Commit Graph

723 Commits

Author SHA1 Message Date
Ryan Kasper
0cb43650cb Windows 10 -PfsGroup None --> -PfsGroup ECP256 (#493)
* Windows 10 -PfsGroup None --> -PfsGroup ECP256

Fixes broken tunnel when rekey (CREATE_CHILD_SA request [ N(REKEY_SA) SA No TSi TSr KE ]) occurs (on my Windows 10 1703 build 15063.138 Creator's Update system this is ~every 57 minutes)

* Update Windows Client PfsGroup Commandline
2017-04-27 12:46:50 -04:00
forkbomber
f002f32836 Fix typo related to "Error 809" and filtered IKE_AUTH requests (#496) 2017-04-27 12:46:28 -04:00
Jack Ivanov
540c761d3b Disable RSA in the mobileconfigs. Fixes #486 2017-04-25 23:06:51 +02:00
Nicholas
aea22475c3 Fixed broken links to ansible deployment instructions (#484)
* Fixed broken link in EC2 IAM instructions

* Fixed broken in step 6 of instructions
2017-04-24 16:53:58 +02:00
Dan Guido
31d6bd39a1 The docs got out of sync with the scripts (#480)
* The docs got out of sync with the scripts

* restructure

* fix links
2017-04-23 16:36:30 -04:00
Jack Ivanov
451394100d Some enhances in the compat ciphers (#464)
raise the IntegrityCheckMethod to SHA384

Move Windows to ECDSA

Increase IntegrityCheckMethod
2017-04-23 16:00:37 -04:00
Dan Guido
0d1c760a63 Doc improvements (#479)
* cleanup

* typos

* Closes #289

Add instructions for connecting to the VPN and configuring on demand.
2017-04-23 14:54:54 -04:00
Dan Guido
aac052da46 this option is deprecated (#477) 2017-04-23 09:04:30 -04:00
Dan Guido
8c430bd555 typo (#474) 2017-04-22 22:38:29 -04:00
Jack Ivanov
2782df8cfd Move back to 16.04. Forgot to change after testing 2017-04-22 23:09:37 +02:00
Jack Ivanov
c3fcfe5d0d Let users choose the distro version #449 (#466)
Make dpdaction great again

add 1704 to travis

Make EC2 image name more convenient

modify apparmor profile
2017-04-22 17:06:10 -04:00
Dan Guido
cbb8237a4c fix link (#472) 2017-04-22 16:52:02 -04:00
Dan Guido
3aa4b6e8df Add linters to our CI (#471) 2017-04-22 14:57:39 -04:00
Jay Little
f75c857656 Fix broken links. (#469) 2017-04-22 14:00:16 -04:00
Dan Guido
39822a1b4e Add back table of contents (#463)
* toc

* shift left

* derp
2017-04-21 12:20:33 -04:00
Dan Guido
b94b455aba typo 2017-04-20 18:28:16 -04:00
Dan Guido
22e145c241 Update documentation to include minimum required IAM policy (#461)
* Updating documentation to include minimum required IAM polcy. Closes

* Slightly more concise
2017-04-20 18:15:31 -04:00
Andy Boutte
76cdc69548 CF tested and working for EC2 deployment (#431)
* AWS CloudFormation #132

* IPv6 EC2 draft

* CF tested and working for EC2 deployment

* IPv6 Implementation, EC2, Cloudformation

* Fixed ipv6 networking

* adding ip6tables rule for DHCP on AWS
2017-04-20 18:04:57 -04:00
Dan Guido
0e4aace6b6 Update deploy-to-ubuntu.md 2017-04-20 18:00:55 -04:00
Jack Ivanov
a7b06058cb remove the proxy role #440 (#457)
* remove the proxy role #440

* Separate facts. Make roles more independent from each other

move openssl to local tasks

move unneeded tasks
2017-04-20 18:00:17 -04:00
Dan Guido
019d729fe6 Better documentation (#459)
* Closes #443

* Remove numbers

* context

* split up local and scripted

* Closes #458

* .

