updates 2024-07-31

2024-07-31 13:56:21 -05:00
parent 5af6c48ade
commit 79b2f149df
62 changed files with 443262 additions and 993 deletions
--- a/Client/TestOpenVPN.OVPN
+++ b/Client/TestOpenVPN.OVPN
@@ -0,0 +1,119 @@
+##############################################
+# Sample client-side OpenVPN 2.6 config file #
+# for connecting to multi-client server.     #
+#                                            #
+# This configuration can be used by multiple #
+# clients, however each client should have   #
+# its own cert and key files.                #
+#                                            #
+# On Windows, you might want to rename this  #
+# file so it has a .ovpn extension           #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel
+# if you have more than one.  On XP SP2,
+# you may need to disable the firewall
+# for the TAP adapter.
+;dev-node MyTap
+
+# Are we connecting to a TCP or
+# UDP server?  Use the same setting as
+# on the server.
+;proto tcp
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote 166.252.175.224 1194
+remote 172.85.171.82 1194
+
+# Choose a random host from the remote
+# list for load-balancing.  Otherwise
+# try hosts in the order specified.
+;remote-random
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server.  Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Downgrade privileges after initialization (non-Windows only)
+;user openvpn
+;group openvpn
+
+# Try to preserve some state across restarts.
+persist-tun
+
+# If you are connecting through an
+# HTTP proxy to reach the actual OpenVPN
+# server, put the proxy server/IP and
+# port number here.  See the man page
+# if your proxy server requires
+# authentication.
+;http-proxy-retry # retry on connection failures
+;http-proxy [proxy server] [proxy port #]
+
+# Wireless networks often produce a lot
+# of duplicate packets.  Set this flag
+# to silence duplicate packet warnings.
+;mute-replay-warnings
+
+# SSL/TLS parms.
+# See the server config file for more
+# description.  It's best to use
+# a separate .crt/.key file pair
+# for each client.  A single ca
+# file can be used for all clients.
+ca ca.crt
+cert nico.crt
+key nico.key
+
+# Verify server certificate by checking that the
+# certificate has the correct key usage set.
+# This is an important precaution to protect against
+# a potential attack discussed here:
+#  http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the keyUsage set to
+#   digitalSignature, keyEncipherment
+# and the extendedKeyUsage to
+#   serverAuth
+# EasyRSA can do this for you.
+remote-cert-tls server
+
+# Allow to connect to really old OpenVPN versions
+# without AEAD support (OpenVPN 2.3.x or older)
+# This adds AES-256-CBC as fallback cipher and
+# keeps the modern ciphers as well.
+;data-ciphers AES-256-GCM:AES-128-GCM:?CHACHA20-POLY1305:AES-256-CBC
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+;tls-auth ta.key 1
+
+# Set log file verbosity.
+verb 3
+
+# Silence repeating messages
+;mute 20
--- a/Client/TestOpenVPN_HP.OVPN
+++ b/Client/TestOpenVPN_HP.OVPN
@@ -0,0 +1,118 @@
+##############################################
+# Sample client-side OpenVPN 2.6 config file #
+# for connecting to multi-client server.     #
+#                                            #
+# This configuration can be used by multiple #
+# clients, however each client should have   #
+# its own cert and key files.                #
+#                                            #
+# On Windows, you might want to rename this  #
+# file so it has a .ovpn extension           #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel
+# if you have more than one.  On XP SP2,
+# you may need to disable the firewall
+# for the TAP adapter.
+;dev-node MyTap
+
+# Are we connecting to a TCP or
+# UDP server?  Use the same setting as
+# on the server.
+;proto tcp
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote 172.85.171.82 1194
+
+# Choose a random host from the remote
+# list for load-balancing.  Otherwise
+# try hosts in the order specified.
+;remote-random
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server.  Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Downgrade privileges after initialization (non-Windows only)
+;user openvpn
+;group openvpn
+
+# Try to preserve some state across restarts.
