10 KiB
Client Configurtation
Freitag, 15. Mai 2015
23:42
IP 192.168.132.3
Root nx4w
root@VPNCLIENT:~# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.8.0.5 128.0.0.0 UG 0 0 0 tun0
default fritz.box 0.0.0.0 UG 0 0 0 ens3
kvm-0219.server fritz.box 255.255.255.255 UGH 0 0 0 ens3
10.8.0.0 10.8.0.5 255.255.255.0 UG 0 0 0 tun0
10.8.0.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
128.0.0.0 10.8.0.5 128.0.0.0 UG 0 0 0 tun0
192.168.132.0 0.0.0.0 255.255.255.0 U 0 0 0 ens3
root@VPNCLIENT:~#
IPTables unter /etc/iptables/rules.v4
*nat
-A POSTROUTING -o tun0 -j MASQUERADE
COMMIT
*filter
-A INPUT -i ens3 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Sat Jun 15 21:30:53 2019
Client.conf :
Client
dev tun
proto udp
remote 5.104.110.219 1194
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
redirect-gateway def1
ca ca.crt
cert client.crt
key client.key
remote-cert-tls server
tls-auth ta.key 1
cipher AES-256-CBC
auth SHA256
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
key-direction 1
verb 3
<ca>
-----BEGIN CERTIFICATE-----
MIIEszCCA5ugAwIBAgIJALxbvnCJ8zU8MA0GCSqGSIb3DQEBCwUAMIGXMQswCQYD
VQQGEwJERTELMAkGA1UECBMCU0gxFTATBgNVBAcTDEJhZCBTZWdlYmVyZzESMBAG
A1UEChMJUmFsZiBLb29wMRIwEAYDVQQLEwlDb21tdW5pdHkxFTATBgNVBAMTDFJh
bGYgS29vcCBDQTESMBAGA1UEKRMJVlBOU2VydmVyMREwDwYJKoZIhvcNAQkBFgJs
czAeFw0xOTA2MTUxMzA3NDhaFw0yOTA2MTIxMzA3NDhaMIGXMQswCQYDVQQGEwJE
RTELMAkGA1UECBMCU0gxFTATBgNVBAcTDEJhZCBTZWdlYmVyZzESMBAGA1UEChMJ
UmFsZiBLb29wMRIwEAYDVQQLEwlDb21tdW5pdHkxFTATBgNVBAMTDFJhbGYgS29v
cCBDQTESMBAGA1UEKRMJVlBOU2VydmVyMREwDwYJKoZIhvcNAQkBFgJsczCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKJVB7bmqaXf3d6bYFyG9LqPmF3u
kaA3t3vSv6RuOOyRjhGqejo1Vabywd+bYrrNp+b7y2UePoM/DTcVP76wtbKA9034
sxsrbQurbamSmn1xn47kR1+aSkCtSnbfnLm89oDAOoqyrf5EhoOyfJKdz2JvuCKy
ezOlvWywx2hOJSsBPrS8k9+ZTOrQ+1y0YcSLzp8oWxGZbwmuB9fI05pwf3NzYZPi
cmEn7wHKTpZ0SEKBIeMsMqEh7bgsBGNQJuY9hyBrz4Gdf+h33tggEU+ZQJvn5cwt
pMg5nMySxLYYv70WLt6By/fGNyDVFIh4wHaYXlMIVbNSmygtOWZT1UMeprkCAwEA
AaOB/zCB/DAdBgNVHQ4EFgQU+gtE2USRYtIqjJ57QneVdoTS6RcwgcwGA1UdIwSB
xDCBwYAU+gtE2USRYtIqjJ57QneVdoTS6RehgZ2kgZowgZcxCzAJBgNVBAYTAkRF
MQswCQYDVQQIEwJTSDEVMBMGA1UEBxMMQmFkIFNlZ2ViZXJnMRIwEAYDVQQKEwlS
YWxmIEtvb3AxEjAQBgNVBAsTCUNvbW11bml0eTEVMBMGA1UEAxMMUmFsZiBLb29w
IENBMRIwEAYDVQQpEwlWUE5TZXJ2ZXIxETAPBgkqhkiG9w0BCQEWAmxzggkAvFu+
cInzNTwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEACqh9mqAmMMfv
CDYeypIjXLYsrR/FOgGvsuLpjOzhdREIpJ+otN3i1sPcjlaB9T2EidxuTF2+44SD
AAMTUNI37zVJiOXHPdt+dN0BTloRkgIemPQ+EyZ8vZ/trhwEW3n9k5PBPtce6jwn
BrCWAW+ZSKVXUc94s1Y/LAKaNCEYW48FEINh5RkGmZfOcPXf4iKFYLCFysYP5W5r
9nnDzna5l6ojEp6v5LGSX4BL5LYOBGZRtot6Ti1jfJtwlEn2sdZWgg775NVcyNLF
eJM1QHwJ2oezChjM4fwDNDFAAl+sind2L83LFEg+sQ+xqOezik7IIzJGHQBdFGrr
Dqw+c6JH7A==
-----END CERTIFICATE-----
</ca>
<cert>
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, ST=SH, L=Bad Segeberg, O=Ralf Koop, OU=Community, CN=Ralf Koop CA/name=VPNServer/emailAd$
Validity
Not Before: Jun 15 13:15:48 2019 GMT
Not After : Jun 12 13:15:48 2029 GMT
Subject: C=DE, ST=SH, L=Bad Segeberg, O=Ralf Koop, OU=Community, CN=datenserver/name=VPNServer/emailAd$
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:98:18:d6:68:c4:2e:ea:8c:62:2d:f6:cf:10:80:
e7:ce:3a:66:6f:35:da:78:ef:5d:3e:d9:12:5b:fb:
ef:52:b4:9d:04:7d:6c:4d:b6:02:f4:40:47:95:bd:
c9:c5:ef:3e:64:52:85:11:57:09:60:a1:d9:62:b4:
d1:b8:39:2d:6c:ef:41:9e:60:d6:97:d2:02:45:23:
2f:eb:c4:7d:39:91:cd:bd:3a:db:7c:c4:46:65:90:
5d:b9:ee:98:c5:fb:ef:4e:55:b7:68:46:c4:c5:92:
1d:51:20:65:e2:3a:13🇩🇪ed:ad:c0:4d:41:30:35:
53:52:2f:94:81:2c:e5:27:0e:d0:15:6c:b3:01:be:
ec:30:c0:f1:9a:bd:9e:72:1e:b6:ae:47:27:73:b2:
7b:7f:fd:4b:5f:ed:1f:a8:12:7d:ac:fe:e2:65:e9:
d3:b0:9b:11:c0:51:59:ce:88:48:ca:a0:c0:60:e7:
fd:94:1b:3f:2c:cb:65:d1:6c:79:b2:a0:7c:6c:68:
99:f4:59:80:52:2f:18:74:f5:39:dc:ca:64:db:77:
dc:e0:03:fc:cd:4f:d8:f0:a4:9b:47:92:7b:6f:55:
aa:ea:7d:1e:29:01:35:82:47:f1:c0:ee:99:19:76:
56:df:69:4c:0c:dc:72:ad:02:0e:e5:61:1a:c2:da:
67:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
D1:05:1C:41:A8:F5:61:FA:01:3D:E3:B6:77:88:69:97:A6:3C:00:09
X509v3 Authority Key Identifier: keyid:FA:0B:44:D9:44:91:62:D2:2A:8C:9E:7B:42:77:95:76:84:D2:E9:17
DirName:/C=DE/ST=SH/L=Bad Segeberg/O=Ralf Koop/OU=Community/CN=Ralf Koop CA/name=VPNServer/ema$
serial:BC:5B:BE:70:89:F3:35:3C
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:datenserver
Signature Algorithm: sha256WithRSAEncryption
17:a1:33:2a:bf:a5:c2:b5:d2:ba:0a:0b:0d:a2:a0:18:a0:ec:
b6:e8:78:e4:78:44:8c:fd:e2:8a:e3:5a:47:4c:07:84:d9:51:
8f:ba:6d:ec:54:ba:cc:fa:20:06:2e:83:1c:79:2d:b6:30:f3:
05:94:45:f0:28:28:98:8c:85:06:57:4c:dc:e6:9e:7b:bf:95:
91:a5:6b:db:18:09:ae:27:7c:47:43:ef:14:11:ff:f7:87:88:
51:d0:43:6d:4e:33:04:94:22:d0:ad:bf:80:fc:27:38:d7:68:
f2:7e:cd:f5:74:6c:7c:80:67:a4:f3:2b:20:a9:17:d3:f5:9a:
27:99:f9:92:c9:2b:9c:6b:d6:1f:8e:b0:3b:a3:f9:4f:3f:f9:
60:f4:a4:30:2b:b8:e7:03:53:f8:b6:16:fa:2b:6d:88:ef:2a:
2c:ed:10:92:d5:70:5c:21:66:f3:7b:76:a9:4a:5a:a6:e7:1b:
5b:c8:d1:94:8e:0f:b7:04:85:84:20:ff:50:5f:bd:90:17:f9:
07:0c:d8:cf:af:83:cb:1d:8f:eb:4e:31:43:9e:35:71:dd:99:
df:d7:95:8e:52:d2:93:05:2f:f9:3d:8e:f9:a3:4a:41:8c:50:
0a:52:7e:a9:ce:92:c6:dc:f9:21:04:7e:62:fc:8f:45:77:49:
45:b8:1e:24
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCREUx
CzAJBgNVBAgTAlNIMRUwEwYDVQQHEwxCYWQgU2VnZWJlcmcxEjAQBgNVBAoTCVJh
bGYgS29vcDESMBAGA1UECxMJQ29tbXVuaXR5MRUwEwYDVQQDEwxSYWxmIEtvb3Ag
Q0ExEjAQBgNVBCkTCVZQTlNlcnZlcjERMA8GCSqGSIb3DQEJARYCbHMwHhcNMTkw
NjE1MTMxNTQ4WhcNMjkwNjEyMTMxNTQ4WjCBpTELMAkGA1UEBhMCREUxCzAJBgNV
BAgTAlNIMRUwEwYDVQQHEwxCYWQgU2VnZWJlcmcxEjAQBgNVBAoTCVJhbGYgS29v
cDESMBAGA1UECxMJQ29tbXVuaXR5MRQwEgYDVQQDEwtkYXRlbnNlcnZlcjESMBAG
A1UEKRMJVlBOU2VydmVyMSAwHgYJKoZIhvcNAQkBFhFyYWxma0ByYWxma29vcC5k
ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJgY1mjELuqMYi32zxCA
5846Zm812njvXT7ZElv771K0nQR9bE22AvRAR5W9ycXvPmRShRFXCWCh2WK00bg5
LWzvQZ5g1pfSAkUjL+vEfTmRzb0623zERmWQXbnumMX7705Vt2hGxMWSHVEgZeI6
E97trcBNQTA1U1IvlIEs5ScO0BVsswG+7DDA8Zq9nnIetq5HJ3Oye3/9S1/tH6gS
faz+4mXp07CbEcBRWc6ISMqgwGDn/ZQbPyzLZdFsebKgfGxomfRZgFIvGHT1OdzK
ZNt33OAD/M1P2PCkm0eSe29Vqup9HikBNYJH8cDumRl2Vt9pTAzccq0CDuVhGsLa
Z8ECAwEAAaOCAWYwggFiMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3kt
UlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU0QUcQaj1YfoBPeO2
d4hpl6Y8AAkwgcwGA1UdIwSBxDCBwYAU+gtE2USRYtIqjJ57QneVdoTS6RehgZ2k
gZowgZcxCzAJBgNVBAYTAkRFMQswCQYDVQQIEwJTSDEVMBMGA1UEBxMMQmFkIFNl
Z2ViZXJnMRIwEAYDVQQKEwlSYWxmIEtvb3AxEjAQBgNVBAsTCUNvbW11bml0eTEV
MBMGA1UEAxMMUmFsZiBLb29wIENBMRIwEAYDVQQpEwlWUE5TZXJ2ZXIxETAPBgkq
hkiG9w0BCQEWAmxzggkAvFu+cInzNTwwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYD
VR0PBAQDAgeAMBYGA1UdEQQPMA2CC2RhdGVuc2VydmVyMA0GCSqGSIb3DQEBCwUA
A4IBAQAXoTMqv6XCtdK6CgsNoqAYoOy26HjkeESM/eKK41pHTAeE2VGPum3sVLrM
+iAGLoMceS22MPMFlEXwKCiYjIUGV0zc5p57v5WRpWvbGAmuJ3xHQ+8UEf/3h4hR
0ENtTjMElCLQrb+A/Cc412jyfs31dGx8gGek8ysgqRfT9ZonmfmSySuca9YfjrA7
o/lPP/lg9KQwK7jnA1P4thb6K22I7yos7RCS1XBcIWbze3apSlqm5xtbyNGUjg+3
BIWEIP9QX72QF/kHDNjPr4PLHY/rTjFDnjVx3Znf15WOUtKTBS/5PY75o0pBjFAK
Un6pzpLG3PkhBH5i/I9Fd0lFuB4k
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCYGNZoxC7qjGIt
9s8QgOfOOmZvNdp4710+2RJb++9StJ0EfWxNtgL0QEeVvcnF7z5kUoURVwlgodli
tNG4OS1s70GeYNaX0gJFIy/rxH05kc29Ott8xEZlkF257pjF++9OVbdoRsTFkh1R
IGXiOhPe7a3ATUEwNVNSL5SBLOUnDtAVbLMBvuwwwPGavZ5yHrauRydzsnt//Utf
7R+oEn2s/uJl6dOwmxHAUVnOiEjKoMBg5/2UGz8sy2XRbHmyoHxsaJn0WYBSLxh0
9TncymTbd9zgA/zNT9jwpJtHkntvVarqfR4pATWCR/HA7pkZdlbfaUwM3HKtAg7l
YRrC2mfBAgMBAAECggEAONfHgf4X/qaapsz/1A4pFAT1dYit7taehbeAygndBo7j
w+LQEDb+4aQIXOlCOIxSSBIjEzjxE0FJyj8DxhLwbC762iMc8D6XhJlC9p1Ho7Vf
K+KMVxPPr3OF49BNHmkqpZ8ZXYpdTe1usXwnN6Y2+PDhJ+Z3f3neeu+3U5OgzLiE
A8K5XtgxeEFgufGFeJr08LCdKbipchAlhTDqZArDcKOj4izyaAVfQGMEKgwYGfdP
m7V41sZg3EB8ZLenzr6OYqhrVnobD0Onv08QvKIFn5Gbt5kC5S4uj8eO+uoklFaE
6bFbZ/GbNvtCcnNWCHBNVDKzemmhzPMNEUPupc3BRQKBgQDFWp44FNTq5Or5xaUT
kLpT1a0FaqcAB8Gs1XV2QiPcBCcer9SbtlOxLpk0pX+3JLApcAFTFqp44JTFIC20
ScEELwTqJXZhF1+0NuEOzisBlWAfoDcR+EXs87TKZenhygVcdFVaq6u2Y0lnHBjZ
QcV6Gcno0GIWAQbval/Ah6GUowKBgQDFS17UtlwAWdJ3hU2PnSWTFesAWFsv76lL
z19oNa8sLNxbnz9Cxl3AhVILaps9ZO9Jnf7F3x9Q16ZCJvcWCC2Qv1c6YaN8HMuI
4IPGGCLsUFVPDU9SQ0kIkxalwx3dtuHmVjtxkwrmM+IA08mWtLm9EOBe8yKoRnZq
B/M2PM50SwKBgQC4VsdYvOSQL5joCtwBZXsVWY4OdCtfFN+r74qTFn5mQR7FRBmE
BI8x/cOu8DNWPxeo7OzfzlkXJTbw1fi64PVAUib2Cl4DnJCRRX18lciH5x3tDHrD
9zJhfNXPA9itRUUysZsUYSu35g+nFxCCxjONtE7rftFPmk//C047CLU9nwKBgFZW
zYE47LoalMhJRc/7bV4Y0WatQ/qOXwAWGCJ6m9YxK53M6tpGBPEjZuwoExei/DSz
N7NQGVw/gzqf4rF5krcthPa/k9PUph2YYxJlraLM5QhbQsM1PtjJxbd007UbO3CZ
fBoPx01GlzjVdfrFzCK5J/dlX11UuK1eHUk3AwJRAoGBAL5j0OR2i8fTbu3VYz4H
ULNxycI9xQW6nElwB9ndv16m/aHVXsjimU8Rh9YxuAAr0fVL9dswAJ3eG3Wci8X+
ehXrkqRpgcdpCtwaHQttCWEWSYqxDof24Q+N1nUnbL+jt5gC4rHR1eHOywkaXpP2
MMEK3qeCwrrlOf+UoyXUzsmu
-----END PRIVATE KEY-----
</key>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
09a1c5d0fd5f284f02a2d7c3940759ec
75425f8b02383fde151fe412d090e2bd
9cd276c52cf96caf32337132f77d1800
2fd883aecb79cca4de4a400b77ecd88a
178b7cde7bbbf5ffba10de70267191f8
4638624d22830ca14f7fe777fb269a71
00013b9d6b76b598e79e93cc0fc026eb
a645702c7de9d07465e872fefd7f4f15
e8adcebd21a826d0b53d9b35799f14bc
087c60e33ab81f963948735b1b55ff4e
ce2fa6c4ccc5d32119a6920d5e985458
6123a5b059ae345665ff5ed69a6a5b4a
f50fe94114da12bdac0ca6ef9ace5161
bada791864a3f8eecbe405536a54e364
d162e7bbb4a2d875c0942574f05a3b95
683f4d63957c40c0518bd92cc936319c
-----END OpenVPN Static key V1-----
</tls-auth>