#!/bin/sh # # openvpn_enable="YES" openvpn_client="YES" openvpn_dev="tun" openvpn_remote="$s1_osad" openvpn_nobind="YES" openvpn_proto="udp" openvpn_user="root" openvpn_group="wheel" openvpn_ns_cert_type="server" # # Certificate of Certification Authority # Use same like in VPN server openvpn_ca="${openvpn_x_root}/ca.crt" openvpn_x_ca="-----BEGIN CERTIFICATE----- MIIDaDCCAtGgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBhTELMAkGA1UEBhMCQ1ox FzAVBgNVBAgTDkN6ZWNoIFJlcHVibGljMQ8wDQYDVQQHEwZQcmFndWUxDzANBgNV BAoTBlRTR0NvbTEdMBsGA1UEAxMUczEub3NhZC5wcmcubXluZXQuY3oxHDAaBgkq hkiG9w0BCQEWDWpwQGRldm51bGwuY3owHhcNMDUwNjE1MTQxMDEyWhcNMTUwNjEz MTQxMDEyWjCBhTELMAkGA1UEBhMCQ1oxFzAVBgNVBAgTDkN6ZWNoIFJlcHVibGlj MQ8wDQYDVQQHEwZQcmFndWUxDzANBgNVBAoTBlRTR0NvbTEdMBsGA1UEAxMUczEu b3NhZC5wcmcubXluZXQuY3oxHDAaBgkqhkiG9w0BCQEWDWpwQGRldm51bGwuY3ow gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMJOHknrZZQAdV4zc5Lf3NwvRi5Z Dn8Oknum4fCVQ0F4rmMX4SjFV9edZq5J2xcidfteuAKOcW6JQo61R2sFY5JlSFJR HvHK+m283+wf/7fOF5jw9Yqerq+4T7kp+WYongOyAG3d0pbTn7GdAKtsL+qvgdQ5 GNSIPqevQOZSTtPLAgMBAAGjgeUwgeIwHQYDVR0OBBYEFGxsbpHxXLRwpVVdjo2y hE6KzwjlMIGyBgNVHSMEgaowgaeAFGxsbpHxXLRwpVVdjo2yhE6KzwjloYGLpIGI MIGFMQswCQYDVQQGEwJDWjEXMBUGA1UECBMOQ3plY2ggUmVwdWJsaWMxDzANBgNV BAcTBlByYWd1ZTEPMA0GA1UEChMGVFNHQ29tMR0wGwYDVQQDExRzMS5vc2FkLnBy Zy5teW5ldC5jejEcMBoGCSqGSIb3DQEJARYNanBAZGV2bnVsbC5jeoIBADAMBgNV HRMEBTADAQH/MA0GCSqGSIb3DQEBBAUAA4GBAKNhkDdMy7+1XAaPKjmuQ7zqw2PO t/RLbnXy89Q0WgM0srHn+kkE/8kBiuJYc2DNX0gFSrzVgFRfawvkjqCSAAFa7iH5 5uiNlzPb3HCfv8RqGuEM4f0a0OcPOi+3TOm0qQ5LFI/+uDuUYqLEJZhnJkcPvOOR dgkGJnQEX02vJoBB -----END CERTIFICATE-----" # # Client certicate generated on server openvpn_cert="${openvpn_x_root}/CLIENT_HOSTNAME.crt" openvpn_x_cert="Certificate: Data: Version: 3 (0x2) Serial Number: 2 (0x2) Signature Algorithm: md5WithRSAEncryption Issuer: C=CZ, ST=Czech Republic, L=Prague, O=TSGCom, CN=server.site.prg.wibsd.cz/emailAddress=jp@devnull.cz Validity Not Before: Jun 15 14:51:09 2005 GMT Not After : Jun 13 14:51:09 2015 GMT Subject: C=CZ, ST=Czech Republic, O=TSGCom, CN=client_hostname/emailAddress=jp@devnull.cz Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:d1:a1:4e:f7:8f:1e:9b:0a:e6:4a:e9:fa:eb:f6: b3:0a:b9:ef:69:27:4f:ed:23:69:d5:bd:c1:aa:bf: cd:85:1a:fd:be:10:f1:b2:0f:89:1c:02:fe:90:1d: 63:67:63:e8:61:ed:d7:c9:bc:f3:87:2b:ab:99:4e: 48:8b:44:d3:28:99:a5:cb:83:19:f1:7a:13:9f:ed: de:25:33:60:0c:1c:4c:50:98:8c:1e:1a:ff:3f:87: 49:b6:72:5d:24:d2:61:10:b7:49:b0:7a:6e:54:96: 1d:95:f7:95:33:ef:35:80:85:f2:71:ff:77:e1:a2: 55:ff:3f:a5:20:0b:ec:a9:15 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: 3B:FA:18:55:11:A8:A2:43:47:AE:3E:96:4D:AE:7D:24:4B:D7:02:2E X509v3 Authority Key Identifier: keyid:6C:6C:6E:91:F1:5C:B4:70:A5:55:5D:8E:8D:B2:84:4E:8A:CF:08:E5 