+persist-tun
+
+# If you are connecting through an
+# HTTP proxy to reach the actual OpenVPN
+# server, put the proxy server/IP and
+# port number here.  See the man page
+# if your proxy server requires
+# authentication.
+;http-proxy-retry # retry on connection failures
+;http-proxy [proxy server] [proxy port #]
+
+# Wireless networks often produce a lot
+# of duplicate packets.  Set this flag
+# to silence duplicate packet warnings.
+;mute-replay-warnings
+
+# SSL/TLS parms.
+# See the server config file for more
+# description.  It's best to use
+# a separate .crt/.key file pair
+# for each client.  A single ca
+# file can be used for all clients.
+ca ca.crt
+cert nico.crt
+key nico.key
+
+# Verify server certificate by checking that the
+# certificate has the correct key usage set.
+# This is an important precaution to protect against
+# a potential attack discussed here:
+#  http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the keyUsage set to
+#   digitalSignature, keyEncipherment
+# and the extendedKeyUsage to
+#   serverAuth
+# EasyRSA can do this for you.
+remote-cert-tls server
+
+# Allow to connect to really old OpenVPN versions
+# without AEAD support (OpenVPN 2.3.x or older)
+# This adds AES-256-CBC as fallback cipher and
+# keeps the modern ciphers as well.
+;data-ciphers AES-256-GCM:AES-128-GCM:?CHACHA20-POLY1305:AES-256-CBC
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+;tls-auth ta.key 1
+
+# Set log file verbosity.
+verb 3
+
+# Silence repeating messages
+;mute 20
--- a/Client/ca.crt
+++ b/Client/ca.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDRTCCAi2gAwIBAgIUA5ZIApoeltCztaBg/JeH+SgMt3IwDQYJKoZIhvcNAQEL
+BQAwFDESMBAGA1UEAwwJSGVucnlQdW1wMB4XDTI0MDUwMTIxMTQyN1oXDTM0MDQy
+OTIxMTQyN1owFDESMBAGA1UEAwwJSGVucnlQdW1wMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEApICJTFUY1xF+0nHwU0CKSiobSSqHkp5grGRY+FU5l2Np
+Qvg++6aeHomBCfwe/4/EBVX0aGXjwuwYLWSij+1uHDINnCmXhd5hX01weFYhDJS2
+UR0Xlccg7OTp2o4ljd/d0ozellf7tDP8qoKfFVLEHSvGghnSmj0O6fM6El3OiU51
+pOxOruekvExavt8Mj+XbxAxq5R21qClJo50+gXLyHHFeVMqcqJLnz01wqNO0rXDe
+5h5Xlk9mQAKfW1Rg9RAFDIgydFf2EwfmtYJV59gSeOJwEgg5Wx5vrXf/xHxZZsnp
+jY8YPnII3PsYFjRww6uYhwKBeYI8tnpwisY2BfFpHQIDAQABo4GOMIGLMAwGA1Ud
+EwQFMAMBAf8wHQYDVR0OBBYEFAD8RvALpSHNVirmp6Ul098yFsAmME8GA1UdIwRI
