* update variable name to store_pki
* Document BetweenClients_DROP
* Update README.md
* Update faq.md
* VPN On Demand is for Apple IPSEC clients only
* How to update users from cloud-init
* How to monitor user activity
* Fix typo
* Update FAQ about WireGuard, fix typos
* Correct locations of install log and user configs
* Update-users from cloud-init
* Update features list
* More "IPsec" and "WireGuard" changes
* fixed broken link/absent link in FAQ
* Python version README fix for #1622
* road warrior instructions
* Update index.md
* Reorganize config.cfg
As per @davidemyers suggestions
* Further config changes
As per feedback, also better explanation of keys_clean_all
* Add road warrior instructions to FAQ
* Remove specific ports from RW instructions
* Added troubleshooting entry related to lack of a CA certificate in MacPorts.
* Try to fix the link
* Try to fix the link
* Try to fix the link
* line-breaking of error message
* update error message and text
* Update the Fedora related docs.
- update for new generated config file locations
- remove reference to no-longer-needed copr
- update package names for further py2 changes in Fedora
* switch back to the default ciphers
* generate service IPs dynamically
* update cloud-init tests
* exclude ipsec and wireguard ranges from the random service ip
* Update docs
* @davidemyers: update wireguard docs for linux
* Move to netaddr filter
* AllowedIPs fix
* WireGuard IPs fix
* Point additional docs to index.md
* Update index.md
Moves existing links from readme.md over to update this separate (previously out-of-date, redundant) page.
* Update documented Ansible roles
* Fix broken links in index.md
* Complete index.md
As a general rule all docs should be linked to from the index file. No?
* Update SSH access instructions
* Clarify SSH access instructions
* Delete setup-roles.md
* Update deploy-from-ansible.md
Change header, insert text from setup-roles.md
* Remove link to setup-roles from index.md
* Fix typos
* Update deploy-from-ansible.md
Document other `--skip-tags` options, as well as examples for Vultr and Scaleway variables.
* Update deploy-from-ansible.md
Added region examples for AWS and Lightsail. Happy to add other examples if people have experience with other providers.
I was going to add this onto the existing PR for docs update, but it turned out to be a little more involved and require some testing of actual deployment.
Changes the "region not available" question to reflect Algo behavior since #976. Also addresses #1413.
Adds a couple of quote marks to the Ubuntu error question, which disappeared for some reason.
* Update cloud-vultr.md
More fleshed-out instructions for generating an API key and saving the file. Also notes the default ansible behavior of looking for the file in `~/.vultr.ini`.
* Update README.md
* Update DNS filtering advice in FAQ
Updates how to temporarily disable adblocking on IPsec and Wireguard clients separately, and also updates the IPSsec command to avoid `ipsec restart` which [isn't appreciated by systemd](https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1287339).
* Update faq.md
Fix typo
* add the install script to support cloud-init and local one-shot deployments
* update travis-ci tests
* update docs
* enable no_log again
* update docs
* Document using WireGuard app on macOS
* Update README.md
* Make WireGuard the default for Apple devices
* clarify user list
* fix tests
* connect on demand
I ran into the same issue as #1058, and the solution worked.
This PR generalizes the solution and adds it to the troubleshooting documentation, making it easier to resolve for future users.
* Troubleshooting.md updates
Adds solutions to #1067 to the troubleshooting faq. Also moves a couple of answers to correspond to the headers.
* Change to Algo, strongly rec Ubuntu 18.04
* Add documentation on how to setup GCE accounts
This commit adds the steps needed to create a credential with the needed access on Google Cloud Platform to be able to successfully create a new algo VPN.
Related to:
- https://github.com/trailofbits/algo/issues/682
- https://github.com/trailofbits/algo/issues/658
* Adds links on main README to GCP
* Adds link to Ansible documentation
* Update cloud-gce.md
Ansible2.5 allows Algo to directly ask AWS for the region list, rather than have it hardcoded and updated manually. Updated the documented minimum required permissions to include "DescribeRegions".
* Refactoring, booleans declaration and update users fix
* Make server_name more FQDN compatible
* Rename variables
* Define the default value for store_cakey
* Skip a prompt about the SSH user if deploying to localhost
* Disable reboot for non-cloud deployments
* Enable EC2 volume encryption by default
* Add default server value (localhost) for the local installation
Delete empty files
* Add default region to aws_region_facts
* Update docs
* EC2 credentials fix
* Warnings fix
* Update deploy-from-ansible.md
* Fix a typo
* Remove lightsail from the docs
* Disable EC2 encryption by default
* rename droplet to server
* Disable dependencies
* Disable tls_cipher_suite
* Convert wifi-exclude to a string. Update-users fix
* SSH access congrats fix
* 16.04 > 18.04
* Dont ask for the credentials if specified in the environment vars
* GCE server name fix
Many times people are reaching VPC limits not because they're running other VPCs on AWS, but because they've already deployed several times (AWS allows five VPCs per region). This lets people know they can simply delete their old VPCs instead of contacting AWS support.
- Obviate need to copy separate script and certificate files
- Allow execution from any directory, not just the script's parent
directory (no assumption of any particular working directory)
- Fix docs that neglected to mention copying cacert.pem
- Fix docs that incorrectly referred to the user cert store
As part of this work, rewrite the windows_client.ps1.j2 deployment
script template
- Add comment-based help
- Require admin privileges
- Use a Param() block
- Use parameter sets with -Add and -Remove switches
- Add the -GetInstalledCerts switch, to list any Algo certificates
installed the machine's cert store
- Add the -SaveCerts switch, to save the embedded certificates to files
- Put Jinja2 variables inside Powershell variables,
- Use native Powershell cmdlets rather than shell out to certutil.exe
- Add a playbook to regenerate the windows_USER.ps1 scripts
* Update client-android.md
Changed Installation via profiles sections - Opening the helper html file in Chrome (v65.0.3325.109 on Android 6.0.1) does not work correctly.
* Update client-android.md
* Update client-android.md
* Creates a Docker container to run algo
* Simplistic testing of the Docker image
This simply uses the same LXC system that was just tested.
It's functional, but minimal.
* More thorough tests against Docker
This doubles the number of LXC containers in use,
but does provide a more thorough test of the Docker
image.
