diff --git a/Sio2/CYBER/20-openvpn/ca.crt b/Sio2/CYBER/20-openvpn/ca.crt new file mode 100644 index 0000000..f85b8ca --- /dev/null +++ b/Sio2/CYBER/20-openvpn/ca.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDOTCCAiGgAwIBAgIUC8Reak8KplpJ6RkJQ4dy228ay7MwDQYJKoZIhvcNAQEL +BQAwEDEOMAwGA1UEAwwFTG91aXMwHhcNMjIxMDEyMDgzNDIwWhcNMzIxMDA5MDgz +NDIwWjAQMQ4wDAYDVQQDDAVMb3VpczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBAMZUauq/R97I03UHCO2sCYMm0xSSgabWcM7pKz/Xa09zpGm6QZHAiOHh +cCIWL4iLPRx8X8IAlVi5iRndAQhMnYkxx/gX/aHilDYrjPxn8RdaZB42lwJox0Xs +qYIc1TDnHLuf2sv9rRL3AUZ3BwdoCR7XbFhOsD6Kk5VFy4TNTfFwms51ATqOzfA4 +in3QDGkPVTq/6+8kPFkbI96FiUQ1FwvRPQyqrQjh3su5pDaM19wFLAgp4zWYIUqZ +H+HOuvdPvM7fbz1dW+PZPPLGu1SJFiJ9mpoYVq5UwcjeRSl+qQQNDpsnT+gv8sop +h2ANhyEu3M2ZCQiH1WCfvamo5xH/67UCAwEAAaOBijCBhzAdBgNVHQ4EFgQUF4fN +H8XCXNYjLio+Cex0siWsW0UwSwYDVR0jBEQwQoAUF4fNH8XCXNYjLio+Cex0siWs +W0WhFKQSMBAxDjAMBgNVBAMMBUxvdWlzghQLxF5qTwqmWknpGQlDh3LbbxrLszAM +BgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAZQhI +N6DNawRxGSO5ioWNKsnB14sFrvrCbiAtr/vcj/5mnxqJlE8KTfOmAs0JHp9hgsDg +9rRn7pSKfOJfXSzwvlLotEBAg7QEqX1k1PAVwD5roc0RmvS0yH7eoF8CcwQhWuDj +RbcuA2yah/L8v6SrtLcbzvWRF2Jm/zEiEUoHoUJwt4TaLL4z7lnDZ/H0Kgx/dfI5 +DYzAdfAQASOOMZHc57lBNB2Md1PIVt50Rj6K+ZDyXE2uKgVGCkroDpA+n2a6QaFn +35CqrUjg66U4pLBCmrZwBScHp8cUXNju44FS7/Y8WnFsX5Wm3RVdErlcvqOg5Jxs +GOsIks/TvelhSMjwiw== +-----END CERTIFICATE----- diff --git a/Sio2/CYBER/20-openvpn/dh.pem b/Sio2/CYBER/20-openvpn/dh.pem new file mode 100644 index 0000000..389cc8a --- /dev/null +++ b/Sio2/CYBER/20-openvpn/dh.pem @@ -0,0 +1,8 @@ +-----BEGIN DH PARAMETERS----- +MIIBCAKCAQEA4jWuH4ZUAtE0fXIfp3xq7zpRxPLhKeNY0IuwutL0ZCMUTmJjVp7G +tesWOF5Zmeu4E/SdKOIg6fKSLjr4vUIesL9clkHabjagEaIu07cDlbMC38BGeHzb +YT6Ba+UrHyz5Qqk7lhwGz3/yMmIOcvV60GL8okVAd37bCz08jObEtvlyWzJD8zUr +rgCArb4T8jj7/V/9w6ROt9TWJHxZdUlUMhxjK451pozLqY4QXiH4PRNAIP7BUr1l +Qh5gYpQU/BrMMxH/7n0LCCeoxrbUYz+UfzO1Rxs2KWJ2UCTCgGqNwXkS3hMUb4xC +qSNC0ssaAFlra5AlIxd06F6A0lRTkwQtEwIBAg== +-----END DH PARAMETERS----- diff --git a/Sio2/CYBER/20-openvpn/openvpnclt.crt b/Sio2/CYBER/20-openvpn/openvpnclt.crt new file mode 100644 index 0000000..cfd2e1e --- /dev/null +++ b/Sio2/CYBER/20-openvpn/openvpnclt.crt @@ -0,0 +1,84 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + ef:26:be:be:1c:6f:df:b6:72:ab:d0:98:5e:8e:ab:1a + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Louis + Validity + Not Before: Oct 12 08:35:54 2022 GMT + Not After : Jan 14 08:35:54 2025 GMT + Subject: CN=openvpnclt + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:a8:a2:21:3d:b7:82:3d:47:36:e5:94:4e:9b:84: + 39:b0:f5:66:54:43:09:29:c2:81:59:ee:ff:d3:1f: + 3c:4c:73:c2:a6:de:08:db:f9:c8:ff:1b:19:1a:13: + 65:91:d6:af:9c:ee:bf:15:49:1c:74:6a:f1:cd:3c: + a8:87:2c:24:c0:d2:99:9e:ec:46:b1:f4:50:86:0b: + 