Guys, ito tut ito para sa openvpn connect and at the same time para sa app ko na rin.
Sa paggawa ng openvpn config may 3 parts na dapat hnd mawala sa config.
-dito mo lahat ilalagay ang lahat ng alam mong tweaks at mga kailangan na configuration para mkaconnect ang config.
Example:
Tricks:
Authentication section
-siguro alam nyo naman ito, username at pass ang nilalaman nito. sa section na ito dapat 4 lines lng ang makikita: 2 'auth-user-pass' tags, username, and pass. sa part na ito dapat wlng whitespaces na makikita sa loob ng 'auth-user-pass' tag, dapat username at pass lng. siguraduhing wlng spaces na ang bawat line nito or else it will result to import error.
Example:
Lastly, CA Certificate section (correct me if I'm wrong)
-itong section na ito kailangan ito para malaman kung valid ang connection mo sa internet access. dito rin nkapaloob ang details ng server kaya kapag gagawa ng configs sa configs ni kuya PesteM ung remote ip, http-proxy at payload na lng ang ieedit since same lng ang port at same lng ang details ng server. kaya kapag ang isang config ay galing sa isang vpn registration site at itong config ay inedit mo at pinalitan mo ang remote ip and port na galing naman sa ibang vpn registration site, hnd nagcoconnect kc ung CA Certificate nila magkaiba kaya be sure na meron kang config ng niregisteran mo.
Example:
ito magiging outcome ng config which is a non-tls connection.
TLS Connection
may mga configs naman na tls ang connection at ang pagkakaiba nila ay ung sa Authentication section
sa tls connection meron rin syang Network configuration section at CA Certificate section pero ang Authentication section ay iba.
sa tls connection may 3 parts (well, maybe) ang Authentication section namely: key section, cert section at tls-auth section. yang 3 yan kailangan yan sa tls connection. ung 4 lines ay rarami kapag tls at ung 4 lines na yun ay mapapalitan ng 3 na yan.
Guys ito pala ung ginawa kong app..
nkaka 900 na itong build na ito.
ito ung last last build ko na kahit papaano successful naman pero wla cyang tls support at hnd nya supported ang 32 bit OS pero ung latest build and updates ko meron nang tls support at supported na ang 32 bit OS.
Open this thread
Sa paggawa ng openvpn config may 3 parts na dapat hnd mawala sa config.
- Network configuration section
- Authentication section
- CA certificate section
-dito mo lahat ilalagay ang lahat ng alam mong tweaks at mga kailangan na configuration para mkaconnect ang config.
Example:
Code:
client
dev tun
proto tcp
remote (IP Address) (Port)
http-proxy (IP Address) (Port)
http-option CUSTOM-HEADER Host (Payload)
persist-key
persist-tun
nobind
comp-lzo
verb 3Tricks:
- kahit ung Host header lng pwde na basta ung payload working. sa configs kong ginagawa Host header lng ang nilalagay ko kc nagcoconnect naman cya pero pwde nyo rin lagyan ng tweaks, kayo na bhla.
- sa configs ni kuya PesteM inaalis ko ung 'route-method exe','persist-remote-ip', at 'mute-replay-warnings' kc kapag nsa laro sila ang nagcocause ng lag ingame according to my tests. mga 5 accounts na ang na lowprio kakatest ko pero ok lng sulit naman.
- be sure na SINGAPORE ang iyong server kung mag oonline games ka.
Authentication section
-siguro alam nyo naman ito, username at pass ang nilalaman nito. sa section na ito dapat 4 lines lng ang makikita: 2 'auth-user-pass' tags, username, and pass. sa part na ito dapat wlng whitespaces na makikita sa loob ng 'auth-user-pass' tag, dapat username at pass lng. siguraduhing wlng spaces na ang bawat line nito or else it will result to import error.
