From e113c968e894970a8e1a88c5259f41cf46784460 Mon Sep 17 00:00:00 2001 From: Guillaume Emorine Date: Thu, 17 Oct 2024 15:03:23 +0200 Subject: [PATCH] Ajout de tous les fichiers concernant le TP sur OpenVPN. --- bts_annee_2/cyber2/vpn-openvpn/README.md | 1 + .../vpn-openvpn/client/DESKTOP-SK8G91D.crt | 85 +++++ .../vpn-openvpn/client/DESKTOP-SK8G91D.key | 28 ++ .../vpn-openvpn/client/DESKTOP-SK8G91D.ovpn | 120 +++++++ .../cyber2/vpn-openvpn/client/README.md | 1 + bts_annee_2/cyber2/vpn-openvpn/client/ca.crt | 20 ++ bts_annee_2/cyber2/vpn-openvpn/client/ta.key | 21 ++ .../cyber2/vpn-openvpn/server/README.md | 1 + bts_annee_2/cyber2/vpn-openvpn/server/dh.pem | 8 + .../server/issued/DESKTOP-SK8G91D.crt | 85 +++++ .../vpn-openvpn/server/issued/openvpn-ge.crt | 87 +++++ .../server/private/DESKTOP-SK8G91D.key | 28 ++ .../cyber2/vpn-openvpn/server/private/ca.key | 30 ++ .../vpn-openvpn/server/private/openvpn-ge.key | 28 ++ .../cyber2/vpn-openvpn/server/server.conf | 315 ++++++++++++++++++ bts_annee_2/cyber2/vpn-openvpn/server/ta.key | 21 ++ 16 files changed, 879 insertions(+) create mode 100644 bts_annee_2/cyber2/vpn-openvpn/README.md create mode 100644 bts_annee_2/cyber2/vpn-openvpn/client/DESKTOP-SK8G91D.crt create mode 100644 bts_annee_2/cyber2/vpn-openvpn/client/DESKTOP-SK8G91D.key create mode 100644 bts_annee_2/cyber2/vpn-openvpn/client/DESKTOP-SK8G91D.ovpn create mode 100644 bts_annee_2/cyber2/vpn-openvpn/client/README.md create mode 100644 bts_annee_2/cyber2/vpn-openvpn/client/ca.crt create mode 100644 bts_annee_2/cyber2/vpn-openvpn/client/ta.key create mode 100644 bts_annee_2/cyber2/vpn-openvpn/server/README.md create mode 100644 bts_annee_2/cyber2/vpn-openvpn/server/dh.pem create mode 100644 bts_annee_2/cyber2/vpn-openvpn/server/issued/DESKTOP-SK8G91D.crt create mode 100644 bts_annee_2/cyber2/vpn-openvpn/server/issued/openvpn-ge.crt create mode 100644 bts_annee_2/cyber2/vpn-openvpn/server/private/DESKTOP-SK8G91D.key create mode 100644 bts_annee_2/cyber2/vpn-openvpn/server/private/ca.key create mode 100644 bts_annee_2/cyber2/vpn-openvpn/server/private/openvpn-ge.key create mode 100644 bts_annee_2/cyber2/vpn-openvpn/server/server.conf create mode 100644 bts_annee_2/cyber2/vpn-openvpn/server/ta.key diff --git a/bts_annee_2/cyber2/vpn-openvpn/README.md b/bts_annee_2/cyber2/vpn-openvpn/README.md new file mode 100644 index 0000000..6d2ea73 --- /dev/null +++ b/bts_annee_2/cyber2/vpn-openvpn/README.md @@ -0,0 +1 @@ +Dossier du TP sur le VPN OpenVPN. Il y a les fichiers relatifs au serveur et au client. diff --git a/bts_annee_2/cyber2/vpn-openvpn/client/DESKTOP-SK8G91D.crt b/bts_annee_2/cyber2/vpn-openvpn/client/DESKTOP-SK8G91D.crt new file mode 100644 index 0000000..4b95a33 --- /dev/null +++ b/bts_annee_2/cyber2/vpn-openvpn/client/DESKTOP-SK8G91D.crt @@ -0,0 +1,85 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 7a:40:e4:09:96:70:a7:11:03:89:2c:bb:23:d1:10:05 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Easy-RSA CA + Validity + Not Before: Oct 14 09:34:47 2024 GMT + Not After : Jan 17 09:34:47 2027 GMT + Subject: CN=DESKTOP-SK8G91D + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:a3:54:3e:71:b3:68:7b:11:f0:38:d4:80:5f:60: + 55:fe:27:f7:0e:f4:64:fd:6a:e4:be:7e:9c:40:82: + 6e:57:bb:09:90:10:3e:f5:2b:13:1d:14:2f:b3:eb: + 97:8e:c1:68:8f:23:9a:ac:8a:4f:8c:6d:59:69:88: + e6:75:80:44:80:94:65:17:c4:5a:c3:8c:b1:6e:bb: + 6d:bd:fa:af:ce:42:ab:21:b4:33:92:02:d8:1f:e3: + 9e:1a:aa:ae:e2:18:42:f9:6c:9f:84:db:a3:1b:23: + d8:fb:37:1f:3e:5f:04:21:72:17:be:4c:52:73:f0: + b7:87:fe:d1:c2:85:a3:4d:57:61:d6:4f:f7:6c:9c: + f1:fb:34:22:e5:44:43:86:a1:d8:29:b8:a2:73:f4: + 54:da:93:86:1f:bc:d3:98:2b:29:74:dc:4e:17:0c: + b3:44:d8:77:96:98:45:38:44:36:23:dc:55:d2:d2: + f7:75:1f:ec:bc:23:a9:fc:76:30:78:f8:e9:03:f8: + 88:43:9d:ae:fe:e8:e6:cf:02:d5:c7:93:f4:a9:9e: + 11:e1:68:4e:10:bb:85:e8:1a:c8:1b:ce:f4:f1:55: + 38:31:46:3e:1e:8d:6a:a8:6a:66:a6:85:57:08:76: + 3f:24:3f:7e:e4:b8:af:bf:86:d5:73:4a:98:ad:53: + 0f:6b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + F9:C9:56:7F:09:7A:38:A1:BB:00:6D:56:FA:75:FD:F6:C7:E9:EA:AE + X509v3 Authority Key Identifier: + keyid:02:2B:7C:59:A2:6F:3B:DA:07:A4:E9:F3:3F:27:94:B5:0E:62:76:F3 + DirName:/CN=Easy-RSA CA + serial:65:E9:1E:24:AE:9A:EE:B3:E5:D9:79:EA:1E:A9:D7:5D:A1:E2:D4:F1 + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 55:d1:dd:8c:9a:4e:80:02:32:49:88:6c:82:7f:43:d5:cd:37: + e0:8a:d5:d7:20:76:7f:dd:5b:b2:13:80:f0:81:9e:c7:e4:d3: + 6e:e9:01:5f:91:57:87:97:bc:b7:a9:d0:82:1c:76:21:27:fa: + 4c:84:c6:29:d0:f9:d4:78:6c:55:0c:9a:9b:9c:c0:ee:b5:35: + d0:0d:ef:5d:02:bf:51:40:9e:a8:cc:32:d9:c0:70:2f:c7:05: + 72:e6:10:6d:fd:da:8d:d8:bb:7f:84:d8:85:64:66:82:a8:50: + 08:9c:26:a5:27:8f:7b:9c:7b:5e:1d:44:6a:14:d2:4c:42:da: + 9c:3b:46:34:0e:22:c5:3e:3c:0c:10:c6:52:08:33:32:67:5d: + 71:00:7b:8a:f2:a7:ef:92:59:cc:fe:a8:4f:62:74:0e:91:ec: + 5d:61:45:92:73:13:75:59:0b:50:c0:af:a4:90:2d:ed:a6:2a: + d7:60:55:d3:c6:f2:df:1c:9c:9f:c2:7b:ba:10:6a:6d:25:9e: + c7:f9:30:cf:e3:4f:87:48:ba:ac:37:ea:88:f1:d7:79:62:f9: + 34:be:04:32:af:bf:a6:f8:91:89:ab:47:08:b5:3b:6e:17:c5: + d9:7f:94:f2:5c:47:57:58:62:02:12:7a:fa:83:bf:79:da:bf: + ed:88:a1:20 +-----BEGIN CERTIFICATE----- +MIIDXTCCAkWgAwIBAgIQekDkCZZwpxEDiSy7I9EQBTANBgkqhkiG9w0BAQsFADAW +MRQwEgYDVQQDDAtFYXN5LVJTQSBDQTAeFw0yNDEwMTQwOTM0NDdaFw0yNzAxMTcw +OTM0NDdaMBoxGDAWBgNVBAMMD0RFU0tUT1AtU0s4RzkxRDCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAKNUPnGzaHsR8DjUgF9gVf4n9w70ZP1q5L5+nECC +ble7CZAQPvUrEx0UL7Prl47BaI8jmqyKT4xtWWmI5nWARICUZRfEWsOMsW67bb36 +r85CqyG0M5IC2B/jnhqqruIYQvlsn4Tboxsj2Ps3Hz5fBCFyF75MUnPwt4f+0cKF +o01XYdZP92yc8fs0IuVEQ4ah2Cm4onP0VNqThh+805grKXTcThcMs0TYd5aYRThE +NiPcVdLS93Uf7Lwjqfx2MHj46QP4iEOdrv7o5s8C1ceT9KmeEeFoThC7hegayBvO +9PFVODFGPh6NaqhqZqaFVwh2PyQ/fuS4r7+G1XNKmK1TD2sCAwEAAaOBojCBnzAJ +BgNVHRMEAjAAMB0GA1UdDgQWBBT5yVZ/CXo4obsAbVb6df32x+nqrjBRBgNVHSME +SjBIgBQCK3xZom872gek6fM/J5S1DmJ286EapBgwFjEUMBIGA1UEAwwLRWFzeS1S +U0EgQ0GCFGXpHiSumu6z5dl56h6p112h4tTxMBMGA1UdJQQMMAoGCCsGAQUFBwMC +MAsGA1UdDwQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAQEAVdHdjJpOgAIySYhsgn9D +1c034IrV1yB2f91bshOA8IGex+TTbukBX5FXh5e8t6nQghx2ISf6TITGKdD51Hhs +VQyam5zA7rU10A3vXQK/UUCeqMwy2cBwL8cFcuYQbf3ajdi7f4TYhWRmgqhQCJwm +pSePe5x7Xh1EahTSTELanDtGNA4ixT48DBDGUggzMmddcQB7ivKn75JZzP6oT2J0 +DpHsXWFFknMTdVkLUMCvpJAt7aYq12BV08by3xycn8J7uhBqbSWex/kwz+NPh0i6 +rDfqiPHXeWL5NL4EMq+/pviRiatHCLU7bhfF2X+U8lxHV1hiAhJ6+oO/edq/7Yih +IA== +-----END CERTIFICATE----- diff --git a/bts_annee_2/cyber2/vpn-openvpn/client/DESKTOP-SK8G91D.key b/bts_annee_2/cyber2/vpn-openvpn/client/DESKTOP-SK8G91D.key new file mode 100644 index 0000000..6154887 --- /dev/null +++ b/bts_annee_2/cyber2/vpn-openvpn/client/DESKTOP-SK8G91D.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCjVD5xs2h7EfA4 +1IBfYFX+J/cO9GT9auS+fpxAgm5XuwmQED71KxMdFC+z65eOwWiPI5qsik+MbVlp +iOZ1gESAlGUXxFrDjLFuu229+q/OQqshtDOSAtgf454aqq7iGEL5bJ+E26MbI9j7 +Nx8+XwQhche+TFJz8LeH/tHChaNNV2HWT/dsnPH7NCLlREOGodgpuKJz9FTak4Yf +vNOYKyl03E4XDLNE2HeWmEU4RDYj3FXS0vd1H+y8I6n8djB4+OkD+IhDna7+6ObP +AtXHk/SpnhHhaE4Qu4XoGsgbzvTxVTgxRj4ejWqoamamhVcIdj8kP37kuK+/htVz +SpitUw9rAgMBAAECggEAQd/J+bDbDHwtL7ahehZQSJxU3G68xqsUzDIjki8pEvBI +iJbM1bREVr+cB8yXCYg/RDAfg8SbFe/KlrKVBMIxnsx7Q4058FHwBFHLDssrmhyw +ifz0qcjE44O58lZyB5WyeYgShJLTY7BfJN9UFiNbdqPeKK3+uW1WkJ65emPM+/WD +7DR/VHOPs8PUS6mf6EMwyzeRHECnb8t9sSx1vqcAPzj/l/3iAQloyn9VxTvJ345/ +yLyFtF+GCqSiXBl5bPR9uN1hrpjeqjcFo/EZFPSLQJNiFtHOUMt3GtJW0h7XQtrf +PakCeLx4DuMANuLPjdzcK4lZAql/s0A2hHNhEh94QQKBgQDRvxN6E1guXVktZxsS +rc/2uuOoOYbTkxpkqzqI4WQ24Gb7lu/95jhHdZTWCATLdG+XMDxMdiNWIf2YMAq4 +5+c0ZL3HwiZq6Mo3sbZUP1RnEM4suHZZinTgJgDa3+RDGVF1usSwcvqGjY/+2zL8 +muzjorsY7dBxLne8BDEH9yiHqwKBgQDHWL8o8uiNIpQxz7WzZwi8dNGTKCjA/Oig +BIin3Rk2nX33y5QIe45Jb9f4V7Q7XZjY2aoYwzVWsZlu1LAFvS9zkuKJB60I6PJt ++5yowZKk2roqR7hreuml1nbyAljoJpuIdrT/xHIQyI3LtgscUOTT2nMwAQ/X0gWz +xzSrLkjXQQKBgQCBsA2Q66kYceuT4S6iLApsWj4tY/RzmX82Q5Fb1VErhTDn2vnl +GZYuyQsQE8EzM3lUGCUQefN7bGTq1rmqfuk8QhX+D5PFgs6WBTHhgY7kc0Wn7R5w +WuXNOnJI4yq2Ok9d5e970nwI+jrQsCQkgH58ecAJt/GsKbkq7cSLUk0jJQKBgACU +uqHk61aV9jaa812dfEIIWSADqvK9CfSFbtyGYW9uUBKrzjekHIsMP2Xi44yUvkBL +ihpeX0ZsaBURm524qm28zNo3YoK3IxW8+Pzo64N9e7Np2BjAF/Q6xsf3x8iNbECe +j/J64RY5b2hblHa1qaUQauuF5UTswMWAXB/vl5jBAoGARQbPUSMgp382ZDN3ohxf +7XEC/roO6SyuKLaF46kfVgoNXNBK8qvfV4HaUHiWfkBlsdrZioQp7z+S3ijlrAu+ +iae08RHuKQS1XMUN9BvqzmWSB9RMBZSNhVvD8QZwVPSHEqAx8yvORitdjQpDTdFS +8jKYo+l8sNiEYzv5y/ovagI= +-----END PRIVATE KEY----- diff --git a/bts_annee_2/cyber2/vpn-openvpn/client/DESKTOP-SK8G91D.ovpn b/bts_annee_2/cyber2/vpn-openvpn/client/DESKTOP-SK8G91D.ovpn new file mode 100644 index 0000000..06b537f --- /dev/null +++ b/bts_annee_2/cyber2/vpn-openvpn/client/DESKTOP-SK8G91D.ovpn @@ -0,0 +1,120 @@ +############################################## +# Sample client-side OpenVPN 2.6 config file # +# for connecting to multi-client server. # +# # +# This configuration can be used by multiple # +# clients, however each client should have # +# its own cert and key files. # +# # +# On Windows, you might want to rename this # +# file so it has a .ovpn extension # +############################################## + +# Specify that we are a client and that we +# will be pulling certain config file directives +# from the server. +client + +# Use the same setting as you are using on +# the server. +# On most systems, the VPN will not function +# unless you partially or fully disable +# the firewall for the TUN/TAP interface. +;dev tap +dev tun + +# Windows needs the TAP-Win32 adapter name +# from the Network Connections panel +# if you have more than one. On XP SP2, +# you may need to disable the firewall +# for the TAP adapter. +;dev-node MyTap + +# Are we connecting to a TCP or +# UDP server? Use the same setting as +# on the server. +;proto tcp +proto udp + +# The hostname/IP and port of the server. +# You can have multiple remote entries +# to load balance between the servers. +remote 192.168.0.48 1194 +;remote my-server-2 1194 + +# Choose a random host from the remote +# list for load-balancing. Otherwise +# try hosts in the order specified. +;remote-random + +# Keep trying indefinitely to resolve the +# host name of the OpenVPN server. Very useful +# on machines which are not permanently connected +# to the internet such as laptops. +resolv-retry infinite + +# Most clients don't need to bind to +# a specific local port number. +nobind + +# Downgrade privileges after initialization (non-Windows only) +;user openvpn +;group openvpn + +# Try to preserve