diff options
Diffstat (limited to 'main/openvpn/sample')
56 files changed, 0 insertions, 3196 deletions
diff --git a/main/openvpn b/main/openvpn new file mode 160000 +Subproject 7aaf01766f9718375986600216607aeb6397200 diff --git a/main/openvpn/sample/Makefile.am b/main/openvpn/sample/Makefile.am deleted file mode 100644 index be30c88a..00000000 --- a/main/openvpn/sample/Makefile.am +++ /dev/null @@ -1,34 +0,0 @@ -# -# OpenVPN -- An application to securely tunnel IP networks -# over a single UDP port, with support for SSL/TLS-based -# session authentication and key exchange, -# packet encryption, packet authentication, and -# packet compression. -# -# Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net> -# Copyright (C) 2006-2012 Alon Bar-Lev <alon.barlev@gmail.com> -# - -MAINTAINERCLEANFILES = \ - $(srcdir)/Makefile.in - -EXTRA_DIST = \ - sample-plugins \ - sample-config-files \ - sample-windows \ - sample-keys \ - sample-scripts - -if WIN32 -sample_DATA = \ - client.ovpn \ - server.ovpn \ - sample-windows/sample.ovpn - -client.ovpn: sample-config-files/client.conf - -rm -f client.ovpn - cp "$(srcdir)/sample-config-files/client.conf" client.ovpn -server.ovpn: sample-config-files/server.conf - -rm -f server.ovpn - cp "$(srcdir)/sample-config-files/server.conf" server.ovpn -endif diff --git a/main/openvpn/sample/sample-config-files/README b/main/openvpn/sample/sample-config-files/README deleted file mode 100644 index d53ac79a..00000000 --- a/main/openvpn/sample/sample-config-files/README +++ /dev/null @@ -1,6 +0,0 @@ -Sample OpenVPN Configuration Files. - -These files are part of the OpenVPN HOWTO -which is located at: - -http://openvpn.net/howto.html diff --git a/main/openvpn/sample/sample-config-files/client.conf b/main/openvpn/sample/sample-config-files/client.conf deleted file mode 100644 index fedcbd6e..00000000 --- a/main/openvpn/sample/sample-config-files/client.conf +++ /dev/null @@ -1,124 +0,0 @@ -############################################## -# Sample client-side OpenVPN 2.0 config file # -# for connecting to multi-client server. # -# # -# This configuration can be used by multiple # -# clients, however each client should have # -# its own cert and key files. # -# # -# On Windows, you might want to rename this # -# file so it has a .ovpn extension # -############################################## - -# Specify that we are a client and that we -# will be pulling certain config file directives -# from the server. -client - -# Use the same setting as you are using on -# the server. -# On most systems, the VPN will not function -# unless you partially or fully disable -# the firewall for the TUN/TAP interface. -;dev tap -dev tun - -# Windows needs the TAP-Win32 adapter name -# from the Network Connections panel -# if you have more than one. On XP SP2, -# you may need to disable the firewall -# for the TAP adapter. -;dev-node MyTap - -# Are we connecting to a TCP or -# UDP server? Use the same setting as -# on the server. -;proto tcp -proto udp - -# The hostname/IP and port of the server. -# You can have multiple remote entries -# to load balance between the servers. -remote my-server-1 1194 -;remote my-server-2 1194 - -# Choose a random host from the remote -# list for load-balancing. Otherwise -# try hosts in the order specified. -;remote-random - -# Keep trying indefinitely to resolve the -# host name of the OpenVPN server. Very useful -# on machines which are not permanently connected -# to the internet such as laptops. -resolv-retry infinite - -# Most clients don't need to bind to -# a specific local port number. -nobind - -# Downgrade privileges after initialization (non-Windows only) -;user nobody -;group nobody - -# Try to preserve some state across restarts. -persist-key -persist-tun - -# If you are connecting through an -# HTTP proxy to reach the actual OpenVPN -# server, put the proxy server/IP and -# port number here. See the man page -# if your proxy server requires -# authentication. -;http-proxy-retry # retry on connection failures -;http-proxy [proxy server] [proxy port #] - -# Wireless networks often produce a lot -# of duplicate packets. Set this flag -# to silence duplicate packet warnings. -;mute-replay-warnings - -# SSL/TLS parms. -# See the server config file for more -# description. It's best to use -# a separate .crt/.key file pair -# for each client. A single ca -# file can be used for all clients. -ca ca.crt -cert client.crt -key client.key - -# Verify server certificate by checking that the -# certicate has the correct key usage set. -# This is an important precaution to protect against -# a potential attack discussed here: -# http://openvpn.net/howto.html#mitm -# -# To use this feature, you will need to generate -# your server certificates with the keyUsage set to -# digitalSignature, keyEncipherment -# and the extendedKeyUsage to -# serverAuth -# EasyRSA can do this for you. -remote-cert-tls server - -# If a tls-auth key is used on the server -# then every client must also have the key. -tls-auth ta.key 1 - -# Select a cryptographic cipher. -# If the cipher option is used on the server -# then you must also specify it here. -;cipher x - -# Enable compression on the VPN link. -# Don't enable this unless it is also -# enabled in the server config file. -comp-lzo - -# Set log file verbosity. -verb 3 - -# Silence repeating messages -;mute 20 diff --git a/main/openvpn/sample/sample-config-files/firewall.sh b/main/openvpn/sample/sample-config-files/firewall.sh deleted file mode 100755 index 19d75ee9..00000000 --- a/main/openvpn/sample/sample-config-files/firewall.sh +++ /dev/null @@ -1,108 +0,0 @@ -#!/bin/sh - -# A Sample OpenVPN-aware firewall. - -# eth0 is connected to the internet. -# eth1 is connected to a private subnet. - -# Change this subnet to correspond to your private -# ethernet subnet. Home will use HOME_NET/24 and -# Office will use OFFICE_NET/24. -PRIVATE=10.0.0.0/24 - -# Loopback address -LOOP=127.0.0.1 - -# Delete old iptables rules -# and temporarily block all traffic. -iptables -P OUTPUT DROP -iptables -P INPUT DROP -iptables -P FORWARD DROP -iptables -F - -# Set default policies -iptables -P OUTPUT ACCEPT -iptables -P INPUT DROP -iptables -P FORWARD DROP - -# Prevent external packets from using loopback addr -iptables -A INPUT -i eth0 -s $LOOP -j DROP -iptables -A FORWARD -i eth0 -s $LOOP -j DROP -iptables -A INPUT -i eth0 -d $LOOP -j DROP -iptables -A FORWARD -i eth0 -d $LOOP -j DROP - -# Anything coming from the Internet should have a real Internet address -iptables -A FORWARD -i eth0 -s 192.168.0.0/16 -j DROP -iptables -A FORWARD -i eth0 -s 172.16.0.0/12 -j DROP -iptables -A FORWARD -i eth0 -s 10.0.0.0/8 -j DROP -iptables -A INPUT -i eth0 -s 192.168.0.0/16 -j DROP -iptables -A INPUT -i eth0 -s 172.16.0.0/12 -j DROP -iptables -A INPUT -i eth0 -s 10.0.0.0/8 -j DROP - -# Block outgoing NetBios (if you have windows machines running -# on the private subnet). This will not affect any NetBios -# traffic that flows over the VPN tunnel, but it will stop -# local windows machines from broadcasting themselves to -# the internet. -iptables -A FORWARD -p tcp --sport 137:139 -o eth0 -j DROP -iptables -A FORWARD -p udp --sport 137:139 -o eth0 -j DROP -iptables -A OUTPUT -p tcp --sport 137:139 -o eth0 -j DROP -iptables -A OUTPUT -p udp --sport 137:139 -o eth0 -j DROP - -# Check source address validity on packets going out to internet -iptables -A FORWARD -s ! $PRIVATE -i eth1 -j DROP - -# Allow local loopback -iptables -A INPUT -s $LOOP -j ACCEPT -iptables -A INPUT -d $LOOP -j ACCEPT - -# Allow incoming pings (can be disabled) -iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT - -# Allow services such as www and ssh (can be disabled) -iptables -A INPUT -p tcp --dport http -j ACCEPT -iptables -A INPUT -p tcp --dport ssh -j ACCEPT - -# Allow incoming OpenVPN packets -# Duplicate the line below for each -# OpenVPN tunnel, changing --dport n -# to match the OpenVPN UDP port. -# -# In OpenVPN, the port number is -# controlled by the --port n option. -# If you put this option in the config -# file, you can remove the leading '--' -# -# If you taking the stateful firewall -# approach (see the OpenVPN HOWTO), -# then comment out the line below. - -iptables -A INPUT -p udp --dport 1194 -j ACCEPT - -# Allow packets from TUN/TAP devices. -# When OpenVPN is run in a secure mode, -# it will authenticate packets prior -# to their arriving on a tun or tap -# interface. Therefore, it is not -# necessary to add any filters here, -# unless you want to restrict the -# type of packets which can flow over -# the tunnel. - -iptables -A INPUT -i tun+ -j ACCEPT -iptables -A FORWARD -i tun+ -j ACCEPT -iptables -A INPUT -i tap+ -j ACCEPT -iptables -A FORWARD -i tap+ -j ACCEPT - -# Allow packets from private subnets -iptables -A INPUT -i eth1 -j ACCEPT -iptables -A FORWARD -i eth1 -j ACCEPT - -# Keep state of connections from local machine and private subnets -iptables -A OUTPUT -m state --state NEW -o eth0 -j ACCEPT -iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -iptables -A FORWARD -m state --state NEW -o eth0 -j ACCEPT -iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT - -# Masquerade local subnet -iptables -t nat -A POSTROUTING -s $PRIVATE -o eth0 -j MASQUERADE diff --git a/main/openvpn/sample/sample-config-files/home.up b/main/openvpn/sample/sample-config-files/home.up deleted file mode 100755 index 9c347cc5..00000000 --- a/main/openvpn/sample/sample-config-files/home.up +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/sh -route add -net 10.0.0.0 netmask 255.255.255.0 gw $5 diff --git a/main/openvpn/sample/sample-config-files/loopback-client b/main/openvpn/sample/sample-config-files/loopback-client deleted file mode 100644 index 7117307d..00000000 --- a/main/openvpn/sample/sample-config-files/loopback-client +++ /dev/null @@ -1,26 +0,0 @@ -# Perform a TLS loopback test -- client side. -# -# This test performs a TLS negotiation once every 10 seconds, -# and will terminate after 2 minutes. -# -# From the root directory of the OpenVPN distribution, -# after openvpn has been built, run: -# -# ./openvpn --config sample-config-files/loopback-client (In one window) -# ./openvpn --config sample-config-files/loopback-server (Simultaneously in another window) - -rport 16000 -lport 16001 -remote localhost -local localhost -dev null -verb 3 -reneg-sec 10 -tls-client -remote-cert-tls server -ca sample-keys/ca.crt -key sample-keys/client.key -cert sample-keys/client.crt -tls-auth sample-keys/ta.key 1 -ping 1 -inactive 120 10000000 diff --git a/main/openvpn/sample/sample-config-files/loopback-server b/main/openvpn/sample/sample-config-files/loopback-server deleted file mode 100644 index 8e1f39cd..00000000 --- a/main/openvpn/sample/sample-config-files/loopback-server +++ /dev/null @@ -1,26 +0,0 @@ -# Perform a TLS loopback test -- server side. -# -# This test performs a TLS negotiation once every 10 seconds, -# and will terminate after 2 minutes. -# -# From the root directory of the OpenVPN distribution, -# after openvpn has been built, run: -# -# ./openvpn --config sample-config-files/loopback-client (In one window) -# ./openvpn --config sample-config-files/loopback-server (Simultaneously in another window) - -rport 16001 -lport 16000 -remote localhost -local localhost -dev null -verb 3 -reneg-sec 10 -tls-server -dh sample-keys/dh2048.pem -ca sample-keys/ca.crt -key sample-keys/server.key -cert sample-keys/server.crt -tls-auth sample-keys/ta.key 0 -ping 1 -inactive 120 10000000 diff --git a/main/openvpn/sample/sample-config-files/office.up b/main/openvpn/sample/sample-config-files/office.up deleted file mode 100755 index 74a71a33..00000000 --- a/main/openvpn/sample/sample-config-files/office.up +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/sh -route add -net 10.0.1.0 netmask 255.255.255.0 gw $5 diff --git a/main/openvpn/sample/sample-config-files/openvpn-shutdown.sh b/main/openvpn/sample/sample-config-files/openvpn-shutdown.sh deleted file mode 100755 index 8ed2d1d5..00000000 --- a/main/openvpn/sample/sample-config-files/openvpn-shutdown.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh - -# stop all openvpn processes - -killall -TERM openvpn diff --git a/main/openvpn/sample/sample-config-files/openvpn-startup.sh b/main/openvpn/sample/sample-config-files/openvpn-startup.sh deleted file mode 100755 index 0ee006bc..00000000 --- a/main/openvpn/sample/sample-config-files/openvpn-startup.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/sh - -# A sample OpenVPN startup script -# for Linux. - -# openvpn config file directory -dir=/etc/openvpn - -# load the firewall -$dir/firewall.sh - -# load TUN/TAP kernel module -modprobe tun - -# enable IP forwarding -echo 1 > /proc/sys/net/ipv4/ip_forward - -# Invoke openvpn for each VPN tunnel -# in daemon mode. Alternatively, -# you could remove "--daemon" from -# the command line and add "daemon" -# to the config file. -# -# Each tunnel should run on a separate -# UDP port. Use the "port" option -# to control this. Like all of -# OpenVPN's options, you can -# specify "--port 8000" on the command -# line or "port 8000" in the config -# file. - -openvpn --cd $dir --daemon --config vpn1.conf -openvpn --cd $dir --daemon --config vpn2.conf -openvpn --cd $dir --daemon --config vpn2.conf diff --git a/main/openvpn/sample/sample-config-files/server.conf b/main/openvpn/sample/sample-config-files/server.conf deleted file mode 100644 index c85ca0ff..00000000 --- a/main/openvpn/sample/sample-config-files/server.conf +++ /dev/null @@ -1,304 +0,0 @@ -################################################# -# Sample OpenVPN 2.0 config file for # -# multi-client server. # -# # -# This file is for the server side # -# of a many-clients <-> one-server # -# OpenVPN configuration. # -# # -# OpenVPN also supports # -# single-machine <-> single-machine # -# configurations (See the Examples page # -# on the web site for more info). # -# # -# This config should work on Windows # -# or Linux/BSD systems. Remember on # -# Windows to quote pathnames and use # -# double backslashes, e.g.: # -# "C:\\Program Files\\OpenVPN\\config\\foo.key" # -# # -# Comments are preceded with '#' or ';' # -################################################# - -# Which local IP address should OpenVPN -# listen on? (optional) -;local a.b.c.d - -# Which TCP/UDP port should OpenVPN listen on? -# If you want to run multiple OpenVPN instances -# on the same machine, use a different port -# number for each one. You will need to -# open up this port on your firewall. -port 1194 - -# TCP or UDP server? -;proto tcp -proto udp - -# "dev tun" will create a routed IP tunnel, -# "dev tap" will create an ethernet tunnel. -# Use "dev tap0" if you are ethernet bridging -# and have precreated a tap0 virtual interface -# and bridged it with your ethernet interface. -# If you want to control