Example:
Code:
<auth-user-pass>
exampleusername
examplepassword
</auth-user-pass>Lastly, CA Certificate section (correct me if I'm wrong)
-itong section na ito kailangan ito para malaman kung valid ang connection mo sa internet access. dito rin nkapaloob ang details ng server kaya kapag gagawa ng configs sa configs ni kuya PesteM ung remote ip, http-proxy at payload na lng ang ieedit since same lng ang port at same lng ang details ng server. kaya kapag ang isang config ay galing sa isang vpn registration site at itong config ay inedit mo at pinalitan mo ang remote ip and port na galing naman sa ibang vpn registration site, hnd nagcoconnect kc ung CA Certificate nila magkaiba kaya be sure na meron kang config ng niregisteran mo.
Example:
Code:
<ca>
-----BEGIN CERTIFICATE-----
MIID0TCCAzqgAwIBAgIJAIjqktFg455dMA0GCSqGSIb3DQEBBQUAMIGiMQswCQYD
VQQGEwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNjbzEVMBMG
A1UEChMMRm9ydC1GdW5zdG9uMREwDwYDVQQLEwhjaGFuZ2VtZTERMA8GA1UEAxMI
Y2hhbmdlbWUxETAPBgNVBCkTCGNoYW5nZW1lMR8wHQYJKoZIhvcNAQkBFhBtYWls
QGhvc3QuZG9tYWluMB4XDTE4MDIwNTA1NTQyOVoXDTI4MDIwMzA1NTQyOVowgaIx
CzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEBxMMU2FuRnJhbmNpc2Nv
MRUwEwYDVQQKEwxGb3J0LUZ1bnN0b24xETAPBgNVBAsTCGNoYW5nZW1lMREwDwYD
VQQDEwhjaGFuZ2VtZTERMA8GA1UEKRMIY2hhbmdlbWUxHzAdBgkqhkiG9w0BCQEW
EG1haWxAaG9zdC5kb21haW4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM5x
tcW1HkKgWxkbIPDEpAyiQK6ULDAz+rPvBw0ltj4N8VC7Rrve6gOg2VSTxmXb6W8y
7uN++6OGd+6B9+tWytQ7M3rU4bdEyDhkA8r2+yT9hEFZb09pKM5jNxQdEjfz5VQ0
gKViMBjr1HeGTqITFVHKmixobJBV2N92B5/5a6P3AgMBAAGjggELMIIBBzAdBgNV
HQ4EFgQUvSgtZZccQVmvLhGtN/gUPdDF1Y0wgdcGA1UdIwSBzzCBzIAUvSgtZZcc
QVmvLhGtN/gUPdDF1Y2hgaikgaUwgaIxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJD
QTEVMBMGA1UEBxMMU2FuRnJhbmNpc2NvMRUwEwYDVQQKEwxGb3J0LUZ1bnN0b24x
ETAPBgNVBAsTCGNoYW5nZW1lMREwDwYDVQQDEwhjaGFuZ2VtZTERMA8GA1UEKRMI
Y2hhbmdlbWUxHzAdBgkqhkiG9w0BCQEWEG1haWxAaG9zdC5kb21haW6CCQCI6pLR
YOOeXTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBACXJ3DIXanJTNrEJ
y1n1fyPKBJrIPUcEwQpAx4hu0KxAR9hGEU8FCNb9fIclEN2LGT4xm4kE1kPt8qsx
f2ISElHQwexL81qXunfEyus5tH+kY5fxVugIb1ymD/EMcyB+rZbwpLe469D/mujb
vANrA6XvA1/EZBG9CA+VjxRyjVhn
-----END CERTIFICATE-----
</ca>ito magiging outcome ng config which is a non-tls connection.
