-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathstudenti.ovpn
294 lines (273 loc) · 11.5 KB
/
studenti.ovpn
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one. On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
;dev-node MyTap
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server.
;proto tcp
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote 131.114.72.70 1194
;remote my-server-2 1194
# Choose a random host from the remote
# list for load-balancing. Otherwise
# try hosts in the order specified.
;remote-random
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Downgrade privileges after initialization (non-Windows only)
user nobody
group nogroup
# Try to preserve some state across restarts.
persist-key
persist-tun
# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN
# server, put the proxy server/IP and
# port number here. See the man page
# if your proxy server requires
# authentication.
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
# Wireless networks often produce a lot
# of duplicate packets. Set this flag
# to silence duplicate packet warnings.
;mute-replay-warnings
# SSL/TLS parms.
# See the server config file for more
# description. It's best to use
# a separate .crt/.key file pair
# for each client. A single ca
# file can be used for all clients.
#ca ca.crt
#cert client.crt
#key client.key
# Verify server certificate by checking that the
# certicate has the correct key usage set.
# This is an important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the keyUsage set to
# digitalSignature, keyEncipherment
# and the extendedKeyUsage to
# serverAuth
# EasyRSA can do this for you.
remote-cert-tls server
# If a tls-auth key is used on the server
# then every client must also have the key.
#tls-auth ta.key 1
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
# Note that v2.4 client/server will automatically
# negotiate AES-256-GCM in TLS mode.
# See also the ncp-cipher option in the manpage
cipher AES-256-CBC
auth SHA256
key-direction 1
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
#comp-lzo
# Set log file verbosity.
verb 3
# Silence repeating messages
;mute 20
# script-security 2
# up /etc/openvpn/update-resolv-conf
# down /etc/openvpn/update-resolv-conf
<ca>
-----BEGIN CERTIFICATE-----
MIIDSjCCAjKgAwIBAgIJAK+cOZtGybzrMA0GCSqGSIb3DQEBCwUAMB0xGzAZBgNV
