-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathclientPrince.ovpn
More file actions
281 lines (261 loc) · 12.2 KB
/
clientPrince.ovpn
File metadata and controls
281 lines (261 loc) · 12.2 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one. On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
;dev-node MyTap
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server.
;proto tcp
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote 139.59.68.225 80
;remote my-server-2 1194
# Choose a random host from the remote
# list for load-balancing. Otherwise
# try hosts in the order specified.
;remote-random
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Downgrade privileges after initialization (non-Windows only)
;user nobody
;group nogroup
# Try to preserve some state across restarts.
persist-key
persist-tun
# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN
# server, put the proxy server/IP and
# port number here. See the man page
# if your proxy server requires
# authentication.
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
# Wireless networks often produce a lot
# of duplicate packets. Set this flag
# to silence duplicate packet warnings.
;mute-replay-warnings
# SSL/TLS parms.
# See the server config file for more
# description. It's best to use
# a separate .crt/.key file pair
# for each client. A single ca
# file can be used for all clients.
# Verify server certificate by checking that the
# certicate has the correct key usage set.
# This is an important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the keyUsage set to
# digitalSignature, keyEncipherment
# and the extendedKeyUsage to
# serverAuth
# EasyRSA can do this for you.
remote-cert-tls server
# If a tls-auth key is used on the server
# then every client must also have the key.
;tls-auth ta.key 1
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher x
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
comp-lzo
# Set log file verbosity.
verb 3
# Silence repeating messages
;mute 20
<ca>
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgIJAIH22ZZz0iyPMA0GCSqGSIb3DQEBCwUAMIG2MQswCQYD
VQQGEwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNjbzEVMBMG
A1UEChMMRm9ydC1GdW5zdG9uMR0wGwYDVQQLExRNeU9yZ2FuaXphdGlvbmFsVW5p
dDEYMBYGA1UEAxMPRm9ydC1GdW5zdG9uIENBMRAwDgYDVQQpEwdFYXN5UlNBMSEw
HwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4wHhcNMTcwOTI2MTAyNDIx
WhcNMjcwOTI0MTAyNDIxWjCBtjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRUw
EwYDVQQHEwxTYW5GcmFuY2lzY28xFTATBgNVBAoTDEZvcnQtRnVuc3RvbjEdMBsG
