Commit Graph

201 Commits

Author SHA1 Message Date
TC1977
baa6efc666 Clarify: CA key must be saved to be able to update users (#1460)
* Update README.md

* certificate -> key
2019-06-06 09:45:42 +02:00
Jack Ivanov
a2fdc509e1
Support for Ubuntu 19.04 (#1405)
* Ubuntu 19.04

* Azure to 19.04
2019-05-30 20:57:47 +02:00
David Myers
98f89adeba Add reference to Fedora docs in README (#1456) 2019-05-30 14:07:22 +02:00
TC1977
38ebe4893d Update docs (#1430)
* Point additional docs to index.md

* Update index.md

Moves existing links from readme.md over to update this separate (previously out-of-date, redundant) page.

* Update documented Ansible roles

* Fix broken links in index.md

* Complete index.md

As a general rule all docs should be linked to from the index file. No?

* Update SSH access instructions

* Clarify SSH access instructions

* Delete setup-roles.md

* Update deploy-from-ansible.md

Change header, insert text from setup-roles.md

* Remove link to setup-roles from index.md

* Fix typos

* Update deploy-from-ansible.md

Document other `--skip-tags` options, as well as examples for Vultr and Scaleway variables.

* Update deploy-from-ansible.md

Added region examples for AWS and Lightsail. Happy to add other examples if people have experience with other providers.
2019-05-16 21:01:01 +02:00
Rémy Léone
826a2c5036 Add documentation about Scaleway credentials (#1419) 2019-05-12 11:21:55 +02:00
TC1977
b7a448350a Update cloud-vultr.md (#1406)
* Update cloud-vultr.md

More fleshed-out instructions for generating an API key and saving the file. Also notes the default ansible behavior of looking for the file in `~/.vultr.ini`.

* Update README.md
2019-04-26 06:54:37 +02:00
TC1977
505538bcbb Update README.md (#1380)
Add mention of Wireguard SSID exclusion ability.
2019-04-17 11:44:58 -04:00
Dan Guido
db34d55b78
AGPLv3 change (#1351) 2019-03-17 11:19:24 -04:00
Jack Ivanov
273c7665d3 Refactoring (#1334)
<!--- Provide a general summary of your changes in the Title above -->

## Description
Renames the vpn role to strongswan, and split up the variables to support 2 separate VPNs. Closes #1330 and closes #1162
Configures Ansible to use python3 on the server side. Closes #1024 
Removes unneeded playbooks, reorganises a lot of variables
Reorganises the `config` folder. Closes #1330
<details><summary>Here is how the config directory looks like now</summary>
<p>

```
configs/X.X.X.X/
|-- ipsec
|   |-- apple
|   |   |-- desktop.mobileconfig
|   |   |-- laptop.mobileconfig
|   |   `-- phone.mobileconfig
|   |-- manual
|   |   |-- cacert.pem
|   |   |-- desktop.p12
|   |   |-- desktop.ssh.pem
|   |   |-- ipsec_desktop.conf
|   |   |-- ipsec_desktop.secrets
|   |   |-- ipsec_laptop.conf
|   |   |-- ipsec_laptop.secrets
|   |   |-- ipsec_phone.conf
|   |   |-- ipsec_phone.secrets
|   |   |-- laptop.p12
|   |   |-- laptop.ssh.pem
|   |   |-- phone.p12
|   |   `-- phone.ssh.pem
|   `-- windows
|       |-- desktop.ps1
|       |-- laptop.ps1
|       `-- phone.ps1
|-- ssh-tunnel
|   |-- desktop.pem
|   |-- desktop.pub
|   |-- laptop.pem
|   |-- laptop.pub
|   |-- phone.pem
|   |-- phone.pub
|   `-- ssh_config
`-- wireguard
    |-- desktop.conf
    |-- desktop.png
    |-- laptop.conf
    |-- laptop.png
    |-- phone.conf
    `-- phone.png
```

![finder](https://i.imgur.com/FtOmKO0.png)

</p>
</details>

## Motivation and Context
This refactoring is focused to aim to the 1.0 release

## How Has This Been Tested?
Deployed to several cloud providers with various options enabled and disabled

## Types of changes
<!--- What types of changes does your code introduce? Put an `x` in all the boxes that apply: -->
- [x] Refactoring

