forked from thecodefactory/proxpn-bash-client
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathproxpn.ovpn
executable file
·218 lines (205 loc) · 10.6 KB
/
proxpn.ovpn
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
# Conf from ProXPN Mac OS X 4.0.2 package contents
# Modified and commented where appropriate and necessary.
client
dev tun
proto tcp
# Default configuration is to keep trying forever, we bail after 30 seconds
resolv-retry 30
nobind
persist-key
persist-tun
cipher BF-CBC
keysize 512
comp-lzo
verb 4
mute 5
tun-mtu 1500
mssfix 1450
# Added in the shell script as a flag so configuration can be specified
;auth-user-pass
reneg-sec 0
# Prevent man in the middle spying by other clients
# this is an addition which is not present in ProXPN's conf file
remote-cert-tls server
# Comment out this chunk since our script is Linux only
# and these configuration options are here to primarly deal
# with the built-in Windows firewall
;route-method exe
;route-delay 1
;route-metric 512
;route 0.0.0.0 0.0.0.0
# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN
# server, put the proxy server/IP and
# port number here. See the man page
# if your proxy server requires
# authentication.
;http-proxy-retry # retry on connection failure
;http-proxy [proxy server] [proxy port #]
# Root CA cert provided by ProXPN
<ca>
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIJANJevG4eanbDMA0GCSqGSIb3DQEBBQUAMIGwMQswCQYD
VQQGEwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNjbzEbMBkG
A1UEChMScHJvWFBOIERpcmVjdCwgTExDMRMwEQYDVQQLEwpwcm94cG4uY29tMRMw
EQYDVQQDEwpwcm94cG4uY29tMRMwEQYDVQQpEwpwcm94cG4uY29tMSEwHwYJKoZI
hvcNAQkBFhJzdXBwb3J0QHByb3hwbi5jb20wHhcNMTAwNjA4MTQ0NDExWhcNMjAw
NjA1MTQ0NDExWjCBsDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRUwEwYDVQQH
EwxTYW5GcmFuY2lzY28xGzAZBgNVBAoTEnByb1hQTiBEaXJlY3QsIExMQzETMBEG
A1UECxMKcHJveHBuLmNvbTETMBEGA1UEAxMKcHJveHBuLmNvbTETMBEGA1UEKRMK
cHJveHBuLmNvbTEhMB8GCSqGSIb3DQEJARYSc3VwcG9ydEBwcm94cG4uY29tMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAug1oqmSJ6pL4p2B9vr0dx9UM