8c:4a:8a:b6:13:04:9a:1a:6e:e8:de:57:40:7b:f8: + b2:7b:1e:05:e9:ae:56:bf:f5:0e:6a:49:85:cb:a7: + 4d:f1:72:ea:d6:83:1c:c2:19:7b:86:b0:ef:89:82: + 7d:98:3e:32:f3:83:03:89:36:7c:32:13:f3:f5:af: + d4:8c:92:95:95:02:48:2b:21:b0:3a:79:a2:ef:64: + 55:c5:1c:4a:ab:9d:1b:70:fe:a7:9e:bc:fa:b8:12: + 22:87:52:95:ca:a4:5c:26:91:6d:d6:9e:aa:07:53: + 13:6a:bc:e7:91:98:c7:57:b6:ff:b8:10:82:73:99: + 0a:b8:5c:70:13:f7:8c:e5:d4:b7:7b:d0:51:24:ed: + bc:ac:50:61:d3:2e:9e:98:6a:a6:16:9c:cc:eb:fa: + 4c:10:69:f0:c2:2f:cd:8e:6b:b7:7f:2c:5b:c1:a8: + fc:af:ef:1a:91:1e:5d:f4:d1:fb:cc:33:34:6e:e8: + d2:a3 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 78:9F:7E:30:60:4E:EB:50:F5:FC:D2:6E:1E:2B:F3:AC:DE:73:C0:AD + X509v3 Authority Key Identifier: + keyid:17:87:CD:1F:C5:C2:5C:D6:23:2E:2A:3E:09:EC:74:B2:25:AC:5B:45 + DirName:/CN=Louis + serial:0B:C4:5E:6A:4F:0A:A6:5A:49:E9:19:09:43:87:72:DB:6F:1A:CB:B3 + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: sha256WithRSAEncryption + 95:b5:d4:87:5e:e3:3f:a1:4f:2a:8a:e1:52:cc:25:63:42:bb: + f7:2e:6e:f6:aa:bc:9e:a6:88:ab:d5:02:65:29:31:0e:a1:a7: + 0d:e7:20:ac:9d:1c:a8:31:23:5a:8d:07:a4:94:88:99:f8:88: + 83:69:1a:0a:a8:5a:d5:39:2f:00:5a:27:53:60:70:2f:fc:7f: + e1:2c:15:7b:ea:6b:91:72:9a:e5:b6:c9:ae:b7:b4:89:3c:95: + 17:bf:a3:31:3e:0e:41:ec:90:bb:d6:4a:1a:c3:79:7a:95:55: + 23:e9:86:84:91:05:32:69:9e:44:cd:03:df:c8:97:a8:6c:47: + 6c:2c:d1:64:f5:91:30:87:56:7b:42:38:0a:78:1e:b9:6d:bb: + 8d:02:7b:fd:df:ac:a9:41:2c:cd:c7:10:34:d3:98:91:a9:bd: + bc:e3:76:1e:13:9c:7b:98:c0:01:3c:9a:e3:fb:a1:41:cf:6b: + 35:d1:ea:b9:d4:f4:9a:d8:c3:60:c7:b8:4b:79:09:1b:9c:25: + d4:90:51:ae:87:46:47:f6:ee:a2:45:fa:a9:79:0a:7d:24:3f: + bf:e4:aa:fc:26:43:ed:68:dd:a2:74:01:81:ad:f7:a5:5f:76: + 2a:54:49:08:14:a6:d2:27:ac:a6:1d:af:08:e2:be:2f:23:c7: + 82:c1:a5:78 +-----BEGIN CERTIFICATE----- +MIIDTTCCAjWgAwIBAgIRAO8mvr4cb9+2cqvQmF6OqxowDQYJKoZIhvcNAQELBQAw +EDEOMAwGA1UEAwwFTG91aXMwHhcNMjIxMDEyMDgzNTU0WhcNMjUwMTE0MDgzNTU0 +WjAVMRMwEQYDVQQDDApvcGVudnBuY2x0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAqKIhPbeCPUc25ZROm4Q5sPVmVEMJKcKBWe7/0x88THPCpt4I2/nI +/xsZGhNlkdavnO6/FUkcdGrxzTyohywkwNKZnuxGsfRQhguMSoq2EwSaGm7o3ldA +e/iyex4F6a5Wv/UOakmFy6dN8XLq1oMcwhl7hrDviYJ9mD4y84MDiTZ8MhPz9a/U +jJKVlQJIKyGwOnmi72RVxRxKq50bcP6nnrz6uBIih1KVyqRcJpFt1p6qB1MTarzn +kZjHV7b/uBCCc5kKuFxwE/eM5dS3e9BRJO28rFBh0y6emGqmFpzM6/pMEGnwwi/N +jmu3fyxbwaj8r+8akR5d9NH7zDM0bujSowIDAQABo4GcMIGZMAkGA1UdEwQCMAAw +HQYDVR0OBBYEFHiffjBgTutQ9fzSbh4r86zec8CtMEsGA1UdIwREMEKAFBeHzR/F +wlzWIy4qPgnsdLIlrFtFoRSkEjAQMQ4wDAYDVQQDDAVMb3Vpc4IUC8Reak8KplpJ +6RkJQ4dy228ay7MwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMA0G +CSqGSIb3DQEBCwUAA4IBAQCVtdSHXuM/oU8qiuFSzCVjQrv3Lm72qryepoir1QJl +KTEOoacN5yCsnRyoMSNajQeklIiZ+IiDaRoKqFrVOS8AWidTYHAv/H/hLBV76muR +cprltsmut7SJPJUXv6MxPg5B7JC71koaw3l6lVUj6YaEkQUyaZ5EzQPfyJeobEds +LNFk9ZEwh1Z7QjgKeB65bbuNAnv936ypQSzNxxA005iRqb2843YeE5x7mMABPJrj ++6FBz2s10eq51PSa2MNgx7hLeQkbnCXUkFGuh0ZH9u6iRfqpeQp9JD+/5Kr8JkPt +aN2idAGBrfelX3YqVEkIFKbSJ6ymHa8I4r4vI8eCwaV4 +-----END CERTIFICATE----- diff --git a/Sio2/CYBER/20-openvpn/openvpnclt.key b/Sio2/CYBER/20-openvpn/openvpnclt.key new file mode 100644 index 0000000..8374f3a --- /dev/null +++ b/Sio2/CYBER/20-openvpn/openvpnclt.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCooiE9t4I9Rzbl +lE6bhDmw9WZUQwkpwoFZ7v/THzxMc8Km3gjb+cj/GxkaE2WR1q+c7r8VSRx0avHN +PKiHLCTA0pme7Eax9FCGC4xKirYTBJoabujeV0B7+LJ7HgXprla/9Q5qSYXLp03x +curWgxzCGXuGsO+Jgn2YPjLzgwOJNnwyE/P1r9SMkpWVAkgrIbA6eaLvZFXFHEqr +nRtw/qeevPq4EiKHUpXKpFwmkW3WnqoHUxNqvOeRmMdXtv+4EIJzmQq4XHAT94zl +1Ld70FEk7bysUGHTLp6YaqYWnMzr+kwQafDCL82Oa7d/LFvBqPyv7xqRHl300fvM +MzRu6NKjAgMBAAECggEBAIpJQjcpOH1l2+fSgc/YU7MA2qR4wJflMEv+yP1pnPoY +5+QNKnix0pkYsLIIe/9nbWWlBz++T75MQPQMLSuEELOrQFzp52NhNXNnHum17G+W +E4VftEk4heHj5QE/cpvZ4rvRiruwhS6niSxaD6hPppKpcPnYOOasArCJOSEmLA0l +MyxW7zGa3aVFXzZWMMNc++EZxksCiSrFGzgfqvaZ65Bfj3GjUMs16C0yjlysC6y4 +kXYdU92bvXM2LDEg2sST9+9PxAsr5lcpy+g2yTCKDfwz5lNgo9B6E1WmAZk0rvEQ +Das5u93gTfMsTWpqR66tpwm7z8VM/NlpVuh9+KkB/EECgYEA1nTh1KE+tkMNxcod +MuXDKT0a5BdXGF8kuJcqo/GDTs4fLtX3p+aJjEL2n7/r20FXf5IopWjvwNOT9hO6 +qLSxwiN1L+raA24isg6sMWq0KBAlP1DtsEy6OFWEGbVCaeNQvR2oQarLZyUB+tjV +IpZOQB+QiVltPPAGjc8Mpv3rc+ECgYEAyUzTj7XfVTpLe1MKbrmma5mGoK2k1aUe +e6Si2SzZ+xfo5ujtACwsdRF5044IkaQdZ3bVfRkLPzPeDj7NijVPnFQzLUlKr29t +inemCtwSsW2Gq829qz8ZbIk7EHui4DBcUipyzmJTGGxFFtT+uTNU4QHIPIJfsp/x +W/IkltllVwMCgYEAk5PNUFBB4pTUJncGjt7z5S4KkknJgpj+oRRNoJHzRUisxsMx +cNZBc0clhhtBSBl4B+7hj6pdynkOyfkbqzrlVG6oFvhrXI7uy08zibIfFa6+owqi +9n5ma5vVkwdcE5f9GJcPEVliLbGW4jNSwEFkydWu1gW3GYcnS3DfCQ+VdqECgYEA +wiDG/halFGotlPcWXoXHSok6XgZXqnmclhzFt68bYJ1ETDthJAN1tEhwNmcJOHsO +qFLfu87FG+SHRzGlwp168wX4fLnrvpg1CY4toNdvZ5B6iYDWYyls+VC2l0TEZHP+ +9HZfVU1ZWXpAfq5WIICyYHP5iPEqHPdGKiewxZFNu8UCgYBqkHQA2emQWsPwACpC +JyaDSS+oya6+GiijOTl13zU6hXwk353lzxG5XHuHh+DKjoY7N6K+WAytkt5m1pFM +h918zgOI8Ntpw9hYOY9IRh7/mRibCrcX7ywGhBc/X5xcXglWCTqjm7X8mUE3ZWMp +1ea9UgXBanlvVdqgdYZQcArMNw== +-----END PRIVATE KEY----- diff --git a/Sio2/CYBER/20-openvpn/server.conf b/Sio2/CYBER/20-openvpn/server.conf new file mode 100644 index 0000000..487c31e --- /dev/null +++ b/Sio2/CYBER/20-openvpn/server.conf @@ -0,0 +1,315 @@ +################################################# +# Sample OpenVPN 2.0 config file for # +# multi-client server. # +# # +# This file is for the server side # +# of a many-clients <-> one-server # +# OpenVPN configuration. # +# # +# OpenVPN also supports # +# single-machine <-> single-machine # +# configurations (See the Examples page # +# on the web site for more info). # +# # +# This config should work on Windows # +# or Linux/BSD