access policies -# over the VPN, you must create firewall -# rules for the the TUN/TAP interface. -# On non-Windows systems, you can give -# an explicit unit number, such as tun0. -# On Windows, use "dev-node" for this. -# On most systems, the VPN will not function -# unless you partially or fully disable -# the firewall for the TUN/TAP interface. -;dev tap -dev tun - -# Windows needs the TAP-Win32 adapter name -# from the Network Connections panel if you -# have more than one. On XP SP2 or higher, -# you may need to selectively disable the -# Windows firewall for the TAP adapter. -# Non-Windows systems usually don't need this. -;dev-node MyTap - -# SSL/TLS root certificate (ca), certificate -# (cert), and private key (key). Each client -# and the server must have their own cert and -# key file. The server and all clients will -# use the same ca file. -# -# See the "easy-rsa" directory for a series -# of scripts for generating RSA certificates -# and private keys. Remember to use -# a unique Common Name for the server -# and each of the client certificates. -# -# Any X509 key management system can be used. -# OpenVPN can also use a PKCS #12 formatted key file -# (see "pkcs12" directive in man page). -ca ca.crt -cert server.crt -key server.key # This file should be kept secret - -# Diffie hellman parameters. -# Generate your own with: -# openssl dhparam -out dh2048.pem 2048 -dh dh2048.pem - -# Network topology -# Should be subnet (addressing via IP) -# unless Windows clients v2.0.9 and lower have to -# be supported (then net30, i.e. a /30 per client) -# Defaults to net30 (not recommended) -;topology subnet - -# Configure server mode and supply a VPN subnet -# for OpenVPN to draw client addresses from. -# The server will take 10.8.0.1 for itself, -# the rest will be made available to clients. -# Each client will be able to reach the server -# on 10.8.0.1. Comment this line out if you are -# ethernet bridging. See the man page for more info. -server 10.8.0.0 255.255.255.0 - -# Maintain a record of client <-> virtual IP address -# associations in this file. If OpenVPN goes down or -# is restarted, reconnecting clients can be assigned -# the same virtual IP address from the pool that was -# previously assigned. -ifconfig-pool-persist ipp.txt - -# Configure server mode for ethernet bridging. -# You must first use your OS's bridging capability -# to bridge the TAP interface with the ethernet -# NIC interface. Then you must manually set the -# IP/netmask on the bridge interface, here we -# assume 10.8.0.4/255.255.255.0. Finally we -# must set aside an IP range in this subnet -# (start=10.8.0.50 end=10.8.0.100) to allocate -# to connecting clients. Leave this line commented -# out unless you are ethernet bridging. -;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100 - -# Configure server mode for ethernet bridging -# using a DHCP-proxy, where clients talk -# to the OpenVPN server-side DHCP server -# to receive their IP address allocation -# and DNS server addresses. You must first use -# your OS's bridging capability to bridge the TAP -# interface with the ethernet NIC interface. -# Note: this mode only works on clients (such as -# Windows), where the client-side TAP adapter is -# bound to a DHCP client. -;server-bridge - -# Push routes to the client to allow it -# to reach other private subnets behind -# the server. Remember that these -# private subnets will also need -# to know to route the OpenVPN client -# address pool (10.8.0.0/255.255.255.0) -# back to the OpenVPN server. -;push "route 192.168.10.0 255.255.255.0" -;push "route 192.168.20.0 255.255.255.0" - -# To assign specific IP addresses to specific -# clients or if a connecting client has a private -# subnet behind it that should also have VPN access, -# use the subdirectory "ccd" for client-specific -# configuration files (see man page for more info). - -# EXAMPLE: Suppose the client -# having the certificate common name "Thelonious" -# also has a small subnet behind his connecting -# machine, such as 192.168.40.128/255.255.255.248. -# First, uncomment out these lines: -;client-config-dir ccd -;route 192.168.40.128 255.255.255.248 -# Then create a file ccd/Thelonious with this line: -# iroute 192.168.40.128 255.255.255.248 -# This will allow Thelonious' private subnet to -# access the VPN. This example will only work -# if you are routing, not bridging, i.e. you are -# using "dev tun" and "server" directives. - -# EXAMPLE: Suppose you want to give -# Thelonious a fixed VPN IP address of 10.9.0.1. -# First uncomment out these lines: -;client-config-dir ccd -;route 10.9.0.0 255.255.255.252 -# Then add this line to ccd/Thelonious: -# ifconfig-push 10.9.0.1 10.9.0.2 - -# Suppose that you want to enable different -# firewall access policies for different groups -# of clients. There are two methods: -# (1) Run multiple OpenVPN daemons, one for each -# group, and firewall the TUN/TAP interface -# for each group/daemon appropriately. -# (2) (Advanced) Create a script to dynamically -# modify the firewall in response to access -# from different clients. See man -# page for more info on learn-address script. -;learn-address ./script - -# If enabled, this directive will configure -# all clients to redirect their default -# network gateway through the VPN, causing -# all IP traffic such as web browsing and -# and DNS lookups to go through the VPN -# (The OpenVPN server machine may need to NAT -# or bridge the TUN/TAP interface to the internet -# in order for this to work properly). -;push "redirect-gateway def1 bypass-dhcp" - -# Certain Windows-specific network settings -# can be pushed to clients, such as DNS -# or WINS server addresses. CAVEAT: -# http://openvpn.net/faq.html#dhcpcaveats -# The addresses below refer to the public -# DNS servers provided by opendns.com. -;push "dhcp-option DNS 208.67.222.222" -;push "dhcp-option DNS 208.67.220.220" - -# Uncomment this directive to allow different -# clients to be able to "see" each other. -# By default, clients will only see the server. -# To force clients to only see the server, you -# will also need to appropriately firewall the -# server's TUN/TAP interface. -;client-to-client - -# Uncomment this directive if multiple clients -# might connect with the same certificate/key -# files or common names. This is recommended -# only for testing purposes. For production use, -# each client should have its own certificate/key -# pair. -# -# IF YOU HAVE NOT GENERATED INDIVIDUAL -# CERTIFICATE/KEY PAIRS FOR EACH CLIENT, -# EACH HAVING ITS OWN UNIQUE "COMMON NAME", -# UNCOMMENT THIS LINE OUT. -;duplicate-cn - -# The keepalive directive causes ping-like -# messages to be sent back and forth over -# the link so that each side knows when -# the other side has gone down. -# Ping every 10 seconds, assume that remote -# peer is down if no ping received during -# a 120 second time period. -keepalive 10 120 - -# For extra security beyond that provided -# by SSL/TLS, create an "HMAC firewall" -# to help block DoS attacks and UDP port flooding. -# -# Generate with: -# openvpn --genkey --secret ta.key -# -# The server and each client must have -# a copy of this key. -# The second parameter should be '0' -# on the server and '1' on the clients. -tls-auth ta.key 0 # This file is secret - -# Select a cryptographic cipher. -# This config item must be copied to -# the client config file as well. -;cipher BF-CBC # Blowfish (default) -;cipher AES-128-CBC # AES -;cipher DES-EDE3-CBC # Triple-DES - -# Enable compression on the VPN link. -# If you enable it here, you must also -# enable it in the client config file. -comp-lzo - -# The maximum number of concurrently connected -# clients we want to allow. -;max-clients 100 - -# It's a good idea to reduce the OpenVPN -# daemon's privileges after initialization. -# -# You can uncomment this out on -# non-Windows systems. -;user nobody -;group nobody - -# The persist options will try to avoid -# accessing certain resources on restart -# that may no longer be accessible because -# of the privilege downgrade. -persist-key -persist-tun - -# Output a short status file showing -# current connections, truncated -# and rewritten every minute. -status openvpn-status.log - -# By default, log messages will go to the syslog (or -# on Windows, if running as a service, they will go to -# the "\Program Files\OpenVPN\log" directory). -# Use log or log-append to override this default. -# "log" will truncate the log file on OpenVPN startup, -# while "log-append" will append to it. Use one -# or the other (but not both). -;log openvpn.log -;log-append openvpn.log - -# Set the appropriate level of log -# file verbosity. -# -# 0 is silent, except for fatal errors -# 4 is reasonable for general usage -# 5 and 6 can help to debug connection problems -# 9 is extremely verbose -verb 3 - -# Silence repeating messages. At most 20 -# sequential messages of the same message -# category will be output to the log. -;mute 20 diff --git a/main/openvpn/sample/sample-config-files/static-home.conf b/main/openvpn/sample/sample-config-files/static-home.conf deleted file mode 100644 index c9666874..00000000 --- a/main/openvpn/sample/sample-config-files/static-home.conf +++ /dev/null @@ -1,72 +0,0 @@ -# -# Sample OpenVPN configuration file for -# home using a pre-shared static key. -# -# '#' or ';' may be used to delimit comments. - -# Use a dynamic tun device. -# For Linux 2.2 or non-Linux OSes, -# you may want to use an explicit -# unit number such as "tun1". -# OpenVPN also supports virtual -# ethernet "tap" devices. -dev tun - -# Our OpenVPN peer is the office gateway. -remote 1.2.3.4 - -# 10.1.0.2 is our local VPN endpoint (home). -# 10.1.0.1 is our remote VPN endpoint (office). -ifconfig 10.1.0.2 10.1.0.1 - -# Our up script will establish routes -# once the VPN is alive. -up ./home.up - -# Our pre-shared static key -secret static.key - -# OpenVPN 2.0 uses UDP port 1194 by default -# (official port assignment by iana.org 11/04). -# OpenVPN 1.x uses UDP port 5000 by default. -# Each OpenVPN tunnel must use -# a different port number. -# lport or rport can be used -# to denote different ports -# for local and remote. -; port 1194 - -# Downgrade UID and GID to -# "nobody" after initialization -# for extra security. -; user nobody -; group nobody - -# If you built OpenVPN with -# LZO compression, uncomment -# out the following line. -; comp-lzo - -# Send a UDP ping to remote once -# every 15 seconds to keep -# stateful firewall connection -# alive. Uncomment this -# out if you are using a stateful -# firewall. -; ping 15 - -# Uncomment this section for a more reliable detection when a system -# loses its connection. For example, dial-ups or laptops that -# travel to other locations. -; ping 15 -; ping-restart 45 -; ping-timer-rem -; persist-tun -; persist-key - -# Verbosity level. -# 0 -- quiet except for fatal errors. -# 1 -- mostly quiet, but display non-fatal network errors. -# 3 -- medium output, good for normal operation. -# 9 -- verbose, good for troubleshooting -verb 3 diff --git a/main/openvpn/sample/sample-config-files/static-office.conf b/main/openvpn/sample/sample-config-files/static-office.conf deleted file mode 100644 index 68030cc9..00000000 --- a/main/openvpn/sample/sample-config-files/static-office.conf +++ /dev/null @@ -1,69 +0,0 @@ -# -# Sample OpenVPN configuration file for -# office using a pre-shared static key. -# -# '#' or ';' may be used to delimit comments. - -# Use a dynamic tun device. -# For Linux 2.2 or non-Linux OSes, -# you may want to use an explicit -# unit number such as "tun1". -# OpenVPN also supports virtual -# ethernet "tap" devices. -dev tun - -# 10.1.0.1 is our local VPN endpoint (office). -# 10.1.0.2 is our remote VPN endpoint (home). -ifconfig 10.1.0.1 10.1.0.2 - -# Our up script will establish routes -# once the VPN is alive. -up ./office.up - -# Our pre-shared static key -secret static.key - -# OpenVPN 2.0 uses UDP port 1194 by default -# (official port assignment by iana.org 11/04). -# OpenVPN 1.x uses UDP port 5000 by default. -# Each OpenVPN tunnel must use -# a different port number. -# lport or rport can be used -# to denote different ports -# for local and remote. -; port 1194 - -# Downgrade UID and GID to -# "nobody" after initialization -# for extra security. -; user nobody -; group nobody - -# If you built OpenVPN with -# LZO compression, uncomment -# out the following line. -; comp-lzo - -# Send a UDP ping to remote once -# every 15 seconds to keep -# stateful firewall connection -# alive. Uncomment this -# out if you are using a stateful -# firewall. -; ping 15 - -# Uncomment this section for a more reliable detection when a system -# loses its connection. For example, dial-ups or laptops that -# travel to other locations. -; ping 15 -; ping-restart 45 -; ping-timer-rem -; persist-tun -; persist-key - -# Verbosity level. -# 0 -- quiet except for fatal errors. -# 1 -- mostly quiet, but display non-fatal network errors. -# 3 -- medium output, good for normal operation. -# 9 -- verbose, good for troubleshooting -verb 3 diff --git a/main/openvpn/sample/sample-config-files/tls-home.conf b/main/openvpn/sample/sample-config-files/tls-home.conf deleted file mode 100644 index daa4ea1e..00000000 --- a/main/openvpn/sample/sample-config-files/tls-home.conf +++ /dev/null @@ -1,83 +0,0 @@ -# -# Sample OpenVPN configuration file for -# home using SSL/TLS mode and RSA certificates/keys. -# -# '#' or ';' may be used to delimit comments. - -# Use a dynamic tun device. -# For Linux 2.2 or non-Linux OSes, -# you may want to use an explicit -# unit number such as "tun1". -# OpenVPN also supports virtual -# ethernet "tap" devices. -dev tun - -# Our OpenVPN peer is the office gateway. -remote 1.2.3.4 - -# 10.1.0.2 is our local VPN endpoint (home). -# 10.1.0.1 is our remote VPN endpoint (office). -ifconfig 10.1.0.2 10.1.0.1 - -# Our up script will establish routes -# once the VPN is alive. -up ./home.up - -# In SSL/TLS key exchange, Office will -# assume server role and Home -# will assume client role. -tls-client - -# Certificate Authority file -ca my-ca.crt - -# Our certificate/public key -cert home.crt - -# Our private key -key home.key - -# OpenVPN 2.0 uses UDP port 1194 by default -# (official port assignment by iana.org 11/04). -# OpenVPN 1.x uses UDP port 5000 by default. -# Each OpenVPN tunnel must use -# a different port number. -# lport or rport can be used -# to denote different ports -# for local and remote. -; port 1194 - -# Downgrade UID and GID to -# "nobody" after initialization -# for extra security. -; user nobody -; group nobody - -# If you built OpenVPN with -# LZO compression, uncomment -# out the following line. -; comp-lzo - -# Send a UDP ping to remote once -# every 15 seconds to keep -# stateful firewall connection -# alive. Uncomment this -# out if you are using