diff options
Diffstat (limited to 'openvpn/sample')
48 files changed, 0 insertions, 2641 deletions
diff --git a/openvpn/sample/Makefile.am b/openvpn/sample/Makefile.am deleted file mode 100644 index be30c88a..00000000 --- a/openvpn/sample/Makefile.am +++ /dev/null @@ -1,34 +0,0 @@ -# -# OpenVPN -- An application to securely tunnel IP networks -# over a single UDP port, with support for SSL/TLS-based -# session authentication and key exchange, -# packet encryption, packet authentication, and -# packet compression. -# -# Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net> -# Copyright (C) 2006-2012 Alon Bar-Lev <alon.barlev@gmail.com> -# - -MAINTAINERCLEANFILES = \ - $(srcdir)/Makefile.in - -EXTRA_DIST = \ - sample-plugins \ - sample-config-files \ - sample-windows \ - sample-keys \ - sample-scripts - -if WIN32 -sample_DATA = \ - client.ovpn \ - server.ovpn \ - sample-windows/sample.ovpn - -client.ovpn: sample-config-files/client.conf - -rm -f client.ovpn - cp "$(srcdir)/sample-config-files/client.conf" client.ovpn -server.ovpn: sample-config-files/server.conf - -rm -f server.ovpn - cp "$(srcdir)/sample-config-files/server.conf" server.ovpn -endif diff --git a/openvpn/sample/sample-config-files/README b/openvpn/sample/sample-config-files/README deleted file mode 100644 index d53ac79a..00000000 --- a/openvpn/sample/sample-config-files/README +++ /dev/null @@ -1,6 +0,0 @@ -Sample OpenVPN Configuration Files. - -These files are part of the OpenVPN HOWTO -which is located at: - -http://openvpn.net/howto.html diff --git a/openvpn/sample/sample-config-files/client.conf b/openvpn/sample/sample-config-files/client.conf deleted file mode 100644 index 58b2038b..00000000 --- a/openvpn/sample/sample-config-files/client.conf +++ /dev/null @@ -1,123 +0,0 @@ -############################################## -# Sample client-side OpenVPN 2.0 config file # -# for connecting to multi-client server. # -# # -# This configuration can be used by multiple # -# clients, however each client should have # -# its own cert and key files. # -# # -# On Windows, you might want to rename this # -# file so it has a .ovpn extension # -############################################## - -# Specify that we are a client and that we -# will be pulling certain config file directives -# from the server. -client - -# Use the same setting as you are using on -# the server. -# On most systems, the VPN will not function -# unless you partially or fully disable -# the firewall for the TUN/TAP interface. -;dev tap -dev tun - -# Windows needs the TAP-Win32 adapter name -# from the Network Connections panel -# if you have more than one. On XP SP2, -# you may need to disable the firewall -# for the TAP adapter. -;dev-node MyTap - -# Are we connecting to a TCP or -# UDP server? Use the same setting as -# on the server. -;proto tcp -proto udp - -# The hostname/IP and port of the server. -# You can have multiple remote entries -# to load balance between the servers. -remote my-server-1 1194 -;remote my-server-2 1194 - -# Choose a random host from the remote -# list for load-balancing. Otherwise -# try hosts in the order specified. -;remote-random - -# Keep trying indefinitely to resolve the -# host name of the OpenVPN server. Very useful -# on machines which are not permanently connected -# to the internet such as laptops. -resolv-retry infinite - -# Most clients don't need to bind to -# a specific local port number. -nobind - -# Downgrade privileges after initialization (non-Windows only) -;user nobody -;group nobody - -# Try to preserve some state across restarts. -persist-key -persist-tun - -# If you are connecting through an -# HTTP proxy to reach the actual OpenVPN -# server, put the proxy server/IP and -# port number here. See the man page -# if your proxy server requires -# authentication. -;http-proxy-retry # retry on connection failures -;http-proxy [proxy server] [proxy port #] - -# Wireless networks often produce a lot -# of duplicate packets. Set this flag -# to silence duplicate packet warnings. -;mute-replay-warnings - -# SSL/TLS parms. -# See the server config file for more -# description. It's best to use -# a separate .crt/.key file pair -# for each client. A single ca -# file can be used for all clients. -ca ca.crt -cert client.crt -key client.key - -# Verify server certificate by checking -# that the certicate has the nsCertType -# field set to "server". This is an -# important precaution to protect against -# a potential attack discussed here: -# http://openvpn.net/howto.html#mitm -# -# To use this feature, you will need to generate -# your server certificates with the nsCertType -# field set to "server". The build-key-server -# script in the easy-rsa folder will do this. -ns-cert-type server - -# If a tls-auth key is used on the server -# then every client must also have the key. -;tls-auth ta.key 1 - -# Select a cryptographic cipher. -# If the cipher option is used on the server -# then you must also specify it here. -;cipher x - -# Enable compression on the VPN link. -# Don't enable this unless it is also -# enabled in the server config file. -comp-lzo - -# Set log file verbosity. -verb 3 - -# Silence repeating messages -;mute 20 diff --git a/openvpn/sample/sample-config-files/firewall.sh b/openvpn/sample/sample-config-files/firewall.sh deleted file mode 100755 index 19d75ee9..00000000 --- a/openvpn/sample/sample-config-files/firewall.sh +++ /dev/null @@ -1,108 +0,0 @@ -#!/bin/sh - -# A Sample OpenVPN-aware firewall. - -# eth0 is connected to the internet. -# eth1 is connected to a private subnet. - -# Change this subnet to correspond to your private -# ethernet subnet. Home will use HOME_NET/24 and -# Office will use OFFICE_NET/24. -PRIVATE=10.0.0.0/24 - -# Loopback address -LOOP=127.0.0.1 - -# Delete old iptables rules -# and temporarily block all traffic. -iptables -P OUTPUT DROP -iptables -P INPUT DROP -iptables -P FORWARD DROP -iptables -F - -# Set default policies -iptables -P OUTPUT ACCEPT -iptables -P INPUT DROP -iptables -P FORWARD DROP - -# Prevent external packets from using loopback addr -iptables -A INPUT -i eth0 -s $LOOP -j DROP -iptables -A FORWARD -i eth0 -s $LOOP -j DROP -iptables -A INPUT -i eth0 -d $LOOP -j DROP -iptables -A FORWARD -i eth0 -d $LOOP -j DROP - -# Anything coming from the Internet should have a real Internet address -iptables -A FORWARD -i eth0 -s 192.168.0.0/16 -j DROP -iptables -A FORWARD -i eth0 -s 172.16.0.0/12 -j DROP -iptables -A FORWARD -i eth0 -s 10.0.0.0/8 -j DROP -iptables -A INPUT -i eth0 -s 192.168.0.0/16 -j DROP -iptables -A INPUT -i eth0 -s 172.16.0.0/12 -j DROP -iptables -A INPUT -i eth0 -s 10.0.0.0/8 -j DROP - -# Block outgoing NetBios (if you have windows machines running -# on the private subnet). This will not affect any NetBios -# traffic that flows over the VPN tunnel, but it will stop -# local windows machines from broadcasting themselves to -# the internet. -iptables -A FORWARD -p tcp --sport 137:139 -o eth0 -j DROP -iptables -A FORWARD -p udp --sport 137:139 -o eth0 -j DROP -iptables -A OUTPUT -p tcp --sport 137:139 -o eth0 -j DROP -iptables -A OUTPUT -p udp --sport 137:139 -o eth0 -j DROP - -# Check source address validity on packets going out to internet -iptables -A FORWARD -s ! $PRIVATE -i eth1 -j DROP - -# Allow local loopback -iptables -A INPUT -s $LOOP -j ACCEPT -iptables -A INPUT -d $LOOP -j ACCEPT - -# Allow incoming pings (can be disabled) -iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT - -# Allow services such as www and ssh (can be disabled) -iptables -A INPUT -p tcp --dport http -j ACCEPT -iptables -A INPUT -p tcp --dport ssh -j ACCEPT - -# Allow incoming OpenVPN packets -# Duplicate the line below for each -# OpenVPN tunnel, changing --dport n -# to match the OpenVPN UDP port. -# -# In OpenVPN, the port number is -# controlled by the --port n option. -# If you put this option in the config -# file, you can remove the leading '--' -# -# If you taking the stateful firewall -# approach (see the OpenVPN HOWTO), -# then comment out the line below. - -iptables -A INPUT -p udp --dport 1194 -j ACCEPT - -# Allow packets from TUN/TAP devices. -# When OpenVPN is run in a secure mode, -# it will authenticate packets prior -# to their arriving on a tun or tap -# interface. Therefore, it is not -# necessary to add any filters here, -# unless you want to restrict the -# type of packets which can flow over -# the tunnel. - -iptables -A INPUT -i tun+ -j ACCEPT -iptables -A FORWARD -i tun+ -j ACCEPT -iptables -A INPUT -i tap+ -j ACCEPT -iptables -A FORWARD -i tap+ -j ACCEPT - -# Allow packets from private subnets -iptables -A INPUT -i eth1 -j ACCEPT -iptables -A FORWARD -i eth1 -j ACCEPT - -# Keep state of connections from local machine and private subnets -iptables -A OUTPUT -m state --state NEW -o eth0 -j ACCEPT -iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -iptables -A FORWARD -m state --state NEW -o eth0 -j ACCEPT -iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT - -# Masquerade local subnet -iptables -t nat -A POSTROUTING -s $PRIVATE -o eth0 -j MASQUERADE diff --git a/openvpn/sample/sample-config-files/home.up b/openvpn/sample/sample-config-files/home.up deleted file mode 100755 index 9c347cc5..00000000 --- a/openvpn/sample/sample-config-files/home.up +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/sh -route add -net 10.0.0.0 netmask 255.255.255.0 gw $5 diff --git a/openvpn/sample/sample-config-files/loopback-client b/openvpn/sample/sample-config-files/loopback-client deleted file mode 100644 index d7f59e69..00000000 --- a/openvpn/sample/sample-config-files/loopback-client +++ /dev/null @@ -1,25 +0,0 @@ -# Perform a TLS loopback test -- client side. -# -# This test performs a TLS negotiation once every 10 seconds, -# and will terminate after 2 minutes. -# -# From the root directory of the OpenVPN distribution, -# after openvpn has been built, run: -# -# ./openvpn --config sample-config-files/loopback-client (In one window) -# ./openvpn --config sample-config-files/loopback-server (Simultaneously in another window) - -rport 16000 -lport 16001 -remote localhost -local localhost -dev null -verb 3 -reneg-sec 10 -tls-client -ca sample-keys/ca.crt -key sample-keys/client.key -cert sample-keys/client.crt -cipher DES-EDE3-CBC -ping 1 -inactive 120 10000000 diff --git a/openvpn/sample/sample-config-files/loopback-server b/openvpn/sample/sample-config-files/loopback-server deleted file mode 100644 index 9d21bcec..00000000 --- a/openvpn/sample/sample-config-files/loopback-server +++ /dev/null @@ -1,26 +0,0 @@ -# Perform a TLS loopback test -- server side. -# -# This test performs a TLS negotiation once every 10 seconds, -# and will terminate after 2 minutes. -# -# From the root directory of the OpenVPN distribution, -# after openvpn has been built, run: -# -# ./openvpn --config sample-config-files/loopback-client (In one window) -# ./openvpn --config sample-config-files/loopback-server (Simultaneously in another window) - -rport 16001 -lport 16000 -remote localhost -local localhost -dev null -verb 3 -reneg-sec 10 -tls-server -dh sample-keys/dh1024.pem -ca sample-keys/ca.crt -key sample-keys/server.key -cert sample-keys/server.crt -cipher DES-EDE3-CBC -ping 1 -inactive 120 10000000 diff --git a/openvpn/sample/sample-config-files/office.up b/openvpn/sample/sample-config-files/office.up deleted file mode 100755 index 74a71a33..00000000 --- a/openvpn/sample/sample-config-files/office.up +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/sh -route add -net 10.0.1.0 netmask 255.255.255.0 gw $5 diff --git a/openvpn/sample/sample-config-files/openvpn-shutdown.sh b/openvpn/sample/sample-config-files/openvpn-shutdown.sh deleted file mode 100755 index 8ed2d1d5..00000000 --- a/openvpn/sample/sample-config-files/openvpn-shutdown.