Archives
/
algo
mirror of https://github.com/trailofbits/algo
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Update the Fedora related docs. (#1470)

Browse Source 
* Update the Fedora related docs.

- update for new generated config file locations
- remove reference to no-longer-needed copr
- update package names for further py2 changes in Fedora

* switch back to the default ciphers
pull/1476/head
Bill Nottingham 5 years ago committed by Jack Ivanov
parent baa6efc666
commit 4064bc281a
2 changed files with 16 additions and 41 deletions
Show Stats Download Patch File Download Diff File

27
docs/client-linux.md
Unescape Escape View File

@ -29,27 +29,12 @@ Some Linux clients may require more specific and details instructions to configu
#### (Gnome) Network Manager install
We'll use the [rsclarke/NetworkManager-strongswan](https://copr.fedorainfracloud.org/coprs/rsclarke/NetworkManager-strongswan/) Copr repo (see [this comment](https://github.com/trailofbits/algo/issues/263#issuecomment-327820191)), this will make the `IKE` and `ESP` fields available in the Gnome Network Manager. Note that at time of writing the non-Copr repo will result in connection failures. Also note that the Copr repo *instructions are not filled in by author. Author knows what to do. Everybody else should avoid this repo*. So unless you are comfortable with using this repo, you'll want to hold out untill the patches applied in the Copr repo make it into stable.
First remove the stable `NetworkManager-strongswan` package, ensure you have backups in place and / or take note of config backups taken during the removal of the package.
````
dnf remove NetworkManager-strongswan
````
Next, enable the Copr repo and install it along with the `NetworkManager-strongswan-gnome` package:
First, install the required plugins.
````
dnf copr enable -y rsclarke/NetworkManager-strongswan
dnf install NetworkManager-strongswan NetworkManager-strongswan-gnome
````
Reboot your machine:
````
reboot now
````
#### (Gnome) Network Manager configuration
In this example we'll assume the IP of our Algo VPN server is `1.2.3.4` and the user we created is `user-name`.
@ -61,11 +46,11 @@ In this example we'll assume the IP of our Algo VPN server is `1.2.3.4` and the
* Name: your choice, e.g.: *ikev2-1.2.3.4*
* Gateway:
* Address: IP of the Algo VPN server, e.g: `1.2.3.4`
* Certificate: `cacert.pem` found at `/path/to/algo/configs/1.2.3.4/cacert.pem`
* Certificate: `cacert.pem` found at `/path/to/algo/configs/1.2.3.4/ipsec/.pki/cacert.pem`
* Client:
* Authentication: *Certificate/Private key*
* Certificate: `user-name.crt` found at `/path/to/algo/configs/1.2.3.4/pki/certs/user-name.crt`
* Private key: `user-name.key` found at `/path/to/algo/configs/1.2.3.4/pki/private/user-name.key`
* Certificate: `user-name.crt` found at `/path/to/algo/configs/1.2.3.4/ipsec/.pki/certs/user-name.crt`
* Private key: `user-name.key` found at `/path/to/algo/configs/1.2.3.4/ipsec/.pki/private/user-name.key`
* Options:
* Check *Request an inner IP address*, connection will fail without this option
* Optionally check *Enforce UDP encapsulation*
@ -73,6 +58,6 @@ In this example we'll assume the IP of our Algo VPN server is `1.2.3.4` and the
* For the later 2 options, hover to option in the settings to see a description
* Cipher proposal:
* Check *Enable custom proposals*
* IKE: `aes256gcm16-prfsha512-ecp384,aes256-sha2_512-prfsha512-ecp384,aes256-sha2_384-prfsha384-ecp384`
* ESP: `aes256gcm16-ecp384,aes256-sha2_512-prfsha512-ecp384`
* IKE: `aes256gcm16-prfsha512-ecp384`
* ESP: `aes256gcm16-ecp384`
* Apply and turn the connection on, you should now be connected

30
docs/deploy-from-fedora-workstation.md
Unescape Escape View File

@ -1,6 +1,6 @@
# Deploy from Fedora Workstation
These docs were written based on experience on Fedora Workstation 26.
These docs were written based on experience on Fedora Workstation 30.
## Prerequisites
@ -14,7 +14,7 @@ Using `python2-*` in favour of `python3-*` as per [declared dependency](https://
| `build-essential` | `make automake gcc gcc-c++ kernel-devel` |
| `libssl-dev` | `openssl-devel` |
| `libffi-dev` | `libffi-devel` |
| `python-dev` | `python-devel` |
| `python-dev` | `python2-devel` |
| `python-pip` | `python2-pip` |
| `python-setuptools` | `python2-setuptools` |
| `python-virtualenv` | `python2-virtualenv` |
@ -39,10 +39,14 @@ dnf install -y \
openssl-devel \
libffi-devel \
libselinux-python \
python-devel \
python2-devel \
python2-pip \
python2-setuptools \
python2-virtualenv \
python2-crypto \
python2-pyyaml \
python2-pyOpenSSL \
python2-libselinux \
make
````
@ -70,29 +74,15 @@ Run `pip -v` and check the python version it is using:
````
$ pip -V
pip 9.0.1 from /usr/lib/python2.7/site-packages (python 2.7)
pip 19.0.3 from /usr/lib/python2.7/site-packages (python 2.7)
````
`python 2.7` is what we're looking for.
### `pip` upgrade and installs
````
# Upgrade pip itself
pip -q install --upgrade pip
# python-devel needed to prevent setup.py crash
pip -q install pycrypto
# pycrypto 2.7.1 needed for latest security patch
# This may need to run with sudo to complete without permission violations
pip -q install setuptools --upgrade
# virtualenv to make installing dependencies easier
pip -q install virtualenv
````
### Setup virtualenv and install requirements
````
virtualenv --system-site-packages env
python2 -m virtualenv --system-site-packages env
source env/bin/activate
pip -q install --user -r requirements.txt
````
@ -110,7 +100,7 @@ We can now deploy our server by running:
````
Ensure to allow Windows / Linux clients when going through the config options.
Note the IP and password of the newly created Alfo VPN server and store it safely.
Note the IP and password of the newly created Algo VPN server and store it safely.
If you want to setup client config on your Fedora Workstation, refer to [the Linux Client docs](client-linux.md).

Write Preview
Loading…
Cancel
Save