a stateful -# firewall. -; ping 15 - -# Uncomment this section for a more reliable detection when a system -# loses its connection. For example, dial-ups or laptops that -# travel to other locations. -; ping 15 -; ping-restart 45 -; ping-timer-rem -; persist-tun -; persist-key - -# Verbosity level. -# 0 -- quiet except for fatal errors. -# 1 -- mostly quiet, but display non-fatal network errors. -# 3 -- medium output, good for normal operation. -# 9 -- verbose, good for troubleshooting -verb 3 diff --git a/main/openvpn/sample/sample-config-files/tls-office.conf b/main/openvpn/sample/sample-config-files/tls-office.conf deleted file mode 100644 index d1961444..00000000 --- a/main/openvpn/sample/sample-config-files/tls-office.conf +++ /dev/null @@ -1,83 +0,0 @@ -# -# Sample OpenVPN configuration file for -# office using SSL/TLS mode and RSA certificates/keys. -# -# '#' or ';' may be used to delimit comments. - -# Use a dynamic tun device. -# For Linux 2.2 or non-Linux OSes, -# you may want to use an explicit -# unit number such as "tun1". -# OpenVPN also supports virtual -# ethernet "tap" devices. -dev tun - -# 10.1.0.1 is our local VPN endpoint (office). -# 10.1.0.2 is our remote VPN endpoint (home). -ifconfig 10.1.0.1 10.1.0.2 - -# Our up script will establish routes -# once the VPN is alive. -up ./office.up - -# In SSL/TLS key exchange, Office will -# assume server role and Home -# will assume client role. -tls-server - -# Diffie-Hellman Parameters (tls-server only) -dh dh2048.pem - -# Certificate Authority file -ca my-ca.crt - -# Our certificate/public key -cert office.crt - -# Our private key -key office.key - -# OpenVPN 2.0 uses UDP port 1194 by default -# (official port assignment by iana.org 11/04). -# OpenVPN 1.x uses UDP port 5000 by default. -# Each OpenVPN tunnel must use -# a different port number. -# lport or rport can be used -# to denote different ports -# for local and remote. -; port 1194 - -# Downgrade UID and GID to -# "nobody" after initialization -# for extra security. -; user nobody -; group nobody - -# If you built OpenVPN with -# LZO compression, uncomment -# out the following line. -; comp-lzo - -# Send a UDP ping to remote once -# every 15 seconds to keep -# stateful firewall connection -# alive. Uncomment this -# out if you are using a stateful -# firewall. -; ping 15 - -# Uncomment this section for a more reliable detection when a system -# loses its connection. For example, dial-ups or laptops that -# travel to other locations. -; ping 15 -; ping-restart 45 -; ping-timer-rem -; persist-tun -; persist-key - -# Verbosity level. -# 0 -- quiet except for fatal errors. -# 1 -- mostly quiet, but display non-fatal network errors. -# 3 -- medium output, good for normal operation. -# 9 -- verbose, good for troubleshooting -verb 3 diff --git a/main/openvpn/sample/sample-config-files/xinetd-client-config b/main/openvpn/sample/sample-config-files/xinetd-client-config deleted file mode 100644 index 03c5c1fa..00000000 --- a/main/openvpn/sample/sample-config-files/xinetd-client-config +++ /dev/null @@ -1,11 +0,0 @@ -# This OpenVPN config file -# is the client side counterpart -# of xinetd-server-config - -dev tun -ifconfig 10.4.0.1 10.4.0.2 -remote my-server -port 1194 -user nobody -secret /root/openvpn/key -inactive 600 diff --git a/main/openvpn/sample/sample-config-files/xinetd-server-config b/main/openvpn/sample/sample-config-files/xinetd-server-config deleted file mode 100644 index 803a6f8f..00000000 --- a/main/openvpn/sample/sample-config-files/xinetd-server-config +++ /dev/null @@ -1,25 +0,0 @@ -# An xinetd configuration file for OpenVPN. -# -# This file should be renamed to openvpn or something suitably -# descriptive and copied to the /etc/xinetd.d directory. -# xinetd can then be made aware of this file by restarting -# it or sending it a SIGHUP signal. -# -# For each potential incoming client, create a separate version -# of this configuration file on a unique port number. Also note -# that the key file and ifconfig endpoints should be unique for -# each client. This configuration assumes that the OpenVPN -# executable and key live in /root/openvpn. Change this to fit -# your environment. - -service openvpn_1 -{ - type = UNLISTED - port = 1194 - socket_type = dgram - protocol = udp - wait = yes - user = root - server = /root/openvpn/openvpn - server_args = --inetd --dev tun --ifconfig 10.4.0.2 10.4.0.1 --secret /root/openvpn/key --inactive 600 --user nobody -} diff --git a/main/openvpn/sample/sample-keys/.gitignore b/main/openvpn/sample/sample-keys/.gitignore deleted file mode 100644 index f1487528..00000000 --- a/main/openvpn/sample/sample-keys/.gitignore +++ /dev/null @@ -1 +0,0 @@ -sample-ca/ diff --git a/main/openvpn/sample/sample-keys/README b/main/openvpn/sample/sample-keys/README deleted file mode 100644 index 66dd9454..00000000 --- a/main/openvpn/sample/sample-keys/README +++ /dev/null @@ -1,19 +0,0 @@ -Sample RSA and EC keys. - -Run ./gen-sample-keys.sh to generate fresh test keys. - -See the examples section of the man page for usage examples. - -NOTE: THESE KEYS ARE FOR TESTING PURPOSES ONLY. - DON'T USE THEM FOR ANY REAL WORK BECAUSE - THEY ARE TOTALLY INSECURE! - -ca.{crt,key} -- sample CA key/cert -server.{crt,key} -- sample server key/cert -client.{crt,key} -- sample client key/cert -client-pass.key -- sample client key with password-encrypted key - password = "password" -client.p12 -- sample client pkcs12 bundle - password = "password" -client-ec.{crt,key} -- sample elliptic curve client key/cert -server-ec.{crt,key} -- sample elliptic curve server key/cert diff --git a/main/openvpn/sample/sample-keys/ca.crt b/main/openvpn/sample/sample-keys/ca.crt deleted file mode 100644 index a11bafa7..00000000 --- a/main/openvpn/sample/sample-keys/ca.crt +++ /dev/null @@ -1,35 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIGKDCCBBCgAwIBAgIJAKFO3vqQ8q6BMA0GCSqGSIb3DQEBCwUAMGYxCzAJBgNV -BAYTAktHMQswCQYDVQQIEwJOQTEQMA4GA1UEBxMHQklTSEtFSzEVMBMGA1UEChMM -T3BlblZQTi1URVNUMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4w -HhcNMTQxMDIyMjE1OTUyWhcNMjQxMDE5MjE1OTUyWjBmMQswCQYDVQQGEwJLRzEL -MAkGA1UECBMCTkExEDAOBgNVBAcTB0JJU0hLRUsxFTATBgNVBAoTDE9wZW5WUE4t -VEVTVDEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMIICIjANBgkq -hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAsJVPCqt3vtoDW2U0DII1QIh2Qs0dqh88 -8nivxAIm2LTq93e9fJhsq3P/UVYAYSeCIrekXypR0EQgSgcNTvGBMe20BoHO5yvb -GjKPmjfLj6XRotCOGy8EDl/hLgRY9efiA8wsVfuvF2q/FblyJQPR/gPiDtTmUiqF -qXa7AJmMrqFsnWppOuGd7Qc6aTsae4TF1e/gUTCTraa7NeHowDaKhdyFmEEnCYR5 -CeUsx2JlFWAH8PCrxBpHYbmGyvS0kH3+rQkaSM/Pzc2bS4ayHaOYRK5XsGq8XiNG -KTTLnSaCdPeHsI+3xMHmEh+u5Og2DFGgvyD22gde6W2ezvEKCUDrzR7bsnYqqyUy -n7LxnkPXGyvR52T06G8KzLKQRmDlPIXhzKMO07qkHmIonXTdF7YI1azwHpAtN4dS -rUe1bvjiTSoEsQPfOAyvD0RMK/CBfgEZUzAB50e/IlbZ84c0DJfUMOm4xCyft1HF -YpYeyCf5dxoIjweCPOoP426+aTXM7kqq0ieIr6YxnKV6OGGLKEY+VNZh1DS7enqV -HP5i8eimyuUYPoQhbK9xtDGMgghnc6Hn8BldPMcvz98HdTEH4rBfA3yNuCxLSNow -4jJuLjNXh2QeiUtWtkXja7ec+P7VqKTduJoRaX7cs+8E3ImigiRnvmK+npk7Nt1y -YE9hBRhSoLsCAwEAAaOB2DCB1TAdBgNVHQ4EFgQUK0DlyX319JY46S/jL9lAZMmO -BZswgZgGA1UdIwSBkDCBjYAUK0DlyX319JY46S/jL9lAZMmOBZuhaqRoMGYxCzAJ -BgNVBAYTAktHMQswCQYDVQQIEwJOQTEQMA4GA1UEBxMHQklTSEtFSzEVMBMGA1UE -ChMMT3BlblZQTi1URVNUMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21h -aW6CCQChTt76kPKugTAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG -9w0BAQsFAAOCAgEABc77f4C4P8fIS+V8qCJmVNSDU44UZBc+D+J6ZTgW8JeOHUIj -Bh++XDg3gwat7pIWQ8AU5R7h+fpBI9n3dadyIsMHGwSogHY9Gw7di2RVtSFajEth -rvrq0JbzpwoYedMh84sJ2qI/DGKW9/Is9+O52fR+3z3dY3gNRDPQ5675BQ5CQW9I -AJgLOqzD8Q0qrXYi7HaEqzNx6p7RDTuhFgvTd+vS5d5+28Z5fm2umnq+GKHF8W5P -ylp2Js119FTVO7brusAMKPe5emc7tC2ov8OFFemQvfHR41PLryap2VD81IOgmt/J -kX/j/y5KGux5HZ3lxXqdJbKcAq4NKYQT0mCkRD4l6szaCEJ+k0SiM9DdTcBDefhR -9q+pCOyMh7d8QjQ1075mF7T+PGkZQUW1DUjEfrZhICnKgq+iEoUmM0Ee5WtRqcnu -5BTGQ2mSfc6rV+Vr+eYXqcg7Nxb3vFXYSTod1UhefonVqwdmyJ2sC79zp36Tbo2+ -65NW2WJK7KzPUyOJU0U9bcu0utvDOvGWmG+aHbymJgcoFzvZmlXqMXn97pSFn4jV -y3SLRgJXOw1QLXL2Y5abcuoBVr4gCOxxk2vBeVxOMRXNqSWZOFIF1bu/PxuDA+Sa -hEi44aHbPXt9opdssz/hdGfd8Wo7vEJrbg7c6zR6C/Akav1Rzy9oohIdgOw= ------END CERTIFICATE----- diff --git a/main/openvpn/sample/sample-keys/ca.key b/main/openvpn/sample/sample-keys/ca.key deleted file mode 100644 index 8b11bc22..00000000 --- a/main/openvpn/sample/sample-keys/ca.key +++ /dev/null @@ -1,52 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCwlU8Kq3e+2gNb -ZTQMgjVAiHZCzR2qHzzyeK/EAibYtOr3d718mGyrc/9RVgBhJ4Iit6RfKlHQRCBK -Bw1O8YEx7bQGgc7nK9saMo+aN8uPpdGi0I4bLwQOX+EuBFj15+IDzCxV+68Xar8V -uXIlA9H+A+IO1OZSKoWpdrsAmYyuoWydamk64Z3tBzppOxp7hMXV7+BRMJOtprs1 -4ejANoqF3IWYQScJhHkJ5SzHYmUVYAfw8KvEGkdhuYbK9LSQff6tCRpIz8/NzZtL -hrIdo5hErlewarxeI0YpNMudJoJ094ewj7fEweYSH67k6DYMUaC/IPbaB17pbZ7O -8QoJQOvNHtuydiqrJTKfsvGeQ9cbK9HnZPTobwrMspBGYOU8heHMow7TuqQeYiid -dN0XtgjVrPAekC03h1KtR7Vu+OJNKgSxA984DK8PREwr8IF+ARlTMAHnR78iVtnz -hzQMl9Qw6bjELJ+3UcVilh7IJ/l3GgiPB4I86g/jbr5pNczuSqrSJ4ivpjGcpXo4 -YYsoRj5U1mHUNLt6epUc/mLx6KbK5Rg+hCFsr3G0MYyCCGdzoefwGV08xy/P3wd1 -MQfisF8DfI24LEtI2jDiMm4uM1eHZB6JS1a2ReNrt5z4/tWopN24mhFpftyz7wTc -iaKCJGe+Yr6emTs23XJgT2EFGFKguwIDAQABAoICAQCEYPqnihI0PqZjnwQdGIQp -g+P8gl7pyY9cS0OhUueicEbyDI8+V9qn0kcmx61zKDY0Jq4QNd6tnlUCijTc6Mot -DwF2G1xsC4GvKxZiy89MOkhloanXETEeQZzDbbjvaM4UgL0AHLWPfZQRCjxbKXkE -0A5phgvAr2YSvBLHCVXhGN0fScXnwXouVsvgVdGtpcTWdIUa+KrNdQBGDbz6VCkW -31I76SQFy40d8PPX6ZjUJHDvnM14LycySO6XOkofRIVnXTqaOUiVBb2VKj5fX+Ro -ILdWZz4d6J3RiGXYwyTr4SGVKLjgxWfgUGZB7x+NrqgugNzuaLYrkuWKSEN42nWq -yoP6x6xtbAsmB6Fvdqwm/d8BmLhUweaVc0L7AYzXNsOBuT3kubJHMmu3Jv4xgyWk -l/MAGJQc7i7QQweGgsYZgR8WlbkWkSFpUcgQBDzDibb6nsD2jnYijQrnrrmiEjEI -R7MO551V+nFw9utiM8U9WIWwqzY0d98ujWkGjVe7uz9ZBVyg0DEAEj/zRi9T54aG -1V6CB2Cjyw+HzzsDw7yWroWzo4U9YfjbPKCoBsXlqQFLFwY8oL6mEZ7UOobaV1Zl -WtuHyYw3UNFxuSGPPyxJkFePIQLLvfKvh2R+V0DrT3UJRoKKlt9RejRSN0tOh0Cm -2YD6d7T/DXnQHomIQKhKEQKCAQEA3sgsDg0eKDK8pUyVE+9wW5kql12nTzpBtnCM -eg5J9OJcXKhCD/NIyUTIMXoMvZQpLwGUAYLgu4gE04zKWHDouf7MRSFltD5LJ7F2 -7nuYKHZXk0BhgMhdnQot3FKcOMrKCnZcM+RWX9ZJa8wO6whCaYCw7DtS0SSVODQk -9EwAgX6/Hq60V7ujPZJCyNd3o0bIdAA/0AQRTZUADP3AHgUzh71aysYJt+UKt1v0 -Xc7l6hn7Dn7Ewzpf+WdZ2pV7d3JUSBVKiTDxLV904nDBNOxjMhz0rW01ojR6bzpn -XhkFPqnmh+yEYGRgfSAAzkvSsSJEAtBFSicupA/6n83Lo2YvswKCAQEAyumuxP4Z -a7s8x8DFba7vuQ+KVxpkKgEz1sxnGRNQJm18/ss/Y5JiaLFYT3E72VkQfBQ2ngu+ -GrJL3OhiNhzy1KLGS6mrwULtKiuud5MMQDL0Pvkncr9NTy4rBnWzhp2XyPeETu8n -JpL2i2OK6lY/lgpBckXuap9gAl0fXk+y+BkZ71OoYaGnKpPjs+Xcq/qgPgZ7O3NW -1g+Bd2AVPSxQpXjuy5rgtQURCN733vkNBzFedKREx7Z6l8UPlK/Exuc7BMIHfn5V -dd0R3Th+82fkMNVJz6MKmHJ6CJI53M7co/YdAvIkxOFRIPGbO3arL2R69nRgAZBE -zLawx1JJTRIG2QKCAQATtZXgMFzopYR3A011FAvWrrhL5+czZS4HG/Hxom38kkIl -mGUv0BAybjlf1zJlW0RBelxDvfZv4Nq8dIo6RNLyEY601v2OcqxneJXTB3AwtDeP -OXTm1dMiX5IrGcvkYlx5jHsfxCW4GNcqCEWRmYt2lgIRBDaRdjEVZdeXHVo2GqaB -6mbeFCWe/t+VsSpOcaauTI9YseNt/66fd5uVjFRAwAnWQqr9b/AAxMvbuMAyc9X4 -NFLoCrQO9ovGgM8JhD3cmrWbaY8MupM2rU8KhZdJCbLD3ROPpCDo0jvu4TvLjXBt -ugkEFh1LNJedqKudLDDkJtTaeJjxvtAnbyeC7zltAoIBAC9TIyzUqq8io0FfZ2x2 -cXiy9CvuftABKcr+L0l85KOhw5ZVZvpdKNCMFDGrEi9WA28886QWzwbA8Mqb9FP0 -mnoXYLJC50kSx+ee+nju9dt/RtHtIFM15N0DwosmJnHODZmUiOo0AuiPPCs0UzDm -Xrwqtirlvn5ln2nNuEQxyGbuy8qys0HaBvf6OBA8GySNNpRgxJsQAn+4bBSgdzOm -Q0TkmKUqASCXBusPvbXmVjCIRiRkL5p4p8z/6+tct0NAqNYqPr80zc/IeKMkyw8P -+vucszNXLmBxyp53JEGoiXNAMnH+ca7tchOB5hePTMun3rneWInk0PcB4OcL/QaZ -nrkCggEBAN67+SvcWtM1BoLXSz5/apFAE+DicCv94PrvMBOhfvu1oBrElR1rBjiN -2B83SktkF4WhCXr10GP+RUpjaqPBtT7NW4r3fL5B8EPsHeabL+pg9e6wG1rH8GqG -toWecmfC9uqK7l1A59h5Oveq5K19bZTRZRjQtv2e4KQknlJR6cwy+TGUU5kAUlMt -vcivyjzxc0UQwq7zKktJq+xW/TZiSLgd3B32p0sXX378qFUJ4SO2UZ1OCh8R7PY1 -Fx25K/89Q1yGdbYiXb/Dx0a2WB9rP+b6alMl/dxPdqDKj2QXXkdh8+yvhVpQTyZw -B1RaqQXwzqrCH0F/vw3lRceYhcQvzcQ= ------END PRIVATE KEY----- diff --git a/main/openvpn/sample/sample-keys/client-ec.crt b/main/openvpn/sample/sample-keys/client-ec.crt deleted file mode 100644 index 759dabae..00000000 --- a/main/openvpn/sample/sample-keys/client-ec.crt +++ /dev/null @@ -1,85 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 4 (0x4) - Signature Algorithm: sha256WithRSAEncryption - Issuer: C=KG, ST=NA, L=BISHKEK, O=OpenVPN-TEST/emailAddress=me@myhost.mydomain - Validity - Not Before: Oct 22 21:59:53 2014 GMT - Not After : Oct 19 21:59:53 2024 GMT - Subject: C=KG, ST=NA, O=OpenVPN-TEST, CN=Test-Client-EC/emailAddress=me@myhost.mydomain - Subject Public Key Info: - Public Key Algorithm: id-ecPublicKey - Public-Key: (256 bit) - pub: - 04:3b:ce:62:5d:6f:87:82:75:24:c2:58:f5:0e:88: - 4d:57:0d:06:b2:71:88:87:58:19:bb:de:5f:7f:52: - 62:51:a2:48:91:83:48:91:90:3e:87:02:0f:15:51: - f9:68:97:12:0a:fd:d2:3c:87:83:4b:65:54:00:44: - 8d:28:76:49:05 - ASN1 OID: secp256k1 - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - X509v3 Subject Key Identifier: - 64:F6:49:88:E7:74:C1:AB:A5:FA:4F:2B:71:3C:25:13:3D:C8:94:C5 - X509v3 Authority Key Identifier: - keyid:2B:40:E5:C9:7D:F5:F4:96:38:E9:2F:E3:2F:D9:40:64:C9:8E:05:9B - DirName:/C=KG/ST=NA/L=BISHKEK/O=OpenVPN-TEST/emailAddress=me@myhost.mydomain - serial:A1:4E:DE:FA:90:F2:AE:81 - - Signature Algorithm: sha256WithRSAEncryption - 32:3d:f0:08:67:dd:03:73:76:cc:76:52:0a:f6:97:d1:c6:fa: - 5f:d3:e6:28:c9:75:a7:08:a8:34:49:69:cf:eb:ab:da:86:b3: - 2e:65:17:ee:7e:b6:b5:6b:15:0b:dc:11:3a:b9:5a:b3:80:b8: - bb:f4:6c:cf:88:3a:10:83:7e:10:a0:82:87:6e:06:ec:78:62: - d4:d1:44:27:dd:2c:19:d8:1a:a1:ae:f4:a0:00:7f:53:5a:40: - 8a:c2:83:77:4b:26:7d:53:b0:d3:0f:2f:7c:28:70:ef:74:58: - 5b:de:81:94:4c:63:19:f0:79:cb:6c:b2:ec:32:1b:4b:e4:62: - 22:4f:ad:ac:4a:6f:a9:6e:c4:2a:8d:8a:88:19:09:fd:88:93: - 3c:27:4d:91:95:ff:57:84:13:fd:4a:68:db:20:df:10:e6:81: - 1d:fd:e7:1d:35:fb:19:02:dd:b5:5f:a0:c1:07:ec:74:b4:ef: - 8b:f9:33:9a:f2:a6:3b:6e:b6:4a:52:ab:5d:99:76:64:62:c4: - d5:3a:c6:81:8d:eb:c8:4b:02:af:e1:ca:60:e9:8d:c7:a9:2b: - ea:4f:56:31:d3:9a:11:c2:9c:83:5c:a2:8d:98:fe:cc:a5:ad: - 1f:51:c4:6e:cf:ff:a0:51:64:c8:7f:7f:32:05:4c:8d:7f:bf: - b8:ed:e5:81:5f:81:bd:1d:9b:3f:8a:83:27:26:b4:69:84:8b: - e5:d9:ea:fd:08:a8:aa:e4:3a:dc:29:4d:80:6c:13:f7:45:ce: - 92:f2:a9:f3:5f:90:83:d6:23:0f:50:e5:40:09:4c:6b:f2:73: - aa:d8:49:a7:a9:81:6e:bb:f2:e4:a5:7f:19:39:1d:65:f3:11: - 97:b1:2b:7c:2f:36:77:7f:75:fd:88:44:90:7c:f2:33:8d:cd: - 2c:f6:76:60:33:d3:f4:b3:8c:81:d7:85:89:cc:d7:d5:2c:94: - a9:31:3f:d3:63:a7:dc:82:3f:0a:d8:c5:71:97:69:3b:c1:69: - cb:f0:1b:be:15:c0:be:aa:fd:e8:13:2c:0c:3f:72:7b:7d:9c: - 3b:7f:b8:82:36:4b:ad:4d:16:19:b9:1c:b3:2d:d7:5f:8b:f8: - 14:ce:d4:13:e5:82:7a:1d:40:28:08:65:4a:19:d7:7a:35:09: - db:36:48:4b:96:44:bd:1f:12:b2:39:08:1e:5b:66:25:9b:e0: - 16:d3:79:05:e3:f6:90:da:95:95:33:a1:53:a8:3c:a9:f0:b2: - f5:d0:aa:80:a0:96:ca:8c:45:62:c2:74:04:91:68:27:fb:e9: - 97:be:3a:87:8a:85:28:2d:6e:a9:60:9b:63:ba:65:98:5e:bb: - 02:ee:ac:ba:be:f6:42:26 ------BEGIN CERTIFICATE----- -MIIESTCCAjGgAwIBAgIBBDANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQGEwJLRzEL -MAkGA1UECBMCTkExEDAOBgNVBAcTB0JJU0hLRUsxFTATBgNVBAoTDE9wZW5WUE4t -VEVTVDEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTE0MTAy -MjIxNTk1M1oXDTI0MTAxOTIxNTk1M1owbTELMAkGA1UEBhMCS0cxCzAJBgNVBAgT -Ak5BMRUwEwYDVQQKEwxPcGVuVlBOLVRFU1QxFzAVBgNVBAMTDlRlc3QtQ2xpZW50 -LUVDMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4wVjAQBgcqhkjO -PQIBBgUrgQQACgNCAAQ7zmJdb4eCdSTCWPUOiE1XDQaycYiHWBm73l9/UmJRokiR -g0iRkD6HAg8VUflolxIK/dI8h4NLZVQARI0odkkFo4HIMIHFMAkGA1UdEwQCMAAw -HQYDVR0OBBYEFGT2SYjndMGrpfpPK3E8JRM9yJTFMIGYBgNVHSMEgZAwgY2AFCtA -5cl99fSWOOkv4y/ZQGTJjgWboWqkaDBmMQswCQYDVQQGEwJLRzELMAkGA1UECBMC -TkExEDAOBgNVBAcTB0JJU0hLRUsxFTATBgNVBAoTDE9wZW5WUE4tVEVTVDEhMB8G -CSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluggkAoU7e+pDyroEwDQYJKoZI -hvcNAQELBQADggIBADI98Ahn3QNzdsx2Ugr2l9HG+l/T5ijJdacIqDRJac/rq9qG -sy5lF+5+trVrFQvcETq5WrOAuLv0bM+IOhCDfhCggoduBux4YtTRRCfdLBnYGqGu -9KAAf1NaQIrCg3dLJn1TsNMPL3wocO90WFvegZRMYxnwectssuwyG0vkYiJPraxK -b6luxCqNiogZCf2IkzwnTZGV/1eEE/1KaNsg3xDmgR395x01+xkC3bVfoMEH7HS0 -74v5M5rypjtutkpSq12ZdmRixNU6xoGN68hLAq/hymDpjcepK+pPVjHTmhHCnINc -oo2Y/sylrR9RxG7P/6BRZMh/fzIFTI1/v7jt5YFfgb0dmz+KgycmtGmEi+XZ6v0I -qKrkOtwpTYBsE/dFzpLyqfNfkIPWIw9Q5UAJTGvyc6rYSaepgW678uSlfxk5HWXz -EZexK3wvNnd/df2IRJB88jONzSz2dmAz0/SzjIHXhYnM19UslKkxP9Njp9yCPwrY -xXGXaTvBacvwG74VwL6q/egTLAw/cnt9nDt/uII2S61NFhm5HLMt11+L+BTO1BPl -gnodQCgIZUoZ13o1Cds2SEuWRL0fErI5CB5bZiWb4BbTeQXj9pDalZUzoVOoPKnw -svXQqoCglsqMRWLCdASRaCf76Ze+OoeKhSgtbqlgm2O6ZZheuwLurLq+9kIm ------END CERTIFICATE----- diff --git a/main/openvpn/sample/sample-keys/client-ec.key b/main/openvpn/sample/sample-keys/client-ec.key deleted file mode 100644 index 81313800..00000000 --- a/main/openvpn/sample/sample-keys/client-ec.key +++ /dev/null @@ -1,5 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIGEAgEAMBAGByqGSM49AgEGBSuBBAAKBG0wawIBAQQg2RVk/d0yok086M9bLPIi -eu4DfcBUwphOnkje1/7VSY+hRANCAAQ7zmJdb4eCdSTCWPUOiE1XDQaycYiHWBm7 -3l9/UmJRokiRg0iRkD6HAg8VUflolxIK/dI8h4NLZVQARI0odkkF ------END PRIVATE KEY----- diff --git a/main/openvpn/sample/sample-keys/client-pass.key b/main/openvpn/sample/sample-keys/client-pass.key deleted file mode 100644 index 2bb8d4e9..00000000 --- a/main/openvpn/sample/sample-keys/client-pass.key +++ /dev/null @@ -1,30 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: AES-256-CBC,ECC1F209896FC2621233FFF6F1FFD045 - -i6t7VKTyNNELTvrBO464e02nFg9rvYwumxd0sfqcPtaKmRK2mrZmEd/Xh0Nv1WyB -PyuJo78qQixAtxObRbkSNINzTr5C8IDrE6+wQYCJinvO54U0o+ksv0tsyLngz1cb -is8ZqHXrRgJ3qGFQWmFRtFKFQvSXOTDX3fLkEB53HfeblQCxBCnJ82Sp7ivnVR/j -Q8qQRy1RMbzIN0trEGf0Zi4tHEvXL1u7Y+olQzSlmWWaQt20hhXUOMLhMtlRsAo7 -AwjlE94JjAfJ1q1dwIcRN4c9Lk8GkiX6w7nDpRACDpk2S8ifCqi69eGe4+g7owhL -74bgs64PmM9a2sNXy1v6WE3c/t6sSrZiMvrGsqMo4sBlrQ9WXe0Naon7heBkPcdS -px0YJjnyBXHMIH+ASmALSJ5JXq9vt2xRFf0dOsGapxhP+7bZJ5Pwyk/yUu5uHFbM -/aBemlrZJzlKeYiiwpwx2whQAtDwN41zMG+r27EzSU/AaDV40NPiwwycpWt/Bp1e -z1ag0JuS0an+PK4jmREtzT5U5BeAVM91x8YttOPpmUIpahAa1zwdYPRAIkbmPJ4z -ZH+9YoPH4hoBQKdIhshYktjdI++xNiKXAUGUz5YoX8S68SsLdmKvhnQ7fu5VvOkA -2pb7taXGy7zfn+a/fWauhuceV9HPlAXMIu3GsssODoNly3vpcFeiMySKppygJ3Eg -A3o9n8UepD+jXflKG/R/t7U3hT6LqSIvQWqBqYMEVFMCNzSsJ/ce/4veFvx343zT -qdxuzYqyiXM74cynpfqHdVa9SFICTesNdVDI0FdOXhSQ4bHJc7Xp9FFJdS0lMRw4 -ACwKxvs8lo4Gx1WFyCqH5OxosKtDHQYzdUJfSWVJlhhOFR3GncR9qSe3O5fkhJfs -TALnC+xTJyCkSB2k0/bxVLIhlkPdCwzsrN/B6X2CDBdg0mQIo0LaPzGF8VneM20d -XebYn751XSiL3HKyq8G5AEFwj9AO3Q8gKuP2fPoWdngJ2GT+mt1m2fIw9Igu39J0 -ZMegyUN0wSIiA5AkgryK9U+PJEiJmLzOJ/NGr7E5tPF18eZWapK4KZ8TXC4RNiye -g+apGa+xZJz2VQp/Mrcdj9D4UDJFQjrvKaS0PXJDoYUXFBoMv3rxijzRVxlhhuJY -yZ0At+UqZD5wpuWW6DRrgJIpy0HNhbaLmgsU0Co0HKviB0x8hvMJbi/uCoPTOdPz -sPB7CN2i3oXe7xw1HfSTSFWb4leqjlKwNgfV42ox0QUjkkADeeuY+56g/B2+QmdE -vXrc6sDwfNUwRUzeMn8yfum/aW1y/wrqF/qPTBQqFd85vlzS+NfXIKDg04cAljTu -+2BLzvizh9Bb68iG4PykNXbjbAir1EbQG1tCzq1eKhERjgrxdv6+XqAmvchMCeL5 -L6hvfQFBPCo/4xnMpU5wooFarO/kGdKlGr5rXOydgfL618Td18BIX+FHQFb3zzVU -y2NR4++DslJAZgAU+512zzpW1m3JtaRoyqyoLE2YFPlW804Xc1PBB3Ix6Wyzcegy -D4qMk5qxjBkXEsBBSCYfVbWoMBeMhnvxkz0b9wkPtAW/jEJCB2Kkn/5yMC0DkePO ------END RSA PRIVATE KEY----- diff --git a/main/openvpn/sample/sample-keys/client.crt b/main/openvpn/sample/sample-keys/client.crt deleted file mode 100644 index 1744cb22..00000000 --- a/main/openvpn/sample/sample-keys/client.crt +++ /dev/null @@ -1,103 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 2 (0x2) - Signature Algorithm: sha256WithRSAEncryption - Issuer: C=KG, ST=NA, L=BISHKEK, O=OpenVPN-TEST/emailAddress=me@myhost.mydomain - Validity - Not Before: Oct 22 21:59:53 2014 GMT - Not After : Oct 19 21:59:53 2024 GMT - Subject: C=KG, ST=NA, O=OpenVPN-TEST, CN=Test-Client/emailAddress=me@myhost.mydomain - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (2048 bit) - Modulus: - 00:ec:65:8f:e9:12:c2:1a:5b:e6:56:2a:08:a9:82: - 3a:2d:44:78:a3:00:3b:b0:9f:e7:27:10:40:93:ef: - f1:cc:3e:a0:aa:04:a2:80:1b:13:a9:e6:fe:81:d6: - 70:90:a8:d8:d4:de:30:d8:35:00:d2:be:62:f0:48: - da:fc:15:8d:c4:c6:6d:0b:99:f1:2b:83:00:0a:d3: - 2a:23:0b:e5:cd:f9:35:df:43:61:15:72:ad:95:98: - f6:73:21:41:5e:a0:dd:47:27:a0:d5:9a:d4:41:a8: - 1c:1d:57:20:71:17:8f:f7:28:9e:3e:07:ce:ec:d5: - 0e:42:4f:1e:74:47:8e:47:9d:d2:14:28:27:2c:14: - 10:f5:d1:96:b5:93:74:84:ef:f9:04:de:8d:4a:6f: - df:77:ab:ea:d1:58:d3:44:fe:5a:04:01:ff:06:7a: - 97:f7:fd:e3:57:48:e1:f0:df:40:13:9f:66:23:5a: - e3:55:54:3d:54:39:ee:00:f9:12:f1:d2:df:74:2e: - ba:d7:f0:8d:c6:dd:18:58:1c:93:22:0b:75:fa:a8: - d6:e0:b5:2f:2d:b9:d4:fe:b9:4f:86:e2:75:48:16: - 60:fb:3f:c9:b4:30:42:29:fb:3b:b3:2b:b9:59:81: - 6a:46:f3:45:83:bf:fd:d5:1a:ff:37:0c:6f:5b:fd: - 61:f1 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - X509v3 Subject Key Identifier: - D2:B4:36:0F:B1:FC:DD:A5:EA:2A:F7:C7:23:89:FA:E3:FA:7A:44:1D - X509v3 Authority Key Identifier: - keyid:2B:40:E5:C9:7D:F5:F4:96:38:E9:2F:E3:2F:D9:40:64:C9:8E:05:9B - DirName:/C=KG/ST=NA/L=BISHKEK/O=OpenVPN-TEST/emailAddress=me@myhost.mydomain - serial:A1:4E:DE:FA:90:F2:AE:81 - - Signature Algorithm: sha256WithRSAEncryption - 7f:e0:fe:84:a7:ec:df:62:a5:cd:3c:c1:e6:42:b1:31:12:f0: - b9:da:a7:9e:3f:bd:96:52:b6:fc:55:74:64:3e:e4:ff:7e:aa: - f7:3e:06:18:5f:73:85:f8:c8:e0:67:1b:4d:97:ca:05:d0:37: - 07:33:64:9b:e6:78:77:14:9a:55:bb:2a:ac:c3:7f:c9:15:08: - 83:5c:c8:c2:61:d3:71:4c:05:0b:2b:cb:a3:87:6d:a0:32:ed: - b0:b3:27:97:4a:55:8d:01:2a:30:56:68:ab:f2:da:5c:10:73: - c9:aa:0a:9c:4b:4c:a0:5b:51:6e:0a:7e:6c:53:80:b0:00:e1: - 1e:9a:4c:0a:37:9e:20:89:bc:c5:e5:79:58:b7:45:ff:d3:c4: - a1:fd:d9:78:3d:45:16:74:df:82:44:1d:1d:81:50:5a:b9:32: - 4c:e2:4f:3f:0e:3a:65:5a:64:83:3b:29:31:c4:99:88:bc:c5: - 84:39:f2:19:12:e1:66:d0:ea:fb:75:b1:d2:27:be:91:59:a3: - 2b:09:d5:5c:bf:46:8e:d6:67:d6:0b:ec:da:ab:f0:80:19:87: - 64:07:a9:77:b1:5e:0c:e2:c5:1d:6a:ac:5d:23:f3:30:75:36: - 4e:ca:c3:4e:b0:4d:8c:2c:ce:52:61:63:de:d5:f5:ef:ef:0a: - 6b:23:25:26:3c:3a:f2:c3:c2:16:19:3f:a9:32:ba:68:f9:c9: - 12:3c:3e:c6:1f:ff:9b:4e:f4:90:b0:63:f5:d1:33:00:30:5a: - e8:24:fa:35:44:9b:6a:80:f3:a6:cc:7b:3c:73:5f:50:c4:30: - 71:d8:74:90:27:0a:01:4e:a5:5e:b1:f8:da:c2:61:81:11:ae: - 29:a3:8f:fa:7e:4c:4e:62:b1:00:de:92:e3:8f:6a:2e:da:d9: - 38:5d:6b:7c:0d:e4:01:aa:c8:c6:6d:8b:cd:c0:c8:6e:e4:57: - 21:8a:f6:46:30:d9:ad:51:a1:87:96:a6:53:c9:1e:c6:bb:c3: - eb:55:fe:8c:d6:5c:d5:c6:f3:ca:b0:60:d2:d4:2a:1f:88:94: - d3:4c:1a:da:0c:94:fe:c1:5d:0d:2a:db:99:29:5d:f6:dd:16: - c4:c8:4d:74:9e:80:d9:d0:aa:ed:7b:e3:30:e4:47:d8:f5:15: - c1:71:b8:c6:fd:ee:fc:9e:b2:5f:b5:b7:92:ed:ff:ca:37:f6: - c7:82:b4:54:13:9b:83:cd:87:8b:7e:64:f6:2e:54:3a:22:b1: - c5:c1:f4:a5:25:53:9a:4d:a8:0f:e7:35:4b:89:df:19:83:66: - 64:d9:db:d1:61:2b:24:1b:1d:44:44:fb:49:30:87:b7:49:23: - 08:02:8a:e0:25:f3:f4:43 ------BEGIN CERTIFICATE----- -MIIFFDCCAvygAwIBAgIBAjANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQGEwJLRzEL -MAkGA1UECBMCTkExEDAOBgNVBAcTB0JJU0hLRUsxFTATBgNVBAoTDE9wZW5WUE4t -VEVTVDEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTE0MTAy -MjIxNTk1M1oXDTI0MTAxOTIxNTk1M1owajELMAkGA1UEBhMCS0cxCzAJBgNVBAgT -Ak5BMRUwEwYDVQQKEwxPcGVuVlBOLVRFU1QxFDASBgNVBAMTC1Rlc3QtQ2xpZW50 -MSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4wggEiMA0GCSqGSIb3 -DQEBAQUAA4IBDwAwggEKAoIBAQDsZY/pEsIaW+ZWKgipgjotRHijADuwn+cnEECT -7/HMPqCqBKKAGxOp5v6B1nCQqNjU3jDYNQDSvmLwSNr8FY3Exm0LmfErgwAK0yoj -C+XN+TXfQ2EVcq2VmPZzIUFeoN1HJ6DVmtRBqBwdVyBxF4/3KJ4+B87s1Q5CTx50 -R45HndIUKCcsFBD10Za1k3SE7/kE3o1Kb993q+rRWNNE/loEAf8Gepf3/eNXSOHw -30ATn2YjWuNVVD1UOe4A+RLx0t90LrrX8I3G3RhYHJMiC3X6qNbgtS8tudT+uU+G -4nVIFmD7P8m0MEIp+zuzK7lZgWpG80WDv/3VGv83DG9b/WHxAgMBAAGjgcgwgcUw -CQYDVR0TBAIwADAdBgNVHQ4EFgQU0rQ2D7H83aXqKvfHI4n64/p6RB0wgZgGA1Ud -IwSBkDCBjYAUK0DlyX319JY46S/jL9lAZMmOBZuhaqRoMGYxCzAJBgNVBAYTAktH -MQswCQYDVQQIEwJOQTEQMA4GA1UEBxMHQklTSEtFSzEVMBMGA1UEChMMT3BlblZQ -Ti1URVNUMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW6CCQChTt76 -kPKugTANBgkqhkiG9w0BAQsFAAOCAgEAf+D+hKfs32KlzTzB5kKxMRLwudqnnj+9 -llK2/FV0ZD7k/36q9z4GGF9zhfjI4GcbTZfKBdA3BzNkm+Z4dxSaVbsqrMN/yRUI -g1zIwmHTcUwFCyvLo4dtoDLtsLMnl0pVjQEqMFZoq/LaXBBzyaoKnEtMoFtRbgp+ -bFOAsADhHppMCjeeIIm8xeV5WLdF/9PEof3ZeD1FFnTfgkQdHYFQWrkyTOJPPw46 -ZVpkgzspMcSZiLzFhDnyGRLhZtDq+3Wx0ie+kVmjKwnVXL9GjtZn1gvs2qvwgBmH -ZAepd7FeDOLFHWqsXSPzMHU2TsrDTrBNjCzOUmFj3tX17+8KayMlJjw68sPCFhk/ -qTK6aPnJEjw+xh//m070kLBj9dEzADBa6CT6NUSbaoDzpsx7PHNfUMQwcdh0kCcK -AU6lXrH42sJhgRGuKaOP+n5MTmKxAN6S449qLtrZOF1rfA3kAarIxm2LzcDIbuRX -IYr2RjDZrVGhh5amU8kexrvD61X+jNZc1cbzyrBg0tQqH4iU00wa2gyU/sFdDSrb -mSld9t0WxMhNdJ6A2dCq7XvjMORH2PUVwXG4xv3u/J6yX7W3ku3/yjf2x4K0VBOb -g82Hi35k9i5UOiKxxcH0pSVTmk2oD+c1S4nfGYNmZNnb0WErJBsdRET7STCHt0kj -CAKK4CXz9EM= ------END CERTIFICATE----- diff --git a/main/openvpn/sample/sample-keys/client.key b/main/openvpn/sample/sample-keys/client.key deleted file mode 100644 index 6d31489a..00000000 --- a/main/openvpn/sample/sample-keys/client.key +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDsZY/pEsIaW+ZW -KgipgjotRHijADuwn+cnEECT7/HMPqCqBKKAGxOp5v6B1nCQqNjU3jDYNQDSvmLw -SNr8FY3Exm0LmfErgwAK0yojC+XN+TXfQ2EVcq2VmPZzIUFeoN1HJ6DVmtRBqBwd -VyBxF4/3KJ4+B87s1Q5CTx50R45HndIUKCcsFBD10Za1k3SE7/kE3o1Kb993q+rR -WNNE/loEAf8Gepf3/eNXSOHw30ATn2YjWuNVVD1UOe4A+RLx0t90LrrX8I3G3RhY -HJMiC3X6qNbgtS8tudT+uU+G4nVIFmD7P8m0MEIp+zuzK7lZgWpG80WDv/3VGv83 -DG9b/WHxAgMBAAECggEBAIOdaCpUD02trOh8LqZxowJhBOl7z7/ex0uweMPk67LT -i5AdVHwOlzwZJ8oSIknoOBEMRBWcLQEojt1JMuL2/R95emzjIKshHHzqZKNulFvB -TIUpdnwChTKtH0mqUkLlPU3Ienty4IpNlpmfUKimfbkWHERdBJBHbtDsTABhdo3X -9pCF/yRKqJS2Fy/Mkl3gv1y/NB1OL4Jhl7vQbf+kmgfQN2qdOVe2BOKQ8NlPUDmE -/1XNIDaE3s6uvUaoFfwowzsCCwN2/8QrRMMKkjvV+lEVtNmQdYxj5Xj5IwS0vkK0 -6icsngW87cpZxxc1zsRWcSTloy5ohub4FgKhlolmigECgYEA+cBlxzLvaMzMlBQY -kCac9KQMvVL+DIFHlZA5i5L/9pRVp4JJwj3GUoehFJoFhsxnKr8HZyLwBKlCmUVm -VxnshRWiAU18emUmeAtSGawlAS3QXhikVZDdd/L20YusLT+DXV81wlKR97/r9+17 -klQOLkSdPm9wcMDOWMNHX8bUg8kCgYEA8k+hQv6+TR/+Beao2IIctFtw/EauaJiJ -wW5ql1cpCLPMAOQUvjs0Km3zqctfBF8mUjdkcyJ4uhL9FZtfywY22EtRIXOJ/8VR -we65mVo6RLR8YVM54sihanuFOnlyF9LIBWB+9pUfh1/Y7DSebh7W73uxhAxQhi3Y -QwfIQIFd8OkCgYBalH4VXhLYhpaYCiXSej6ot6rrK2N6c5Tb2MAWMA1nh+r84tMP -gMoh+pDgYPAqMI4mQbxUmqZEeoLuBe6VHpDav7rPECRaW781AJ4ZM4cEQ3Jz/inz -4qOAMn10CF081/Ez9ykPPlU0bsYNWHNd4eB2xWnmUBKOwk7UgJatVPaUiQKBgQCI -f18CVGpzG9CHFnaK8FCnMNOm6VIaTcNcGY0mD81nv5Dt943P054BQMsAHTY7SjZW -HioRyZtkhonXAB2oSqnekh7zzxgv4sG5k3ct8evdBCcE1FNJc2eqikZ0uDETRoOy -s7cRxNNr+QxDkyikM+80HOPU1PMPgwfOSrX90GJQ8QKBgEBKohGMV/sNa4t14Iau -qO8aagoqh/68K9GFXljsl3/iCSa964HIEREtW09Qz1w3dotEgp2w8bsDa+OwWrLy -0SY7T5jRViM3cDWRlUBLrGGiL0FiwsfqiRiji60y19erJgrgyGVIb1kIgIBRkgFM -2MMweASzTmZcri4PA/5C0HYb ------END PRIVATE KEY----- diff --git a/main/openvpn/sample/sample-keys/client.p12 b/main/openvpn/sample/sample-keys/client.p12 Binary files differdeleted file mode 100644 index 8458c797..00000000 --- a/main/openvpn/sample/sample-keys/client.p12 +++ /dev/null diff --git a/main/openvpn/sample/sample-keys/dh2048.pem b/main/openvpn/sample/sample-keys/dh2048.pem deleted file mode 100644 index 8eda59aa..00000000 --- a/main/openvpn/sample/sample-keys/dh2048.pem +++ /dev/null @@ -1,8 +0,0 @@ ------BEGIN DH PARAMETERS----- -MIIBCAKCAQEArdnA32xujHPlPI+jPffHSoMUZ+b5gRz1H1Lw9//Gugm5TAsRiYrB -t2BDSsMKvAjyqN+i5SJv4TOk98kRRKB27iPvyXmiL945VaDQl/UehCySjYlGFUjW -9nuo+JwQxeSbw0TLiSYoYJZQ8X1CxPl9mgJl277O4cW1Gc8I/bWa+ipU/4K5wv3h -GI8nt+6A0jN3M/KebotMP101G4k0l0qsY4oRMTmP+z3oAP0qU9NZ1jiuMFVzRlNp -5FdYF7ctrH+tBF+QmyT4SRKSED4wE4oX6gp420NaBhIEQifIj75wlMDtxQlpkN+x -QkjsEbPlaPKHGQ4uupssChVUi8IM2yq5EwIBAg== ------END DH PARAMETERS----- diff --git a/main/openvpn/sample/sample-keys/gen-sample-keys.sh b/main/openvpn/sample/sample-keys/gen-sample-keys.sh deleted file mode 100755 index 725cfc97..00000000 --- a/main/openvpn/sample/sample-keys/gen-sample-keys.sh +++ /dev/null @@ -1,78 +0,0 @@ -#!/bin/sh -# -# Run this script to set up a test CA, and test key-certificate pair for a -# server, and various clients. -# -# Copyright (C) 2014 Steffan Karger <steffan@karger.me> -set -eu - -command -v openssl >/dev/null 2>&1 || { echo >&2 "Unable to find openssl. Please make sure openssl is installed and in your path."; exit 1; } - -if [ ! -f openssl.cnf ] -then - echo "Please run this script from the sample directory" - exit 1 -fi - -# Generate static key for tls-auth (or static key mode) -$(dirname ${0})/../../src/openvpn/openvpn --genkey --secret ta.key - -# Create required directories and files -mkdir -p sample-ca -rm -f sample-ca/index.txt -touch sample-ca/index.txt -echo "01" > sample-ca/serial - -# Generate CA key and cert -openssl req -new -newkey rsa:4096 -days 3650 -nodes -x509 \ - -extensions easyrsa_ca -keyout sample-ca/ca.key -out sample-ca/ca.crt \ - -subj "/C=KG/ST=NA/L=BISHKEK/O=OpenVPN-TEST/emailAddress=me@myhost.mydomain" \ - -config openssl.cnf - -# Create server key and cert -openssl req -new -nodes -config openssl.cnf -extensions server \ - -keyout sample-ca/server.key -out sample-ca/server.csr \ - -subj "/C=KG/ST=NA/O=OpenVPN-TEST/CN=Test-Server/emailAddress=me@myhost.mydomain" -openssl ca -batch -config openssl.cnf -extensions server \ - -out sample-ca/server.crt -in sample-ca/server.csr - -# Create client key and cert -openssl req -new -nodes -config openssl.cnf \ - -keyout sample-ca/client.key -out sample-ca/client.csr \ - -subj "/C=KG/ST=NA/O=OpenVPN-TEST/CN=Test-Client/emailAddress=me@myhost.mydomain" -openssl ca -batch -config openssl.cnf \ - -out sample-ca/client.crt -in sample-ca/client.csr - -# Create password protected key file -openssl rsa -aes256 -passout pass:password \ - -in sample-ca/client.key -out sample-ca/client-pass.key - -# Create pkcs#12 client bundle -openssl pkcs12 -export -nodes -password pass:password \ - -out sample-ca/client.p12 -inkey sample-ca/client.key \ - -in sample-ca/client.crt -certfile sample-ca/ca.crt - - -# Create EC server and client cert (signed by 'regular' RSA CA) -openssl ecparam -out sample-ca/secp256k1.pem -name secp256k1 - -openssl req -new -newkey ec:sample-ca/secp256k1.pem -nodes -config openssl.cnf \ - -extensions server \ - -keyout sample-ca/server-ec.key -out sample-ca/server-ec.csr \ - -subj "/C=KG/ST=NA/O=OpenVPN-TEST/CN=Test-Server-EC/emailAddress=me@myhost.mydomain" -openssl ca -batch -config openssl.cnf -extensions server \ - -out sample-ca/server-ec.crt -in sample-ca/server-ec.csr - -openssl req -new -newkey ec:sample-ca/secp256k1.pem -nodes -config openssl.cnf \ - -keyout sample-ca/client-ec.key -out sample-ca/client-ec.csr \ - -subj "/C=KG/ST=NA/O=OpenVPN-TEST/CN=Test-Client-EC/emailAddress=me@myhost.mydomain" -openssl ca -batch -config openssl.cnf \ - -out sample-ca/client-ec.crt -in sample-ca/client-ec.csr - -# Generate DH parameters -openssl dhparam -out dh2048.pem 2048 - -# Copy keys and certs to working directory -cp sample-ca/*.key . -cp sample-ca/*.crt . -cp sample-ca/*.p12 . diff --git a/main/openvpn/sample/sample-keys/openssl.cnf b/main/openvpn/sample/sample-keys/openssl.cnf deleted file mode 100644 index aabfd48f..00000000 --- a/main/openvpn/sample/sample-keys/openssl.cnf +++ /dev/null @@ -1,139 +0,0 @@ -# Heavily borrowed from EasyRSA 3, for use with OpenSSL 1.0.