Code:
client
dev tun
proto tcp
remote (IP Address) (Port)
http-proxy (IP Address) (Port)
persist-key
persist-tun
nobind
comp-lzo
verb 3
<auth-user-pass>
(username)
(password)
</auth-user-pass>
<ca>
-----BEGIN CERTIFICATE-----
MIID0TCCAzqgAwIBAgIJAIjqktFg455dMA0GCSqGSIb3DQEBBQUAMIGiMQswCQYD
VQQGEwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNjbzEVMBMG
A1UEChMMRm9ydC1GdW5zdG9uMREwDwYDVQQLEwhjaGFuZ2VtZTERMA8GA1UEAxMI
Y2hhbmdlbWUxETAPBgNVBCkTCGNoYW5nZW1lMR8wHQYJKoZIhvcNAQkBFhBtYWls
QGhvc3QuZG9tYWluMB4XDTE4MDIwNTA1NTQyOVoXDTI4MDIwMzA1NTQyOVowgaIx
CzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEBxMMU2FuRnJhbmNpc2Nv
MRUwEwYDVQQKEwxGb3J0LUZ1bnN0b24xETAPBgNVBAsTCGNoYW5nZW1lMREwDwYD
VQQDEwhjaGFuZ2VtZTERMA8GA1UEKRMIY2hhbmdlbWUxHzAdBgkqhkiG9w0BCQEW
EG1haWxAaG9zdC5kb21haW4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM5x
tcW1HkKgWxkbIPDEpAyiQK6ULDAz+rPvBw0ltj4N8VC7Rrve6gOg2VSTxmXb6W8y
7uN++6OGd+6B9+tWytQ7M3rU4bdEyDhkA8r2+yT9hEFZb09pKM5jNxQdEjfz5VQ0
gKViMBjr1HeGTqITFVHKmixobJBV2N92B5/5a6P3AgMBAAGjggELMIIBBzAdBgNV
HQ4EFgQUvSgtZZccQVmvLhGtN/gUPdDF1Y0wgdcGA1UdIwSBzzCBzIAUvSgtZZcc
QVmvLhGtN/gUPdDF1Y2hgaikgaUwgaIxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJD
QTEVMBMGA1UEBxMMU2FuRnJhbmNpc2NvMRUwEwYDVQQKEwxGb3J0LUZ1bnN0b24x
ETAPBgNVBAsTCGNoYW5nZW1lMREwDwYDVQQDEwhjaGFuZ2VtZTERMA8GA1UEKRMI
Y2hhbmdlbWUxHzAdBgkqhkiG9w0BCQEWEG1haWxAaG9zdC5kb21haW6CCQCI6pLR
YOOeXTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBACXJ3DIXanJTNrEJ
y1n1fyPKBJrIPUcEwQpAx4hu0KxAR9hGEU8FCNb9fIclEN2LGT4xm4kE1kPt8qsx
f2ISElHQwexL81qXunfEyus5tH+kY5fxVugIb1ymD/EMcyB+rZbwpLe469D/mujb
vANrA6XvA1/EZBG9CA+VjxRyjVhn
-----END CERTIFICATE-----
</ca>TLS Connection
may mga configs naman na tls ang connection at ang pagkakaiba nila ay ung sa Authentication section
sa tls connection meron rin syang Network configuration section at CA Certificate section pero ang Authentication section ay iba.
sa tls connection may 3 parts (well, maybe) ang Authentication section namely: key section, cert section at tls-auth section. yang 3 yan kailangan yan sa tls connection. ung 4 lines ay rarami kapag tls at ung 4 lines na yun ay mapapalitan ng 3 na yan.
Code:
<key>
-----BEGIN PRIVATE KEY-----
MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBANG4HcRF07mtdRK+
hst59/SurdfS5nQ2C/sUehr6wZ8gwhk/HEE/hVSCMFt/ZZeorctwDbQSpbrMpUoI
X4ReZLTW0VBG88gB4JtFmQizKY04foz0tb5p7admofjugIEMOuFN/2dtZuNQuF/y
UqN1BygPX+kxPaBywSOB33j15ZwxAgMBAAECgYEAjL8DAylVueRGkOjbMA3QMh9V
