summaryrefslogtreecommitdiff
path: root/openvpn/sample
diff options
context:
space:
mode:
Diffstat (limited to 'openvpn/sample')
-rw-r--r--openvpn/sample/Makefile.am34
-rw-r--r--openvpn/sample/sample-config-files/README6
-rw-r--r--openvpn/sample/sample-config-files/client.conf123
-rwxr-xr-xopenvpn/sample/sample-config-files/firewall.sh108
-rwxr-xr-xopenvpn/sample/sample-config-files/home.up2
-rw-r--r--openvpn/sample/sample-config-files/loopback-client25
-rw-r--r--openvpn/sample/sample-config-files/loopback-server26
-rwxr-xr-xopenvpn/sample/sample-config-files/office.up2
-rwxr-xr-xopenvpn/sample/sample-config-files/openvpn-shutdown.sh5
-rwxr-xr-xopenvpn/sample/sample-config-files/openvpn-startup.sh34
-rw-r--r--openvpn/sample/sample-config-files/server.conf299
-rw-r--r--openvpn/sample/sample-config-files/static-home.conf72
-rw-r--r--openvpn/sample/sample-config-files/static-office.conf69
-rw-r--r--openvpn/sample/sample-config-files/tls-home.conf83
-rw-r--r--openvpn/sample/sample-config-files/tls-office.conf83
-rw-r--r--openvpn/sample/sample-config-files/xinetd-client-config11
-rw-r--r--openvpn/sample/sample-config-files/xinetd-server-config25
-rw-r--r--openvpn/sample/sample-keys/README14
-rw-r--r--openvpn/sample/sample-keys/ca.crt19
-rw-r--r--openvpn/sample/sample-keys/ca.key15
-rw-r--r--openvpn/sample/sample-keys/client.crt65
-rw-r--r--openvpn/sample/sample-keys/client.key15
-rw-r--r--openvpn/sample/sample-keys/dh1024.pem5
-rw-r--r--openvpn/sample/sample-keys/pass.crt65
-rw-r--r--openvpn/sample/sample-keys/pass.key18
-rw-r--r--openvpn/sample/sample-keys/pkcs12.p12bin2685 -> 0 bytes
-rw-r--r--openvpn/sample/sample-keys/server.crt67
-rw-r--r--openvpn/sample/sample-keys/server.key15
-rw-r--r--openvpn/sample/sample-plugins/defer/README16
-rwxr-xr-xopenvpn/sample/sample-plugins/defer/build15
-rw-r--r--openvpn/sample/sample-plugins/defer/simple.c305
-rwxr-xr-xopenvpn/sample/sample-plugins/defer/simple.def6
-rwxr-xr-xopenvpn/sample/sample-plugins/defer/winbuild18
-rwxr-xr-xopenvpn/sample/sample-plugins/log/build15
-rw-r--r--openvpn/sample/sample-plugins/log/log.c184
-rw-r--r--openvpn/sample/sample-plugins/log/log_v3.c252
-rwxr-xr-xopenvpn/sample/sample-plugins/log/winbuild18
-rw-r--r--openvpn/sample/sample-plugins/simple/README16
-rwxr-xr-xopenvpn/sample/sample-plugins/simple/build15
-rw-r--r--openvpn/sample/sample-plugins/simple/simple.c120
-rwxr-xr-xopenvpn/sample/sample-plugins/simple/simple.def6
-rwxr-xr-xopenvpn/sample/sample-plugins/simple/winbuild18
-rwxr-xr-xopenvpn/sample/sample-scripts/auth-pam.pl97
-rwxr-xr-xopenvpn/sample/sample-scripts/bridge-start39
-rwxr-xr-xopenvpn/sample/sample-scripts/bridge-stop18
-rwxr-xr-xopenvpn/sample/sample-scripts/ucn.pl11
-rwxr-xr-xopenvpn/sample/sample-scripts/verify-cn64
-rwxr-xr-xopenvpn/sample/sample-windows/sample.ovpn103
48 files changed, 0 insertions, 2641 deletions
diff --git a/openvpn/sample/Makefile.am b/openvpn/sample/Makefile.am
deleted file mode 100644
index be30c88a..00000000
--- a/openvpn/sample/Makefile.am
+++ /dev/null
@@ -1,34 +0,0 @@
-#
-# OpenVPN -- An application to securely tunnel IP networks
-# over a single UDP port, with support for SSL/TLS-based
-# session authentication and key exchange,
-# packet encryption, packet authentication, and
-# packet compression.
-#
-# Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
-# Copyright (C) 2006-2012 Alon Bar-Lev <alon.barlev@gmail.com>
-#
-
-MAINTAINERCLEANFILES = \
- $(srcdir)/Makefile.in
-
-EXTRA_DIST = \
- sample-plugins \
- sample-config-files \
- sample-windows \
- sample-keys \
- sample-scripts
-
-if WIN32
-sample_DATA = \
- client.ovpn \
- server.ovpn \
- sample-windows/sample.ovpn
-
-client.ovpn: sample-config-files/client.conf
- -rm -f client.ovpn
- cp "$(srcdir)/sample-config-files/client.conf" client.ovpn
-server.ovpn: sample-config-files/server.conf
- -rm -f server.ovpn
- cp "$(srcdir)/sample-config-files/server.conf" server.ovpn
-endif
diff --git a/openvpn/sample/sample-config-files/README b/openvpn/sample/sample-config-files/README
deleted file mode 100644
index d53ac79a..00000000
--- a/openvpn/sample/sample-config-files/README
+++ /dev/null
@@ -1,6 +0,0 @@
-Sample OpenVPN Configuration Files.
-
-These files are part of the OpenVPN HOWTO
-which is located at:
-
-http://openvpn.net/howto.html
diff --git a/openvpn/sample/sample-config-files/client.conf b/openvpn/sample/sample-config-files/client.conf
deleted file mode 100644
index 58b2038b..00000000
--- a/openvpn/sample/sample-config-files/client.conf
+++ /dev/null
@@ -1,123 +0,0 @@
-##############################################
-# Sample client-side OpenVPN 2.0 config file #
-# for connecting to multi-client server. #
-# #
-# This configuration can be used by multiple #
-# clients, however each client should have #
-# its own cert and key files. #
-# #
-# On Windows, you might want to rename this #
-# file so it has a .ovpn extension #
-##############################################
-
-# Specify that we are a client and that we
-# will be pulling certain config file directives
-# from the server.
-client
-
-# Use the same setting as you are using on
-# the server.
-# On most systems, the VPN will not function
-# unless you partially or fully disable
-# the firewall for the TUN/TAP interface.
-;dev tap
-dev tun
-
-# Windows needs the TAP-Win32 adapter name
-# from the Network Connections panel
-# if you have more than one. On XP SP2,
-# you may need to disable the firewall
-# for the TAP adapter.
-;dev-node MyTap
-
-# Are we connecting to a TCP or
-# UDP server? Use the same setting as
-# on the server.
-;proto tcp
-proto udp
-
-# The hostname/IP and port of the server.
-# You can have multiple remote entries
-# to load balance between the servers.
-remote my-server-1 1194
-;remote my-server-2 1194
-
-# Choose a random host from the remote
-# list for load-balancing. Otherwise
-# try hosts in the order specified.
-;remote-random
-
-# Keep trying indefinitely to resolve the
-# host name of the OpenVPN server. Very useful
-# on machines which are not permanently connected
-# to the internet such as laptops.
-resolv-retry infinite
-
-# Most clients don't need to bind to
-# a specific local port number.
-nobind
-
-# Downgrade privileges after initialization (non-Windows only)
-;user nobody
-;group nobody
-
-# Try to preserve some state across restarts.
-persist-key
-persist-tun
-
-# If you are connecting through an
-# HTTP proxy to reach the actual OpenVPN
-# server, put the proxy server/IP and
-# port number here. See the man page
-# if your proxy server requires
-# authentication.
-;http-proxy-retry # retry on connection failures
-;http-proxy [proxy server] [proxy port #]
-
-# Wireless networks often produce a lot
-# of duplicate packets. Set this flag
-# to silence duplicate packet warnings.
-;mute-replay-warnings
-
-# SSL/TLS parms.
-# See the server config file for more
-# description. It's best to use
-# a separate .crt/.key file pair
-# for each client. A single ca
-# file can be used for all clients.
-ca ca.crt
-cert client.crt
-key client.key
-
-# Verify server certificate by checking
-# that the certicate has the nsCertType
-# field set to "server". This is an
-# important precaution to protect against
-# a potential attack discussed here:
-# http://openvpn.net/howto.html#mitm
-#
-# To use this feature, you will need to generate
-# your server certificates with the nsCertType
-# field set to "server". The build-key-server
-# script in the easy-rsa folder will do this.
-ns-cert-type server
-
-# If a tls-auth key is used on the server
-# then every client must also have the key.
-;tls-auth ta.key 1
-
-# Select a cryptographic cipher.
-# If the cipher option is used on the server
-# then you must also specify it here.
-;cipher x
-
-# Enable compression on the VPN link.
-# Don't enable this unless it is also
-# enabled in the server config file.
-comp-lzo
-
-# Set log file verbosity.
-verb 3
-
-# Silence repeating messages
-;mute 20
diff --git a/openvpn/sample/sample-config-files/firewall.sh b/openvpn/sample/sample-config-files/firewall.sh
deleted file mode 100755
index 19d75ee9..00000000
--- a/openvpn/sample/sample-config-files/firewall.sh
+++ /dev/null
@@ -1,108 +0,0 @@
-#!/bin/sh
-
-# A Sample OpenVPN-aware firewall.
-
-# eth0 is connected to the internet.
-# eth1 is connected to a private subnet.
-
-# Change this subnet to correspond to your private
-# ethernet subnet. Home will use HOME_NET/24 and
-# Office will use OFFICE_NET/24.
-PRIVATE=10.0.0.0/24
-
-# Loopback address
-LOOP=127.0.0.1
-
-# Delete old iptables rules
-# and temporarily block all traffic.
-iptables -P OUTPUT DROP
-iptables -P INPUT DROP
-iptables -P FORWARD DROP
-iptables -F
-
-# Set default policies
-iptables -P OUTPUT ACCEPT
-iptables -P INPUT DROP
-iptables -P FORWARD DROP
-
-# Prevent external packets from using loopback addr
-iptables -A INPUT -i eth0 -s $LOOP -j DROP
-iptables -A FORWARD -i eth0 -s $LOOP -j DROP
-iptables -A INPUT -i eth0 -d $LOOP -j DROP
-iptables -A FORWARD -i eth0 -d $LOOP -j DROP
-
-# Anything coming from the Internet should have a real Internet address
-iptables -A FORWARD -i eth0 -s 192.168.0.0/16 -j DROP
-iptables -A FORWARD -i eth0 -s 172.16.0.0/12 -j DROP
-iptables -A FORWARD -i eth0 -s 10.0.0.0/8 -j DROP
-iptables -A INPUT -i eth0 -s 192.168.0.0/16 -j DROP
-iptables -A INPUT -i eth0 -s 172.16.0.0/12 -j DROP
-iptables -A INPUT -i eth0 -s 10.0.0.0/8 -j DROP
-
-# Block outgoing NetBios (if you have windows machines running
-# on the private subnet). This will not affect any NetBios
-# traffic that flows over the VPN tunnel, but it will stop
-# local windows machines from broadcasting themselves to
-# the internet.
-iptables -A FORWARD -p tcp --sport 137:139 -o eth0 -j DROP
-iptables -A FORWARD -p udp --sport 137:139 -o eth0 -j DROP
-iptables -A OUTPUT -p tcp --sport 137:139 -o eth0 -j DROP
-iptables -A OUTPUT -p udp --sport 137:139 -o eth0 -j DROP
-
-# Check source address validity on packets going out to internet
-iptables -A FORWARD -s ! $PRIVATE -i eth1 -j DROP
-
-# Allow local loopback
-iptables -A INPUT -s $LOOP -j ACCEPT
-iptables -A INPUT -d $LOOP -j ACCEPT
-
-# Allow incoming pings (can be disabled)
-iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
-
-# Allow services such as www and ssh (can be disabled)
-iptables -A INPUT -p tcp --dport http -j ACCEPT
-iptables -A INPUT -p tcp --dport ssh -j ACCEPT
-
-# Allow incoming OpenVPN packets
-# Duplicate the line below for each
-# OpenVPN tunnel, changing --dport n
-# to match the OpenVPN UDP port.
-#
-# In OpenVPN, the port number is
-# controlled by the --port n option.
-# If you put this option in the config
-# file, you can remove the leading '--'
-#
-# If you taking the stateful firewall
-# approach (see the OpenVPN HOWTO),
-# then comment out the line below.
-
-iptables -A INPUT -p udp --dport 1194 -j ACCEPT
-
-# Allow packets from TUN/TAP devices.
-# When OpenVPN is run in a secure mode,
-# it will authenticate packets prior
-# to their arriving on a tun or tap
-# interface. Therefore, it is not
-# necessary to add any filters here,
-# unless you want to restrict the
-# type of packets which can flow over
-# the tunnel.
-
-iptables -A INPUT -i tun+ -j ACCEPT
-iptables -A FORWARD -i tun+ -j ACCEPT
-iptables -A INPUT -i tap+ -j ACCEPT
-iptables -A FORWARD -i tap+ -j ACCEPT
-
-# Allow packets from private subnets
-iptables -A INPUT -i eth1 -j ACCEPT
-iptables -A FORWARD -i eth1 -j ACCEPT
-
-# Keep state of connections from local machine and private subnets
-iptables -A OUTPUT -m state --state NEW -o eth0 -j ACCEPT
-iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-iptables -A FORWARD -m state --state NEW -o eth0 -j ACCEPT
-iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
-
-# Masquerade local subnet
-iptables -t nat -A POSTROUTING -s $PRIVATE -o eth0 -j MASQUERADE
diff --git a/openvpn/sample/sample-config-files/home.up b/openvpn/sample/sample-config-files/home.up
deleted file mode 100755
index 9c347cc5..00000000
--- a/openvpn/sample/sample-config-files/home.up
+++ /dev/null
@@ -1,2 +0,0 @@
-#!/bin/sh
-route add -net 10.0.0.0 netmask 255.255.255.0 gw $5
diff --git a/openvpn/sample/sample-config-files/loopback-client b/openvpn/sample/sample-config-files/loopback-client
deleted file mode 100644
index d7f59e69..00000000
--- a/openvpn/sample/sample-config-files/loopback-client
+++ /dev/null
@@ -1,25 +0,0 @@
-# Perform a TLS loopback test -- client side.