* better layout

* Closes #451

* do this later

* grammar

* typo
2017-04-20 17:56:03 -04:00
Dan Guido
0b05ea19bc Windows needs SHA2-256. Closes #453. (#456) 2017-04-20 07:26:46 -04:00
Dan Guido
8173b84ff8 Change uniqueids back to never (#448)
We need this to allow multiple connections with the same id/certificate
2017-04-19 09:53:30 +02:00
Dan Guido
77700f6c8e clarification about ciphers 2017-04-18 11:22:38 -04:00
Dan Guido
b29772f146 prefer ed25519 2017-04-18 02:20:44 -04:00
Dan Guido
f9f7be7b0d Fix a typo from #439 2017-04-18 01:15:07 -04:00
Dan Guido
1778cb1f45 disable dpd #430 (#437)
Closes #430
2017-04-18 01:12:21 -04:00
Dan Guido
8e5e6d5088 remove extraneous integrity algos from AEAD ciphers (#439)
In reference to
https://github.com/trailofbits/algo/issues/9#issuecomment-294370560
2017-04-18 01:11:56 -04:00
MiWCryptAnalytics
14e8f309fe Update troubleshooting with note about ip frag (#427)
* Update troubleshooting with note about ip frag

note about ip fragmentation on consumer routers

* clarify

Closes #305
2017-04-17 23:41:04 -04:00
Jauder Ho
5b2e13d18f Only enable ChaCha cipher (#412)
* Only enable ChaCha cipher

* Add back a few ciphers for compatability
2017-04-17 23:17:40 -04:00
Jack Ivanov
fa5a956193 Add URLStringProbe (#428)
* Add URLStringProbe

* switch to Apple's hotspot-detect.html
2017-04-17 23:16:05 -04:00
Andy Boutte
aa0aadd66e Removing update to ~/.ssh/config #400 (#435) 2017-04-17 22:01:42 -04:00
George Kargiotakis
f13cc71851 Simplify localhost installations (#432)
Make it easier to install non_cloud version on localhost and
add a check whether an IP was given for IP_subject
2017-04-17 21:34:31 +02:00
Jack Ivanov
ea5976f49b write logs to file if BSD only 2017-04-17 18:12:38 +02:00
Jack Ivanov
9c12272c8c Python False-y values should be accepted. #417 (#426) 2017-04-16 16:40:24 -04:00
Dan Guido
4cd3c2e4ef Update README.md 2017-04-16 14:07:14 -04:00
Dan Guido
32d906f04d Update README.md 2017-04-16 13:58:06 -04:00
Dan Guido
98efa75b6c more endorsements! 2017-04-16 12:15:16 -04:00
Dan Guido
9a8f3d9dd0 Update README.md 2017-04-16 11:10:11 -04:00
Jack Ivanov
bdd0b85431 Upgrade pip inside virtualenv. Fixes #409 2017-04-16 16:40:10 +02:00
Jack Ivanov
16329fe088 Instance size (#404)
* Escaping Special Characters #388

* Make instance sizes more flexible to edit #355
2017-04-16 10:19:47 -04:00
Jack Ivanov
bf75a1bb03 move generating of the known_hosts file to local_action (#425) 2017-04-16 10:18:54 -04:00
Dan Guido
87316ea3ea Add note about Network Manager 2017-04-16 10:13:47 -04:00
Dan Guido
38f85a6e78 Add Linux Desktop to compatible prompt 2017-04-16 10:12:07 -04:00
Dan Guido
3ef96f7848 Update README.md 2017-04-16 10:02:34 -04:00
Dan Guido
089bf64c91 Update README.md 2017-04-16 10:00:57 -04:00
Logan Collins
de948186eb Improve Ubuntu Instructions (#419)
* Added note regarding DH group

* more complete

* clarified file sources

* remove trailing slash for consistency

* Added information on LAN Passthrough - a common home usecase
2017-04-16 09:56:17 -04:00
donlockhart
42a663983e Added East US and East US 2 regions to Azure. (#424) 2017-04-16 14:39:55 +02:00
MiWCryptAnalytics
04b61ca3d2 Increase CA key entropy to 128bit (#415)
Changes the default CA key size from 48 bit to 128bit with OpenSSL usermode CSPRNG with hex encoding
2017-04-15 16:23:15 -04:00
Jack Ivanov
02f363d825 change the order of ciphers 2017-04-15 16:36:39 +02:00