PmYlEdL/4WbRt++YKEJk4WqwfL2zro6dA5sRRGIJGWI/YB2vqhkTyQari/uJm3kZ
i9H4t58/pRB6W/lTspayCI3h+fgQKpWYom4IJsW7rxuj/uZud8le0JpZ80zovVlZ
QD+jqPf7F6afoErl5E0CQQDnv5emB7LYCtBOH5SZoxurolRNKqcyUhR7TyTtlMni
tOOMkG0xLHI7XAa08TTOWo46cy0kB3tiG0WqZLcvPaozAkEA56pfxVlhjohojF7G
nibDEaNar+AF9ZvrWzJfjmIIyeEiYDhWhAVqlTzoIt2FH+PpNFXoAhVX1reBLp8T
sI+ECwJBALPRCnbuNEvDoDtt75yCXb8AFo9FkDPQUkoXb9zUfQ1mM8VmbwMfrIb4
cc/F9KZEx2T850K0d3z5EkYTHbwPCdcCQQDNWSxDVpMvMKLbqjcMgPdwbwg31a/y
oh7hW6lwIF4B9NnvyICHzfVIDBEItqsGNZPFnFBnaFvQLCEKHl/ppY05AkA5hc7R
LuY9AJ6SyRY35l0ahxsDubLlxw73XMydjly4skAyIxAgDdG1PsLQEmgEBfeJ/Zft
ZKWNCaf5t4hurNgm
-----END PRIVATE KEY-----
</key>
Code:
<cert>
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=DE, ST=NI, L=Clausthal-Zellerfeld, O=VPNinTouch, OU=VPNINTOUCH, CN=VPNINTOUCH/name=VPNINTOUCH/emailAddress=info@vpnintouch.com
Validity
Not Before: Jul 3 10:04:51 2014 GMT
Not After : Jun 30 10:04:51 2024 GMT
Subject: C=DE, ST=NI, L=Clausthal-Zellerfeld, O=VPNinTouch, OU=VPNINTOUCH, CN=client/name=VPNINTOUCH/emailAddress=info@vpnintouch.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:d1:b8:1d:c4:45:d3:b9:ad:75:12:be:86:cb:79:
f7:f4:ae:ad:d7:d2:e6:74:36:0b:fb:14:7a:1a:fa:
c1:9f:20:c2:19:3f:1c:41:3f:85:54:82:30:5b:7f:
65:97:a8:ad:cb:70:0d:b4:12:a5:ba:cc:a5:4a:08:
5f:84:5e:64:b4:d6:d1:50:46:f3:c8:01:e0:9b:45:
99:08:b3:29:8d:38:7e:8c:f4:b5:be:69:ed:a7:66:
a1:f8:ee:80:81:0c:3a:e1:4d:ff:67:6d:66:e3:50:
b8:5f:f2:52:a3:75:07:28:0f:5f:e9:31:3d:a0:72:
c1:23:81:df:78:f5:e5:9c:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
6C:D7:20:8E:BD:0A:51:75:FF:DD:83:81:78:A0:6C:E9:5C:24:82:B2
X509v3 Authority Key Identifier:
keyid:58:04:BF:4C:F3:72:79:ED:C3:F5:88:65:41:59:91:99:D4:9B:09:8B
DirName:/C=DE/ST=NI/L=Clausthal-Zellerfeld/O=VPNinTouch/OU=VPNINTOUCH/CN=VPNINTOUCH/name=VPNINTOUCH/emailAddress=info@vpnintouch.com
serial:F7:E6:32:8B:DB:8F:8F:94
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
Signature Algorithm: sha1WithRSAEncryption
51:fd:3f:f5:43:f6:4e:56:06:19:d0:c3:33:2a:e0:bf:e6:61:
37:d1:9d:21:f5:02:02:ee:4c:c2:3a:ba:69:ac:15:23:6e:7e:
87:8e:ed:ec:75:11:91:3f:2e:19:af:5e:6c:a0:2e:82:c9:56:
fb:40:c7:34:5b:74:58:1a:dc:50:0c:f2:36:a1:72:0e:c5:67:
f3:16:7b:79:ae:3a:cc:d3:ca:31:10:5e:73:88:7f:3f:dd:8d:
53:ee:23:a1:b5:29:bc:f9:ba:e4:96:fc:11:8c:ad:32:9d:79:
f8:69:c2:2f:67:9c:0d:fb:5e:32:6c:ad:8c:9d:a6:23:72:84:
26:83
-----BEGIN CERTIFICATE-----
MIIEQDCCA6mgAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBsTELMAkGA1UEBhMCREUx