some state across restarts. +persist-key +persist-tun + +# If you are connecting through an +# HTTP proxy to reach the actual OpenVPN +# server, put the proxy server/IP and +# port number here. See the man page +# if your proxy server requires +# authentication. +;http-proxy-retry # retry on connection failures +;http-proxy [proxy server] [proxy port #] + +# Wireless networks often produce a lot +# of duplicate packets. Set this flag +# to silence duplicate packet warnings. +;mute-replay-warnings + +# SSL/TLS parms. +# See the server config file for more +# description. It's best to use +# a separate .crt/.key file pair +# for each client. A single ca +# file can be used for all clients. +ca ca.crt +cert DESKTOP-SK8G91D.crt +key DESKTOP-SK8G91D.key + +# Verify server certificate by checking that the +# certificate has the correct key usage set. +# This is an important precaution to protect against +# a potential attack discussed here: +# http://openvpn.net/howto.html#mitm +# +# To use this feature, you will need to generate +# your server certificates with the keyUsage set to +# digitalSignature, keyEncipherment +# and the extendedKeyUsage to +# serverAuth +# EasyRSA can do this for you. +remote-cert-tls server + +# Allow to connect to really old OpenVPN versions +# without AEAD support (OpenVPN 2.3.x or older) +# This adds AES-256-CBC as fallback cipher and +# keeps the modern ciphers as well. +data-ciphers AES-256-GCM:AES-128-GCM:?CHACHA20-POLY1305:AES-256-CBC + +# If a tls-auth key is used on the server +# then every client must also have the key. +tls-auth ta.key 1 + +# Set log file verbosity. +verb 3 + +# Silence repeating messages +;mute 20 diff --git a/bts_annee_2/cyber2/vpn-openvpn/client/README.md b/bts_annee_2/cyber2/vpn-openvpn/client/README.md new file mode 100644 index 0000000..e258d84 --- /dev/null +++ b/bts_annee_2/cyber2/vpn-openvpn/client/README.md @@ -0,0 +1 @@ +Dossier du serveur OpenVPN, avec les fichiers de configuration, les certificats issus, et le reste. diff --git a/bts_annee_2/cyber2/vpn-openvpn/client/ca.crt b/bts_annee_2/cyber2/vpn-openvpn/client/ca.crt new file mode 100644 index 0000000..e5210ea --- /dev/null +++ b/bts_annee_2/cyber2/vpn-openvpn/client/ca.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDSzCCAjOgAwIBAgIUZekeJK6a7rPl2XnqHqnXXaHi1PEwDQYJKoZIhvcNAQEL +BQAwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjQxMDE0MDkyMzEwWhcNMzQx +MDEyMDkyMzEwWjAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAKrBBlOUjpOTZzSSQ3481/1Gv2UmnKkLK6x2rmkJ +qgFapKB9J8CFjYjKK3IONvP4DvnYLL9wpO/FkIoNQUHl3U0IRoH5DtLg53aqWFIl +5P0mNDrHzNraLYU3fk+y+bsKRklxxv3UcMvi1Lo3gIbdpP8hRxZ9IaQvSe1E2GDA +zcc0QeHm6/NHJLKgvXRPohjk6qFTVy0x9bbqhsBpJFOhj2TmbdiI5wo3yBvhjqVh +66ssF+WDrPjgiLFR3Vgt0Whif5BMMWe9KH53wII6uIM4rWx+NrEOPD5y3ObbgnVX +yyuXNIbwQw/kvy0ZXF4+J3Ippf8dc15SjS6si7Li8GRxsUcCAwEAAaOBkDCBjTAM +BgNVHRMEBTADAQH/MB0GA1UdDgQWBBQCK3xZom872gek6fM/J5S1DmJ28zBRBgNV +HSMESjBIgBQCK3xZom872gek6fM/J5S1DmJ286EapBgwFjEUMBIGA1UEAwwLRWFz +eS1SU0EgQ0GCFGXpHiSumu6z5dl56h6p112h4tTxMAsGA1UdDwQEAwIBBjANBgkq +hkiG9w0BAQsFAAOCAQEACRPv+n+H9wZHcSW75cHZCaOQWw2Ze+/gJTW9Wk5leLQn +jABaLmHzeNenjg2gCDNG1ObBS0Lx5SCE7mf8HY32hqCR7fwJhY+K2gj+MQK7r3VD +UH60BBzKqH5djRkSq1oSPJSUPNeW6hTH0kn56N1I7cBuez7Vz9VsgiyPYsR6uGxe +79/AJfuP6Y4KkvO4Hjpr8MvSg+t4NAxNiEp3P/p/CX8AmK75f3DfsD80v5YeBQC7 +H6QeJ24UTD1oH+DhF8pptrNf6yzb8SipI2ShdTdFwHZR+1hcnEPb3eyRLouqbDqy +n8u2opX/cktET0o29IIc71L23Tsb+SSBR1QvUuIFCA== +-----END CERTIFICATE----- diff --git a/bts_annee_2/cyber2/vpn-openvpn/client/ta.key b/bts_annee_2/cyber2/vpn-openvpn/client/ta.key new file mode 100644 index 0000000..b167763 --- /dev/null +++ b/bts_annee_2/cyber2/vpn-openvpn/client/ta.key @@ -0,0 +1,21 @@ +# +# 2048 bit OpenVPN static key +# +-----BEGIN OpenVPN Static key V1----- +d603ad1c4cec84482158d16fdf2195fc +00408410be33b106963c91a3ef7f01e6 +85b69e6a37d0928e36bf15d00152817d +4a16fd1ce4555caca28e602b8124fec6 +a659f275ae06de6a2333dd4a358e4689 +e0914d9416e12c042af8114863159b76 +e79c45aa2f972da28ad19c1b2f6f8b00 +340f4a906f640e0f113483fb50d5799d +2d75c0ecbf853542e03b4b9f76eec5c1 +fdcc11ab0ba44974eff3c087241521fd +ae0ef5aad26279907448c6493a77c5d7 +abc5192af4f157ae3f9e25f92c08f7c6 +d33e9ccd18559b886338c515b62bdc8a +22fb34d04ae4882fcffd74d21e2408af +5a710d9a6fad0c9d9ca7f985f791999b +6c8efa6efcf946fc933f7ff0dae6b2ae +-----END OpenVPN Static key V1----- diff --git a/bts_annee_2/cyber2/vpn-openvpn/server/README.md b/bts_annee_2/cyber2/vpn-openvpn/server/README.md new file mode 100644 index 0000000..e258d84 --- /dev/null +++ b/bts_annee_2/cyber2/vpn-openvpn/server/README.md @@ -0,0 +1 @@ +Dossier du serveur OpenVPN, avec les fichiers de configuration, les certificats issus, et le reste. diff --git a/bts_annee_2/cyber2/vpn-openvpn/server/dh.pem b/bts_annee_2/cyber2/vpn-openvpn/server/dh.pem new file mode 100644 index 0000000..f8ce8c1 --- /dev/null +++ b/bts_annee_2/cyber2/vpn-openvpn/server/dh.pem @@ -0,0 +1,8 @@ +-----BEGIN DH PARAMETERS----- +MIIBCAKCAQEAuptpuRWmMxML8GOhjTObEZ7OF5RsUfZeK8+Oo+DO0uiF/KBOHoAG +QrzqWQAtwZJJ5rSqSVxrDR4v5ABkdVCdHfyF3ZI/+Ya+0afMn9g69QiMvhm7yp56 +ey2oyMlYPoI1VzmsOZgS1rTrIQDgcSNBAAcpE2Gn3Rq2+czedhClI5Z+fFPAjzlU +cXfdWv/0thTW6P4z/6KCRsmJHDbQt0u/6PUizVZdhO+Pw/Fa6r89kAC6ShAd/+hh +RKoMb3kqJ2op1t87AfgHegHYtYQgAqhtHTkjVJ1AT6HcHVhSomz40Fw0YDkn4DXP +PGM2LunCSUlwU+z1jlCixmP0NEhVsi8mpwIBAg== +-----END DH PARAMETERS----- diff --git a/bts_annee_2/cyber2/vpn-openvpn/server/issued/DESKTOP-SK8G91D.crt b/bts_annee_2/cyber2/vpn-openvpn/server/issued/DESKTOP-SK8G91D.crt new file mode 100644 index 0000000..4b95a33 --- /dev/null +++ b/bts_annee_2/cyber2/vpn-openvpn/server/issued/DESKTOP-SK8G91D.crt @@ -0,0 +1,85 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 7a:40:e4:09:96:70:a7:11:03:89:2c:bb:23:d1:10:05 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Easy-RSA CA + Validity + Not Before: Oct 14 09:34:47 2024 GMT + Not After : Jan 17 09:34:47 2027 GMT + Subject: CN=DESKTOP-SK8G91D + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:a3:54:3e:71:b3:68:7b:11:f0:38:d4:80:5f:60: + 55:fe:27:f7:0e:f4:64:fd:6a:e4:be:7e:9c:40:82: + 6e:57:bb:09:90:10:3e:f5:2b:13:1d:14:2f:b3:eb: + 97:8e:c1:68:8f:23:9a:ac:8a:4f:8c:6d:59:69:88: + e6:75:80:44:80:94:65:17:c4:5a:c3:8c:b1:6e:bb: + 6d:bd:fa:af:ce:42:ab:21:b4:33:92:02:d8:1f:e3: + 9e:1a:aa:ae:e2:18:42:f9:6c:9f:84:db:a3:1b:23: + d8:fb:37:1f:3e:5f:04:21:72:17:be:4c:52:73:f0: + b7:87:fe:d1:c2:85:a3:4d:57:61:d6:4f:f7:6c:9c: + f1:fb:34:22:e5:44:43:86:a1:d8:29:b8:a2:73:f4: + 54:da:93:86:1f:bc:d3:98:2b:29:74:dc:4e:17:0c: + b3:44:d8:77:96:98:45:38:44:36:23:dc:55:d2:d2: + f7:75:1f:ec:bc:23:a9:fc:76:30:78:f8:e9:03:f8: + 88:43:9d:ae:fe:e8:e6:cf:02:d5:c7:93:f4:a9:9e: + 11:e1:68:4e:10:bb:85:e8:1a:c8:1b:ce:f4:f1:55: + 38:31:46:3e:1e:8d:6a:a8:6a:66:a6:85:57:08:76: + 3f:24:3f:7e:e4:b8:af:bf:86:d5:73:4a:98:ad:53: + 0f:6b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + F9:C9:56:7F:09:7A:38:A1:BB:00:6D:56:FA:75:FD:F6:C7:E9:EA:AE + X509v3 Authority Key Identifier: + keyid:02:2B:7C:59:A2:6F:3B:DA:07:A4:E9:F3:3F:27:94:B5:0E:62:76:F3 + DirName:/CN=Easy-RSA CA + serial:65:E9:1E:24:AE:9A:EE:B3:E5:D9:79:EA:1E:A9:D7:5D:A1:E2:D4:F1 + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 55:d1:dd:8c:9a:4e:80:02:32:49:88:6c:82:7f:43:d5:cd:37: + e0:8a:d5:d7:20:76:7f:dd:5b:b2:13:80:f0:81:9e:c7:e4:d3: + 6e:e9:01:5f:91:57:87:97:bc:b7:a9:d0:82:1c:76:21:27:fa: + 4c:84:c6:29:d0:f9:d4:78:6c:55:0c:9a:9b:9c:c0:ee:b5:35: + d0:0d:ef:5d:02:bf:51:40:9e:a8:cc:32:d9:c0:70:2f:c7:05: + 72:e6:10:6d:fd:da:8d:d8:bb:7f:84:d8:85:64:66:82:a8:50: + 08:9c:26:a5:27:8f:7b:9c:7b:5e:1d:44:6a:14:d2:4c:42:da: + 9c:3b:46:34:0e:22:c5:3e:3c:0c:10:c6:52:08:33:32:67:5d: + 71:00:7b:8a:f2:a7:ef:92:59:cc:fe:a8:4f:62:74:0e:91:ec: + 5d:61:45:92:73:13:75:59:0b:50:c0:af:a4:90:2d:ed:a6:2a: + d7:60:55:d3:c6:f2:df:1c:9c:9f:c2:7b:ba:10:6a:6d:25:9e: + c7:f9:30:cf:e3:4f:87:48:ba:ac:37:ea:88:f1:d7:79:62:f9: + 34:be:04:32:af:bf:a6:f8:91:89:ab:47:08:b5:3b:6e:17:c5: + d9:7f:94:f2:5c:47:57:58:62:02:12:7a:fa:83:bf:79:da:bf: + ed:88:a1:20 +-----BEGIN CERTIFICATE----- +MIIDXTCCAkWgAwIBAgIQekDkCZZwpxEDiSy7I9EQBTANBgkqhkiG9w0BAQsFADAW +MRQwEgYDVQQDDAtFYXN5LVJTQSBDQTAeFw0yNDEwMTQwOTM0NDdaFw0yNzAxMTcw +OTM0NDdaMBoxGDAWBgNVBAMMD0RFU0tUT1AtU0s4RzkxRDCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAKNUPnGzaHsR8DjUgF9gVf4n9w70ZP1q5L5+nECC +ble7CZAQPvUrEx0UL7Prl47BaI8jmqyKT4xtWWmI5nWARICUZRfEWsOMsW67bb36 +r85CqyG0M5IC2B/jnhqqruIYQvlsn4Tboxsj2Ps3Hz5fBCFyF75MUnPwt4f+0cKF +o01XYdZP92yc8fs0IuVEQ4ah2Cm4onP0VNqThh+805grKXTcThcMs0TYd5aYRThE +NiPcVdLS93Uf7Lwjqfx2MHj46QP4iEOdrv7o5s8C1ceT9KmeEeFoThC7hegayBvO +9PFVODFGPh6NaqhqZqaFVwh2PyQ/fuS4r7+G1XNKmK1TD2sCAwEAAaOBojCBnzAJ +BgNVHRMEAjAAMB0GA1UdDgQWBBT5yVZ/CXo4obsAbVb6df32x+nqrjBRBgNVHSME +SjBIgBQCK3xZom872gek6fM/J5S1DmJ286EapBgwFjEUMBIGA1UEAwwLRWFzeS1S +U0EgQ0GCFGXpHiSumu6z5dl56h6p112h4tTxMBMGA1UdJQQMMAoGCCsGAQUFBwMC +MAsGA1UdDwQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAQEAVdHdjJpOgAIySYhsgn9D +1c034IrV1yB2f91bshOA8IGex+TTbukBX5FXh5e8t6nQghx2ISf6TITGKdD51Hhs +VQyam5zA7rU10A3vXQK/UUCeqMwy2cBwL8cFcuYQbf3ajdi7f4TYhWRmgqhQCJwm +pSePe5x7Xh1EahTSTELanDtGNA4ixT48DBDGUggzMmddcQB7ivKn75JZzP6oT2J0 +DpHsXWFFknMTdVkLUMCvpJAt7aYq12BV08by3xycn8J7uhBqbSWex/kwz+NPh0i6 +rDfqiPHXeWL5NL4EMq+/pviRiatHCLU7bhfF2X+U8lxHV1hiAhJ6+oO/edq/7Yih +IA== +-----END CERTIFICATE----- diff --git a/bts_annee_2/cyber2/vpn-openvpn/server/issued/openvpn-ge.crt b/bts_annee_2/cyber2/vpn-openvpn/server/issued/openvpn-ge.crt new file mode 100644 index 0000000..2f17fd0 --- /dev/null +++ b/bts_annee_2/cyber2/vpn-openvpn/server/issued/openvpn-ge.crt @@ -0,0 +1,87 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + c0:ab:5f:6d:f5:7d:ef:f2:78:a5:4d:b6:3f:aa:96:01 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Easy-RSA CA + Validity + Not Before: Oct 14 09:24:38 2024 GMT + Not After : Jan 17 09:24:38 2027 GMT + Subject: CN=openvpn-ge + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:91:11:97:66:bf:80:7a:fe:03:8b:a1:6f:6c:9c: + ef:48:cf:3f:38:47:24:00:ef:e1:9e:20:94:db:f2: + 0c:2a:07:c9:c5:24:df:4f:9c:42:6a:ab:2e:b4:64: + f5:92:ba:f4:46:fb:d6:3b:24:aa:f3:b1:cc:f7:03: + 7f:0a:1d:35:09:74:77:9e:83:44:c9:26:a9:91:9d: + 59:03:94:91:4d:af:5e:fb:18:23:43:cb:57:40:6f: + 0b:b6:b6:d4:c7:e1:92:42:ee:ac:f5:de:94:75:70: + 96:73:3f:25:93:0c:40:c1:25:c9:a6:d5:b5:f2:7e: + 21:1c:49:ae:d0:86:a6:d9:68:67:e8:e3:0f:fc:8b: + 80:8b:9b:80:3e:e1:38:74:32:48:67:5f:5e:63:be: + 1f:3e:cd:70:62:45:bb:c1:29:1c:c1:11:da:33:81: + 65:73:66:bf:77:8c:05:49:09:d8:8f:9d:27:0e:a4: + 75:cd:1c:ae:74:78:53:38:f1:81:1c:9b:b2:72:a0: + 77:33:20:b6:64:f8:ea:7b:8e:f8:89:7a:73:30:22: + db:3c:e5:d8:60:ee:02:42:23:a7:3b:bf:f9:48:08: + 24:13:07:28:3f:82:2b:90:9b:8a:79:99:7c:5e:56: + 93:6c:9f:2a:32:42:9f:60:f2:4d:69:28:15:b0:9a: + 45:19 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 1D:12:59:5C:FC:A5:F7:73:7A:5D:FD:3C:FC:4B:82:BF:13:F8:8C:96 + X509v3 Authority Key Identifier: + keyid:02:2B:7C:59:A2:6F:3B:DA:07:A4:E9:F3:3F:27:94:B5:0E:62:76:F3 + DirName:/CN=Easy-RSA CA + serial:65:E9:1E:24:AE:9A:EE:B3:E5:D9:79:EA:1E:A9:D7:5D:A1:E2:D4:F1 + X509v3 Extended Key Usage: + TLS Web Server Authentication + X509v3 Key Usage: + Digital Signature, Key Encipherment + X509v3 Subject Alternative Name: + DNS:openvpn-ge + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 67:6e:b2:fc:9c:ea:90:8f:15:bd:49:c0:22:e5:60:32:6e:bc: + 6b:cf:b6:ec:dc:05:db:b1:55:94:d7:64:af:11:07:2c:cd:93: + 95:cb:32:2d:89:0d:fe:1e:ab:dd:ab:0b:77:05:48:60:b5:6c: + b7:00:e4:5c:47:39:e1:6c:e4:58:0b:36:f0:ef:c7:a0:05:69: + c7:94:7c:da:69:f1:bb:52:30:23:d2:d0:68:5f:25:05:bc:2b: + 82:ba:e8:8d:4e:aa:5f:2e:a3:3a:45:80:fd:45:10:a8:7f:63: + 2c:85:83:67:b1:67:26:88:67:71:39:0d:39:7f:1e:53:9f:e2: + 69:5e:be:52:33:30:17:0a:02:1a:eb:b6:77:ca:fa:08:75:b2: + ff:e0:65:8c:c8:b1:be:47:a0:8d:c5:bd:f5:a7:e2:93:c7:91: + 2d:39:6d:78:1c:ef:c0:04:09:9e:85:7c:8b:80:c4:ad:27:07: + 2d:5e:ee:79:59:11:e3:9e:a2:10:73:16:bf:98:48:54:a0:da: + 29:5e:2b:f5:b3:2e:a4:e6:02:0c:25:07:ef:19:fb:1b:66:d0: + ee:50:82:f6:c2:2e:02:59:6a:51:b0:28:bb:35:d5:f2:59:4d: + 01:d5:54:a8:69:5e:c2:49:8d:50:c1:3b:87:49:73:84:eb:be: + 32:b8:c5:fb +-----BEGIN CERTIFICATE----- +MIIDcDCCAligAwIBAgIRAMCrX231fe/yeKVNtj+qlgEwDQYJKoZIhvcNAQELBQAw +FjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjQxMDE0MDkyNDM4WhcNMjcwMTE3 +MDkyNDM4WjAVMRMwEQYDVQQDDApvcGVudnBuLWdlMIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAkRGXZr+Aev4Di6FvbJzvSM8/OEckAO/hniCU2/IMKgfJ +xSTfT5xCaqsutGT1krr0RvvWOySq87HM9wN/Ch01CXR3noNEySapkZ1ZA5SRTa9e ++xgjQ8tXQG8LtrbUx+GSQu6s9d6UdXCWcz8lkwxAwSXJptW18n4hHEmu0Iam2Whn +6OMP/IuAi5uAPuE4dDJIZ19eY74fPs1wYkW7wSkcwRHaM4Flc2a/d4wFSQnYj50n +DqR1zRyudHhTOPGBHJuycqB3MyC2ZPjqe474iXpzMCLbPOXYYO4CQiOnO7/5SAgk +EwcoP4IrkJuKeZl8XlaTbJ8qMkKfYPJNaSgVsJpFGQIDAQABo4G5MIG2MAkGA1Ud +EwQCMAAwHQYDVR0OBBYEFB0SWVz8pfdzel39PPxLgr8T+IyWMFEGA1UdIwRKMEiA +FAIrfFmibzvaB6Tp8z8nlLUOYnbzoRqkGDAWMRQwEgYDVQQDDAtFYXN5LVJTQSBD +QYIUZekeJK6a7rPl2XnqHqnXXaHi1PEwEwYDVR0lBAwwCgYIKwYBBQUHAwEwCwYD +VR0PBAQDAgWgMBUGA1UdEQQOMAyCCm9wZW52cG4tZ2UwDQYJKoZIhvcNAQELBQAD +ggEBAGdusvyc6pCPFb1JwCLlYDJuvGvPtuzcBduxVZTXZK8RByzNk5XLMi2JDf4e +q92rC3cFSGC1bLcA5FxHOeFs5FgLNvDvx6AFaceUfNpp8btSMCPS0GhfJQW8K4K6 +6I1Oql8uozpFgP1FEKh/YyyFg2exZyaIZ3E5DTl/HlOf4mlevlIzMBcKAhrrtnfK ++gh1sv/gZYzIsb5HoI3FvfWn4pPHkS05bXgc78AECZ6FfIuAxK0nBy1e7nlZEeOe +ohBzFr+YSFSg2ileK/WzLqTmAgwlB+8Z+xtm0O5QgvbCLgJZalGwKLs11fJZTQHV +VKhpXsJJjVDBO4dJc4TrvjK4xfs= +-----END CERTIFICATE----- diff --git a/bts_annee_2/cyber2/vpn-openvpn/server/private/DESKTOP-SK8G91D.key b/bts_annee_2/cyber2/vpn-openvpn/server/private/DESKTOP-SK8G91D.key new file mode 100644 index 0000000..6154887 --- /dev/null +++ b/bts_annee_2/cyber2/vpn-openvpn/server/private/DESKTOP-SK8G91D.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCjVD5xs2h7EfA4 +1IBfYFX+J/cO9GT9auS+fpxAgm5XuwmQED71KxMdFC+z65eOwWiPI5qsik+MbVlp +iOZ1gESAlGUXxFrDjLFuu229+q/OQqshtDOSAtgf454aqq7iGEL5bJ+E26MbI9j7 +Nx8+XwQhche+TFJz8LeH/tHChaNNV2HWT/dsnPH7NCLlREOGodgpuKJz9FTak4Yf +vNOYKyl03E4XDLNE2HeWmEU4RDYj3FXS0vd1H+y8I6n8djB4+OkD+IhDna7+6ObP +AtXHk/SpnhHhaE4Qu4XoGsgbzvTxVTgxRj4ejWqoamamhVcIdj8kP37kuK+/htVz +SpitUw9rAgMBAAECggEAQd/J+bDbDHwtL7ahehZQSJxU3G68xqsUzDIjki8pEvBI +iJbM1bREVr+cB8yXCYg/RDAfg8SbFe/KlrKVBMIxnsx7Q4058FHwBFHLDssrmhyw +ifz0qcjE44O58lZyB5WyeYgShJLTY7BfJN9UFiNbdqPeKK3+uW1WkJ65emPM+/WD +7DR/VHOPs8PUS6mf6EMwyzeRHECnb8t9sSx1vqcAPzj/l/3iAQloyn9VxTvJ345/ +yLyFtF+GCqSiXBl5bPR9uN1hrpjeqjcFo/EZFPSLQJNiFtHOUMt3GtJW0h7XQtrf +PakCeLx4DuMANuLPjdzcK4lZAql/s0A2hHNhEh94QQKBgQDRvxN6E1guXVktZxsS +rc/2uuOoOYbTkxpkqzqI4WQ24Gb7lu/95jhHdZTWCATLdG+XMDxMdiNWIf2YMAq4 +5+c0ZL3HwiZq6Mo3sbZUP1RnEM4suHZZinTgJgDa3+RDGVF1usSwcvqGjY/+2zL8 +muzjorsY7dBxLne8BDEH9yiHqwKBgQDHWL8o8uiNIpQxz7WzZwi8dNGTKCjA/Oig +BIin3Rk2nX33y5QIe45Jb9f4V7Q7XZjY2aoYwzVWsZlu1LAFvS9zkuKJB60I6PJt ++5yowZKk2roqR7hreuml1nbyAljoJpuIdrT/xHIQyI3LtgscUOTT2nMwAQ/X0gWz +xzSrLkjXQQKBgQCBsA2Q66kYceuT4S6iLApsWj4tY/RzmX82Q5Fb1VErhTDn2vnl +GZYuyQsQE8EzM3lUGCUQefN7bGTq1rmqfuk8QhX+D5PFgs6WBTHhgY7kc0Wn7R5w +WuXNOnJI4yq2Ok9d5e970nwI+jrQsCQkgH58ecAJt/GsKbkq7cSLUk0jJQKBgACU +uqHk61aV9jaa812dfEIIWSADqvK9CfSFbtyGYW9uUBKrzjekHIsMP2Xi44yUvkBL +ihpeX0ZsaBURm524qm28zNo3YoK3IxW8+Pzo64N9e7Np2BjAF/Q6xsf3x8iNbECe +j/J64RY5b2hblHa1qaUQauuF5UTswMWAXB/vl5jBAoGARQbPUSMgp382ZDN3ohxf +7XEC/roO6SyuKLaF46kfVgoNXNBK8qvfV4HaUHiWfkBlsdrZioQp7z+S3ijlrAu+ +iae08RHuKQS1XMUN9BvqzmWSB9RMBZSNhVvD8QZwVPSHEqAx8yvORitdjQpDTdFS +8jKYo+l8sNiEYzv5y/ovagI= +-----END PRIVATE KEY----- diff --git a/bts_annee_2/cyber2/vpn-openvpn/server/private/ca.key b/bts_annee_2/cyber2/vpn-openvpn/server/private/ca.key new file mode 100644 index 0000000..9d93fe3 --- /dev/null +++ b/bts_annee_2/cyber2/vpn-openvpn/server/private/ca.key @@ -0,0 +1,30 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIcJBKkvZeiKACAggA +MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECBiqIlSBAXf8BIIEyE3YCOnpXD79 +6t52JDX0eovdDLf2ScDWsOSdDvCHvnEz6Df1ZKYq7jcm5ieFx5XHiRAGwWT/p77O +OSc73uXheI66RPios2+n0R/IT0mQhc+lOq7CLkCNXn5B1E/ZnAYEXcyhL52TZjQV +JnBTB/eaz2nz43XviqZ1mwjxDMm6MsyThrtLRbBzrHHcpd93Cdzzk5PofNB+fF5Z +FXjtb1yecEAHUUh80+xUiVDmtq1elFGR5mI/mRTeIRnWlcez1jgmH2CG39NlyXe5 +Gjz7QnVhzO/z9l2A4kl8LBid0u4fVqx7ja7iWLOVR0XP36ncYZzhpngbiHfGd+y6 +obJN3O1xQnQKE6yL8W+vTv68YnKSgY3RlOs0F1dEVdDIfVX7PnqiRKimiSvGPWl2 +sW6ZtMTITD9q2wL5oMnHemkG/Ugfv1XA/g4SgbfVZAuInRilW4TEU5b7M7jRzJUz +vdkHYDzaulex8olpXwr1TJGZFNcEoU2dCYz/bU8FZk0ePtLotXK5mobmZJ64Zj4/ +X2mqIl8Wi7pjQQ4nFDifYKgU0J2JbOKbC60s5a1jWSo5RNy1i1sGhkE5kPylAT3Q +mmxB01GRdgkSrJ90bgdOblgP0OqjRVvkB4GR3Nna0b0tRxEX6C1ahVHc0nWFpcYg +41xodrs8WSFy8VujH2jbXTBLVVtRSmC32gW5kfYoOqQzV0PdcYIzAh+PCOERGxXP +ZpBrgqKzup1sOjMmOxZri7iGwQAHbNonOSpRUWQ5k3YupL/VG0dO4nPRB8jySae7 +lVhlhIrG8C4SvOahTNUHc9zOROUST/tTD4RILfq5kIq0cy5FJIqAdzultR8fPPLD +JUmQswbrxUG9zdEMG8P3bcCAJsjfX8qz5LIzGGETehxlTwNl85god8BslVpi1MEv +t/+WwUyLRkXYf8b9ooundCbc2PBvjr8Pwi4WmEGHH1fHyKtku9TDVM+KSkpXaLHV +3sc9GoapcCMeDipvhNT+HFUlrZCj8b8clRUJcd8QZ2Tuj66CJ8BgABGZKjDXYxAu +cKUVaD2e73qoVwXQDK4q+frlBciAxSdUcdeGFgCeG8aGOBCcJu638oTxDuDlw499 ++NPK25mJVH1ppvRYrFHmNlCATL1Hlc2FadX+4H7YvPLFs9woVesVsgy4yVdjA1XN +dJL9N+5XoOvaUxCKn2e9CIdTCZ/N9d4WtlnsVsJPfP49EV+hYkJZZ/EjqU6dcmQc +AIj3StPIZb6LrPnHkXrynpzSQNzpQBEW9dXOU/TT3AVV02WfE/7USBI26+iKhj5p +oxDEHr2LYxWlNZUOTYQ88z/e1/polwOjCilAA4gXobuv1oGlbeoZfJoVzT1578FP +lkv7MvOHaVCN+V5/RjVxnfsf+n4xMJtEK3Ysj9+7QvWsQJMTZuRhY23Do9cUNbEm +5ruZeQByIVMPQiPIkmeHU5NEsqKPfw6CUEZXjy62B4cZuN20WzBfT7IsNebhUrwB +odS9qGkANy/Qa7GAJqeksCoGOeXTu/Ly0IdthqVOJTxcUiEoswrZhYP7eCK8zIKI +PxgIjyWd6cz/V/NuTg4X8fyT9UyvTKw/pdRXa/P4ndORWucZY4DL+OKeHKqwv9Sq +TGNCN4VEMQEQhPZ4gidNkg== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/bts_annee_2/cyber2/vpn-openvpn/server/private/openvpn-ge.key b/bts_annee_2/cyber2/vpn-openvpn/server/private/openvpn-ge.key new file mode 100644 index 0000000..ae552ff --- /dev/null +++ b/bts_annee_2/cyber2/vpn-openvpn/server/private/openvpn-ge.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCREZdmv4B6/gOL +oW9snO9Izz84RyQA7+GeIJTb8gwqB8nFJN9PnEJqqy60ZPWSuvRG+9Y7JKrzscz3 +A38KHTUJdHeeg0TJJqmRnVkDlJFNr177GCNDy1dAbwu2ttTH4ZJC7qz13pR1cJZz +PyWTDEDBJcmm1bXyfiEcSa7QhqbZaGfo4w/8i4CLm4A+4Th0MkhnX15jvh8+zXBi +RbvBKRzBEdozgWVzZr93jAVJCdiPnScOpHXNHK50eFM48YEcm7JyoHczILZk+Op7 +jviJenMwIts85dhg7gJCI6c7v/lICCQTByg/giuQm4p5mXxeVpNsnyoyQp9g8k1p +KBWwmkUZAgMBAAECggEAEkNrcutRlspjcmEG2N7yDhHPZPup1/dbSW/TJdSVfPYh +jBEODyT+RJUcCmh6dThVuBkM+cGuRwNfqUp2pDSUoIXZ6Gogzw0vxG4Rjo6V83iM +ZeK+T9Lp/2nriNuAMtDee9A2FLcqrBVaT5SH27krbtWdy0P1BdwkuX26RTTqjQy0 +EprOVtuGmkw1P9EMpWhWpvGfsAT+irvPpmWSTJUP9KeD8H9E2Rbd7YLKiOOQaVFo +u/N69N3vbeemTLvaar+4dX7zBHBnhVTVLWIrX7PQpktHCJQ3Y3tx6IcjohDq1xVz +TQdEvOt7pATKHaooXngumDTiSoap9N/wtHWdYpPjvQKBgQDJ+KaadSn53iSKA2D2 +uT/jhBfEoDu8s7tf0MU0RFhqjN5gSmsUvMQ2plgEKcvaCTtRY2ON3q0LnnLysZEx +YHCEvXZGgkmpRKI/dHDmUrhr2+Ne7Jt/Qk9inQhonUj282EkL4I8eqXc+oV7U9Y8 +8afLPLjDhWSwJcUGjUZaR10HbQKBgQC34Cb1czef7Iay9s39UOU4mFb6esxsH6hx +agk2+WcR0upReToEZ91ujGiORqbZnReTlbLDokxJXY/mkjcwB4+pkAsTtPIjtvtE +wyQZFyiIUo0vC00CfhK1ZWPYCyUTgR0MFUz4XDyfRe/EX2k4cH1iXbpvaYvj/32u +mje6xODM3QKBgQDBl4cKEjfz+0wGxgpRM2vbxqeJnxTjYVu/EbuUx9X/+5rDrVFK +hU2GHJfNFcsB6UtkTeIFAGXZ9zyzCCTlsUzozznph8TXbKQgMpptCuke6ZvdRuod +Zw/0tBR1Qh3IJ6z7JFavZdhKIg+EEO4PaIqvMjrfnqLOfMWH7C59Jl4zWQKBgQCE +Kr92IDo0Xqw3iUVpNrN8qaujYY78jQjjdKdo934JhsRcibmVHx8/7fbdhZU6yDsB +H1IeYtNYzMK5phG7GUQ/SkVcBe0ilM0pkOaqjkXZLxVCYmoZR4ulDVrmGKSuz1iU +rd7kilAc4AVG7pnQMrM9eEeg+4nM+YFadolmW0uGlQKBgQCGu+f+skjD7R/qcC2r +QxAayp2IbKv4F0aekTAZjTu8ACoZ0P2wJ/RJIDC657sPLhzY+Ra0XoqLZs9LXRTn +qKK73UMmJn9BiIHoh7C48kKOSgzOD2YnuFodQS6t200eeAOV1pJdwb9ukKN9bzOW +bXxUMmZwltTsEz0PH/1ao8f8Fw== +-----END PRIVATE KEY----- diff --git a/bts_annee_2/cyber2/vpn-openvpn/server/server.conf b/bts_annee_2/cyber2/vpn-openvpn/server/server.conf new file mode 100644 index 0000000..988d88b --- /dev/null +++ b/bts_annee_2/cyber2/vpn-openvpn/server/server.conf @@ -0,0 +1,315 @@ +################################################# +# Sample OpenVPN 2.0 config file for # +# multi-client server. # +# # +# This file is for the server side # +# of a many-clients <-> one-server # +# OpenVPN configuration. # +# # +# OpenVPN also supports # +# single-machine <-> single-machine # +# configurations (See the Examples page # +# on the web site for more info). # +# # +# This config should work on Windows # +# or Linux/BSD systems. Remember on # +# Windows to quote pathnames and use # +# double backslashes, e.g.: # +# "C:\\Program Files\\OpenVPN\\config\\foo.key" # +# # +# Comments are preceded with '#' or ';' # +################################################# + +# Which local IP address should OpenVPN +# listen on? (optional) +;local a.b.c.d + +# Which TCP/UDP port should OpenVPN listen on? +# If you want to run multiple OpenVPN instances +# on the same machine, use a different port +# number for each one. You will need to +# open up this port on your firewall. +port 1194 + +# TCP or UDP server? +;proto tcp +proto udp + +# "dev tun" will create a routed IP tunnel, +# "dev tap" will create an ethernet tunnel. +# Use "dev tap0" if you are ethernet bridging +# and have precreated a tap0 