-#
-# This test performs a TLS negotiation once every 10 seconds,
-# and will terminate after 2 minutes.
-#
-# From the root directory of the OpenVPN distribution,
-# after openvpn has been built, run:
-#
-# ./openvpn --config sample-config-files/loopback-client (In one window)
-# ./openvpn --config sample-config-files/loopback-server (Simultaneously in another window)
-
-rport 16000
-lport 16001
-remote localhost
-local localhost
-dev null
-verb 3
-reneg-sec 10
-tls-client
-ca sample-keys/ca.crt
-key sample-keys/client.key
-cert sample-keys/client.crt
-cipher DES-EDE3-CBC
-ping 1
-inactive 120 10000000
diff --git a/openvpn/sample/sample-config-files/loopback-server b/openvpn/sample/sample-config-files/loopback-server
deleted file mode 100644
index 9d21bcec..00000000
--- a/openvpn/sample/sample-config-files/loopback-server
+++ /dev/null
@@ -1,26 +0,0 @@
-# Perform a TLS loopback test -- server side.
-#
-# This test performs a TLS negotiation once every 10 seconds,
-# and will terminate after 2 minutes.
-#
-# From the root directory of the OpenVPN distribution,
-# after openvpn has been built, run:
-#
-# ./openvpn --config sample-config-files/loopback-client (In one window)
-# ./openvpn --config sample-config-files/loopback-server (Simultaneously in another window)
-
-rport 16001
-lport 16000
-remote localhost
-local localhost
-dev null
-verb 3
-reneg-sec 10
-tls-server
-dh sample-keys/dh1024.pem
-ca sample-keys/ca.crt
-key sample-keys/server.key
-cert sample-keys/server.crt
-cipher DES-EDE3-CBC
-ping 1
-inactive 120 10000000
diff --git a/openvpn/sample/sample-config-files/office.up b/openvpn/sample/sample-config-files/office.up
deleted file mode 100755
index 74a71a33..00000000
--- a/openvpn/sample/sample-config-files/office.up
+++ /dev/null
@@ -1,2 +0,0 @@
-#!/bin/sh
-route add -net 10.0.1.0 netmask 255.255.255.0 gw $5
diff --git a/openvpn/sample/sample-config-files/openvpn-shutdown.sh b/openvpn/sample/sample-config-files/openvpn-shutdown.sh
deleted file mode 100755
index 8ed2d1d5..00000000
--- a/openvpn/sample/sample-config-files/openvpn-shutdown.sh
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/sh
-
-# stop all openvpn processes
-
-killall -TERM openvpn
diff --git a/openvpn/sample/sample-config-files/openvpn-startup.sh b/openvpn/sample/sample-config-files/openvpn-startup.sh
deleted file mode 100755
index 0ee006bc..00000000
--- a/openvpn/sample/sample-config-files/openvpn-startup.sh
+++ /dev/null
@@ -1,34 +0,0 @@
-#!/bin/sh
-
-# A sample OpenVPN startup script
-# for Linux.
-
-# openvpn config file directory
-dir=/etc/openvpn
-
-# load the firewall
-$dir/firewall.sh
-
-# load TUN/TAP kernel module
-modprobe tun
-
-# enable IP forwarding
-echo 1 > /proc/sys/net/ipv4/ip_forward
-
-# Invoke openvpn for each VPN tunnel
-# in daemon mode. Alternatively,
-# you could remove "--daemon" from
-# the command line and add "daemon"
-# to the config file.
-#
-# Each tunnel should run on a separate
-# UDP port. Use the "port" option
-# to control this. Like all of
-# OpenVPN's options, you can
-# specify "--port 8000" on the command
-# line or "port 8000" in the config
-# file.
-
-openvpn --cd $dir --daemon --config vpn1.conf
-openvpn --cd $dir --daemon --config vpn2.conf
-openvpn --cd $dir --daemon --config vpn2.conf
diff --git a/openvpn/sample/sample-config-files/server.conf b/openvpn/sample/sample-config-files/server.conf
deleted file mode 100644
index f483b6bb..00000000
--- a/openvpn/sample/sample-config-files/server.conf
+++ /dev/null
@@ -1,299 +0,0 @@
-#################################################
-# Sample OpenVPN 2.0 config file for #
-# multi-client server. #
-# #
-# This file is for the server side #
-# of a many-clients <-> one-server #
-# OpenVPN configuration. #
-# #
-# OpenVPN also supports #
-# single-machine <-> single-machine #
-# configurations (See the Examples page #
-# on the web site for more info). #
-# #
-# This config should work on Windows #
-# or Linux/BSD systems. Remember on #
-# Windows to quote pathnames and use #
-# double backslashes, e.g.: #
-# "C:\\Program Files\\OpenVPN\\config\\foo.key" #
-# #
-# Comments are preceded with '#' or ';' #
-#################################################
-
-# Which local IP address should OpenVPN
-# listen on? (optional)
-;local a.b.c.d
-
-# Which TCP/UDP port should OpenVPN listen on?
-# If you want to run multiple OpenVPN instances
-# on the same machine, use a different port
-# number for each one. You will need to
-# open up this port on your firewall.
-port 1194
-
-# TCP or UDP server?
-;proto tcp
-proto udp
-
-# "dev tun" will create a routed IP tunnel,
-# "dev tap" will create an ethernet tunnel.
-# Use "dev tap0" if you are ethernet bridging
-# and have precreated a tap0 virtual interface
-# and bridged it with your ethernet interface.
-# If you want to control access policies
-# over the VPN, you must create firewall
-# rules for the the TUN/TAP interface.
-# On non-Windows systems, you can give
-# an explicit unit number, such as tun0.
-# On Windows, use "dev-node" for this.
-# On most systems, the VPN will not function
-# unless you partially or fully disable
-# the firewall for the TUN/TAP interface.
-;dev tap
-dev tun
-
-# Windows needs the TAP-Win32 adapter name
-# from the Network Connections panel if you
-# have more than one. On XP SP2 or higher,
-# you may need to selectively disable the
-# Windows firewall for the TAP adapter.
-# Non-Windows systems usually don't need this.
-;dev-node MyTap
-
-# SSL/TLS root certificate (ca), certificate
-# (cert), and private key (key). Each client
-# and the server must have their own cert and
-# key file. The server and all clients will
-# use the same ca file.
-#
-# See the "easy-rsa" directory for a series
-# of scripts for generating RSA certificates
-# and private keys. Remember to use
-# a unique Common Name for the server
-# and each of the client certificates.
-#
-# Any X509 key management system can be used.
-# OpenVPN can also use a PKCS #12 formatted key file
-# (see "pkcs12" directive in man page).
-ca ca.crt
-cert server.crt
-key server.key # This file should be kept secret
-
-# Diffie hellman parameters.
-# Generate your own with:
-# openssl dhparam -out dh1024.pem 1024
-# Substitute 2048 for 1024 if you are using
-# 2048 bit keys.
-dh dh1024.pem
-
-# Configure server mode and supply a VPN subnet
-# for OpenVPN to draw client addresses from.
-# The server will take 10.8.0.1 for itself,
-# the rest will be made available to clients.
-# Each client will be able to reach the server
-# on 10.8.0.1. Comment this line out if you are
-# ethernet bridging. See the man page for more info.
-server 10.8.0.0 255.255.255.0
-
-# Maintain a record of client <-> virtual IP address
-# associations in this file. If OpenVPN goes down or
-# is restarted, reconnecting clients can be assigned
-# the same virtual IP address from the pool that was
-# previously assigned.
-ifconfig-pool-persist ipp.txt
-
-# Configure server mode for ethernet bridging.
-# You must first use your OS's bridging capability
-# to bridge the TAP interface with the ethernet
-# NIC interface. Then you must manually set the
-# IP/netmask on the bridge interface, here we
-# assume 10.8.0.4/255.255.255.0. Finally we
-# must set aside an IP range in this subnet
-# (start=10.8.0.50 end=10.8.0.100) to allocate
-# to connecting clients. Leave this line commented
-# out unless you are ethernet bridging.
-;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
-
-# Configure server mode for ethernet bridging
-# using a DHCP-proxy, where clients talk
-# to the OpenVPN server-side DHCP server
-# to receive their IP address allocation
-# and DNS server addresses. You must first use
-# your OS's bridging capability to bridge the TAP
-# interface with the ethernet NIC interface.
-# Note: this mode only works on clients (such as
-# Windows), where the client-side TAP adapter is
-# bound to a DHCP client.
-;server-bridge
-
-# Push routes to the client to allow it
-# to reach other private subnets behind
-# the server. Remember that these
-# private subnets will also need
-# to know to route the OpenVPN client
-# address pool (10.8.0.0/255.255.255.0)
-# back to the OpenVPN server.
-;push "route 192.168.10.0 255.255.255.0"
-;push "route 192.168.20.0 255.255.255.0"
-
-# To assign specific IP addresses to specific
-# clients or if a connecting client has a private
-# subnet behind it that should also have VPN access,
-# use the subdirectory "ccd" for client-specific
-# configuration files (see man page for more info).
-
-# EXAMPLE: Suppose the client
-# having the certificate common name "Thelonious"
-# also has a small subnet behind his connecting
-# machine, such as 192.168.40.128/255.255.255.248.
-# First, uncomment out these lines:
-;client-config-dir ccd
-;route 192.168.40.128 255.255.255.248
-# Then create a file ccd/Thelonious with this line:
-# iroute 192.168.40.128 255.255.255.248
-# This will allow Thelonious' private subnet to
-# access the VPN. This example will only work
-# if you are routing, not bridging, i.e. you are
-# using "dev tun" and "server" directives.
-
-# EXAMPLE: Suppose you want to give
-# Thelonious a fixed VPN IP address of 10.9.0.1.
-# First uncomment out these lines:
-;client-config-dir ccd
-;route 10.9.0.0 255.255.255.252
-# Then add this line to ccd/Thelonious:
-# ifconfig-push 10.9.0.1 10.9.0.2
-
-# Suppose that you want to enable different
-# firewall access policies for different groups
-# of clients. There are two methods:
-# (1) Run multiple OpenVPN daemons, one for each
-# group, and firewall the TUN/TAP interface
-# for each group/daemon appropriately.
-# (2) (Advanced) Create a script to dynamically
-# modify the firewall in response to access
-# from different clients. See man
-# page for more info on learn-address script.
-;learn-address ./script
-
-# If enabled, this directive will configure
-# all clients to redirect their default
-# network gateway through the VPN, causing
-# all IP traffic such as web browsing and
-# and DNS lookups to go through the VPN
-# (The OpenVPN server machine may need to NAT
-# or bridge the TUN/TAP interface to the internet
-# in order for this to work properly).
-;push "redirect-gateway def1 bypass-dhcp"
-
-# Certain Windows-specific network settings
-# can be pushed to clients, such as DNS
-# or WINS server addresses. CAVEAT:
-# http://openvpn.net/faq.html#dhcpcaveats
-# The addresses below refer to the public
-# DNS servers provided by opendns.com.
-;push "dhcp-option DNS 208.67.222.222"
-;push "dhcp-option DNS 208.67.220.220"
-
-# Uncomment this directive to allow different
-# clients to be able to "see" each other.
-# By default, clients will only see the server.
-# To force clients to only see the server, you
-# will also need to appropriately firewall the
-# server's TUN/TAP interface.
-;client-to-client
-
-# Uncomment this directive if multiple clients
-# might connect with the same certificate/key
-# files or common names. This is recommended
-# only for testing purposes. For production use,
-# each client should have its own certificate/key
-# pair.
-#
-# IF YOU HAVE NOT GENERATED INDIVIDUAL
-# CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
-# EACH HAVING ITS OWN UNIQUE "COMMON NAME",
-# UNCOMMENT THIS LINE OUT.
-;duplicate-cn
-
-# The keepalive directive causes ping-like
-# messages to be sent back and forth over
-# the link so that each side knows when
-# the other side has gone down.
-# Ping every 10 seconds, assume that remote
-# peer is down if no ping received during
-# a 120 second time period.
-keepalive 10 120
-
-# For extra security beyond that provided
-# by SSL/TLS, create an "HMAC firewall"
-# to help block DoS attacks and UDP port flooding.
-#
-# Generate with:
-# openvpn --genkey --secret ta.key
-#
-# The server and each client must have
-# a copy of this key.
-# The second parameter should be '0'
-# on the server and '1' on the clients.
-;tls-auth ta.key 0 # This file is secret
-
-# Select a cryptographic cipher.
-# This config item must be copied to
-# the client config file as well.
-;cipher BF-CBC # Blowfish (default)
-;cipher AES-128-CBC # AES
-;cipher DES-EDE3-CBC # Triple-DES
-
-# Enable compression on the VPN link.
-# If you enable it here, you must also
-# enable it in the client config file.
-comp-lzo
-
-# The maximum number of concurrently connected
-# clients we want to allow.
-;max-clients 100
-
-# It's a good idea to reduce the OpenVPN
-# daemon's privileges after initialization.
-#
-# You can uncomment this out on
-# non-Windows systems.
-;user nobody
-;group nobody
-
-# The persist options will try to avoid
-# accessing certain resources on restart
-# that may no longer be accessible because
-# of the privilege downgrade.
-persist-key
-persist-tun
-
-# Output a short status file showing
-# current connections, truncated
-# and rewritten every minute.
-status openvpn-status.log
-
-# By default, log messages will go to the syslog (or
-# on Windows, if running as a service, they will go to
-# the "\Program Files\OpenVPN\log" directory).
-# Use log or log-append to override this default.
-# "log" will truncate the log file on OpenVPN startup,
-# while "log-append" will append to it. Use one
-# or the other (but not both).
-;log openvpn.log
-;log-append openvpn.log
-
-# Set the appropriate level of log
-# file verbosity.
-#
-# 0 is silent, except for fatal errors
-# 4 is reasonable for general usage
-# 5 and 6 can help to debug connection problems
-# 9 is extremely verbose
-verb 3
-
-# Silence repeating messages. At most 20
-# sequential messages of the same message
-# category will be output to the log.
