algo/docs/client-linux.md

# Linux client setup

## Provision client config

After you deploy a server, you can use an included Ansible script to provision Linux clients too! Debian, Ubuntu, CentOS, and Fedora are supported. The playbook is `deploy_client.yml`.

### Required variables

* `client_ip` - The IP address of your client machine (You can use `localhost` in order to deploy locally)
* `vpn_user` - The username. (Ensure that you have valid certificates and keys in the `configs/SERVER_ip/pki/` directory)
* `ssh_user` - The username that we need to use in order to connect to the client machine via SSH (ignore if you are deploying locally)
* `server_ip` - The vpn server ip address

### Example

```shell
ansible-playbook deploy_client.yml -e 'client_ip=client.com vpn_user=jack server_ip=vpn-server.com ssh_user=root'
```

### Additional options

If the user requires sudo password use the following argument: `--ask-become-pass`.

## OS Specific instructions

Some Linux clients may require more specific and details instructions to configure a connection to the deployed Algo VPN, these are documented here.

### Fedora Workstation

#### (Gnome) Network Manager install

First, install the required plugins.

````
dnf install NetworkManager-strongswan NetworkManager-strongswan-gnome
````

#### (Gnome) Network Manager configuration

In this example we'll assume the IP of our Algo VPN server is `1.2.3.4` and the user we created is `user-name`.

* Go to *Settings* > *Network*
* Add a new Network (`+` bottom left of the window)
* Select *IPsec/IKEv2 (strongswan)*
* Fill out the options:
  * Name: your choice, e.g.: *ikev2-1.2.3.4*
  * Gateway:
    * Address: IP of the Algo VPN server, e.g: `1.2.3.4`
    * Certificate: `cacert.pem` found at `/path/to/algo/configs/1.2.3.4/ipsec/.pki/cacert.pem`
  * Client:
    * Authentication: *Certificate/Private key*
    * Certificate: `user-name.crt` found at `/path/to/algo/configs/1.2.3.4/ipsec/.pki/certs/user-name.crt`
    * Private key: `user-name.key` found at `/path/to/algo/configs/1.2.3.4/ipsec/.pki/private/user-name.key`
  * Options:
    * Check *Request an inner IP address*, connection will fail without this option
    * Optionally check *Enforce UDP encapsulation*
    * Optionally check *Use IP compression*
    * For the later 2 options, hover to option in the settings to see a description
  * Cipher proposal:
    * Check *Enable custom proposals*
    * IKE: `aes256gcm16-prfsha512-ecp384`
    * ESP: `aes256gcm16-ecp384`
* Apply and turn the connection on, you should now be connected
Reorganize documentation for GitHub pages (#378) Reorganize documentation for clarity and use with GitHub pages static site generator. This closes #371. 2017-04-13 00:25:31 +00:00			`# Linux client setup`
Some fixes. Fedora client. Close #44 2017-03-04 20:05:02 +00:00
Docs to deploy from, and setup client on, Fedora Workstation (#711) * docs/client-linux.md housekeeping * add fedora-workstation instructions to client-linx.md * add deploy-from-fedora-workstation doc * change client-linux.md to internal link * add deploy-from-fedora-workstation links * correct markup * correct typo 2017-11-12 22:10:19 +00:00			`## Provision client config`

Update client-linux.md 2017-07-16 23:20:41 +00:00			After you deploy a server, you can use an included Ansible script to provision Linux clients too! Debian, Ubuntu, CentOS, and Fedora are supported. The playbook is `deploy_client.yml`.
Some fixes. Fedora client. Close #44 2017-03-04 20:05:02 +00:00
Docs to deploy from, and setup client on, Fedora Workstation (#711) * docs/client-linux.md housekeeping * add fedora-workstation instructions to client-linx.md * add deploy-from-fedora-workstation doc * change client-linux.md to internal link * add deploy-from-fedora-workstation links * correct markup * correct typo 2017-11-12 22:10:19 +00:00			`### Required variables`
Some fixes. Fedora client. Close #44 2017-03-04 20:05:02 +00:00
Update CLIENT.md 2017-03-04 20:08:31 +00:00			* `client_ip` - The IP address of your client machine (You can use `localhost` in order to deploy locally)
			* `vpn_user` - The username. (Ensure that you have valid certificates and keys in the `configs/SERVER_ip/pki/` directory)
client fixes (#605) 2017-06-21 17:39:54 +00:00			* `ssh_user` - The username that we need to use in order to connect to the client machine via SSH (ignore if you are deploying locally)
Update CLIENT.md 2017-03-04 20:08:31 +00:00			* `server_ip` - The vpn server ip address
Some fixes. Fedora client. Close #44 2017-03-04 20:05:02 +00:00
Docs to deploy from, and setup client on, Fedora Workstation (#711) * docs/client-linux.md housekeeping * add fedora-workstation instructions to client-linx.md * add deploy-from-fedora-workstation doc * change client-linux.md to internal link * add deploy-from-fedora-workstation links * correct markup * correct typo 2017-11-12 22:10:19 +00:00			`### Example`
Some fixes. Fedora client. Close #44 2017-03-04 20:05:02 +00:00
Reorganize documentation for GitHub pages (#378) Reorganize documentation for clarity and use with GitHub pages static site generator. This closes #371. 2017-04-13 00:25:31 +00:00			```shell
client fixes (#605) 2017-06-21 17:39:54 +00:00			`ansible-playbook deploy_client.yml -e 'client_ip=client.com vpn_user=jack server_ip=vpn-server.com ssh_user=root'`
Reorganize documentation for GitHub pages (#378) Reorganize documentation for clarity and use with GitHub pages static site generator. This closes #371. 2017-04-13 00:25:31 +00:00			```
Update docs about sudo #529 2017-05-08 20:39:18 +00:00
Docs to deploy from, and setup client on, Fedora Workstation (#711) * docs/client-linux.md housekeeping * add fedora-workstation instructions to client-linx.md * add deploy-from-fedora-workstation doc * change client-linux.md to internal link * add deploy-from-fedora-workstation links * correct markup * correct typo 2017-11-12 22:10:19 +00:00			`### Additional options`