+MEaAFAD8RvALpSHNVirmp6Ul098yFsAmoRikFjAUMRIwEAYDVQQDDAlIZW5yeVB1
+bXCCFAOWSAKaHpbQs7WgYPyXh/koDLdyMAsGA1UdDwQEAwIBBjANBgkqhkiG9w0B
+AQsFAAOCAQEACo0KLqvUjTNNj+76Jr092BAFlfkPnFRPis46s1fenyAMNSevOPvl
+3yukYfI2FNpVErLFHRbo24Z0kmciHIuGprTC21HjxjMjRbDji818Vt62OR+wg9kg
+uQ2U0E7yxNW9tPtMf+wGdc9eBakVqganMYlcRK9AgfTLMV+QHQZDzD+3COLcfz8q
+AxigwJfChgVGQUkrOPlYtRrdfjz8oZB9DHaIfbsfsXV1kGc4CBcyvcWUYgPBAH9V
+qNKcsepsNFARX8P3NCgsBID2bwc9kc/ArfeF+UZbTTVbwRVvZTa/WAQzY9Y9xrhY
+HQw9r6oDUXeEIPyTwtYjfby2T5kPHevetg==
+-----END CERTIFICATE-----
--- a/Client/nico.crt
+++ b/Client/nico.crt
@@ -0,0 +1,84 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            c5:3c:3d:ea:3c:70:00:7e:f9:71:0f:79:94:e0:f8:b0
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: CN=HenryPump
+        Validity
+            Not Before: May  1 21:26:14 2024 GMT
+            Not After : Aug  4 21:26:14 2026 GMT
+        Subject: CN=nico
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:bc:4b:fb:42:17:cb:e1:d8:bc:21:75:51:59:53:
+                    b9:e9:41:cc:0b:dd:a0:5a:5c:f9:be:8d:37:4c:84:
+                    11:6e:7d:e2:37:01:67:ef:96:e5:d4:e6:3f:cf:70:
+                    23:d3:1e:cb:34:97:cb:02:07:5d:66:02:d4:0d:56:
+                    e0:10:54:07:2c:cf:80:c7:62:18:30:a3:4e:0a:12:
+                    54:95:a4:35:db:8c:fa:1f:65:c5:f5:0b:6d:63:1e:
+                    f3:ac:3e:86:16:1f:98:e0:e6:be:1c:c2:12:10:08:
+                    0a:c6:ac:55:0e:b9:ad:b7:33:31:f0:83:32:80:0e:
+                    8d:42:e3:7e:00:b6:46:71:85:2b:75:d6:42:8d:b9:
+                    e0:7c:cc:ac:b2:dc:94:81:f9:6d:3d:94:9a:1c:ca:
+                    ea:e0:bb:b8:46:d9:0b:f4:39:46:2a:ac:83:8b:3b:
+                    ec:bf:1b:9d:6c:7c:3f:3f:7a:dc:0d:4a:82:ce:87:
+                    51:7d:74:f2:d5:80:38:0a:8c:ad:2f:4b:e3:0f:25:
+                    16:82:b4:be:fa:77:82:2d:3e:0d:0c:67:a2:4b:14:
+                    71:01:52:0d:31:4b:0c:84:71:b0:5a:12:4c:c9:20:
+                    f6:b9:cc:14:5d:47:ec:c0:e0:18:23:f8:7e:d5:b3:
+                    b9:1f:fa:34:dd:1e:11:63:f8:f5:40:91:92:aa:82:
+                    7c:5f
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                A6:CB:3C:07:1E:C3:F1:1F:3B:B4:49:96:08:45:3D:BE:7C:C5:F6:6C