-;mute 20
diff --git a/openvpn/sample/sample-config-files/static-home.conf b/openvpn/sample/sample-config-files/static-home.conf
deleted file mode 100644
index c9666874..00000000
--- a/openvpn/sample/sample-config-files/static-home.conf
+++ /dev/null
@@ -1,72 +0,0 @@
-#
-# Sample OpenVPN configuration file for
-# home using a pre-shared static key.
-#
-# '#' or ';' may be used to delimit comments.
-
-# Use a dynamic tun device.
-# For Linux 2.2 or non-Linux OSes,
-# you may want to use an explicit
-# unit number such as "tun1".
-# OpenVPN also supports virtual
-# ethernet "tap" devices.
-dev tun
-
-# Our OpenVPN peer is the office gateway.
-remote 1.2.3.4
-
-# 10.1.0.2 is our local VPN endpoint (home).
-# 10.1.0.1 is our remote VPN endpoint (office).
-ifconfig 10.1.0.2 10.1.0.1
-
-# Our up script will establish routes
-# once the VPN is alive.
-up ./home.up
-
-# Our pre-shared static key
-secret static.key
-
-# OpenVPN 2.0 uses UDP port 1194 by default
-# (official port assignment by iana.org 11/04).
-# OpenVPN 1.x uses UDP port 5000 by default.
-# Each OpenVPN tunnel must use
-# a different port number.
-# lport or rport can be used
-# to denote different ports
-# for local and remote.
-; port 1194
-
-# Downgrade UID and GID to
-# "nobody" after initialization
-# for extra security.
-; user nobody
-; group nobody
-
-# If you built OpenVPN with
-# LZO compression, uncomment
-# out the following line.
-; comp-lzo
-
-# Send a UDP ping to remote once
-# every 15 seconds to keep
-# stateful firewall connection
-# alive. Uncomment this
-# out if you are using a stateful
-# firewall.
-; ping 15
-
-# Uncomment this section for a more reliable detection when a system
-# loses its connection. For example, dial-ups or laptops that
-# travel to other locations.
-; ping 15
-; ping-restart 45
-; ping-timer-rem
-; persist-tun
-; persist-key
-
-# Verbosity level.
-# 0 -- quiet except for fatal errors.
-# 1 -- mostly quiet, but display non-fatal network errors.
-# 3 -- medium output, good for normal operation.
-# 9 -- verbose, good for troubleshooting
-verb 3
diff --git a/openvpn/sample/sample-config-files/static-office.conf b/openvpn/sample/sample-config-files/static-office.conf
deleted file mode 100644
index 68030cc9..00000000
--- a/openvpn/sample/sample-config-files/static-office.conf
+++ /dev/null
@@ -1,69 +0,0 @@
-#
-# Sample OpenVPN configuration file for
-# office using a pre-shared static key.
-#
-# '#' or ';' may be used to delimit comments.
-
-# Use a dynamic tun device.
-# For Linux 2.2 or non-Linux OSes,
-# you may want to use an explicit
-# unit number such as "tun1".
-# OpenVPN also supports virtual
-# ethernet "tap" devices.
-dev tun
-
-# 10.1.0.1 is our local VPN endpoint (office).
-# 10.1.0.2 is our remote VPN endpoint (home).
-ifconfig 10.1.0.1 10.1.0.2
-
-# Our up script will establish routes
-# once the VPN is alive.
-up ./office.up
-
-# Our pre-shared static key
-secret static.key
-
-# OpenVPN 2.0 uses UDP port 1194 by default
-# (official port assignment by iana.org 11/04).
-# OpenVPN 1.x uses UDP port 5000 by default.
-# Each OpenVPN tunnel must use
-# a different port number.
-# lport or rport can be used
-# to denote different ports
-# for local and remote.
-; port 1194
-
-# Downgrade UID and GID to
-# "nobody" after initialization
-# for extra security.
-; user nobody
-; group nobody
-
-# If you built OpenVPN with
-# LZO compression, uncomment
-# out the following line.
-; comp-lzo
-
-# Send a UDP ping to remote once
-# every 15 seconds to keep
-# stateful firewall connection
-# alive. Uncomment this
-# out if you are using a stateful
-# firewall.
-; ping 15
-
-# Uncomment this section for a more reliable detection when a system
-# loses its connection. For example, dial-ups or laptops that
-# travel to other locations.
-; ping 15
-; ping-restart 45
-; ping-timer-rem
-; persist-tun
-; persist-key
-
-# Verbosity level.
-# 0 -- quiet except for fatal errors.
-# 1 -- mostly quiet, but display non-fatal network errors.
-# 3 -- medium output, good for normal operation.
-# 9 -- verbose, good for troubleshooting
-verb 3
diff --git a/openvpn/sample/sample-config-files/tls-home.conf b/openvpn/sample/sample-config-files/tls-home.conf
deleted file mode 100644
index daa4ea1e..00000000
--- a/openvpn/sample/sample-config-files/tls-home.conf
+++ /dev/null
@@ -1,83 +0,0 @@
-#
-# Sample OpenVPN configuration file for
-# home using SSL/TLS mode and RSA certificates/keys.
-#
-# '#' or ';' may be used to delimit comments.
-
-# Use a dynamic tun device.
-# For Linux 2.2 or non-Linux OSes,
-# you may want to use an explicit
-# unit number such as "tun1".
-# OpenVPN also supports virtual
-# ethernet "tap" devices.
-dev tun
-
-# Our OpenVPN peer is the office gateway.
-remote 1.2.3.4
-
-# 10.1.0.2 is our local VPN endpoint (home).
-# 10.1.0.1 is our remote VPN endpoint (office).
-ifconfig 10.1.0.2 10.1.0.1
-
-# Our up script will establish routes
-# once the VPN is alive.
-up ./home.up
-
-# In SSL/TLS key exchange, Office will
-# assume server role and Home
-# will assume client role.
-tls-client
-
-# Certificate Authority file
-ca my-ca.crt
-
-# Our certificate/public key
-cert home.crt
-
-# Our private key
-key home.key
-
-# OpenVPN 2.0 uses UDP port 1194 by default
-# (official port assignment by iana.org 11/04).
-# OpenVPN 1.x uses UDP port 5000 by default.
-# Each OpenVPN tunnel must use
-# a different port number.
-# lport or rport can be used
-# to denote different ports
-# for local and remote.
-; port 1194
-
-# Downgrade UID and GID to
-# "nobody" after initialization
-# for extra security.
-; user nobody
-; group nobody
-
-# If you built OpenVPN with
-# LZO compression, uncomment
-# out the following line.
-; comp-lzo
-
-# Send a UDP ping to remote once
-# every 15 seconds to keep
-# stateful firewall connection
-# alive. Uncomment this
-# out if you are using a stateful
-# firewall.
-; ping 15
-
-# Uncomment this section for a more reliable detection when a system
-# loses its connection. For example, dial-ups or laptops that
-# travel to other locations.
-; ping 15
-; ping-restart 45
-; ping-timer-rem
-; persist-tun
-; persist-key
-
-# Verbosity level.
-# 0 -- quiet except for fatal errors.
-# 1 -- mostly quiet, but display non-fatal network errors.
-# 3 -- medium output, good for normal operation.
-# 9 -- verbose, good for troubleshooting
-verb 3
diff --git a/openvpn/sample/sample-config-files/tls-office.conf b/openvpn/sample/sample-config-files/tls-office.conf
deleted file mode 100644
index f790f469..00000000
--- a/openvpn/sample/sample-config-files/tls-office.conf
+++ /dev/null
@@ -1,83 +0,0 @@
-#
-# Sample OpenVPN configuration file for
-# office using SSL/TLS mode and RSA certificates/keys.
-#
-# '#' or ';' may be used to delimit comments.
-
-# Use a dynamic tun device.
-# For Linux 2.2 or non-Linux OSes,
-# you may want to use an explicit
-# unit number such as "tun1".
-# OpenVPN also supports virtual
-# ethernet "tap" devices.
-dev tun
-
-# 10.1.0.1 is our local VPN endpoint (office).
-# 10.1.0.2 is our remote VPN endpoint (home).
-ifconfig 10.1.0.1 10.1.0.2
-
-# Our up script will establish routes
-# once the VPN is alive.
-up ./office.up
-
-# In SSL/TLS key exchange, Office will
-# assume server role and Home
-# will assume client role.
-tls-server
-
-# Diffie-Hellman Parameters (tls-server only)
-dh dh1024.pem
-
-# Certificate Authority file
-ca my-ca.crt
-
-# Our certificate/public key
-cert office.crt
-
-# Our private key
-key office.key
-
-# OpenVPN 2.0 uses UDP port 1194 by default
-# (official port assignment by iana.org 11/04).
-# OpenVPN 1.x uses UDP port 5000 by default.
-# Each OpenVPN tunnel must use
-# a different port number.
-# lport or rport can be used
-# to denote different ports
-# for local and remote.
-; port 1194
-
-# Downgrade UID and GID to
-# "nobody" after initialization
-# for extra security.
-; user nobody
-; group nobody
-
-# If you built OpenVPN with
-# LZO compression, uncomment
-# out the following line.
-; comp-lzo
-
-# Send a UDP ping to remote once
-# every 15 seconds to keep
-# stateful firewall connection
-# alive. Uncomment this
-# out if you are using a stateful
-# firewall.
-; ping 15
-
-# Uncomment this section for a more reliable detection when a system
-# loses its connection. For example, dial-ups or laptops that
-# travel to other locations.
-; ping 15
-; ping-restart 45
-; ping-timer-rem
-; persist-tun
-; persist-key
-
-# Verbosity level.
-# 0 -- quiet except for fatal errors.
-# 1 -- mostly quiet, but display non-fatal network errors.
-# 3 -- medium output, good for normal operation.
-# 9 -- verbose, good for troubleshooting
-verb 3
diff --git a/openvpn/sample/sample-config-files/xinetd-client-config b/openvpn/sample/sample-config-files/xinetd-client-config
deleted file mode 100644
index 03c5c1fa..00000000
--- a/openvpn/sample/sample-config-files/xinetd-client-config
+++ /dev/null
@@ -1,11 +0,0 @@
-# This OpenVPN config file
-# is the client side counterpart
-# of xinetd-server-config
-
-dev tun
-ifconfig 10.4.0.1 10.4.0.2
-remote my-server
-port 1194
-user nobody
-secret /root/openvpn/key
-inactive 600
diff --git a/openvpn/sample/sample-config-files/xinetd-server-config b/openvpn/sample/sample-config-files/xinetd-server-config
deleted file mode 100644
index 803a6f8f..00000000
--- a/openvpn/sample/sample-config-files/xinetd-server-config
+++ /dev/null
@@ -1,25 +0,0 @@
-# An xinetd configuration file for OpenVPN.
-#
-# This file should be renamed to openvpn or something suitably
-# descriptive and copied to the /etc/xinetd.d directory.
-# xinetd can then be made aware of this file by restarting
-# it or sending it a SIGHUP signal.
-#
-# For each potential incoming client, create a separate version
-# of this configuration file on a unique port number. Also note
-# that the key file and ifconfig endpoints should be unique for
-# each client. This configuration assumes that the OpenVPN
-# executable and key live in /root/openvpn. Change this to fit
-# your environment.
-
-service openvpn_1
-{
- type = UNLISTED
- port = 1194
- socket_type = dgram
- protocol = udp
- wait = yes
- user = root
- server = /root/openvpn/openvpn
- server_args = --inetd --dev tun --ifconfig 10.4.0.2 10.4.0.1 --secret /root/openvpn/key --inactive 600 --user nobody
-}
diff --git a/openvpn/sample/sample-keys/README b/openvpn/sample/sample-keys/README
deleted file mode 100644
index 1cd473a1..00000000
--- a/openvpn/sample/sample-keys/README
+++ /dev/null
@@ -1,14 +0,0 @@
-Sample RSA keys.
-
-See the examples section of the man page
-for usage examples.
-
-NOTE: THESE KEYS ARE FOR TESTING PURPOSES ONLY.
- DON'T USE THEM FOR ANY REAL WORK BECAUSE
- THEY ARE TOTALLY INSECURE!
