Archives/algo - algo - blob42 source forge

Commit Graph

Author	SHA1	Message	Date
Micah R Ledbetter	e944ee993a	Embed certs into Windows deployment scripts (#840 ) - Obviate need to copy separate script and certificate files - Allow execution from any directory, not just the script's parent directory (no assumption of any particular working directory) - Fix docs that neglected to mention copying cacert.pem - Fix docs that incorrectly referred to the user cert store As part of this work, rewrite the windows_client.ps1.j2 deployment script template - Add comment-based help - Require admin privileges - Use a Param() block - Use parameter sets with -Add and -Remove switches - Add the -GetInstalledCerts switch, to list any Algo certificates installed the machine's cert store - Add the -SaveCerts switch, to save the embedded certificates to files - Put Jinja2 variables inside Powershell variables, - Use native Powershell cmdlets rather than shell out to certutil.exe - Add a playbook to regenerate the windows_USER.ps1 scripts	7 years ago
Micah R Ledbetter	4b0aea8f5a	Document iptables rules (#854 ) * Remove firewall rule related to the old proxy role * Remove proxy conditionals from mobileconfig template * Add comments explaining firewall rules	7 years ago
Jack Ivanov	78830d96aa	Android: add the CA and set the ciphers explicitly (#837 )	7 years ago
Jack Ivanov	4e4440a318	Exclude CA from P12 (#835 )	7 years ago
adamluk	b30f6db079	Update rules.v6.j2 (#818 ) Updated to use -m conntrack for consistency as per the other IPv6 rules.	7 years ago
Julie Bernosky	dc4dff040e	Add StrongSwan log level config option to ipsec.conf template (#700 )	7 years ago
Jack Ivanov	ee7264f26e	Ask users to enter the p12 password manually (#697 )	7 years ago
Jack Ivanov	6b803e069f	LibreSSL fix #625 (#685 )	7 years ago
Jack Ivanov	9d8e39f63d	Move back to the Xenial repo (#606 )	7 years ago
Jack Ivanov	0131505195	Enhance PS1 script (#510 ) update docs Update README.md update readme	7 years ago
Jack Ivanov	40e0363b18	Add html helper for Android (#554 ) * add html helper #280 move to the new local schema fix a typo * Update client-android.md	7 years ago
Jack Ivanov	9f698fdd68	Get strongswan from the Zesty repo on Xenial (#515 )	8 years ago
Jack Ivanov	2f5c050fd2	dpdaction to clear (#498 )	8 years ago
Jack Ivanov	0ed68b6c30	Properly configure ICMP restrictions (#492 )	8 years ago
Ryan Kasper	0cb43650cb	Windows 10 -PfsGroup None --> -PfsGroup ECP256 (#493 ) * Windows 10 -PfsGroup None --> -PfsGroup ECP256 Fixes broken tunnel when rekey (CREATE_CHILD_SA request [ N(REKEY_SA) SA No TSi TSr KE ]) occurs (on my Windows 10 1703 build 15063.138 Creator's Update system this is ~every 57 minutes) * Update Windows Client PfsGroup Commandline	8 years ago
Jack Ivanov	540c761d3b	Disable RSA in the mobileconfigs. Fixes #486	8 years ago
Jack Ivanov	451394100d	Some enhances in the compat ciphers (#464 ) raise the IntegrityCheckMethod to SHA384 Move Windows to ECDSA Increase IntegrityCheckMethod	8 years ago
Jack Ivanov	c3fcfe5d0d	Let users choose the distro version #449 (#466 ) Make dpdaction great again add 1704 to travis Make EC2 image name more convenient modify apparmor profile	8 years ago
Andy Boutte	76cdc69548	CF tested and working for EC2 deployment (#431 ) * AWS CloudFormation #132 * IPv6 EC2 draft * CF tested and working for EC2 deployment * IPv6 Implementation, EC2, Cloudformation * Fixed ipv6 networking * adding ip6tables rule for DHCP on AWS	8 years ago
Dan Guido	8173b84ff8	Change uniqueids back to never (#448 ) We need this to allow multiple connections with the same id/certificate	8 years ago
Dan Guido	1778cb1f45	disable dpd #430 (#437 ) Closes #430	8 years ago
Jack Ivanov	fa5a956193	Add URLStringProbe (#428 ) * Add URLStringProbe * switch to Apple's hotspot-detect.html	8 years ago
Jack Ivanov	ea5976f49b	write logs to file if BSD only	8 years ago
mathew19	ae43ed6f81	Update client_ipsec.secrets.j2 (#414 ) Fix filename in client ipsec_user.secrets	8 years ago
mathew19	5e56996f5c	Fix name (#411 )	8 years ago