FihYyJQAG466plFbotHXQwW09s9Tn2qDxaJobCb7uX5d6ax/4ZzAipqBTxDncO05
CX2w03fWx2acFmRp+HILHQ/MjiYNpqp0DlRRYG9IC98c09xRs3qCtwnP8KTegcdA
5O9GbygT8BpAmFHMy/x9rGgnbQQxoDx/Lb16nCHvZouuQ1m8Vw7knygRe/nLLlzx
yM/wHViLqZiQB3pNlOPyBPLZa7RjNMtsl7LFw+ah9y8Mdfvtc8q5C5z78mgRDTyF
Ild90i/7CbZjcZLGDz7G7pKSxeiAOD4OkHRQA6/OzhVRGaFEsyZH4HuGGrLtXwID
AQABo4IBGTCCARUwHQYDVR0OBBYEFKvNJBpQvaxDdI1exwLB7dJayPrjMIHlBgNV
HSMEgd0wgdqAFKvNJBpQvaxDdI1exwLB7dJayPrjoYG2pIGzMIGwMQswCQYDVQQG
EwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNjbzEbMBkGA1UE
ChMScHJvWFBOIERpcmVjdCwgTExDMRMwEQYDVQQLEwpwcm94cG4uY29tMRMwEQYD
VQQDEwpwcm94cG4uY29tMRMwEQYDVQQpEwpwcm94cG4uY29tMSEwHwYJKoZIhvcN
AQkBFhJzdXBwb3J0QHByb3hwbi5jb22CCQDSXrxuHmp2wzAMBgNVHRMEBTADAQH/
MA0GCSqGSIb3DQEBBQUAA4IBAQAve0ODYMpPYaKapzivsX8Tr0tp3HIosichqVzs
d1y29ZT1bEqYGAoNOVWcz6nXYP/MDwpU1MJ4EZn5HUX2SPiDOPThqgdfc9KvUc91
pUG49XTD6q3V3j1lvU0nNqmAo+igamq0IGIQwq0xld2nrjTfSB6u87fPSG1mZuPU
Jjci03/CrFTDT90GFQr+s2aszrxJu2YaKB69XF66x7zwYYYHipJ/THiqBZFwMl4t
8ew06qlN5NwclhnMmNumj9MSr+V+kgKryp09o0PIUr3p19Rv2wIILJ3MuWHQc+01
iMWIdmaw17lrIb22Pws7PWTY44RPDBHhZXUU6/ljNJ9qgVgf
-----END CERTIFICATE-----
</ca>
# Cert provided by ProXPN, all clients have the same cert.
# While at first this seems problematic, it may be beneficial
# because makes it difficult to identify any individual user
# based only on their cert. This would not be the case if all
# clients had unique certs.
<cert>
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=CA, L=SanFrancisco, O=proXPN Direct, LLC, OU=proxpn.com, CN=proxpn.com/name=proxpn.com/emailAddress=support@proxpn.com
Validity
Not Before: Jun 8 14:45:12 2010 GMT
Not After : Jun 5 14:45:12 2020 GMT
Subject: C=US, ST=CA, L=SanFrancisco, O=proXPN Direct, LLC, OU=proxpn.com, CN=proxpn.com/name=proxpn.com/emailAddress=support@proxpn.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:e0:93:70:eb:4b:6a:7b:c1:2c:1b:27:dd:fd:7e:
a1:10:ef:97:02:93:ee:b4:84:ce:a6:5c:71:03:2c:
66:ef:a5:20:f1:4b:dc:48:35:6a:a6:d2:b0:d8:eb:
03:fe:6d:6e:2a:5c:97:5a:bc:8a:bc:5a:f5:7d:98:
d5:c1:b8:d6:8d:c6:84:d5:2a:53:47:64:12:41:7d:
58:ca:24:d5:49:35:02:f4:c1:1d:a6:f9:e2:62:c2:
21:0b:ef:c5:1f:c7:d3:75:66:6c:89:7c:b3:82:04:
2a:ef:fd:f2:90:5c:c1:ce:15:25:3b:5c:47:a3:59:
69:5b:7d:59:b2:20:77:92:49:0a:c6:dc:f7:40:16:
3c:d2:1f:e7:78:87:8c:f7:b1:2d:32:b5:dd:ff:4e:
5d:29:ab:12:89:0a:75:65:e3:a4:0a:1b:30:5a:58:
4d:a4:ba:e6:09:5d:0f:fc:47:9b:56:3d:83:08:a3:
99:80:d3:e3:b9:3d:75:26:bb:ad:2f:e5:9b:54:aa:
83:89:86:eb:77:e5:55:a7:4b:98:62:42:9a:1e:52:
5b:e7:da:cb:b9:c9:e9:b4:68:0c:04:10:cb:f5:bc:
84:08:2d:8b:c6:f3:81:aa:57:6a:b6:bf:aa:bb:fe:
79:7e:87:64:45:21:39:fd:f0:b2:b7:14:ec:52:3a:
dc:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
22:75:DD:59:51:30:D1:D7:88:80:A1:4C:99:A0:49:23:D8:32:70:5B
X509v3 Authority Key Identifier:
keyid:AB:CD:24:1A:50:BD:AC:43:74:8D:5E:C7:02:C1:ED:D2:5A:C8:FA:E3
DirName:/C=US/ST=CA/L=SanFrancisco/O=proXPN Direct, LLC/OU=proxpn.com/CN=proxpn.com/name=proxpn.com/emailAddress=support@proxpn.com
serial:D2:5E:BC:6E:1E:6A:76:C3
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
Signature Algorithm: sha1WithRSAEncryption
aa:2c:dc:02:2b:c0:37:a4:4d:d3:88:f4:ae:f5:3a:be:d3:80:
76:8d:f1:85:36:7a:7e:e2:c5:65:cf:09:03:b1:fb:bd:12:ef:
c8:8b:18:64:d7:97:d9:41:fe:64:ce:ce:4e:e8:14:30:69:49:
cf:da:73:16:fd:1b:da:23:aa:71:96:9d:2d:a8:d5:ea:1b:c6:
8e:01:11:4b:36:ab:d0:ba:4e:89:66:94:94:7f:ab:47:00:f3:
5f:00:69:2e:c3:e2:be:e3:71:49:8c:8b:1e:2c:e4:e6:92:85:
d7:ea:0c:77:57:6d:0f:f9:d3:c1:38:86:51:26:af:8e:36:e4:
8f:1c:22:45:1d:cb:95:37:25:f3:6c:ad:b1:c9:82:57:44:40:
c7:cf:23:1b:5c:79:5b:4b:7c:ea:88:da:89:30:fc:45:91:92:
5d:b0:3a:05:8f:fe:c7:4e:6e:7a:72:be:e4:1f:02:9f:85:9f:
99:c3:c8:bc:00:c4:99:82:d2:3c:d6:44:a3:4e:8b:2a:91:24:
b8:d2:df:d1:8d:e8:aa:74:fd:93:b4:96:f8:1a:8e:b8:7d:87:
67:6e:49:57:81:5a:e3:59:78:59:78:e4:4b:e8:ba:f0:41:bc:
af:b6:81:27:28:e5:38:93:66:74:b4:96:4b:45:c4:4c:85:0f:
73:5b:df:00
-----BEGIN CERTIFICATE-----
MIIFRjCCBC6gAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBsDELMAkGA1UEBhMCVVMx
CzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxTYW5GcmFuY2lzY28xGzAZBgNVBAoTEnBy
b1hQTiBEaXJlY3QsIExMQzETMBEGA1UECxMKcHJveHBuLmNvbTETMBEGA1UEAxMK
cHJveHBuLmNvbTETMBEGA1UEKRMKcHJveHBuLmNvbTEhMB8GCSqGSIb3DQEJARYS
c3VwcG9ydEBwcm94cG4uY29tMB4XDTEwMDYwODE0NDUxMloXDTIwMDYwNTE0NDUx
MlowgbAxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEBxMMU2FuRnJh
bmNpc2NvMRswGQYDVQQKExJwcm9YUE4gRGlyZWN0LCBMTEMxEzARBgNVBAsTCnBy
b3hwbi5jb20xEzARBgNVBAMTCnByb3hwbi5jb20xEzARBgNVBCkTCnByb3hwbi5j
b20xITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRAcHJveHBuLmNvbTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAOCTcOtLanvBLBsn3f1+oRDvlwKT7rSEzqZc
cQMsZu+lIPFL3Eg1aqbSsNjrA/5tbipcl1q8irxa9X2Y1cG41o3GhNUqU0dkEkF9
WMok1Uk1AvTBHab54mLCIQvvxR/H03VmbIl8s4IEKu/98pBcwc4VJTtcR6NZaVt9
WbIgd5JJCsbc90AWPNIf53iHjPexLTK13f9OXSmrEokKdWXjpAobMFpYTaS65gld
D/xHm1Y9gwijmYDT47k9dSa7rS/lm1Sqg4mG63flVadLmGJCmh5SW+fay7nJ6bRo
DAQQy/W8hAgti8bzgapXara/qrv+eX6HZEUhOf3wsrcU7FI63A0CAwEAAaOCAWcw
ggFjMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRl
ZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUInXdWVEw0deIgKFMmaBJI9gycFswgeUG
A1UdIwSB3TCB2oAUq80kGlC9rEN0jV7HAsHt0lrI+uOhgbakgbMwgbAxCzAJBgNV
BAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEBxMMU2FuRnJhbmNpc2NvMRswGQYD