virtual interface +# and bridged it with your ethernet interface. +# If you want to control access policies +# over the VPN, you must create firewall +# rules for the the TUN/TAP interface. +# On non-Windows systems, you can give +# an explicit unit number, such as tun0. +# On Windows, use "dev-node" for this. +# On most systems, the VPN will not function +# unless you partially or fully disable +# the firewall for the TUN/TAP interface. +;dev tap +dev tun + +# Windows needs the TAP-Win32 adapter name +# from the Network Connections panel if you +# have more than one. On XP SP2 or higher, +# you may need to selectively disable the +# Windows firewall for the TAP adapter. +# Non-Windows systems usually don't need this. +;dev-node MyTap + +# SSL/TLS root certificate (ca), certificate +# (cert), and private key (key). Each client +# and the server must have their own cert and +# key file. The server and all clients will +# use the same ca file. +# +# See the "easy-rsa" directory for a series +# of scripts for generating RSA certificates +# and private keys. Remember to use +# a unique Common Name for the server +# and each of the client certificates. +# +# Any X509 key management system can be used. +# OpenVPN can also use a PKCS #12 formatted key file +# (see "pkcs12" directive in man page). +ca ca.crt +cert issued/openvpn-ge.crt +key private/openvpn-ge.key # This file should be kept secret + +# Diffie hellman parameters. +# Generate your own with: +# openssl dhparam -out dh2048.pem 2048 +dh dh.pem + +# Network topology +# Should be subnet (addressing via IP) +# unless Windows clients v2.0.9 and lower have to +# be supported (then net30, i.e. a /30 per client) +# Defaults to net30 (not recommended) +;topology subnet + +# Configure server mode and supply a VPN subnet +# for OpenVPN to draw client addresses from. +# The server will take 10.8.0.1 for itself, +# the rest will be made available to clients. +# Each client will be able to reach the server +# on 10.8.0.1. Comment this line out if you are +# ethernet bridging. See the man page for more info. +server 10.8.0.0 255.255.255.0 + +# Maintain a record of client <-> virtual IP address +# associations in this file. If OpenVPN goes down or +# is restarted, reconnecting clients can be assigned +# the same virtual IP address from the pool that was +# previously assigned. +ifconfig-pool-persist /var/log/openvpn/ipp.txt + +# Configure server mode for ethernet bridging. +# You must first use your OS's bridging capability +# to bridge the TAP interface with the ethernet +# NIC interface. Then you must manually set the +# IP/netmask on the bridge interface, here we +# assume 10.8.0.4/255.255.255.0. Finally we +# must set aside an IP range in this subnet +# (start=10.8.0.50 end=10.8.0.100) to allocate +# to connecting clients. Leave this line commented +# out unless you are ethernet bridging. +;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100 + +# Configure server mode for ethernet bridging +# using a DHCP-proxy, where clients talk +# to the OpenVPN server-side DHCP server +# to receive their IP address allocation +# and DNS server addresses. You must first use +# your OS's bridging capability to bridge the TAP +# interface with the ethernet NIC interface. +# Note: this mode only works on clients (such as +# Windows), where the client-side TAP adapter is +# bound to a DHCP client. +;server-bridge + +# Push routes to the client to allow it +# to reach other private subnets behind +# the server. Remember that these +# private subnets will also need +# to know to route the OpenVPN client +# address pool (10.8.0.0/255.255.255.0) +# back to the OpenVPN server. +;push "route 192.168.10.0 255.255.255.0" +;push "route 192.168.20.0 255.255.255.0" + +# To assign specific IP addresses to specific +# clients or if a connecting client has a private +# subnet behind it that should also have VPN access, +# use the subdirectory "ccd" for client-specific +# configuration files (see man page for more info). + +# EXAMPLE: Suppose the client +# having the certificate common name "Thelonious" +# also has a small subnet behind his connecting +# machine, such as 192.168.40.128/255.255.255.248. +# First, uncomment out these lines: +;client-config-dir ccd +;route 192.168.40.128 255.255.255.248 +# Then create a file ccd/Thelonious with this line: +# iroute 192.168.40.128 255.255.255.248 +# This will allow Thelonious' private subnet to +# access the VPN. This example will only work +# if you are routing, not bridging, i.e. you are +# using "dev tun" and "server" directives. + +# EXAMPLE: Suppose you want to give +# Thelonious a fixed VPN IP address of 10.9.0.1. +# First uncomment out these lines: +;client-config-dir ccd +;route 10.9.0.0 255.255.255.252 +# Then add this line to ccd/Thelonious: +# ifconfig-push 10.9.0.1 10.9.0.2 + +# Suppose that you want to enable different +# firewall access policies for different groups +# of clients. There are two methods: +# (1) Run multiple OpenVPN daemons, one for each +# group, and firewall the TUN/TAP interface +# for each group/daemon appropriately. +# (2) (Advanced) Create a script to dynamically +# modify the firewall in response to access +# from different