-
-ca.{crt,key} -- sample CA key/cert
-client.{crt,key} -- sample client key/cert
-server.{crt,key} -- sample server key/cert (nsCertType=server)
-pass.{crt,key} -- sample client key/cert with password-encrypted key
- password = "password"
diff --git a/openvpn/sample/sample-keys/ca.crt b/openvpn/sample/sample-keys/ca.crt
deleted file mode 100644
index e063ccce..00000000
--- a/openvpn/sample/sample-keys/ca.crt
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDBjCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQQFADBmMQswCQYDVQQGEwJLRzEL
-MAkGA1UECBMCTkExEDAOBgNVBAcTB0JJU0hLRUsxFTATBgNVBAoTDE9wZW5WUE4t
-VEVTVDEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTA0MTEy
-NTE0NDA1NVoXDTE0MTEyMzE0NDA1NVowZjELMAkGA1UEBhMCS0cxCzAJBgNVBAgT
-Ak5BMRAwDgYDVQQHEwdCSVNIS0VLMRUwEwYDVQQKEwxPcGVuVlBOLVRFU1QxITAf
-BgkqhkiG9w0BCQEWEm1lQG15aG9zdC5teWRvbWFpbjCBnzANBgkqhkiG9w0BAQEF
-AAOBjQAwgYkCgYEAqPjWJnesPu6bR/iec4FMz3opVaPdBHxg+ORKNmrnVZPh0t8/
-ZT34KXkYoI9B82scurp8UlZVXG8JdUsz+yai8ti9+g7vcuyKUtcCIjn0HLgmdPu5
-gFX25lB0pXw+XIU031dOfPvtROdG5YZN5yCErgCy7TE7zntLnkEDuRmyU6cCAwEA
-AaOBwzCBwDAdBgNVHQ4EFgQUiaZg47rqPq/8ZH9MvYzSSI3gzEYwgZAGA1UdIwSB
-iDCBhYAUiaZg47rqPq/8ZH9MvYzSSI3gzEahaqRoMGYxCzAJBgNVBAYTAktHMQsw
-CQYDVQQIEwJOQTEQMA4GA1UEBxMHQklTSEtFSzEVMBMGA1UEChMMT3BlblZQTi1U
-RVNUMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW6CAQAwDAYDVR0T
-BAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBfJoiWYrYdjM0mKPEzUQk0nLYTovBP
-I0es/2rfGrin1zbcFY+4dhVBd1E/StebnG+CP8r7QeEIwu7x8gYDdOLLsZn+2vBL
-e4jNU1ClI6Q0L7jrzhhunQ5mAaZztVyYwFB15odYcdN2iO0tP7jtEsvrRqxICNy3
-8itzViPTf5W4sA==
------END CERTIFICATE-----
diff --git a/openvpn/sample/sample-keys/ca.key b/openvpn/sample/sample-keys/ca.key
deleted file mode 100644
index b4bf792a..00000000
--- a/openvpn/sample/sample-keys/ca.key
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQCo+NYmd6w+7ptH+J5zgUzPeilVo90EfGD45Eo2audVk+HS3z9l
-PfgpeRigj0Hzaxy6unxSVlVcbwl1SzP7JqLy2L36Du9y7IpS1wIiOfQcuCZ0+7mA
-VfbmUHSlfD5chTTfV058++1E50blhk3nIISuALLtMTvOe0ueQQO5GbJTpwIDAQAB
-AoGAQuVREyWp4bhhbZr2UFBOco2ws6EOLWp4kdD/uI+WSoEjlHKiDJj+GJ1CrL5K
-o+4yD5MpCQf4/4FOQ0ukprfjJpDwDinTG6vzuWSLTHNiTgvksW3vy7IsNMJx97hT
-4D2QOOl9HhA50Qqg70teMPYXOgLRMVsdCIV7p7zDNy4nM+ECQQDX8m5ZcQmPtUDA
-38dPTfpL4U7kMB94FItJYH/Lk5kMW1/J33xymNhL+BHaG064ol9n2ubGW4XEO5t2
-qE1IOsVpAkEAyE/x/OBVSI1s75aYGlEwMd87p3qaDdtXT7WzujjRY7r8Y1ynkMU6
-GtMeneBX/lk4BY/6I+5bhAzce+hqhaXejwJBAL5Wg+c4GApf41xdogqHm7doNyYw
-OHyZ9w9NDDc+uGbI30xLPSCxEe0cEXgiG6foDpm2uzRZFTWaqHPU8pFYpAkCQGNX
-cpWM0/7VVK9Fqk1y8knpgfY/UWOJ4jU/0dCLGR0ywLSuYNPlXDmtdkOp3TnhGW14
-x/9F2NEWZ8pzq1B4wHUCQQC5ztD4m/rpiIpinoewUJODoeBJXYBKqx1+mdrALCq6
-ESvK1WRiusMaY3xmsdv4J2TB5iUPryELbn3jU12WGcQc
------END RSA PRIVATE KEY-----
diff --git a/openvpn/sample/sample-keys/client.crt b/openvpn/sample/sample-keys/client.crt
deleted file mode 100644
index c0474461..00000000
--- a/openvpn/sample/sample-keys/client.crt
+++ /dev/null
@@ -1,65 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 2 (0x2)
- Signature Algorithm: md5WithRSAEncryption
- Issuer: C=KG, ST=NA, L=BISHKEK, O=OpenVPN-TEST/emailAddress=me@myhost.mydomain
- Validity
- Not Before: Nov 25 14:46:49 2004 GMT
- Not After : Nov 23 14:46:49 2014 GMT
- Subject: C=KG, ST=NA, O=OpenVPN-TEST, CN=Test-Client/emailAddress=me@myhost.mydomain
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:d2:12:5c:c6:4d:13:34:ae:cf:fa:ab:fe:cb:de:
- 8c:f1:4b:4a:95:28:60:87:82:2c:b8:c1:e5:8e:c6:
- 5d:11:58:61:a4:a5:f1:42:d7:86:74:6c:9d:9c:7a:
- f0:3a:5c:29:e6:53:3b:5e:6d:d8:f0:45:06:2c:23:
- ee:09:bc:02:8f:0e:b8:d5:33:1f:c3:4a:11:02:48:
- 0b:cc:4b:ad:6e:74:e0:a2:53:b1:d6:cc:89:b9:e2:
- 6f:db:15:b3:19:1e:57:04:79:48:3a:da:76:31:fc:
- bf:d3:34:21:e7:32:d8:9e:06:4e:be:f3:e3:79:b0:
- 54:fd:d1:42:32:aa:3e:7a:c1
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- Netscape Comment:
- OpenSSL Generated Certificate
- X509v3 Subject Key Identifier:
- 17:B7:3F:C7:62:A0:A9:FD:A4:31:0E:58:D7:D9:94:7B:4B:3F:CB:56
- X509v3 Authority Key Identifier:
- keyid:89:A6:60:E3:BA:EA:3E:AF:FC:64:7F:4C:BD:8C:D2:48:8D:E0:CC:46
- DirName:/C=KG/ST=NA/L=BISHKEK/O=OpenVPN-TEST/emailAddress=me@myhost.mydomain
- serial:00
-
- Signature Algorithm: md5WithRSAEncryption
- 61:c6:d1:fa:24:0f:c7:be:09:3b:d8:04:17:63:31:17:07:f9:
- 56:99:af:4c:67:fa:db:cb:94:cf:55:a5:7b:16:20:8b:42:64:
- 13:23:62:45:28:93:5e:36:f7:db:02:95:a1:e9:fd:e3:0f:8d:
- 73:a1:7b:0e:55:78:4d:a5:c4:b7:22:12:a0:ee:55:e0:b8:0e:
- c9:9b:12:e3:b0:ef:9b:68:93:57:6e:6c:ad:16:68:8e:8d:30:
- 33:fe:2a:1b:c3:03:8f:b6:0a:2d:0c:b1:3c:bb:f9:58:3f:8c:
- 81:59:6b:14:dd:62:b5:c2:93:ed:5d:c6:19:0f:9b:4b:52:b3:
- 7c:78
------BEGIN CERTIFICATE-----
-MIIDNTCCAp6gAwIBAgIBAjANBgkqhkiG9w0BAQQFADBmMQswCQYDVQQGEwJLRzEL
-MAkGA1UECBMCTkExEDAOBgNVBAcTB0JJU0hLRUsxFTATBgNVBAoTDE9wZW5WUE4t
-VEVTVDEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTA0MTEy
-NTE0NDY0OVoXDTE0MTEyMzE0NDY0OVowajELMAkGA1UEBhMCS0cxCzAJBgNVBAgT
-Ak5BMRUwEwYDVQQKEwxPcGVuVlBOLVRFU1QxFDASBgNVBAMTC1Rlc3QtQ2xpZW50
-MSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4wgZ8wDQYJKoZIhvcN
-AQEBBQADgY0AMIGJAoGBANISXMZNEzSuz/qr/svejPFLSpUoYIeCLLjB5Y7GXRFY
-YaSl8ULXhnRsnZx68DpcKeZTO15t2PBFBiwj7gm8Ao8OuNUzH8NKEQJIC8xLrW50
-4KJTsdbMibnib9sVsxkeVwR5SDradjH8v9M0Iecy2J4GTr7z43mwVP3RQjKqPnrB
-AgMBAAGjge4wgeswCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBH
-ZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFBe3P8dioKn9pDEOWNfZlHtL
-P8tWMIGQBgNVHSMEgYgwgYWAFImmYOO66j6v/GR/TL2M0kiN4MxGoWqkaDBmMQsw
-CQYDVQQGEwJLRzELMAkGA1UECBMCTkExEDAOBgNVBAcTB0JJU0hLRUsxFTATBgNV
-BAoTDE9wZW5WUE4tVEVTVDEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9t
-YWluggEAMA0GCSqGSIb3DQEBBAUAA4GBAGHG0fokD8e+CTvYBBdjMRcH+VaZr0xn
-+tvLlM9VpXsWIItCZBMjYkUok14299sClaHp/eMPjXOhew5VeE2lxLciEqDuVeC4
-DsmbEuOw75tok1dubK0WaI6NMDP+KhvDA4+2Ci0MsTy7+Vg/jIFZaxTdYrXCk+1d
-xhkPm0tSs3x4
------END CERTIFICATE-----
diff --git a/openvpn/sample/sample-keys/client.key b/openvpn/sample/sample-keys/client.key
deleted file mode 100644
index 17b95091..00000000
--- a/openvpn/sample/sample-keys/client.key
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQDSElzGTRM0rs/6q/7L3ozxS0qVKGCHgiy4weWOxl0RWGGkpfFC
-14Z0bJ2cevA6XCnmUztebdjwRQYsI+4JvAKPDrjVMx/DShECSAvMS61udOCiU7HW
-zIm54m/bFbMZHlcEeUg62nYx/L/TNCHnMtieBk6+8+N5sFT90UIyqj56wQIDAQAB
-AoGBAK8RoIGekCfym99DYYfTg9A/t/tQeAnWYaDj7oSrKbqf1lgZ91OGPEZgkoVr
-KzLnxf9uU+bhUs8CJx+4HdO8/L9rAJA+oD9QNuMp0elN4AKuEGE1Eq3a0e3cmgPI
-+VIoXM6WVAGgK9I03Zu/UerYQ/DdXWGOIsKhFe8qyQoG9pKxAkEA9ld6O9MHQt3d
-JAjJkgCNn4psozxjrfLWy2huXd3H3CRqGMjLITDGzdkVSgXjHokBYroi0+TZTu4M
-ulJSJaWwBQJBANpO2DAexH2zRHw5Z6QyeEVxz7B3/FzU4GgJx9BH+FSBh+F0G5Ln
-ir5Vst8vZ/LGcgpYjHQLNAvZVgUjiQ4Y6I0CQGvwMJL+CHR4GmmroAblTyjU0n1D
-/Lk/anZ+L73Za7U+D28ErFzCrpmLwRRKOBYtGfpUbOZDpCQ9kj4hy/TLALECQCcL
-9ysUNbzt9Y/qjJkX1d9F7gn4TBEmmkTBixW76bTjvjQbGlt6Qpyso2O8DPGlgPxM
-vkJ7RoHgC7y7kGYPGnkCQBVxSNGIjLx4NQBgN4HD0y4+fars1PTUGnckBcS4npb9
-onLNyerBlWdBwbARyBS7WPIbyyf5VCrn3yIqWxaARO0=
------END RSA PRIVATE KEY-----
diff --git a/openvpn/sample/sample-keys/dh1024.pem b/openvpn/sample/sample-keys/dh1024.pem
deleted file mode 100644
index 7ce05f0c..00000000
--- a/openvpn/sample/sample-keys/dh1024.pem
+++ /dev/null
@@ -1,5 +0,0 @@
------BEGIN DH PARAMETERS-----
-MIGHAoGBAJ419DBEOgmQTzo5qXl5fQcN9TN455wkOL7052HzxxRVMyhYmwQcgJvh
-1sa18fyfR9OiVEMYglOpkqVoGLN7qd5aQNNi5W7/C+VBdHTBJcGZJyyP5B3qcz32
-9mLJKudlVudV0Qxk5qUJaPZ/xupz0NyoVpviuiBOI1gNi8ovSXWzAgEC
------END DH PARAMETERS-----
diff --git a/openvpn/sample/sample-keys/pass.crt b/openvpn/sample/sample-keys/pass.crt
deleted file mode 100644
index 8bb7b17a..00000000
--- a/openvpn/sample/sample-keys/pass.crt
+++ /dev/null
@@ -1,65 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 3 (0x3)
- Signature Algorithm: md5WithRSAEncryption
- Issuer: C=KG, ST=NA, L=BISHKEK, O=OpenVPN-TEST/emailAddress=me@myhost.mydomain
- Validity
- Not Before: Nov 25 14:48:55 2004 GMT
- Not After : Nov 23 14:48:55 2014 GMT
- Subject: C=KG, ST=NA, O=OpenVPN-TEST, CN=Test-Client-Password/emailAddress=me@myhost.mydomain
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:ca:b4:05:67:7b:51:c1:d2:fe:21:57:b1:a5:57:
- 5c:c0:86:38:05:a8:91:cf:e7:a4:bd:7a:76:d8:3b:
- cf:fe:f3:78:65:24:d6:72:7d:1b:6d:b6:da:04:f2:
- a8:f6:b4:04:78:d2:24:a7:21:2f:ca:29:46:96:0f:
- 0b:91:31:66:1e:4d:22:9a:5d:05:17:99:9c:a0:7e:
- e0:2a:be:78:0c:a1:b9:d4:04:c4:ec:f8:61:79:62:
- b5:52:2d:f5:41:af:db:9f:8c:ab:08:1b:b7:95:b8:
- c1:f0:29:d3:da:fb:00:3f:8e:5c:27:e3:8d:fa:ee:
- dc:b4:3b:0b:8b:e0:ab:c1:c1
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- Netscape Comment:
- OpenSSL Generated Certificate
- X509v3 Subject Key Identifier:
- 40:57:F1:8C:9C:86:B2:DA:E0:3F:A7:B8:D7:85:43:45:07:8A:40:73
- X509v3 Authority Key Identifier:
- keyid:89:A6:60:E3:BA:EA:3E:AF:FC:64:7F:4C:BD:8C:D2:48:8D:E0:CC:46
- DirName:/C=KG/ST=NA/L=BISHKEK/O=OpenVPN-TEST/emailAddress=me@myhost.mydomain
- serial:00
-
- Signature Algorithm: md5WithRSAEncryption
- a5:79:72:7f:a2:08:28:8e:66:da:e1:d0:be:bb:97:3d:65:9f:
- ab:1e:19:ac:f1:66:44:14:8f:4e:7c:eb:ea:1e:2f:57:ea:44:
- 46:4c:b9:56:5b:c0:0c:58:d2:45:87:26:6d:82:de:8c:64:b8:
- 8b:22:61:61:c6:68:36:08:9d:5a:fd:2f:e5:21:e1:a2:0c:7f:
- 3e:ca:e1:06:ea:9f:81:62:3d:a0:ce:f1:1e:0d:ab:86:89:ed:
- 9a:89:34:32:c9:e9:6d:7d:f5:11:c3:5d:7e:a5:f7:f1:a6:83:
- 77:1b:94:67:d9:0f:5c:ac:0e:08:4a:88:98:65:49:eb:66:9e:
- 2d:28
------BEGIN CERTIFICATE-----
-MIIDPjCCAqegAwIBAgIBAzANBgkqhkiG9w0BAQQFADBmMQswCQYDVQQGEwJLRzEL
-MAkGA1UECBMCTkExEDAOBgNVBAcTB0JJU0hLRUsxFTATBgNVBAoTDE9wZW5WUE4t
-VEVTVDEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTA0MTEy
-NTE0NDg1NVoXDTE0MTEyMzE0NDg1NVowczELMAkGA1UEBhMCS0cxCzAJBgNVBAgT
-Ak5BMRUwEwYDVQQKEwxPcGVuVlBOLVRFU1QxHTAbBgNVBAMTFFRlc3QtQ2xpZW50
-LVBhc3N3b3JkMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4wgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMq0BWd7UcHS/iFXsaVXXMCGOAWokc/n
-pL16dtg7z/7zeGUk1nJ9G2222gTyqPa0BHjSJKchL8opRpYPC5ExZh5NIppdBReZ
-nKB+4Cq+eAyhudQExOz4YXlitVIt9UGv25+Mqwgbt5W4wfAp09r7AD+OXCfjjfru
-3LQ7C4vgq8HBAgMBAAGjge4wgeswCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYd
-T3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFEBX8YychrLa
-4D+nuNeFQ0UHikBzMIGQBgNVHSMEgYgwgYWAFImmYOO66j6v/GR/TL2M0kiN4MxG
-oWqkaDBmMQswCQYDVQQGEwJLRzELMAkGA1UECBMCTkExEDAOBgNVBAcTB0JJU0hL
-RUsxFTATBgNVBAoTDE9wZW5WUE4tVEVTVDEhMB8GCSqGSIb3DQEJARYSbWVAbXlo
-b3N0Lm15ZG9tYWluggEAMA0GCSqGSIb3DQEBBAUAA4GBAKV5cn+iCCiOZtrh0L67
-lz1ln6seGazxZkQUj0586+oeL1fqREZMuVZbwAxY0kWHJm2C3oxkuIsiYWHGaDYI
-nVr9L+Uh4aIMfz7K4Qbqn4FiPaDO8R4Nq4aJ7ZqJNDLJ6W199RHDXX6l9/Gmg3cb
-lGfZD1ysDghKiJhlSetmni0o
------END CERTIFICATE-----
diff --git a/openvpn/sample/sample-keys/pass.key b/openvpn/sample/sample-keys/pass.key
deleted file mode 100644
index 4916364c..00000000
--- a/openvpn/sample/sample-keys/pass.key
+++ /dev/null
@@ -1,18 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-Proc-Type: 4,ENCRYPTED
-DEK-Info: DES-EDE3-CBC,959F7365DBBFDB77
-
-nGm57l+rR/8dAZOHL/1x/6dt11zUca7rphjsgw6XRnSf3M/CWmHvHVjApWcNLEs5
-SWNMp1xfUogtGzsKoMBbnlZLDA7RVHUYD6dVMyCpc64UjzT08LmdZhtQYLAKmlUC
-PT1VXS4Ae+SrqCPUqJkw1xP3kr0F1EVCXNu0nhOBAuuTGOS7PPEyW2N+k4nRHtsR
-IaPp8GCuIeoR6CdymTFTq6d/GeCiEcyrUM4BNrG4GtRRrURxxOrzQFEOS5sjBPSg
-Km1lwa6zBQFRLg9dKjRBL4teKuPY5Z2Nmpcml/aN4CkdkVEso4lW6/UHLE/joOMQ
-0MdpdYtu8wnt1WI/Z4immQfl3MF+QcPMkqXXzCEhGG/5SbAo89KC46UXvu1Z5OhS
-8XFHhvYBivOYWgZ3XUQqyZ0ulF60mFX7aE1Ph/eEbhWBHmU39hGjxzop1UoPwqLx
-ahvtfvCkR3ZeqlWO9SHzCA3MlrKwQ1p1UL6nG6AJhNN9jSevH6by+8wr07NBZOqX
-fJx+J/8EdVsUCFG2UJxPwM83ZSwAsvKRqph6CuWEl9ndUb7rw6khmRIoY0Iz3LbU
-1MlcDoJNcJas6lYDr1UeFSk86g0SiGCHXZIqsjyUgq6HIy4YrAYiQUthnlF8tp2Q
-nNQBPLo1GsHf0dC2MqKfDFASu7ST+Bl+yajHcIiUXvUJPxWbjkWYG9Q2p2ZBLzZD
-uqeRr66OKxTzUS4go/QbHDNsAulXl61gQIEOdZw5uy/Jl11kyAI6EQbzmehagKdH
-EshTgKp8ks62y0bBHgy3FMKyidJ5Hm58ZDhBxrwN0w+vhRoTGOepTA==
------END RSA PRIVATE KEY-----
diff --git a/openvpn/sample/sample-keys/pkcs12.p12 b/openvpn/sample/sample-keys/pkcs12.p12
deleted file mode 100644
index 253d4081..00000000
--- a/openvpn/sample/sample-keys/pkcs12.p12
+++ /dev/null
Binary files differ
diff --git a/openvpn/sample/sample-keys/server.crt b/openvpn/sample/sample-keys/server.crt
deleted file mode 100644
index 28bb4d94..00000000
--- a/openvpn/sample/sample-keys/server.crt
+++ /dev/null
@@ -1,67 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 1 (0x1)
- Signature Algorithm: md5WithRSAEncryption
- Issuer: C=KG, ST=NA, L=BISHKEK, O=OpenVPN-TEST/emailAddress=me@myhost.mydomain
- Validity
- Not Before: Nov 25 14:42:22 2004 GMT
- Not After : Nov 23 14:42:22 2014 GMT
- Subject: C=KG, ST=NA, O=OpenVPN-TEST, CN=Test-Server/emailAddress=me@myhost.mydomain
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:cb:4e:ac:f9:83:57:f6:69:d2:32:29:b4:bc:ad:
- e6:f7:26:21:89:33:30:43:40:a3:35:d9:de:26:01:
- d6:b4:f0:bc:0a:19:55:99:3b:f1:4c:91:60:b6:fd:
- 74:34:8d:5a:c7:62:ec:ce:f2:d6:02:ce:57:32:f4:
- 35:8c:71:a0:6d:65:2a:e7:80:ae:29:59:cf:36:73:
- f8:7c:4a:73:90:fc:30:28:d5:46:7d:35:a4:4e:c9:
- 9f:90:7b:e2:09:21:36:c5:a8:ec:85:82:9a:32:b4:
- 91:3b:c1:d6:4f:9f:d1:f8:6f:68:f4:1d:d2:06:91:
- 32:cc:9a:48:fd:cd:98:7f:2f
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- Netscape Cert Type:
- SSL Server
- Netscape Comment:
- OpenSSL Generated Server Certificate
- X509v3 Subject Key Identifier:
- 69:11:FE:E7:9F:89:7B:71:34:69:C0:DC:82:F8:D0:5D:4D:FB:78:DF
- X509v3 Authority Key Identifier:
- keyid:89:A6:60:E3:BA:EA:3E:AF:FC:64:7F:4C:BD:8C:D2:48:8D:E0:CC:46
- DirName:/C=KG/ST=NA/L=BISHKEK/O=OpenVPN-TEST/emailAddress=me@myhost.mydomain
- serial:00
-
- Signature Algorithm: md5WithRSAEncryption
- 35:5c:75:da:57:ef:b5:79:f2:a2:db:36:e4:75:e8:c7:bc:73:
- 26:cf:30:36:4b:2e:51:46:37:60:2f:4e:2b:f6:71:a2:23:db:
- 8e:d8:5c:d5:af:2e:22:28:dd:30:a8:89:66:3a:cc:5b:3c:0f:
- 96:12:20:de:5e:41:52:74:35:ed:4c:26:40:19:ca:73:df:54:
- b1:30:96:9c:a5:14:d0:38:28:3f:ab:30:07:d7:de:98:d2:7f:
- 7f:90:b2:52:1d:e5:95:88:ed:ba:8a:6a:14:85:66:76:ec:75:
- 30:e8:ae:94:f4:e1:76:fa:4b:0e:f1:53:d7:95:be:fb:69:fa:
- 3d:32
------BEGIN CERTIFICATE-----
-MIIDUTCCArqgAwIBAgIBATANBgkqhkiG9w0BAQQFADBmMQswCQYDVQQGEwJLRzEL
-MAkGA1UECBMCTkExEDAOBgNVBAcTB0JJU0hLRUsxFTATBgNVBAoTDE9wZW5WUE4t
-VEVTVDEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTA0MTEy
-NTE0NDIyMloXDTE0MTEyMzE0NDIyMlowajELMAkGA1UEBhMCS0cxCzAJBgNVBAgT
-Ak5BMRUwEwYDVQQKEwxPcGVuVlBOLVRFU1QxFDASBgNVBAMTC1Rlc3QtU2VydmVy
-MSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4wgZ8wDQYJKoZIhvcN
-AQEBBQADgY0AMIGJAoGBAMtOrPmDV/Zp0jIptLyt5vcmIYkzMENAozXZ3iYB1rTw
-vAoZVZk78UyRYLb9dDSNWsdi7M7y1gLOVzL0NYxxoG1lKueArilZzzZz+HxKc5D8
-MCjVRn01pE7Jn5B74gkhNsWo7IWCmjK0kTvB1k+f0fhvaPQd0gaRMsyaSP3NmH8v
-AgMBAAGjggEJMIIBBTAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIGQDAzBglg
-hkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgU2VydmVyIENlcnRpZmljYXRl
-MB0GA1UdDgQWBBRpEf7nn4l7cTRpwNyC+NBdTft43zCBkAYDVR0jBIGIMIGFgBSJ
-pmDjuuo+r/xkf0y9jNJIjeDMRqFqpGgwZjELMAkGA1UEBhMCS0cxCzAJBgNVBAgT
-Ak5BMRAwDgYDVQQHEwdCSVNIS0VLMRUwEwYDVQQKEwxPcGVuVlBOLVRFU1QxITAf
-BgkqhkiG9w0BCQEWEm1lQG15aG9zdC5teWRvbWFpboIBADANBgkqhkiG9w0BAQQF
-AAOBgQA1XHXaV++1efKi2zbkdejHvHMmzzA2Sy5RRjdgL04r9nGiI9uO2FzVry4i
-KN0wqIlmOsxbPA+WEiDeXkFSdDXtTCZAGcpz31SxMJacpRTQOCg/qzAH196Y0n9/
-kLJSHeWViO26imoUhWZ27HUw6K6U9OF2+ksO8VPXlb77afo9Mg==
------END CERTIFICATE-----
diff --git a/openvpn/sample/sample-keys/server.key b/openvpn/sample/sample-keys/server.key
deleted file mode 100644
index 976acabf..00000000
--- a/openvpn/sample/sample-keys/server.key
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXgIBAAKBgQDLTqz5g1f2adIyKbS8reb3JiGJMzBDQKM12d4mAda08LwKGVWZ
-O/FMkWC2/XQ0jVrHYuzO8tYCzlcy9DWMcaBtZSrngK4pWc82c/h8SnOQ/DAo1UZ9
-NaROyZ+Qe+IJITbFqOyFgpoytJE7wdZPn9H4b2j0HdIGkTLMmkj9zZh/LwIDAQAB
-AoGBAKP1ljA/iY/zNY447kZ/5NWKzd7tBk4mcbl7M9no/7O6tZtbZRoIKoi6cYoC
-C1ZabUyBbkNTud5XdCFmq0zRUjOWvoFMZ9VZfd2kRPvl4TGczBtJAq65b+EYMGui
-q6T9p61xPdtzu0vM+Ecj127pAMk5XcJyxu8XQK7lZWmG5UoJAkEA8CxXNZN+A3qD
-bMBPI3VdwKCNSjNVEQEnygMbNgw7VLdxPpspzZziqJEGdzsM4dsnOBwKxIWFLN2h
-lbGBOquAswJBANi0atGWM8VUxDjvqqHCTS9RUXWgnvYhee4/xraJBQPBSivjC9P0
-vKT7PjBHU6djtKSLKGaHn1vHqmyY7PCMjZUCQQCNVSqExqSzG1dXmdt4PErNXi2G
-6qo2dX2arTVIGu6XLdQgSWLSMm5XT/CEHWW5SyPLKwVTHFeATXQXCPvJML9tAkEA
-k0yXax0g1ZoXwufN4SQUmPw6Va03P/BjU/nP1ZVvbiz9gLVU/d7WN4J7tA9XomkY
-idv5OzAmtxkSE70jGSNAvQJAWhCf9+iHkzOHRyKKOYlh1DHUwDfSEp+hlZYg9H03
-P2sraQzUxgWDY/DIY63KvW78ny863baFz7onz21MYGgJXg==
------END RSA PRIVATE KEY-----
diff --git a/openvpn/sample/sample-plugins/defer/README b/openvpn/sample/sample-plugins/defer/README
deleted file mode 100644
index d8990f8b..00000000
--- a/openvpn/sample/sample-plugins/defer/README
+++ /dev/null
@@ -1,16 +0,0 @@
-OpenVPN plugin examples.
-
-Examples provided:
-
-simple.c -- using the --auth-user-pass-verify callback,
- test deferred authentication.
-
-To build:
-
- ./build simple (Linux/BSD/etc.)
- ./winbuild simple (MinGW on Windows)
-
-To use in OpenVPN, add to config file:
-
- plugin simple.so (Linux/BSD/etc.)
- plugin simple.dll (MinGW on Windows)
diff --git a/openvpn/sample/sample-plugins/defer/build b/openvpn/sample/sample-plugins/defer/build
deleted file mode 100755
index 0612c080..00000000
--- a/openvpn/sample/sample-plugins/defer/build
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/bin/sh
-
-#
-# Build an OpenVPN plugin module on *nix. The argument should
-# be the base name of the C source file (without the .c).
-#
-
-# This directory is where we will look for openvpn-plugin.h
-CPPFLAGS="${CPPFLAGS:--I../../../include}"
-
-CC="${CC:-gcc}"
-CFLAGS="${CFLAGS:--O2 -Wall -g}"
-
-$CC $CPPFLAGS $CFLAGS -fPIC -c $1.c && \
-$CC $CFLAGS -fPIC -shared ${LDFLAS} -Wl,-soname,$1.so -o $1.so $1.o -lc
diff --git a/openvpn/sample/sample-plugins/defer/simple.c b/openvpn/sample/sample-plugins/defer/simple.c
deleted file mode 100644
index 65398657..00000000
--- a/openvpn/sample/sample-plugins/defer/simple.c
+++ /dev/null
@@ -1,305 +0,0 @@
-/*
- * OpenVPN -- An application to securely tunnel IP networks
- * over a single TCP/UDP port, with support for SSL/TLS-based
- * session authentication and key exchange,
- * packet encryption, packet authentication, and
- * packet compression.
