Vou criar meu próprio firewall usando a máquina debian física. Desta vez é uma configuração de NAT por NAT até que tudo funcione bem. (Não perturbe a rede primária.)
Eu tenho um Debian vServer hospedado pela OVH como OpenVPN-Server. IP: 147.135.x.y O nome do perfil vpn é squad.block
Minhas interfaces de firewall locais:
A interface "externa": nome: enp1s0 ip: 193.169.0.101 netmask: 255.255.255.0
A principal interface interna: nome: enp4s0 ip: 192.168.2.1 netmask: 255.255.0.0
A interface interna secundária (ainda não está em uso): nome: enp3s0 ip: 193.169.10.1 netmask: 255.255.255.0
Interface OpenVPN: nome: tun0 ip 10.8.0.8 netmask: 255.255.255.0
Várias vlans chamadas vlan5 a vlan100 (Convidados, inquilinos, ...)
Quando estou em trânsito, quero me conectar à minha rede local principal usando o OpenVPN no meu Smartphone Android usando IPs locais como 192.168.2.26
As configurações que recebi ainda:
ifconfig
enp1s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 193.169.0.101 netmask 255.255.255.0 broadcast 193.169.0.255
inet6 fe80::2e0:4cff:fe20:13f9 prefixlen 64 scopeid 0x20<link>
ether 00:e0:4c:20:13:f9 txqueuelen 1000 (Ethernet)
RX packets 691277526 bytes 692144437624 (644.6 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 426282739 bytes 147335959117 (137.2 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
enp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 193.169.10.1 netmask 255.255.255.0 broadcast 193.169.10.255
inet6 fe80::2e0:4cff:fe2d:5 prefixlen 64 scopeid 0x20<link>
ether 00:e0:4c:2d:00:05 txqueuelen 1000 (Ethernet)
RX packets 23498991 bytes 2001516444 (1.8 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 414954 bytes 24908258 (23.7 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
enp4s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.2.1 netmask 255.252.0.0 broadcast 192.171.255.255
inet6 fe80::7285:c2ff:fe71:4fa6 prefixlen 64 scopeid 0x20<link>
ether 70:85:c2:71:4f:a6 txqueuelen 1000 (Ethernet)
RX packets 428636364 bytes 148994264718 (138.7 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 692687850 bytes 692571883802 (645.0 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Lokale Schleife)
RX packets 883164 bytes 63312218 (60.3 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 883164 bytes 63312218 (60.3 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.8.0.8 netmask 255.255.255.0 destination 10.8.0.8
inet6 fe80::ff81:e861:ff19:158a prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC)
RX packets 20 bytes 1816 (1.7 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 371 bytes 26148 (25.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vlan5: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.5.1 netmask 255.255.255.0 broadcast 10.0.5.255
inet6 fe80::7285:c2ff:fe71:4fa6 prefixlen 64 scopeid 0x20<link>
ether 70:85:c2:71:4f:a6 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1094 bytes 76668 (74.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vlan10: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.10.1 netmask 255.255.255.0 broadcast 10.0.10.255
inet6 fe80::7285:c2ff:fe71:4fa6 prefixlen 64 scopeid 0x20<link>
ether 70:85:c2:71:4f:a6 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1091 bytes 76458 (74.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vlan20: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.20.1 netmask 255.255.255.0 broadcast 10.0.20.255
inet6 fe80::7285:c2ff:fe71:4fa6 prefixlen 64 scopeid 0x20<link>
ether 70:85:c2:71:4f:a6 txqueuelen 1000 (Ethernet)
