvpn --genkey --secret key.txt
-#
-# key must match on both ends of the connection,
-# so you should generate it on one machine and
-# copy it to the other over a secure medium.
-# Place key.txt in the same directory as this
-# config file.
-secret key.txt
-
-# Uncomment this section for a more reliable
-# detection when a system loses its connection.
-# For example, dial-ups or laptops that travel
-# to other locations.
-#
-# If this section is enabled and "myremote"
-# above is a dynamic DNS name (i.e. dyndns.org),
-# OpenVPN will dynamically "follow" the IP
-# address of "myremote" if it changes.
-; ping-restart 60
-; ping-timer-rem
-; persist-tun
-; persist-key
-; resolv-retry 86400
-
-# keep-alive ping
-ping 10
-
-# enable LZO compression
-comp-lzo
-
-# moderate verbosity
-verb 4
-mute 10