BAMMElVuaXZlcnNpdHkgb2YgUGlzYTAeFw0xOTExMTMwNjA3MTFaFw0yOTExMTAw
NjA3MTFaMB0xGzAZBgNVBAMMElVuaXZlcnNpdHkgb2YgUGlzYTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAMrYQbOx7b1KK5aQ1VoLEfDtFAw0BC/ksB4E
V4cEQicNTrDBcLlpqbJyMxZEazRHWH1ilYslNP+qipir8YHtNcJL+sA+FEhZqRqL
Yt8EIVmIjOtB7xeVkBFc3X2TBwD+oTXPlHwF5sZ4wTOnl5PT3k0ftXqYU1sqeZ0T
AfPRdeL+buomnLRedUMx3IqyEzmgSTSHMaS3Cqh4SlKjFOyoT+aIm5Y4eoNDMQi9
MQdHU6a66sDePIdsJxPNNOTWESow0R7RNBKeHCxs/oWPITX5AkyzkQoetKpHUcH7
UGkjoEt7sOtCTdbWTKy7zLn+PMFPXHMpg1+HF6c5dhpV7qw7uIsCAwEAAaOBjDCB
iTAdBgNVHQ4EFgQU0DK88gmm5KMnu4XbawZ8Hvv6tnIwTQYDVR0jBEYwRIAU0DK8
8gmm5KMnu4XbawZ8Hvv6tnKhIaQfMB0xGzAZBgNVBAMMElVuaXZlcnNpdHkgb2Yg
UGlzYYIJAK+cOZtGybzrMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqG
SIb3DQEBCwUAA4IBAQCPIVzwW4uSa5jC/7qKBQ6IhS5OjK+oPWq6vvVRSsc/Kao4
Veyy7+r4fkC/AUfSF8KPMflPAW41R1tMNk2QNHMwmI/fDLWmigPGhFvEv9Ub2a23
JZ1CxnxirJYp5lF+QhPv9yzkVNIjr5l1twLjH4BugqNG5ycF5bEY/pxZZDlyfUKA
alo3wqntOg+772paxunOFUywEvJw5memxFR6myfN6eALYLZaFNHv9NsVkpy0tVly
ehmOYnyQk5CGpBIrPGmp/Q2NXMn6bG3k2xJ6Z6KXsmOL9uVtC1d4Sm+AkP5XGN6S
QY15ci+6h2K9SBZ+5BwLfNDRLKW4zrFwltZaWlnd
-----END CERTIFICATE-----
</ca>
<cert>
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
63:b9:12:ea:86:4f:49:f7:8d:8f:34:2d:a0:58:a0:ba
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=University of Pisa
Validity
Not Before: Dec 10 16:31:45 2019 GMT
Not After : Nov 24 16:31:45 2022 GMT
Subject: CN=studenti
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dd:30:58:9f:9b:a8:8f:bc:30:99:fc:19:2a:e8:
2b:01:7a:be:d6:87:7a:52:a4:62:a7:5c:f3:92:3e:
ab:a6:0b:38:9c:ad:42:10:94:ad:59:cf:c7:f3:61:
9d:e8:b7:88:27:a4:de:b1:e0:6d:39:ba:8c:b8:1e:
6a:17:b4:1d:f5:77:d0:47:d5:db:38:86:b9:64:bf:
bb:b2:21:b5:f1:60:52:37:4c:a5:39:a5:d4:ce:33:
ce:d7:a7:bd:ed:2d:24:5c:94:7b:72:43:0f:37:68:
16:2f:47:48:de:50:6b:62:01:16:9b:e2:b7:e7:4c:
7b:75:c2:62:82:47:13:61:31:7d:0a:7e:a6:2f:2b:
9e:88:1e:72:a9:43:2f:a3:f7:5e:4b:37:1b:d1:d9:
bb:c0:dc:56:09:c0:7d:f4:02:de:fd:ad:b0:36:2d:
b1:f5:4f:68:c1:5f:2b:27:4b:74:c2:7b:5c:de:7a:
f0:67:55:c2:62:ba:41:18:19:1a:90:3d:15:4e:fd:
4d:eb:e9:1e:50:09:f3:36:85:ca:ca:18:1b:32:15:
58:59:ec:b2:ee:47:b2:13:ed:7a:61:7d:8f:41:b8:
e8:ce:e4:8f:23:d0:8a:f4:a3:78:42:f6:de:39:98:
72:8c:12:e1:7c:15:2f:38:fd:f9:32:7b:67:2e:33:
04:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
07:49:FB:C1:EC:A6:7B:5F:97:38:7A:F6:6A:73:64:7D:72:98:87:47
X509v3 Authority Key Identifier:
keyid:D0:32:BC:F2:09:A6:E4:A3:27:BB:85:DB:6B:06:7C:1E:FB:FA:B6:72
DirName:/CN=University of Pisa
serial:AF:9C:39:9B:46:C9:BC:EB
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
Signature Algorithm: sha256WithRSAEncryption
40:3f:76:4a:ab:94:e5:b7:bf:44:56:74:af:1e:f2:a2:e3:d4:
e2:ac:cd:e0:b3:ab:79:42:81:9a:8c:8d:cf:00:47:aa:c1:9a:
ca:66:99:54:1e:01:93:06:a3:c7:8f:9d:37:ea:1d:7f:50:85:
ed:61:78:cf:31:e2:c2:f1:e5:36:f5:50:f8:7d:47:75:e3:33:
d2:dd:cb:66:70:76:a6:16:25:c0:00:16:d6:88:3c:d3:af:bf:
d9:57:81:de:88:78:dd:00:56:d2:39:99:82:76:9f:af:fa:b6:
27:8a:e9:c4:24:a0:a8:98:96:c9:c0:e9:54:dc:23:04:db:19:
61:b1:d6:28:fb:95:76:66:96:ed:5d:0f:a1:fd:e8:07:1b:70:
fd:bc:f2:ee:b0:2e:ca:f3:d8:09:d1:cf:61:5b:73:1f:a1:82:
6e:d9:8e:d5:8a:21:5c:1e:75:e3:1d:5c:b2:f1:ea:24:a5:f0:
77:b3:44:f8:34:51:88:91:68:b7:99:d1:74:e3:c2:05:7e:4f:
0e:10:49:30:94:ee:7b:4c:e8:7a:48:4c:36:63:21:0f:97:ee:
79:76:80:49:6e:51:a3:44:64:47:ba:41:72:fe:9a:9a:7e:2d:
8b:51:e3:ef:20:7f:82:b8:21:9d:bf:06:e3:fe:6e:03:2a:70:
cc:6c:3c:2d
-----BEGIN CERTIFICATE-----
MIIDWTCCAkGgAwIBAgIQY7kS6oZPSfeNjzQtoFigujANBgkqhkiG9w0BAQsFADAd
MRswGQYDVQQDDBJVbml2ZXJzaXR5IG9mIFBpc2EwHhcNMTkxMjEwMTYzMTQ1WhcN
MjIxMTI0MTYzMTQ1WjATMREwDwYDVQQDDAhzdHVkZW50aTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAN0wWJ+bqI+8MJn8GSroKwF6vtaHelKkYqdc85I+
q6YLOJytQhCUrVnPx/Nhnei3iCek3rHgbTm6jLgeahe0HfV30EfV2ziGuWS/u7Ih
tfFgUjdMpTml1M4zztenve0tJFyUe3JDDzdoFi9HSN5Qa2IBFpvit+dMe3XCYoJH
E2ExfQp+pi8rnogecqlDL6P3Xks3G9HZu8DcVgnAffQC3v2tsDYtsfVPaMFfKydL
dMJ7XN568GdVwmK6QRgZGpA9FU79TevpHlAJ8zaFysoYGzIVWFnssu5HshPtemF9
j0G46M7kjyPQivSjeEL23jmYcowS4XwVLzj9+TJ7Zy4zBAkCAwEAAaOBnjCBmzAJ
BgNVHRMEAjAAMB0GA1UdDgQWBBQHSfvB7KZ7X5c4evZqc2R9cpiHRzBNBgNVHSME
RjBEgBTQMrzyCabkoye7hdtrBnwe+/q2cqEhpB8wHTEbMBkGA1UEAwwSVW5pdmVy
c2l0eSBvZiBQaXNhggkAr5w5m0bJvOswEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYD
VR0PBAQDAgeAMA0GCSqGSIb3DQEBCwUAA4IBAQBAP3ZKq5Tlt79EVnSvHvKi49Ti
rM3gs6t5QoGajI3PAEeqwZrKZplUHgGTBqPHj5036h1/UIXtYXjPMeLC8eU29VD4
fUd14zPS3ctmcHamFiXAABbWiDzTr7/ZV4HeiHjdAFbSOZmCdp+v+rYniunEJKCo
mJbJwOlU3CME2xlhsdYo+5V2ZpbtXQ+h/egHG3D9vPLusC7K89gJ0c9hW3MfoYJu
2Y7ViiFcHnXjHVyy8eokpfB3s0T4NFGIkWi3mdF048IFfk8OEEkwlO57TOh6SEw2
YyEPl+55doBJblGjRGRHukFy/pqafi2LUePvIH+CuCGdvwbj/m4DKnDMbDwt