			If the user requires sudo password use the following argument: `--ask-become-pass`.

			`## OS Specific instructions`

			`Some Linux clients may require more specific and details instructions to configure a connection to the deployed Algo VPN, these are documented here.`

			`### Fedora Workstation`

			`#### (Gnome) Network Manager install`

Update the Fedora related docs. (#1470) * Update the Fedora related docs. - update for new generated config file locations - remove reference to no-longer-needed copr - update package names for further py2 changes in Fedora * switch back to the default ciphers 2019-06-06 15:58:31 +00:00			`First, install the required plugins.`
Docs to deploy from, and setup client on, Fedora Workstation (#711) * docs/client-linux.md housekeeping * add fedora-workstation instructions to client-linx.md * add deploy-from-fedora-workstation doc * change client-linux.md to internal link * add deploy-from-fedora-workstation links * correct markup * correct typo 2017-11-12 22:10:19 +00:00
			````
			`dnf install NetworkManager-strongswan NetworkManager-strongswan-gnome`
			````

			`#### (Gnome) Network Manager configuration`

			In this example we'll assume the IP of our Algo VPN server is `1.2.3.4` and the user we created is `user-name`.

			`* Go to Settings > Network`
			* Add a new Network (`+` bottom left of the window)
			`* Select IPsec/IKEv2 (strongswan)`
			`* Fill out the options:`
			`* Name: your choice, e.g.: ikev2-1.2.3.4`
			`* Gateway:`
			* Address: IP of the Algo VPN server, e.g: `1.2.3.4`
Update the Fedora related docs. (#1470) * Update the Fedora related docs. - update for new generated config file locations - remove reference to no-longer-needed copr - update package names for further py2 changes in Fedora * switch back to the default ciphers 2019-06-06 15:58:31 +00:00			* Certificate: `cacert.pem` found at `/path/to/algo/configs/1.2.3.4/ipsec/.pki/cacert.pem`
Docs to deploy from, and setup client on, Fedora Workstation (#711) * docs/client-linux.md housekeeping * add fedora-workstation instructions to client-linx.md * add deploy-from-fedora-workstation doc * change client-linux.md to internal link * add deploy-from-fedora-workstation links * correct markup * correct typo 2017-11-12 22:10:19 +00:00			`* Client:`
			`* Authentication: Certificate/Private key`
Update the Fedora related docs. (#1470) * Update the Fedora related docs. - update for new generated config file locations - remove reference to no-longer-needed copr - update package names for further py2 changes in Fedora * switch back to the default ciphers 2019-06-06 15:58:31 +00:00			* Certificate: `user-name.crt` found at `/path/to/algo/configs/1.2.3.4/ipsec/.pki/certs/user-name.crt`
			* Private key: `user-name.key` found at `/path/to/algo/configs/1.2.3.4/ipsec/.pki/private/user-name.key`
Docs to deploy from, and setup client on, Fedora Workstation (#711) * docs/client-linux.md housekeeping * add fedora-workstation instructions to client-linx.md * add deploy-from-fedora-workstation doc * change client-linux.md to internal link * add deploy-from-fedora-workstation links * correct markup * correct typo 2017-11-12 22:10:19 +00:00			`* Options:`
			`* Check Request an inner IP address, connection will fail without this option`
			`* Optionally check Enforce UDP encapsulation`
			`* Optionally check Use IP compression`
			`* For the later 2 options, hover to option in the settings to see a description`
			`* Cipher proposal:`
			`* Check Enable custom proposals`
Update the Fedora related docs. (#1470) * Update the Fedora related docs. - update for new generated config file locations - remove reference to no-longer-needed copr - update package names for further py2 changes in Fedora * switch back to the default ciphers 2019-06-06 15:58:31 +00:00			* IKE: `aes256gcm16-prfsha512-ecp384`
			* ESP: `aes256gcm16-ecp384`
Fixed path in Network Manager section (#860) "configs" directory missing in paths. 2018-03-29 21:33:18 +00:00			`* Apply and turn the connection on, you should now be connected`