RX packets 16307363 bytes 2448383078 (2.2 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 35379628 bytes 46609137868 (43.4 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vlan21: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.21.1 netmask 255.255.255.0 broadcast 10.0.21.255
inet6 fe80::7285:c2ff:fe71:4fa6 prefixlen 64 scopeid 0x20<link>
ether 70:85:c2:71:4f:a6 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1092 bytes 76528 (74.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vlan30: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.30.1 netmask 255.255.255.0 broadcast 10.0.30.255
inet6 fe80::7285:c2ff:fe71:4fa6 prefixlen 64 scopeid 0x20<link>
ether 70:85:c2:71:4f:a6 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1094 bytes 76668 (74.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vlan40: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.40.1 netmask 255.255.255.0 broadcast 10.0.40.255
inet6 fe80::7285:c2ff:fe71:4fa6 prefixlen 64 scopeid 0x20<link>
ether 70:85:c2:71:4f:a6 txqueuelen 1000 (Ethernet)
RX packets 13576 bytes 4626900 (4.4 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1090 bytes 76388 (74.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vlan50: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.50.1 netmask 255.255.255.0 broadcast 10.0.50.255
inet6 fe80::7285:c2ff:fe71:4fa6 prefixlen 64 scopeid 0x20<link>
ether 70:85:c2:71:4f:a6 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1091 bytes 76458 (74.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vlan60: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.60.1 netmask 255.255.255.0 broadcast 10.0.60.255
inet6 fe80::7285:c2ff:fe71:4fa6 prefixlen 64 scopeid 0x20<link>
ether 70:85:c2:71:4f:a6 txqueuelen 1000 (Ethernet)
RX packets 419543 bytes 77555123 (73.9 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 544239 bytes 457291463 (436.1 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vlan70: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.70.1 netmask 255.255.255.0 broadcast 10.0.70.255
inet6 fe80::7285:c2ff:fe71:4fa6 prefixlen 64 scopeid 0x20<link>
ether 70:85:c2:71:4f:a6 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1088 bytes 76248 (74.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vlan80: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.80.1 netmask 255.255.255.0 broadcast 10.0.80.255
inet6 fe80::7285:c2ff:fe71:4fa6 prefixlen 64 scopeid 0x20<link>
ether 70:85:c2:71:4f:a6 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1096 bytes 76808 (75.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vlan90: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.90.1 netmask 255.255.255.0 broadcast 10.0.90.255
inet6 fe80::7285:c2ff:fe71:4fa6 prefixlen 64 scopeid 0x20<link>
ether 70:85:c2:71:4f:a6 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1094 bytes 76668 (74.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vlan100: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.100.1 netmask 255.255.255.0 broadcast 10.0.100.255
inet6 fe80::7285:c2ff:fe71:4fa6 prefixlen 64 scopeid 0x20<link>
ether 70:85:c2:71:4f:a6 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1091 bytes 76458 (74.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
rota
Kernel-IP-Routentable
Target Router Genmask Flags Metric Ref Use Iface
default 193.169.0.1 0.0.0.0 UG 0 0 0 enp1s0
10.0.5.0 0.0.0.0 255.255.255.0 U 0 0 0 vlan5
10.0.10.0 0.0.0.0 255.255.255.0 U 0 0 0 vlan10
10.0.20.0 0.0.0.0 255.255.255.0 U 0 0 0 vlan20
10.0.21.0 0.0.0.0 255.255.255.0 U 0 0 0 vlan21
10.0.30.0 0.0.0.0 255.255.255.0 U 0 0 0 vlan30
10.0.40.0 0.0.0.0 255.255.255.0 U 0 0 0 vlan40
10.0.50.0 0.0.0.0 255.255.255.0 U 0 0 0 vlan50
10.0.60.0 0.0.0.0 255.255.255.0 U 0 0 0 vlan60