DirName:/C=CZ/ST=Czech Republic/L=Prague/O=TSGCom/CN=server.site.prg.wibsd.cz/emailAddress=jp@devnull.cz serial:00 Signature Algorithm: md5WithRSAEncryption 53:c2:a5:6e:19:68:2e:6c:f8:36:b9:0d:be:2c:cc:aa:f8:d3: 3b:f4:1c:94:0a:c6:11:33:36:b3:28:04:dd:db:a1:22:71:a3: 81:9b:a9:ed:2b:c9:4d:dd:18:3a:64:0d:16:8d:da:20:b0:30: de:de:4e:cb:a3:38:2a:4b:e0:70:74:d9:51:ce:44:55:b3:7c: 8d:1b:61:78:2a:80:93:a3:2e:39:16:b2:a0:5c:24:a5:36:c0: 7b:18:62:1b:13:51:d2:10:53:1e:db:41:f3:28:67:57:2b:90: a8:2d:cf:3b:69:cc:36:5e:5b:4c:95:78:09:1a:ef:2d:c7:85: 4a:e6 -----BEGIN CERTIFICATE----- MIIDgzCCAuygAwIBAgIBAjANBgkqhkiG9w0BAQQFADCBhTELMAkGA1UEBhMCQ1ox FzAVBgNVBAgTDkN6ZWNoIFJlcHVibGljMQ8wDQYDVQQHEwZQcmFndWUxDzANBgNV BAoTBlRTR0NvbTEdMBsGA1UEAxMUczEub3NhZC5wcmcubXluZXQuY3oxHDAaBgkq hkiG9w0BCQEWDWpwQGRldm51bGwuY3owHhcNMDUwNjE1MTQ1MTA5WhcNMTUwNjEz MTQ1MTA5WjB0MQswCQYDVQQGEwJDWjEXMBUGA1UECBMOQ3plY2ggUmVwdWJsaWMx DzANBgNVBAoTBlRTR0NvbTEdMBsGA1UEAxMUcjEua2xvYi5wcmcubXluZXQuY3ox HDAaBgkqhkiG9w0BCQEWDWpwQGRldm51bGwuY3owgZ8wDQYJKoZIhvcNAQEBBQAD gY0AMIGJAoGBANGhTvePHpsK5krp+uv2swq572knT+0jadW9waq/zYUa/b4Q8bIP iRwC/pAdY2dj6GHt18m884crq5lOSItE0yiZpcuDGfF6E5/t3iUzYAwcTFCYjB4a /z+HSbZyXSTSYRC3SbB6blSWHZX3lTPvNYCF8nH/d+GiVf8/pSAL7KkVAgMBAAGj ggERMIIBDTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUO/oYVRGookNHrj6WTa59JEvXAi4w gbIGA1UdIwSBqjCBp4AUbGxukfFctHClVV2OjbKETorPCOWhgYukgYgwgYUxCzAJ BgNVBAYTAkNaMRcwFQYDVQQIEw5DemVjaCBSZXB1YmxpYzEPMA0GA1UEBxMGUHJh Z3VlMQ8wDQYDVQQKEwZUU0dDb20xHTAbBgNVBAMTFHMxLm9zYWQucHJnLm15bmV0 LmN6MRwwGgYJKoZIhvcNAQkBFg1qcEBkZXZudWxsLmN6ggEAMA0GCSqGSIb3DQEB BAUAA4GBAFPCpW4ZaC5s+Da5Db4szKr40zv0HJQKxhEzNrMoBN3boSJxo4Gbqe0r yU3dGDpkDRaN2iCwMN7eTsujOCpL4HB02VHORFWzfI0bYXgqgJOjLjkWsqBcJKU2 wHsYYhsTUdIQUx7bQfMoZ1crkKgtzztpzDZeW0yVeAka7y3HhUrm -----END CERTIFICATE-----" # # Client private key generated on server openvpn_key="${openvpn_x_root}/CLIENT_HOSTNAME.key" openvpn_x_key="-----BEGIN RSA PRIVATE KEY----- MIICXwIBAAKBgQDRoU73jx6bCuZK6frr9rMKue9pJ0/tI2nVvcGqv82FGv2+EPGy D4kcAv6QHWNnY+hh7dfJvPOHK6uZTkiLRNMomaXLgxnxehOf7d4lM2AMHExQmIwe Gv8/h0m2cl0k0mEQt0mwem5Ulh2V95Uz7zWAhfJx/3fholX/P6UgC+ypFQIDAQAB AoGBALNWwBr0OufDPF+Mqtkh9exQQ6x/MFacvFdafovYiTe9bqUjE9MUjWUEfsnG CpuSEmVtN/XkC6dxSd3e5hsXZ1lBLstOwoY0O8+3hkrSc7yho02d8HndM0daw5z0 qDQGCqdNHkfki8hU8asAANKOEusAjiCjtAcDLgvhHxfT7LoFAkEA6XcWgom299g3 zBHrSui4XsHqfrM2RGyOtY2fsf7tyKCrZJyg7UQimP+Oh0nMHjbYn7qrZhZT5JC/ dn7zvjLRHwJBAOXdQdGREaBMgtdlMrtGMmqQSarnLNcs0SC7C2deFFhCnsE0zWMF vueiajhilsXzu9UGw4lBbvO4wHje1IAA+0sCQQCnkL/pRWq7jMbPg3T7uPjLmiby dTJX/gqXqGScXrrQKvGZLwoaAbNLWPE1jPQiI39rdZGbnh7siC/Dnu7W7qZFAkEA 1+iJyETRH5Z+V7/QdSOse3foGkVmUv7fuDS4s3Ek/vokkCn+uYJOHNjrmObR5EHa LnBZ/nSduQPSljYHt+w0HQJBAM7RR8M7E1qYCpHsA3IsEe70SzbMISQmiSBQJcal yctWrZgfoOguxdvM5ws+V+1xx3p7mtHTvqUbrG6XvkmRR00= -----END RSA PRIVATE KEY-----" #