Jack Ivanov	c61a07fb60	Escaping Special Characters #388 (#403 )	8 years ago
Jack Ivanov	56a72e5af2	New ciphers implementing #247 (#352 ) Switches to SHA2_512_256 HMAC integrity algorithm and adds cipher compatibility for other platforms.	8 years ago
Dan Guido	e55ce03906	URLStringProbe with this URL does not work as intended	8 years ago
Dan Guido	5e22b79033	Add configuration for URL probes to Apple profile Chrome and Android both request a known URL that generates HTTP 204 No Content responses to determine if they have internet connectivity. In Apple profiles, we can use the same URL to determine whether the VPN needs to connect. Using this feature will help save battery life for lots of users.	8 years ago
Jack Ivanov	47515154bb	add mtu in the sswan profile	8 years ago
Dan Guido	655a917dd2	iptables filter table fix (#285 )	8 years ago
Jack Ivanov	6facb6cb4f	FreeBSD / HardenedBSD (#262 ) * FreeBSD draft ifconfig fix Pre-tasks fixes fix hardcoded IP some refactoring disable system-based tags disable freebsd tags FreeBSD vpn role add defaults ssh role freebsd default fix dns_adblocking freebsd ubuntu dict fix * HardenedBSD update-users BSD * Rebuild the kernel docs changing	8 years ago
Jack Ivanov	49ba1f76b4	Some improvements in the mobileconfig. Fixes #270	8 years ago
Jack Ivanov	aca036142f	AndroidVPNClientProfiles #240	8 years ago
Jack Ivanov	20ebd7a595	rename connection	8 years ago
akirilov	05ab1f5feb	Modified certificate generation to address issues #234 and #228 (#235 ) * Modified certificate generation to address issues #234 and #228 I have made the following modifications to comply with the IKEv2 client certificate requirements: - Changed client certificate CN to {{ IP_subject_alt_name }}_{{ item }} from {{ item }} - Changed client certificate SAN to {{IP_subject_alt_name }} from {{ item }} - Added clientAuth to client certificate EKU I have made the following changes to address a mismatch in the windows deployment script and file names: - Changed the client certificate (.p12) filename in config/{{ IP_subject_alt_name }} to {{ IP_subject_alt_name}}_{{ item }}.p12 from {{ item }}.p12 to match the ps1 script Testing: I have tested the changes on Windows 10 client, Ubuntu 16.04.1 server (DigitalOcean) - the config described in Issue #234 I apologize for not being able to test on other configurations. I hope that someone else can verify my changes * fixed iOS issues * fixed accidentall user change * simplified changes * Final iteration. I think that's all I can do to minimize the changes	8 years ago
Jack Ivanov	35faf4bca7	Local openssl tasks (#169 ) * Draft works with ECDSA RSA support for Windows * update-users with local_openssl_tasks * move prompts to the algo script * additional directory for SSH keys * move easyrsa_p12_export_password to pre_tasks * update-users testing * Fix hardcoded vars * Delete the CA key * Hardcoded IP. Fixes #219 * Some fixes	8 years ago
Jack Ivanov	3e852caf04	disable compression #146	8 years ago
Glenn Rempe	9a46b671f7	Fixes #198 , replace typo ECXLUDE with EXCLUDE	8 years ago
Damian Gerow	b444398fab	Drop the MSS for GCE instances	8 years ago
kennwhite	d2aa52f4e9	UX hint on profile name Add explicit label for Algo-generated VPNs. If the user has multiple (non-Algo) VPNs for home/office, there is typically a label other than an IP address and "IKEv2". This can be seen, for example, on OSX on the top menu bar for networks.	8 years ago
Jack Ivanov	2c9c3ccb09	Fixed #146	8 years ago
Jack Ivanov	8b0fe4d8f3	Block client-to-client traffic. Fixed #166	8 years ago
Jack Ivanov	ecb6b498b9	unnecessarry to use such way Fixed #162	8 years ago
Jack Ivanov	0269cafff7	DNS fix	8 years ago
Jack Ivanov	8a0c5ab971	Windows support implemented	8 years ago
Jack Ivanov	f6166ccde4	modify ciphers #9	8 years ago
Jack Ivanov	e90b58802d	fix in the mobileconfig template	8 years ago
Jack Ivanov	2cb98b4516	Windows RSA support #9	8 years ago
Jack Ivanov	ee95846445	mobileconfig fix	8 years ago

1 2

65 Commits (a8b4a47a884cc0c357205f80ae790d7613218a5d)