- *
- * Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program (see the file COPYING included with this
- * distribution); if not, write to the Free Software Foundation, Inc.,
- * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- */
-
-/*
- * This file implements a simple OpenVPN plugin module which
- * will test deferred authentication and packet filtering.
- *
- * Will run on Windows or *nix.
- *
- * Sample usage:
- *
- * setenv test_deferred_auth 20
- * setenv test_packet_filter 10
- * plugin plugin/defer/simple.so
- *
- * This will enable deferred authentication to occur 20
- * seconds after the normal TLS authentication process,
- * and will cause a packet filter file to be generated 10
- * seconds after the initial TLS negotiation, using
- * {common-name}.pf as the source.
- *
- * Sample packet filter configuration:
- *
- * [CLIENTS DROP]
- * +otherclient
- * [SUBNETS DROP]
- * +10.0.0.0/8
- * -10.10.0.8
- * [END]
- *
- * See the README file for build instructions.
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-
-#include "openvpn-plugin.h"
-
-/* bool definitions */
-#define bool int
-#define true 1
-#define false 0
-
-/*
- * Our context, where we keep our state.
- */
-
-struct plugin_context {
- int test_deferred_auth;
- int test_packet_filter;
-};
-
-struct plugin_per_client_context {
- int n_calls;
- bool generated_pf_file;
-};
-
-/*
- * Given an environmental variable name, search
- * the envp array for its value, returning it
- * if found or NULL otherwise.
- */
-static const char *
-get_env (const char *name, const char *envp[])
-{
- if (envp)
- {
- int i;
- const int namelen = strlen (name);
- for (i = 0; envp[i]; ++i)
- {
- if (!strncmp (envp[i], name, namelen))
- {
- const char *cp = envp[i] + namelen;
- if (*cp == '=')
- return cp + 1;
- }
- }
- }
- return NULL;
-}
-
-/* used for safe printf of possible NULL strings */
-static const char *
-np (const char *str)
-{
- if (str)
- return str;
- else
- return "[NULL]";
-}
-
-static int
-atoi_null0 (const char *str)
-{
- if (str)
- return atoi (str);
- else
- return 0;
-}
-
-OPENVPN_EXPORT openvpn_plugin_handle_t
-openvpn_plugin_open_v1 (unsigned int *type_mask, const char *argv[], const char *envp[])
-{
- struct plugin_context *context;
-
- printf ("FUNC: openvpn_plugin_open_v1\n");
-
- /*
- * Allocate our context
- */
- context = (struct plugin_context *) calloc (1, sizeof (struct plugin_context));
-
- context->test_deferred_auth = atoi_null0 (get_env ("test_deferred_auth", envp));
- printf ("TEST_DEFERRED_AUTH %d\n", context->test_deferred_auth);
-
- context->test_packet_filter = atoi_null0 (get_env ("test_packet_filter", envp));
- printf ("TEST_PACKET_FILTER %d\n", context->test_packet_filter);
-
- /*
- * Which callbacks to intercept.
- */
- *type_mask =
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_UP) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_DOWN) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_ROUTE_UP) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_IPCHANGE) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_TLS_VERIFY) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_CLIENT_CONNECT_V2) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_CLIENT_DISCONNECT) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_LEARN_ADDRESS) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_TLS_FINAL) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_ENABLE_PF);
-
- return (openvpn_plugin_handle_t) context;
-}
-
-static int
-auth_user_pass_verify (struct plugin_context *context, struct plugin_per_client_context *pcc, const char *argv[], const char *envp[])
-{
- if (context->test_deferred_auth)
- {
- /* get username/password from envp string array */
- const char *username = get_env ("username", envp);
- const char *password = get_env ("password", envp);
-
- /* get auth_control_file filename from envp string array*/
- const char *auth_control_file = get_env ("auth_control_file", envp);
-
- printf ("DEFER u='%s' p='%s' acf='%s'\n",
- np(username),
- np(password),
- np(auth_control_file));
-
- /* Authenticate asynchronously in n seconds */
- if (auth_control_file)
- {
- char buf[256];
- int auth = 2;
- sscanf (username, "%d", &auth);
- snprintf (buf, sizeof(buf), "( sleep %d ; echo AUTH %s %d ; echo %d >%s ) &",
- context->test_deferred_auth,
- auth_control_file,
- auth,
- pcc->n_calls < auth,
- auth_control_file);
- printf ("%s\n", buf);
- system (buf);
- pcc->n_calls++;
- return OPENVPN_PLUGIN_FUNC_DEFERRED;
- }
- else
- return OPENVPN_PLUGIN_FUNC_ERROR;
- }
- else
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
-}
-
-static int
-tls_final (struct plugin_context *context, struct plugin_per_client_context *pcc, const char *argv[], const char *envp[])
-{
- if (context->test_packet_filter)
- {
- if (!pcc->generated_pf_file)
- {
- const char *pff = get_env ("pf_file", envp);
- const char *cn = get_env ("username", envp);
- if (pff && cn)
- {
- char buf[256];
- snprintf (buf, sizeof(buf), "( sleep %d ; echo PF %s/%s ; cp \"%s.pf\" \"%s\" ) &",
- context->test_packet_filter, cn, pff, cn, pff);
- printf ("%s\n", buf);
- system (buf);
- pcc->generated_pf_file = true;
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
- }
- else
- return OPENVPN_PLUGIN_FUNC_ERROR;
- }
- else
- return OPENVPN_PLUGIN_FUNC_ERROR;
- }
- else
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
-}
-
-OPENVPN_EXPORT int
-openvpn_plugin_func_v2 (openvpn_plugin_handle_t handle,
- const int type,
- const char *argv[],
- const char *envp[],
- void *per_client_context,
- struct openvpn_plugin_string_list **return_list)
-{
- struct plugin_context *context = (struct plugin_context *) handle;
- struct plugin_per_client_context *pcc = (struct plugin_per_client_context *) per_client_context;
- switch (type)
- {
- case OPENVPN_PLUGIN_UP:
- printf ("OPENVPN_PLUGIN_UP\n");
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
- case OPENVPN_PLUGIN_DOWN:
- printf ("OPENVPN_PLUGIN_DOWN\n");
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
- case OPENVPN_PLUGIN_ROUTE_UP:
- printf ("OPENVPN_PLUGIN_ROUTE_UP\n");
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
- case OPENVPN_PLUGIN_IPCHANGE:
- printf ("OPENVPN_PLUGIN_IPCHANGE\n");
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
- case OPENVPN_PLUGIN_TLS_VERIFY:
- printf ("OPENVPN_PLUGIN_TLS_VERIFY\n");
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
- case OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY:
- printf ("OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY\n");
- return auth_user_pass_verify (context, pcc, argv, envp);
- case OPENVPN_PLUGIN_CLIENT_CONNECT_V2:
- printf ("OPENVPN_PLUGIN_CLIENT_CONNECT_V2\n");
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
- case OPENVPN_PLUGIN_CLIENT_DISCONNECT:
- printf ("OPENVPN_PLUGIN_CLIENT_DISCONNECT\n");
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
- case OPENVPN_PLUGIN_LEARN_ADDRESS:
- printf ("OPENVPN_PLUGIN_LEARN_ADDRESS\n");
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
- case OPENVPN_PLUGIN_TLS_FINAL:
- printf ("OPENVPN_PLUGIN_TLS_FINAL\n");
- return tls_final (context, pcc, argv, envp);
- case OPENVPN_PLUGIN_ENABLE_PF:
- printf ("OPENVPN_PLUGIN_ENABLE_PF\n");
- if (context->test_packet_filter)
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
- else
- return OPENVPN_PLUGIN_FUNC_ERROR;
- default:
- printf ("OPENVPN_PLUGIN_?\n");
- return OPENVPN_PLUGIN_FUNC_ERROR;
- }
-}
-
-OPENVPN_EXPORT void *
-openvpn_plugin_client_constructor_v1 (openvpn_plugin_handle_t handle)
-{
- printf ("FUNC: openvpn_plugin_client_constructor_v1\n");
- return calloc (1, sizeof (struct plugin_per_client_context));
-}
-
-OPENVPN_EXPORT void
-openvpn_plugin_client_destructor_v1 (openvpn_plugin_handle_t handle, void *per_client_context)
-{
- printf ("FUNC: openvpn_plugin_client_destructor_v1\n");
- free (per_client_context);
-}
-
-OPENVPN_EXPORT void
-openvpn_plugin_close_v1 (openvpn_plugin_handle_t handle)
-{
- struct plugin_context *context = (struct plugin_context *) handle;
- printf ("FUNC: openvpn_plugin_close_v1\n");
- free (context);
-}
diff --git a/openvpn/sample/sample-plugins/defer/simple.def b/openvpn/sample/sample-plugins/defer/simple.def
deleted file mode 100755
index a87507d1..00000000
--- a/openvpn/sample/sample-plugins/defer/simple.def
+++ /dev/null
@@ -1,6 +0,0 @@
-LIBRARY OpenVPN_PLUGIN_SAMPLE
-DESCRIPTION "Sample OpenVPN plug-in module."
-EXPORTS
- openvpn_plugin_open_v1 @1
- openvpn_plugin_func_v1 @2
- openvpn_plugin_close_v1 @3
diff --git a/openvpn/sample/sample-plugins/defer/winbuild b/openvpn/sample/sample-plugins/defer/winbuild
deleted file mode 100755
index 82927d96..00000000
--- a/openvpn/sample/sample-plugins/defer/winbuild
+++ /dev/null
@@ -1,18 +0,0 @@
-#
-# Build an OpenVPN plugin module on Windows/MinGW.
-# The argument should be the base name of the C source file
-# (without the .c).
-#
-
-# This directory is where we will look for openvpn-plugin.h
-INCLUDE="-I../../../build"
-
-CC_FLAGS="-O2 -Wall"
-
-gcc -DBUILD_DLL $CC_FLAGS $INCLUDE -c $1.c
-gcc --disable-stdcall-fixup -mdll -DBUILD_DLL -o junk.tmp -Wl,--base-file,base.tmp $1.o
-rm junk.tmp
-dlltool --dllname $1.dll --base-file base.tmp --output-exp temp.exp --input-def $1.def
-rm base.tmp
-gcc --enable-stdcall-fixup -mdll -DBUILD_DLL -o $1.dll $1.o -Wl,temp.exp
-rm temp.exp
diff --git a/openvpn/sample/sample-plugins/log/build b/openvpn/sample/sample-plugins/log/build
deleted file mode 100755
index c07ec408..00000000
--- a/openvpn/sample/sample-plugins/log/build
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/bin/sh
-
-#
-# Build an OpenVPN plugin module on *nix. The argument should
-# be the base name of the C source file (without the .c).
-#
-
-# This directory is where we will look for openvpn-plugin.h
-CPPFLAGS="${CPPFLAGS:--I../../../include}"
-
-CC="${CC:-gcc}"
-CFLAGS="${CFLAGS:--O2 -Wall -g}"
-
-$CC $CPPFLAGS $CFLAGS -fPIC -c $1.c && \
-$CC $CFLAGS -fPIC -shared $LDFLAGS -Wl,-soname,$1.so -o $1.so $1.o -lc
diff --git a/openvpn/sample/sample-plugins/log/log.c b/openvpn/sample/sample-plugins/log/log.c
deleted file mode 100644
index 1cc4650e..00000000
--- a/openvpn/sample/sample-plugins/log/log.c
+++ /dev/null
@@ -1,184 +0,0 @@
-/*
- * OpenVPN -- An application to securely tunnel IP networks
- * over a single TCP/UDP port, with support for SSL/TLS-based
- * session authentication and key exchange,
- * packet encryption, packet authentication, and
- * packet compression.
- *
- * Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program (see the file COPYING included with this
- * distribution); if not, write to the Free Software Foundation, Inc.,
- * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- */
-
-/*
- * This plugin is similar to simple.c, except it also logs extra information
- * to stdout for every plugin method called by OpenVPN.
- *
- * See the README file for build instructions.
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-
-#include "openvpn-plugin.h"
-
-/*
- * Our context, where we keep our state.
- */
-struct plugin_context {
- const char *username;
- const char *password;
-};
-
-/*
- * Given an environmental variable name, search
- * the envp array for its value, returning it
- * if found or NULL otherwise.
- */
-static const char *
-get_env (const char *name, const char *envp[])
-{
- if (envp)
- {
- int i;
- const int namelen = strlen (name);
- for (i = 0; envp[i]; ++i)
- {
- if (!strncmp (envp[i], name, namelen))
- {
- const char *cp = envp[i] + namelen;
- if (*cp == '=')
- return cp + 1;
- }
- }
- }
- return NULL;
-}
-
-OPENVPN_EXPORT openvpn_plugin_handle_t
-openvpn_plugin_open_v1 (unsigned int *type_mask, const char *argv[], const char *envp[])
-{
- struct plugin_context *context;
-
- /*
- * Allocate our context
- */
- context = (struct plugin_context *) calloc (1, sizeof (struct plugin_context));
-
- /*
- * Set the username/password we will require.
- */
- context->username = "foo";
- context->password = "bar";
-
- /*
- * Which callbacks to intercept.