A1UECxMUTXlPcmdhbml6YXRpb25hbFVuaXQxGDAWBgNVBAMTD0ZvcnQtRnVuc3Rv
biBDQTEQMA4GA1UEKRMHRWFzeVJTQTEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0
Lm15ZG9tYWluMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwJ0QWZ/0
Jnpw676nxCWZXf4lbM5hx80F8Ue3uZ9poNlHNq3+XlmKDnhDGU3x5keBV3jRmPZE
nahhEHKFr6vc4XMA2Ee1KR3zRR4Q3Tce+vgkKb/CVEXaqYtCTO9OJll0lvttoN+Z
bfvdSbkaDJEAZv4NBD/i0ulpLRQdXETzHOt179AI2HwN6xed0XEkAXpOxMPzdXLf
nzsNgjQgCvJmaLKtPaRIkXn3YXUNpiB/60UINWaqFFe/HiiT7p3IX9BmYbBuDU+y
bg9Q/0MI1pb/7ebjC0mxYjUUgdZCnKpOtmeuOg2cn3IO6AG+17XVVOG/mrwphfgS
LbijVDz18Q9juwIDAQABo4IBHzCCARswHQYDVR0OBBYEFG0ZkaaHdPbTOncRxjMT
JFqFeIM7MIHrBgNVHSMEgeMwgeCAFG0ZkaaHdPbTOncRxjMTJFqFeIM7oYG8pIG5
MIG2MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5j
aXNjbzEVMBMGA1UEChMMRm9ydC1GdW5zdG9uMR0wGwYDVQQLExRNeU9yZ2FuaXph
dGlvbmFsVW5pdDEYMBYGA1UEAxMPRm9ydC1GdW5zdG9uIENBMRAwDgYDVQQpEwdF
YXN5UlNBMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW6CCQCB9tmW
c9IsjzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBn+8m3iqME98o2
qVz9X5Pp+VpV8HruFIjKMvlxD0AtYhISFA2dgq9t2Vb5mCoLqIwXAjnzU6AJ0tW1
XPECIOjm21is89Ta2WEO2ONu9ZjbE9H/RYCM6oUhP8yr5LI8f8lP49K0B/HBX/lK
sThCtped3oRGuAw+HugeFiKdhRakkY/s4V83AKhN69LVsiYfu+ikSnbLPRpgvJrI
6d1jF9nki3viqnzEBqKU+bw9Og10fwnApTO9bnKTtaHV5rp0ezwoDgG7IcfrukYO
n86tAGCYygNAdwck7wZAap7zv5PKwSdIgAiUmcycuM/uh0A2+PyzWFnomAvzekhA
DWNf9zhv
-----END CERTIFICATE-----
</ca>
<cert>
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA/name=EasyRSA/emailAddress=me@myhost.mydomain
Validity
Not Before: Sep 26 10:24:21 2017 GMT
Not After : Sep 24 10:24:21 2027 GMT
Subject: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=clientPrince/name=EasyRSA/emailAddress=me@myhost.mydomain
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:bd:2d:b0:1b:ce:61:a3:4b:3f:3e:43:22:e9:d1:
d2:b2:5d:f9:5e:14:72:d4:b0:d8:c7:b4:73:a0:5e:
b3:ea:b8:ec:dd:42:3b:50:d1:db:ff:fd:6b:0f:69:
38:4a:78:5c:b4:0a:51:ad:52:ea:12:6d:b5:26:64:
ad:6e:c5:e3:99:46:8b:9c:cd:7c:a7:6f:c3:b8:71:
b5:b7:f4:3b:eb:eb:e1:95:8a:1e:4f:4c:df:84:11:
b3:11:69:90:34:31:62:a9:a9:a2:9b:04:bc:aa:7e:
7f:88:99:39:5f:78:00:dd:c5:e8:e3:eb:8e:d5:da:
f7:df:eb:e1:43:3c:8a:3b:42:9f:de:3e:c3:63:7b:
bc:b7:79:2d:da:89:6e:a1:14:96:42:23:33:81:b4:
3a:7e:df:f2:87:4c:b6:52:74:ea:20:40:cb:93:28:
13:f4:fc:9a:e4:6d:62:6e:06:dc:bd:96:32:bc:17:
36:5a:b8:9d:b2:57:16:59:cd:d2:e8:a9:28:d3:77:
46:29:60:e2:ff:66:ac:87:88:05:3c:f4:de:9a:f3:
b8:fe:25:cc:2d:62:d2:9a:8f:c7:da:0e:4c:8d:8d:
7f:d1:d7:59:55:cd:89:a3:c9:8f:f5:c5:81:e5:75:
4d:e5:16:ef:71:ba:82:96:f6:a8:97:b9:3e:56:64:
af:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
B9:0C:9B:8B:A4:6B:ED:99:71:B9:66:F1:0D:5F:CC:53:B9:47:80:16
X509v3 Authority Key Identifier:
keyid:6D:19:91:A6:87:74:F6:D3:3A:77:11:C6:33:13:24:5A:85:78:83:3B
DirName:/C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=MyOrganizationalUnit/CN=Fort-Funston CA/name=EasyRSA/emailAddress=me@myhost.mydomain
serial:81:F6:D9:96:73:D2:2C:8F
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
Signature Algorithm: sha256WithRSAEncryption
b9:fb:1b:ac:b5:e3:7c:33:9f:d6:a5:9b:84:05:fa:7f:cd:2a:
33:13:c9:31:b8:6a:26:d4:92:ba:3c:fc:03:40:8d:b2:c7:4d:
d2:21:0c:1c:f9:44:d7:90:bd:90:88:60:d3:ac:5b:7e:e5:a4:
20:c9:f2:48:4a:f4:71:ec:11:c1:5c:8a:76:a0:55:fe:20:11:
73:d6:b8:0a:98:31:15:63:9f:c0:76:c3:85:4e:92:29:2f:2a:
08:4d:93:c1:a0:d1:0a:54:f4:cc:89:d9:5e:ee:4d:58:87:13:
58:8d:9f:57:ee:82:8c:78:d5:2e:d3:14:ca:16:34:e3:b0:9c:
15:72:5f:d4:ec:94:30:7f:67:fe:f0:e6:3f:6c:fc:71:37:24:
00:15:40:b1:2c:35:1d:af:8d:2d:b0:97:be:9c:d5:ab:b2:a5:
6d:36:7a:45:97:b9:c5:e5:48:d3:9d:34:38:35:2b:03:a3:0f:
3f:96:a0:f7:ff:f3:4a:9d:af:08:c3:32:6e:7b:19:05:7d:9e:
60:c0:4a:69:36:52:ca:d8:0e:8e:6d:56:8c:bf:fe:6a:f2:d6:
91:a5:92:1f:18:76:c5:c8:63:15:38:ae:8f:81:70:4b:3b:7a:
a2:7c:51:65:2a:07:aa:a5:23:3d:e5:99:87:27:9e:84:17:01:
94:a8:09:96
-----BEGIN CERTIFICATE-----
MIIFVTCCBD2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBtjELMAkGA1UEBhMCVVMx
CzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxTYW5GcmFuY2lzY28xFTATBgNVBAoTDEZv
cnQtRnVuc3RvbjEdMBsGA1UECxMUTXlPcmdhbml6YXRpb25hbFVuaXQxGDAWBgNV
BAMTD0ZvcnQtRnVuc3RvbiBDQTEQMA4GA1UEKRMHRWFzeVJTQTEhMB8GCSqGSIb3
DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTE3MDkyNjEwMjQyMVoXDTI3MDky
NDEwMjQyMVowgbMxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEBxMM
U2FuRnJhbmNpc2NvMRUwEwYDVQQKEwxGb3J0LUZ1bnN0b24xHTAbBgNVBAsTFE15
T3JnYW5pemF0aW9uYWxVbml0MRUwEwYDVQQDEwxjbGllbnRQcmluY2UxEDAOBgNV
BCkTB0Vhc3lSU0ExITAfBgkqhkiG9w0BCQEWEm1lQG15aG9zdC5teWRvbWFpbjCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL0tsBvOYaNLPz5DIunR0rJd
+V4UctSw2Me0c6Bes+q47N1CO1DR2//9aw9pOEp4XLQKUa1S6hJttSZkrW7F45lG
i5zNfKdvw7hxtbf0O+vr4ZWKHk9M34QRsxFpkDQxYqmpopsEvKp+f4iZOV94AN3F
6OPrjtXa99/r4UM8ijtCn94+w2N7vLd5LdqJbqEUlkIjM4G0On7f8odMtlJ06iBA
y5MoE/T8muRtYm4G3L2WMrwXNlq4nbJXFlnN0uipKNN3Rilg4v9mrIeIBTz03prz
uP4lzC1i0pqPx9oOTI2Nf9HXWVXNiaPJj/XFgeV1TeUW73G6gpb2qJe5PlZkr0cC
AwEAAaOCAW0wggFpMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNB
IEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUuQybi6Rr7ZlxuWbxDV/M
U7lHgBYwgesGA1UdIwSB4zCB4IAUbRmRpod09tM6dxHGMxMkWoV4gzuhgbykgbkw
gbYxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEBxMMU2FuRnJhbmNp
c2NvMRUwEwYDVQQKEwxGb3J0LUZ1bnN0b24xHTAbBgNVBAsTFE15T3JnYW5pemF0
aW9uYWxVbml0MRgwFgYDVQQDEw9Gb3J0LUZ1bnN0b24gQ0ExEDAOBgNVBCkTB0Vh
c3lSU0ExITAfBgkqhkiG9w0BCQEWEm1lQG15aG9zdC5teWRvbWFpboIJAIH22ZZz
0iyPMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDANBgkqhkiG9w0B
AQsFAAOCAQEAufsbrLXjfDOf1qWbhAX6f80qMxPJMbhqJtSSujz8A0CNssdN0iEM
HPlE15C9kIhg06xbfuWkIMnySEr0cewRwVyKdqBV/iARc9a4CpgxFWOfwHbDhU6S
KS8qCE2TwaDRClT0zInZXu5NWIcTWI2fV+6CjHjVLtMUyhY047CcFXJf1OyUMH9n
/vDmP2z8cTckABVAsSw1Ha+NLbCXvpzVq7KlbTZ6RZe5xeVI0500ODUrA6MPP5ag
9//zSp2vCMMybnsZBX2eYMBKaTZSytgOjm1WjL/+avLWkaWSHxh2xchjFTiuj4Fw
Szt6onxRZSoHqqUjPeWZhyeehBcBlKgJlg==
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
MIIEuwIBADANBgkqhkiG9w0BAQEFAASCBKUwggShAgEAAoIBAQC9LbAbzmGjSz8+
QyLp0dKyXfleFHLUsNjHtHOgXrPquOzdQjtQ0dv//WsPaThKeFy0ClGtUuoSbbUm
ZK1uxeOZRouczXynb8O4cbW39Dvr6+GVih5PTN+EEbMRaZA0MWKpqaKbBLyqfn+I
mTlfeADdxejj647V2vff6+FDPIo7Qp/ePsNje7y3eS3aiW6hFJZCIzOBtDp+3/KH
TLZSdOogQMuTKBP0/JrkbWJuBty9ljK8FzZauJ2yVxZZzdLoqSjTd0YpYOL/ZqyH
iAU89N6a87j+JcwtYtKaj8faDkyNjX/R11lVzYmjyY/1xYHldU3lFu9xuoKW9qiX
uT5WZK9HAgMBAAECggEAOmm9ExjqtQ0q/gKk6SXMtR6nPRF7U4k3ppJlkYMscrGf
EcK9pfrmv2h0glGu+++mUEFPbwFHHWGaqbw0gRvBZzaNLWGVt+2etXkG70IOro4r
HY2ERmAqNBFzBVFfIX6ORG0ItG0GBG8C2h7VxFC9k7zkaFv3wrjWCOJAsA4lcJ5d
P+DSxUmGlN/l15xhwWxhxfEvun5Z73sSSYfUjgSHDpb4D7iYG+C0fVOp9kzBprcD
Gt4+QN7FOlrb+6ujEbY4c3D+B6j6pn2BO8qjVdoX40C6pFMdYpuS8kbtA8S5/iaU
ON6m0xTnAFe62jeVSGBTdaf7d2d2NXTfQpsVVGv2QQKBgQDzUAus4PXVXA/qDwTp
GmlHMup8MbMLXcweffIEn8mECNYUzMNvR30qK1CcnfztPlIeNBieUyBNCcsa39gz
AsVY8rHNBow4Hy05P+R9K2ibMd3u+23hFgsjTv1z9xvRIpM4Ap+r2OCGw7vOp7EQ
69gfE4q+/37E3JNwK/9OcJMxKQKBgQDHCwK6iaeBdo23Exe1Rbf4PwD7LM8u2l9b
I306wf0O6fMoCnIbFR9KSjBdcdUbU295dc+exWS5ZGI0kzcR8Jn0flScMhMiAHTc
kWtflH13HA9JuA6UVgcBC8nMIq9PTm4ug9VcMqTtJpw2YB1AploV5ZfqN5kiNrsB
4KPTD3K67wJ/G4/1wp+5OXI0W09YPw++3VHnPipjHeaCOPILeHqhWVOm7LRFb1Wp
2B0QBK3g+P8WTlWYdFb2UcPKPkEdPKoTsP/NJGyZdcISXWnfeE5yiyIbAfd5ewYE
PPu1um1DuW0xQCcL72uiA6IopEBazo/o65xLG1fWBHb4PLy/LyORiQKBgAubmsci
LACi11Tr6iAKNtZlZjs/u71xwsnf4ffBRG7QOfwFz+3AZ5i/ht6MOu9jCEc/FaKe
xGcDca67PyTusSvPCkQpr2/2MtqCKI7kbAS8QC/+aetAsRvggh5Dj5HCcy6HRbQg
x/mEnOuW413X1b0dLKTeJTIXmwRbA3LVnc1FAoGBAMVnlXgODOMriKW5HGGWw5Os
ExFFs6pQ442jAaaL93JjJSGkBKjxqC6lCsSbn0mav+gnCuqL6KN2ifLypp6wAVsq
7lacJqD4RlOwbQy+rYAacphU+s0tuMMg2SYYND3asfs9aUdxxewkuO1LO59KON9y
YqmoxYzVQ6IIqX2PZjgv
-----END PRIVATE KEY-----
</key>