* - -#################################################################### -[ ca ] -default_ca = CA_default # The default ca section - -#################################################################### -[ CA_default ] - -dir = sample-ca # Where everything is kept -certs = $dir # Where the issued certs are kept -crl_dir = $dir # Where the issued crl are kept -database = $dir/index.txt # database index file. -new_certs_dir = $dir # default place for new certs. - -certificate = $dir/ca.crt # The CA certificate -serial = $dir/serial # The current serial number -crl = $dir/crl.pem # The current CRL -private_key = $dir/ca.key # The private key -RANDFILE = $dir/.rand # private random number file - -x509_extensions = basic_exts # The extentions to add to the cert - -# This allows a V2 CRL. Ancient browsers don't like it, but anything Easy-RSA -# is designed for will. In return, we get the Issuer attached to CRLs. -crl_extensions = crl_ext - -default_days = 3650 # how long to certify for -default_crl_days= 30 # how long before next CRL -default_md = sha256 # use public key default MD -preserve = no # keep passed DN ordering - -# A few difference way of specifying how similar the request should look -# For type CA, the listed attributes must be the same, and the optional -# and supplied fields are just that :-) -policy = policy_anything - -# For the 'anything' policy, which defines allowed DN fields -[ policy_anything ] -countryName = optional -stateOrProvinceName = optional -localityName = optional -organizationName = optional -organizationalUnitName = optional -commonName = supplied -name = optional -emailAddress = optional - -#################################################################### -# Easy-RSA request handling -# We key off $DN_MODE to determine how to format the DN -[ req ] -default_bits = 2048 -default_keyfile = privkey.pem -default_md = sha256 -distinguished_name = cn_only -x509_extensions = easyrsa_ca # The extentions to add to the self signed cert - -# A placeholder to handle the $EXTRA_EXTS feature: -#%EXTRA_EXTS% # Do NOT remove or change this line as $EXTRA_EXTS support requires it - -#################################################################### -# Easy-RSA DN (Subject) handling - -# Easy-RSA DN for cn_only support: -[ cn_only ] -commonName = Common Name (eg: your user, host, or server name) -commonName_max = 64 -commonName_default = changeme - -# Easy-RSA DN for org support: -[ org ] -countryName = Country Name (2 letter code) -countryName_default = KG -countryName_min = 2 -countryName_max = 2 - -stateOrProvinceName = State or Province Name (full name) -stateOrProvinceName_default = NA - -localityName = Locality Name (eg, city) -localityName_default = BISHKEK - -0.organizationName = Organization Name (eg, company) -0.organizationName_default = OpenVPN-TEST - -organizationalUnitName = Organizational Unit Name (eg, section) -organizationalUnitName_default = - -commonName = Common Name (eg: your user, host, or server name) -commonName_max = 64 -commonName_default = - -emailAddress = Email Address -emailAddress_default = me@myhost.mydomain -emailAddress_max = 64 - -#################################################################### - -[ basic_exts ] -basicConstraints = CA:FALSE -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid,issuer:always - -# The Easy-RSA CA extensions -[ easyrsa_ca ] - -# PKIX recommendations: - -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer:always - -# This could be marked critical, but it's nice to support reading by any -# broken clients who attempt to do so. -basicConstraints = CA:true - -# Limit key usage to CA tasks. If you really want to use the generated pair as -# a self-signed cert, comment this out. -keyUsage = cRLSign, keyCertSign - -# CRL extensions. -[ crl_ext ] - -# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. - -# issuerAltName=issuer:copy -authorityKeyIdentifier=keyid:always,issuer:always - - -# Server extensions. -[ server ] - -basicConstraints = CA:FALSE -nsCertType = server -nsComment = "OpenSSL Generated Server Certificate" -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid,issuer:always -extendedKeyUsage = serverAuth -keyUsage = digitalSignature, keyEncipherment diff --git a/main/openvpn/sample/sample-keys/server-ec.crt b/main/openvpn/sample/sample-keys/server-ec.crt deleted file mode 100644 index 7c7645a5..00000000 --- a/main/openvpn/sample/sample-keys/server-ec.crt +++ /dev/null @@ -1,96 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 3 (0x3) - Signature Algorithm: sha256WithRSAEncryption - Issuer: C=KG, ST=NA, L=BISHKEK, O=OpenVPN-TEST/emailAddress=me@myhost.mydomain - Validity - Not Before: Oct 22 21:59:53 2014 GMT - Not After : Oct 19 21:59:53 2024 GMT - Subject: C=KG, ST=NA, O=OpenVPN-TEST, CN=Test-Server-EC/emailAddress=me@myhost.mydomain - Subject Public Key Info: - Public Key Algorithm: id-ecPublicKey - Public-Key: (256 bit) - pub: - 04:21:09:ac:27:e6:00:3a:57:f4:f6:c7:78:a9:b1: - f4:d7:d7:45:59:39:e4:a3:d3:2c:94:f9:61:4a:e6: - b9:e9:87:57:c8:0f:88:03:a0:56:ee:34:e7:e4:4e: - 20:63:6c:c1:6e:c1:04:ac:b9:2f:a9:76:69:d3:7d: - 49:ff:f1:34:cb - ASN1 OID: secp256k1 - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - Netscape Cert Type: - SSL Server - Netscape Comment: - OpenSSL Generated Server Certificate - X509v3 Subject Key Identifier: - 33:1A:42:61:9E:88:08:3F:6F:1F:98:88:3A:DD:2D:C7:07:3D:F6:9B - X509v3 Authority Key Identifier: - keyid:2B:40:E5:C9:7D:F5:F4:96:38:E9:2F:E3:2F:D9:40:64:C9:8E:05:9B - DirName:/C=KG/ST=NA/L=BISHKEK/O=OpenVPN-TEST/emailAddress=me@myhost.mydomain - serial:A1:4E:DE:FA:90:F2:AE:81 - - X509v3 Extended Key Usage: - TLS Web Server Authentication - X509v3 Key Usage: - Digital Signature, Key Encipherment - Signature Algorithm: sha256WithRSAEncryption - 9d:89:f6:7e:0b:43:05:22:63:e5:b3:45:a8:d9:ef:33:3c:b7: - 19:37:28:87:27:43:43:86:a3:3f:b9:23:27:0f:96:4f:de:01: - 80:38:6b:d9:c8:94:77:1f:06:08:34:65:77:ad:57:0c:23:99: - f1:51:12:5f:32:d8:9c:7c:93:f1:f6:72:2a:05:61:ff:62:aa: - 33:aa:ef:a3:4d:d6:93:56:40:ff:38:2e:73:1c:69:fb:71:a1: - fa:64:19:6a:04:1c:8b:20:a8:ee:a5:18:63:f8:84:f4:ca:84: - 8e:b6:05:48:c6:f3:f7:81:90:4d:9e:00:cd:4a:92:83:d4:93: - 67:05:dc:16:8b:78:fa:b1:82:48:c6:86:74:44:b1:06:7e:8a: - c8:64:0b:82:3a:e2:f5:56:60:ea:50:70:03:da:9f:fc:28:20: - 6b:7d:04:e0:eb:8d:e2:f1:be:82:2f:ba:51:50:2b:6c:d2:fc: - 11:cd:69:85:3b:9e:14:19:dd:bc:14:cf:61:b0:7a:07:cb:e8: - e0:fc:c3:1f:a4:cb:cf:c1:e9:62:0f:d2:53:f8:ce:06:f4:f8: - 2f:55:13:aa:67:44:b6:b8:e8:3e:82:af:66:f5:f0:7c:fe:41: - e6:9d:c0:9f:78:fd:00:85:02:40:63:37:fa:00:e6:3c:a6:9f: - 35:4f:1d:a6:f1:cb:8b:04:e0:67:98:56:d1:87:58:b6:39:f6: - d3:fe:a8:40:50:80:7f:e6:4a:36:d0:c0:a5:61:64:1d:3a:87: - ad:78:72:c9:3f:98:44:35:f9:cf:32:b2:18:4c:b0:72:fa:5e: - 6c:62:1e:d4:31:0c:c8:9b:74:f0:00:9e:70:c3:1e:c7:a4:9d: - 03:a4:ac:1a:09:1f:86:23:65:51:34:50:86:68:1e:68:4d:9a: - 4b:78:10:1c:bd:51:09:bb:fe:16:a3:c7:19:b4:05:44:a1:e6: - c6:23:76:d5:b8:3a:eb:a5:17:1d:2b:2e:fe:85:7c:88:4f:f1: - e8:34:32:e0:c5:96:87:c3:e8:c9:5f:89:24:10:0e:1e:07:0b: - 2c:f8:d0:49:1b:63:5e:63:44:e9:2a:43:e2:9c:d6:f2:43:99: - 47:f8:9b:49:1a:a7:d1:e0:53:67:1d:cb:14:b6:b0:2c:4d:b3: - f2:c5:62:c2:a6:09:7a:c0:6c:59:3e:73:83:0c:6c:de:30:77: - 4d:1b:ed:b0:7f:77:87:8d:55:1d:d3:ed:f7:66:bd:06:2a:f8: - fd:00:e7:c0:31:e2:ff:53:9e:25:97:c6:64:84:9d:8d:61:8e: - c9:1f:6c:55:a1:7c:59:aa:eb:e8:2a:b2:2d:c7:09:cd:b5:3d: - d8:74:4f:6e:9c:3b:d5:6d ------BEGIN CERTIFICATE----- -MIIEtTCCAp2gAwIBAgIBAzANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQGEwJLRzEL -MAkGA1UECBMCTkExEDAOBgNVBAcTB0JJU0hLRUsxFTATBgNVBAoTDE9wZW5WUE4t -VEVTVDEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTE0MTAy -MjIxNTk1M1oXDTI0MTAxOTIxNTk1M1owbTELMAkGA1UEBhMCS0cxCzAJBgNVBAgT -Ak5BMRUwEwYDVQQKEwxPcGVuVlBOLVRFU1QxFzAVBgNVBAMTDlRlc3QtU2VydmVy -LUVDMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4wVjAQBgcqhkjO -PQIBBgUrgQQACgNCAAQhCawn5gA6V/T2x3ipsfTX10VZOeSj0yyU+WFK5rnph1fI -D4gDoFbuNOfkTiBjbMFuwQSsuS+pdmnTfUn/8TTLo4IBMzCCAS8wCQYDVR0TBAIw -ADARBglghkgBhvhCAQEEBAMCBkAwMwYJYIZIAYb4QgENBCYWJE9wZW5TU0wgR2Vu -ZXJhdGVkIFNlcnZlciBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUMxpCYZ6ICD9vH5iI -Ot0txwc99pswgZgGA1UdIwSBkDCBjYAUK0DlyX319JY46S/jL9lAZMmOBZuhaqRo -MGYxCzAJBgNVBAYTAktHMQswCQYDVQQIEwJOQTEQMA4GA1UEBxMHQklTSEtFSzEV -MBMGA1UEChMMT3BlblZQTi1URVNUMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3Qu -bXlkb21haW6CCQChTt76kPKugTATBgNVHSUEDDAKBggrBgEFBQcDATALBgNVHQ8E -BAMCBaAwDQYJKoZIhvcNAQELBQADggIBAJ2J9n4LQwUiY+WzRajZ7zM8txk3KIcn -Q0OGoz+5IycPlk/eAYA4a9nIlHcfBgg0ZXetVwwjmfFREl8y2Jx8k/H2cioFYf9i -qjOq76NN1pNWQP84LnMcaftxofpkGWoEHIsgqO6lGGP4hPTKhI62BUjG8/eBkE2e -AM1KkoPUk2cF3BaLePqxgkjGhnREsQZ+ishkC4I64vVWYOpQcAPan/woIGt9BODr -jeLxvoIvulFQK2zS/BHNaYU7nhQZ3bwUz2GwegfL6OD8wx+ky8/B6WIP0lP4zgb0 -+C9VE6pnRLa46D6Cr2b18Hz+QeadwJ94/QCFAkBjN/oA5jymnzVPHabxy4sE4GeY -VtGHWLY59tP+qEBQgH/mSjbQwKVhZB06h614csk/mEQ1+c8yshhMsHL6XmxiHtQx -DMibdPAAnnDDHseknQOkrBoJH4YjZVE0UIZoHmhNmkt4EBy9UQm7/hajxxm0BUSh -5sYjdtW4OuulFx0rLv6FfIhP8eg0MuDFlofD6MlfiSQQDh4HCyz40EkbY15jROkq -Q+Kc1vJDmUf4m0kap9HgU2cdyxS2sCxNs/LFYsKmCXrAbFk+c4MMbN4wd00b7bB/ -d4eNVR3T7fdmvQYq+P0A58Ax4v9TniWXxmSEnY1hjskfbFWhfFmq6+gqsi3HCc21 -Pdh0T26cO9Vt ------END CERTIFICATE----- diff --git a/main/openvpn/sample/sample-keys/server-ec.key b/main/openvpn/sample/sample-keys/server-ec.key deleted file mode 100644 index 8f2c914e..00000000 --- a/main/openvpn/sample/sample-keys/server-ec.key +++ /dev/null @@ -1,5 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIGEAgEAMBAGByqGSM49AgEGBSuBBAAKBG0wawIBAQQgLHGYqSlzoRaogmJfrC+E -ozTothB9bORaQ1C/3FmeQ6ehRANCAAQhCawn5gA6V/T2x3ipsfTX10VZOeSj0yyU -+WFK5rnph1fID4gDoFbuNOfkTiBjbMFuwQSsuS+pdmnTfUn/8TTL ------END PRIVATE KEY----- diff --git a/main/openvpn/sample/sample-keys/server.crt b/main/openvpn/sample/sample-keys/server.crt deleted file mode 100644 index 76b40448..00000000 --- a/main/openvpn/sample/sample-keys/server.crt +++ /dev/null @@ -1,113 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 1 (0x1) - Signature Algorithm: sha256WithRSAEncryption - Issuer: C=KG, ST=NA, L=BISHKEK, O=OpenVPN-TEST/emailAddress=me@myhost.mydomain - Validity - Not Before: Oct 22 21:59:52 2014 GMT - Not After : Oct 19 21:59:52 2024 GMT - Subject: C=KG, ST=NA, O=OpenVPN-TEST, CN=Test-Server/emailAddress=me@myhost.mydomain - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (2048 bit) - Modulus: - 00:a5:b8:a2:ee:ce:b1:a6:0f:6a:b2:9f:d3:22:17: - 79:de:09:98:71:78:fa:a7:ce:36:51:54:57:c7:31: - 99:56:d1:8a:d6:c5:fd:52:e6:88:0e:7b:f9:ea:27: - 7a:bf:3f:14:ec:aa:d2:ff:8b:56:58:ac:ca:51:77: - c5:3c:b6:e4:83:6f:22:06:2d:5b:eb:e7:59:d4:ab: - 42:c8:d5:a9:87:73:b3:73:36:51:2f:a5:d0:90:a2: - 87:64:54:6c:12:d3:b8:76:47:69:af:ae:8f:00:b3: - 70:b9:e7:67:3f:8c:6a:3d:79:5f:81:27:a3:0e:aa: - a7:3d:81:48:10:b1:18:6c:38:2e:8f:7a:7b:c5:3d: - 21:c8:f9:a0:7f:17:2b:88:4f:ba:f2:ec:6d:24:8e: - 6c:f1:0a:5c:d9:5b:b1:b0:fc:49:cb:4a:d2:58:c6: - 2a:25:b0:97:84:c3:9e:ff:34:8c:10:46:7f:0f:fb: - 3c:59:7a:a6:29:0c:ae:8e:50:3a:f2:53:84:40:2d: - d5:91:7b:0a:37:8e:82:77:ce:66:2f:34:77:5c:a5: - 45:3b:00:19:a7:07:d1:92:e6:66:b9:3b:4e:e9:63: - fc:33:98:1a:ae:7b:08:7d:0a:df:7a:ba:aa:59:6d: - 86:82:0a:64:2b:da:59:a7:4c:4e:ef:3d:bd:04:a2: - 4b:31 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - Netscape Cert Type: - SSL Server - Netscape Comment: - OpenSSL Generated Server Certificate - X509v3 Subject Key Identifier: - B3:9D:81:E6:16:92:64:C4:86:87:F5:29:10:1B:5E:2F:74:F7:ED:B1 - X509v3 Authority Key Identifier: - keyid:2B:40:E5:C9:7D:F5:F4:96:38:E9:2F:E3:2F:D9:40:64:C9:8E:05:9B - DirName:/C=KG/ST=NA/L=BISHKEK/O=OpenVPN-TEST/emailAddress=me@myhost.mydomain - serial:A1:4E:DE:FA:90:F2:AE:81 - - X509v3 Extended Key Usage: - TLS Web Server Authentication - X509v3 Key Usage: - Digital Signature, Key Encipherment - Signature Algorithm: sha256WithRSAEncryption - 4e:25:80:1b:cb:b0:42:ff:bb:3f:e8:0d:58:c1:80:db:cf:d0: - 90:df:ca:c1:e6:41:e1:48:7f:a7:1e:c7:35:9f:9c:6d:7c:3e: - 82:e8:de:7e:ae:82:16:00:33:0f:02:23:f1:9d:fe:2b:06:16: - 05:55:16:89:dc:63:ac:5f:1a:31:13:79:21:a3:6e:60:28:e8: - e7:6b:54:00:22:a1:b7:69:5a:17:31:ce:0f:c2:a6:dd:a3:6f: - de:ea:19:6c:d2:d2:cb:35:9d:dd:87:51:33:68:cd:c3:9b:90: - 55:f1:80:3d:5c:b8:09:b6:e1:3c:13:a4:5d:4a:ce:a5:11:9e: - f9:08:ee:be:e3:54:1d:06:4c:bb:1b:72:13:ee:7d:a0:45:cc: - fe:d1:3b:02:03:c1:d4:ea:45:2d:a8:c9:97:e7:f3:8a:7a:a0: - 2f:dd:48:3a:75:c9:42:28:94:fc:af:44:52:16:68:98:d6:ad: - a8:65:b1:cd:ac:60:41:70:e5:44:e8:5a:f2:e7:fc:3b:fe:45: - 89:17:1d:6d:85:c6:f0:fc:69:87:d1:1d:07:f3:cb:7b:54:8d: - aa:a3:cc:e3:c6:fc:d6:05:76:35:d0:26:63:8e:d1:a8:b7:ff: - 61:42:8a:2c:63:1f:d4:ec:14:47:6b:1e:e3:81:61:12:3b:8c: - 16:b5:cf:87:6a:2d:42:21:83:9c:0e:3a:90:3a:1e:c1:36:61: - 41:f9:fb:4e:5d:ea:f4:df:23:92:33:2b:9b:14:9f:a0:f5:d3: - c4:f8:1f:2f:9c:11:36:af:2a:22:61:95:32:0b:c4:1c:2d:b1: - c1:0a:2a:97:c0:43:4a:6c:3e:db:00:cd:29:15:9e:7e:41:75: - 36:a8:56:86:8c:82:9e:46:20:e5:06:1e:60:d2:03:5f:9f:9e: - 69:bb:bf:c2:b4:43:e2:7d:85:17:83:18:41:b0:cb:a9:04:1b: - 18:52:9f:89:8b:76:9f:94:59:81:4f:60:5b:33:18:fc:c7:52: - d0:d2:69:fc:0b:a2:63:32:75:43:99:e9:d7:f8:6d:c7:55:31: - 0c:f3:ef:1a:71:e1:0a:57:e1:9d:13:b2:1e:fe:1d:ef:e4:f1: - 51:d9:95:b3:fd:28:28:93:91:4a:29:c5:37:0e:ab:d8:85:6a: - fe:a8:83:1f:7b:80:5d:1f:04:79:b7:a9:08:6e:0d:d6:2e:aa: - 7c:f6:63:7d:41:de:70:13:32:ce:dd:58:cc:a6:73:d4:72:7e: - d7:ac:74:a8:35:ba:c3:1b:2a:64:d7:5a:37:97:56:94:34:2b: - 2a:71:60:bc:69:ab:00:85:b9:4f:67:32:17:51:c3:da:57:3a: - 37:89:66:c4:7a:51:da:5f ------BEGIN CERTIFICATE----- -MIIFgDCCA2igAwIBAgIBATANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQGEwJLRzEL -MAkGA1UECBMCTkExEDAOBgNVBAcTB0JJU0hLRUsxFTATBgNVBAoTDE9wZW5WUE4t -VEVTVDEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTE0MTAy -MjIxNTk1MloXDTI0MTAxOTIxNTk1MlowajELMAkGA1UEBhMCS0cxCzAJBgNVBAgT -Ak5BMRUwEwYDVQQKEwxPcGVuVlBOLVRFU1QxFDASBgNVBAMTC1Rlc3QtU2VydmVy -MSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4wggEiMA0GCSqGSIb3 -DQEBAQUAA4IBDwAwggEKAoIBAQCluKLuzrGmD2qyn9MiF3neCZhxePqnzjZRVFfH -MZlW0YrWxf1S5ogOe/nqJ3q/PxTsqtL/i1ZYrMpRd8U8tuSDbyIGLVvr51nUq0LI -1amHc7NzNlEvpdCQoodkVGwS07h2R2mvro8As3C552c/jGo9eV+BJ6MOqqc9gUgQ -sRhsOC6PenvFPSHI+aB/FyuIT7ry7G0kjmzxClzZW7Gw/EnLStJYxiolsJeEw57/ -NIwQRn8P+zxZeqYpDK6OUDryU4RALdWRewo3joJ3zmYvNHdcpUU7ABmnB9GS5ma5 -O07pY/wzmBquewh9Ct96uqpZbYaCCmQr2lmnTE7vPb0EoksxAgMBAAGjggEzMIIB -LzAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIGQDAzBglghkgBhvhCAQ0EJhYk -T3BlblNTTCBHZW5lcmF0ZWQgU2VydmVyIENlcnRpZmljYXRlMB0GA1UdDgQWBBSz -nYHmFpJkxIaH9SkQG14vdPftsTCBmAYDVR0jBIGQMIGNgBQrQOXJffX0ljjpL+Mv -2UBkyY4Fm6FqpGgwZjELMAkGA1UEBhMCS0cxCzAJBgNVBAgTAk5BMRAwDgYDVQQH -EwdCSVNIS0VLMRUwEwYDVQQKEwxPcGVuVlBOLVRFU1QxITAfBgkqhkiG9w0BCQEW -Em1lQG15aG9zdC5teWRvbWFpboIJAKFO3vqQ8q6BMBMGA1UdJQQMMAoGCCsGAQUF -BwMBMAsGA1UdDwQEAwIFoDANBgkqhkiG9w0BAQsFAAOCAgEATiWAG8uwQv+7P+gN -WMGA28/QkN/KweZB4Uh/px7HNZ+cbXw+gujefq6CFgAzDwIj8Z3+KwYWBVUWidxj -rF8aMRN5IaNuYCjo52tUACKht2laFzHOD8Km3aNv3uoZbNLSyzWd3YdRM2jNw5uQ -VfGAPVy4CbbhPBOkXUrOpRGe+QjuvuNUHQZMuxtyE+59oEXM/tE7AgPB1OpFLajJ -l+fzinqgL91IOnXJQiiU/K9EUhZomNatqGWxzaxgQXDlROha8uf8O/5FiRcdbYXG -8Pxph9EdB/PLe1SNqqPM48b81gV2NdAmY47RqLf/YUKKLGMf1OwUR2se44FhEjuM -FrXPh2otQiGDnA46kDoewTZhQfn7Tl3q9N8jkjMrmxSfoPXTxPgfL5wRNq8qImGV -MgvEHC2xwQoql8BDSmw+2wDNKRWefkF1NqhWhoyCnkYg5QYeYNIDX5+eabu/wrRD -4n2FF4MYQbDLqQQbGFKfiYt2n5RZgU9gWzMY/MdS0NJp/AuiYzJ1Q5np1/htx1Ux -DPPvGnHhClfhnROyHv4d7+TxUdmVs/0oKJORSinFNw6r2IVq/qiDH3uAXR8Eebep -CG4N1i6qfPZjfUHecBMyzt1YzKZz1HJ+16x0qDW6wxsqZNdaN5dWlDQrKnFgvGmr -AIW5T2cyF1HD2lc6N4lmxHpR2l8= ------END CERTIFICATE----- diff --git a/main/openvpn/sample/sample-keys/server.key b/main/openvpn/sample/sample-keys/server.key deleted file mode 100644 index 011df12e..00000000 --- a/main/openvpn/sample/sample-keys/server.key +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCluKLuzrGmD2qy -n9MiF3neCZhxePqnzjZRVFfHMZlW0YrWxf1S5ogOe/nqJ3q/PxTsqtL/i1ZYrMpR -d8U8tuSDbyIGLVvr51nUq0LI1amHc7NzNlEvpdCQoodkVGwS07h2R2mvro8As3C5 -52c/jGo9eV+BJ6MOqqc9gUgQsRhsOC6PenvFPSHI+aB/FyuIT7ry7G0kjmzxClzZ -W7Gw/EnLStJYxiolsJeEw57/NIwQRn8P+zxZeqYpDK6OUDryU4RALdWRewo3joJ3 -zmYvNHdcpUU7ABmnB9GS5ma5O07pY/wzmBquewh9Ct96uqpZbYaCCmQr2lmnTE7v -Pb0EoksxAgMBAAECggEAPMOMin+jR75TYxeTNObiunVOPh0b2zeTVxLT9KfND7ZZ -cBK8pg79SEJRCnhbW5BnvbeNEkIm8PC6ZlDCM1bkRwUStq0fDUqQ95esLzOYq5/S -5qW98viblszhU/pYfja/Zi8dI1uf96PT63Zbt0NnGQ9N42+DLDeKhtTGdchZqiQA -LeSR0bQanY4tUUtCNYvBT8E3pzhoIsUzVwzIK53oovRpcOX3pMXVYZsmNhXdFFRy -YkjMXpj7fGyaAJK0QsC+PsgrKuhXDzDttsG2lI/mq9+7RXB3d/pzhmBVWynVH2lw -iQ7ONkSz7akDz/4I4WmxJep+FfQJYgK6rnLAlQqauQKBgQDammSAprnvDvNhSEp8 -W+xt7jQnFqaENbGgP0/D/OZMXc4khgexqlKFmSnBCRDmQ6JvLTWqDXC4+aqAbFQz -zAIjiKaT+so8xvFRob+rBMJY5JLYKNa+zUUanfORUNYLFJPvFqnrWGaJ9uufdaM7 -0a5bu95PN74NXee3DBbpBv8HLwKBgQDCEk+IjNbjMT+Neq0ywUeM5rFrUKi92abe -AgsVpjbighRV+6jA2lZFJcize+xYJ9wiOR1/TEI9PZ2OtBkqpwVdvTEHTagRLcvd -NfGcptREDnNLoNWA22buQpztiEduutACWQsrd+JQmqbUicUdW4zw86/oCMbYCW3V -QmYOLns7nwKBgHHUX20WZE91S4pmqFKlUzHTDdkk1ESX6Qx2q0R01j8BwawHFs6O -0DW9EZ7w55nfsh+OPRl1sjK/3ubMgfQO0TZLm+IGf3Sya0qEnVeiPMkpDMX+TgRA -wzEe+ou6uho+9uFSvdxMxeglaYA5M2ycvNwLsbEyZ4ZyVYxdgTiKahYFAoGAcIfP -iD0qKQiYcj/tB94cz+3AeJqHjbYT1O1YYhBECOkmQ4kuG80+cs/q5W/45lEOiuWV -Xgfo7Lu6jVGOujWoneci87oqtvNYH4e09oGh2WiLoBG9Wv9dWtBTUERSLzmxfXsG -SAk2uEhEbj8IhfJc8iZLHH9iVUh6YEslBBodqL8CgYEAlAhvcqAvw5SzsfBR5Mcu -4Nql6mXEVhHCvS4hdFCGaNF0z9A6eBORKJpdLWnqhpquDQDsghWE+Ga4QKSNFIi1 -fnAaykmZuY3ToqNOIaVlYM6HpMEz0wHQbTWfDLGcTFcElLZgMAk7VlDyiYVOco+E -QX9lXOO1PGpLzXhlDxSe63Y= ------END PRIVATE KEY----- diff --git a/main/openvpn/sample/sample-keys/ta.key b/main/openvpn/sample/sample-keys/ta.key deleted file mode 100644 index 16690368..00000000 --- a/main/openvpn/sample/sample-keys/ta.key +++ /dev/null @@ -1,21 +0,0 @@ -# -# 2048 bit OpenVPN static key -# ------BEGIN OpenVPN Static key V1----- -a863b1cbdb911ff4ef3360ce135157e7 -241a465f5045f51cf9a92ebc24da34fd -5fc48456778c977e374d55a8a7298aef -40d0ab0c60b5e09838510526b73473a0 -8da46a8c352572dd86d4a871700a915b -6aaa58a9dac560db2dfdd7ef15a202e1 -fca6913d7ee79c678c5798fbf7bd920c -caa7a64720908da7254598b052d07f55 -5e31dc5721932cffbdd8965d04107415 -46c86823da18b66aab347e4522cc05ff -634968889209c96b1024909cd4ce574c -f829aa9c17d5df4a66043182ee23635d -8cabf5a7ba02345ad94a3aa25a63d55c -e13f4ad235a0825e3fe17f9419baff1c -e73ad1dd652f1e48c7102fe8ee181e54 -10a160ae255f63fd01db1f29e6efcb8e ------END OpenVPN Static key V1----- diff --git a/main/openvpn/sample/sample-plugins/defer/README b/main/openvpn/sample/sample-plugins/defer/README deleted file mode 100644 index d8990f8b..00000000 --- a/main/openvpn/sample/sample-plugins/defer/README +++ /dev/null @@ -1,16 +0,0 @@ -OpenVPN plugin examples. - -Examples provided: - -simple.c -- using the --auth-user-pass-verify callback, - test deferred authentication. - -To build: - - ./build simple (Linux/BSD/etc.) - ./winbuild simple (MinGW on Windows) - -To use in OpenVPN, add to config file: - - plugin simple.so (Linux/BSD/etc.) - plugin simple.dll (MinGW on Windows) diff --git a/main/openvpn/sample/sample-plugins/defer/build b/main/openvpn/sample/sample-plugins/defer/build deleted file mode 100755 index ba41a39f..00000000 --- a/main/openvpn/sample/sample-plugins/defer/build +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/sh - -# -# Build an OpenVPN plugin module on *nix. The argument should -# be the base name of the C source file (without the .c). -# - -# This directory is where we will look for openvpn-plugin.h -CPPFLAGS="${CPPFLAGS:--I../../../include}" - -CC="${CC:-gcc}" -CFLAGS="${CFLAGS:--O2 -Wall -g}" - -$CC $CPPFLAGS $CFLAGS -fPIC -c $1.c && \ -$CC $CFLAGS -fPIC -shared ${LDFLAGS} -Wl,-soname,$1.so -o $1.so $1.o -lc diff --git a/main/openvpn/sample/sample-plugins/defer/simple.c b/main/openvpn/sample/sample-plugins/defer/simple.c deleted file mode 100644 index 65398657..00000000 --- a/main/openvpn/sample/sample-plugins/defer/simple.c +++ /dev/null @@ -1,305 +0,0 @@ -/* - * OpenVPN -- An application to securely tunnel IP networks - * over a single TCP/UDP port, with support for SSL/TLS-based - * session authentication and key exchange, - * packet encryption, packet authentication, and - * packet compression. - * - * Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program (see the file COPYING included with this - * distribution); if not, write to the Free Software Foundation, Inc., - * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - -/* - * This file implements a simple OpenVPN plugin module which - * will test deferred authentication and packet filtering. - * - * Will run on Windows or *nix. - * - * Sample usage: - * - * setenv test_deferred_auth 20 - * setenv test_packet_filter 10 - * plugin plugin/defer/simple.so - * - * This will enable deferred authentication to occur 20 - * seconds after the normal TLS authentication process, - * and will cause a packet filter file to be generated 10 - * seconds after the initial TLS negotiation, using - * {common-name}.pf as the source. - * - * Sample packet filter configuration: - * - * [CLIENTS DROP] - * +otherclient - * [SUBNETS DROP] - * +10.0.0.0/8 - * -10.10.0.8 - * [END] - * - * See the README file for build instructions. - */ - -#include <stdio.h> -#include <string.h> -#include <stdlib.h> - -#include "openvpn-plugin.h" - -/* bool definitions */ -#define bool int -#define true 1 -#define false 0 - -/* - * Our context, where we keep our state. - */ - -struct plugin_context { - int test_deferred_auth; - int test_packet_filter; -}; - -struct plugin_per_client_context { - int n_calls; - bool generated_pf_file; -}; - -/* - * Given an environmental variable name, search - * the envp array for its value, returning it - * if found or NULL otherwise. - */ -static const char * -get_env (const char *name, const char *envp[]) -{ - if (envp) - { - int i; - const int namelen = strlen (name); - for (i = 0; envp[i]; ++i) - { - if (!strncmp (envp[i], name, namelen)) - { - const char *cp = envp[i] + namelen; - if (*cp == '=') - return cp + 1; - } - } - } - return NULL; -} - -/* used for safe printf of possible NULL strings */ -static const char * -np (const char *str) -{ - if (str) - return str; - else - return "[NULL]"; -} - -static int -atoi_null0 (const char *str) -{ - if (str) - return atoi (str); - else - return 0; -} - -OPENVPN_EXPORT openvpn_plugin_handle_t -openvpn_plugin_open_v1 (unsigned int *type_mask, const char *argv[], const char *envp[]) -{ - struct plugin_context *context; - - printf ("FUNC: openvpn_plugin_open_v1\n"); - - /* - * Allocate our context - */ - context = (struct plugin_context *) calloc (1, sizeof (struct plugin_context)); - - context->test_deferred_auth = atoi_null0 (get_env ("test_deferred_auth", envp)); - printf ("TEST_DEFERRED_AUTH %d\n", context->test_deferred_auth); - - context->test_packet_filter = atoi_null0 (get_env ("test_packet_filter", envp)); - printf ("TEST_PACKET_FILTER %d\n", context->test_packet_filter); - - /* - * Which callbacks to intercept. - */ - *type_mask = - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_UP) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_DOWN) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_ROUTE_UP) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_IPCHANGE) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_TLS_VERIFY) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_CLIENT_CONNECT_V2) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_CLIENT_DISCONNECT) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_LEARN_ADDRESS) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_TLS_FINAL) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_ENABLE_PF); - - return (openvpn_plugin_handle_t) context; -} - -static int -auth_user_pass_verify (struct plugin_context *context, struct plugin_per_client_context *pcc, const char *argv[], const char *envp[]) -{ - if (context->test_deferred_auth) - { - /* get username/password from envp string array */ - const char *username = get_env ("username", envp); - const char *password = get_env ("password", envp); - - /* get auth_control_file filename from envp string array*/ - const char *auth_control_file = get_env ("auth_control_file", envp); - - printf ("DEFER u='%s' p='%s' acf='%s'\n", - np(username), - np(password), - np(auth_control_file)); - - /* Authenticate asynchronously in n seconds */ - if (auth_control_file) - { - char buf[256]; - int auth = 2; - sscanf (username, "%d", &auth); - snprintf (buf, sizeof(buf), "( sleep %d ; echo AUTH %s %d ; echo %d >%s ) &", - context->test_deferred_auth, - auth_control_file, - auth, - pcc->n_calls < auth, - auth_control_file); - printf ("%s\n", buf); - system (buf); - pcc->n_calls++; - return OPENVPN_PLUGIN_FUNC_DEFERRED; - } - else - return OPENVPN_PLUGIN_FUNC_ERROR; - } - else - return OPENVPN_PLUGIN_FUNC_SUCCESS; -} - -static int -tls_final (struct plugin_context *context, struct plugin_per_client_context *pcc, const char *argv[], const char *envp[]) -{ - if (context->test_packet_filter) - { - if (!pcc->generated_pf_file) - { - const char *pff = get_env ("pf_file", envp); - const char *cn = get_env ("username", envp); - if (pff && cn) - { - char buf[256]; - snprintf (buf, sizeof(buf), "( sleep %d ; echo PF %s/%s ; cp \"%s.pf\" \"%s\" ) &", - context->test_packet_filter, cn, pff, cn, pff); - printf ("%s\n", buf); - system (buf); - pcc->generated_pf_file = true; - return OPENVPN_PLUGIN_FUNC_SUCCESS; - } - else - return OPENVPN_PLUGIN_FUNC_ERROR; - } - else - return OPENVPN_PLUGIN_FUNC_ERROR; - } - else - return OPENVPN_PLUGIN_FUNC_SUCCESS; -} - -OPENVPN_EXPORT int -openvpn_plugin_func_v2 (openvpn_plugin_handle_t handle, - const int type, - const char *argv[], - const char *envp[], - void *per_client_context, - struct openvpn_plugin_string_list **return_list) -{ - struct plugin_context *context = (struct plugin_context *) handle; - struct plugin_per_client_context *pcc = (struct plugin_per_client_context *) per_client_context; - switch (type) - { - case OPENVPN_PLUGIN_UP: - printf ("OPENVPN_PLUGIN_UP\n"); - return OPENVPN_PLUGIN_FUNC_SUCCESS; - case OPENVPN_PLUGIN_DOWN: - printf ("OPENVPN_PLUGIN_DOWN\n"); - return OPENVPN_PLUGIN_FUNC_SUCCESS; - case OPENVPN_PLUGIN_ROUTE_UP: - printf ("OPENVPN_PLUGIN_ROUTE_UP\n"); - return OPENVPN_PLUGIN_FUNC_SUCCESS; - case OPENVPN_PLUGIN_IPCHANGE: - printf ("OPENVPN_PLUGIN_IPCHANGE\n"); - return OPENVPN_PLUGIN_FUNC_SUCCESS; - case OPENVPN_PLUGIN_TLS_VERIFY: - printf ("OPENVPN_PLUGIN_TLS_VERIFY\n"); - return OPENVPN_PLUGIN_FUNC_SUCCESS; - case OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY: - printf ("OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY\n"); - return auth_user_pass_verify (context, pcc, argv, envp); - case OPENVPN_PLUGIN_CLIENT_CONNECT_V2: - printf ("OPENVPN_PLUGIN_CLIENT_CONNECT_V2\n"); - return OPENVPN_PLUGIN_FUNC_SUCCESS; - case OPENVPN_PLUGIN_CLIENT_DISCONNECT: - printf ("OPENVPN_PLUGIN_CLIENT_DISCONNECT\n"); - return OPENVPN_PLUGIN_FUNC_SUCCESS; - case OPENVPN_PLUGIN_LEARN_ADDRESS: - printf ("OPENVPN_PLUGIN_LEARN_ADDRESS\n"); - return OPENVPN_PLUGIN_FUNC_SUCCESS; - case OPENVPN_PLUGIN_TLS_FINAL: - printf ("OPENVPN_PLUGIN_TLS_FINAL\n"); - return tls_final (context, pcc, argv, envp); - case OPENVPN_PLUGIN_ENABLE_PF: - printf ("OPENVPN_PLUGIN_ENABLE_PF\n"); - if (context->test_packet_filter) - return OPENVPN_PLUGIN_FUNC_SUCCESS; - else - return OPENVPN_PLUGIN_FUNC_ERROR; - default: - printf ("OPENVPN_PLUGIN_?