- */
- *type_mask =
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_UP) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_DOWN) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_ROUTE_UP) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_IPCHANGE) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_TLS_VERIFY) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_CLIENT_CONNECT_V2) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_CLIENT_DISCONNECT) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_LEARN_ADDRESS) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_TLS_FINAL);
-
- return (openvpn_plugin_handle_t) context;
-}
-
-void
-show (const int type, const char *argv[], const char *envp[])
-{
- size_t i;
- switch (type)
- {
- case OPENVPN_PLUGIN_UP:
- printf ("OPENVPN_PLUGIN_UP\n");
- break;
- case OPENVPN_PLUGIN_DOWN:
- printf ("OPENVPN_PLUGIN_DOWN\n");
- break;
- case OPENVPN_PLUGIN_ROUTE_UP:
- printf ("OPENVPN_PLUGIN_ROUTE_UP\n");
- break;
- case OPENVPN_PLUGIN_IPCHANGE:
- printf ("OPENVPN_PLUGIN_IPCHANGE\n");
- break;
- case OPENVPN_PLUGIN_TLS_VERIFY:
- printf ("OPENVPN_PLUGIN_TLS_VERIFY\n");
- break;
- case OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY:
- printf ("OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY\n");
- break;
- case OPENVPN_PLUGIN_CLIENT_CONNECT_V2:
- printf ("OPENVPN_PLUGIN_CLIENT_CONNECT_V2\n");
- break;
- case OPENVPN_PLUGIN_CLIENT_DISCONNECT:
- printf ("OPENVPN_PLUGIN_CLIENT_DISCONNECT\n");
- break;
- case OPENVPN_PLUGIN_LEARN_ADDRESS:
- printf ("OPENVPN_PLUGIN_LEARN_ADDRESS\n");
- break;
- case OPENVPN_PLUGIN_TLS_FINAL:
- printf ("OPENVPN_PLUGIN_TLS_FINAL\n");
- break;
- default:
- printf ("OPENVPN_PLUGIN_?\n");
- break;
- }
-
- printf ("ARGV\n");
- for (i = 0; argv[i] != NULL; ++i)
- printf ("%d '%s'\n", (int)i, argv[i]);
-
- printf ("ENVP\n");
- for (i = 0; envp[i] != NULL; ++i)
- printf ("%d '%s'\n", (int)i, envp[i]);
-}
-
-OPENVPN_EXPORT int
-openvpn_plugin_func_v1 (openvpn_plugin_handle_t handle, const int type, const char *argv[], const char *envp[])
-{
- struct plugin_context *context = (struct plugin_context *) handle;
-
- show (type, argv, envp);
-
- /* check entered username/password against what we require */
- if (type == OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY)
- {
- /* get username/password from envp string array */
- const char *username = get_env ("username", envp);
- const char *password = get_env ("password", envp);
-
- if (username && !strcmp (username, context->username)
- && password && !strcmp (password, context->password))
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
- else
- return OPENVPN_PLUGIN_FUNC_ERROR;
- }
- else
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
-}
-
-OPENVPN_EXPORT void
-openvpn_plugin_close_v1 (openvpn_plugin_handle_t handle)
-{
- struct plugin_context *context = (struct plugin_context *) handle;
- free (context);
-}
diff --git a/openvpn/sample/sample-plugins/log/log_v3.c b/openvpn/sample/sample-plugins/log/log_v3.c
deleted file mode 100644
index 4d3af91a..00000000
--- a/openvpn/sample/sample-plugins/log/log_v3.c
+++ /dev/null
@@ -1,252 +0,0 @@
-/*
- * OpenVPN -- An application to securely tunnel IP networks
- * over a single TCP/UDP port, with support for SSL/TLS-based
- * session authentication and key exchange,
- * packet encryption, packet authentication, and
- * packet compression.
- *
- * Copyright (C) 2002-2009 OpenVPN Technologies, Inc. <sales@openvpn.net>
- * Copyright (C) 2010 David Sommerseth <dazo@users.sourceforge.net>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program (see the file COPYING included with this
- * distribution); if not, write to the Free Software Foundation, Inc.,
- * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- */
-
-/*
- * This plugin is similar to simple.c, except it also logs extra information
- * to stdout for every plugin method called by OpenVPN. The only difference
- * between this (log_v3.c) and log.c is that this module uses the v3 plug-in
- * API.
- *
- * See the README file for build instructions.
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-
-#define ENABLE_SSL
-
-#include "openvpn-plugin.h"
-
-/*
- * Our context, where we keep our state.
- */
-struct plugin_context {
- const char *username;
- const char *password;
-};
-
-/*
- * Given an environmental variable name, search
- * the envp array for its value, returning it
- * if found or NULL otherwise.
- */
-static const char *
-get_env (const char *name, const char *envp[])
-{
- if (envp)
- {
- int i;
- const int namelen = strlen (name);
- for (i = 0; envp[i]; ++i)
- {
- if (!strncmp (envp[i], name, namelen))
- {
- const char *cp = envp[i] + namelen;
- if (*cp == '=')
- return cp + 1;
- }
- }
- }
- return NULL;
-}
-
-OPENVPN_EXPORT int
-openvpn_plugin_open_v3 (const int v3structver,
- struct openvpn_plugin_args_open_in const *args,
- struct openvpn_plugin_args_open_return *ret)
-{
- struct plugin_context *context = NULL;
-
- /* Check that we are API compatible */
- if( v3structver != OPENVPN_PLUGINv3_STRUCTVER ) {
- return OPENVPN_PLUGIN_FUNC_ERROR;
- }
-
- if( args->ssl_api != SSLAPI_OPENSSL ) {
- printf("This plug-in can only be used against OpenVPN with OpenSSL\n");
- return OPENVPN_PLUGIN_FUNC_ERROR;
- }
-
- /* Which callbacks to intercept. */
- ret->type_mask =
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_UP) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_DOWN) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_ROUTE_UP) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_IPCHANGE) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_TLS_VERIFY) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_CLIENT_CONNECT_V2) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_CLIENT_DISCONNECT) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_LEARN_ADDRESS) |
- OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_TLS_FINAL);
-
-
- /* Allocate our context */
- context = (struct plugin_context *) calloc (1, sizeof (struct plugin_context));
-
- /* Set the username/password we will require. */
- context->username = "foo";
- context->password = "bar";
-
- /* Point the global context handle to our newly created context */
- ret->handle = (void *) context;
-
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
-}
-
-void
-show (const int type, const char *argv[], const char *envp[])
-{
- size_t i;
- switch (type)
- {
- case OPENVPN_PLUGIN_UP:
- printf ("OPENVPN_PLUGIN_UP\n");
- break;
- case OPENVPN_PLUGIN_DOWN:
- printf ("OPENVPN_PLUGIN_DOWN\n");
- break;
- case OPENVPN_PLUGIN_ROUTE_UP:
- printf ("OPENVPN_PLUGIN_ROUTE_UP\n");
- break;
- case OPENVPN_PLUGIN_IPCHANGE:
- printf ("OPENVPN_PLUGIN_IPCHANGE\n");
- break;
- case OPENVPN_PLUGIN_TLS_VERIFY:
- printf ("OPENVPN_PLUGIN_TLS_VERIFY\n");
- break;
- case OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY:
- printf ("OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY\n");
- break;
- case OPENVPN_PLUGIN_CLIENT_CONNECT_V2:
- printf ("OPENVPN_PLUGIN_CLIENT_CONNECT_V2\n");
- break;
- case OPENVPN_PLUGIN_CLIENT_DISCONNECT:
- printf ("OPENVPN_PLUGIN_CLIENT_DISCONNECT\n");
- break;
- case OPENVPN_PLUGIN_LEARN_ADDRESS:
- printf ("OPENVPN_PLUGIN_LEARN_ADDRESS\n");
- break;
- case OPENVPN_PLUGIN_TLS_FINAL:
- printf ("OPENVPN_PLUGIN_TLS_FINAL\n");
- break;
- default:
- printf ("OPENVPN_PLUGIN_?\n");
- break;
- }
-
- printf ("ARGV\n");
- for (i = 0; argv[i] != NULL; ++i)
- printf ("%d '%s'\n", (int)i, argv[i]);
-
- printf ("ENVP\n");
- for (i = 0; envp[i] != NULL; ++i)
- printf ("%d '%s'\n", (int)i, envp[i]);
-}
-
-static void
-x509_print_info (X509 *x509crt)
-{
- int i, n;
- int fn_nid;
- ASN1_OBJECT *fn;
- ASN1_STRING *val;
- X509_NAME *x509_name;
- X509_NAME_ENTRY *ent;
- const char *objbuf;
- unsigned char *buf;
-
- x509_name = X509_get_subject_name (x509crt);
- n = X509_NAME_entry_count (x509_name);
- for (i = 0; i < n; ++i)
- {
- ent = X509_NAME_get_entry (x509_name, i);
- if (!ent)
- continue;
- fn = X509_NAME_ENTRY_get_object (ent);
- if (!fn)
- continue;
- val = X509_NAME_ENTRY_get_data (ent);
- if (!val)
- continue;
- fn_nid = OBJ_obj2nid (fn);
- if (fn_nid == NID_undef)
- continue;
- objbuf = OBJ_nid2sn (fn_nid);
- if (!objbuf)
- continue;
- buf = (unsigned char *)1; /* bug in OpenSSL 0.9.6b ASN1_STRING_to_UTF8 requires this workaround */
- if (ASN1_STRING_to_UTF8 (&buf, val) <= 0)
- continue;
-
- printf("X509 %s: %s\n", objbuf, (char *)buf);
- OPENSSL_free (buf);
- }
-}
-
-
-
-OPENVPN_EXPORT int
-openvpn_plugin_func_v3 (const int version,
- struct openvpn_plugin_args_func_in const *args,
- struct openvpn_plugin_args_func_return *retptr)
-{
- struct plugin_context *context = (struct plugin_context *) args->handle;
-
- printf("\nopenvpn_plugin_func_v3() :::::>> ");
- show (args->type, args->argv, args->envp);
-
- /* Dump some X509 information if we're in the TLS_VERIFY phase */
- if ((args->type == OPENVPN_PLUGIN_TLS_VERIFY) && args->current_cert ) {
- printf("---- X509 Subject information ----\n");
- printf("Certificate depth: %i\n", args->current_cert_depth);
- x509_print_info(args->current_cert);
- printf("----------------------------------\n");
- }
-
- /* check entered username/password against what we require */
- if (args->type == OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY)
- {
- /* get username/password from envp string array */
- const char *username = get_env ("username", args->envp);
- const char *password = get_env ("password", args->envp);
-
- if (username && !strcmp (username, context->username)
- && password && !strcmp (password, context->password))
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
- else
- return OPENVPN_PLUGIN_FUNC_ERROR;
- }
- else
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
-}
-
-OPENVPN_EXPORT void
-openvpn_plugin_close_v1 (openvpn_plugin_handle_t handle)
-{
- struct plugin_context *context = (struct plugin_context *) handle;
- free (context);
-}
diff --git a/openvpn/sample/sample-plugins/log/winbuild b/openvpn/sample/sample-plugins/log/winbuild
deleted file mode 100755
index decf05f8..00000000
--- a/openvpn/sample/sample-plugins/log/winbuild
+++ /dev/null
@@ -1,18 +0,0 @@
-#
-# Build an OpenVPN plugin module on Windows/MinGW.
-# The argument should be the base name of the C source file
-# (without the .c).
-#
-
-# This directory is where we will look for openvpn-plugin.h
-INCLUDE="-I../../../include"
-
-CC_FLAGS="-O2 -Wall"
-
-gcc -DBUILD_DLL $CC_FLAGS $INCLUDE -c $1.c
-gcc --disable-stdcall-fixup -mdll -DBUILD_DLL -o junk.tmp -Wl,--base-file,base.tmp $1.o
-rm junk.tmp
-dlltool --dllname $1.dll --base-file base.tmp --output-exp temp.exp --input-def $1.def
-rm base.tmp
-gcc --enable-stdcall-fixup -mdll -DBUILD_DLL -o $1.dll $1.o -Wl,temp.exp
-rm temp.exp
diff --git a/openvpn/sample/sample-plugins/simple/README b/openvpn/sample/sample-plugins/simple/README
deleted file mode 100644
index 4400cd30..00000000
--- a/openvpn/sample/sample-plugins/simple/README
+++ /dev/null
@@ -1,16 +0,0 @@
-OpenVPN plugin examples.
-
-Examples provided:
-
-simple.c -- using the --auth-user-pass-verify callback, verify
- that the username/password is "foo"/"bar".
-
-To build:
-
- ./build simple (Linux/BSD/etc.)
- ./winbuild simple (MinGW on Windows)
-
-To use in OpenVPN, add to config file:
-
- plugin simple.so (Linux/BSD/etc.)
- plugin simple.dll (MinGW on Windows)
diff --git a/openvpn/sample/sample-plugins/simple/build b/openvpn/sample/sample-plugins/simple/build
deleted file mode 100755
index bbb05f7c..00000000
--- a/openvpn/sample/sample-plugins/simple/build
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/bin/sh
-
-#
-# Build an OpenVPN plugin module on *nix. The argument should
-# be the base name of the C source file (without the .c).
-#
-
-# This directory is where we will look for openvpn-plugin.h
-CPPFLAGS="${CPPFLAGS:--I../../..}"
-
-CC="${CC:-gcc}"
-CFLAGS="${CFLAGS:--O2 -Wall -g}"
-
-$CC $CPPFLAGS $CFLAGS -fPIC -c $1.c && \
-$CC $CFLAGS -fPIC -shared $LDFLAGS -Wl,-soname,$1.so -o $1.so $1.o -lc
diff --git a/openvpn/sample/sample-plugins/simple/simple.c b/openvpn/sample/sample-plugins/simple/simple.c
deleted file mode 100644
index f26d89f6..00000000
--- a/openvpn/sample/sample-plugins/simple/simple.c
+++ /dev/null
@@ -1,120 +0,0 @@
-/*
- * OpenVPN -- An application to securely tunnel IP networks
- * over a single TCP/UDP port, with support for SSL/TLS-based
- * session authentication and key exchange,
- * packet encryption, packet authentication, and
- * packet compression.
- *
- * Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program (see the file COPYING included with this
- * distribution); if not, write to the Free Software Foundation, Inc.,
- * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- */
-
-/*
- * This file implements a simple OpenVPN plugin module which
- * will examine the username/password provided by a client,
- * and make an accept/deny determination. Will run
- * on Windows or *nix.
- *
- * See the README file for build instructions.
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-
-#include "openvpn-plugin.h"
-
-/*
- * Our context, where we keep our state.
- */
-struct plugin_context {
- const char *username;
- const char *password;
-};
-
-/*
- * Given an environmental variable name, search
- * the envp array for its value, returning it
- * if found or NULL otherwise.
- */
-static const char *
-get_env (const char *name, const char *envp[])
-{
- if (envp)
- {
- int i;
- const int namelen = strlen (name);
- for (i = 0; envp[i]; ++i)
- {
- if (!strncmp (envp[i], name, namelen))
- {
- const char *cp = envp[i] + namelen;
- if (*cp == '=')
- return cp + 1;
- }
- }
- }
- return NULL;
-}
-
-OPENVPN_EXPORT openvpn_plugin_handle_t
-openvpn_plugin_open_v1 (unsigned int *type_mask, const char *argv[], const char *envp[])
-{
- struct plugin_context *context;
-
- /*
- * Allocate our context
- */
- context = (struct plugin_context *) calloc (1, sizeof (struct plugin_context));
-
- /*
- * Set the username/password we will require.
