Archives
/
algo
mirror of https://github.com/trailofbits/algo
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
598 Commits
5 Branches
2 Tags
10 MiB
fix/14704
dependabot/pip/ansible-9.4.0
master
dependabot/github_actions/actions/setup-python-5.1.0
dependabot/pip/jinja2-approx-eq-3.1.3
v1.1
v1.0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'f9f7be7b0d'
${ noResults }
Commit Graph

204 Commits (f9f7be7b0d9c533af2362caa235ef37e3adec09b)

Author SHA1 Message Date
Jack Ivanov d7d976784c Fixes #207 8 years ago
Jack Ivanov 8eb208c5b7 enable ipv6 if the default gateway is defined. Fixes #244 8 years ago
Craig 43c2f5c31a Installs the recommended packages with strongswan, because we need the OpenSSL (#260) 
plugin from libstrongswan-standard-plugins for ECDH to work.
 8 years ago
Jack Ivanov b8f3d43eee enable some additional debug info 8 years ago
Jack Ivanov 2a7dd88a3c Changed to ECDSA #102 8 years ago
Jack Ivanov e31f10da6d Fixes #255 8 years ago
Jack Ivanov aca036142f AndroidVPNClientProfiles #240 8 years ago
Jacob Wilder 7b468fae79 Fixed the azure role for situations where the user does not use a ~/.azure/credentials file (#242) 8 years ago
Jack Ivanov 20ebd7a595 rename connection 8 years ago
akirilov 05ab1f5feb Modified certificate generation to address issues #234 and #228 (#235) 
* Modified certificate generation to address issues #234 and #228

I have made the following modifications to comply with the IKEv2 client certificate requirements:

- Changed client certificate CN to {{ IP_subject_alt_name }}_{{ item }} from {{ item }}
- Changed client certificate SAN to {{IP_subject_alt_name }} from {{ item }}
- Added clientAuth to client certificate EKU

I have made the following changes to address a mismatch in the windows deployment script and file names:

- Changed the client certificate (.p12) filename in config/{{ IP_subject_alt_name }} to {{ IP_subject_alt_name}}_{{ item }}.p12 from {{ item }}.p12 to match the ps1 script

Testing:

I have tested the changes on Windows 10 client, Ubuntu 16.04.1 server (DigitalOcean) - the config described in Issue #234

I apologize for not being able to test on other configurations. I hope that someone else can verify my changes

* fixed iOS issues

* fixed accidentall user change

* simplified changes

* Final iteration. I think that's all I can do to minimize the changes
 8 years ago
Jack Ivanov 35faf4bca7 Local openssl tasks (#169) 
* Draft