+            X509v3 Authority Key Identifier: 
+                keyid:00:FC:46:F0:0B:A5:21:CD:56:2A:E6:A7:A5:25:D3:DF:32:16:C0:26
+                DirName:/CN=HenryPump
+                serial:03:96:48:02:9A:1E:96:D0:B3:B5:A0:60:FC:97:87:F9:28:0C:B7:72
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha256WithRSAEncryption
+    Signature Value:
+        97:2b:c7:0a:1b:29:39:a0:e6:96:82:b8:55:12:d2:11:7a:7a:
+        bc:0f:60:c8:d8:ce:d0:63:f2:93:46:77:1d:cd:04:55:4f:26:
+        a3:1a:70:65:c5:4b:ca:32:4f:2e:ea:df:de:d4:0f:4b:a5:04:
+        9e:a0:1a:ab:ca:bf:30:34:ae:1c:32:1c:74:f3:f2:c0:4c:62:
+        4f:62:2d:fe:0f:7c:ea:da:59:65:61:5e:f5:36:0b:b3:70:07:
+        f2:df:1e:07:98:d8:87:7a:d5:82:4b:d3:ad:f3:5d:e5:93:91:
+        3e:07:e3:82:72:4a:4e:2d:6b:b8:9f:75:b1:c1:ae:6d:7a:ab:
+        4b:6c:26:d5:e9:c5:59:36:d2:e9:60:18:6e:8c:2b:fd:e7:d5:
+        9e:46:fe:44:0b:b2:f5:3d:d3:50:f4:59:e6:b8:d1:84:5e:a3:
+        98:e3:ca:ee:07:ec:c1:02:16:49:6b:11:13:98:b9:0a:f2:d1:
+        6a:5f:ff:56:9d:be:6a:22:ad:9b:e3:34:56:81:43:56:a2:79:
+        66:86:57:3c:1c:b7:c4:33:df:34:01:08:d5:dd:fd:f6:38:02:
+        3f:72:1d:f8:fa:44:1b:e8:85:0c:20:af:4a:0a:b3:a5:2e:d3:
+        d0:a0:58:01:14:91:04:15:f3:7d:44:49:eb:df:b4:50:aa:fa:
+        0b:73:91:10
+-----BEGIN CERTIFICATE-----
+MIIDTzCCAjegAwIBAgIRAMU8Peo8cAB++XEPeZTg+LAwDQYJKoZIhvcNAQELBQAw
+FDESMBAGA1UEAwwJSGVucnlQdW1wMB4XDTI0MDUwMTIxMjYxNFoXDTI2MDgwNDIx
+MjYxNFowDzENMAsGA1UEAwwEbmljbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBALxL+0IXy+HYvCF1UVlTuelBzAvdoFpc+b6NN0yEEW594jcBZ++W5dTm
+P89wI9MeyzSXywIHXWYC1A1W4BBUByzPgMdiGDCjTgoSVJWkNduM+h9lxfULbWMe
+86w+hhYfmODmvhzCEhAICsasVQ65rbczMfCDMoAOjULjfgC2RnGFK3XWQo254HzM
+rLLclIH5bT2UmhzK6uC7uEbZC/Q5Riqsg4s77L8bnWx8Pz963A1Kgs6HUX108tWA
+OAqMrS9L4w8lFoK0vvp3gi0+DQxnoksUcQFSDTFLDIRxsFoSTMkg9rnMFF1H7MDg
+GCP4ftWzuR/6NN0eEWP49UCRkqqCfF8CAwEAAaOBoDCBnTAJBgNVHRMEAjAAMB0G
+A1UdDgQWBBSmyzwHHsPxHzu0SZYIRT2+fMX2bDBPBgNVHSMESDBGgBQA/EbwC6Uh
+zVYq5qelJdPfMhbAJqEYpBYwFDESMBAGA1UEAwwJSGVucnlQdW1wghQDlkgCmh6W
+0LO1oGD8l4f5KAy3cjATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4Aw
+DQYJKoZIhvcNAQELBQADggEBAJcrxwobKTmg5paCuFUS0hF6erwPYMjYztBj8pNG
+dx3NBFVPJqMacGXFS8oyTy7q397UD0ulBJ6gGqvKvzA0rhwyHHTz8sBMYk9iLf4P