10.0.70.0 0.0.0.0 255.255.255.0 U 0 0 0 vlan70
10.0.80.0 0.0.0.0 255.255.255.0 U 0 0 0 vlan80
10.0.90.0 0.0.0.0 255.255.255.0 U 0 0 0 vlan90
10.0.100.0 0.0.0.0 255.255.255.0 U 0 0 0 vlan100
10.8.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0
192.168.0.0 0.0.0.0 255.252.0.0 U 0 0 0 enp4s0
193.169.0.0 0.0.0.0 255.255.255.0 U 0 0 0 enp1s0
193.169.10.0 0.0.0.0 255.255.255.0 U 0 0 0 enp3s0
iptables-save (eu preciso resumir a lista de portas encaminhadas por causa do limite de caracteres)
# Generated by iptables-save v1.6.0 on Sat Oct 13 14:02:27 2018
*nat
:PREROUTING ACCEPT [300353:22455354]
:INPUT ACCEPT [9072:624423]
:OUTPUT ACCEPT [29743:1833165]
:POSTROUTING ACCEPT [27952:1751929]
-A POSTROUTING -o enp1s0 -j MASQUERADE
COMMIT
# Completed on Sat Oct 13 14:02:27 2018
# Generated by iptables-save v1.6.0 on Sat Oct 13 14:02:27 2018
*filter
:INPUT DROP [1505:213475]
:FORWARD ACCEPT [4087:213124]
:OUTPUT ACCEPT [5461:337048]
:f2b-sshd - [0:0]
-A INPUT -p tcp -m multiport --dports 22 -j f2b-sshd
-A INPUT -i lo -j ACCEPT
-A INPUT -i vlan5 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i vlan5 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -i vlan5 -p tcp -m tcp --dport 81 -j ACCEPT
-A INPUT -i enp4s0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT ! -i enp1s0 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -i enp4s0 -p tcp -m tcp --dport 81 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 67 -j ACCEPT
-A INPUT -i lo -p udp -m udp --dport 4711 -j ACCEPT
-A INPUT -i enp1s0 -p icmp -m icmp --icmp-type 8 -m state --state NEW,RELATED,ESTABLISHED -j DROP
-A INPUT -p icmp -m icmp --icmp-type 8 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -j LOG --log-prefix "[IPTABLES] [INPUT] "
-A INPUT -i tun0 -j LOG --log-prefix "[IPTABLES_INPUT] [OVPN] "
-A INPUT -i enp1s0 -p tcp -m tcp --dport 3128 -j DROP
-A INPUT -p tcp -m tcp --dport 3128 -j ACCEPT
-A INPUT -i tun0 -j LOG --log-prefix "[IPTABLES_INPUT] [OVPN] "
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 10.8.0.0/24 -d 192.168.0.0/16 -i tun0 -m conntrack --ctstate NEW -j ACCEPT
-A FORWARD -i vlan20 -j LOG --log-prefix "[IPTABLES_FWD] [Gastnetz] "
-A FORWARD -i vlan21 -j LOG --log-prefix "[IPTABLES_FWD] [temp. Gastnet"
-A FORWARD -i vlan30 -j LOG --log-prefix "[IPTABLES_FWD] [vlan30] "
-A FORWARD -i vlan40 -j LOG --log-prefix "[IPTABLES_FWD] [Mietwohnung] "
-A FORWARD -i vlan50 -j LOG --log-prefix "[IPTABLES_FWD] [Kletterpark] "
-A FORWARD -i vlan60 -j LOG --log-prefix "[IPTABLES_FWD] [Wolle] "
-A FORWARD -i vlan70 -j LOG --log-prefix "[IPTABLES_FWD] [vlan70] "
-A FORWARD -i vlan80 -j LOG --log-prefix "[IPTABLES_FWD] [vlan80] "
-A FORWARD -i vlan90 -j LOG --log-prefix "[IPTABLES_FWD] [vlan90] "
-A FORWARD -i vlan100 -j LOG --log-prefix "[IPTABLES_FWD] [vlan100] "
-A FORWARD -i tun0 -j LOG --log-prefix "[IPTABLES_FWD] [OpenVPN] "
-A FORWARD -i enp1s0 -o enp4s0 -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT
-A FORWARD -i enp1s0 -o enp4s0 -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT
-A FORWARD -i enp1s0 -o enp4s0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i enp4s0 -o enp1s0 -j ACCEPT
-A FORWARD -i enp1s0 -o vlan10 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i vlan10 -o enp1s0 -j ACCEPT
-A FORWARD -i enp1s0 -o vlan20 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i vlan20 -o enp1s0 -j ACCEPT
-A FORWARD -i enp1s0 -o vlan21 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i vlan21 -o enp1s0 -j ACCEPT
-A FORWARD -i enp1s0 -o vlan30 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i vlan30 -o enp1s0 -j ACCEPT
-A FORWARD -i enp1s0 -o vlan40 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i vlan40 -o enp1s0 -j ACCEPT
-A FORWARD -i enp1s0 -o vlan50 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i vlan50 -o enp1s0 -j ACCEPT
-A FORWARD -i enp1s0 -o vlan60 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i vlan60 -o enp1s0 -j ACCEPT
-A FORWARD -s 10.0.20.0/24 -d 192.168.2.26/32 -i vlan20 -o enp4s0 -p tcp -m tcp --dport 80 -j ACCEPT
-A FORWARD -s 192.168.2.26/32 -d 10.0.20.0/24 -i enp4s0 -o vlan20 -p tcp -m tcp --sport 80 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 10.0.20.0/24 -d 192.168.2.26/32 -i vlan20 -o enp4s0 -p tcp -m tcp --dport 443 -j ACCEPT
-A FORWARD -s 192.168.2.26/32 -d 10.0.20.0/24 -i enp4s0 -o vlan20 -p tcp -m tcp --sport 443 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 10.0.20.0/24 -d 192.168.2.28/32 -i vlan20 -o enp4s0 -p tcp -m tcp --dport 3389 -j ACCEPT
-A FORWARD -s 192.168.2.28/32 -d 10.0.20.0/24 -i enp4s0 -o vlan20 -p tcp -m tcp --sport 3389 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 10.0.20.0/24 -d 192.168.2.200/32 -i vlan20 -o enp4s0 -p tcp -m tcp --dport 80 -j ACCEPT
-A FORWARD -s 192.168.2.200/32 -d 10.0.20.0/24 -i enp4s0 -o vlan20 -p tcp -m tcp --sport 80 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 10.0.20.0/24 -d 192.168.2.200/32 -i vlan20 -o enp4s0 -p tcp -m tcp --dport 82 -j ACCEPT
-A FORWARD -s 192.168.2.200/32 -d 10.0.20.0/24 -i enp4s0 -o vlan20 -p tcp -m tcp --sport 82 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 10.0.20.0/24 -d 192.168.2.200/32 -i vlan20 -o enp4s0 -p tcp -m tcp --dport 443 -j ACCEPT
-A FORWARD -s 192.168.2.200/32 -d 10.0.20.0/24 -i enp4s0 -o vlan20 -p tcp -m tcp --sport 443 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -d 10.1.0.0/24 -i enp4s0 -j ACCEPT
-A FORWARD -i tun0 -o enp4s0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i enp4s0 -o tun0 -j ACCEPT
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A f2b-sshd -j RETURN
COMMIT
# Completed on Sat Oct 13 14:02:27 2018
Configuração do OpenVPN-Server:
port 1194
proto udp
dev tun
sndbuf 0
rcvbuf 0
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-auth ta.key 0
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 8.8.4.4"
push "dhcp-option DNS 8.8.8.8"
push "route 192.168.0.0 255.255.0.0"
client-to-client 1
keepalive 10 120
cipher AES-256-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify crl.pem
client-config-dir ccd
route 192.168.0.0 255.255.0.0
cat /etc/openvpn/ccd/squad.block (OVH-Server)
iroute 192.168.2.0 255.255.255.0
cat squad.block.ovpn (Firewall local)
client
dev tun
proto udp
sndbuf 0
rcvbuf 0
remote 147.135.237.7 1194
ifconfig 10.8.0.8 10.8.0.1
route 10.8.0.0 255.255.255.0
dhcp-option DNS 8.8.4.4
dhcp-option DNS 8.8.8.8
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
comp-lzo
key-direction 1
verb 3
<ca>
-----BEGIN CERTIFICATE-----
<hidden>
-----END CERTIFICATE-----
</ca>
<cert>
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
<hidden>
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ChangeMe
Validity
Not Before: Aug 13 16:26:33 2018 GMT
Not After : Aug 10 16:26:33 2028 GMT
Subject: CN=squad.block
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
<hidden>
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
<hidden>
X509v3 Authority Key Identifier:
keyid:<hidden>
DirName:/CN=ChangeMe
serial:<hidden>
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
Signature Algorithm: sha256WithRSAEncryption
<hidden>
-----BEGIN CERTIFICATE-----
<hidden>
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
<hidden>
-----END PRIVATE KEY-----
</key>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
<hidden>
-----END OpenVPN Static key V1-----
</tls-auth>