## Checklist:
<!--- Go over all the following points, and put an `x` in all the boxes that apply. -->
<!--- If you're unsure about any of these, don't hesitate to ask. We're here to help! -->
- [x] I have read the **CONTRIBUTING** document.
- [x] My code follows the code style of this project.
- [x] My change requires a change to the documentation.
- [x] I have updated the documentation accordingly.
- [x] All new and existing tests passed.
2019-03-10 13:16:34 -04:00
David Myers
df3d547fb3 Document using WireGuard app on macOS (#1327)
* Document using WireGuard app on macOS

* Update README.md

* Make WireGuard the default for Apple devices

* clarify user list

* fix tests

* connect on demand
2019-02-17 18:38:19 -05:00
Jack Ivanov
b8e1c253c6
Fixes #1305 2019-01-23 07:14:37 +01:00
David Myers
f25415dde3 Document using WireGuard on iOS (#1266) 2019-01-23 07:12:43 +01:00
Jack Ivanov
11ed8b8f30
Update README.md 2019-01-08 08:57:40 +01:00
David Myers
9830947dfd Sync list of supported cloud hosts (#1278) 2019-01-02 19:24:18 -05:00
TC1977
5d74ded90f Update README.md (#1286)
Adds Wireguard to the first line.
2019-01-02 19:23:37 -05:00
Michael Schubert
0177284fea README: fix small typos (#1262) 2018-12-20 09:20:39 -05:00
Jack Ivanov
a66d8f0069 on-build python venvs (#1199) 2018-11-22 13:04:58 -05:00
Aleksander
465cbeb7e0 Update StrongSwan setup docs (#1181) 2018-10-30 07:59:50 +01:00
Bruno Tavares
54a91447bf Add documentation on how to setup GCE accounts (#1164)
* Add documentation on how to setup GCE accounts

This commit adds the steps needed to create a credential with the needed access on Google Cloud Platform to be able to successfully create a new algo VPN.

Related to:
- https://github.com/trailofbits/algo/issues/682
- https://github.com/trailofbits/algo/issues/658

* Adds links on main README to GCP

* Adds link to Ansible documentation

* Update cloud-gce.md
2018-10-28 09:35:43 +03:00
Jack Ivanov
3468d27e61 Lightsail back (#1157) 2018-10-22 16:49:18 -04:00
David Myers
ee3cb979f7 Document how to use WireGuard on Ubuntu clients (#1071) 2018-08-28 17:25:40 +03:00
Jack Ivanov
635e7ff1af
Update README.md 2018-08-27 20:23:51 +03:00
Mike Myers
c65961a1f3 Amazon ec2 documentation (#1035)
* Add link to documentation on Amazon EC2 setup

* Add images to document the AWS EC2 account setup

* Create AWS EC2 setup instructions

* remove line breaks

* remove line breaks

* Add images documenting AWS EC2 policy creation

* Update image showing advised minimum AWS policy

* Add instructions for minimum AWS permission policy

* Delete aws-ec2-attach-policy.png

* Updated image to reflect new AWS policy guidance

* Delete aws-ec2-new-user-confirm.png

* Updated image to reflect new AWS policy guidance
2018-07-22 17:58:09 -04:00
Jack Ivanov
daca84b640 Update references to 18.04 2018-05-30 17:11:32 +03:00
Jack Ivanov
3488e660ad Add WireGuard support for Android (#910)
* WireGuard Implementation

* Update client-android.md

* Update README.md

* WireGuard unattended upgrades

* Update README.md

* reload-module-on-update and syntax fix

* SaveConfig to true

* Azure firewall. Fixes #962

* Update README.md

* Update client-android.md
2018-05-24 08:15:27 -07:00
pguizeline
daf609ea03 Update README.md (#931)
- Adds missing providers to the documentation with links.
- Mentions that your own server install needs to be an Ubuntu 16.04 LTS distro
- Emphasize that the p12 certificate password will only be available once
2018-05-08 13:57:21 -07:00
Steven Crossan
4bd59bebf4 Update DO doc link in README.md (#890) 2018-04-24 19:42:23 -07:00
Cat Jones
e78df40468 adds DigitalOcean documentation (#869) 2018-04-23 15:58:40 -07:00
Micah R Ledbetter
e944ee993a Embed certs into Windows deployment scripts (#840)
- Obviate need to copy separate script and certificate files
- Allow execution from any directory, not just the script's parent
  directory (no assumption of any particular working directory)
- Fix docs that neglected to mention copying cacert.pem
- Fix docs that incorrectly referred to the user cert store

As part of this work, rewrite the windows_client.ps1.j2 deployment
script template