- */
- context->username = "foo";
- context->password = "bar";
-
- /*
- * We are only interested in intercepting the
- * --auth-user-pass-verify callback.
- */
- *type_mask = OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY);
-
- return (openvpn_plugin_handle_t) context;
-}
-
-OPENVPN_EXPORT int
-openvpn_plugin_func_v1 (openvpn_plugin_handle_t handle, const int type, const char *argv[], const char *envp[])
-{
- struct plugin_context *context = (struct plugin_context *) handle;
-
- /* get username/password from envp string array */
- const char *username = get_env ("username", envp);
- const char *password = get_env ("password", envp);
-
- /* check entered username/password against what we require */
- if (username && !strcmp (username, context->username)
- && password && !strcmp (password, context->password))
- return OPENVPN_PLUGIN_FUNC_SUCCESS;
- else
- return OPENVPN_PLUGIN_FUNC_ERROR;
-}
-
-OPENVPN_EXPORT void
-openvpn_plugin_close_v1 (openvpn_plugin_handle_t handle)
-{
- struct plugin_context *context = (struct plugin_context *) handle;
- free (context);
-}
diff --git a/openvpn/sample/sample-plugins/simple/simple.def b/openvpn/sample/sample-plugins/simple/simple.def
deleted file mode 100755
index a87507d1..00000000
--- a/openvpn/sample/sample-plugins/simple/simple.def
+++ /dev/null
@@ -1,6 +0,0 @@
-LIBRARY OpenVPN_PLUGIN_SAMPLE
-DESCRIPTION "Sample OpenVPN plug-in module."
-EXPORTS
- openvpn_plugin_open_v1 @1
- openvpn_plugin_func_v1 @2
- openvpn_plugin_close_v1 @3
diff --git a/openvpn/sample/sample-plugins/simple/winbuild b/openvpn/sample/sample-plugins/simple/winbuild
deleted file mode 100755
index decf05f8..00000000
--- a/openvpn/sample/sample-plugins/simple/winbuild
+++ /dev/null
@@ -1,18 +0,0 @@
-#
-# Build an OpenVPN plugin module on Windows/MinGW.
-# The argument should be the base name of the C source file
-# (without the .c).
-#
-
-# This directory is where we will look for openvpn-plugin.h
-INCLUDE="-I../../../include"
-
-CC_FLAGS="-O2 -Wall"
-
-gcc -DBUILD_DLL $CC_FLAGS $INCLUDE -c $1.c
-gcc --disable-stdcall-fixup -mdll -DBUILD_DLL -o junk.tmp -Wl,--base-file,base.tmp $1.o
-rm junk.tmp
-dlltool --dllname $1.dll --base-file base.tmp --output-exp temp.exp --input-def $1.def
-rm base.tmp
-gcc --enable-stdcall-fixup -mdll -DBUILD_DLL -o $1.dll $1.o -Wl,temp.exp
-rm temp.exp
diff --git a/openvpn/sample/sample-scripts/auth-pam.pl b/openvpn/sample/sample-scripts/auth-pam.pl
deleted file mode 100755
index 5333badc..00000000
--- a/openvpn/sample/sample-scripts/auth-pam.pl
+++ /dev/null
@@ -1,97 +0,0 @@
-#!/usr/bin/perl -t
-
-# OpenVPN PAM AUTHENTICATON
-# This script can be used to add PAM-based authentication
-# to OpenVPN 2.0. The OpenVPN client must provide
-# a username/password, using the --auth-user-pass directive.
-# The OpenVPN server should specify --auth-user-pass-verify
-# with this script as the argument and the 'via-file' method
-# specified. The server can also optionally specify
-# --client-cert-not-required and/or --username-as-common-name.
-
-# SCRIPT OPERATION
-# Return success or failure status based on whether or not a
-# given username/password authenticates using PAM.
-# Caller should write username/password as two lines in a file
-# which is passed to this script as a command line argument.
-
-# CAVEATS
-# * Requires Authen::PAM module, which may also
-# require the pam-devel package.
-# * May need to be run as root in order to
-# access username/password file.
-
-# NOTES
-# * This script is provided mostly as a demonstration of the
-# --auth-user-pass-verify script capability in OpenVPN.
-# For real world usage, see the auth-pam module in the plugin
-# folder.
-
-use Authen::PAM;
-use POSIX;
-
-# This "conversation function" will pass
-# $password to PAM when it asks for it.
-
-sub my_conv_func {
- my @res;
- while ( @_ ) {
- my $code = shift;
- my $msg = shift;
- my $ans = "";
-
- $ans = $password if $msg =~ /[Pp]assword/;
-
- push @res, (PAM_SUCCESS(),$ans);
- }
- push @res, PAM_SUCCESS();
- return @res;
-}
-
-# Identify service type to PAM
-$service = "login";
-
-# Get username/password from file
-
-if ($ARG = shift @ARGV) {
- if (!open (UPFILE, "<$ARG")) {
- print "Could not open username/password file: $ARG\n";
- exit 1;
- }
-} else {
- print "No username/password file specified on command line\n";
- exit 1;
-}
-
-$username = <UPFILE>;
-$password = <UPFILE>;
-
-if (!$username || !$password) {
- print "Username/password not found in file: $ARG\n";
- exit 1;
-}
-
-chomp $username;
-chomp $password;
-
-close (UPFILE);
-
-# Initialize PAM object
-
-if (!ref($pamh = new Authen::PAM($service, $username, \&my_conv_func))) {
- print "Authen::PAM init failed\n";
- exit 1;
-}
-
-# Authenticate with PAM
-
-$res = $pamh->pam_authenticate;
-
-# Return success or failure
-
-if ($res == PAM_SUCCESS()) {
- exit 0;
-} else {
- print "Auth '$username' failed, PAM said: ", $pamh->pam_strerror($res), "\n";
- exit 1;
-}
diff --git a/openvpn/sample/sample-scripts/bridge-start b/openvpn/sample/sample-scripts/bridge-start
deleted file mode 100755
index d20a2603..00000000
--- a/openvpn/sample/sample-scripts/bridge-start
+++ /dev/null
@@ -1,39 +0,0 @@
-#!/bin/sh
-
-#################################
-# Set up Ethernet bridge on Linux
-# Requires: bridge-utils
-#################################
-
-# Define Bridge Interface
-br="br0"
-
-# Define list of TAP interfaces to be bridged,
-# for example tap="tap0 tap1 tap2".
-tap="tap0"
-
-# Define physical ethernet interface to be bridged
-# with TAP interface(s) above.
-eth="eth0"
-eth_ip="192.168.8.4"
-eth_netmask="255.255.255.0"
-eth_broadcast="192.168.8.255"
-
-for t in $tap; do
- openvpn --mktun --dev $t
-done
-
-brctl addbr $br
-brctl addif $br $eth
-
-for t in $tap; do
- brctl addif $br $t
-done
-
-for t in $tap; do
- ifconfig $t 0.0.0.0 promisc up
-done
-
-ifconfig $eth 0.0.0.0 promisc up
-
-ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast
diff --git a/openvpn/sample/sample-scripts/bridge-stop b/openvpn/sample/sample-scripts/bridge-stop
deleted file mode 100755
index 81927794..00000000
--- a/openvpn/sample/sample-scripts/bridge-stop
+++ /dev/null
@@ -1,18 +0,0 @@
-#!/bin/sh
-
-####################################
-# Tear Down Ethernet bridge on Linux
-####################################
-
-# Define Bridge Interface
-br="br0"
-
-# Define list of TAP interfaces to be bridged together
-tap="tap0"
-
-ifconfig $br down
-brctl delbr $br
-
-for t in $tap; do
- openvpn --rmtun --dev $t
-done
diff --git a/openvpn/sample/sample-scripts/ucn.pl b/openvpn/sample/sample-scripts/ucn.pl
deleted file mode 100755
index 6d708f82..00000000
--- a/openvpn/sample/sample-scripts/ucn.pl
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/usr/bin/perl -t
-
-# OpenVPN --auth-user-pass-verify script.
-# Only authenticate if username equals common_name.
-# In OpenVPN config file:
-# auth-user-pass-verify ./ucn.pl via-env
-
-$username = $ENV{'username'};
-$common_name = $ENV{'common_name'};
-
-exit !(length($username) > 0 && length($common_name) > 0 && $username eq $common_name);
diff --git a/openvpn/sample/sample-scripts/verify-cn b/openvpn/sample/sample-scripts/verify-cn
deleted file mode 100755
index 6e747ef1..00000000
--- a/openvpn/sample/sample-scripts/verify-cn
+++ /dev/null
@@ -1,64 +0,0 @@
-#!/usr/bin/perl
-
-# verify-cn -- a sample OpenVPN tls-verify script
-#
-# Return 0 if cn matches the common name component of
-# subject, 1 otherwise.
-#
-# For example in OpenVPN, you could use the directive:
-#
-# tls-verify "./verify-cn /etc/openvpn/allowed_clients"
-#
-# This would cause the connection to be dropped unless
-# the client common name is listed on a line in the
-# allowed_clients file.
-
-die "usage: verify-cn cnfile certificate_depth subject" if (@ARGV != 3);
-
-# Parse out arguments:
-# cnfile -- The file containing the list of common names, one per
-# line, which the client is required to have,
-# taken from the argument to the tls-verify directive
-# in the OpenVPN config file.
-# The file can have blank lines and comment lines that begin
-# with the # character.
-# depth -- The current certificate chain depth. In a typical
-# bi-level chain, the root certificate will be at level
-# 1 and the client certificate will be at level 0.
-# This script will be called separately for each level.
-# x509 -- the X509 subject string as extracted by OpenVPN from
-# the client's provided certificate.
-($cnfile, $depth, $x509) = @ARGV;
-
-if ($depth == 0) {
- # If depth is zero, we know that this is the final
- # certificate in the chain (i.e. the client certificate),
- # and the one we are interested in examining.
- # If so, parse out the common name substring in
- # the X509 subject string.
-
- if ($x509 =~ / CN=([^,]+)/) {
- $cn = $1;
- # Accept the connection if the X509 common name
- # string matches the passed cn argument.
- open(FH, '<', $cnfile) or exit 1; # can't open, nobody authenticates!
- while (defined($line = <FH>)) {
- if ($line !~ /^[[:space:]]*(#|$)/o) {
- chop($line);
- if ($line eq $cn) {
- exit 0;
- }
- }
- }
- close(FH);
- }
-
- # Authentication failed -- Either we could not parse
- # the X509 subject string, or the common name in the
- # subject string didn't match the passed cn argument.
- exit 1;
-}
-
-# If depth is nonzero, tell OpenVPN to continue processing
-# the certificate chain.
-exit 0;
diff --git a/openvpn/sample/sample-windows/sample.ovpn b/openvpn/sample/sample-windows/sample.ovpn
deleted file mode 100755
index 5accd573..00000000
--- a/openvpn/sample/sample-windows/sample.ovpn
+++ /dev/null
@@ -1,103 +0,0 @@
-# Edit this file, and save to a .ovpn extension
-# so that OpenVPN will activate it when run
-# as a service.
-
-# Change 'myremote' to be your remote host,
-# or comment out to enter a listening
-# server mode.
-remote myremote
-
-# Uncomment this line to use a different
-# port number than the default of 1194.
-; port 1194
-
-# Choose one of three protocols supported by
-# OpenVPN. If left commented out, defaults
-# to udp.
-; proto [tcp-server | tcp-client | udp]
-
-# You must specify one of two possible network
-# protocols, 'dev tap' or 'dev tun' to be used
-# on both sides of the connection. 'tap' creates
-# a VPN using the ethernet protocol while 'tun'
-# uses the IP protocol. You must use 'tap'
-# if you are ethernet bridging or want to route
-# broadcasts. 'tun' is somewhat more efficient
-# but requires configuration of client software
-# to not depend on broadcasts. Some platforms
-# such as Solaris, OpenBSD, and Mac OS X only
-# support 'tun' interfaces, so if you are
-# connecting to such a platform, you must also
-# use a 'tun' interface on the Windows side.
-
-# Enable 'dev tap' or 'dev tun' but not both!
-dev tap
-
-# This is a 'dev tap' ifconfig that creates
-# a virtual ethernet subnet.
-# 10.3.0.1 is the local VPN IP address
-# and 255.255.255.0 is the VPN subnet.
-# Only define this option for 'dev tap'.
-ifconfig 10.3.0.1 255.255.255.0
-
-# This is a 'dev tun' ifconfig that creates
-# a point-to-point IP link.
-# 10.3.0.1 is the local VPN IP address and
-# 10.3.0.2 is the remote VPN IP address.
-# Only define this option for 'dev tun'.
-# Make sure to include the "tun-mtu" option
-# on the remote machine, but swap the order
-# of the ifconfig addresses.
-;tun-mtu 1500
-;ifconfig 10.3.0.1 10.3.0.2
-
-# If you have fragmentation issues or misconfigured
-# routers in the path which block Path MTU discovery,
-# lower the TCP MSS and internally fragment non-TCP
-# protocols.
-;fragment 1300
-;mssfix
-
-# If you have set up more than one TAP-Win32 adapter
-# on your system, you must refer to it by name.
-;dev-node my-tap
-
-# You can generate a static OpenVPN key
-# by selecting the Generate Key option
-# in the start menu.
-#
-# You can also generate key.txt manually
-# with the following command:
-# openvpn --genkey --secret key.txt
-#
-# key must match on both ends of the connection,
-# so you should generate it on one machine and
-# copy it to the other over a secure medium.
-# Place key.txt in the same directory as this
-# config file.
-secret key.txt
-
-# Uncomment this section for a more reliable
-# detection when a system loses its connection.
-# For example, dial-ups or laptops that travel
-# to other locations.
-#
-# If this section is enabled and "myremote"
-# above is a dynamic DNS name (i.e. dyndns.org),
-# OpenVPN will dynamically "follow" the IP
-# address of "myremote" if it changes.
-; ping-restart 60
-; ping-timer-rem
-; persist-tun
-; persist-key
-; resolv-retry 86400
-
-# keep-alive ping
-ping 10
-
-# enable LZO compression
-comp-lzo
-
-# moderate verbosity
-verb 4
-mute 10