VQQKExJwcm9YUE4gRGlyZWN0LCBMTEMxEzARBgNVBAsTCnByb3hwbi5jb20xEzAR
BgNVBAMTCnByb3hwbi5jb20xEzARBgNVBCkTCnByb3hwbi5jb20xITAfBgkqhkiG
9w0BCQEWEnN1cHBvcnRAcHJveHBuLmNvbYIJANJevG4eanbDMBMGA1UdJQQMMAoG
CCsGAQUFBwMCMAsGA1UdDwQEAwIHgDANBgkqhkiG9w0BAQUFAAOCAQEAqizcAivA
N6RN04j0rvU6vtOAdo3xhTZ6fuLFZc8JA7H7vRLvyIsYZNeX2UH+ZM7OTugUMGlJ
z9pzFv0b2iOqcZadLajV6hvGjgERSzar0LpOiWaUlH+rRwDzXwBpLsPivuNxSYyL
Hizk5pKF1+oMd1dtD/nTwTiGUSavjjbkjxwiRR3LlTcl82ytscmCV0RAx88jG1x5
W0t86ojaiTD8RZGSXbA6BY/+x05uenK+5B8Cn4WfmcPIvADEmYLSPNZEo06LKpEk
uNLf0Y3oqnT9k7SW+BqOuH2HZ25JV4Fa41l4WXjkS+i68EG8r7aBJyjlOJNmdLSW
S0XETIUPc1vfAA==
-----END CERTIFICATE-----
</cert>
# Because all clients have the same cert, all clients have the same key.
# Disclosing it here is not a security risk, since it's already dislosed
# in the ProXPN package itself.
# @see: https://gist.github.com/MattSurabian/4c00ab864d9ae64c589d
<key>
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA4JNw60tqe8EsGyfd/X6hEO+XApPutITOplxxAyxm76Ug8Uvc
SDVqptKw2OsD/m1uKlyXWryKvFr1fZjVwbjWjcaE1SpTR2QSQX1YyiTVSTUC9MEd
pvniYsIhC+/FH8fTdWZsiXyzggQq7/3ykFzBzhUlO1xHo1lpW31ZsiB3kkkKxtz3
QBY80h/neIeM97EtMrXd/05dKasSiQp1ZeOkChswWlhNpLrmCV0P/EebVj2DCKOZ
gNPjuT11JrutL+WbVKqDiYbrd+VVp0uYYkKaHlJb59rLucnptGgMBBDL9byECC2L
xvOBqldqtr+qu/55fodkRSE5/fCytxTsUjrcDQIDAQABAoIBACkSjipaZqUvlTN6
PR1plWeVihbMm3GkgG7opTqhWkol9zpqV2VVb6YHDpT9loNn3CgfOwc7SFxeflt0
IlQFzCet0Qlzbju2T6hulliSF/gFm/7LevLY7NCHFKgsN+8yCriD/QHALsxumrO9
zCke7csVDvQmUmvLpHs5F7h+O6AjJ/3WLeZnldKAnO/vePmuvHMsjheqhoWQOkyD
9HOxNy8BIa7JnBnLNAtaHGDtg0kVF6lsteQwKplxBXWxJcEYwHykAjg0kHz0yXy1
KX227SMoW2X2M24k+jm+X9yhGqA1FF/TVoKjbm0Xl3O69N61gQCFMKZHsDcntnUD
5P6D2MECgYEA9OW5y5F/Ws9RncMaFSOFS1iGHENv8Pb1tKpGNRMXQujGQchAIR0+
GRh2k0ULxvzcCZ+FpXkM9wok4+E6Exq7ivySti6LAxJIT+Ki+9CaFItENNwqbr+y
YfNZo6CzR7uZ1u8KjGC3/KzgE9tFnUsIllswfRf0zc5zBtgTkg6k23UCgYEA6sHd
gXG6t5dzL4MDbR//1rSIJyNbk/caWfeUWGxOpWLwBVceOICq8BW3+YLdl6LjRhjY
QSg9iA1hH6FgYVmV2LKOUnSY4EqA/bSgRxMUk4p65ZjgIhswQVeIoMuSq/fYggVH
mTjTe2kRk7M6pf0w15qkfnJo5gmlRyFLNY/RIzkCgYBJvdriV1934rF6xcLW1qlO
dMt9Ozk738FAs30MgkEg3qLEMB5PWlTWja02zzWqp31CUIyXtQmYYa+WBr3L/uK2
CTPMM9ucAydPFrlpBfk/cmgJWrpUOtjl8bbuNHeHhA/gzn3ooz8DkLKwh/hAUtW1
IKRLJqmKRz4Ps4TBGDO/+QKBgQDCPK+a18/m8c+jYyJlmxFiw7LXt0Chd9X81IWQ
d+TGoMr5kDB4DbXhugaj0uyn92VW7V2Y48Otm2xd8Hc/dREv3+U0QjbvdZWu1VG8
HQRsYyr2Z3wjnB1cIyHv8SAlW4dvZRDtrQAGX1PkwmnnR0uvSMuLt/wlQZvX86s3
4QvouQKBgQDl1bEkmAqHj0LHr9YdybYoJX7O8wK5DlTdzYnJcY+DVlStVNbNxqr7
cKBfLqe0NdAPQtcBLkIU/iV91IAozg/6iLklDhPHG1B6o/nYrYf/8Z/1M8HwQCYs
QY+ssFWITze/+4aNyZahx/r+dUSeYQwXHGQul0QIvH1+PGQIuV7vWw==
-----END RSA PRIVATE KEY-----
</key>