\n"); - return OPENVPN_PLUGIN_FUNC_ERROR; - } -} - -OPENVPN_EXPORT void * -openvpn_plugin_client_constructor_v1 (openvpn_plugin_handle_t handle) -{ - printf ("FUNC: openvpn_plugin_client_constructor_v1\n"); - return calloc (1, sizeof (struct plugin_per_client_context)); -} - -OPENVPN_EXPORT void -openvpn_plugin_client_destructor_v1 (openvpn_plugin_handle_t handle, void *per_client_context) -{ - printf ("FUNC: openvpn_plugin_client_destructor_v1\n"); - free (per_client_context); -} - -OPENVPN_EXPORT void -openvpn_plugin_close_v1 (openvpn_plugin_handle_t handle) -{ - struct plugin_context *context = (struct plugin_context *) handle; - printf ("FUNC: openvpn_plugin_close_v1\n"); - free (context); -} diff --git a/main/openvpn/sample/sample-plugins/defer/simple.def b/main/openvpn/sample/sample-plugins/defer/simple.def deleted file mode 100755 index a87507d1..00000000 --- a/main/openvpn/sample/sample-plugins/defer/simple.def +++ /dev/null @@ -1,6 +0,0 @@ -LIBRARY OpenVPN_PLUGIN_SAMPLE -DESCRIPTION "Sample OpenVPN plug-in module." -EXPORTS - openvpn_plugin_open_v1 @1 - openvpn_plugin_func_v1 @2 - openvpn_plugin_close_v1 @3 diff --git a/main/openvpn/sample/sample-plugins/defer/winbuild b/main/openvpn/sample/sample-plugins/defer/winbuild deleted file mode 100755 index 82927d96..00000000 --- a/main/openvpn/sample/sample-plugins/defer/winbuild +++ /dev/null @@ -1,18 +0,0 @@ -# -# Build an OpenVPN plugin module on Windows/MinGW. -# The argument should be the base name of the C source file -# (without the .c). -# - -# This directory is where we will look for openvpn-plugin.h -INCLUDE="-I../../../build" - -CC_FLAGS="-O2 -Wall" - -gcc -DBUILD_DLL $CC_FLAGS $INCLUDE -c $1.c -gcc --disable-stdcall-fixup -mdll -DBUILD_DLL -o junk.tmp -Wl,--base-file,base.tmp $1.o -rm junk.tmp -dlltool --dllname $1.dll --base-file base.tmp --output-exp temp.exp --input-def $1.def -rm base.tmp -gcc --enable-stdcall-fixup -mdll -DBUILD_DLL -o $1.dll $1.o -Wl,temp.exp -rm temp.exp diff --git a/main/openvpn/sample/sample-plugins/log/build b/main/openvpn/sample/sample-plugins/log/build deleted file mode 100755 index c07ec408..00000000 --- a/main/openvpn/sample/sample-plugins/log/build +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/sh - -# -# Build an OpenVPN plugin module on *nix. The argument should -# be the base name of the C source file (without the .c). -# - -# This directory is where we will look for openvpn-plugin.h -CPPFLAGS="${CPPFLAGS:--I../../../include}" - -CC="${CC:-gcc}" -CFLAGS="${CFLAGS:--O2 -Wall -g}" - -$CC $CPPFLAGS $CFLAGS -fPIC -c $1.c && \ -$CC $CFLAGS -fPIC -shared $LDFLAGS -Wl,-soname,$1.so -o $1.so $1.o -lc diff --git a/main/openvpn/sample/sample-plugins/log/log.c b/main/openvpn/sample/sample-plugins/log/log.c deleted file mode 100644 index 1cc4650e..00000000 --- a/main/openvpn/sample/sample-plugins/log/log.c +++ /dev/null @@ -1,184 +0,0 @@ -/* - * OpenVPN -- An application to securely tunnel IP networks - * over a single TCP/UDP port, with support for SSL/TLS-based - * session authentication and key exchange, - * packet encryption, packet authentication, and - * packet compression. - * - * Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program (see the file COPYING included with this - * distribution); if not, write to the Free Software Foundation, Inc., - * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - -/* - * This plugin is similar to simple.c, except it also logs extra information - * to stdout for every plugin method called by OpenVPN. - * - * See the README file for build instructions. - */ - -#include <stdio.h> -#include <string.h> -#include <stdlib.h> - -#include "openvpn-plugin.h" - -/* - * Our context, where we keep our state. - */ -struct plugin_context { - const char *username; - const char *password; -}; - -/* - * Given an environmental variable name, search - * the envp array for its value, returning it - * if found or NULL otherwise. - */ -static const char * -get_env (const char *name, const char *envp[]) -{ - if (envp) - { - int i; - const int namelen = strlen (name); - for (i = 0; envp[i]; ++i) - { - if (!strncmp (envp[i], name, namelen)) - { - const char *cp = envp[i] + namelen; - if (*cp == '=') - return cp + 1; - } - } - } - return NULL; -} - -OPENVPN_EXPORT openvpn_plugin_handle_t -openvpn_plugin_open_v1 (unsigned int *type_mask, const char *argv[], const char *envp[]) -{ - struct plugin_context *context; - - /* - * Allocate our context - */ - context = (struct plugin_context *) calloc (1, sizeof (struct plugin_context)); - - /* - * Set the username/password we will require. - */ - context->username = "foo"; - context->password = "bar"; - - /* - * Which callbacks to intercept. - */ - *type_mask = - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_UP) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_DOWN) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_ROUTE_UP) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_IPCHANGE) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_TLS_VERIFY) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_CLIENT_CONNECT_V2) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_CLIENT_DISCONNECT) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_LEARN_ADDRESS) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_TLS_FINAL); - - return (openvpn_plugin_handle_t) context; -} - -void -show (const int type, const char *argv[], const char *envp[]) -{ - size_t i; - switch (type) - { - case OPENVPN_PLUGIN_UP: - printf ("OPENVPN_PLUGIN_UP\n"); - break; - case OPENVPN_PLUGIN_DOWN: - printf ("OPENVPN_PLUGIN_DOWN\n"); - break; - case OPENVPN_PLUGIN_ROUTE_UP: - printf ("OPENVPN_PLUGIN_ROUTE_UP\n"); - break; - case OPENVPN_PLUGIN_IPCHANGE: - printf ("OPENVPN_PLUGIN_IPCHANGE\n"); - break; - case OPENVPN_PLUGIN_TLS_VERIFY: - printf ("OPENVPN_PLUGIN_TLS_VERIFY\n"); - break; - case OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY: - printf ("OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY\n"); - break; - case OPENVPN_PLUGIN_CLIENT_CONNECT_V2: - printf ("OPENVPN_PLUGIN_CLIENT_CONNECT_V2\n"); - break; - case OPENVPN_PLUGIN_CLIENT_DISCONNECT: - printf ("OPENVPN_PLUGIN_CLIENT_DISCONNECT\n"); - break; - case OPENVPN_PLUGIN_LEARN_ADDRESS: - printf ("OPENVPN_PLUGIN_LEARN_ADDRESS\n"); - break; - case OPENVPN_PLUGIN_TLS_FINAL: - printf ("OPENVPN_PLUGIN_TLS_FINAL\n"); - break; - default: - printf ("OPENVPN_PLUGIN_?\n"); - break; - } - - printf ("ARGV\n"); - for (i = 0; argv[i] != NULL; ++i) - printf ("%d '%s'\n", (int)i, argv[i]); - - printf ("ENVP\n"); - for (i = 0; envp[i] != NULL; ++i) - printf ("%d '%s'\n", (int)i, envp[i]); -} - -OPENVPN_EXPORT int -openvpn_plugin_func_v1 (openvpn_plugin_handle_t handle, const int type, const char *argv[], const char *envp[]) -{ - struct plugin_context *context = (struct plugin_context *) handle; - - show (type, argv, envp); - - /* check entered username/password against what we require */ - if (type == OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY) - { - /* get username/password from envp string array */ - const char *username = get_env ("username", envp); - const char *password = get_env ("password", envp); - - if (username && !strcmp (username, context->username) - && password && !strcmp (password, context->password)) - return OPENVPN_PLUGIN_FUNC_SUCCESS; - else - return OPENVPN_PLUGIN_FUNC_ERROR; - } - else - return OPENVPN_PLUGIN_FUNC_SUCCESS; -} - -OPENVPN_EXPORT void -openvpn_plugin_close_v1 (openvpn_plugin_handle_t handle) -{ - struct plugin_context *context = (struct plugin_context *) handle; - free (context); -} diff --git a/main/openvpn/sample/sample-plugins/log/log_v3.c b/main/openvpn/sample/sample-plugins/log/log_v3.c deleted file mode 100644 index bf1a15c8..00000000 --- a/main/openvpn/sample/sample-plugins/log/log_v3.c +++ /dev/null @@ -1,252 +0,0 @@ -/* - * OpenVPN -- An application to securely tunnel IP networks - * over a single TCP/UDP port, with support for SSL/TLS-based - * session authentication and key exchange, - * packet encryption, packet authentication, and - * packet compression. - * - * Copyright (C) 2002-2009 OpenVPN Technologies, Inc. <sales@openvpn.net> - * Copyright (C) 2010 David Sommerseth <dazo@users.sourceforge.net> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program (see the file COPYING included with this - * distribution); if not, write to the Free Software Foundation, Inc., - * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - -/* - * This plugin is similar to simple.c, except it also logs extra information - * to stdout for every plugin method called by OpenVPN. The only difference - * between this (log_v3.c) and log.c is that this module uses the v3 plug-in - * API. - * - * See the README file for build instructions. - */ - -#include <stdio.h> -#include <string.h> -#include <stdlib.h> - -#define ENABLE_CRYPTO - -#include "openvpn-plugin.h" - -/* - * Our context, where we keep our state. - */ -struct plugin_context { - const char *username; - const char *password; -}; - -/* - * Given an environmental variable name, search - * the envp array for its value, returning it - * if found or NULL otherwise. - */ -static const char * -get_env (const char *name, const char *envp[]) -{ - if (envp) - { - int i; - const int namelen = strlen (name); - for (i = 0; envp[i]; ++i) - { - if (!strncmp (envp[i], name, namelen)) - { - const char *cp = envp[i] + namelen; - if (*cp == '=') - return cp + 1; - } - } - } - return NULL; -} - -OPENVPN_EXPORT int -openvpn_plugin_open_v3 (const int v3structver, - struct openvpn_plugin_args_open_in const *args, - struct openvpn_plugin_args_open_return *ret) -{ - struct plugin_context *context = NULL; - - /* Check that we are API compatible */ - if( v3structver != OPENVPN_PLUGINv3_STRUCTVER ) { - return OPENVPN_PLUGIN_FUNC_ERROR; - } - - if( args->ssl_api != SSLAPI_OPENSSL ) { - printf("This plug-in can only be used against OpenVPN with OpenSSL\n"); - return OPENVPN_PLUGIN_FUNC_ERROR; - } - - /* Which callbacks to intercept. */ - ret->type_mask = - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_UP) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_DOWN) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_ROUTE_UP) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_IPCHANGE) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_TLS_VERIFY) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_CLIENT_CONNECT_V2) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_CLIENT_DISCONNECT) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_LEARN_ADDRESS) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_TLS_FINAL); - - - /* Allocate our context */ - context = (struct plugin_context *) calloc (1, sizeof (struct plugin_context)); - - /* Set the username/password we will require. */ - context->username = "foo"; - context->password = "bar"; - - /* Point the global context handle to our newly created context */ - ret->handle = (void *) context; - - return OPENVPN_PLUGIN_FUNC_SUCCESS; -} - -void -show (const int type, const char *argv[], const char *envp[]) -{ - size_t i; - switch (type) - { - case OPENVPN_PLUGIN_UP: - printf ("OPENVPN_PLUGIN_UP\n"); - break; - case OPENVPN_PLUGIN_DOWN: - printf ("OPENVPN_PLUGIN_DOWN\n"); - break; - case OPENVPN_PLUGIN_ROUTE_UP: - printf ("OPENVPN_PLUGIN_ROUTE_UP\n"); - break; - case OPENVPN_PLUGIN_IPCHANGE: - printf ("OPENVPN_PLUGIN_IPCHANGE\n"); - break; - case OPENVPN_PLUGIN_TLS_VERIFY: - printf ("OPENVPN_PLUGIN_TLS_VERIFY\n"); - break; - case OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY: - printf ("OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY\n"); - break; - case OPENVPN_PLUGIN_CLIENT_CONNECT_V2: - printf ("OPENVPN_PLUGIN_CLIENT_CONNECT_V2\n"); - break; - case OPENVPN_PLUGIN_CLIENT_DISCONNECT: - printf ("OPENVPN_PLUGIN_CLIENT_DISCONNECT\n"); - break; - case OPENVPN_PLUGIN_LEARN_ADDRESS: - printf ("OPENVPN_PLUGIN_LEARN_ADDRESS\n"); - break; - case OPENVPN_PLUGIN_TLS_FINAL: - printf ("OPENVPN_PLUGIN_TLS_FINAL\n"); - break; - default: - printf ("OPENVPN_PLUGIN_?\n"); - break; - } - - printf ("ARGV\n"); - for (i = 0; argv[i] != NULL; ++i) - printf ("%d '%s'\n", (int)i, argv[i]); - - printf ("ENVP\n"); - for (i = 0; envp[i] != NULL; ++i) - printf ("%d '%s'\n", (int)i, envp[i]); -} - -static void -x509_print_info (X509 *x509crt) -{ - int i, n; - int fn_nid; - ASN1_OBJECT *fn; - ASN1_STRING *val; - X509_NAME *x509_name; - X509_NAME_ENTRY *ent; - const char *objbuf; - unsigned char *buf; - - x509_name = X509_get_subject_name (x509crt); - n = X509_NAME_entry_count (x509_name); - for (i = 0; i < n; ++i) - { - ent = X509_NAME_get_entry (x509_name, i); - if (!ent) - continue; - fn = X509_NAME_ENTRY_get_object (ent); - if (!fn) - continue; - val = X509_NAME_ENTRY_get_data (ent); - if (!val) - continue; - fn_nid = OBJ_obj2nid (fn); - if (fn_nid == NID_undef) - continue; - objbuf = OBJ_nid2sn (fn_nid); - if (!objbuf) - continue; - buf = (unsigned char *)1; /* bug in OpenSSL 0.9.6b ASN1_STRING_to_UTF8 requires this workaround */ - if (ASN1_STRING_to_UTF8 (&buf, val) <= 0) - continue; - - printf("X509 %s: %s\n", objbuf, (char *)buf); - OPENSSL_free (buf); - } -} - - - -OPENVPN_EXPORT int -openvpn_plugin_func_v3 (const int version, - struct openvpn_plugin_args_func_in const *args, - struct openvpn_plugin_args_func_return *retptr) -{ - struct plugin_context *context = (struct plugin_context *) args->handle; - - printf("\nopenvpn_plugin_func_v3() :::::>> "); - show (args->type, args->argv, args->envp); - - /* Dump some X509 information if we're in the TLS_VERIFY phase */ - if ((args->type == OPENVPN_PLUGIN_TLS_VERIFY) && args->current_cert ) { - printf("---- X509 Subject information ----\n"); - printf("Certificate depth: %i\n", args->current_cert_depth); - x509_print_info(args->current_cert); - printf("----------------------------------\n"); - } - - /* check entered username/password against what we require */ - if (args->type == OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY) - { - /* get username/password from envp string array */ - const char *username = get_env ("username", args->envp); - const char *password = get_env ("password", args->envp); - - if (username && !strcmp (username, context->username) - && password && !strcmp (password, context->password)) - return OPENVPN_PLUGIN_FUNC_SUCCESS; - else - return OPENVPN_PLUGIN_FUNC_ERROR; - } - else - return OPENVPN_PLUGIN_FUNC_SUCCESS; -} - -OPENVPN_EXPORT void -openvpn_plugin_close_v1 (openvpn_plugin_handle_t handle) -{ - struct plugin_context *context = (struct plugin_context *) handle; - free (context); -} diff --git a/main/openvpn/sample/sample-plugins/log/winbuild b/main/openvpn/sample/sample-plugins/log/winbuild deleted file mode 100755 index decf05f8..00000000 --- a/main/openvpn/sample/sample-plugins/log/winbuild +++ /dev/null @@ -1,18 +0,0 @@ -# -# Build an OpenVPN plugin module on Windows/MinGW. -# The argument should be the base name of the C source file -# (without the .c). -# - -# This directory is where we will look for openvpn-plugin.h -INCLUDE="-I../../../include" - -CC_FLAGS="-O2 -Wall" - -gcc -DBUILD_DLL $CC_FLAGS $INCLUDE -c $1.c -gcc --disable-stdcall-fixup -mdll -DBUILD_DLL -o junk.tmp -Wl,--base-file,base.tmp $1.o -rm junk.tmp -dlltool --dllname $1.dll --base-file base.tmp --output-exp temp.exp --input-def $1.def -rm base.tmp -gcc --enable-stdcall-fixup -mdll -DBUILD_DLL -o $1.dll $1.o -Wl,temp.exp -rm temp.exp diff --git a/main/openvpn/sample/sample-plugins/simple/README b/main/openvpn/sample/sample-plugins/simple/README deleted file mode 100644 index 4400cd30..00000000 --- a/main/openvpn/sample/sample-plugins/simple/README +++ /dev/null @@ -1,16 +0,0 @@ -OpenVPN plugin examples. - -Examples provided: - -simple.c -- using the --auth-user-pass-verify callback, verify - that the username/password is "foo"/"bar". - -To build: - - ./build simple (Linux/BSD/etc.) - ./winbuild simple (MinGW on Windows) - -To use in OpenVPN, add to config file: - - plugin simple.so (Linux/BSD/etc.) - plugin simple.dll (MinGW on Windows) diff --git a/main/openvpn/sample/sample-plugins/simple/build b/main/openvpn/sample/sample-plugins/simple/build deleted file mode 100755 index bbb05f7c..00000000 --- a/main/openvpn/sample/sample-plugins/simple/build +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/sh - -# -# Build an OpenVPN plugin module on *nix. The argument should -# be the base name of the C source file (without the .c). -# - -# This directory is where we will look for openvpn-plugin.h -CPPFLAGS="${CPPFLAGS:--I../../..