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh - -# stop all openvpn processes - -killall -TERM openvpn diff --git a/openvpn/sample/sample-config-files/openvpn-startup.sh b/openvpn/sample/sample-config-files/openvpn-startup.sh deleted file mode 100755 index 0ee006bc..00000000 --- a/openvpn/sample/sample-config-files/openvpn-startup.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/sh - -# A sample OpenVPN startup script -# for Linux. - -# openvpn config file directory -dir=/etc/openvpn - -# load the firewall -$dir/firewall.sh - -# load TUN/TAP kernel module -modprobe tun - -# enable IP forwarding -echo 1 > /proc/sys/net/ipv4/ip_forward - -# Invoke openvpn for each VPN tunnel -# in daemon mode. Alternatively, -# you could remove "--daemon" from -# the command line and add "daemon" -# to the config file. -# -# Each tunnel should run on a separate -# UDP port. Use the "port" option -# to control this. Like all of -# OpenVPN's options, you can -# specify "--port 8000" on the command -# line or "port 8000" in the config -# file. - -openvpn --cd $dir --daemon --config vpn1.conf -openvpn --cd $dir --daemon --config vpn2.conf -openvpn --cd $dir --daemon --config vpn2.conf diff --git a/openvpn/sample/sample-config-files/server.conf b/openvpn/sample/sample-config-files/server.conf deleted file mode 100644 index f483b6bb..00000000 --- a/openvpn/sample/sample-config-files/server.conf +++ /dev/null @@ -1,299 +0,0 @@ -################################################# -# Sample OpenVPN 2.0 config file for # -# multi-client server. # -# # -# This file is for the server side # -# of a many-clients <-> one-server # -# OpenVPN configuration. # -# # -# OpenVPN also supports # -# single-machine <-> single-machine # -# configurations (See the Examples page # -# on the web site for more info). # -# # -# This config should work on Windows # -# or Linux/BSD systems. Remember on # -# Windows to quote pathnames and use # -# double backslashes, e.g.: # -# "C:\\Program Files\\OpenVPN\\config\\foo.key" # -# # -# Comments are preceded with '#' or ';' # -################################################# - -# Which local IP address should OpenVPN -# listen on? (optional) -;local a.b.c.d - -# Which TCP/UDP port should OpenVPN listen on? -# If you want to run multiple OpenVPN instances -# on the same machine, use a different port -# number for each one. You will need to -# open up this port on your firewall. -port 1194 - -# TCP or UDP server? -;proto tcp -proto udp - -# "dev tun" will create a routed IP tunnel, -# "dev tap" will create an ethernet tunnel. -# Use "dev tap0" if you are ethernet bridging -# and have precreated a tap0 virtual interface -# and bridged it with your ethernet interface. -# If you want to control access policies -# over the VPN, you must create firewall -# rules for the the TUN/TAP interface. -# On non-Windows systems, you can give -# an explicit unit number, such as tun0. -# On Windows, use "dev-node" for this. -# On most systems, the VPN will not function -# unless you partially or fully disable -# the firewall for the TUN/TAP interface. -;dev tap -dev tun - -# Windows needs the TAP-Win32 adapter name -# from the Network Connections panel if you -# have more than one. On XP SP2 or higher, -# you may need to selectively disable the -# Windows firewall for the TAP adapter. -# Non-Windows systems usually don't need this. -;dev-node MyTap - -# SSL/TLS root certificate (ca), certificate -# (cert), and private key (key). Each client -# and the server must have their own cert and -# key file. The server and all clients will -# use the same ca file. -# -# See the "easy-rsa" directory for a series -# of scripts for generating RSA certificates -# and private keys. Remember to use -# a unique Common Name for the server -# and each of the client certificates. -# -# Any X509 key management system can be used. -# OpenVPN can also use a PKCS #12 formatted key file -# (see "pkcs12" directive in man page). -ca ca.crt -cert server.crt -key server.key # This file should be kept secret - -# Diffie hellman parameters. -# Generate your own with: -# openssl dhparam -out dh1024.pem 1024 -# Substitute 2048 for 1024 if you are using -# 2048 bit keys. -dh dh1024.pem - -# Configure server mode and supply a VPN subnet -# for OpenVPN to draw client addresses from. -# The server will take 10.8.0.1 for itself, -# the rest will be made available to clients. -# Each client will be able to reach the server -# on 10.8.0.1. Comment this line out if you are -# ethernet bridging. See the man page for more info. -server 10.8.0.0 255.255.255.0 - -# Maintain a record of client <-> virtual IP address -# associations in this file. If OpenVPN goes down or -# is restarted, reconnecting clients can be assigned -# the same virtual IP address from the pool that was -# previously assigned. -ifconfig-pool-persist ipp.txt - -# Configure server mode for ethernet bridging. -# You must first use your OS's bridging capability -# to bridge the TAP interface with the ethernet -# NIC interface. Then you must manually set the -# IP/netmask on the bridge interface, here we -# assume 10.8.0.4/255.255.255.0. Finally we -# must set aside an IP range in this subnet -# (start=10.8.0.50 end=10.8.0.100) to allocate -# to connecting clients. Leave this line commented -# out unless you are ethernet bridging. -;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100 - -# Configure server mode for ethernet bridging -# using a DHCP-proxy, where clients talk -# to the OpenVPN server-side DHCP server -# to receive their IP address allocation -# and DNS server addresses. You must first use -# your OS's bridging capability to bridge the TAP -# interface with the ethernet NIC interface. -# Note: this mode only works on clients (such as -# Windows), where the client-side TAP adapter is -# bound to a DHCP client. -;server-bridge - -# Push routes to the client to allow it -# to reach other private subnets behind -# the server. Remember that these -# private subnets will also need -# to know to route the OpenVPN client -# address pool (10.8.0.0/255.255.255.0) -# back to the OpenVPN server. -;push "route 192.168.10.0 255.255.255.0" -;push "route 192.168.20.0 255.255.255.0" - -# To assign specific IP addresses to specific -# clients or if a connecting client has a private -# subnet behind it that should also have VPN access, -# use the subdirectory "ccd" for client-specific -# configuration files (see man page for more info). - -# EXAMPLE: Suppose the client -# having the certificate common name "Thelonious" -# also has a small subnet behind his connecting -# machine, such as 192.168.40.128/255.255.255.248. -# First, uncomment out these lines: -;client-config-dir ccd -;route 192.168.40.128 255.255.255.248 -# Then create a file ccd/Thelonious with this line: -# iroute 192.168.40.128 255.255.255.248 -# This will allow Thelonious' private subnet to -# access the VPN. This example will only work -# if you are routing, not bridging, i.e. you are -# using "dev tun" and "server" directives. - -# EXAMPLE: Suppose you want to give -# Thelonious a fixed VPN IP address of 10.9.0.1. -# First uncomment out these lines: -;client-config-dir ccd -;route 10.9.0.0 255.255.255.252 -# Then add this line to ccd/Thelonious: -# ifconfig-push 10.9.0.1 10.9.0.2 - -# Suppose that you want to enable different -# firewall access policies for different groups -# of clients. There are two methods: -# (1) Run multiple OpenVPN daemons, one for each -# group, and firewall the TUN/TAP interface -# for each group/daemon appropriately. -# (2) (Advanced) Create a script to dynamically -# modify the firewall in response to access -# from different clients. See man -# page for more info on learn-address script. -;learn-address ./script - -# If enabled, this directive will configure -# all clients to redirect their default -# network gateway through the VPN, causing -# all IP traffic such as web browsing and -# and DNS lookups to go through the VPN -# (The OpenVPN server machine may need to NAT -# or bridge the TUN/TAP interface to the internet -# in order for this to work properly). -;push "redirect-gateway def1 bypass-dhcp" - -# Certain Windows-specific network settings -# can be pushed to clients, such as DNS -# or WINS server addresses. CAVEAT: -# http://openvpn.net/faq.html#dhcpcaveats -# The addresses below refer to the public -# DNS servers provided by opendns.com. -;push "dhcp-option DNS 208.67.222.222" -;push "dhcp-option DNS 208.67.220.220" - -# Uncomment this directive to allow different -# clients to be able to "see" each other. -# By default, clients will only see the server. -# To force clients to only see the server, you -# will also need to appropriately firewall the -# server's TUN/TAP interface. -;client-to-client - -# Uncomment this directive if multiple clients -# might connect with the same certificate/key -# files or common names. This is recommended -# only for testing purposes. For production use, -# each client should have its own certificate/key -# pair. -# -# IF YOU HAVE NOT GENERATED INDIVIDUAL -# CERTIFICATE/KEY PAIRS FOR EACH CLIENT, -# EACH HAVING ITS OWN UNIQUE "COMMON NAME", -# UNCOMMENT THIS LINE OUT. -;duplicate-cn - -# The keepalive directive causes ping-like -# messages to be sent back and forth over -# the link so that each side knows when -# the other side has gone down. -# Ping every 10 seconds, assume that remote -# peer is down if no ping received during -# a 120 second time period. -keepalive 10 120 - -# For extra security beyond that provided -# by SSL/TLS, create an "HMAC firewall" -# to help block DoS attacks and UDP port flooding. -# -# Generate with: -# openvpn --genkey --secret ta.key -# -# The server and each client must have -# a copy of this key. -# The second parameter should be '0' -# on the server and '1' on the clients. -;tls-auth ta.key 0 # This file is secret - -# Select a cryptographic cipher. -# This config item must be copied to -# the client config file as well. -;cipher BF-CBC # Blowfish (default) -;cipher AES-128-CBC # AES -;cipher DES-EDE3-CBC # Triple-DES - -# Enable compression on the VPN link. -# If you enable it here, you must also -# enable it in the client config file. -comp-lzo - -# The maximum number of concurrently connected -# clients we want to allow. -;max-clients 100 - -# It's a good idea to reduce the OpenVPN -# daemon's privileges after initialization. -# -# You can uncomment this out on -# non-Windows systems. -;user nobody -;group nobody - -# The persist options will try to avoid -# accessing certain resources on restart -# that may no longer be accessible because -# of the privilege downgrade. -persist-key -persist-tun - -# Output a short status file showing -# current connections, truncated -# and rewritten every minute. -status openvpn-status.log - -# By default, log messages will go to the syslog (or -# on Windows, if running as a service, they will go to -# the "\Program Files\OpenVPN\log" directory). -# Use log or log-append to override this default. -# "log" will truncate the log file on OpenVPN startup, -# while "log-append" will append to it. Use one -# or the other (but not both). -;log openvpn.log -;log-append openvpn.log - -# Set the appropriate level of log -# file verbosity. -# -# 0 is silent, except for fatal errors -# 4 is reasonable for general usage -# 5 and 6 can help to debug connection problems -# 9 is extremely verbose -verb 3 - -# Silence repeating messages. At most 20 -# sequential messages of the same message -# category will be output to the log. -;mute 20 diff --git a/openvpn/sample/sample-config-files/static-home.conf b/openvpn/sample/sample-config-files/static-home.conf deleted file mode 100644 index c9666874..00000000 --- a/openvpn/sample/sample-config-files/static-home.conf +++ /dev/null @@ -1,72 +0,0 @@ -# -# Sample OpenVPN configuration file for -# home using a pre-shared static key. -# -# '#' or ';' may be used to delimit comments. - -# Use a dynamic tun device. -# For Linux 2.2 or non-Linux OSes, -# you may want to use an explicit -# unit number such as "tun1". -# OpenVPN also supports virtual -# ethernet "tap" devices. -dev tun - -# Our OpenVPN peer is the office gateway. -remote 1.2.3.4 - -# 10.1.0.2 is our local VPN endpoint (home). -# 10.1.0.1 is our remote VPN endpoint (office). -ifconfig 10.1.0.2 10.1.0.1 - -# Our up script will establish routes -# once the VPN is alive. -up ./home.up - -# Our pre-shared static key -secret static.key - -# OpenVPN 2.0 uses UDP port 1194 by default -# (official port assignment by iana.org 11/04). -# OpenVPN 1.x uses UDP port 5000 by default. -# Each OpenVPN tunnel must use -# a different port number. -# lport or rport can be used -# to denote different ports -# for local and remote. -; port 1194 - -# Downgrade UID and GID to -# "nobody" after initialization -# for extra security. -; user nobody -; group nobody - -# If you built OpenVPN with -# LZO compression, uncomment -# out the following line. -; comp-lzo - -# Send a UDP ping to remote once -# every 15 seconds to keep -# stateful firewall connection -# alive. Uncomment this -# out if you are using a stateful -# firewall. -; ping 15 - -# Uncomment this section for a more reliable detection when a system -# loses its connection. For example, dial-ups or laptops that -# travel to other locations. -; ping 15 -; ping-restart 45 -; ping-timer-rem -; persist-tun -; persist-key - -# Verbosity level. -# 0 -- quiet except for fatal errors. -# 1 -- mostly quiet, but display non-fatal network errors. -# 3 -- medium output, good for normal operation. -# 9 -- verbose, good for troubleshooting -verb 3 diff --git a/openvpn/sample/sample-config-files/static-office.conf b/openvpn/sample/sample-config-files/static-office.conf deleted file mode 100644 index 68030cc9..00000000 --- a/openvpn/sample/sample-config-files/static-office.conf +++ /dev/null @@ -1,69 +0,0 @@ -# -# Sample OpenVPN configuration file for -# office using a pre-shared static key. -# -# '#' or ';' may be used to delimit comments. - -# Use a dynamic tun device. -# For Linux 2.2 or non-Linux OSes, -# you may want to use an explicit -# unit number such as "tun1". -# OpenVPN also supports virtual -# ethernet "tap" devices. -dev tun - -# 10.1.0.1 is our local VPN endpoint (office). -# 10.1.0.2 is our remote VPN endpoint (home). -ifconfig 10.1.0.1 10.1.0.2 - -# Our up script will establish routes -# once the VPN is alive. -up ./office.up - -# Our pre-shared static key -secret static.key - -# OpenVPN 2.0 uses UDP port 1194 by default -# (official port assignment by iana.org 11/04). -# OpenVPN 1.x uses UDP port 5000 by default. -# Each OpenVPN tunnel must use -# a different port number. -# lport or rport can be used -# to denote different ports -# for local and remote. -; port 1194 - -# Downgrade UID and GID to -# "nobody" after initialization -# for extra security. -; user nobody -; group nobody - -# If you built OpenVPN with -# LZO compression, uncomment -# out the following line. -; comp-lzo - -# Send a UDP ping to remote once -# every 15 seconds to keep -# stateful firewall connection -# alive. Uncomment this -# out if you are using a stateful -# firewall. -; ping 15 - -# Uncomment this section for a more reliable detection when a system -# loses its connection. For example, dial-ups or laptops that -# travel to other locations. -; ping 15 -; ping-restart 45 -; ping-timer-rem -; persist-tun -; persist-key - -# Verbosity level. -# 0 -- quiet except for fatal errors. -# 1 -- mostly quiet, but display non-fatal network errors. -# 3 -- medium output, good for normal operation. -# 9 -- verbose, good for troubleshooting -verb 3 diff --git a/openvpn/sample/sample-config-files/tls-home.conf b/openvpn/sample/sample-config-files/tls-home.conf deleted file mode 100644 index daa4ea1e..00000000 --- a/openvpn/sample/sample-config-files/tls-home.conf +++ /dev/null @@ -1,83 +0,0 @@ -# -# Sample OpenVPN configuration file for -# home using SSL/TLS mode and RSA certificates/keys. -# -# '#' or ';' may be used to delimit comments. - -# Use a dynamic tun device. -# For Linux 2.2 or non-Linux OSes, -# you may want to use an explicit -# unit number such as "tun1". -# OpenVPN also supports virtual -# ethernet "tap" devices. -dev tun - -# Our OpenVPN peer is the office gateway. -remote 1.2.3.4 - -# 10.1.0.2 is our local VPN endpoint (home). -# 10.1.0.1 is our remote VPN endpoint (office). -ifconfig 10.1.0.2 10.1.0.1 - -# Our up script will establish routes -# once the VPN is alive. -up ./home.up - -# In SSL/TLS key exchange, Office will -# assume server role and Home -# will assume client role. -tls-client - -# Certificate Authority file -ca my-ca.crt - -# Our certificate/public key -cert home.crt - -# Our private key -key home.key - -# OpenVPN 2.0 uses UDP port 1194 by default -# (official port assignment by iana.org 11/04). -# OpenVPN 1.x uses UDP port 5000 by default. -# Each OpenVPN tunnel must use -# a different port number. -# lport or rport can be used -# to denote different ports -# for local and remote. -; port 1194 - -# Downgrade UID and GID to -# "nobody" after initialization -# for extra security. -; user nobody -; group nobody - -# If you built OpenVPN with -# LZO compression, uncomment -# out the following line. -; comp-lzo - -# Send a UDP ping to remote once -# every 15 seconds to keep -# stateful firewall connection -# alive. Uncomment this -# out if you are using a stateful -# firewall. -; ping 15 - -# Uncomment this section for a more reliable detection when a system -# loses its connection. For example, dial-ups or laptops that -# travel to other locations. -; ping 15 -; ping-restart 45 -; ping-timer-rem -; persist-tun -; persist-key - -# Verbosity level. -# 0 -- quiet except for fatal errors. -# 1 -- mostly quiet, but display non-fatal network errors. -# 3 -- medium output, good for normal operation. -# 9 -- verbose, good for troubleshooting -verb 3 diff --git a/openvpn/sample/sample-config-files/tls-office.conf b/openvpn/sample/sample-config-files/tls-office.conf deleted file mode 100644 index f790f469..00000000 --- a/openvpn/sample/sample-config-files/tls-office.conf +++ /dev/null @@ -1,83 +0,0 @@ -# -# Sample OpenVPN configuration file for -# office using SSL/TLS mode and RSA certificates/keys. -# -# '#' or ';' may be used to delimit comments. - -# Use a dynamic tun device. -# For Linux 2.2 or non-Linux OSes, -# you may want to use an explicit -# unit number such as "tun1". -# OpenVPN also supports virtual -# ethernet "tap" devices. -dev tun - -# 10.1.0.1 is our local VPN endpoint (office). -# 10.1.0.2 is our remote VPN endpoint (home). -ifconfig 10.1.0.1 10.1.0.2 - -# Our up script will establish routes -# once the VPN is alive. -up ./office.up - -# In SSL/TLS key exchange, Office will -# assume server role and Home -# will assume client role. -tls-server - -# Diffie-Hellman Parameters (tls-server only) -dh dh1024.pem - -# Certificate Authority file -ca my-ca.crt - -# Our certificate/public key -cert office.crt - -# Our private key -key office.key - -# OpenVPN 2.0 uses UDP port 1194 by default -# (official port assignment by iana.org 11/04). -# OpenVPN 1.x uses UDP port 5000 by default. -# Each OpenVPN tunnel must use -# a different port number. -# lport or rport can be used -# to denote different ports -# for local and remote. -; port 1194 - -# Downgrade UID and GID to -# "nobody" after initialization -# for extra security. -; user nobody -; group nobody - -# If you built OpenVPN with -# LZO compression, uncomment -# out the following line. -; comp-lzo - -# Send a UDP ping to remote once -# every 15 seconds to keep -# stateful firewall connection -# alive. Uncomment this -# out if you are using a stateful -# firewall. -; ping 15 - -# Uncomment this section for a more reliable detection when a system -# loses its connection. For example, dial-ups or laptops that -# travel to other locations. -; ping 15 -; ping-restart 45 -; ping-timer-rem -; persist-tun -; persist-key - -# Verbosity level. -# 0 -- quiet except for fatal errors. -# 1 -- mostly quiet, but display non-fatal network errors. -# 3 -- medium output, good for normal operation. -# 9 -- verbose, good for troubleshooting -verb 3 diff --git a/openvpn/sample/sample-config-files/xinetd-client-config b/openvpn/sample/sample-config-files/xinetd-client-config deleted file mode 100644 index 03c5c1fa..00000000 --- a/openvpn/sample/sample-config-files/xinetd-client-config +++ /dev/null @@ -1,11 +0,0 @@ -# This OpenVPN config file -# is the client side counterpart -# of xinetd-server-config - -dev tun -ifconfig 10.4.0.1 10.4.0.2 -remote my-server -port 1194 -user nobody -secret /root/openvpn/key -inactive 600 diff --git a/openvpn/sample/sample-config-files/xinetd-server-config b/openvpn/sample/sample-config-files/xinetd-server-config deleted file mode 100644 index 803a6f8f..00000000 --- a/openvpn/sample/sample-config-files/xinetd-server-config +++ /dev/null @@ -1,25 +0,0 @@ -# An xinetd configuration file for OpenVPN. -# -# This file should be renamed to openvpn or something suitably -# descriptive and copied to the /etc/xinetd.d directory. -# xinetd can then be made aware of this file by restarting -# it or sending it a SIGHUP signal. -# -# For each potential incoming client, create a separate version -# of this configuration file on a unique port number. Also note -# that the key file and ifconfig endpoints should be unique for -# each client. This configuration assumes that the OpenVPN -# executable and key live in /root/openvpn. Change this to fit -# your environment. - -service openvpn_1 -{ - type = UNLISTED - port = 1194 - socket_type = dgram - protocol = udp - wait = yes - user = root - server = /root/openvpn/openvpn - server_args = --inetd --dev tun --ifconfig 10.4.0.2 10.4.0.1 --secret /root/openvpn/key --inactive 600 --user nobody -} diff --git a/openvpn/sample/sample-keys/README b/openvpn/sample/sample-keys/README deleted file mode 100644 index 1cd473a1..00000000 --- a/openvpn/sample/sample-keys/README +++ /dev/null @@ -1,14 +0,0 @@ -Sample RSA keys. - -See the examples section of the man page -for usage examples. - -NOTE: THESE KEYS ARE FOR TESTING PURPOSES ONLY. - DON'T USE THEM FOR ANY REAL WORK BECAUSE - THEY ARE TOTALLY INSECURE! - -ca.