CzAJBgNVBAgTAk5JMR0wGwYDVQQHExRDbGF1c3RoYWwtWmVsbGVyZmVsZDETMBEG
A1UEChMKVlBOaW5Ub3VjaDETMBEGA1UECxMKVlBOSU5UT1VDSDETMBEGA1UEAxMK
VlBOSU5UT1VDSDETMBEGA1UEKRMKVlBOSU5UT1VDSDEiMCAGCSqGSIb3DQEJARYT
aW5mb0B2cG5pbnRvdWNoLmNvbTAeFw0xNDA3MDMxMDA0NTFaFw0yNDA2MzAxMDA0
NTFaMIGtMQswCQYDVQQGEwJERTELMAkGA1UECBMCTkkxHTAbBgNVBAcTFENsYXVz
dGhhbC1aZWxsZXJmZWxkMRMwEQYDVQQKEwpWUE5pblRvdWNoMRMwEQYDVQQLEwpW
UE5JTlRPVUNIMQ8wDQYDVQQDEwZjbGllbnQxEzARBgNVBCkTClZQTklOVE9VQ0gx
IjAgBgkqhkiG9w0BCQEWE2luZm9AdnBuaW50b3VjaC5jb20wgZ8wDQYJKoZIhvcN
AQEBBQADgY0AMIGJAoGBANG4HcRF07mtdRK+hst59/SurdfS5nQ2C/sUehr6wZ8g
whk/HEE/hVSCMFt/ZZeorctwDbQSpbrMpUoIX4ReZLTW0VBG88gB4JtFmQizKY04
foz0tb5p7admofjugIEMOuFN/2dtZuNQuF/yUqN1BygPX+kxPaBywSOB33j15Zwx
AgMBAAGjggFoMIIBZDAJBgNVHRMEAjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJT
QSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFGzXII69ClF1/92DgXig
bOlcJIKyMIHmBgNVHSMEgd4wgduAFFgEv0zzcnntw/WIZUFZkZnUmwmLoYG3pIG0
MIGxMQswCQYDVQQGEwJERTELMAkGA1UECBMCTkkxHTAbBgNVBAcTFENsYXVzdGhh
bC1aZWxsZXJmZWxkMRMwEQYDVQQKEwpWUE5pblRvdWNoMRMwEQYDVQQLEwpWUE5J
TlRPVUNIMRMwEQYDVQQDEwpWUE5JTlRPVUNIMRMwEQYDVQQpEwpWUE5JTlRPVUNI
MSIwIAYJKoZIhvcNAQkBFhNpbmZvQHZwbmludG91Y2guY29tggkA9+Yyi9uPj5Qw
EwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMA0GCSqGSIb3DQEBBQUA
A4GBAFH9P/VD9k5WBhnQwzMq4L/mYTfRnSH1AgLuTMI6ummsFSNufoeO7ex1EZE/
LhmvXmygLoLJVvtAxzRbdFga3FAM8jahcg7FZ/MWe3muOszTyjEQXnOIfz/djVPu
I6G1Kbz5uuSW/BGMrTKdefhpwi9nnA37XjJsrYydpiNyhCaD
-----END CERTIFICATE-----
</cert>
Code:
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
882c9235e7387fa57b96a717a3818061
3c62407821c72a439cb1096de9353f1e
29a722f0aee314e7d37cc337ad470c96
bbcda7b63603b6eb83510effea642bd1
df59b6008959799e5b0999d1e0c86080
205c8e8410ad39dcbfc537e74e6c1def
c054097ce06e5003386bb879fc3556bb
c47d7dad603400afb5c3b9b52856bcf6
9a31d610f73f044bc5df66732004ba55
4a7f423f7a184bd4f78db11717ee24c7
8ce3a84a3390f126186a76168e1287d7
0e34cb4f70d98480e42a75f2a3b9e08d
37ed85305e61b913a041f9c8277cc0c2
836de02043daed5bfad035ed83613522
bbb35991b39bf58644799f9b7c9f6c40
cbfa3f6e8e08e467840dc1fac11e8efc
-----END OpenVPN Static key V1-----
</tls-auth>Guys ito pala ung ginawa kong app..
nkaka 900 na itong build na ito.
ito ung last last build ko na kahit papaano successful naman pero wla cyang tls support at hnd nya supported ang 32 bit OS pero ung latest build and updates ko meron nang tls support at supported na ang 32 bit OS.
Open this thread
Last edited:
