From 98a08136d80dadb0c5bb6250d1f3613c2a4872a5 Mon Sep 17 00:00:00 2001
From: test2 <test2@test2.gr>
Date: Tue, 10 Dec 2019 23:32:04 +0200
Subject: [PATCH] shorewall

---
 sec/495px-VPN_overview-en.svg.png | Bin 0 -> 22635 bytes
 sec/ex-4_iptables.adoc            |   2 +-
 sec/ex-5_iptables.adoc            | 277 ++++++++++++++++++++++++++++++
 3 files changed, 278 insertions(+), 1 deletion(-)
 create mode 100644 sec/495px-VPN_overview-en.svg.png
 create mode 100644 sec/ex-5_iptables.adoc
diff --git a/sec/495px-VPN_overview-en.svg.png b/sec/495px-VPN_overview-en.svg.png
new file mode 100644
index 0000000000000000000000000000000000000000..2e625d49979414ff3fd2da20935717ebd2d1257a
GIT binary patch
literal 22635
zcmZ@<1zTH9)5a-o#U)4z4-|KI3B|2QaVTyrP=dP^4HUOhC=_=n5Fjn??hY*uf#QU~
zm-h#JS8_$pCcCq<vorTSJ11UOTa5^x4j&B-jYu7&tdE9<4o7{yeSw2|6%JfWLA_x)
zDrhO7p*5rsJlbHRzBAi_^tI5?0@%^e!lKa79#EIU4$#ni`O(mhtkKXUv(eC~z4ANs
zq)`nxwi;^6XwUz9eC;YvM?*7?P*+wk1h1SH_yrjn-N1VM^k48?CC8Do2w}#BVZW}m
zH4U^{-0(ZCdU9J`vsg6p<8d`LHeTEqHG^#gDv^QEuzy8Fgk4dkwfD$P_)m<cMn!3+
z<qY44$X=@NjprGkt@%yL>=$Ch*wFmH&uPLxrW7<W=*^gt2hSM`3^9;paaWAqA^#PO
z-YX*vLM$A#)9@F%-|NCKV8?g$<aapPn3}k<m?L2=3)L|;zgPJaucq;qC}{{1^=zc^
zvhjn6gYbgBN3_dEgbGpK=~-(q*A@j6Lh+!4V{Hy%gcKVwHo}R#FdG<|yxNx0mhTp$
zwLe9E-HRnvju)NBST@q<H2l3G#J&84y*~;XV7)NqEnDkZs*Yq27#<93D|n0WYZFrX
zfAe8^i8hE1z_?{DyU_e5=7nxs*@I1EE0=?6nl_7PcDPW7Z5o0c9<I+~s}nX!`c626
z348g?D0ah0!txsBofi8%VDzv882gPk9jd?fF?N^%j19IY;U$NQR)j&#x)=ICDTZhn
zyd-T|0a<pp3phUs?_OM(h@tvPtS%=xm-fO;1HCflRM9*%M!UahqF3#8xQ(%KlkS(7
z19mx)rOg4YY5A$|h=)zy0&cLLh#vvxim#n|UYx({g4=~Hi!{S;U|#miUsGB|K#vdR
zz{4@+J`R{*4=p>CsP~5|;SwDUUZSF44v#`(0`dn&fJ7QSR9+5VUiZeD?i}yD`l*Pk
zFNEZTkO6zl^}V|k&QHpVZ_iju1mZ9M!`e_;7<P1d$2Z$hCA0%=!>;G4XFL}<2kx-d
zk9Ac4Z|Tf9q|kcMKIv^=bmM2m!**~O%1PDvI*97|(mbwswqD6hz>VZB-W>A~&QRVp
zxh#4z4?EK3e)1&%=AU_OiEMGT1pUvlB(zC&kWA;K^|(9s8QPyyo4*;O-&Ux4mZnHk
zZWSFweI3f}<0oYETc$9T>Y_dH9EV)LMB8V{Oq)j88%pv04#34XxTfBJ7?e_9rOZ}y
zqSX5_k|OnbZ@q@|V{R*~B#w6de=DIc$tuwX$B{JgZpQx?wwmfCjaneKQJRSANG3<E
z=_4;m8>z|M->7SWG&q_#t<7alEicjP(gQ0TiBMgp@fdn#nHe+(JUCe$cxa*Q1k!#b
zk00#zUd!gcSd3dUA=GT_*`q-VwOzT}=493!*42e=ybr9FXG$j=D^3h)&q2m%{*&~-
z6HI)Cdih0RFU(qby>+Yy-!7erq3<vLTNZ`c6fdH~wp8=0UJiSo8HFwOhx+uy7rUph
zw$D7<q-b;<kh#E>#C8xR;TH>uC{s!P;uC}iMvG_rRQ#)>!Ln8+>=0xV6VoV{cG)h{
zP)<BiOO+Jl>vT@iBdhoiBKF1UfTq(U>fG|j>c(jOCk7mIG=_Ye#d)E*jac_T0+t?s
zqQ?1iDXWTCeSQbl69a?8kHais8P1YVDU#^*mFo0mJYFK_-Y&eOrt*UDYc)_~rUI9b
z8rypbjc}uJ@OU{(`vix*$vY-&^QbSUL9Bxh!>5wN-F-~7Z1iy^6vDJsMtK1^KdF}Z
zzOU<`KdH||AvNsRd6{b?)z6p5Vf~<R!mLJ5$5Oia9>x8`l2s3tvHnxDL-;v8kZg1<
z-~{mne_}oSwa+R$$cEepLlplY?O&I|&_|GazeWc-?xClFdCD=EK%hXUcDsqjmhR~u
zCpjY}>i6~hEz;0#BVi@M=Snq`kXY%+G4@bnX2#$v#hlhPk_wbF=LPVF=>|vhFu9Y)
z{!06@+qU>gP7_|^%0rdJqxd!~64F@J(vV|m987*LU9&GjSVGw(rArm??8um?Fjh(s
zE{E=j@!DvrFmleH_$Sd_Byky>^*TB9J4R`Z3j|vdq@#EGPrgsuygCA59KbV)zIgEA
zUHURK0Uy@E716@s{1NHygdi?Hbv$kryFvzY4*r-qEl0WJ^Yzs^MRKUskDgb>PpK}V
zq3_z(DOMIJO+Vx1U1#YbavusiCZ$%WxfC}M=GeYqL4T2Y-oJNsQBeoCbI|6g0(+iI
zSEa!<p5{r};?u07R=5E-k%oS9rx_v?9B~BsSiupq^0+wXCMw6;d^#6!ljX=i+iuew
zuq^`+5ZFkbqhMm9tA5TE)P>irEWe?gxPL(MgzXxEV?`kK=Nmllzv)uggs<mD-F}x;
zuw{$7ZK#H0U6*zD$o-|kTMscK`n`&2#iAk*fplPTmUN}qfFHF68VD=ZDIPnwkXO&k
zzNH8}d<vI;(vNPfQ<y5OTYZbxGb@^xC#dHS1i}{40LQ*m=qZOcoW*ueB0japN~=~{
z5@)}Pk?iPgPNBrDj1;+X{_ef_U3HYOVUZVbh2mjY@7(6^yHFO_EE}2{LvU!h&{JfE
zhl7@{2|Woz#q+Zc?nIZ7og((tX1G6$C@#{-1YD#%Uf5`7=pDd#hau44%D!#!<F~!i
zD7MXZu+WZwh&f0X37Qe^6!?wsM|Pp{lDGqA(Y9rPS6vB82%@qZ(xxuOO@9-PsC!Vm
z0ZGsgMEg{iCC$SV8H)m=rf@Bx7S`{4Qb}W7)$4+(R_l+Z$}<xD2bV<$h!pjh`IcGP
zW8aVTR2$(7mX)^#sjSeH1v}I*bozsV<|Cy8{DM^PE<Gfv*w|+|uAU#f#CBf#D1(Gd
z%jtfRTEDYLN{wOITeOzhS;S`>O?pJ1_Q*AwPm!uM%^Lk&kIv38uEgnXCR_ZFfzSQJ
z!^0D_JYAn76O=d^PJ4a#^eV2sT@XkZc(_TP#(u?PnBEgts-u!;_F$a7?}HI(79q(@
z?00FXk<8+HCiR2AMv(zsinSX9jpV5N!1Kn(DI#s;J*ZjbyDY%wDeUeQw|r*)g7DXZ
z{Z#WovBbmy=(tb<9@n{s`T!7+P@T>@74Bm>;%7Mzf7HXC9OjBzU@d$2%ei9aY6F;e
zq5sX@mma{m;~OG&?oL<dtZ?wGO>}3uKlPkI=TB5+z<##<H#^;RDKtsj_Q<x-WvXQU
zNLWW?hdLZxGJH)27`JJZFi-|8Sf(mt5c)ZJ#xgGVwf4V+ttKYP<=}2~_e+_bP+J;y
z=sQlU3U)n;I=yvMM@3MeS*&>LH35-jx)DvAl4ii<G5k}L3;%1w5(!)ZT3P(ZuPcc5
zIOFqIuulO{zHp9rzdY-Gd4B)kJuB^yQ{>8cXbW~)jj1-a(K&u9ex?`Xe4(@Sa0Fzt
z;3h$a(lpMcaY2n2Kj>_SNYe?(gi;?JcNu|G*bZ%Ei(|ZRwIwXipVUtGum94uFu27l
zn-OYB=vY*jUaP)G;Sdmen!h@KV-k8CXPfNYUj17N5{S9?>9>`?>&5WJ<~^hW$h(`Z
zS>}a*<z(*d+hVu{^@=A$qqHu?wg}uywa0oLNgr$_KSTetK$ko#aP<uE?fFa>wYE@v
ziToOh8&ez1qQ2i=Tnxu{T}@XUJSnC?(-C~b2Hgv`A89vWTxflDm=vOfiI{M_xuaPQ
ztMPZFio6obvDTXYPnFpL?sMq^dYxaha@io_RA!?U?Ar2aOjR*ozR^E;I_xs!jo|7^
z`%r+V#NqI87qL1c!H)GkRa)qlwly8OEG54T@O(794)R~T^^61`FsMg)A(i9MzC6z?
zu^Xo>CYe?|&OKhdRVGrL?nWUqgm*J8@PS#FOd@h2hj<AUqmS=!=hJuQR3P}KDWy-<
z38EnG5OJz|+djk^TjBGMx2HzBj49miQ3ka)M2wf2sWD8X;Fe9=m4z((eE;*@=<G^Y
z*0?6^AFo)q1lMJynrq}&xka>2xYp&Mn+cpnu@qm|=pIh2ici}XZ6(kIepw}ExAyKA
zYG2Pa_OrN4iiG-$r7=C@9<^$(JTb-p{K1!gdLcmA>lD&D9o~cTJd8%-9RX(m>`yF*
zC-bTz{q?V^#D)o-3c?B?)z%gJ|H%h2eAZ`wiM(nu#HrLxSlA5+Yzz_oDJ}C!>vYy~
z)l;l%AvbMRyoJ<#^1*b9HDD82ab{2DrsG~Rr#|Pj<v7Rmv=D#2IDjd+cy3Bx@Kd;y
zPjg086a{{AQ!(aS&y>b$NgB3onPc?m5iHoz8!Cb?b20O5XjJJq75`=Gs0f1HBk#Rv
z4oj%d15d5?4VoxXD67{AO^VI(SC)RyH;R~shGvc&rC<LF=~Z9<eMKqFGt2@?x^Vj&
z)W;SO=F3q+OItxPa9Yios0kZO9M@1gs`Z*@c=^7eHGq;Fr<Hz3-Hm3vp97?c>~RhP
z7usZ>Pgws;y()dz*lp|;N~s9>vT6Hs;-r@r`oO9!v`*@|_It`PkJa@<FvOmw!Wr1f
z>fg}$S3a;X1^gPIA&A>*Bg|pNg7@VqveaE9k*as5M6@6ViJ#^%%_7jEQ1Q$A`WK(-
zm{-r#DS%C#2Rd;Q`J33dGAuc5OjiUa-oHytWJ;g%ya*Hb@FH1JFs3WAv>b}Xxt^Vr
zr~(ZeJVer~YFxZJ=jc=a=j2M<JH*4QFv1@rVxO8jp`cnZ0ophye2`^GK?tX<VNy=%
z94WunaeP+jFBbzj3?BVRkAA9b=ab*@*Q<FPP1OyROjv1r5#Kfb*G0!Y^?O*i1lSXK
zwXyPNDOg75+Ql<wx;lFq>P(|9n8D8Fg&C2*s$mGbd4UJlfQ%VNs<YpreekI=bPs$B
z+QN-|0g9>g4}i*3^bmuw@cfsfuE&p-VWuERR^7*+J^4|knnVlwYHX%`l7C@c?p3#+
zY>Bm}-r2Rt_D1<l7?`94lgF8MQR_S2Ym}z`{u2;XUOUMJ`I1k4e2md2)yXxwQcu)4
z5Nwxxn;`@_GMzj^jHX5~lpNn9w?Qs5GVktWaSnYM$X7&}DjY)tl93KYtg<u~Za;)H
z!TZE;7T0B!2T3<fglG7lj1Zb^jon$HklKhK?*h`GobP70Aubgr8NI=;V(x^XBLh-9
zL@J*@pUnNf)&I8G5a{#{Tc6J7zm{^D@wbKJVR-2%S^;8vR^`$Tj?8Wsn?0@4$2p*k
zqgaUrWt7o^wqyAq*Ip()h5uYiSM<H0Eu4c@bHO3;;`3js_~q&{ci(rMhe!`1Mof?h
z1xCagJ~XT}yr3rc#68Y;-#RU$O<S1(5POWUVtt!W8Mi5K!WKgJli)7!M-M}Up%i`W
zok6vt?GbKtxAAB0dG2Y~d)#3W1WfT`oaLZ)@i6xv%axT|vO#?m7f8f7vO2-Y9YDzC
zF-FU>-LkPhC4r}6tG*^Jx_2HTsC{SJ-bUZCA|J6z<wp<?-3%8WmI&|KJpzfvi8+@|
zqoa5uz97s?(z|rR?MP=^7cYY%zU*DW3?2%SLH?8NFiv1q9FmqsrIBt$vn$z}yg}~R
zm~IsNA>I54wMqF&Js;cN{R)<?h;T;`z3{BVpz0%m#R{)m9U;6<kEwm$ZLR%m>+azO
zLS^QA3oy2kG`1PX)fl0*At8++Au-*P2CwCFx;G8vdS3ly@*`vv%Zi&4_T42au`HP6
z7le@aMdcl1WkMdR{cy{!nLEuba{fhJ|GnoD$0QPHNp#d2B?qv{QfP#IFTTWT@A90n
zds`U>?+8C8&iu5px8#{sFEHoC$*rCMsqoRS;axN>3tbi4l4^NXiN`lxJ%juN%ApBb
zh8<rPUt)KYhkos72Y+B(B<pT_FCl)>=oT8|yfL7fo)vj(m{D?@@#d?_t!JOW+k;KL
zN=85Bg(}7!T@f+?c!#R?QY7gBWB6gf+C9*loO`i{jg+HJo{i-5(AaRprbj|jHX&^c
zp64z{h|XF6G;gtQ-<0-DPcQw4#9N~<c)T*VTXgBUIohK^%XtP&ElGOP0QCE-3@CT5
z2R($6{7jBH-qeA0!iRa=Yddh9azNMbOBl+37QAG27)$p)DC}U_e$%ck1~m72<FvXE
z$7WidnktSzOpDey5!CGR6a5uzIgT1!Z$-WJVoPz0p)ZOlyV(zuxV$4iFpSCXa;g<c
z>UnV<73v36dyWS2BI}1kDf)^}7hTZhvDZ2n@)KoJ=I=xaOCZfkX*LWHrCVWaytYx_
zLWPA4jgRLW4=l;<I{Qn(8EAE@^>#F>lK<gsVBZWw5bfzlEQakPyr7et4=BGgc-VEC
zZ+Gh}R$oUX5o1%Da5jWmB!-_^m=Nv{F%Wfzh`t?q)b)(QIF9pV(-1&3%<w4LQ8aPS
zzFIrEhB@AbM(a0woF9CMyC-FndE+W(dgdgdH0jh8#er1~8nMZ{DaJpZN}0Q%LQh^{
z+;czH*I1EQ8=CQ7{H3r#2h$)D0pKu53?Y%^uqO^Y+U9q~|KBg&4e#DJwR>8X>Z+^#
zuWd(p3oniK&;J5g!71dr!xHsJH4J#FW}7pO*6_1l*HJENyaayY;ZGSTtS-emiZ-}1
z=`1X;pPtu%N}JfT;9__}*0+rd!k?MjTgOYCg(=G+)fOHoAhpAg^fLRuk$(vBhy}>=
zniFlZ(djA*MA(Uwfr%^B^T(mlug3UuW9(9WdZpeOps2liK7q9Au8VY=@FMGXej>K@
zM?4b(U|3+d>;h1=%=#MoPHYkLFYMHGg<6s&=g+6+q8TR)E{J~REsKVh6<QWcd?acn
zX8Bd&^i3zZB)EI5--R8Qbex3IpV3=qpZ!$+odjA-*2jvZ*wFAKVLlO=7h*4V(4JQl
zf4d|t|8|?|;t~VV-cVwt$G|tFuqs2sY5V@!p{8Q19EJ!_5W0GZ2=|s~#PKH?_Nk!8
zC|}WWDuuLy^h<INs*sbIulWr+P#tSBoxkw1jImfu28B4M0G(*l|J|3tTyHLEo$YnD
zis+Xdxz!CG2**Cm@F!B0l2#P@e8e%=aAcIP3d^9M^0LH;S(<b#jSt1_T(s+fu{M7x
z<y@b+rHh$nZN{|34w;Tv^rGRH6J{n}gFPWIpIeG1K$t4>w6^h;eBqojWVueQ4Q0ZF
zCGDK5<c24Cja@|ijd+vqFrYsa5mI!Sy^oY>8^2IEBmc#tKU+^H!SE|4q3`sl-hFUo
z6@T0RRz%*jiyNbRk=5e}q;J0Iz04$0%}-oe(Q$MGl3BA(b&?GZIR+a%lr1!)@`4;P
zzWfB_#aC14&Te#*4FqZ216AkiWn_br1nRPOH1xd<ZcBPK-B-Uf4`Xbane))nNxl6;
z8ROW?w|`m~^=dP-h*3}1`wrxKfhKM+PaK8lKz@CH3eL>$rH(Im!Y9MKsw<KPcB=6b
z1N1SZ(I1OkD57Byw|u;H78OA4G`hF6m*lxtZfy(wxu6$$%iz%-LwD$NtIye5!N^FV
z_+m7ulwyhuF0~UZFa-gX(!k$G{0Uaeuac?j^2UQ&efF+W2QHAtb1Qrdt^-0$K6?{<
z@F1JuVI{wx)+&Swj^>@S02iO_w7gD&N}&fukiTCqU^y^j(Pk8-N%9fGH^tOMqpbAZ
zjQaBu9`h%F=^LF&Fl|iKwj0UV0{Y1^`_CJmu)%PpE6FC~|03;%Qe~A{F}*y(%oK5$
zneJqi>N0DmyKzjyZa25q%=7aSZZ~(<{KRi5`A4-1B;}Oy?y>AS4}P-C>HxO5fW{9l
zTX5K>kG}o?25+8H!p+?cH;Qxa)Q$GTGQr4?0e)I0bth}Od-bp$irzDCCrbGa-49cZ
zWp8SXYUb4|ng9NaJL*%ioFIBzrDo?^SEtfA%VSUzVDaPhH3%pT8G1Nw_|`yu*!LB4
z$7G2n6SFBS2P{W$7Xh-z&&ZfvOQaor_v5e)jY;KE@~!Z!grDjW9wDv+h9ldk%>VMr
zAbK{V7sS@VB<FSE3LxyVl_fQin{b#EtS)uTa9n{9EYE>YA*cu%+>Mq`RJNso4Dpl4
z^L+3SzrOV%{?`%uJ#>E;N#ZhKi8jUtF?kd6M7~gKp~~8@HlCkDH9n!l)Eh%-U}{R}
z!^T%9wc)4qNZo<nbsj?T6+n(yt18@09Bh{WlD`)hquejkHI;zS3Uzzg-aB&zR7^?d
z>{;33Xo;9Y?Gwm&ALyfU6ATS4$&tgX5@C7rxfc3)l*4iKJZ)ZmZIkQ^8Kc!%yA
zrlEknRnSF-?>PGp7DaBVVB7nD6rWrdYc<ND&|=sN(R_kH+Ko`+pm6V^U1Zjuzrjh~
zR_UOi<B<`r#^TvKFf>*98;QSvo}Q7&i+!9!`#P+BobBN9faYEf@mqn7P|c7hHII=m
ze6v3Om}GLv1Z05t%x_})%Wx<A!)=$XH^@zXO)$N4vCNK-H}~)x%ga>p1^KVahUxd6
zE=MV>uB&p*TfX~jD#kYkr+dBZWN%AUTkOVjPtQXft;@08=pmw2fAM@YE<(5_v<489
z=OJ|d{z51cBHndMnRJ65Lmp4qixA(TAS<aAjfDHM-iV%4{r#I>@CV1~#XC$tW^DJ3
z$<)0ix}T=c6Uw&zMJ+6Y{M+uO>A&I@?{)2E5Vn*HY^1Tx?!IV}n8VqboPCCfqNMEC
z^nbU{Vo5x8-v6Bt7o%FjgR2>gc6deKj&4|Wt&nhXKYG?hL@ZWR=kGX-WxHEA%eY3D
zH2V<z`=^=?N*rjPj(b*&HEZ!6#<|0v=+ZP@cC7ux@g`PTlmYiqAK}DKrbqN>W>0G?
z-N@vD?E9ZU8NH<G{t*2BCY15F#N|jEXobcy+jusS?zj6Lahk9aGD@Z?+me)e^%Kuo
zW7PfI;L`?n9~5SZF~Q|n<(`#9ZqFjBpNr6;&g<nH7&0l~pcfmSxF=EKSs8PU2omr!
zN)F|aCk>B(e>{ByNlvRa(e~LkHgevGZIQ(FyYM)?5ksw$77&#P!_S4HKhkAqzFO=i
zu$5%|EZ!`G8zlb`4-Jsw*N^D>;DMsL1@?>=MJBizMb&04t<Z0_4oqtyZntNC3uL#_
zXkZ%C*q-p1=oQ*uaPp*^U+s+Hj29u?6GT<cnwJ|oIrSg^{&uC}WjH^pG@>?yrJMTX
zm5>=ch)PaN#}a;k3Zn#B){p~c{9%Em44Hvj@k@w7WbrcL?rmILW`6qn6B&WN2UCHU
zzkh4xXAAY_el2Qr7|-=HuCqL!&J}@6ceyPi392eB@d=Pbx>%1&tLI=KNh`#jqAx<I
zZR2;)!IUMCyt7Kh-Vey9z;*e-LwZB5xA8q+hi8vP0k%6?_DrvO(%2Ud)L{jkCh5*c
zi5(LkfEQCef0al(I0(z@Kd=8b>Wt}w{8<~^R8{)_+#1*9ULB2OkUV?d|GRbiSz^f5
zBmamUqOvEh-2!wE+hpTZ&SGUT<YT*Dk=uX)IY^cmXmA;X8{JneseMi#?rr+}*DniJ
z3$KI8-tMe{xAZc3gGC9j{EfF#vN_jL=HZ4_k{a}<BvpF6N7W_Nu^h(B!>9uM_yhkm
zcR^RKA93;Lugv&d1%<_|3FVtGDTv6q+-yLT`)S188|muM*Wt-ri74nm<fHtXc>nnI
zH@X`%<TF7Z0Wvgd=Q}cvtiZJM6JP!+$x`0+WmX-m9Z&rBg+``y)^<dY@Qzpm&-p9c
zHvmtibUe@AAMq1$exJY#q1e}A6pm>yCQabSmudd)y4M`Pjkb~W;Ae4v|H+>f20hMY
zqa#ZBKa!_<>e{|_&l3#;_(?CYHgy^NIDn#(KfG>vY%S}m7vXZB+++!;P7-fp(Q(--
z-uH52GO<B^#vaaY`sB0|esOsdN{bhs@1c}|8vTVh;RO&L-B(bkkoi9R-v!vXk0FFR
z&3OI$i<8@nCp}h3tcB?^lnOdGPSz9t3M9GQF0od(a%g|<R6w|)BSi3qgly;H)F>4&
z@nCw^-H$+AJoR`yTulnq6ZMu|y#Z=ARm>98qhb@GBk9gz2S*ysu5DkHv=r9O4?S#@
zt&@0>Pn<?q&*K6OJG%h;g+A}!%Q-Clg{MTVbj8ha6lEzPxd6ipexf^kA24Z2TmQ18
zIQbZFIps@5&HeniztM|W9i9vo$9(-GNm27~wc^!I+wxU49csWU-7xX57BPMNo5_93
ze53fq7G{z(``Uf&yYptGWengim6e@M%nEPN(?EaRfW$}ui1*&@yNnmB7k;B^V2c@z
zU>yk&gNbtIC&V_gK}7R06P;umS>v(NtjQ%opFQ&&&dmw^M%SJ*qlMb%=k?c0`Uy7*
z3r`W|law%9Ycl<?9gW<<m#sox1ZnYZ<U80%g#m(-aLfd!&8HVoIc)WOatGOobtR+u
zE|kJJO;>b?r}5?)?D2NjxjUZ5TL7muxi>XAT+Oa0?;>$;+4$i9<xAlWbJOgxL3@%u
zoice*aMX^ZYMgzefD4fl%<?oRa(2n=4Ayft@@_`k`$FHZ;C3&{B1OinE@4q^dY+Oj
zmQ9_^>eQcGW+$e#p`<49Q6WAGGs!o~(#~!23oqo1Z64_Ku{kXmyI<=Y-@Pn-+_&<<
zvC0@GI>IG6Qww?Gl+^Vl3H~Av-SRAPU*%Zui$DHYN^<&R#SrhDW+$g0o+^qLrcjB8
zu@>_Zy<%u@VDTWz;KLaW)HCl}(xwXQhk`uWVC@+5Gm!mqRlDY)fVEg(IWU<!dQ4Gp
zWqfhC*Oqe2-N^K?B)t<|@+LS!nE<Ldx}b>KuDVfCEXcG{&SN5AncoM@l#Fu4puk{|
zs*_r%ZpxupBMF1jH5RF3>aRW1nz<H^iGuLkKm(cZku31DRb}Pb$D+`}(FscnGM&R-
zU-CPQG{&<Ms(ddMvgf$2tA|3x{HeV^X1j=Ak)7#9p$roR`aB$A-bO%jooyr$YHh>>
z?Gxo<j>@i@Kvp<?zd(?0n5q0-#*oy(#-xMTe#z}6Y&;TWjv$iCk9OJT9#jv^7g-3_
zLmD`?L+L$(Kg?v_BO-UT&EUD^@E6DuzD`=V=N&dE^a;iw3zac48r(%nNXDzXEKkV9
z-ijGmK1H|&@3qy!nBq(Wg!SEawMsv(088Cm4K&}xR$x0zm3j?P$3?CaxQVa57K;)W
z|2Dnub>>#;5e#O%r=74+)0@VmwZ2zx;|%885)0^go{u-{$RY};*g>7Q!b2<5Y*8{c
zhF`G)Wp=MYPe*%TFDY~m7E5Rf+T#3$b?dw<)Pw`=nKiOkBS?CK9v&K<ozUywpM`dt
znsqxVya1lSegpA+u9=sd)#l-BBE39pdkB$DTlj=G&mqm&oZ_>9-b}KSCm?SXX;_u}
z*<L1)<SsE_z;wTw86fKB&GlNRzulms5X*td>veSWVyAj~X7l;`WM$~g;6W5ppU&aU
zCbp@5-uIOtQz466C*ZS!RY4Tg0fi;Yse*9y2Ok20naynZUt?&`9^b`Usx9SrS50)p
zqEV2keM=Gg$p7WKABBl7?OinB9J_1R)n?aU^MnTVl@{O<fG}|qBKdzYp5G$cUms_!
zR2#YnM-!jRF&}4cruh_BH#^jP-z27;fk2_VkpIHH7P|YzZ~5{&8={X}aLcZG*kncO
zSj(>dNp=hAifnRi`Oz=6RdAGLu{rxpI`dF5l{ibyt;Y2lcM`UjO;qaje8U96Q<<%*
z8RgQ7b8l*8>4JX^+R9$NxifK#Na_F7bmm|mO&Ti=NMPJ6nNHDv_~!yh**w|3K<5dH
zw=iTjW=)QIR-TzG!+&TB)A8LY;!IS@U*$FI9~Oqc)hwP+BrrOc=qtTr^xe;uH4<4j
zFiIa6{v<E09aw=DiiRig4`dsw00QAwx{oVDm$QT~<@e+IZ*Y0hTeZ-#cuZj7j8e6X
zriMP${{D-doCe&M^F!JSOexQVa6V;*2MjJ!lItFk$k+f5`{4@RqFWKk?%<TW*K1MY
zzhkrxWys`mX&=lT%(`z`OXJ3GU>|@5ZkMU#Js<kU3d^Y??_u`V_!3*xvu4q4N(&(a
zEUui95Z^<8&`-q-S(E-a{|3^F>|n}^fx-&9o1PYmeC>w<kr{P?9bIyJ%2ge}#;uVF
z?s9)eRc3eB8RCa5G$GGTmtyjQ&DSd~R@Us}4b&gLez%(v$f6D2cL3AVs|H8iz1U)f
z%H@~-b!9|3R^UgK+#s>fzG?N5+EY@;LQwg^)(puI-)TG~-F)>Tv!1}ZZ}oBU<omKk
z5<u14NCd>IrG^ZUI6S03X~x)#V3B2hcZ7VRHkFzjARnmF2Ky;iS|iCnG`~=Eb#Sw0
z-%B;=lL;?kJB}e%KfWvC?syKq{uNTogwc+x|8p0s@7+_S55CTPGl@#Rj%{(u-Zs*=
z`rWOknD?HbeN79195b}mjF^zEGy1OH=DVR0l6XHP{5E{Kjr?bd@{SIDMZ9N%xUYLM
z_^~J11XJwGLmMNxNIl<<(<+HNaf{fpfe;io&G;+Bu<C&re_@J3_4mm6ne&e8k+D)z
zb+`n!Y0qJ5%x;V8D|h3sir#6&#D`O|H@6K-<?{>ZyBB=H+&8b~ysY&`&ZO9iJ%5=Y
zfk5S9{zj{~tW4sYi#r)vs&~`@ObZVtC#rHjPIUoHWiP>WVAW`S$uIetz|V7>n-#PZ
zMiDRHbzsNW^9#nglMTjfwy=h;8WucaZVjovIF&&Sq44=~Vo{b!Za#(1NO#a!PH&qL
zN>zcgu^vLj#t{XUw%jS1?hKN)qzw>#duMV|7t$9u(GtW1z*`Lf3_}+U*COpdG0bU>
zf2fw-4|OiPlmO}<FwSo!Q4LhIBDIA+br4N6nud<Nm1OmeO!1t83HuzF01~<~Sett;
z8<tGFOG~w6h#N#~MM((GTZZT?tFA>wKI+DiFw$K&EZNankV(Hz2$Bwg07ST|g9zox
zFCJ@YAD#mr#@sVXeoI;F0Noa_zy$hXK(%%zfe(v)dqcT{aSr*KhAhOk%bHR^?lVVv
zhPZFjr$NFGnxCgEO?u@G0UMfR8^5Z^hfi8+d;{4WqrlFG{D1_Rw8rMEnv_8up3LjR
zVc`^0f2H420C7_Fe?D|Ogqf0ONtnFyN9;btNo=tPw-aR#`X(B9o~gc1V#lfUsubjU
zzk;W6Zlsi?hU9Yfz=4f}=%u_5M_YQkg!6;8@0>M1nK(Tk*fnSbOLsRs;q)r5+`eJd
z4M~dnY>x8?Ioddifgly7nKtJKci}Nb-#H_3YI5s`+0{gM-_Nl_S6Svy^*QFKV+M8x
z^<@L~<nn6aS(W<fQ|j^>1fEw9b*&qVkB^KOi5sNXWE=M&_M#4~k9lU@#$S4W(*uu}
z3+8chS(F}7*0S)$xAU(oT~}kWZ)Xg@0^r~M1O2A``nuCA#h{+gPClPTqV8S+5<~{0
zT12;lD?CEON(TdUDI0{yb9Nzdg|d?9a_@QqiR*Ko<g{-Cg_WZGlw06DLKYh1uacD)
z+W0*Fe854UWK+j`%UWzd7$pn;-1m}qcCtuKnsSiY^`z=rgaWT;NQG(s6WxwllFPnb
zgIrqHt%O%)Om}r3q6!4W>2RLq)i%)H_fD;+))C}Gw1_s-w<o`T9oP+ixN7&TG4mxD
z=AT>-*9n#m3C?97Bzhl+3?w2~ePAIMTgSPe0n`+2eg;P7L_{rq3k_r&Ho|c1)HHR~
z{&9okpx78!0sxC)c*48~-9+SU?YQK9q0vkT?X+XTXI0yND`O(B|I&V)kWwD(vrK$M
zLVz3+v^qt&i<WC$h?Z(gi{$Lu)o0<z8`-lmt<EK_qVE5a%Jbt(19_${^OK`m%w2jr
zA-j*8ba1N`|B3wB;ZgdiTVodOJZx|%F(qYFkZ?e<r{(_mSJ2eVRO{DoHt&E+^wn1L
zwMnvraMllpc0%=Co5sh#92Tx~3#E*}3t1~;d*OKd@l&mrzN?g=x2!4Rh1iPiKQg_s
zmIDLQ?Hs%TNoV<S{p@ApbI`MrX^2+P(UT$H=hRq3J*iD5bT+la6nm`Kn*KO#=M75+
zoMl%eC<D~WowUkZeq>n>0fT4>$t|yy9+ROid+3pn5qqZLe476(3+=ys$rR1Q%~#&7
z`B~=g8TKpg7A)zahieqZ9^0A`&Gb#7*gZT3VA#6yQlNZt-t+^1$r$aV3Lu5#9Oa$F
zZ#&XoHdSATFl_+TOqXj>s9Y!aj=Wptkq)CWHK3=Hbs94U;%Z(QQOydS*2=qye$6L`
zCQyV+u~KvK6pRY9vtdBK>%SquFGqGj^DC631YT@u`o8?<Uz5X04#mOA+VxiGOzfs&
zHiSDq51^P<1Xkt#H?i$?to$s&uVOK<lUb2w9uSUTk^SeXT=J;3@}{ZL)a$Re-l|S1
zG}Ft2w$CsG-}w_w3y|9%yxhnUIFWrpE#|%=Q+xjrt9$`aE6;F{{FO}Io{$amkk~D@
z^uJm%W6LM}3HNAkYPR?0j2i$YR)KZ3l5)gA%B3fZ^V{A-NP*?7dYs4w*eJ+DQE@<i
zWbmwHa~(5YznyAWDg@6q^GT-h?GteLU*RR$=$;tQ+RbHsHk|!C5x*}RJ8SszBQ4_{
z3Fapy1|I0AuL7X;W9Ht)?tpH9;jR>u`eSIU%hM*?1h5~3T&=qbRN%d;7Rn2ZyK}l)
zL`4Hq!SR~Q=>x5h^Q|)wB)!LB=r0u;aU^2d&gRbxN7lpm<69^()7s>q?QJ>G-+yy(
z_nn!6$ICj~9EQ9^i+Q(MU2PlWT_1D!2<1?R)?HJc(k2pnM~f+_72kBXU3Ifgq4G<H
zW7GM~_wOY^+&4BOxhq(x$RpgmN=(1}q^0860zP@45(B}M#&nzBaulOmN9p+eJo{S1
zlHB9@_GyheeV-lu?9;dcFIeIE?KlsKDC$I=%-irMQ6}@T1oQBd+EEBVH<*ZFzIu?E
z*nqDp9^1YkFqO#>eW&;dKMl`K4A{(FGJc2(8ri>pkA672((Nx1WQAO=%~kM~opdwq
zY=@fRtSjoE@OXRN@Fag@Mg>S%qqk@m3?+s0!P+;sgLQp&UGt@8GcsiCwBGSCDQF^u
zsySySXXDbNAjH2IlbE*c8rq9#5pT2{&E9RNPJ=)eWz&EPdC`#&BQ}j?MG^Rb%&bx@
z@xO+pOHQihK@<XC%>_qF$G!K^d`$+-n*@;V<CZj#pddpY!sMjgg#;}8kjTfw_%poj
zMl}<cxa`c$herX=Rv><v&&{69f^=|kpUm^*N_zL=E<~0J!G4v<hYIf%vTB#Q!l~Lr
zGmc!LN|~DOgwDWI(8AwtYCJNoRtM)kObh*)fx+D#6ks@Vc`sQq9ZBbvT|?&iT=9Ug
zPa_3<j=Cmluv#7RieYhBNr6n&3pj^vs3jhpluWPcGprO|U)+Vg-MCTMF6ri6mBLUv
zR6bIvMw?L;P;EIO2q#`(a0aJpX!uq9s`y(JGL)K}lx=Pi5f$QAsL&><h?pq5siLO^
z$);6YXyvx@`u$r*!DW<A60b7{&18e_G=WsmP@$q*cgl^txrRxvKExwmcFVU7hWv00
zmcZznsp766?oU>4J~jIxr;2-LeLmNadHb^aJ0~kBKDiZ44go)hU4T5|94PZc?#^#y
znR+$`ZH?v|fyDHgwI4(Q>hH}LyUNK8Su|qn-oz3$J7cNunptfV?R*Ww%%QYNZ#YQ=
zJNh-2fqF6NlbEXhN?`u#8XDX!7ygwP2-Mg5VS%&$bS8;+;v(~F2rb_w$Fcb!Th~l-
zV9@sOJQuphquCt+$f5BvHGj`Fyc4u%p2EzjwqH@7uO!$o)7ufM%jJWgR{Nk<Y5e(-
zW_W8sWfM@0$o~cp4Ua<N*g)%8rj?lerKwn{eosQMbQtxc{I&)!8HXQsD|%K>VWtbw
zuH_~oKc5y}CI!jI5*{9xOgk!)IQ<^n^+Tkkm5nj`$m%;vr7u|l=8_j)CsOU%mk#NT
zrjWdP<&M&t${UGIM`S8XFg^H(PAb;hQPQ4LY_69i#OqCJE_x^B6pwHESWXr}OLc1c
z7FNmj;#I6U06Xurdyxn;s@r2kjgej5%<!-8paqS(2uU5e+klC>)bF2LS+=`48(RzH
z6|IjO>4IYZyccuXs)N;4)6(5r59|(pcUo-<=5Bo_l;5H2IC&~qtxk-+A#Zy}RPyTJ
z>!hlx7HhC@hsB859V;N|>03Ceno;Ty(R3ZGYw7*XrL)V(o48UQCpy|iFt4X>6$hQ;
z=-Ei};zK3Nq(RM-Hu7=mrPewdad`Oo)8`|qpYq_%ve0MUlt3BspN-!`sx&9uElbU2
z7;Cl^JR<GiYq;u>$br4&04XVhh|U+4#S$nMNWV8SYULb*s6;D#b(w~cD<iqzwYLQ4
zO-qWaiVXbC@zFyCp<CzGPp?s65w~M!EmD>#bSNwHlPjz^!d83paMK#Y3RUAAnv&fS
z$w20-Wm`Dk(}^jESym;#K_L)%I~`08B+$^p3zqwDrBVH}{BuK$HzR2-zgyfhdSKqU
zWswDB?ESHs{OYp?!6UIdNK!}G(reH*7E&Zf3%{M#@(%k@TYW-k{I>NQE&P<I6r@r1
zAxrk0gf&?tW;&k%OFA{4dXHV({O`!<q~bzePbPXlKmn+~XV)-*U-f>d<5RrL%&%il
z-=Q*jaEg+kNq0<j4GFM)LPp^kr=`D_B8ge-9vWc2>CZwGq@<_in)*JRN}#~8@tmoo
zEOBp7bL+~DkqqUDk-^-e=<(F2_+V&HJ8jFUVOe@{dpKF$w7Mi>G6O$Qb&p~i{rOn4
z8}z?$=ej_+7|$!uXAMp1e>&T}NaFE+tl;88uxUFcq+XvTvuqQeUrv>Ve#74ghA4A|
zpW~Qv)S+48pAzi6Y?JU}PRo3#N)`FayD@iRJsZIFAxFBqg@$DIyjqlT-uxp@BUJ-w
zw(3j+x_!YV`xb%7x^%IeA(OsOw|)yU1#+IGkqT|?Jh(-;a=a+VLMEIUL{$IEuaP?<
z@7q4ZPZQ}%nSleUSI%cEKLmEYO;tuKf>dX{^K@Swv`tX70a!hNA02rfrEcUub~*|g
z>vx?e+6ccwLe>z=B`=jraPLjrY@B$4KBFA;+uqt=xqkJ9K|i`l-iQv88U*}2Fu+(6
zw1>R-tcWC)JYy^l4rE?v?C&`JI~7u37#5q-L&&L)KP&<tG^mw2ao;fFAjkmCX<C?v
ze~}SU)U@su@T>4y1X#CB99YiZz6NzXKC4N=Hp2;06<LZZ&O^+w{rJ<Rs5udb;h{&j
zk+;Vn2fw_My<Ek<3)XWFsAcp|+*;!C7m==y_+Ty-u%D_luQ3~C=h3D0^#uyb%}Wp4
zHM|R!F2oyldlRlE1g(?UvV!^EEYXg`Nc#jcjZkM<ek}}#7k6BMq{4J^{Z`7xKeQ%|
zl5BftUJ<3lLjl*rFh2EK1KdPqhS}fCV*#wkqpQ)aM0MLs2PWMVJA}6cm3dPMsV$c?
zU*Lpl3$u}_t>iMF>WG9#-Gvp{p>F%XlBS@Yu?}wGTcHYV?sbe6`dV!0;eNJWwcok!
z@Nzy^f+S_u7;|aQ%GuM;HP19;)V!Xwt`M7LFW_0~?EEjHZhcy?48NNY9L=<*{JXeI
zOWi6wESWA4I`EUGs(8#i#A?XvX;PbXvVC};w}+esW0C<9EOzV~K2K#|_TWf1{Ury?
zD3W33KqtgvldLrE=<e8k7@EV|rgG+6<I1;FB!$@Cf1+~e&b9f*73Ze_C8UsyBv7m!
zIIi|E5Fx<ce^%w72(Bn}Kfqh?8#qn?OFf14(JefYW_)>x06#Kq$wJ}ETlU*)FHpEJ
zkM>H630*peahJTDWgAGH9VC#O>TmCShL4Mf+9+bIkW;c_R#><)YtaKZDE94*l&Voo
zGpJ9VodDiOHu-xX?FF(&^;uiF@`j;y<&t+Oz|Vw$fC4O7SoZr~uWwFPTZ;#;K)ueO
zrc>#FhAg-zktlFtQe~{I%XAYV$oYQfg7H7@M?!eYy>nw4=;UZ*RL9jp=O2*(x#^q#
zM$=*&@bR{33G!V82b_L~++dpK2aRYIJP1rAu^x`K;%)Sx$N|ASy^KbUaQYglI-Pf=
zZ;X_FgE5-!2aDa?4q9a(CcPPw@9-B)S9H5*VCIwqO6r+$^fiMfwME#!MZ99}_^*&K
zn_YXEPpPHM{OQ;Zm$L?EA|{t-KUM-Lhm~<zn+KD}Z!hjtIN7VzP-Yo_D2pmwBOIUU
zzQu23a-`AvWeURXt{zk?8ARpR{GBudhDjJ#UJr)$P>>y0=n)uKkZNX~<9txmI5@@y
z?(s8Jhw`cO_2Vk#-kGmcRR^aKol;K>G)blDh@G6?b>*5Iu|X9y_kYoW!)2NCP|UVw
z3bS!+a5txt(Ici*W=$voVHpTiMd}6;Cb55|iBBAk$B#!r85UWpyq9!E-KagJE%C65
zqyra>jWXou`6!OfzPetM1BmmgI3>>E$=^=3l5t5tCze_f0eV1=M%3wqR`M;E2I>Lw
zdu-QzI{G|9V`wr1?;qN{51M$c#BE5_W3yd*S#WU={Z?HBAm58|ce{k&KB;qHgPhjO
z?Hz10V`hwMxTKa!P~|NgY{c~v;qc9#ngx8FOq%3Dz6lng2hzUjySEf;*LK3TA*b^z
z9&1@BOEfvz&~;M%o}yZJRia91fAC7Kf+ExWjl>GYYg=1k#%Gqx&$q%JYjl!V)_?>a
z;-q)G$a))##>du}3f3F}8=GZ8wg+0Tn%vhLu9Oi{bnCSHXGT0s*2EKxrz0a9!&{?I
z-2G;#nxXYSEZdc?sdM?SKW>)=33p&m$k5S|IBc)6pyE~&ch~n1aVlbVta^>FUj3;8
ztzB-Wx|#S(yl(F2JpITDF;<E|ge+9kLbfC5f$d3@5B!M_2GM^M?`XidOYGDhBPf=K
z?Y`=f;(dEirT~7fO;Jr5pLu7Nz+FL?l<l?_2lm=8+{%Rh@r+$a%zSXV%I5BfZUZ?K
z2oaW`Zs6(Drrw*;x_7!V0i@L7=S;&dkchVN#?>V%)19IJY_he0sXjid`zr>=yBA$Q
zsvp0Ude2D#$={)}31{QqR{tw?u7XjDC>0Tn5SOKAe)KpjMLK5>_g8Oe0DJo5%sV*$
zNBuy&NnaJ01zuA3Y@@QgratudAYu}Vjij&nCy9);rcO$QDgC^?2t1(Dy2n@dRg3kj
zL+{3uPb;hv%VL@P>JCtXgQUJLYV=8FqfHk(S72Y2z=^7$t7S*_$N)889GkW`(R&UV
zxHAY+^qlK9hA%s$^0zM|BUqVLK)>jN|J$yjZ1m{#BMp+$sf=k*;hX|bC$^vP%HZH`
zUF_H&f?(l?OYW`$QNxtFO&VTy(@wE1!n8x9PW{{5hcCi}L7_@69p&kTZqTBEU64S2
z%tyXq>C<<5GFCm1c0zo-pZUE?eQG743p?s4I8BL4`>_%5A|sN5h_x<jZRDl6tE4Wb
zitRplux@Bn=)vX6DqUPrT4^#3(0Ipov7WSz-si@coF|uP-<WR&8H@2F+v&TL_L9(l
z<v~#@eazD_S@fgu``N%$DV+LY-7nnLDZ6C-h0L=A=&H8>sKI<zOp*MYI;QiiX3d{Q
zy#<~6&?-NpL50zy7KCG|_7V3h!Xx1i5UgC+pqp|_l~&d!`g)GLV5oWCH5iMHJ{#Mo
zIKcAr+BA%1yG#p#xdD&$)(FRd_6(yKt;3z<-Hi*Sz;*%7IO3}tG=yYgaF==;IVump
z5b_5$M&=3FeWH@fLNHUV(e*AqgfaYp2UaYITW+QRbJiTN^s|r-TLOL5wk%!%ugEi@
z+@tsJ{a$DhKKwYBc^SVh-4UL9^<EOj6j|+zdkqttkMAQaFvQwFO`c2b$+jQaEJ<|>
zvVd@hsxePwFQQ=@iHFuM#Jwg>S$ut6cr&lw+ti{dU8^FURbHX8quF)F#10TDR2#aO
zgQ74gp5a@M1bYaUc<#<ln~)D96vVMIs|gk>{0lOjw6f3G;^jP4;J#tlu!_I+2U%XR
znfu>M)K*usCKUBcQ?eh{(@FnOB%H4<QvEl**ylSWc?YCStTJ+1*k|d~<{)sNv(=q}
z9djGF`<LO*btx8gVLwJ5eRrIWAGR&s_+V}H6Hp=O+hqBSUpj%<8!~&gEfw4-Ey9t=
z8T-Oa370<RV^Q(3y%g9%%8}uzcaVzr+uIFzXPH@jloTEw&lZUM{Mr4QHfy;37LJ&i
z(X2`dMx!<PEt1yXgDip==9}uNEo5b$DcWoUBj##s*#X-lqk!@7{c~m@Rj5&Jb26jh
zF>&6QtF1cQ1jUQRP4w02^C%UYx(AiG5_7M_{_E^~!bLbVp>#4>9gbw}Q|Hqk1y<1S
z==z!b2=3Nc_Oxn|JSo}l0GK8(5f8t0vKLKAZLSC%xu*9Oa^x+6K3eB@nsIy!j#IWA
ztp}esg@rnrt^ReqfOn$_SZqXmxf#<eCQ3FrArB^vyy=ejJ?8Zia;!xOSf|UOhx`2y
zOyJAvg`+?A_d8Bd8!8h*^v(%G=);GDXDvg_({Nzs{X53rouVWUg>mgclxZq1nZ&a6
zJC>zRqqbX2$cbO5LU7+Ay_PkD3^M|z8igv7Sz~zDn^pLWJ{@~K%+*;ZiCQ(T)zi4B
zl)trTv0Nh~y#J;T%EkR~r-=8@Zl;|QQOQu>`B6zRF$8)OgkN?RIy<ym8T{VfSw_xQ
z+0nM)BJTF1tS!6TT1Hk;23rI@<(dv@pI2EdZfeUmhm*<LolmLDn&%bLJ1*<s6-eu5
zB-O#Z7=dIm4Xlk<I+`-<JOu9g#SJ3>*U$meA;}xlN;2G4RhF_DsS3+x2T6Um{kFLH
z=Z{;&_U?~_Tg7w}7cbKa;FjxfL&l(mgQ#K-)v|On?Wykh9+9>BJke7Y=qBF&-UyB#
zS;G>AER$!&h-<->f9Ft#-K=v6A9J!&4%^S~%9j5B5uO+TQnLP-tfnX|_|3ZiaxTxk
zfPFcYV`~@fdcE_Dv8)QepG|S~<}G@w#10<Q%b&ERzY)4J6He>0lBM^S7;Bcj*Qep&
zoRqoYU%bVWIO*oI#Nz*{SSMp7Yc4xdZw0x}T9C#{rut4Aq=Mb4I|jVTVmtMGHF>oc
z;!kDchPxPd8a78`lB#Xg`uvImUE6H{NjE4^fLomCmLBYU2&4M>1=kg<og_Sq&N-h+
zM)xyikVKtRJG2}i&cB$i^S~Sp!ujh|#5IFBHjO<;)d5@c^<fB?&c8T+Law5SNAVPm
zWL*y9@`N%2Zj!?c%u}gR{rhZu4I8->RKcJmHV#Foa?`@L#u(g=$4N;}ExdoqwUh*8
zn`YaT%0Uur=K9}C=4iID|Kzbv8kR;Uo*1+ZB}^)>3g-S~D3t$T-k0kd4a&{wP5rr$
z?qq)5plDy?CAy<|C9(6u&|58iWmPA};WI(wf7ez@OGMe#BweUdV>Rk|91gVaNzw~@
zag+T7aVdSCLT?FB6GI)hykRt^kfrJz6VsA7X6-|N2&tB|O_-)t|8hawn7q^(ZuS=r
zflf`bCTkI-UiS~rrH0I^l_;SOkyJolp$D-flOi1HH!Ed)n8@k`TGfOGp>v#_sdnn?
zTM15iMI(S(kkQS;={-ml7Wjjy2BMA;<O)a#zMZ9^Pulpqd*SoeiauUBJYQ*6lW-<^
z^g?@s_Jh3?!$ozd683o;Xh{>@mWeUB^p@fKDq#LuXC6r+PyU`zIiH3J=LruCNP)-R
z-a@#e{Q;wy1xMY;Prf*98cO(a&1z6f9TjN4XX$$-)D7jNtqYFc)O{;=Olj2zxIp}J
zipI6JmTplcMM5}+Z1py{9G!#py5G@09}OV=6L5dOtNzv^Fyr@crL|IZ4bhKon5Gz=
zqz#o%s)LAXSj)HM4WeOhMz#E!jtco_J*gwLI0KLr<whs#UWFAaizT{y*fGOZp_u*9
zT%o^z&-||8&Klg@blHe@4M&NzNtXmDwMY=KIXmB>8(n>o<s@}l5(=1u^E6z{@C$xq
z0K_PBxs^@&sZrX>9sImuAy50s(yI8Ivd&0Lx(Vwpm4$J5^#AI(&ZwrgrcFnhhzNL5
zI;eD%CLNVt6%9?AfFQj}4OIlB2QR%TASLt`T0%!a2%&?tgf4{8Aryh{<o^49ylZ8x
z{5X5|nLXKi_GIRnC-AAQ<fDg>nLgdTE2cds-q}K}hfk`?#B$?pMZ7g;7OZ%=-~S6k
zHQ2tpBDKG4V|@X66GR$T7N+eq_9RGCbN~K^1*`GP>UdYvXs@W&+S=(SM{U%Qrp+Ko
zbt#^~zT6|axrEHbbWdXpVxkc<nwB(?x!9tH7#KJCD=iFWLwJuh&j#Nv2=jiP+~fTW
zUfGU(M63uPoRt2$^K5-EB9FyioMWqU-_|VC+2VqQYvIiWdX7@hxRd3RV@~h&a9_|Z
zcOS-IuKq?YLQN{aC#3IB9OF>hTFlO)MM$iMRJ9IIxL>i}bL&)^ZF^T{>`(kZ?rf;9
zYbp3RW_wXKIT2n`wx)G@cJTY>eM`^}-VKR;c(;z}#AmmagH#2nI|o&VAyoI#Tq)^}
zjPsO5J#OeFZLQfqLc6-W;xpB>46~G_kwJ`fUNb<S&OJ3{2J5iw@Q9ZUgP~4a@r4ps
zM+t2~Za`*}l`V1l%y_$p;=X-I&y$85vAF}Xvz){C*uT83Y`CA3*e7~WV?3$9KR5bk
zQ*v91`LSf8I$SnO?$VhhCt8Q(>T|@WRT38l^e4;L3ZPXYUfw-1XyCv)m&_M^dL*<U
z+Qzy=qi~3$UlvW&Q{$2M68)5Hz!he~HVsR$m}c*P@`e-M$~CMKShTIgYLX^L?Lk3H
z&x`wb!NuEse~x?bo;gIKR7qdPLJo2LwS+wlfbwZP?2SHl6)?C1<;!<~QC!6et+6GV
z-Ud9I2v9A!PtDg_NZfayMo86>c-vLU%V&gbUl9)!dE&*jEP>pzdVwz}7M-BxyVy~q
zPSohA-hOkR!Uf7Lws33wbY->_^-x=&LNb)4ferP13=;lyV~A+@g*--ymI}UqeqL}z
z(W}9bg?-)!XL?MT&zLiy0muG`PV9*4Z$bM<cWdi9Xy{Klohkt6ze4I=rVcqM+t3&l
zlk9gtQ?ydy#kc1nbbGAHJeM{N>7l2VL*qeJDhG6A(+liWQE;tBBv&)orfcqlfbL(v
zp0U#yy`(HCMdNtQ5xp!-A)oR0F}UF`kXJ7IoZP!IeQ_?RU%(KxAgKZ2<oWd5fU+gx
zX0)X2&e_<QD**Wr=512KzlfBu4JwRxeACEtoOfN^Wo6&PZ)+oaXa~(OkN@{8*ob_5
z@BS4cm@^|#9wP&t_PW0D<<{MTb{Ee6PsSs3RJ#vfTw?ArtrBl=c~qBzi)V?xd(n-W
zfWKwj|8hsHwA77^sXJSbyOE0S0Xi}Q@0i@Hb@L|G<v3)SCt_!xm2pu`yrxv~o+uAH
zPMVXs)<8<+nW0<{IEcbMFCl{-d)U;uKL!;3kM>WGUJ9MAw3M50ET0d7{xpsK_-t|P
z!;NzL%(n9~S;mQ8^)}nY1Oo-*7x@=2|8_N}J$m$1p0CLLML9@U@R1aU>QrAMS>?-k
zcgbbkDciDG<C6)<9Jfa%f?;<_o=NAc_j(}T?X6U7c3I}pAare*!djMxUSfX{%H#~C
z4@z;ZD%p@(<k<vqj6Yko2||Y*4?bb$;fh*n8o`(eKJUU`jC8y%Nrlv$zm-L-OP-(A
zv$m1mCf)<l<@G|Wg*l=s9l{6h6l9!IQ`NN?Rw&yXHOr*i5`R~fZ6mMQ0L|{oVNa(h
zzYPB=yaYq_$SOf)1|WoF*5>%esUJ8n`(7g6#(l?%nkMg<kB_oBLp;p|gMHtTa0eEY
zn}5<c-n<cG=Q02qoU1;)07C^@Cw+$;b-U(Di#~q78A@5gAIYjC7MP?VU(QC0k&1~K
z_68t&POFkS<I`;Xb|t!?r@nlf47tiv*1;-6MTZ{{1FzU$B2TRwEaFDOF!GWMKlFxM
zCfwtwp&J5~+TzC0=X-@f#8g14&2s6o)vfBtC1d>1As(l%ee3nIn@+-A;UTRYv-a#-
zM6v1jfFvE;&jP}OZ%RVS7#Dxi9{@<o^QG>-S0-n7mxZszsi`gY`S_H4fvC0Qa4?7x
zryeCjdWH;{OR}74`)#^2IFNg7(G=s;D`<RW6O<BPUbSIv8FTA!Ii-U#+N9R5lPxh%
zi~BM0pExg2hfF2>Z@t8gotB6W+R4H^mD@e?G3D<l*GqOyYcM;Ze#2EShI+&P+2+rQ
zJLcM)m}J+ycuH$x`X@F$xs~h7ho4-ak%Xdv-y?5+@(i-gVQmF|p1&ev>SsOXIA*=6
zHdT+!FLvZ+>JRX@;F()@KqQU^<a9fLhn>1L9zIJ>XL)WjS8yJOC`G+DZ7`GeKhVmS
zBibmOLU<MM3xQGeY^H(aJr<-P&z_BfvV-2<JD|y``q-95<!e?QgPtE{XK@(0i)M}R
zwZ!qNb7ge-lxe;`u<2U|5+M}uc98JxK~3J9?rUq(Gl$dp<)k-xGm5XCE?gP$-r3=|
zUAPwO*;cUpe7V`*;+N}Kq964@z2MCr<-k97#FkORGE5%7&KPS|JR~JIz=}5?;}H>l
zQ2nv6N7(_M5DU3z8xuFgPHyzLsn~e1T;Z3h2PU50DSA&ynRy@#e@^O-o4(!>#aONK
zPs7CG45I`E%f6Lwr|||UQ$RG}Kolc9J=g5DYaTi$vjKzEJN(pW;%JWw$!Q1|znaW-
zr4wa=VE>tdy_l*G#CG_Y#Lu1piJB5<z#H;b+I2{Ou<O=@!^vF&KZ+<&^SZHnU3B0|
zRoyNq8bTA=b<)khbHL0p|5~T94e9%8FeIWZ(W28M#6^F=kUI*6-VaO_F2}2`)~*MU
zEw9bJlB~%j$B%sf1kC@Cw+a0{-#U)U6`<6~9_gy;YGw@8>Pg(><4EM7cGkN{sPa6i
zKngY)RfRg~8+S6K)n975yOA|Ng6B|gQ8M(^<4V|17;_;wE$)4;XU^qbjVtpgsXsGT
z1YN%pwcqowGbgP#d1-QHbs?hg&~x^9;g5L9nMk20+x%(S+IEoRy~v%3M|o*Q2U5Gy
zw%G!%>*x=h$y`o%Y9sw_EQ{5&VG?>1eqP9hKF==ex`+j0B*`fxfllUSXj+=mnoW&D
zsv$_B?lQbL$B^w}dYG1V6wH!T5)Rllo1vAd8mSmxDGt$F%At%au$dMg5S+=xow(?G
zB(8fjRzV|B7UqM#mMX>#@*J8S9?T69%K)0m0OL71W`voCRF*r#Ke`c2!;Hy;In2HD
zUklr~b74WsMw40kEgio%p=2b+$@(slF=ou8-}}Zc?!(;D?d-WQBy7mO%p>Pdqw3)$
zs}eW`^ZUBo`ht{N<^WH1<vHT@p|t6ER$psifi@eOwGPqP#{L?7Xxa#LpZEJyR2+Y?
za6PBQa*r!T^SbNa3dc@c_Ej3=IA8VhPkU=ko3M()4-fQgkE!{44NqY3%&++;R3d>b
zqzmVrjpK|OkC5j`8L(gAIx6JG#>u3vxQDBobkMmD76s7#RD_FeHgB?qoa?d$dF38w
zZSD;r9daH?Soj%%ggIf|romoOyeQ*Vt)UrRJAAbA+|7e)8s83e6lko%vMrc7ELt0B
zzr3=)_y!c;C&MqYG#^<0wz2)<@8RdEG~jnJ<<|}l)wgh*@ohPZsQBsfuU4)J0LWTu
zRB@I0+A}?#1xN5GP$oUaooCMRESnkoT=>DscJp{LobVp0A__l)E^v<6W`d&W9Btv0
z*UwwSMgwpb&E5<t3({OQkGtlIji&Xp_Iyx_S{{9R&K_qkFqu;LL8Fyj>m|nNq-a;m
z?$4{L;btdo_1?6LO7Z_*lQo4M9H5(~vK%LX=HHSBPYz~wV$`=D2IjVX`km*zI#xaS
z5;-TFp}*0|^QXxlK5(xUJK|#UbZIeDX((2ugakMXB=fO&mylntEDU|>K7t6mM=8(-
zrxIh+3oXa2O2m_`0IzS*^fJXP4@h*P8mjZc3BoJkw0C6;Q~*jo>H`7=4-A8(v#N62
z5K}1agsb+SIUN_Y=7+A2p^be~F0rt#<`+je?rgb^loW)G`8Yw-FTX&7ALg7Gwe-(k
z=Unhjfh3lN9>B4M`oW#+=esN_+<~p7ukB5y3B+2CcS=DZxc@<V!0s;WZVtnA&SlqJ
z6v$2edG?y(w|r}*!B;>d=evnt9q;yvBl)I}TxN@&8D{KRB-VZe<<&U<u4JaRBMi`d
z$8aP(@Jk!j47IilXcO;rAsl69*m}+^C;vDDOO2j2VOam{q(AsC_%PRN)Xcb9qT)bm
zV`x3Ou$RzY?a29R&G=Loc(zGmYy>g<{Vz?I9N+Mq1aOpS3z%npN^GlMXX3NbI#J}7
zRhk=Ib(SMPD!H4YfyM^FvfV&*%`So`%Ng{V(gvoB8%oyQ{AfH#yo5tK6Bc3HRN@KP
zp^b+?XLeWZr{?ZaOiQ*C$J;{!eZv!dzpQn0LG09X(0j<o+k_dTn0Ak-+|ZTjAT+Ae
z2qd{b&)4~@x$aw#{bYTE=2T^5;B|HM4;qeY3&Pp}N0|eA>eha-FVu9!YawT+@>M!a
zP^jyAD{pT>Cu6wWoGxVE_i^mTWunTY&6FlVMYAcyI1jvRN~Yzw_j-rQ_>}HcWgMp5
zcr^ke9m*vU8H;S^s7rPYN~;a{{kYsjAxdS<vLX+7*<Bf^U$Lei>a;rP5ayOau{nWA
zQqU8^;Q9jU)?8iEPfoN_h3XRsdZn+MQ%;lk5??x?H;EGva28SY+RU}kpBYI+<5h28
zvYjjHYx10(zD2jVwCc>^gp|Dh0!gYcxcfYsK(;kl_`*+=MAl&bQgImGES=>-RkcWy
zc*(}?zloTQnH2lLdo=%MF=TJ(xdptAQI3sy2_nc`XSaq5Ej_6tP_$+I@U_qFo^_Y?
z@z1cin*VfSj)?+lf`eI=#J9gN4PDp9OtV{b&Z7dw15jjD3h7qJUjkNIZ0Nr?n^>Eu
zN@{a$fko6?AX`f=o9lPq3}NYo=!#g5Yqu{{!d3EXJH=TnK?AcX<U*EXDevUEjn>Fl
z*D6R7$QLOMT#m7!lO3-*ECIfu?vrt#-TE%F*x!CO)3<l)z4taOoIR`DW;0*PdyAFJ
zpt`NKxqF4%fA97AnEW33M16E#nk9g$7>Q(xJxo8hQ%u3$uPYY%?zsR_erX=0DQpzL
z;|`(r1a?aI2Su}@3?$>1s8j1@mA3R#9-Q3eXVT%t7}v|pN@B(9TLM$%*8M&&Pj+-t
zhtYJWZK()Kl7&!_4!2PKu#Iw-e*n#X>)1s2vdH4E=x}pYlXz0&W}&X-GwuD=N%MuW
zT*g~0{5`5r%avd6#V$$J*D@20>$ViFLcYoE-P~*00ny46$59xP)PW9zBkCWPiW7Dh
z9fUvAw|J+~pyjyJS&_Ty6-kR>{Gt(N8bri23B%9y)Le!oh#=H4W%+)Vs%LU+#u9jd
zgODl$?`~y;(ZMidB>=tD27m47jKB{MeSf@d_sI79$UZDNS;4$jCNjJK3*q$i%55)?
zrp<OSThDv*SRU6}X*&SlEH@1h?p+A^8PiKzV&?ngV_*Tn_-cmHyYUQ*xDV53!FpHf
z8xQUPrKuBJeRQ&bEZ$i^9~uo~3qcyLsMR9dxQ_${txi@+{m&zrl;2|I2;w3oi*!{2
zQ_UOgGkBwg%^J-?ST_`~$7PC2U;ReI1&f&1^1>aM%-2hlfbGbQyAmW6DoZIB%ynnc
zDIKO*0s)~K&A<+G`9==fhqia&ruDWcjVX*lUjE~X=ZSoCG=G)oGNheD%VLpeS<a_0
zsCYHl*X)#yGJCCG^bt|^F+0I6ut@AirXy({^#{gz^i|nSJsjjpPK>QD^U&X*cCRcM
zn6)~%=QMNe-6uVsc8Jy<F7!lZ)dQY{9JemMlq$OCX9u3inH-cGwLcUAE4Xkaze5t-
zU#&%ew2B|TN44b%4sq^SZCz9eg_0S3g*BN*DEjTbX{`)bc@kghyHi|s%sP@PStiiD
zwq0gibINrlKN^*L8SvGJC<Rnz46_n`i(C90lGmEFrsPWZ*D9!wutWbDHCHb&&Zia-
zoRvt~i_~Z<*1d>yoEV^iLd!c`tWI8mKnyJdncX98d34gbSDdkJ2mx>BzU_h7=+!}A
z!D&^$<0}pm1ekX({`fw@3@b;jyGxa5!;zZ7*X5>Dyj>T82Q&$*hxAUv>WcW-HRKF!
zZ%4#dz||Jx+3DvW{H9kz<4wR-AE)yY;WYnuk11s+<FCYFyKGIV#4efkx>9fQS;p)W
zl<CHQ)=)bRUY;d;jSkK^tD|@OGkQ?*j38{-z05J|j{AZP9F`P(*SoAY2}6Jz?UxTZ
z4!frVYZ!)|2_%eSaZ@jfcbNWeop;$OY|M*dzBr|l1QGdNP@$agx+_s`J|s}7^&})8
zJc<*GN}2K^92aJu+xzu`u8UsG4U`)_9N4ccOTXW)S7WkVG%6NGljbxI`CN(3i08@8
z;@(`4_%S^iz2-1@N4Qz;R*-G*2U6xXoyakR>-Y@zJy$k39pJUNutbP8w<r|TRvLL}
zK^g4a<9|ZRUY+n?m`f*^23zS=61APo7Y<WXxBoHj41iMk_N0TZm4*8(HIC(1T8ZA0
ztaS{wxDbt4;@K#{Byh?j(qIaeu<lU$u&Qz+!mE!tf6a?RpL&(~BP)DfgC<j#cX&+N
z!0#SNYOwUYt<)FJLy>D8U(0leU0#bqf8<4^Pl=A>)QQGJr9+iSV?!4}AC#!TrHr2$
zrdR;O(b}xs{UQW!rMR&>++pyoz;%~i=qA-Jzj6{1r-f-5u}7JFB^>376z>cq3n{rk
zG&T!eq0)ZXqi;u^9#x+4sZhea;2K5afCWYYJ>hb6;P`U=>-+l;ssQ*G(TVM47vIMv
z&Gs}n@OV^~pPE0$<V8z_6;rK65Tm>Na;Oi9yAvBaqoOMI7Gpq&RaHQ?6T__+*|P!0
z?F6qT6>iD%Bj27l&!81$ScWmicwk5|?aF42N}+x+r1Lb+&}+Bwo`?`KI7K#e&X+=j
zo(->zk>+yh#6=gM8Dm2LwbV#A$;%D-ZuPj8Wl6>o)U*}(6#5aWTr{SiGNjoN#1#*g
z#u#AOdBOhD(6?!FrMENbk0t@?J3KZp)I1Cg9Xsc5kn<-PBJvd}p2zM`JXER$$u;mZ
z;WZbSec(?~K~lrMS6D@8Wd}6LO3?!UG5Y-}nZnQJ4w@DeBp~ka%^ZP`l(vBQDO1sV
z;7@fICC~6gD;8_j180A=bZPqQaW2X5)O8+tf*N;eYGi^3XL7obJ_>IqE3ycO{kOxT
zDcM!-m$y?4tB(b=CSevRP6Y>&a|Rtp788|kr?^D%GSD~%koC>n++Wg~@QjP^(h4Ws
z#})Aj8t;<G3~-(;)HoB3D~Mni-|^Go@%|RPe+QWrc`|W5QB#cVa!oyu5+isHm%sN<
z5!CaQ8l7b|9blkx6Mz2h+g+;nijAo&<-}J}5%L`0=7Nb_$8F>b`~GN+!E>31#tAO%
zLwuZ?&TK4$dYya2Ai%$s8w+W<cbFu(AJ*}fzwe*WH<REy1OB(G8O6*J_gVK8l2Nu^
zWA!_P$nk%Ebce4=8TwE<W_X88fS;GoTh-Xx_MP{8SsTyyz!%XIvBxsPj~@#^mVP59
wBP%8;D<Li@CMGK;)<31Z{r?19+-x1}{QtK=bL{C$K!8Y7RZpezxmEc80sf?$!~g&Q

literal 0
HcmV?d00001

diff --git a/sec/ex-4_iptables.adoc b/sec/ex-4_iptables.adoc
index ad27428..5fedba3 100644
--- a/sec/ex-4_iptables.adoc
+++ b/sec/ex-4_iptables.adoc
@@ -56,7 +56,7 @@ docker network create --driver=bridge --subnet=192.168.0.0/16 net3
 
 then connect network to container
 
-.create netowrk frist
+.connect network created to container
 [source,bash]
 ----
 docker network connect net1 master
diff --git a/sec/ex-5_iptables.adoc b/sec/ex-5_iptables.adoc
new file mode 100644
index 0000000..9723014
--- /dev/null
+++ b/sec/ex-5_iptables.adoc
@@ -0,0 +1,277 @@
+= VPN!