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDdMFifm6iPvDCZ
/Bkq6CsBer7Wh3pSpGKnXPOSPqumCzicrUIQlK1Zz8fzYZ3ot4gnpN6x4G05uoy4
HmoXtB31d9BH1ds4hrlkv7uyIbXxYFI3TKU5pdTOM87Xp73tLSRclHtyQw83aBYv
R0jeUGtiARab4rfnTHt1wmKCRxNhMX0KfqYvK56IHnKpQy+j915LNxvR2bvA3FYJ
wH30At79rbA2LbH1T2jBXysnS3TCe1zeevBnVcJiukEYGRqQPRVO/U3r6R5QCfM2
hcrKGBsyFVhZ7LLuR7IT7XphfY9BuOjO5I8j0Ir0o3hC9t45mHKMEuF8FS84/fky
e2cuMwQJAgMBAAECggEAUMHuGZhDmvci55Xbuoa57Phb5Qfh6XqLan/Njn/DPASs
zseTb2pZQIlUf9AMT4Ny+sZ/aIKAXqt15WN1aOIibhUovpGeUK0f02ENrqQQQejh
G7+oM7wQTpkr1CEyfv4UYJj12WoSjDA8qVZljIXgLxAmqRPGAXUzPnOSc+5vbPRu
y8p0fVw0zuCHNYP81VAlooV+DXK7IxfufTlSmEp+h4XTA1Hbaqo5lnAM5DdhAUeY
oeXzV4jEPGQpko6dHchE3Nkf/3oNPlufp0BwJhfwubZj+5c3SRSAUhTL+t1dVieW
0JHNxZfKgjnFlrLPzh2SO91s8bSHFgAa4xTrkLmdYQKBgQD2hVpo3Olp41XZ6DXI
5/jY4MEltF078bsdC8iIJ0K/qVovNOt72sPqDMfmFHdhXEvI+DGCvw573rv1TTyH
k/D5IovbLFTIzfh0aSX//e1GY+TqugqK/U1Nps8DhNsc8a4e4gAoOts0Ad2vPALd
N9ulz/QqD/SwgZl0HhC9NdSqNwKBgQDlsaKRSYVe5GfQlGz69mYjpLbVIav+2Rxp
oz6+v4PhK14XCDmUi/oeES6OuJIdk8yHjwAFhWY3/uV/KQI8v9AltHek+7ozLpvU
iGM44dIWQ6DVKtj3lGoocVgAaKVE06CErmehHiLJckGM8BinCqq8iv6yd6p1MFcS
nJey5ZGjvwKBgQDVCCQ63jyvDo+QAUUJWr0G3iLLLHQtaxXhYd9nGVZrPjP6+2ZL
357R0T2lrCYF8rZi82gFrokbrj0LHDWki8n/4USuoD6cULHWF0+JSqwS2hxmY2Lc
/UwiQHZAejzHZGqtsWulWEc5SCuEVP28oZqkTXKYLrWrGjO7zod0muIuPQKBgAGI
FrJrUBVa5opQgw2FWRcBwSpYqCHx5quZqBBzjHiS5nS23FNuP4O1z56qAmdqFeIN
hQ2EXzMeYv9fEaHAEa4+rtGN0CcJN4bKRgcaEmGNn+Pr/jhgZ/jPEKwoBnoYAyj/
VLeRUOAQ//jlnPR4ML1DHAGqpJtVcC8ylhxeRYNXAoGAG4duAMDrvvEl0juuHvDE
ZVXq9xECE4oi9o3YnKNLjCGfDK8tPJU7IDCkKkMsJ5UpfVozJ8QyJV6pwdZsQz2X
y+/r345Odp3PlxZD+F7n2QeliFJhnMlaBawf0qQ17i399fnVXjF32uiA1iRCpALc
ET/mW+89KH0YcO97YDgo+Z0=
-----END PRIVATE KEY-----
</key>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
39fca97332d96472154e2c6d0a83d0cf
1b4187c5303e8c26ae147bc1ee321aae
1a40fa2f91d20c5e5353ad12d22ba36f
f9f55c17d023c22689aa9d1ae81d5462
40ea2415456c014b730948cc1061fb6e
8bcb73fb7b36e2e1f3c180bc34e3216a
6974a778231a9bab36317f7b971a8f3b
312a2c2da9621f26336b1fd1bab18152
e8320784289dfc0cbfec4a9888eb0e9d
71a25cda1546708791f289d4d73cdb90
2f749c58a4d8fd6a179410c043f4d971
293c39d50939557423efabe355a5ba85
66fabc68b3b891a4a97d490466ada861
a8f64170d63df3f40688075deff458d2
0b2d17ede15417bbf4baa6365a44baa6
e3de767f335747cdeabd5ea04571b552
-----END OpenVPN Static key V1-----
</tls-auth>