}" - -CC="${CC:-gcc}" -CFLAGS="${CFLAGS:--O2 -Wall -g}" - -$CC $CPPFLAGS $CFLAGS -fPIC -c $1.c && \ -$CC $CFLAGS -fPIC -shared $LDFLAGS -Wl,-soname,$1.so -o $1.so $1.o -lc diff --git a/main/openvpn/sample/sample-plugins/simple/simple.c b/main/openvpn/sample/sample-plugins/simple/simple.c deleted file mode 100644 index f26d89f6..00000000 --- a/main/openvpn/sample/sample-plugins/simple/simple.c +++ /dev/null @@ -1,120 +0,0 @@ -/* - * OpenVPN -- An application to securely tunnel IP networks - * over a single TCP/UDP port, with support for SSL/TLS-based - * session authentication and key exchange, - * packet encryption, packet authentication, and - * packet compression. - * - * Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program (see the file COPYING included with this - * distribution); if not, write to the Free Software Foundation, Inc., - * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - -/* - * This file implements a simple OpenVPN plugin module which - * will examine the username/password provided by a client, - * and make an accept/deny determination. Will run - * on Windows or *nix. - * - * See the README file for build instructions. - */ - -#include <stdio.h> -#include <string.h> -#include <stdlib.h> - -#include "openvpn-plugin.h" - -/* - * Our context, where we keep our state. - */ -struct plugin_context { - const char *username; - const char *password; -}; - -/* - * Given an environmental variable name, search - * the envp array for its value, returning it - * if found or NULL otherwise. - */ -static const char * -get_env (const char *name, const char *envp[]) -{ - if (envp) - { - int i; - const int namelen = strlen (name); - for (i = 0; envp[i]; ++i) - { - if (!strncmp (envp[i], name, namelen)) - { - const char *cp = envp[i] + namelen; - if (*cp == '=') - return cp + 1; - } - } - } - return NULL; -} - -OPENVPN_EXPORT openvpn_plugin_handle_t -openvpn_plugin_open_v1 (unsigned int *type_mask, const char *argv[], const char *envp[]) -{ - struct plugin_context *context; - - /* - * Allocate our context - */ - context = (struct plugin_context *) calloc (1, sizeof (struct plugin_context)); - - /* - * Set the username/password we will require. - */ - context->username = "foo"; - context->password = "bar"; - - /* - * We are only interested in intercepting the - * --auth-user-pass-verify callback. - */ - *type_mask = OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY); - - return (openvpn_plugin_handle_t) context; -} - -OPENVPN_EXPORT int -openvpn_plugin_func_v1 (openvpn_plugin_handle_t handle, const int type, const char *argv[], const char *envp[]) -{ - struct plugin_context *context = (struct plugin_context *) handle; - - /* get username/password from envp string array */ - const char *username = get_env ("username", envp); - const char *password = get_env ("password", envp); - - /* check entered username/password against what we require */ - if (username && !strcmp (username, context->username) - && password && !strcmp (password, context->password)) - return OPENVPN_PLUGIN_FUNC_SUCCESS; - else - return OPENVPN_PLUGIN_FUNC_ERROR; -} - -OPENVPN_EXPORT void -openvpn_plugin_close_v1 (openvpn_plugin_handle_t handle) -{ - struct plugin_context *context = (struct plugin_context *) handle; - free (context); -} diff --git a/main/openvpn/sample/sample-plugins/simple/simple.def b/main/openvpn/sample/sample-plugins/simple/simple.def deleted file mode 100755 index a87507d1..00000000 --- a/main/openvpn/sample/sample-plugins/simple/simple.def +++ /dev/null @@ -1,6 +0,0 @@ -LIBRARY OpenVPN_PLUGIN_SAMPLE -DESCRIPTION "Sample OpenVPN plug-in module." -EXPORTS - openvpn_plugin_open_v1 @1 - openvpn_plugin_func_v1 @2 - openvpn_plugin_close_v1 @3 diff --git a/main/openvpn/sample/sample-plugins/simple/winbuild b/main/openvpn/sample/sample-plugins/simple/winbuild deleted file mode 100755 index decf05f8..00000000 --- a/main/openvpn/sample/sample-plugins/simple/winbuild +++ /dev/null @@ -1,18 +0,0 @@ -# -# Build an OpenVPN plugin module on Windows/MinGW. -# The argument should be the base name of the C source file -# (without the .c). -# - -# This directory is where we will look for openvpn-plugin.h -INCLUDE="-I../../../include" - -CC_FLAGS="-O2 -Wall" - -gcc -DBUILD_DLL $CC_FLAGS $INCLUDE -c $1.c -gcc --disable-stdcall-fixup -mdll -DBUILD_DLL -o junk.tmp -Wl,--base-file,base.tmp $1.o -rm junk.tmp -dlltool --dllname $1.dll --base-file base.tmp --output-exp temp.exp --input-def $1.def -rm base.tmp -gcc --enable-stdcall-fixup -mdll -DBUILD_DLL -o $1.dll $1.o -Wl,temp.exp -rm temp.exp diff --git a/main/openvpn/sample/sample-scripts/auth-pam.pl b/main/openvpn/sample/sample-scripts/auth-pam.pl deleted file mode 100755 index 5333badc..00000000 --- a/main/openvpn/sample/sample-scripts/auth-pam.pl +++ /dev/null @@ -1,97 +0,0 @@ -#!/usr/bin/perl -t - -# OpenVPN PAM AUTHENTICATON -# This script can be used to add PAM-based authentication -# to OpenVPN 2.0. The OpenVPN client must provide -# a username/password, using the --auth-user-pass directive. -# The OpenVPN server should specify --auth-user-pass-verify -# with this script as the argument and the 'via-file' method -# specified. The server can also optionally specify -# --client-cert-not-required and/or --username-as-common-name. - -# SCRIPT OPERATION -# Return success or failure status based on whether or not a -# given username/password authenticates using PAM. -# Caller should write username/password as two lines in a file -# which is passed to this script as a command line argument. - -# CAVEATS -# * Requires Authen::PAM module, which may also -# require the pam-devel package. -# * May need to be run as root in order to -# access username/password file. - -# NOTES -# * This script is provided mostly as a demonstration of the -# --auth-user-pass-verify script capability in OpenVPN. -# For real world usage, see the auth-pam module in the plugin -# folder. - -use Authen::PAM; -use POSIX; - -# This "conversation function" will pass -# $password to PAM when it asks for it. - -sub my_conv_func { - my @res; - while ( @_ ) { - my $code = shift; - my $msg = shift; - my $ans = ""; - - $ans = $password if $msg =~ /[Pp]assword/; - - push @res, (PAM_SUCCESS(),$ans); - } - push @res, PAM_SUCCESS(); - return @res; -} - -# Identify service type to PAM -$service = "login"; - -# Get username/password from file - -if ($ARG = shift @ARGV) { - if (!open (UPFILE, "<$ARG")) { - print "Could not open username/password file: $ARG\n"; - exit 1; - } -} else { - print "No username/password file specified on command line\n"; - exit 1; -} - -$username = <UPFILE>; -$password = <UPFILE>; - -if (!$username || !$password) { - print "Username/password not found in file: $ARG\n"; - exit 1; -} - -chomp $username; -chomp $password; - -close (UPFILE); - -# Initialize PAM object - -if (!ref($pamh = new Authen::PAM($service, $username, \&my_conv_func))) { - print "Authen::PAM init failed\n"; - exit 1; -} - -# Authenticate with PAM - -$res = $pamh->pam_authenticate; - -# Return success or failure - -if ($res == PAM_SUCCESS()) { - exit 0; -} else { - print "Auth '$username' failed, PAM said: ", $pamh->pam_strerror($res), "\n"; - exit 1; -} diff --git a/main/openvpn/sample/sample-scripts/bridge-start b/main/openvpn/sample/sample-scripts/bridge-start deleted file mode 100755 index d20a2603..00000000 --- a/main/openvpn/sample/sample-scripts/bridge-start +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/sh - -################################# -# Set up Ethernet bridge on Linux -# Requires: bridge-utils -################################# - -# Define Bridge Interface -br="br0" - -# Define list of TAP interfaces to be bridged, -# for example tap="tap0 tap1 tap2". -tap="tap0" - -# Define physical ethernet interface to be bridged -# with TAP interface(s) above. -eth="eth0" -eth_ip="192.168.8.4" -eth_netmask="255.255.255.0" -eth_broadcast="192.168.8.255" - -for t in $tap; do - openvpn --mktun --dev $t -done - -brctl addbr $br -brctl addif $br $eth - -for t in $tap; do - brctl addif $br $t -done - -for t in $tap; do - ifconfig $t 0.0.0.0 promisc up -done - -ifconfig $eth 0.0.0.0 promisc up - -ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast diff --git a/main/openvpn/sample/sample-scripts/bridge-stop b/main/openvpn/sample/sample-scripts/bridge-stop deleted file mode 100755 index 81927794..00000000 --- a/main/openvpn/sample/sample-scripts/bridge-stop +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/sh - -#################################### -# Tear Down Ethernet bridge on Linux -#################################### - -# Define Bridge Interface -br="br0" - -# Define list of TAP interfaces to be bridged together -tap="tap0" - -ifconfig $br down -brctl delbr $br - -for t in $tap; do - openvpn --rmtun --dev $t -done diff --git a/main/openvpn/sample/sample-scripts/ucn.pl b/main/openvpn/sample/sample-scripts/ucn.pl deleted file mode 100755 index 6d708f82..00000000 --- a/main/openvpn/sample/sample-scripts/ucn.pl +++ /dev/null @@ -1,11 +0,0 @@ -#!/usr/bin/perl -t - -# OpenVPN --auth-user-pass-verify script. -# Only authenticate if username equals common_name. -# In OpenVPN config file: -# auth-user-pass-verify ./ucn.pl via-env - -$username = $ENV{'username'}; -$common_name = $ENV{'common_name'}; - -exit !(length($username) > 0 && length($common_name) > 0 && $username eq $common_name); diff --git a/main/openvpn/sample/sample-scripts/verify-cn b/main/openvpn/sample/sample-scripts/verify-cn deleted file mode 100755 index 6e747ef1..00000000 --- a/main/openvpn/sample/sample-scripts/verify-cn +++ /dev/null @@ -1,64 +0,0 @@ -#!/usr/bin/perl - -# verify-cn -- a sample OpenVPN tls-verify script -# -# Return 0 if cn matches the common name component of -# subject, 1 otherwise. -# -# For example in OpenVPN, you could use the directive: -# -# tls-verify "./verify-cn /etc/openvpn/allowed_clients" -# -# This would cause the connection to be dropped unless -# the client common name is listed on a line in the -# allowed_clients file. - -die "usage: verify-cn cnfile certificate_depth subject" if (@ARGV != 3); - -# Parse out arguments: -# cnfile -- The file containing the list of common names, one per -# line, which the client is required to have, -# taken from the argument to the tls-verify directive -# in the OpenVPN config file. -# The file can have blank lines and comment lines that begin -# with the # character. -# depth -- The current certificate chain depth. In a typical -# bi-level chain, the root certificate will be at level -# 1 and the client certificate will be at level 0. -# This script will be called separately for each level. -# x509 -- the X509 subject string as extracted by OpenVPN from -# the client's provided certificate. -($cnfile, $depth, $x509) = @ARGV; - -if ($depth == 0) { - # If depth is zero, we know that this is the final - # certificate in the chain (i.e. the client certificate), - # and the one we are interested in examining. - # If so, parse out the common name substring in - # the X509 subject string. - - if ($x509 =~ / CN=([^,]+)/) { - $cn = $1; - # Accept the connection if the X509 common name - # string matches the passed cn argument. - open(FH, '<', $cnfile) or exit 1; # can't open, nobody authenticates! - while (defined($line = <FH>)) { - if ($line !~ /^[[:space:]]*(#|$)/o) { - chop($line); - if ($line eq $cn) { - exit 0; - } - } - } - close(FH); - } - - # Authentication failed -- Either we could not parse - # the X509 subject string, or the common name in the - # subject string didn't match the passed cn argument. - exit 1; -} - -# If depth is nonzero, tell OpenVPN to continue processing -# the certificate chain. -exit 0; diff --git a/main/openvpn/sample/sample-windows/sample.ovpn b/main/openvpn/sample/sample-windows/sample.ovpn deleted file mode 100755 index 5accd573..00000000 --- a/main/openvpn/sample/sample-windows/sample.ovpn +++ /dev/null @@ -1,103 +0,0 @@ -# Edit this file, and save to a .ovpn extension -# so that OpenVPN will activate it when run -# as a service. - -# Change 'myremote' to be your remote host, -# or comment out to enter a listening -# server mode. -remote myremote - -# Uncomment this line to use a different -# port number than the default of 1194. -; port 1194 - -# Choose one of three protocols supported by -# OpenVPN. If left commented out, defaults -# to udp. -; proto [tcp-server | tcp-client | udp] - -# You must specify one of two possible network -# protocols, 'dev tap' or 'dev tun' to be used -# on both sides of the connection. 'tap' creates -# a VPN using the ethernet protocol while 'tun' -# uses the IP protocol. You must use 'tap' -# if you are ethernet bridging or want to route -# broadcasts. 'tun' is somewhat more efficient -# but requires configuration of client software -# to not depend on broadcasts. Some platforms -# such as Solaris, OpenBSD, and Mac OS X only -# support 'tun' interfaces, so if you are -# connecting to such a platform, you must also -# use a 'tun' interface on the Windows side. - -# Enable 'dev tap' or 'dev tun' but not both! -dev tap - -# This is a 'dev tap' ifconfig that creates -# a virtual ethernet subnet. -# 10.3.0.1 is the local VPN IP address -# and 255.255.255.0 is the VPN subnet. -# Only define this option for 'dev tap'. -ifconfig 10.3.0.1 255.255.255.0 - -# This is a 'dev tun' ifconfig that creates -# a point-to-point IP link. -# 10.3.0.1 is the local VPN IP address and -# 10.3.0.2 is the remote VPN IP address. -# Only define this option for 'dev tun'. -# Make sure to include the "tun-mtu" option -# on the remote machine, but swap the order -# of the ifconfig addresses. -;tun-mtu 1500 -;ifconfig 10.3.0.1 10.3.0.2 - -# If you have fragmentation issues or misconfigured -# routers in the path which block Path MTU discovery, -# lower the TCP MSS and internally fragment non-TCP -# protocols. -;fragment 1300 -;mssfix - -# If you have set up more than one TAP-Win32 adapter -# on your system, you must refer to it by name. -;dev-node my-tap - -# You can generate a static OpenVPN key -# by selecting the Generate Key option -# in the start menu. -# -# You can also generate key.txt manually -# with the following command: -# openvpn --genkey --secret key.txt -# -# key must match on both ends of the connection, -# so you should generate it on one machine and -# copy it to the other over a secure medium. -# Place key.txt in the same directory as this -# config file. -secret key.txt - -# Uncomment this section for a more reliable -# detection when a system loses its connection. -# For example, dial-ups or laptops that travel -# to other locations. -# -# If this section is enabled and "myremote" -# above is a dynamic DNS name (i.e. dyndns.org), -# OpenVPN will dynamically "follow" the IP -# address of "myremote" if it changes. -; ping-restart 60 -; ping-timer-rem -; persist-tun -; persist-key -; resolv-retry 86400 - -# keep-alive ping -ping 10 - -# enable LZO compression -comp-lzo - -# moderate verbosity -verb 4 -mute 10 |