Archives
/
algo
mirror of https://github.com/trailofbits/algo
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Update README.md

Browse Source
pull/423/merge
Dan Guido 7 years ago committed by GitHub
parent de948186eb
commit 089bf64c91
1 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File

18
README.md
Unescape Escape View File

@ -130,21 +130,21 @@ Set-VpnConnectionIPsecConfiguration -ConnectionName "Algo" -AuthenticationTransf
### Linux strongSwan Clients (e.g., OpenWRT, Ubuntu Server, etc.)
Install strongSwan, then copy the included ipsec_user.conf, ipsec_user.secrets, user.crt (user certificate), and user.key (private key) files to your client device. These will require customization based on your exact use case. These files were originally generated with a point-to-point OpenWRT-based VPN in mind.
#### Ubuntu Server 16.04 example
1. Install Strongswan: `sudo apt-get install strongswan strongswan-plugin-openssl` Plugin required per [StrongSwan Documentation](https://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites), as the ECP_256 DH group is supported by the openssl plugin.
2. `/etc/ipsec.d/certs`: copy `user.crt` here from `algo-master/configs/<name>/pki/certs`.
3. `/etc/ipsec.d/private`: copy `user.key` here from `algo-master/configs/<name>/pki/private`.
4. `/etc/ipsec.d/cacerts`: copy `cacert.pem` here from `algo-master/configs/<name>/cacert.pem`.
5. `/etc/ipsec.secrets`: add your `user.key` to the list, e.g. `xx.xxx.xx.xxx : ECDSA user.key`, like in `ipsec_user.secrets` but matching the `user.key` filename.
6. `/etc/ipsec.conf`: add the connection from `ipsec_user.conf` and update the value for `leftcert` to match the `user.crt` filename.
1. `sudo apt-get install strongswan strongswan-plugin-openssl`: install strongSwan
2. `/etc/ipsec.d/certs`: copy `user.crt` from `algo-master/configs/<name>/pki/certs`
3. `/etc/ipsec.d/private`: copy `user.key` from `algo-master/configs/<name>/pki/private`
4. `/etc/ipsec.d/cacerts`: copy `cacert.pem` from `algo-master/configs/<name>/cacert.pem`
5. `/etc/ipsec.secrets`: add your `user.key` to the list, e.g. `xx.xxx.xx.xxx : ECDSA user.key`
6. `/etc/ipsec.conf`: add the connection from `ipsec_user.conf` and update `leftcert` to match the `user.crt` filename
7. `sudo ipsec restart`: pick up config changes
8. `sudo ipsec up <conn-name>`: start the ipsec tunnel
9. `sudo ipsec down <conn-name>`: shutdown the ipsec tunnel
## LAN Passthrough
To enable your device to access other devices on the LAN, add the following to `/etc/ipsec.conf`, replacing `192.168.1.1/24` with whatever subnet your LAN uses:
One common use case is to let your computer access your local LAN without going through the VPN. To enable your device to access other devices on the LAN, add the following to `/etc/ipsec.conf` and replace `192.168.1.1/24` with the subnet your LAN uses:
conn lan-passthrough
leftsubnet=192.168.1.1/24

Write Preview
Loading…
Cancel
Save