+fOraWWVhXvU2C7NwB/LfHgeY2Id61YJL063zXeWTkT4H44JySk4ta7ifdbHBrm16
+q0tsJtXpxVk20ulgGG6MK/3n1Z5G/kQLsvU901D0Wea40YReo5jjyu4H7MECFklr
+EROYuQry0Wpf/1advmoirZvjNFaBQ1aieWaGVzwct8Qz3zQBCNXd/fY4Aj9yHfj6
+RBvohQwgr0oKs6Uu09CgWAEUkQQV831ESevftFCq+gtzkRA=
+-----END CERTIFICATE-----
--- a/Client/nico.key
+++ b/Client/nico.key
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFJDBWBgkqhkiG9w0BBQ0wSTAxBgkqhkiG9w0BBQwwJAQQAlydeXPf9+FUGlGH
+EgvbTAICCAAwDAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQIZwOyte4bsAEEggTI
+Fb9IYZA5B6q6CT3BR9yaYMQQETy5uYfnT8WOdonPqCy2HEn3j9HsPjHk8Ot/WWIs
+SZH4uFcxij2VIC9v7kOreG7FKA/NJIrXMpYafPj7/+6ZwyGk3ig0pEIu1Zd7Kvap
+jgxSPGq4U9UkPBsEc+ZngtzMxQKHR72wmSt7/S5rTsd844rZfv1fi5RxT9BnbxV9
+ZCOmJed+R6Vrl3uGdgeJ6RZRJQT4Noxn1U8NW/yFey1wFiM0JVLi6SYxvNVp6k9e
+MD1eU3Bg9NNlmoCbuWVlkU9dWCpk8m+4eia3YYCHkE6k+beNSoZaIU7geMQaPgNU
+qOas6N8sz9k4aVKdAb9DLOxwvXxXylD5WoxYw+dpWF02ykOnW4IiRYhh9HJ4umFM
+BWSue1BRSkIBhae4x4YmgqDAZGDvszgx1f/D8S1KXnnHc3AUU5dqhtrk3DEg1nI0
+7hOwRzhchPyMlzO+f4GAiIZSbRKDHhzMNiTEZlyMbvSqoP6BYercC7VOTrZiZf+w
+dK227m279E59kbVcKLJts5sftnQTFLqGty9ApIPWq5hRzb4yvmhYVVRa8pgRlAzx
+Dj23F8GUM/xBQ9m7T/g9JkKx4QqKoozAJuK+aWbpaW0MY94669hQ5gn1w93WDH33
+ndrPbdFA53b6I89oTXCR/LmXTu0/HYSb+ZDnmLlsy3Ot4fqT6ztc+OsdeOp8Cmev
+tpmq1JB32wCgo4JMgyLfukoKjtYhHB/duNgdFQ/tV8tYjooMM24W8cv5SKRC2Oiu
+6QN1Own3SVbb/AytyQsv0kEdzx9sw+efTDXGRHCO1npJwTK1xganXrEa2WBcpklm
+iFPSmxu+9JQ6LQP5nJtGz4D/Q2Uju3weBZpsMKhluq6+9n9W3pXMfe6ID+B6tynA
+NEuxIG6tZwM+WjhnaxYJ1/YGn7F+juqCSqpjNPSO6My3M0GO5Y/eP1ujYfaKRuBt
+IKOJ4hIFmKHcfh7rHaKQbEa0wTF7X9yPb7CHufGMSwK15x6Bke2/OJIX+8F6zNxf
+wpmOHHuarHXMEBfWHD9AP1tLkhPKMPb/QSjzW/OWzrhyRiANJhRn2sFdO7Ax8mO7
+nJSHGg0yORJXlC5G5psdwUqLfORDjPsUa0rPogacByAp+uqNVJM7pXBipBZFK/el
+HyYVLf9iZ2OCP1cRBWFMOpwV6SDZfVDQXvzzEjGZntEQ9Qwe/kKqPCmF5QFbDpSs
+QC9fzl+5X3/yZrLRCPJ6IrGtIsYIrJ/yvaXWHbfK1kCpmE6TL8aLAg+vn2xRbfwe
+u9YVKYk90kreZUWFp0ngYNSNg4AXWv0A9qAyIZEr2yo4Yp0yYztyejsJeNAudiep
+t6zhAaztmU6I0Gdr3CMqTyu1zFQuOooOGXqORCRrAI9Y3tqza35lkWZRLKrYvJai
+Zmkyhe0ewRUyaPObA4XWu/FtXWcj0YyJuVxjmP5Ke442BOr5fIT/dUzDL6nshuxP
+BiD/FLbZ3R1SUdfoWQslzY6lF2OLwt6HxD6n2S7eEMSXVVlfkcRKC6nXwJOknO86
+zGafBq4PIdSN2AFmc0nOmHARyFIAFJGrD7kxlTkkap7juGBQ1yhgt71wZgcZIHaf
+Q4+BBhz8j6KZuQ2A7fw2baD+GJ+pjm79
+-----END ENCRYPTED PRIVATE KEY-----