+Apostolos rootApostolos@swarmlab.io
+// Metadata:
+:description: Intro and Install
+:keywords: sec, tcpdump
+:data-uri:
+:toc: right
+:toc-title: Πίνακας περιεχομένων
+:toclevels: 4
+:source-highlighter: highlight
+:icons: font
+:sectnums: 
+
+include::header.adoc[]
+
+
+{empty} +
+
+
+[[cheat-Docker]]
+== Install swarmlab-sec (Home PC)
+
+HowTo: See http://docs.swarmlab.io/lab/sec/sec.adoc.html
+
+
+.NOTE
+[NOTE]
+====
+Assuming you're already logged in
+====
+
+
+
+== VPN
+
+A ***virtual private network (VPN)*** extends a private network across a public network, and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. Applications running on a computing device, e.g., a laptop, desktop, smartphone, across a VPN may therefore benefit from the functionality, security, and management of the private network. Encryption is a common, though not an inherent, part of a VPN connection
+
+https://en.wikipedia.org/wiki/Virtual_private_network[More: wikipedia]
+
+image::495px-VPN_overview-en.svg.png[VPN connectivity overview]
+
+.NOTE
+[NOTE]
+====
+**OpenVPN** is an open-source software that implements virtual private network (VPN) techniques to create secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It uses a custom security protocol that utilizes SSL/TLS for key exchange. It is capable of traversing network address translators (NATs) and firewalls. It was written by James Yonan and is published under the GNU General Public License (GPL).
+
+https://en.wikipedia.org/wiki/OpenVPN[More: wikipedia]
+====
+
+
+== Create VPN
+
+
+.create-vpn.sh
+[source,bash]
+----
+#!/bin/bash
+IP=192.168.89.5                                         # Server IP
+P=1194                                                  # Server Port
+OVPN_SERVER='10.80.0.0/16'                              # VPN Network
+vpn_data=/var/lib/swarmlab/openvpn/openvpn-services/    # Dir to save data ** this must exist **
+NAME=swarmlab-vpn-services                              # name of docker service
+DOCKERnetwork=swarmlab-vpn-services-network             # docker network
+docker=registry.vlabs.uniwa.gr:5080/myownvpn            # docker image
+
+docker stop  $NAME					#stop container 
+sleep 3
+docker container rm  $NAME				#rm container
+
+# rm config files
+sudo rm -f $vpn_data/openvpn.conf.*.bak
+sudo rm -f $vpn_data/openvpn.conf
+sudo rm -f $vpn_data/ovpn_env.sh.*.bak
+sudo rm -f $vpn_data/ovpn_env.sh
+
+# create network
+sleep 2
+docker network create --attachable=true --driver=bridge --subnet=172.50.0.0/16 --gateway=172.50.0.1 $DOCKERnetwork
+
+read -d '' MULTILINE_EXTRA_SERVER_CONF << EOF
+duplicate-cn
+max-clients 35000
+topology subnet
+EOF
+
+#run container
+sleep 3
+docker run --net=none -it -v $vpn_data:/etc/openvpn  --rm $docker ovpn_genconfig  -u udp://$IP:1194 \
+-N -d -c -p "route 172.50.20.0 255.255.255.0" -e "topology subnet" -s $OVPN_SERVER
+
+
+# create pki
+sleep 3
+echo "new pki is disabled"
+docker run --net=none -v $vpn_data:/etc/openvpn  --rm -it $docker ovpn_initpki
+
+#sleep 3
+#docker run --net=none -v $vpn_data:/etc/openvpn  --rm $docker ovpn_copy_server_files
+
+#create vpn
+sleep 3
+docker run --detach --name $NAME -v $vpn_data:/etc/openvpn --net=$DOCKERnetwork --ip=172.50.0.2 -p $P:1194/udp --cap-add=NET_ADMIN $docker
+
+sleep 5
+sudo sysctl -w net.ipv4.ip_forward=1
+
+#show created
+docker ps
+----
+
+
+== Create user
+
+.config
+[source,bash]
+----
+#!/bin/bash
+IP=83.212.114.14
+P=5194
+vpn_data=/var/lib/swarmlab/openvpn/openvpn-services/
+NAME=swarmlab-vpn-services
+DOCKERnetwork=swarmlab-vpn-services-network
+docker=registry.vlabs.uniwa.gr:5080/myownvpn
+PATHNAME=/var/lib/swarmlab/openvpn/etc/vpn-data_user_config
+vpn_data_user_config=$PATHNAME
+
+vpn_data=/var/lib/swarmlab/openvpn/openvpn-services/
+vpn_data_user_config=/var/lib/swarmlab/openvpn/etc/vpn-data_user_config
+NAME=swarmlab-vpn-services
+
+MANAGER=/var/lib/swarmlab/openvpn/etc/managers
+WORKER=/var/lib/swarmlab/openvpn/etc/workers
+MANAGERkeys=/var/lib/swarmlab/openvpn/etc/managers_keys
+
+----
+
+
+
+.create-user.sh
+[source,bash]
+----
+#!/bin/bash
+
+. ./config
+
+sudo mkdir -p $vpn_data
+sudo mkdir -p $vpn_data_user_config
+sudo mkdir -p $MANAGERkeys
+
+docker=registry.vlabs.uniwa.gr:5080/myownvpn
+echo $vpnip
+echo $#
+
+docker=registry.vlabs.uniwa.gr:5080/myownvpn
+echo $vpnip
+echo $#
+
+if [ $# -eq 1  ]; then
+        CLIENTNAME=$1
+        U=$CLIENTNAME
+        mkdir users
+        docker run -v $vpn_data:/etc/openvpn --rm -it $docker easyrsa build-client-full $CLIENTNAME nopass
+        sleep 3
+        docker run -v $vpn_data:/etc/openvpn --log-driver=none --rm $docker ovpn_getclient $CLIENTNAME  > users/$CLIENTNAME.ovpn
+
+        file="users/$CLIENTNAME.ovpn"
+
+        ps='remote '
+        pi="remote $IP $P udp"
+        grep -q "^$ps" $file && sed -i "s/^$ps.*/$pi/" $file || sed -i "5a $pi" $file
+
+        ps='comp-lzo'
+        pi='comp-lzo no'
+        grep -q "^$ps" $file && sed -i "s/^$ps.*/$pi/" $file || sed -i "6a $pi" $file
+
+        ps='resolv-retry'
+        pi='resolv-retry infinite'
+        grep -q "^$ps" $file && sed -i "s/^$ps.*/$pi/" $file || sed -i "7a $pi" $file
+        ps='persist-key'
+        pi='persist-key'
+        grep -q "^$ps" $file && sed -i "s/^$ps.*/$pi/" $file || sed -i "8a $pi" $file
+
+        ps='persist-tun'
+        pi='persist-tun'
+        grep -q "^$ps" $file && sed -i "s/^$ps.*/$pi/" $file || sed -i "9a $pi" $file
+
+        ps='keepalive'
+        pi='keepalive 15 60'
+        grep -q "^$ps" $file && sed -i "s/^$ps.*/$pi/" $file || sed -i "10a $pi" $file
+
+
+
+else
+        echo "no clientname"
+fi
+----
+
+
+== rm vpn user
+
+.rm-user.sh
+[source,bash]
+----
+#!/bin/bash
+. ./config
+
+CLIENTNAME=$1
+U=$CLIENTNAME
+
+if [ $# -eq 1  ]; then
+        sudo rm -f $vpn_data/pki/reqs/$CLIENTNAME.req
+        sudo rm -f $vpn_data/pki/private/$CLIENTNAME.key
+        sudo rm -f $vpn_data/pki/issued/$CLIENTNAME.crt
+        sudo rm -f $vpn_data/server/ccd/$CLIENTNAME
+        sudo rm -f $vpn_data/ccd/$CLIENTNAME
+        pem=$(sudo grep "CN=$U$"  $vpn_data/pki/index.txt | cut  -f4)
+        #/var/lab/gswarm/vpn-data/pki/certs_by_serial/BACA61827E65D0E5F695245519410952.pem
+        sudo rm -f $vpn_data/pki/certs_by_serial/$pem.pem
+        sudo sed -i "/CN=$U$/d"  $vpn_data/pki/index.txt
+        echo $pem
+        docker run -v $vpn_data:/etc/openvpn --log-driver=none --rm -it $docker ovpn_revokeclient  $CLIENTNAME remove
+
+
+        sudo rm -f $vpn_data_user_config/$CLIENTNAME.ovpn
+        sudo rm -f $vpn_data_user_config1/$CLIENTNAME.ovpn
+else
+        echo "no client"
+fi
+
+----
+
+== show all vpn users
+
+.show-user.sh
+[source,bash]
+----
+. ./config
+
+docker exec -it  $NAME ovpn_listclients
+----
+
+== show all connected vpn users
+
+.show-conn-user.sh
+[source,bash]
+----
+. ./config
+
+docker exec -it  $NAME  cat /tmp/openvpn-status.log
+----
+
+
+
+
+
+:hardbreaks:
+
+{empty} +
+{empty} +
+{empty} 
+
+:!hardbreaks:
+
+'''
+
+.Reminder
+[NOTE]
+====
+:hardbreaks:
+Caminante, no hay camino, 
+se hace camino al andar.
+
+Wanderer, there is no path, 
+the path is made by walking.
+
+*Antonio Machado* Campos de Castilla
+====