- Add comment-based help
- Require admin privileges
- Use a Param() block
- Use parameter sets with -Add and -Remove switches
- Add the -GetInstalledCerts switch, to list any Algo certificates
  installed the machine's cert store
- Add the -SaveCerts switch, to save the embedded certificates to files
- Put Jinja2 variables inside Powershell variables,
- Use native Powershell cmdlets rather than shell out to certutil.exe
- Add a playbook to regenerate the windows_USER.ps1 scripts
2018-03-28 11:20:43 -07:00
Utkan Gezer
32cbec6f5b Multi-line virtualenv setup script (#829)
Changed the single-line virtualenv setup script into multi-line one. Should be equivalent to what it was before, and now viewable/copy-able without scrolling.
2018-03-27 21:50:50 +03:00
Berry Phillips
ea7da89257 Explicitly create the virtualenv with Python2 (#823) 2018-03-08 22:16:40 -05:00
Jurgen Verhasselt
d08e525906 Docs to deploy from, and setup client on, Fedora Workstation (#711)
* docs/client-linux.md housekeeping

* add fedora-workstation instructions to client-linx.md

* add deploy-from-fedora-workstation doc

* change client-linux.md to internal link

* add deploy-from-fedora-workstation links

* correct markup

* correct typo
2017-11-12 17:10:19 -05:00
Dan Guido
95cb34b8ba Clear up methods of support even more 2017-07-15 02:10:00 -04:00
The Gitter Badger
3032c55b1f Add a Gitter chat badge to README.md (#599)
* Add Gitter badge

* Create README.md
2017-06-10 12:33:30 -04:00
The Gitter Badger
be200b33bf Add a Gitter chat badge to README.md (#598)
* Add Gitter badge

* Update README.md
2017-06-10 12:28:43 -04:00
bhawkins
6fb5204289 Note different admin usernames (refs trailofbits/algo#557). (#564) 2017-05-31 09:02:53 -04:00
Dan Guido
e13a76d1f3 Update README.md 2017-05-23 11:36:04 -04:00
Dan Guido
695f9936a0 Update README.md 2017-05-23 11:33:46 -04:00
Jack Ivanov
0131505195 Enhance PS1 script (#510)
update docs

Update README.md

update readme
2017-05-23 11:31:53 -04:00
Dan Guido
97248fce19 Default to DigitalOcean rather than AWS for the README 2017-05-23 11:30:26 -04:00
Job Evers‐Meltzer
bc604fb3e2 Update instructions on README (#547)
Tweaked README instructions as the paths were slightly different.
2017-05-13 12:25:36 -04:00
Dan Guido
e3c5015f2e Aws documentation (#505)
* Add AWS and Cloudformation specific docs

Closes #482
Closes #468

* readme enhancements

* various grammatical issues fixed
2017-04-30 14:28:44 -04:00
Dan Guido
a97b210ee8 Update README.md 2017-04-29 14:39:55 -04:00
Ryan Kasper
0cb43650cb Windows 10 -PfsGroup None --> -PfsGroup ECP256 (#493)
* Windows 10 -PfsGroup None --> -PfsGroup ECP256

Fixes broken tunnel when rekey (CREATE_CHILD_SA request [ N(REKEY_SA) SA No TSi TSr KE ]) occurs (on my Windows 10 1703 build 15063.138 Creator's Update system this is ~every 57 minutes)

* Update Windows Client PfsGroup Commandline
2017-04-27 12:46:50 -04:00
Nicholas
aea22475c3 Fixed broken links to ansible deployment instructions (#484)
* Fixed broken link in EC2 IAM instructions

* Fixed broken in step 6 of instructions
2017-04-24 16:53:58 +02:00
Dan Guido
31d6bd39a1 The docs got out of sync with the scripts (#480)
* The docs got out of sync with the scripts

* restructure

* fix links
2017-04-23 16:36:30 -04:00
Dan Guido
0d1c760a63 Doc improvements (#479)
* cleanup

* typos

* Closes #289

Add instructions for connecting to the VPN and configuring on demand.
2017-04-23 14:54:54 -04:00
Dan Guido
cbb8237a4c fix link (#472) 2017-04-22 16:52:02 -04:00
Dan Guido
3aa4b6e8df Add linters to our CI (#471) 2017-04-22 14:57:39 -04:00
Jay Little
f75c857656 Fix broken links. (#469) 2017-04-22 14:00:16 -04:00