{crt,key} -- sample CA key/cert -client.{crt,key} -- sample client key/cert -server.{crt,key} -- sample server key/cert (nsCertType=server) -pass.{crt,key} -- sample client key/cert with password-encrypted key - password = "password" diff --git a/openvpn/sample/sample-keys/ca.crt b/openvpn/sample/sample-keys/ca.crt deleted file mode 100644 index e063ccce..00000000 --- a/openvpn/sample/sample-keys/ca.crt +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDBjCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQQFADBmMQswCQYDVQQGEwJLRzEL -MAkGA1UECBMCTkExEDAOBgNVBAcTB0JJU0hLRUsxFTATBgNVBAoTDE9wZW5WUE4t -VEVTVDEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTA0MTEy -NTE0NDA1NVoXDTE0MTEyMzE0NDA1NVowZjELMAkGA1UEBhMCS0cxCzAJBgNVBAgT -Ak5BMRAwDgYDVQQHEwdCSVNIS0VLMRUwEwYDVQQKEwxPcGVuVlBOLVRFU1QxITAf -BgkqhkiG9w0BCQEWEm1lQG15aG9zdC5teWRvbWFpbjCBnzANBgkqhkiG9w0BAQEF -AAOBjQAwgYkCgYEAqPjWJnesPu6bR/iec4FMz3opVaPdBHxg+ORKNmrnVZPh0t8/ -ZT34KXkYoI9B82scurp8UlZVXG8JdUsz+yai8ti9+g7vcuyKUtcCIjn0HLgmdPu5 -gFX25lB0pXw+XIU031dOfPvtROdG5YZN5yCErgCy7TE7zntLnkEDuRmyU6cCAwEA -AaOBwzCBwDAdBgNVHQ4EFgQUiaZg47rqPq/8ZH9MvYzSSI3gzEYwgZAGA1UdIwSB -iDCBhYAUiaZg47rqPq/8ZH9MvYzSSI3gzEahaqRoMGYxCzAJBgNVBAYTAktHMQsw -CQYDVQQIEwJOQTEQMA4GA1UEBxMHQklTSEtFSzEVMBMGA1UEChMMT3BlblZQTi1U -RVNUMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW6CAQAwDAYDVR0T -BAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBfJoiWYrYdjM0mKPEzUQk0nLYTovBP -I0es/2rfGrin1zbcFY+4dhVBd1E/StebnG+CP8r7QeEIwu7x8gYDdOLLsZn+2vBL -e4jNU1ClI6Q0L7jrzhhunQ5mAaZztVyYwFB15odYcdN2iO0tP7jtEsvrRqxICNy3 -8itzViPTf5W4sA== ------END CERTIFICATE----- diff --git a/openvpn/sample/sample-keys/ca.key b/openvpn/sample/sample-keys/ca.key deleted file mode 100644 index b4bf792a..00000000 --- a/openvpn/sample/sample-keys/ca.key +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXQIBAAKBgQCo+NYmd6w+7ptH+J5zgUzPeilVo90EfGD45Eo2audVk+HS3z9l -PfgpeRigj0Hzaxy6unxSVlVcbwl1SzP7JqLy2L36Du9y7IpS1wIiOfQcuCZ0+7mA -VfbmUHSlfD5chTTfV058++1E50blhk3nIISuALLtMTvOe0ueQQO5GbJTpwIDAQAB -AoGAQuVREyWp4bhhbZr2UFBOco2ws6EOLWp4kdD/uI+WSoEjlHKiDJj+GJ1CrL5K -o+4yD5MpCQf4/4FOQ0ukprfjJpDwDinTG6vzuWSLTHNiTgvksW3vy7IsNMJx97hT -4D2QOOl9HhA50Qqg70teMPYXOgLRMVsdCIV7p7zDNy4nM+ECQQDX8m5ZcQmPtUDA -38dPTfpL4U7kMB94FItJYH/Lk5kMW1/J33xymNhL+BHaG064ol9n2ubGW4XEO5t2 -qE1IOsVpAkEAyE/x/OBVSI1s75aYGlEwMd87p3qaDdtXT7WzujjRY7r8Y1ynkMU6 -GtMeneBX/lk4BY/6I+5bhAzce+hqhaXejwJBAL5Wg+c4GApf41xdogqHm7doNyYw -OHyZ9w9NDDc+uGbI30xLPSCxEe0cEXgiG6foDpm2uzRZFTWaqHPU8pFYpAkCQGNX -cpWM0/7VVK9Fqk1y8knpgfY/UWOJ4jU/0dCLGR0ywLSuYNPlXDmtdkOp3TnhGW14 -x/9F2NEWZ8pzq1B4wHUCQQC5ztD4m/rpiIpinoewUJODoeBJXYBKqx1+mdrALCq6 -ESvK1WRiusMaY3xmsdv4J2TB5iUPryELbn3jU12WGcQc ------END RSA PRIVATE KEY----- diff --git a/openvpn/sample/sample-keys/client.crt b/openvpn/sample/sample-keys/client.crt deleted file mode 100644 index c0474461..00000000 --- a/openvpn/sample/sample-keys/client.crt +++ /dev/null @@ -1,65 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 2 (0x2) - Signature Algorithm: md5WithRSAEncryption - Issuer: C=KG, ST=NA, L=BISHKEK, O=OpenVPN-TEST/emailAddress=me@myhost.mydomain - Validity - Not Before: Nov 25 14:46:49 2004 GMT - Not After : Nov 23 14:46:49 2014 GMT - Subject: C=KG, ST=NA, O=OpenVPN-TEST, CN=Test-Client/emailAddress=me@myhost.mydomain - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:d2:12:5c:c6:4d:13:34:ae:cf:fa:ab:fe:cb:de: - 8c:f1:4b:4a:95:28:60:87:82:2c:b8:c1:e5:8e:c6: - 5d:11:58:61:a4:a5:f1:42:d7:86:74:6c:9d:9c:7a: - f0:3a:5c:29:e6:53:3b:5e:6d:d8:f0:45:06:2c:23: - ee:09:bc:02:8f:0e:b8:d5:33:1f:c3:4a:11:02:48: - 0b:cc:4b:ad:6e:74:e0:a2:53:b1:d6:cc:89:b9:e2: - 6f:db:15:b3:19:1e:57:04:79:48:3a:da:76:31:fc: - bf:d3:34:21:e7:32:d8:9e:06:4e:be:f3:e3:79:b0: - 54:fd:d1:42:32:aa:3e:7a:c1 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - Netscape Comment: - OpenSSL Generated Certificate - X509v3 Subject Key Identifier: - 17:B7:3F:C7:62:A0:A9:FD:A4:31:0E:58:D7:D9:94:7B:4B:3F:CB:56 - X509v3 Authority Key Identifier: - keyid:89:A6:60:E3:BA:EA:3E:AF:FC:64:7F:4C:BD:8C:D2:48:8D:E0:CC:46 - DirName:/C=KG/ST=NA/L=BISHKEK/O=OpenVPN-TEST/emailAddress=me@myhost.mydomain - serial:00 - - Signature Algorithm: md5WithRSAEncryption - 61:c6:d1:fa:24:0f:c7:be:09:3b:d8:04:17:63:31:17:07:f9: - 56:99:af:4c:67:fa:db:cb:94:cf:55:a5:7b:16:20:8b:42:64: - 13:23:62:45:28:93:5e:36:f7:db:02:95:a1:e9:fd:e3:0f:8d: - 73:a1:7b:0e:55:78:4d:a5:c4:b7:22:12:a0:ee:55:e0:b8:0e: - c9:9b:12:e3:b0:ef:9b:68:93:57:6e:6c:ad:16:68:8e:8d:30: - 33:fe:2a:1b:c3:03:8f:b6:0a:2d:0c:b1:3c:bb:f9:58:3f:8c: - 81:59:6b:14:dd:62:b5:c2:93:ed:5d:c6:19:0f:9b:4b:52:b3: - 7c:78 ------BEGIN CERTIFICATE----- -MIIDNTCCAp6gAwIBAgIBAjANBgkqhkiG9w0BAQQFADBmMQswCQYDVQQGEwJLRzEL -MAkGA1UECBMCTkExEDAOBgNVBAcTB0JJU0hLRUsxFTATBgNVBAoTDE9wZW5WUE4t -VEVTVDEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTA0MTEy -NTE0NDY0OVoXDTE0MTEyMzE0NDY0OVowajELMAkGA1UEBhMCS0cxCzAJBgNVBAgT -Ak5BMRUwEwYDVQQKEwxPcGVuVlBOLVRFU1QxFDASBgNVBAMTC1Rlc3QtQ2xpZW50 -MSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4wgZ8wDQYJKoZIhvcN -AQEBBQADgY0AMIGJAoGBANISXMZNEzSuz/qr/svejPFLSpUoYIeCLLjB5Y7GXRFY -YaSl8ULXhnRsnZx68DpcKeZTO15t2PBFBiwj7gm8Ao8OuNUzH8NKEQJIC8xLrW50 -4KJTsdbMibnib9sVsxkeVwR5SDradjH8v9M0Iecy2J4GTr7z43mwVP3RQjKqPnrB -AgMBAAGjge4wgeswCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBH -ZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFBe3P8dioKn9pDEOWNfZlHtL -P8tWMIGQBgNVHSMEgYgwgYWAFImmYOO66j6v/GR/TL2M0kiN4MxGoWqkaDBmMQsw -CQYDVQQGEwJLRzELMAkGA1UECBMCTkExEDAOBgNVBAcTB0JJU0hLRUsxFTATBgNV -BAoTDE9wZW5WUE4tVEVTVDEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9t -YWluggEAMA0GCSqGSIb3DQEBBAUAA4GBAGHG0fokD8e+CTvYBBdjMRcH+VaZr0xn -+tvLlM9VpXsWIItCZBMjYkUok14299sClaHp/eMPjXOhew5VeE2lxLciEqDuVeC4 -DsmbEuOw75tok1dubK0WaI6NMDP+KhvDA4+2Ci0MsTy7+Vg/jIFZaxTdYrXCk+1d -xhkPm0tSs3x4 ------END CERTIFICATE----- diff --git a/openvpn/sample/sample-keys/client.key b/openvpn/sample/sample-keys/client.key deleted file mode 100644 index 17b95091..00000000 --- a/openvpn/sample/sample-keys/client.key +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQDSElzGTRM0rs/6q/7L3ozxS0qVKGCHgiy4weWOxl0RWGGkpfFC -14Z0bJ2cevA6XCnmUztebdjwRQYsI+4JvAKPDrjVMx/DShECSAvMS61udOCiU7HW -zIm54m/bFbMZHlcEeUg62nYx/L/TNCHnMtieBk6+8+N5sFT90UIyqj56wQIDAQAB -AoGBAK8RoIGekCfym99DYYfTg9A/t/tQeAnWYaDj7oSrKbqf1lgZ91OGPEZgkoVr -KzLnxf9uU+bhUs8CJx+4HdO8/L9rAJA+oD9QNuMp0elN4AKuEGE1Eq3a0e3cmgPI -+VIoXM6WVAGgK9I03Zu/UerYQ/DdXWGOIsKhFe8qyQoG9pKxAkEA9ld6O9MHQt3d -JAjJkgCNn4psozxjrfLWy2huXd3H3CRqGMjLITDGzdkVSgXjHokBYroi0+TZTu4M -ulJSJaWwBQJBANpO2DAexH2zRHw5Z6QyeEVxz7B3/FzU4GgJx9BH+FSBh+F0G5Ln -ir5Vst8vZ/LGcgpYjHQLNAvZVgUjiQ4Y6I0CQGvwMJL+CHR4GmmroAblTyjU0n1D -/Lk/anZ+L73Za7U+D28ErFzCrpmLwRRKOBYtGfpUbOZDpCQ9kj4hy/TLALECQCcL -9ysUNbzt9Y/qjJkX1d9F7gn4TBEmmkTBixW76bTjvjQbGlt6Qpyso2O8DPGlgPxM -vkJ7RoHgC7y7kGYPGnkCQBVxSNGIjLx4NQBgN4HD0y4+fars1PTUGnckBcS4npb9 -onLNyerBlWdBwbARyBS7WPIbyyf5VCrn3yIqWxaARO0= ------END RSA PRIVATE KEY----- diff --git a/openvpn/sample/sample-keys/dh1024.pem b/openvpn/sample/sample-keys/dh1024.pem deleted file mode 100644 index 7ce05f0c..00000000 --- a/openvpn/sample/sample-keys/dh1024.pem +++ /dev/null @@ -1,5 +0,0 @@ ------BEGIN DH PARAMETERS----- -MIGHAoGBAJ419DBEOgmQTzo5qXl5fQcN9TN455wkOL7052HzxxRVMyhYmwQcgJvh -1sa18fyfR9OiVEMYglOpkqVoGLN7qd5aQNNi5W7/C+VBdHTBJcGZJyyP5B3qcz32 -9mLJKudlVudV0Qxk5qUJaPZ/xupz0NyoVpviuiBOI1gNi8ovSXWzAgEC ------END DH PARAMETERS----- diff --git a/openvpn/sample/sample-keys/pass.crt b/openvpn/sample/sample-keys/pass.crt deleted file mode 100644 index 8bb7b17a..00000000 --- a/openvpn/sample/sample-keys/pass.crt +++ /dev/null @@ -1,65 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 3 (0x3) - Signature Algorithm: md5WithRSAEncryption - Issuer: C=KG, ST=NA, L=BISHKEK, O=OpenVPN-TEST/emailAddress=me@myhost.mydomain - Validity - Not Before: Nov 25 14:48:55 2004 GMT - Not After : Nov 23 14:48:55 2014 GMT - Subject: C=KG, ST=NA, O=OpenVPN-TEST, CN=Test-Client-Password/emailAddress=me@myhost.mydomain - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:ca:b4:05:67:7b:51:c1:d2:fe:21:57:b1:a5:57: - 5c:c0:86:38:05:a8:91:cf:e7:a4:bd:7a:76:d8:3b: - cf:fe:f3:78:65:24:d6:72:7d:1b:6d:b6:da:04:f2: - a8:f6:b4:04:78:d2:24:a7:21:2f:ca:29:46:96:0f: - 0b:91:31:66:1e:4d:22:9a:5d:05:17:99:9c:a0:7e: - e0:2a:be:78:0c:a1:b9:d4:04:c4:ec:f8:61:79:62: - b5:52:2d:f5:41:af:db:9f:8c:ab:08:1b:b7:95:b8: - c1:f0:29:d3:da:fb:00:3f:8e:5c:27:e3:8d:fa:ee: - dc:b4:3b:0b:8b:e0:ab:c1:c1 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - Netscape Comment: - OpenSSL Generated Certificate - X509v3 Subject Key Identifier: - 40:57:F1:8C:9C:86:B2:DA:E0:3F:A7:B8:D7:85:43:45:07:8A:40:73 - X509v3 Authority Key Identifier: - keyid:89:A6:60:E3:BA:EA:3E:AF:FC:64:7F:4C:BD:8C:D2:48:8D:E0:CC:46 - DirName:/C=KG/ST=NA/L=BISHKEK/O=OpenVPN-TEST/emailAddress=me@myhost.mydomain - serial:00 - - Signature Algorithm: md5WithRSAEncryption - a5:79:72:7f:a2:08:28:8e:66:da:e1:d0:be:bb:97:3d:65:9f: - ab:1e:19:ac:f1:66:44:14:8f:4e:7c:eb:ea:1e:2f:57:ea:44: - 46:4c:b9:56:5b:c0:0c:58:d2:45:87:26:6d:82:de:8c:64:b8: - 8b:22:61:61:c6:68:36:08:9d:5a:fd:2f:e5:21:e1:a2:0c:7f: - 3e:ca:e1:06:ea:9f:81:62:3d:a0:ce:f1:1e:0d:ab:86:89:ed: - 9a:89:34:32:c9:e9:6d:7d:f5:11:c3:5d:7e:a5:f7:f1:a6:83: - 77:1b:94:67:d9:0f:5c:ac:0e:08:4a:88:98:65:49:eb:66:9e: - 2d:28 ------BEGIN CERTIFICATE----- -MIIDPjCCAqegAwIBAgIBAzANBgkqhkiG9w0BAQQFADBmMQswCQYDVQQGEwJLRzEL -MAkGA1UECBMCTkExEDAOBgNVBAcTB0JJU0hLRUsxFTATBgNVBAoTDE9wZW5WUE4t -VEVTVDEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTA0MTEy -NTE0NDg1NVoXDTE0MTEyMzE0NDg1NVowczELMAkGA1UEBhMCS0cxCzAJBgNVBAgT -Ak5BMRUwEwYDVQQKEwxPcGVuVlBOLVRFU1QxHTAbBgNVBAMTFFRlc3QtQ2xpZW50 -LVBhc3N3b3JkMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4wgZ8w -DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMq0BWd7UcHS/iFXsaVXXMCGOAWokc/n -pL16dtg7z/7zeGUk1nJ9G2222gTyqPa0BHjSJKchL8opRpYPC5ExZh5NIppdBReZ -nKB+4Cq+eAyhudQExOz4YXlitVIt9UGv25+Mqwgbt5W4wfAp09r7AD+OXCfjjfru -3LQ7C4vgq8HBAgMBAAGjge4wgeswCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYd -T3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFEBX8YychrLa -4D+nuNeFQ0UHikBzMIGQBgNVHSMEgYgwgYWAFImmYOO66j6v/GR/TL2M0kiN4MxG -oWqkaDBmMQswCQYDVQQGEwJLRzELMAkGA1UECBMCTkExEDAOBgNVBAcTB0JJU0hL -RUsxFTATBgNVBAoTDE9wZW5WUE4tVEVTVDEhMB8GCSqGSIb3DQEJARYSbWVAbXlo -b3N0Lm15ZG9tYWluggEAMA0GCSqGSIb3DQEBBAUAA4GBAKV5cn+iCCiOZtrh0L67 -lz1ln6seGazxZkQUj0586+oeL1fqREZMuVZbwAxY0kWHJm2C3oxkuIsiYWHGaDYI -nVr9L+Uh4aIMfz7K4Qbqn4FiPaDO8R4Nq4aJ7ZqJNDLJ6W199RHDXX6l9/Gmg3cb -lGfZD1ysDghKiJhlSetmni0o ------END CERTIFICATE----- diff --git a/openvpn/sample/sample-keys/pass.key b/openvpn/sample/sample-keys/pass.key deleted file mode 100644 index 4916364c..00000000 --- a/openvpn/sample/sample-keys/pass.key +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: DES-EDE3-CBC,959F7365DBBFDB77 - -nGm57l+rR/8dAZOHL/1x/6dt11zUca7rphjsgw6XRnSf3M/CWmHvHVjApWcNLEs5 -SWNMp1xfUogtGzsKoMBbnlZLDA7RVHUYD6dVMyCpc64UjzT08LmdZhtQYLAKmlUC -PT1VXS4Ae+SrqCPUqJkw1xP3kr0F1EVCXNu0nhOBAuuTGOS7PPEyW2N+k4nRHtsR -IaPp8GCuIeoR6CdymTFTq6d/GeCiEcyrUM4BNrG4GtRRrURxxOrzQFEOS5sjBPSg -Km1lwa6zBQFRLg9dKjRBL4teKuPY5Z2Nmpcml/aN4CkdkVEso4lW6/UHLE/joOMQ -0MdpdYtu8wnt1WI/Z4immQfl3MF+QcPMkqXXzCEhGG/5SbAo89KC46UXvu1Z5OhS -8XFHhvYBivOYWgZ3XUQqyZ0ulF60mFX7aE1Ph/eEbhWBHmU39hGjxzop1UoPwqLx -ahvtfvCkR3ZeqlWO9SHzCA3MlrKwQ1p1UL6nG6AJhNN9jSevH6by+8wr07NBZOqX -fJx+J/8EdVsUCFG2UJxPwM83ZSwAsvKRqph6CuWEl9ndUb7rw6khmRIoY0Iz3LbU -1MlcDoJNcJas6lYDr1UeFSk86g0SiGCHXZIqsjyUgq6HIy4YrAYiQUthnlF8tp2Q -nNQBPLo1GsHf0dC2MqKfDFASu7ST+Bl+yajHcIiUXvUJPxWbjkWYG9Q2p2ZBLzZD -uqeRr66OKxTzUS4go/QbHDNsAulXl61gQIEOdZw5uy/Jl11kyAI6EQbzmehagKdH -EshTgKp8ks62y0bBHgy3FMKyidJ5Hm58ZDhBxrwN0w+vhRoTGOepTA== ------END RSA PRIVATE KEY----- diff --git a/openvpn/sample/sample-keys/pkcs12.p12 b/openvpn/sample/sample-keys/pkcs12.p12 Binary files differdeleted file mode 100644 index 253d4081..00000000 --- a/openvpn/sample/sample-keys/pkcs12.p12 +++ /dev/null diff --git a/openvpn/sample/sample-keys/server.crt b/openvpn/sample/sample-keys/server.crt deleted file mode 100644 index 28bb4d94..00000000 --- a/openvpn/sample/sample-keys/server.crt +++ /dev/null @@ -1,67 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 1 (0x1) - Signature Algorithm: md5WithRSAEncryption - Issuer: C=KG, ST=NA, L=BISHKEK, O=OpenVPN-TEST/emailAddress=me@myhost.mydomain - Validity - Not Before: Nov 25 14:42:22 2004 GMT - Not After : Nov 23 14:42:22 2014 GMT - Subject: C=KG, ST=NA, O=OpenVPN-TEST, CN=Test-Server/emailAddress=me@myhost.mydomain - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:cb:4e:ac:f9:83:57:f6:69:d2:32:29:b4:bc:ad: - e6:f7:26:21:89:33:30:43:40:a3:35:d9:de:26:01: - d6:b4:f0:bc:0a:19:55:99:3b:f1:4c:91:60:b6:fd: - 74:34:8d:5a:c7:62:ec:ce:f2:d6:02:ce:57:32:f4: - 35:8c:71:a0:6d:65:2a:e7:80:ae:29:59:cf:36:73: - f8:7c:4a:73:90:fc:30:28:d5:46:7d:35:a4:4e:c9: - 9f:90:7b:e2:09:21:36:c5:a8:ec:85:82:9a:32:b4: - 91:3b:c1:d6:4f:9f:d1:f8:6f:68:f4:1d:d2:06:91: - 32:cc:9a:48:fd:cd:98:7f:2f - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - Netscape Cert Type: - SSL Server - Netscape Comment: - OpenSSL Generated Server Certificate - X509v3 Subject Key Identifier: - 69:11:FE:E7:9F:89:7B:71:34:69:C0:DC:82:F8:D0:5D:4D:FB:78:DF - X509v3 Authority Key Identifier: - keyid:89:A6:60:E3:BA:EA:3E:AF:FC:64:7F:4C:BD:8C:D2:48:8D:E0:CC:46 - DirName:/C=KG/ST=NA/L=BISHKEK/O=OpenVPN-TEST/emailAddress=me@myhost.mydomain - serial:00 - - Signature Algorithm: md5WithRSAEncryption - 35:5c:75:da:57:ef:b5:79:f2:a2:db:36:e4:75:e8:c7:bc:73: - 26:cf:30:36:4b:2e:51:46:37:60:2f:4e:2b:f6:71:a2:23:db: - 8e:d8:5c:d5:af:2e:22:28:dd:30:a8:89:66:3a:cc:5b:3c:0f: - 96:12:20:de:5e:41:52:74:35:ed:4c:26:40:19:ca:73:df:54: - b1:30:96:9c:a5:14:d0:38:28:3f:ab:30:07:d7:de:98:d2:7f: - 7f:90:b2:52:1d:e5:95:88:ed:ba:8a:6a:14:85:66:76:ec:75: - 30:e8:ae:94:f4:e1:76:fa:4b:0e:f1:53:d7:95:be:fb:69:fa: - 3d:32 ------BEGIN CERTIFICATE----- -MIIDUTCCArqgAwIBAgIBATANBgkqhkiG9w0BAQQFADBmMQswCQYDVQQGEwJLRzEL -MAkGA1UECBMCTkExEDAOBgNVBAcTB0JJU0hLRUsxFTATBgNVBAoTDE9wZW5WUE4t -VEVTVDEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTA0MTEy -NTE0NDIyMloXDTE0MTEyMzE0NDIyMlowajELMAkGA1UEBhMCS0cxCzAJBgNVBAgT -Ak5BMRUwEwYDVQQKEwxPcGVuVlBOLVRFU1QxFDASBgNVBAMTC1Rlc3QtU2VydmVy -MSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4wgZ8wDQYJKoZIhvcN -AQEBBQADgY0AMIGJAoGBAMtOrPmDV/Zp0jIptLyt5vcmIYkzMENAozXZ3iYB1rTw -vAoZVZk78UyRYLb9dDSNWsdi7M7y1gLOVzL0NYxxoG1lKueArilZzzZz+HxKc5D8 -MCjVRn01pE7Jn5B74gkhNsWo7IWCmjK0kTvB1k+f0fhvaPQd0gaRMsyaSP3NmH8v -AgMBAAGjggEJMIIBBTAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIGQDAzBglg -hkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgU2VydmVyIENlcnRpZmljYXRl -MB0GA1UdDgQWBBRpEf7nn4l7cTRpwNyC+NBdTft43zCBkAYDVR0jBIGIMIGFgBSJ -pmDjuuo+r/xkf0y9jNJIjeDMRqFqpGgwZjELMAkGA1UEBhMCS0cxCzAJBgNVBAgT -Ak5BMRAwDgYDVQQHEwdCSVNIS0VLMRUwEwYDVQQKEwxPcGVuVlBOLVRFU1QxITAf -BgkqhkiG9w0BCQEWEm1lQG15aG9zdC5teWRvbWFpboIBADANBgkqhkiG9w0BAQQF -AAOBgQA1XHXaV++1efKi2zbkdejHvHMmzzA2Sy5RRjdgL04r9nGiI9uO2FzVry4i -KN0wqIlmOsxbPA+WEiDeXkFSdDXtTCZAGcpz31SxMJacpRTQOCg/qzAH196Y0n9/ -kLJSHeWViO26imoUhWZ27HUw6K6U9OF2+ksO8VPXlb77afo9Mg== ------END CERTIFICATE----- diff --git a/openvpn/sample/sample-keys/server.key b/openvpn/sample/sample-keys/server.key deleted file mode 100644 index 976acabf..00000000 --- a/openvpn/sample/sample-keys/server.key +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXgIBAAKBgQDLTqz5g1f2adIyKbS8reb3JiGJMzBDQKM12d4mAda08LwKGVWZ -O/FMkWC2/XQ0jVrHYuzO8tYCzlcy9DWMcaBtZSrngK4pWc82c/h8SnOQ/DAo1UZ9 -NaROyZ+Qe+IJITbFqOyFgpoytJE7wdZPn9H4b2j0HdIGkTLMmkj9zZh/LwIDAQAB -AoGBAKP1ljA/iY/zNY447kZ/5NWKzd7tBk4mcbl7M9no/7O6tZtbZRoIKoi6cYoC -C1ZabUyBbkNTud5XdCFmq0zRUjOWvoFMZ9VZfd2kRPvl4TGczBtJAq65b+EYMGui -q6T9p61xPdtzu0vM+Ecj127pAMk5XcJyxu8XQK7lZWmG5UoJAkEA8CxXNZN+A3qD -bMBPI3VdwKCNSjNVEQEnygMbNgw7VLdxPpspzZziqJEGdzsM4dsnOBwKxIWFLN2h -lbGBOquAswJBANi0atGWM8VUxDjvqqHCTS9RUXWgnvYhee4/xraJBQPBSivjC9P0 -vKT7PjBHU6djtKSLKGaHn1vHqmyY7PCMjZUCQQCNVSqExqSzG1dXmdt4PErNXi2G -6qo2dX2arTVIGu6XLdQgSWLSMm5XT/CEHWW5SyPLKwVTHFeATXQXCPvJML9tAkEA -k0yXax0g1ZoXwufN4SQUmPw6Va03P/BjU/nP1ZVvbiz9gLVU/d7WN4J7tA9XomkY -idv5OzAmtxkSE70jGSNAvQJAWhCf9+iHkzOHRyKKOYlh1DHUwDfSEp+hlZYg9H03 -P2sraQzUxgWDY/DIY63KvW78ny863baFz7onz21MYGgJXg== ------END RSA PRIVATE KEY----- diff --git a/openvpn/sample/sample-plugins/defer/README b/openvpn/sample/sample-plugins/defer/README deleted file mode 100644 index d8990f8b..00000000 --- a/openvpn/sample/sample-plugins/defer/README +++ /dev/null @@ -1,16 +0,0 @@ -OpenVPN plugin examples. - -Examples provided: - -simple.c -- using the --auth-user-pass-verify callback, - test deferred authentication. - -To build: - - ./build simple (Linux/BSD/etc.) - ./winbuild simple (MinGW on Windows) - -To use in OpenVPN, add to config file: - - plugin simple.so (Linux/BSD/etc.) - plugin simple.dll (MinGW on Windows) diff --git a/openvpn/sample/sample-plugins/defer/build b/openvpn/sample/sample-plugins/defer/build deleted file mode 100755 index 0612c080..00000000 --- a/openvpn/sample/sample-plugins/defer/build +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/sh - -# -# Build an OpenVPN plugin module on *nix. The argument should -# be the base name of the C source file (without the .c). -# - -# This directory is where we will look for openvpn-plugin.h -CPPFLAGS="${CPPFLAGS:--I../../../include}" - -CC="${CC:-gcc}" -CFLAGS="${CFLAGS:--O2 -Wall -g}" - -$CC $CPPFLAGS $CFLAGS -fPIC -c $1.c && \ -$CC $CFLAGS -fPIC -shared ${LDFLAS} -Wl,-soname,$1.so -o $1.so $1.o -lc diff --git a/openvpn/sample/sample-plugins/defer/simple.c b/openvpn/sample/sample-plugins/defer/simple.c deleted file mode 100644 index 65398657..00000000 --- a/openvpn/sample/sample-plugins/defer/simple.c +++ /dev/null @@ -1,305 +0,0 @@ -/* - * OpenVPN -- An application to securely tunnel IP networks - * over a single TCP/UDP port, with support for SSL/TLS-based - * session authentication and key exchange, - * packet encryption, packet authentication, and - * packet compression. - * - * Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program (see the file COPYING included with this - * distribution); if not, write to the Free Software Foundation, Inc., - * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - -/* - * This file implements a simple OpenVPN plugin module which - * will test deferred authentication and packet filtering. - * - * Will run on Windows or *nix. - * - * Sample usage: - * - * setenv test_deferred_auth 20 - * setenv test_packet_filter 10 - * plugin plugin/defer/simple.so - * - * This will enable deferred authentication to occur 20 - * seconds after the normal TLS authentication process, - * and will cause a packet filter file to be generated 10 - * seconds after the initial TLS negotiation, using - * {common-name}.pf as the source. - * - * Sample packet filter configuration: - * - * [CLIENTS DROP] - * +otherclient - * [SUBNETS DROP] - * +10.0.0.0/8 - * -10.10.0.8 - * [END] - * - * See the README file for build instructions. - */ - -#include <stdio.h> -#include <string.h> -#include <stdlib.h> - -#include "openvpn-plugin.h" - -/* bool definitions */ -#define bool int -#define true 1 -#define false 0 - -/* - * Our context, where we keep our state. - */ - -struct plugin_context { - int test_deferred_auth; - int test_packet_filter; -}; - -struct plugin_per_client_context { - int n_calls; - bool generated_pf_file; -}; - -/* - * Given an environmental variable name, search - * the envp array for its value, returning it - * if found or NULL otherwise. - */ -static const char * -get_env (const char *name, const char *envp[]) -{ - if (envp) - { - int i; - const int namelen = strlen (name); - for (i = 0; envp[i]; ++i) - { - if (!strncmp (envp[i], name, namelen)) - { - const char *cp = envp[i] + namelen; - if (*cp == '=') - return cp + 1; - } - } - } - return NULL; -} - -/* used for safe printf of possible NULL strings */ -static const char * -np (const char *str) -{ - if (str) - return str; - else - return "[NULL]"; -} - -static int -atoi_null0 (const char *str) -{ - if (str) - return atoi (str); - else - return 0; -} - -OPENVPN_EXPORT openvpn_plugin_handle_t -openvpn_plugin_open_v1 (unsigned int *type_mask, const char *argv[], const char *envp[]) -{ - struct plugin_context *context; - - printf ("FUNC: openvpn_plugin_open_v1\n"); - - /* - * Allocate our context - */ - context = (struct plugin_context *) calloc (1, sizeof (struct plugin_context)); - - context->test_deferred_auth = atoi_null0 (get_env ("test_deferred_auth", envp)); - printf ("TEST_DEFERRED_AUTH %d\n", context->test_deferred_auth); - - context->test_packet_filter = atoi_null0 (get_env ("test_packet_filter", envp)); - printf ("TEST_PACKET_FILTER %d\n", context->test_packet_filter); - - /* - * Which callbacks to intercept. - */ - *type_mask = - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_UP) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_DOWN) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_ROUTE_UP) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_IPCHANGE) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_TLS_VERIFY) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_CLIENT_CONNECT_V2) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_CLIENT_DISCONNECT) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_LEARN_ADDRESS) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_TLS_FINAL) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_ENABLE_PF); - - return (openvpn_plugin_handle_t) context; -} - -static int -auth_user_pass_verify (struct plugin_context *context, struct plugin_per_client_context *pcc, const char *argv[], const char *envp[]) -{ - if (context->test_deferred_auth) - { - /* get username/password from envp string array */ - const char *username = get_env ("username", envp); - const char *password = get_env ("password", envp); - - /* get auth_control_file filename from envp string array*/ - const char *auth_control_file = get_env ("auth_control_file", envp); - - printf ("DEFER u='%s' p='%s' acf='%s'\n", - np(username), - np(password), - np(auth_control_file)); - - /* Authenticate asynchronously in n seconds */ - if (auth_control_file) - { - char buf[256]; - int auth = 2; - sscanf (username, "%d", &auth); - snprintf (buf, sizeof(buf), "( sleep %d ; echo AUTH %s %d ; echo %d >%s ) &", - context->test_deferred_auth, - auth_control_file, - auth, - pcc->n_calls < auth, - auth_control_file); - printf ("%s\n", buf); - system (buf); - pcc->n_calls++; - return OPENVPN_PLUGIN_FUNC_DEFERRED; - } - else - return OPENVPN_PLUGIN_FUNC_ERROR; - } - else - return OPENVPN_PLUGIN_FUNC_SUCCESS; -} - -static int -tls_final (struct plugin_context *context, struct plugin_per_client_context *pcc, const char *argv[], const char *envp[]) -{ - if (context->test_packet_filter) - { - if (!pcc->generated_pf_file) - { - const char *pff = get_env ("pf_file", envp); - const char *cn = get_env ("username", envp); - if (pff && cn) - { - char buf[256]; - snprintf (buf, sizeof(buf), "( sleep %d ; echo PF %s/%s ; cp \"%s.pf\" \"%s\" ) &", - context->test_packet_filter, cn, pff, cn, pff); - printf ("%s\n", buf); - system (buf); - pcc->generated_pf_file = true; - return OPENVPN_PLUGIN_FUNC_SUCCESS; - } - else - return OPENVPN_PLUGIN_FUNC_ERROR; - } - else - return OPENVPN_PLUGIN_FUNC_ERROR; - } - else - return OPENVPN_PLUGIN_FUNC_SUCCESS; -} - -OPENVPN_EXPORT int -openvpn_plugin_func_v2 (openvpn_plugin_handle_t handle, - const int type, - const char *argv[], - const char *envp[], - void *per_client_context, - struct openvpn_plugin_string_list **return_list) -{ - struct plugin_context *context = (struct plugin_context *) handle; - struct plugin_per_client_context *pcc = (struct plugin_per_client_context *) per_client_context; - switch (type) - { - case OPENVPN_PLUGIN_UP: - printf ("OPENVPN_PLUGIN_UP\n"); - return OPENVPN_PLUGIN_FUNC_SUCCESS; - case OPENVPN_PLUGIN_DOWN: - printf ("OPENVPN_PLUGIN_DOWN\n"); - return OPENVPN_PLUGIN_FUNC_SUCCESS; - case OPENVPN_PLUGIN_ROUTE_UP: - printf ("OPENVPN_PLUGIN_ROUTE_UP\n"); - return OPENVPN_PLUGIN_FUNC_SUCCESS; - case OPENVPN_PLUGIN_IPCHANGE: - printf ("OPENVPN_PLUGIN_IPCHANGE\n"); - return OPENVPN_PLUGIN_FUNC_SUCCESS; - case OPENVPN_PLUGIN_TLS_VERIFY: - printf ("OPENVPN_PLUGIN_TLS_VERIFY\n"); - return OPENVPN_PLUGIN_FUNC_SUCCESS; - case OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY: - printf ("OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY\n"); - return auth_user_pass_verify (context, pcc, argv, envp); - case OPENVPN_PLUGIN_CLIENT_CONNECT_V2: - printf ("OPENVPN_PLUGIN_CLIENT_CONNECT_V2\n"); - return OPENVPN_PLUGIN_FUNC_SUCCESS; - case OPENVPN_PLUGIN_CLIENT_DISCONNECT: - printf ("OPENVPN_PLUGIN_CLIENT_DISCONNECT\n"); - return OPENVPN_PLUGIN_FUNC_SUCCESS; - case OPENVPN_PLUGIN_LEARN_ADDRESS: - printf ("OPENVPN_PLUGIN_LEARN_ADDRESS\n"); - return OPENVPN_PLUGIN_FUNC_SUCCESS; - case OPENVPN_PLUGIN_TLS_FINAL: - printf ("OPENVPN_PLUGIN_TLS_FINAL\n"); - return tls_final (context, pcc, argv, envp); - case OPENVPN_PLUGIN_ENABLE_PF: - printf ("OPENVPN_PLUGIN_ENABLE_PF\n"); - if (context->test_packet_filter) - return OPENVPN_PLUGIN_FUNC_SUCCESS; - else - return OPENVPN_PLUGIN_FUNC_ERROR; - default: - printf ("OPENVPN_PLUGIN_?\n"); - return OPENVPN_PLUGIN_FUNC_ERROR; - } -} - -OPENVPN_EXPORT void * -openvpn_plugin_client_constructor_v1 (openvpn_plugin_handle_t handle) -{ - printf ("FUNC: openvpn_plugin_client_constructor_v1\n"); - return calloc (1, sizeof (struct plugin_per_client_context)); -} - -OPENVPN_EXPORT void -openvpn_plugin_client_destructor_v1 (openvpn_plugin_handle_t handle, void *per_client_context) -{ - printf ("FUNC: openvpn_plugin_client_destructor_v1\n"); - free (per_client_context); -} - -OPENVPN_EXPORT void -openvpn_plugin_close_v1 (openvpn_plugin_handle_t handle) -{ - struct plugin_context *context = (struct plugin_context *) handle; - printf ("FUNC: openvpn_plugin_close_v1\n"); - free (context); -} diff --git a/openvpn/sample/sample-plugins/defer/simple.def b/openvpn/sample/sample-plugins/defer/simple.def deleted file mode 100755 index a87507d1..00000000 --- a/openvpn/sample/sample-plugins/defer/simple.def +++ /dev/null @@ -1,6 +0,0 @@ -LIBRARY OpenVPN_PLUGIN_SAMPLE -DESCRIPTION "Sample OpenVPN plug-in module." -EXPORTS - openvpn_plugin_open_v1 @1 - openvpn_plugin_func_v1 @2 - openvpn_plugin_close_v1 @3 diff --git a/openvpn/sample/sample-plugins/defer/winbuild b/openvpn/sample/sample-plugins/defer/winbuild deleted file mode 100755 index 82927d96..00000000 --- a/openvpn/sample/sample-plugins/defer/winbuild +++ /dev/null @@ -1,18 +0,0 @@ -# -# Build an OpenVPN plugin module on Windows/MinGW. -# The argument should be the base name of the C source file -# (without the .c). -# - -# This directory is where we will look for openvpn-plugin.h -INCLUDE="-I../../../build" - -CC_FLAGS="-O2 -Wall" - -gcc -DBUILD_DLL $CC_FLAGS $INCLUDE -c $1.c -gcc --disable-stdcall-fixup -mdll -DBUILD_DLL -o junk.tmp -Wl,--base-file,base.tmp $1.o -rm junk.tmp -dlltool --dllname $1.dll --base-file base.tmp --output-exp temp.exp --input-def $1.def -rm base.tmp -gcc --enable-stdcall-fixup -mdll -DBUILD_DLL -o $1.dll $1.o -Wl,temp.exp -rm temp.exp diff --git a/openvpn/sample/sample-plugins/log/build b/openvpn/sample/sample-plugins/log/build deleted file mode 100755 index c07ec408..00000000 --- a/openvpn/sample/sample-plugins/log/build +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/sh - -# -# Build an OpenVPN plugin module on *nix. The argument should -# be the base name of the C source file (without the .c). -# - -# This directory is where we will look for openvpn-plugin.h -CPPFLAGS="${CPPFLAGS:--I../../../include}" - -CC="${CC:-gcc}" -CFLAGS="${CFLAGS:--O2 -Wall -g}" - -$CC $CPPFLAGS $CFLAGS -fPIC -c $1.c && \ -$CC $CFLAGS -fPIC -shared $LDFLAGS -Wl,-soname,$1.so -o $1.so $1.o -lc diff --git a/openvpn/sample/sample-plugins/log/log.c b/openvpn/sample/sample-plugins/log/log.c deleted file mode 100644 index 1cc4650e..00000000 --- a/openvpn/sample/sample-plugins/log/log.c +++ /dev/null @@ -1,184 +0,0 @@ -/* - * OpenVPN -- An application to securely tunnel IP networks - * over a single TCP/UDP port, with support for SSL/TLS-based - * session authentication and key exchange, - * packet encryption, packet authentication, and - * packet compression. - * - * Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program (see the file COPYING included with this - * distribution); if not, write to the Free Software Foundation, Inc., - * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - -/* - * This plugin is similar to simple.c, except it also logs extra information - * to stdout for every plugin method called by OpenVPN. - * - * See the README file for build instructions. - */ - -#include <stdio.h> -#include <string.h> -#include <stdlib.h> - -#include "openvpn-plugin.h" - -/* - * Our context, where we keep our state. - */ -struct plugin_context { - const char *username; - const char *password; -}; - -/* - * Given an environmental variable name, search - * the envp array for its value, returning it - * if found or NULL otherwise. - */ -static const char * -get_env (const char *name, const char *envp[]) -{ - if (envp) - { - int i; - const int namelen = strlen (name); - for (i = 0; envp[i]; ++i) - { - if (!strncmp (envp[i], name, namelen)) - { - const char *cp = envp[i] + namelen; - if (*cp == '=') - return cp + 1; - } - } - } - return NULL; -} - -OPENVPN_EXPORT openvpn_plugin_handle_t -openvpn_plugin_open_v1 (unsigned int *type_mask, const char *argv[], const char *envp[]) -{ - struct plugin_context *context; - - /* - * Allocate our context - */ - context = (struct plugin_context *) calloc (1, sizeof (struct plugin_context)); - - /* - * Set the username/password we will require. - */ - context->username = "foo"; - context->password = "bar"; - - /* - * Which callbacks to intercept. - */ - *type_mask = - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_UP) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_DOWN) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_ROUTE_UP) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_IPCHANGE) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_TLS_VERIFY) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_CLIENT_CONNECT_V2) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_CLIENT_DISCONNECT) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_LEARN_ADDRESS) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_TLS_FINAL); - - return (openvpn_plugin_handle_t) context; -} - -void -show (const int type, const char *argv[], const char *envp[]) -{ - size_t i; - switch (type) - { - case OPENVPN_PLUGIN_UP: - printf ("OPENVPN_PLUGIN_UP\n"); - break; - case OPENVPN_PLUGIN_DOWN: - printf ("OPENVPN_PLUGIN_DOWN\n"); - break; - case OPENVPN_PLUGIN_ROUTE_UP: - printf ("OPENVPN_PLUGIN_ROUTE_UP\n"); - break; - case OPENVPN_PLUGIN_IPCHANGE: - printf ("OPENVPN_PLUGIN_IPCHANGE\n"); - break; - case OPENVPN_PLUGIN_TLS_VERIFY: - printf ("OPENVPN_PLUGIN_TLS_VERIFY\n"); - break; - case OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY: - printf ("OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY\n"); - break; - case OPENVPN_PLUGIN_CLIENT_CONNECT_V2: - printf ("OPENVPN_PLUGIN_CLIENT_CONNECT_V2\n"); - break; - case OPENVPN_PLUGIN_CLIENT_DISCONNECT: - printf ("OPENVPN_PLUGIN_CLIENT_DISCONNECT\n"); - break; - case OPENVPN_PLUGIN_LEARN_ADDRESS: - printf ("OPENVPN_PLUGIN_LEARN_ADDRESS\n"); - break; - case OPENVPN_PLUGIN_TLS_FINAL: - printf ("OPENVPN_PLUGIN_TLS_FINAL\n"); - break; - default: - printf ("OPENVPN_PLUGIN_?\n"); - break; - } - - printf ("ARGV\n"); - for (i = 0; argv[i] != NULL; ++i) - printf ("%d '%s'\n", (int)i, argv[i]); - - printf ("ENVP\n"); - for (i = 0; envp[i] != NULL; ++i) - printf ("%d '%s'\n", (int)i, envp[i]); -} - -OPENVPN_EXPORT int -openvpn_plugin_func_v1 (openvpn_plugin_handle_t handle, const int type, const char *argv[], const char *envp[]) -{ - struct plugin_context *context = (struct plugin_context *) handle; - - show (type, argv, envp); - - /* check entered username/password against what we require */ - if (type == OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY) - { - /* get username/password from envp string array */ - const char *username = get_env ("username", envp); - const char *password = get_env ("password", envp); - - if (username && !strcmp (username, context->username) - && password && !strcmp (password, context->password)) - return OPENVPN_PLUGIN_FUNC_SUCCESS; - else - return OPENVPN_PLUGIN_FUNC_ERROR; - } - else - return OPENVPN_PLUGIN_FUNC_SUCCESS; -} - -OPENVPN_EXPORT void -openvpn_plugin_close_v1 (openvpn_plugin_handle_t handle) -{ - struct plugin_context *context = (struct plugin_context *) handle; - free (context); -} diff --git a/openvpn/sample/sample-plugins/log/log_v3.c b/openvpn/sample/sample-plugins/log/log_v3.c deleted file mode 100644 index 4d3af91a..00000000 --- a/openvpn/sample/sample-plugins/log/log_v3.c +++ /dev/null @@ -1,252 +0,0 @@ -/* - * OpenVPN -- An application to securely tunnel IP networks - * over a single TCP/UDP port, with support for SSL/TLS-based - * session authentication and key exchange, - * packet encryption, packet authentication, and - * packet compression. - * - * Copyright (C) 2002-2009 OpenVPN Technologies, Inc. <sales@openvpn.net> - * Copyright (C) 2010 David Sommerseth <dazo@users.sourceforge.net> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program (see the file COPYING included with this - * distribution); if not, write to the Free Software Foundation, Inc., - * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - -/* - * This plugin is similar to simple.c, except it also logs extra information - * to stdout for every plugin method called by OpenVPN. The only difference - * between this (log_v3.c) and log.c is that this module uses the v3 plug-in - * API. - * - * See