clients. See man +# page for more info on learn-address script. +;learn-address ./script + +# If enabled, this directive will configure +# all clients to redirect their default +# network gateway through the VPN, causing +# all IP traffic such as web browsing and +# and DNS lookups to go through the VPN +# (The OpenVPN server machine may need to NAT +# or bridge the TUN/TAP interface to the internet +# in order for this to work properly). +;push "redirect-gateway def1 bypass-dhcp" + +# Certain Windows-specific network settings +# can be pushed to clients, such as DNS +# or WINS server addresses. CAVEAT: +# http://openvpn.net/faq.html#dhcpcaveats +# The addresses below refer to the public +# DNS servers provided by opendns.com. +;push "dhcp-option DNS 208.67.222.222" +;push "dhcp-option DNS 208.67.220.220" + +# Uncomment this directive to allow different +# clients to be able to "see" each other. +# By default, clients will only see the server. +# To force clients to only see the server, you +# will also need to appropriately firewall the +# server's TUN/TAP interface. +;client-to-client + +# Uncomment this directive if multiple clients +# might connect with the same certificate/key +# files or common names. This is recommended +# only for testing purposes. For production use, +# each client should have its own certificate/key +# pair. +# +# IF YOU HAVE NOT GENERATED INDIVIDUAL +# CERTIFICATE/KEY PAIRS FOR EACH CLIENT, +# EACH HAVING ITS OWN UNIQUE "COMMON NAME", +# UNCOMMENT THIS LINE OUT. +;duplicate-cn + +# The keepalive directive causes ping-like +# messages to be sent back and forth over +# the link so that each side knows when +# the other side has gone down. +# Ping every 10 seconds, assume that remote +# peer is down if no ping received during +# a 120 second time period. +keepalive 10 120 + +# For extra security beyond that provided +# by SSL/TLS, create an "HMAC firewall" +# to help block DoS attacks and UDP port flooding. +# +# Generate with: +# openvpn --genkey tls-auth ta.key +# +# The server and each client must have +# a copy of this key. +# The second parameter should be '0' +# on the server and '1' on the clients. +tls-auth ta.key 0 # This file is secret + +# Select a cryptographic cipher. +# This config item must be copied to +# the client config file as well. +# Note that v2.4 client/server will automatically +# negotiate AES-256-GCM in TLS mode. +# See also the ncp-cipher option in the manpage +cipher AES-256-GCM + +# Enable compression on the VPN link and push the +# option to the client (v2.4+ only, for earlier +# versions see below) +;compress lz4-v2 +;push "compress lz4-v2" + +# For compression compatible with older clients use comp-lzo +# If you enable it here, you must also +# enable it in the client config file. +;comp-lzo + +# The maximum number of concurrently connected +# clients we want to allow. +;max-clients 100 + +# It's a good idea to reduce the OpenVPN +# daemon's privileges after initialization. +# +# You can uncomment this on non-Windows +# systems after creating a dedicated user. +;user openvpn +;group openvpn + +# The persist options will try to avoid +# accessing certain resources on restart +# that may no longer be accessible because +# of the privilege downgrade. +persist-key +persist-tun + +# Output a short status file showing +# current connections, truncated +# and rewritten every minute. +status /var/log/openvpn/openvpn-status.log + +# By default, log messages will go to the syslog (or +# on Windows, if running as a service, they will go to +# the "\Program Files\OpenVPN\log" directory). +# Use log or log-append to override this default. +# "log" will truncate the log file on OpenVPN startup, +# while "log-append" will append to it. Use one +# or the other (but not both). +;log /var/log/openvpn/openvpn.log +;log-append /var/log/openvpn/openvpn.log + +# Set the appropriate level of log +# file verbosity. +# +# 0 is silent, except for fatal errors +# 4 is reasonable for general usage +# 5 and 6 can help to debug connection problems +# 9 is extremely verbose +verb 3 + +# Silence repeating messages. At most 20 +# sequential messages of the same message +# category will be output to the log. +;mute 20 + +# Notify the client that when the server restarts so it +# can automatically reconnect. +explicit-exit-notify 1 diff --git a/bts_annee_2/cyber2/vpn-openvpn/server/ta.key b/bts_annee_2/cyber2/vpn-openvpn/server/ta.key new file mode 100644 index 0000000..b167763 --- /dev/null +++ b/bts_annee_2/cyber2/vpn-openvpn/server/ta.key @@ -0,0 +1,21 @@ +# +# 2048 bit OpenVPN static key +# +-----BEGIN OpenVPN Static key V1----- +d603ad1c4cec84482158d16fdf2195fc +00408410be33b106963c91a3ef7f01e6 +85b69e6a37d0928e36bf15d00152817d +4a16fd1ce4555caca28e602b8124fec6 +a659f275ae06de6a2333dd4a358e4689 +e0914d9416e12c042af8114863159b76 +e79c45aa2f972da28ad19c1b2f6f8b00 +340f4a906f640e0f113483fb50d5799d +2d75c0ecbf853542e03b4b9f76eec5c1 +fdcc11ab0ba44974eff3c087241521fd +ae0ef5aad26279907448c6493a77c5d7 +abc5192af4f157ae3f9e25f92c08f7c6 +d33e9ccd18559b886338c515b62bdc8a +22fb34d04ae4882fcffd74d21e2408af +5a710d9a6fad0c9d9ca7f985f791999b +6c8efa6efcf946fc933f7ff0dae6b2ae +-----END OpenVPN Static key V1-----