systems. Remember on # +# Windows to quote pathnames and use # +# double backslashes, e.g.: # +# "C:\\Program Files\\OpenVPN\\config\\foo.key" # +# # +# Comments are preceded with '#' or ';' # +################################################# + +# Which local IP address should OpenVPN +# listen on? (optional) +;local a.b.c.d + +# Which TCP/UDP port should OpenVPN listen on? +# If you want to run multiple OpenVPN instances +# on the same machine, use a different port +# number for each one. You will need to +# open up this port on your firewall. +port 1194 + +# TCP or UDP server? +;proto tcp +proto udp + +# "dev tun" will create a routed IP tunnel, +# "dev tap" will create an ethernet tunnel. +# Use "dev tap0" if you are ethernet bridging +# and have precreated a tap0 virtual interface +# and bridged it with your ethernet interface. +# If you want to control access policies +# over the VPN, you must create firewall +# rules for the the TUN/TAP interface. +# On non-Windows systems, you can give +# an explicit unit number, such as tun0. +# On Windows, use "dev-node" for this. +# On most systems, the VPN will not function +# unless you partially or fully disable +# the firewall for the TUN/TAP interface. +;dev tap +dev tun + +# Windows needs the TAP-Win32 adapter name +# from the Network Connections panel if you +# have more than one. On XP SP2 or higher, +# you may need to selectively disable the +# Windows firewall for the TAP adapter. +# Non-Windows systems usually don't need this. +;dev-node MyTap + +# SSL/TLS root certificate (ca), certificate +# (cert), and private key (key). Each client +# and the server must have their own cert and +# key file. The server and all clients will +# use the same ca file. +# +# See the "easy-rsa" directory for a series +# of scripts for generating RSA certificates +# and private keys. Remember to use +# a unique Common Name for the server +# and each of the client certificates. +# +# Any X509 key management system can be used. +# OpenVPN can also use a PKCS #12 formatted key file +# (see "pkcs12" directive in man page). +ca ca.crt +cert issued/openvpnsrv.crt +key private/openvpnsrv.key + +# Diffie hellman parameters. +# Generate your own with: +# openssl dhparam -out dh2048.pem 2048 +dh dh.pem + +# Network topology +# Should be subnet (addressing via IP) +# unless Windows clients v2.0.9 and lower have to +# be supported (then net30, i.e. a /30 per client) +# Defaults to net30 (not recommended) +;topology subnet + +# Configure server mode and supply a VPN subnet +# for OpenVPN to draw client addresses from. +# The server will take 10.8.0.1 for itself, +# the rest will be made available to clients. +# Each client will be able to reach the server +# on 10.8.0.1. Comment this line out if you are +# ethernet bridging. See the man page for more info. +server 10.8.0.0 255.255.255.0 + +# Maintain a record of client <-> virtual IP address +# associations in this file. If OpenVPN goes down or +# is restarted, reconnecting clients can be assigned +# the same virtual IP address from the pool that was +# previously assigned. +ifconfig-pool-persist /var/log/openvpn/ipp.txt + +# Configure server mode for ethernet bridging. +# You must first use your OS's bridging capability +# to bridge the TAP interface with the ethernet +# NIC interface. Then you must manually set the +# IP/netmask on the bridge interface, here we +# assume 10.8.0.4/255.255.255.0. Finally we +# must set aside an IP range in this subnet +# (start=10.8.0.50 end=10.8.0.100) to allocate +# to connecting clients. Leave this line commented +# out unless you are ethernet bridging. +;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100 + +# Configure server mode for ethernet bridging +# using a DHCP-proxy, where clients talk +# to the OpenVPN server-side DHCP server +# to receive their IP address allocation +# and DNS server addresses. You must first use +# your OS's bridging capability to bridge the TAP +# interface with the ethernet NIC interface. +# Note: this mode only works on clients (such as +# Windows), where the client-side TAP adapter is +# bound to a DHCP client. +;server-bridge + +# Push routes to the client to allow it +# to reach other private subnets behind +# the server. Remember that these +# private subnets will also need +# to know to route the OpenVPN client +# address pool (10.8.0.0/255.255.255.0) +# back to the OpenVPN server. +;push "route 192.168.10.0 255.255.255.0" +;push "route 192.168.20.0 255.255.255.0" + +# To assign specific IP addresses to specific +# clients or if a connecting client has a private +# subnet behind it that should also have VPN access, +# use the subdirectory "ccd" for client-specific +# configuration files (see man page for more info). + +# EXAMPLE: Suppose the client +# having the certificate common name "Thelonious" +# also has a small subnet behind his connecting +# machine, such as 192.168.40.128/255.255.255.248. +# First, uncomment out these lines: +;client-config-dir ccd +;route 192.168.40.128 255.255.255.248 +# Then create a file ccd/Thelonious with this line: +# iroute 192.168.40.128 255.255.255.248 +# This will allow Thelonious' private subnet to +# access the VPN. This example will only work +# if you are routing, not bridging, i.e. you are +# using "dev tun" and "server" directives. + +# EXAMPLE: Suppose you want to give +# Thelonious a fixed VPN IP address of 10.9.0.1. +# First uncomment out these lines: +;client-config-dir ccd +;route 10.9.0.0 255.255.255.252 +# Then add this line to ccd/Thelonious: +# ifconfig-push 10.9.0.1 10.9.0.2 + +# Suppose that you want to enable different +# firewall access policies for different groups +# of clients. There are two methods: +# (1) Run multiple OpenVPN daemons, one for each +# group, and firewall the TUN/TAP interface +# for each group/daemon appropriately. +# (2) (Advanced) Create a script to dynamically +# modify the firewall in response to access +# from different clients. See man +# page for more info on learn-address script. +;learn-address ./script + +# If enabled, this directive will configure +# all clients to redirect their default +# network gateway through the VPN, causing +# all IP traffic such as web browsing and +# and DNS lookups to go through the VPN +# (The OpenVPN server machine may need to NAT +# or bridge the TUN/TAP interface to the internet +# in order for this to work properly). +;push "redirect-gateway def1 bypass-dhcp" + +# Certain Windows-specific network settings +# can be pushed to clients, such as DNS +# or WINS server addresses. CAVEAT: +# http://openvpn.net/faq.html#dhcpcaveats +# The addresses below refer to the public +# DNS servers provided by opendns.com. +;push "dhcp-option DNS 208.67.222.222" +;push "dhcp-option DNS 208.67.220.220" + +# Uncomment this directive to allow different +# clients to be able to "see" each other. +# By default, clients will only see the server. +# To force clients to only see the server, you +# will also need to appropriately firewall the +# server's TUN/TAP interface. +;client-to-client + +# Uncomment this directive if multiple clients +# might connect with the same certificate/key +# files or common names. This is recommended +# only for testing purposes. For production use, +# each client should have its own certificate/key +# pair. +# +# IF YOU HAVE NOT GENERATED INDIVIDUAL +# CERTIFICATE/KEY PAIRS FOR EACH CLIENT, +# EACH HAVING ITS OWN UNIQUE "COMMON NAME", +# UNCOMMENT THIS LINE OUT. +;duplicate-cn + +# The keepalive directive causes ping-like +# messages to be sent back and forth over +# the link so that each side knows when +# the other side has gone down. +# Ping every 10 seconds, assume that remote +# peer is down if no ping received during +# a 120 second time period. +keepalive 10 120 + +# For extra security beyond that provided +# by SSL/TLS, create an "HMAC firewall" +# to help block DoS attacks and UDP port flooding. +# +# Generate with: +# openvpn --genkey tls-auth ta.key +# +# The server and each client must have +# a copy of this key. +# The second parameter should be '0' +# on the server and '1' on the clients. +tls-auth ta.key 0 # This file is secret + +# Select a cryptographic cipher. +# This config item must be copied to +# the client config file as well. +# Note that v2.4 client/server will automatically +# negotiate AES-256-GCM in TLS mode. +# See also the ncp-cipher option in the manpage +cipher AES-256-CBC + +# Enable compression on the VPN link and push the +# option to the client (v2.4+ only, for earlier +# versions see below) +;compress lz4-v2 +;push "compress lz4-v2" + +# For compression compatible with older clients use comp-lzo +# If you enable it here, you must also +# enable it in the client config file. +;comp-lzo + +# The maximum number of concurrently connected +# clients we want to allow. +;max-clients 100 + +# It's a good idea to reduce the OpenVPN +# daemon's privileges after initialization. +# +# You can uncomment this out on +# non-Windows systems. +;user nobody +;group nogroup + +# The persist options will try to avoid +# accessing certain resources on restart +# that may no longer be accessible because +# of the privilege downgrade. +persist-key +persist-tun + +# Output a short status file showing +# current connections, truncated +# and rewritten every minute. +status /var/log/openvpn/openvpn-status.log + +# By default, log messages will go to the syslog (or +# on Windows, if running as a service, they will go to +# the "\Program Files\OpenVPN\log" directory). +# Use log or log-append to override this default. +# "log" will truncate the log file on OpenVPN startup, +# while "log-append" will append to it. Use one +# or the other (but not both). +;log /var/log/openvpn/openvpn.log +;log-append /var/log/openvpn/openvpn.log + +# Set the appropriate level of log +# file verbosity. +# +# 0 is silent, except for fatal errors +# 4 is reasonable for general usage +# 5 and 6 can help to debug connection problems +# 9 is extremely verbose +verb 3 + +# Silence repeating messages. At most 20 +# sequential messages of the same message +# category will be output to the log. +;mute 20 + +# Notify the client that when the server restarts so it +# can automatically reconnect. +explicit-exit-notify 1 diff --git a/Sio2/CYBER/20-openvpn/ta.key b/Sio2/CYBER/20-openvpn/ta.key new file mode 100644 index 0000000..513b1eb --- /dev/null +++ b/Sio2/CYBER/20-openvpn/ta.key @@ -0,0 +1,21 @@ +# +# 2048 bit OpenVPN static key +# +-----BEGIN OpenVPN Static key V1----- +802c84970a521b1a640fa14059c7f524 +5c23ecddddb64a337203bf62c4ff17b7 +3f8d8f62d16f73845b271ee8d6888dd4 +ffaf36d37537573df58084a4af6cb770 +89ce69cab2966f41cef0fdfb6a989c00 +300f027b6e2a0c2028d0cb33c0b812d0 +5d1f908f8de4f127d8e6e5b7eb253b2c +724292d58707db359a22158eff460ee4 +37edf7f484dc72948c944ebde87add73 +8e16c8af7c2a556be4aa37d11a8ecb74 +800bb07de7d9e3d563eee347e07b3f2a +493a0be8a4e7fec27874b23dab51a7d3 +39b61af065e5cdffd30418b40c7bff03 +c139ba6f27331d49e17d75ee3cdb5217 +d95d3b26eb5484c89ef70f2579a52f3c +62268bdae2e24de8cd748a73e3e795f1 +-----END OpenVPN Static key V1-----