the README file for build instructions. - */ - -#include <stdio.h> -#include <string.h> -#include <stdlib.h> - -#define ENABLE_SSL - -#include "openvpn-plugin.h" - -/* - * Our context, where we keep our state. - */ -struct plugin_context { - const char *username; - const char *password; -}; - -/* - * Given an environmental variable name, search - * the envp array for its value, returning it - * if found or NULL otherwise. - */ -static const char * -get_env (const char *name, const char *envp[]) -{ - if (envp) - { - int i; - const int namelen = strlen (name); - for (i = 0; envp[i]; ++i) - { - if (!strncmp (envp[i], name, namelen)) - { - const char *cp = envp[i] + namelen; - if (*cp == '=') - return cp + 1; - } - } - } - return NULL; -} - -OPENVPN_EXPORT int -openvpn_plugin_open_v3 (const int v3structver, - struct openvpn_plugin_args_open_in const *args, - struct openvpn_plugin_args_open_return *ret) -{ - struct plugin_context *context = NULL; - - /* Check that we are API compatible */ - if( v3structver != OPENVPN_PLUGINv3_STRUCTVER ) { - return OPENVPN_PLUGIN_FUNC_ERROR; - } - - if( args->ssl_api != SSLAPI_OPENSSL ) { - printf("This plug-in can only be used against OpenVPN with OpenSSL\n"); - return OPENVPN_PLUGIN_FUNC_ERROR; - } - - /* Which callbacks to intercept. */ - ret->type_mask = - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_UP) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_DOWN) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_ROUTE_UP) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_IPCHANGE) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_TLS_VERIFY) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_CLIENT_CONNECT_V2) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_CLIENT_DISCONNECT) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_LEARN_ADDRESS) | - OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_TLS_FINAL); - - - /* Allocate our context */ - context = (struct plugin_context *) calloc (1, sizeof (struct plugin_context)); - - /* Set the username/password we will require. */ - context->username = "foo"; - context->password = "bar"; - - /* Point the global context handle to our newly created context */ - ret->handle = (void *) context; - - return OPENVPN_PLUGIN_FUNC_SUCCESS; -} - -void -show (const int type, const char *argv[], const char *envp[]) -{ - size_t i; - switch (type) - { - case OPENVPN_PLUGIN_UP: - printf ("OPENVPN_PLUGIN_UP\n"); - break; - case OPENVPN_PLUGIN_DOWN: - printf ("OPENVPN_PLUGIN_DOWN\n"); - break; - case OPENVPN_PLUGIN_ROUTE_UP: - printf ("OPENVPN_PLUGIN_ROUTE_UP\n"); - break; - case OPENVPN_PLUGIN_IPCHANGE: - printf ("OPENVPN_PLUGIN_IPCHANGE\n"); - break; - case OPENVPN_PLUGIN_TLS_VERIFY: - printf ("OPENVPN_PLUGIN_TLS_VERIFY\n"); - break; - case OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY: - printf ("OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY\n"); - break; - case OPENVPN_PLUGIN_CLIENT_CONNECT_V2: - printf ("OPENVPN_PLUGIN_CLIENT_CONNECT_V2\n"); - break; - case OPENVPN_PLUGIN_CLIENT_DISCONNECT: - printf ("OPENVPN_PLUGIN_CLIENT_DISCONNECT\n"); - break; - case OPENVPN_PLUGIN_LEARN_ADDRESS: - printf ("OPENVPN_PLUGIN_LEARN_ADDRESS\n"); - break; - case OPENVPN_PLUGIN_TLS_FINAL: - printf ("OPENVPN_PLUGIN_TLS_FINAL\n"); - break; - default: - printf ("OPENVPN_PLUGIN_?\n"); - break; - } - - printf ("ARGV\n"); - for (i = 0; argv[i] != NULL; ++i) - printf ("%d '%s'\n", (int)i, argv[i]); - - printf ("ENVP\n"); - for (i = 0; envp[i] != NULL; ++i) - printf ("%d '%s'\n", (int)i, envp[i]); -} - -static void -x509_print_info (X509 *x509crt) -{ - int i, n; - int fn_nid; - ASN1_OBJECT *fn; - ASN1_STRING *val; - X509_NAME *x509_name; - X509_NAME_ENTRY *ent; - const char *objbuf; - unsigned char *buf; - - x509_name = X509_get_subject_name (x509crt); - n = X509_NAME_entry_count (x509_name); - for (i = 0; i < n; ++i) - { - ent = X509_NAME_get_entry (x509_name, i); - if (!ent) - continue; - fn = X509_NAME_ENTRY_get_object (ent); - if (!fn) - continue; - val = X509_NAME_ENTRY_get_data (ent); - if (!val) - continue; - fn_nid = OBJ_obj2nid (fn); - if (fn_nid == NID_undef) - continue; - objbuf = OBJ_nid2sn (fn_nid); - if (!objbuf) - continue; - buf = (unsigned char *)1; /* bug in OpenSSL 0.9.6b ASN1_STRING_to_UTF8 requires this workaround */ - if (ASN1_STRING_to_UTF8 (&buf, val) <= 0) - continue; - - printf("X509 %s: %s\n", objbuf, (char *)buf); - OPENSSL_free (buf); - } -} - - - -OPENVPN_EXPORT int -openvpn_plugin_func_v3 (const int version, - struct openvpn_plugin_args_func_in const *args, - struct openvpn_plugin_args_func_return *retptr) -{ - struct plugin_context *context = (struct plugin_context *) args->handle; - - printf("\nopenvpn_plugin_func_v3() :::::>> "); - show (args->type, args->argv, args->envp); - - /* Dump some X509 information if we're in the TLS_VERIFY phase */ - if ((args->type == OPENVPN_PLUGIN_TLS_VERIFY) && args->current_cert ) { - printf("---- X509 Subject information ----\n"); - printf("Certificate depth: %i\n", args->current_cert_depth); - x509_print_info(args->current_cert); - printf("----------------------------------\n"); - } - - /* check entered username/password against what we require */ - if (args->type == OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY) - { - /* get username/password from envp string array */ - const char *username = get_env ("username", args->envp); - const char *password = get_env ("password", args->envp); - - if (username && !strcmp (username, context->username) - && password && !strcmp (password, context->password)) - return OPENVPN_PLUGIN_FUNC_SUCCESS; - else - return OPENVPN_PLUGIN_FUNC_ERROR; - } - else - return OPENVPN_PLUGIN_FUNC_SUCCESS; -} - -OPENVPN_EXPORT void -openvpn_plugin_close_v1 (openvpn_plugin_handle_t handle) -{ - struct plugin_context *context = (struct plugin_context *) handle; - free (context); -} diff --git a/openvpn/sample/sample-plugins/log/winbuild b/openvpn/sample/sample-plugins/log/winbuild deleted file mode 100755 index decf05f8..00000000 --- a/openvpn/sample/sample-plugins/log/winbuild +++ /dev/null @@ -1,18 +0,0 @@ -# -# Build an OpenVPN plugin module on Windows/MinGW. -# The argument should be the base name of the C source file -# (without the .c). -# - -# This directory is where we will look for openvpn-plugin.h -INCLUDE="-I../../../include" - -CC_FLAGS="-O2 -Wall" - -gcc -DBUILD_DLL $CC_FLAGS $INCLUDE -c $1.c -gcc --disable-stdcall-fixup -mdll -DBUILD_DLL -o junk.tmp -Wl,--base-file,base.tmp $1.o -rm junk.tmp -dlltool --dllname $1.dll --base-file base.tmp --output-exp temp.exp --input-def $1.def -rm base.tmp -gcc --enable-stdcall-fixup -mdll -DBUILD_DLL -o $1.dll $1.o -Wl,temp.exp -rm temp.exp diff --git a/openvpn/sample/sample-plugins/simple/README b/openvpn/sample/sample-plugins/simple/README deleted file mode 100644 index 4400cd30..00000000 --- a/openvpn/sample/sample-plugins/simple/README +++ /dev/null @@ -1,16 +0,0 @@ -OpenVPN plugin examples. - -Examples provided: - -simple.c -- using the --auth-user-pass-verify callback, verify - that the username/password is "foo"/"bar". - -To build: - - ./build simple (Linux/BSD/etc.) - ./winbuild simple (MinGW on Windows) - -To use in OpenVPN, add to config file: - - plugin simple.so (Linux/BSD/etc.) - plugin simple.dll (MinGW on Windows) diff --git a/openvpn/sample/sample-plugins/simple/build b/openvpn/sample/sample-plugins/simple/build deleted file mode 100755 index bbb05f7c..00000000 --- a/openvpn/sample/sample-plugins/simple/build +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/sh - -# -# Build an OpenVPN plugin module on *nix. The argument should -# be the base name of the C source file (without the .c). -# - -# This directory is where we will look for openvpn-plugin.h -CPPFLAGS="${CPPFLAGS:--I../../..}" - -CC="${CC:-gcc}" -CFLAGS="${CFLAGS:--O2 -Wall -g}" - -$CC $CPPFLAGS $CFLAGS -fPIC -c $1.c && \ -$CC $CFLAGS -fPIC -shared $LDFLAGS -Wl,-soname,$1.so -o $1.so $1.o -lc diff --git a/openvpn/sample/sample-plugins/simple/simple.c b/openvpn/sample/sample-plugins/simple/simple.c deleted file mode 100644 index f26d89f6..00000000 --- a/openvpn/sample/sample-plugins/simple/simple.c +++ /dev/null @@ -1,120 +0,0 @@ -/* - * OpenVPN -- An application to securely tunnel IP networks - * over a single TCP/UDP port, with support for SSL/TLS-based - * session authentication and key exchange, - * packet encryption, packet authentication, and - * packet compression. - * - * Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program (see the file COPYING included with this - * distribution); if not, write to the Free Software Foundation, Inc., - * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - -/* - * This file implements a simple OpenVPN plugin module which - * will examine the username/password provided by a client, - * and make an accept/deny determination. Will run - * on Windows or *nix. - * - * See the README file for build instructions. - */ - -#include <stdio.h> -#include <string.h> -#include <stdlib.h> - -#include "openvpn-plugin.h" - -/* - * Our context, where we keep our state. - */ -struct plugin_context { - const char *username; - const char *password; -}; - -/* - * Given an environmental variable name, search - * the envp array for its value, returning it - * if found or NULL otherwise. - */ -static const char * -get_env (const char *name, const char *envp[]) -{ - if (envp) - { - int i; - const int namelen = strlen (name); - for (i = 0; envp[i]; ++i) - { - if (!strncmp (envp[i], name, namelen)) - { - const char *cp = envp[i] + namelen; - if (*cp == '=') - return cp + 1; - } - } - } - return NULL; -} - -OPENVPN_EXPORT openvpn_plugin_handle_t -openvpn_plugin_open_v1 (unsigned int *type_mask, const char *argv[], const char *envp[]) -{ - struct plugin_context *context; - - /* - * Allocate our context - */ - context = (struct plugin_context *) calloc (1, sizeof (struct plugin_context)); - - /* - * Set the username/password we will require. - */ - context->username = "foo"; - context->password = "bar"; - - /* - * We are only interested in intercepting the - * --auth-user-pass-verify callback. - */ - *type_mask = OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY); - - return (openvpn_plugin_handle_t) context; -} - -OPENVPN_EXPORT int -openvpn_plugin_func_v1 (openvpn_plugin_handle_t handle, const int type, const char *argv[], const char *envp[]) -{ - struct plugin_context *context = (struct plugin_context *) handle; - - /* get username/password from envp string array */ - const char *username = get_env ("username", envp); - const char *password = get_env ("password", envp); - - /* check entered username/password against what we require */ - if (username && !strcmp (username, context->username) - && password && !strcmp (password, context->password)) - return OPENVPN_PLUGIN_FUNC_SUCCESS; - else - return OPENVPN_PLUGIN_FUNC_ERROR; -} - -OPENVPN_EXPORT void -openvpn_plugin_close_v1 (openvpn_plugin_handle_t handle) -{ - struct plugin_context *context = (struct plugin_context *) handle; - free (context); -} diff --git a/openvpn/sample/sample-plugins/simple/simple.def b/openvpn/sample/sample-plugins/simple/simple.def deleted file mode 100755 index a87507d1..00000000 --- a/openvpn/sample/sample-plugins/simple/simple.def +++ /dev/null @@ -1,6 +0,0 @@ -LIBRARY OpenVPN_PLUGIN_SAMPLE -DESCRIPTION "Sample OpenVPN plug-in module." -EXPORTS - openvpn_plugin_open_v1 @1 - openvpn_plugin_func_v1 @2 - openvpn_plugin_close_v1 @3 diff --git a/openvpn/sample/sample-plugins/simple/winbuild b/openvpn/sample/sample-plugins/simple/winbuild deleted file mode 100755 index decf05f8..00000000 --- a/openvpn/sample/sample-plugins/simple/winbuild +++ /dev/null @@ -1,18 +0,0 @@ -# -# Build an OpenVPN plugin module on Windows/MinGW. -# The argument should be the base name of the C source file -# (without the .c). -# - -# This directory is where we will look for openvpn-plugin.h -INCLUDE="-I../../../include" - -CC_FLAGS="-O2 -Wall" - -gcc -DBUILD_DLL $CC_FLAGS $INCLUDE -c $1.c -gcc --disable-stdcall-fixup -mdll -DBUILD_DLL -o junk.tmp -Wl,--base-file,base.tmp $1.o -rm junk.tmp -dlltool --dllname $1.dll --base-file base.tmp --output-exp temp.exp --input-def $1.def -rm base.tmp -gcc --enable-stdcall-fixup -mdll -DBUILD_DLL -o $1.dll $1.o -Wl,temp.exp -rm temp.exp diff --git a/openvpn/sample/sample-scripts/auth-pam.pl b/openvpn/sample/sample-scripts/auth-pam.pl deleted file mode 100755 index 5333badc..00000000 --- a/openvpn/sample/sample-scripts/auth-pam.pl +++ /dev/null @@ -1,97 +0,0 @@ -#!/usr/bin/perl -t - -# OpenVPN PAM AUTHENTICATON -# This script can be used to add PAM-based authentication -# to OpenVPN 2.0. The OpenVPN client must provide -# a username/password, using the --auth-user-pass directive. -# The OpenVPN server should specify --auth-user-pass-verify -# with this script as the argument and the 'via-file' method -# specified. The server can also optionally specify -# --client-cert-not-required and/or --username-as-common-name. - -# SCRIPT OPERATION -# Return success or failure status based on whether or not a -# given username/password authenticates using PAM. -# Caller should write username/password as two lines in a file -# which is passed to this script as a command line argument. - -# CAVEATS -# * Requires Authen::PAM module, which may also -# require the pam-devel package. -# * May need to be run as root in order to -# access username/password file. - -# NOTES -# * This script is provided mostly as a demonstration of the -# --auth-user-pass-verify script capability in OpenVPN. -# For real world usage, see the auth-pam module in the plugin -# folder. - -use Authen::PAM; -use POSIX; - -# This "conversation function" will pass -# $password to PAM when it asks for it. - -sub my_conv_func { - my @res; - while ( @_ ) { - my $code = shift; - my $msg = shift; - my $ans = ""; - - $ans = $password if $msg =~ /[Pp]assword/; - - push @res, (PAM_SUCCESS(),$ans); - } - push @res, PAM_SUCCESS(); - return @res; -} - -# Identify service type to PAM -$service = "login"; - -# Get username/password from file - -if ($ARG = shift @ARGV) { - if (!open (UPFILE, "<$ARG")) { - print "Could not open username/password file: $ARG\n"; - exit 1; - } -} else { - print "No username/password file specified on command line\n"; - exit 1; -} - -$username = <UPFILE>; -$password = <UPFILE>; - -if (!$username || !$password) { - print "Username/password not found in file: $ARG\n"; - exit 1; -} - -chomp $username; -chomp $password; - -close (UPFILE); - -# Initialize PAM object - -if (!ref($pamh = new Authen::PAM($service, $username, \&my_conv_func))) { - print "Authen::PAM init failed\n"; - exit 1; -} - -# Authenticate with PAM - -$res = $pamh->pam_authenticate; - -# Return success or failure - -if ($res == PAM_SUCCESS()) { - exit 0; -} else { - print "Auth '$username' failed, PAM said: ", $pamh->pam_strerror($res), "\n"; - exit 1; -} diff --git a/openvpn/sample/sample-scripts/bridge-start b/openvpn/sample/sample-scripts/bridge-start deleted file mode 100755 index d20a2603..00000000 --- a/openvpn/sample/sample-scripts/bridge-start +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/sh - -################################# -# Set up Ethernet bridge on Linux -# Requires: bridge-utils -################################# - -# Define Bridge Interface -br="br0" - -# Define list of TAP interfaces to be bridged, -# for example tap="tap0 tap1 tap2". -tap="tap0" - -# Define physical ethernet interface to be bridged -# with TAP interface(s) above. -eth="eth0" -eth_ip="192.168.8.4" -eth_netmask="255.255.255.0" -eth_broadcast="192.168.8.255" - -for t in $tap; do - openvpn --mktun --dev $t -done - -brctl addbr $br -brctl addif $br $eth - -for t in $tap; do - brctl addif $br $t -done - -for t in $tap; do - ifconfig $t 0.0.0.0 promisc up -done - -ifconfig $eth 0.0.0.0 promisc up - -ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast diff --git a/openvpn/sample/sample-scripts/bridge-stop b/openvpn/sample/sample-scripts/bridge-stop deleted file mode 100755 index 81927794..00000000 --- a/openvpn/sample/sample-scripts/bridge-stop +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/sh - -#################################### -# Tear Down Ethernet bridge on Linux -#################################### - -# Define Bridge Interface -br="br0" - -# Define list of TAP interfaces to be bridged together -tap="tap0" - -ifconfig $br down -brctl delbr $br - -for t in $tap; do - openvpn --rmtun --dev $t -done diff --git a/openvpn/sample/sample-scripts/ucn.pl b/openvpn/sample/sample-scripts/ucn.pl deleted file mode 100755 index 6d708f82..00000000 --- a/openvpn/sample/sample-scripts/ucn.pl +++ /dev/null @@ -1,11 +0,0 @@ -#!/usr/bin/perl -t - -# OpenVPN --auth-user-pass-verify script. -# Only authenticate if username equals common_name. -# In OpenVPN config file: -# auth-user-pass-verify ./ucn.pl via-env - -$username = $ENV{'username'}; -$common_name = $ENV{'common_name'}; - -exit !(length($username) > 0 && length($common_name) > 0 && $username eq $common_name); diff --git a/openvpn/sample/sample-scripts/verify-cn b/openvpn/sample/sample-scripts/verify-cn deleted file mode 100755 index 6e747ef1..00000000 --- a/openvpn/sample/sample-scripts/verify-cn +++ /dev/null @@ -1,64 +0,0 @@ -#!/usr/bin/perl - -# verify-cn -- a sample OpenVPN tls-verify script -# -# Return 0 if cn matches the common name component of -# subject, 1 otherwise. -# -# For example in OpenVPN, you could use the directive: -# -# tls-verify "./verify-cn /etc/openvpn/allowed_clients" -# -# This would cause the connection to be dropped unless -# the client common name is listed on a line in the -# allowed_clients file. - -die "usage: verify-cn cnfile certificate_depth subject" if (@ARGV != 3); - -# Parse out arguments: -# cnfile -- The file containing the list of common names, one per -# line, which the client is required to have, -# taken from the argument to the tls-verify directive -# in the OpenVPN config file. -# The file can have blank lines and comment lines that begin -# with the # character. -# depth -- The current certificate chain depth. In a typical -# bi-level chain, the root certificate will be at level -# 1 and the client certificate will be at level 0. -# This script will be called separately for each level. -# x509 -- the X509 subject string as extracted by OpenVPN from -# the client's provided certificate. -($cnfile, $depth, $x509) = @ARGV; - -if ($depth == 0) { - # If depth is zero, we know that this is the final - # certificate in the chain (i.e. the client certificate), - # and the one we are interested in examining. - # If so, parse out the common name substring in - # the X509 subject string. - - if ($x509 =~ / CN=([^,]+)/) { - $cn = $1; - # Accept the connection if the X509 common name - # string matches the passed cn argument. - open(FH, '<', $cnfile) or exit 1; # can't open, nobody authenticates! - while (defined($line = <FH>)) { - if ($line !~ /^[[:space:]]*(#|$)/o) { - chop($line); - if ($line eq $cn) { - exit 0; - } - } - } - close(FH); - } - - # Authentication failed -- Either we could not parse - # the X509 subject string, or the common name in the - # subject string didn't match the passed cn argument. - exit 1; -} - -# If depth is nonzero, tell OpenVPN to continue processing -# the certificate chain. -exit 0; diff --git a/openvpn/sample/sample-windows/sample.ovpn b/openvpn/sample/sample-windows/sample.ovpn deleted file mode 100755 index 5accd573..00000000 --- a/openvpn/sample/sample-windows/sample.ovpn +++ /dev/null @@ -1,103 +0,0 @@ -# Edit this file, and save to a .ovpn extension -# so that OpenVPN will activate it when run -# as a service. - -# Change 'myremote' to be your remote host, -# or comment out to enter a listening -# server mode. -remote myremote - -# Uncomment this line to use a different -# port number than the default of 1194. -; port 1194 - -# Choose one of three protocols supported by -# OpenVPN. If left commented out, defaults -# to udp. -; proto [tcp-server | tcp-client | udp] - -# You must specify one of two possible network -# protocols, 'dev tap' or 'dev tun' to be used -# on both sides of the connection. 'tap' creates -# a VPN using the ethernet protocol while 'tun' -# uses the IP protocol. You must use 'tap' -# if you are ethernet bridging or want to route -# broadcasts. 'tun' is somewhat more efficient -# but requires configuration of client software -# to not depend on broadcasts. Some platforms -# such as Solaris, OpenBSD, and Mac OS X only -# support 'tun' interfaces, so if you are -# connecting to such a platform, you must also -# use a 'tun' interface on the Windows side. - -# Enable 'dev tap' or 'dev tun' but not both! -dev tap - -# This is a 'dev tap' ifconfig that creates -# a virtual ethernet subnet. -# 10.3.0.1 is the local VPN IP address -# and 255.255.255.0 is the VPN subnet. -# Only define this option for 'dev tap'. -ifconfig 10.3.0.1 255.255.255.0 - -# This is a 'dev tun' ifconfig that creates -# a point-to-point IP link. -# 10.3.0.1 is the local VPN IP address and -# 10.3.0.2 is the remote VPN IP address. -# Only define this option for 'dev tun'. -# Make sure to include the "tun-mtu" option -# on the remote machine, but swap the order -# of the ifconfig addresses. -;tun-mtu 1500 -;ifconfig 10.3.0.1 10.3.0.2 - -# If you have fragmentation issues or misconfigured -# routers in the path which block Path MTU discovery, -# lower the TCP MSS and internally fragment non-TCP -# protocols. -;fragment 1300 -;mssfix - -# If you have set up more than one TAP-Win32 adapter -# on your system, you must refer to it by name. -;dev-node my-tap - -# You can generate a static OpenVPN key -# by selecting the Generate Key option -# in the start menu. -# -# You can also generate key.txt manually -# with the following command: -# openvpn --genkey --secret key.txt -# -# key must match on both ends of the connection, -# so you should generate it on one machine and -# copy it to the other over a secure medium. -# Place key.txt in the same directory as this -# config file. -secret key.txt - -# Uncomment this section for a more reliable -# detection when a system loses its connection. -# For example, dial-ups or laptops that travel -# to other locations. -# -# If this section is enabled and "myremote" -# above is a dynamic DNS name (i.e. dyndns.org), -# OpenVPN will dynamically "follow" the IP -# address of "myremote" if it changes. -; ping-restart 60 -; ping-timer-rem -; persist-tun -; persist-key -; resolv-retry 86400 - -# keep-alive ping -ping 10 - -# enable LZO compression -comp-lzo - -# moderate verbosity -verb 4 -mute 10 |