* update variable name to store_pki
* Document BetweenClients_DROP
* Update README.md
* Update faq.md
* VPN On Demand is for Apple IPSEC clients only
* How to update users from cloud-init
* How to monitor user activity
* Fix typo
* Update FAQ about WireGuard, fix typos
* Correct locations of install log and user configs
* Update-users from cloud-init
* Update features list
* More "IPsec" and "WireGuard" changes
* fixed broken link/absent link in FAQ
* Python version README fix for #1622
* road warrior instructions
* Update index.md
* Reorganize config.cfg
As per @davidemyers suggestions
* Further config changes
As per feedback, also better explanation of keys_clean_all
* Add road warrior instructions to FAQ
* Remove specific ports from RW instructions
* Update README.md
As noted in #1599 we don't have any instructions for CentOS 7. Closes#1599
* Update README.md
Co-Authored-By: David Myers <dem@myersnet.net>
* Point additional docs to index.md
* Update index.md
Moves existing links from readme.md over to update this separate (previously out-of-date, redundant) page.
* Update documented Ansible roles
* Fix broken links in index.md
* Complete index.md
As a general rule all docs should be linked to from the index file. No?
* Update SSH access instructions
* Clarify SSH access instructions
* Delete setup-roles.md
* Update deploy-from-ansible.md
Change header, insert text from setup-roles.md
* Remove link to setup-roles from index.md
* Fix typos
* Update deploy-from-ansible.md
Document other `--skip-tags` options, as well as examples for Vultr and Scaleway variables.
* Update deploy-from-ansible.md
Added region examples for AWS and Lightsail. Happy to add other examples if people have experience with other providers.
* Update cloud-vultr.md
More fleshed-out instructions for generating an API key and saving the file. Also notes the default ansible behavior of looking for the file in `~/.vultr.ini`.
* Update README.md
<!--- Provide a general summary of your changes in the Title above -->
## Description
Renames the vpn role to strongswan, and split up the variables to support 2 separate VPNs. Closes#1330 and closes#1162
Configures Ansible to use python3 on the server side. Closes#1024
Removes unneeded playbooks, reorganises a lot of variables
Reorganises the `config` folder. Closes#1330
<details><summary>Here is how the config directory looks like now</summary>
<p>
```
configs/X.X.X.X/
|-- ipsec
| |-- apple
| | |-- desktop.mobileconfig
| | |-- laptop.mobileconfig
| | `-- phone.mobileconfig
| |-- manual
| | |-- cacert.pem
| | |-- desktop.p12
| | |-- desktop.ssh.pem
| | |-- ipsec_desktop.conf
| | |-- ipsec_desktop.secrets
| | |-- ipsec_laptop.conf
| | |-- ipsec_laptop.secrets
| | |-- ipsec_phone.conf
| | |-- ipsec_phone.secrets
| | |-- laptop.p12
| | |-- laptop.ssh.pem
| | |-- phone.p12
| | `-- phone.ssh.pem
| `-- windows
| |-- desktop.ps1
| |-- laptop.ps1
| `-- phone.ps1
|-- ssh-tunnel
| |-- desktop.pem
| |-- desktop.pub
| |-- laptop.pem
| |-- laptop.pub
| |-- phone.pem
| |-- phone.pub
| `-- ssh_config
`-- wireguard
|-- desktop.conf
|-- desktop.png
|-- laptop.conf
|-- laptop.png
|-- phone.conf
`-- phone.png
```
</p>
</details>
## Motivation and Context
This refactoring is focused to aim to the 1.0 release
## How Has This Been Tested?
Deployed to several cloud providers with various options enabled and disabled
## Types of changes
<!--- What types of changes does your code introduce? Put an `x` in all the boxes that apply: -->
- [x] Refactoring
## Checklist:
<!--- Go over all the following points, and put an `x` in all the boxes that apply. -->
<!--- If you're unsure about any of these, don't hesitate to ask. We're here to help! -->
- [x] I have read the **CONTRIBUTING** document.
- [x] My code follows the code style of this project.
- [x] My change requires a change to the documentation.
- [x] I have updated the documentation accordingly.
- [x] All new and existing tests passed.
* Document using WireGuard app on macOS
* Update README.md
* Make WireGuard the default for Apple devices
* clarify user list
* fix tests
* connect on demand
* Add documentation on how to setup GCE accounts
This commit adds the steps needed to create a credential with the needed access on Google Cloud Platform to be able to successfully create a new algo VPN.
Related to:
- https://github.com/trailofbits/algo/issues/682
- https://github.com/trailofbits/algo/issues/658
* Adds links on main README to GCP
* Adds link to Ansible documentation
* Update cloud-gce.md
- Adds missing providers to the documentation with links.
- Mentions that your own server install needs to be an Ubuntu 16.04 LTS distro
- Emphasize that the p12 certificate password will only be available once
- Obviate need to copy separate script and certificate files
- Allow execution from any directory, not just the script's parent
directory (no assumption of any particular working directory)
- Fix docs that neglected to mention copying cacert.pem
- Fix docs that incorrectly referred to the user cert store
As part of this work, rewrite the windows_client.ps1.j2 deployment
script template
- Add comment-based help
- Require admin privileges
- Use a Param() block
- Use parameter sets with -Add and -Remove switches
- Add the -GetInstalledCerts switch, to list any Algo certificates
installed the machine's cert store
- Add the -SaveCerts switch, to save the embedded certificates to files
- Put Jinja2 variables inside Powershell variables,
- Use native Powershell cmdlets rather than shell out to certutil.exe
- Add a playbook to regenerate the windows_USER.ps1 scripts
Changed the single-line virtualenv setup script into multi-line one. Should be equivalent to what it was before, and now viewable/copy-able without scrolling.