works with ECDSA

RSA support for Windows

* update-users with local_openssl_tasks

* move prompts to the algo script

* additional directory for SSH keys

* move easyrsa_p12_export_password to pre_tasks

* update-users testing

* Fix hardcoded vars

* Delete the CA key

* Hardcoded IP. Fixes #219

* Some fixes
 8 years ago
Jack Ivanov 257be0f395 make the fail message more understandable. Fixes #217 8 years ago
Jack Ivanov 2798f84d3f ensure that apparmor is supported by the kernel #215 8 years ago
Jack Ivanov 3e852caf04 disable compression #146 8 years ago
Jack Ivanov cbf59addb3 additional tags 8 years ago
Jack Ivanov a50a396b94 addtiional fixes 8 years ago
Defunct b0f9ab94b1 ec2_ami_copy boto3 module, KMS, tagging, AMI caching (Encrypted support) 8 years ago
Defunct 0eb048383a refactored ec2 encryption 8 years ago
Jack Ivanov 1a81372192 EC2 Encryption Implemented #133 8 years ago
Jack Ivanov f246165298 Fix a typo 8 years ago
Glenn Rempe 9a46b671f7 Fixes #198, replace typo ECXLUDE with EXCLUDE 8 years ago
Damian Gerow b444398fab Drop the MSS for GCE instances 8 years ago
Defunct a9dd0af3fe resolves #176 + other ec2 env issues 8 years ago
Dan Guido 75194675eb closes #175 8 years ago
kennwhite d2aa52f4e9 UX hint on profile name 
Add explicit label for Algo-generated VPNs. If the user has multiple (non-Algo) VPNs for home/office, there is typically a label other than an IP address and "IKEv2".  This can be seen, for example, on OSX on the top menu bar for networks.
 8 years ago
Jack Ivanov 33b3af540a Fix SSH keys for DigitalOcean 8 years ago
Jack Ivanov 2c9c3ccb09 Fixed #146 8 years ago
Jack Ivanov cd5b096ab7 DO fix 8 years ago
Jack Ivanov 90cc5fa1f7 some fixes 8 years ago
Jack Ivanov 1d07200c74 generating ssh-keys #152 #151 #112 8 years ago
Jack Ivanov abf94989fc the password for the CA private key #75 8 years ago
Jack Ivanov 8b0fe4d8f3 Block client-to-client traffic. Fixed #166 8 years ago
Jack Ivanov ecb6b498b9 unnecessarry to use such way Fixed #162 8 years ago
Jack Ivanov f1715c4e0b random password for the p12 certificates #135 8 years ago
Jack Ivanov 03c805cb87 reorganize the wait_for functions #159 8 years ago
Jack Ivanov 275663264a ipv6 option is available in ansible 2.2; Fixed #158 8 years ago
Jack Ivanov 37ec574d8d IP_subject_alt_name is not declared for localhost. Fixed #149 8 years ago
Jack Ivanov 517366f194 EC2 fix 8 years ago
Jack Ivanov 50e9dbfce0 draft EC2 #150 #157 8 years ago
Jack Ivanov 981809998c Merge branch 'master' of github.com:trailofbits/algo 8 years ago
kennwhite 016a8c7708 Change default instance to free tier (t2.micro) 
I know this is a bit goofy, but the t2.nano is not in the free tier for AWS even though it is smaller than the t2.micro instance. See: https://aws.amazon.com/blogs/aws/ec2-update-t2-nano-instances-now-available/ (the "PS" at the bottom), confirmed on pricing page. The difference is $4.30 per mo vs. free/$8.76  per mo. Maybe add this to config questions, but at least one reviewer has noted this as an issue for his just-setup AWS free account.
 8 years ago
Jack Ivanov 0269cafff7 DNS fix 8 years ago
Jack Ivanov 29ef4d45df Merge pull request #144 from trailofbits/ami_latest_image 
Sort by latest AMI - resolves #140
 8 years ago
Jack Ivanov c552602724 Azure support #26 8 years ago
Defunct 27e5a4feca Sort by latest AMI - resolves #140 8 years ago
Jack Ivanov 3d53dde6ca Fixed. #137 8 years ago
Jack Ivanov 790bcb2efc Merge branch 'win10_support' #9 8 years ago
Jack Ivanov 8a0c5ab971 Windows support implemented 8 years ago
Jack Ivanov f6166ccde4 modify ciphers #9 8 years ago
Jack Ivanov 195697a1f0 Merge pull request #131 from trailofbits/ec2updates 
EC2 Updates and fixes
 8 years ago
Jack Ivanov ad162f55a2 here were no credentials #127 8 years ago
defunct e40545cce5 opens #126 
This commit reverts changes in 437d659 to avoid breaking changes.
 8 years ago
Jack Ivanov e90b58802d fix in the mobileconfig template 8 years ago
Jack Ivanov 2cb98b4516 Windows RSA support #9 8 years ago
Jack Ivanov ede452fad4 Merge branch 'master' of github.com:trailofbits/algo 8 years ago
Jack Ivanov c5860cbc5d Merge pull request #125 from cernekee/tag-fix. Fix #128 
Add missing playbook tags
 8 years ago
Jack Ivanov ee95846445 mobileconfig fix 8 years ago
Defunct d54ba6c7ce Merge branch 'master' into ec2updates 8 years ago
fkt 27ea98e7a8 Show congrats message at the end - #115 8 years ago
Defunct 437d659eb6 resolves #126 - incorrect private key usage w/o ssh-agent 8 years ago
Defunct 1dc6e1a0fa resolves #118 - AWS env keys 8 years ago
Jack Ivanov 047f68df2f Change the site in the congrats handler to whoer.net in order to clarify the message at the end of the install about testing VPN. Fix #110 8 years ago
Kevin Cernekee 433389c0ab Use /var/run/reboot-required to determine if a restart is needed 
The current check only looks to see if a new kernel was installed.
 8 years ago
Kevin Cernekee 09bbc4058c Add missing tags in common playbook 
If the common playbook is invoked with the "cloud" tag, non-cloud
tasks will be skipped.  On GCE this causes "Install tools" to be skipped,
apparmor-utils is not installed, and then the "Enforcing ipsec with
apparmor" step fails.
 8 years ago
Jack Ivanov 29de003b2d inplemented #109 8 years ago
Jack Ivanov 5383c71499 Fixed #108 8 years ago
Jack Ivanov d052cb8e77 skip-tags added. Fixed #121 8 years ago
Jack Ivanov 76ea7f67ae extra vars added to use local DNS #110 8 years ago
Jack Ivanov 289807ead4 fix dependencies 8 years ago
Jack Ivanov d50bd43988 Fix SSH keys permissions 8 years ago
Jack Ivanov 44bc3ead48 set AllowTcpForwarding to local 8 years ago
Dan Guido c52350030d Merge branch 'master' into docs 8 years ago
Jack Ivanov d93b7c200f EC2 | Add VPC group #98 and counts #59 8 years ago
Jack Ivanov 0e613f2ff7 fix a typo. #96 closed 8 years ago
Jack Ivanov 8c284a16e3 Done. #96 8 years ago
Jack Ivanov 062426e0ec client configuration templates #43 8 years ago
Dan Guido 1a3a14943c pull in changes from master 8 years ago
Jack Ivanov fcf29534ba the proxixy filter rules disabled #93 8 years ago
Jack Ivanov bf5d5e53ac ip6tables fixes 8 years ago
Jack Ivanov c43ccc3898 iptables moved to the vpn role #61 8 years ago
Dan Guido bff7c414b2 Initial commit of reorg'd docs 8 years ago
Jack Ivanov 4db428a86e Disable unneeded plugins in StrongSwan #84 8 years ago
Jack Ivanov 2cca45c967 additional tags 8 years ago
Jack Ivanov ad9d7d6ddb disable dpdtimeout #90 8 years ago
Jack Ivanov 8e0cca6b66 some fixes 8 years ago
Jack Ivanov dbeb7a13e8 Merge branch 'tags' #80 8 years ago
Jack Ivanov 4d731580b7 linting 8 years ago
Jack Ivanov fc162728d3 role for local installation 8 years ago
Jack Ivanov d9441b236a move to tags #80 8 years ago
Jack Ivanov aa4dcc31d4 gce role to tags 8 years ago
Jack Ivanov cf5a0f41d3 ec2 role to tags 8 years ago
Jack Ivanov 97ea00056d DO roles to tags 8 years ago
Jack Ivanov 6685642f0b #85 fixed 8 years ago
Jack Ivanov 91688324ce additional functions 8 years ago
Jack Ivanov ddcee8db18 logging fixes 8 years ago
Jack Ivanov 97a00699b7 new tags 8 years ago
Jack Ivanov 05df4f0c04 unattended-upgrades moved to the security role 8 years ago
Evgeniy Ivanov 4284dd63aa rsyslog moved to the logging role 8 years ago
Jack Ivanov 0cd4084aa4 ssh fixes 8 years ago
Jack Ivanov 00e4bcc1ec security role and SSH fixes #77 8 years ago